diff mbox series

package/git: security bump to version 2.39.2

Message ID 20230218085837.350535-1-bagasdotme@gmail.com
State Accepted
Headers show
Series package/git: security bump to version 2.39.2 | expand

Commit Message

Bagas Sanjaya Feb. 18, 2023, 8:58 a.m. UTC 
Fix two CVEs (CVE-2023-22490 and CVE-2023-23946). For the full release
note, see [1].

While at it, also refresh two Buildroot patches introduced when the
package was bumped to 2.39.0.

[1]: https://lore.kernel.org/git/xmqqr0us5dio.fsf@gitster.g/

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
---
 ...compat-util-avoid-redefining-system-function-nam.patch | 8 +++++---
 ...compat-util-undefine-system-names-before-redecla.patch | 6 +++---
 package/git/git.hash                                      | 2 +-
 package/git/git.mk                                        | 2 +-
 4 files changed, 10 insertions(+), 8 deletions(-)


base-commit: d00e437922fb1b611f35c3138b9fbf7bcff62757

Comments

Peter Korsgaard Feb. 19, 2023, 6:44 p.m. UTC | #1 
>>>>> "Bagas" == Bagas Sanjaya <bagasdotme@gmail.com> writes:

 > Fix two CVEs (CVE-2023-22490 and CVE-2023-23946). For the full release
 > note, see [1].

 > While at it, also refresh two Buildroot patches introduced when the
 > package was bumped to 2.39.0.

 > [1]: https://lore.kernel.org/git/xmqqr0us5dio.fsf@gitster.g/

 > Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>

Committed, thanks.
Peter Korsgaard March 4, 2023, 7:10 p.m. UTC | #2 
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Bagas" == Bagas Sanjaya <bagasdotme@gmail.com> writes:
 >> Fix two CVEs (CVE-2023-22490 and CVE-2023-23946). For the full release
 >> note, see [1].

 >> While at it, also refresh two Buildroot patches introduced when the
 >> package was bumped to 2.39.0.

 >> [1]: https://lore.kernel.org/git/xmqqr0us5dio.fsf@gitster.g/

 >> Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>

 > Committed, thanks.

For 2022.02.x / 2022.11.x I will instead bump to 2.31.7, which contains
the same security fixes.
diff mbox series

Patch

diff --git a/package/git/0001-git-compat-util-avoid-redefining-system-function-nam.patch b/package/git/0001-git-compat-util-avoid-redefining-system-function-nam.patch
index dbde87940a..24100e1f6e 100644
--- a/package/git/0001-git-compat-util-avoid-redefining-system-function-nam.patch
+++ b/package/git/0001-git-compat-util-avoid-redefining-system-function-nam.patch
@@ -1,4 +1,4 @@ 
-From 385f67eb2254edb1fb4cf523e5e3d5a8f123d72c Mon Sep 17 00:00:00 2001
+From 86aeac96d04ae5381085c0f93acb12d3bfd06969 Mon Sep 17 00:00:00 2001
 From: Jeff King <peff@peff.net>
 Date: Wed, 30 Nov 2022 16:15:14 -0500
 Subject: [PATCH] git-compat-util: avoid redefining system function names
@@ -64,7 +64,7 @@  Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
  1 file changed, 8 insertions(+), 5 deletions(-)
 
 diff --git a/git-compat-util.h b/git-compat-util.h
-index a76d0526f7..e3456bdd0d 100644
+index af05077560..f6882b9b50 100644
 --- a/git-compat-util.h
 +++ b/git-compat-util.h
 @@ -341,11 +341,12 @@ struct itimerval {
@@ -83,7 +83,7 @@  index a76d0526f7..e3456bdd0d 100644
  #endif
  
  #ifndef NO_LIBGEN_H
-@@ -1471,14 +1472,16 @@ int open_nofollow(const char *path, int flags);
+@@ -1479,14 +1480,16 @@ int open_nofollow(const char *path, int flags);
  #endif
  
  #ifndef _POSIX_THREAD_SAFE_FUNCTIONS
@@ -102,6 +102,8 @@  index a76d0526f7..e3456bdd0d 100644
  #define getc_unlocked(fh) getc(fh)
  #endif
  
+
+base-commit: cbf04937d5b9fcf0a76c28f69e6294e9e3ecd7e6
 -- 
 An old man doll... just what I always wanted! - Clara
 
diff --git a/package/git/0002-git-compat-util-undefine-system-names-before-redecla.patch b/package/git/0002-git-compat-util-undefine-system-names-before-redecla.patch
index 9e3c9b662c..f6207300ee 100644
--- a/package/git/0002-git-compat-util-undefine-system-names-before-redecla.patch
+++ b/package/git/0002-git-compat-util-undefine-system-names-before-redecla.patch
@@ -1,4 +1,4 @@ 
-From 6d406390b870fdb2cd9d18b12ebfabc12f5096df Mon Sep 17 00:00:00 2001
+From d4a11fd215195cd1ca6a43058ef250b688ade1f4 Mon Sep 17 00:00:00 2001
 From: Jeff King <peff@peff.net>
 Date: Fri, 2 Dec 2022 06:05:38 -0500
 Subject: [PATCH] git-compat-util: undefine system names before redeclaring
@@ -29,7 +29,7 @@  Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
  1 file changed, 4 insertions(+)
 
 diff --git a/git-compat-util.h b/git-compat-util.h
-index e3456bdd0d..211861da0f 100644
+index f6882b9b50..dadb9e55cb 100644
 --- a/git-compat-util.h
 +++ b/git-compat-util.h
 @@ -346,6 +346,7 @@ static inline int git_setitimer(int which,
@@ -40,7 +40,7 @@  index e3456bdd0d..211861da0f 100644
  #define setitimer(which,value,ovalue) git_setitimer(which,value,ovalue)
  #endif
  
-@@ -1480,6 +1481,9 @@ static inline void git_funlockfile(FILE *fh)
+@@ -1488,6 +1489,9 @@ static inline void git_funlockfile(FILE *fh)
  {
  	; /* nothing */
  }
diff --git a/package/git/git.hash b/package/git/git.hash
index 75398896e5..b7840cd1eb 100644
--- a/package/git/git.hash
+++ b/package/git/git.hash
@@ -1,5 +1,5 @@ 
 # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256  40a38a0847b30c371b35873b3afcf123885dd41ea3ecbbf510efa97f3ce5c161  git-2.39.1.tar.xz
+sha256  475f75f1373b2cd4e438706185175966d5c11f68c4db1e48c26257c43ddcf2d6  git-2.39.2.tar.xz
 # Locally calculated
 sha256  5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e  COPYING
 sha256  1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a  LGPL-2.1
diff --git a/package/git/git.mk b/package/git/git.mk
index 1d728e1964..206d06ffe7 100644
--- a/package/git/git.mk
+++ b/package/git/git.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-GIT_VERSION = 2.39.1
+GIT_VERSION = 2.39.2
 GIT_SOURCE = git-$(GIT_VERSION).tar.xz
 GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
 GIT_LICENSE = GPL-2.0, LGPL-2.1+