Hi, On Fri, 2016-03-18 at 07:36 +0100, Marcel Lorenz wrote: > This patch updates git to the last version and fixes > a buffer overflow in all git versions before 2.7.1 >   > http://seclists.org/oss-sec/2016/q1/645 > > Signed-off-by: Marcel Lorenz > > --- >  config/rootfiles/packages/git | 22 +++++++++++++--------- >  lfs/git                       |  9 ++++----- >  2 files changed, 17 insertions(+), 14 deletions(-) > > diff --git a/config/rootfiles/packages/git b/config/rootfiles/packages/git > index e168483..9988877 100644 > --- a/config/rootfiles/packages/git > +++ b/config/rootfiles/packages/git > @@ -6,10 +6,10 @@ usr/bin/git-upload-archive >  usr/bin/git-upload-pack >  #usr/bin/gitk >  usr/lib/perl5/site_perl/5.12.3/Error.pm > -usr/lib/perl5/site_perl/5.12.3/Git > +#usr/lib/perl5/site_perl/5.12.3/Git >  usr/lib/perl5/site_perl/5.12.3/Git.pm >  usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm > -#usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm > +usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm >  #usr/lib/perl5/site_perl/5.12.3/Git/SVN >  #usr/lib/perl5/site_perl/5.12.3/Git/SVN.pm >  #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Editor.pm > @@ -24,8 +24,8 @@ usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm >  #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Utils.pm >  #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git >  #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git/.packlist > -usr/libexec/git-core > -usr/libexec/git-core/git > +#usr/libexec/git-core > +#usr/libexec/git-core/git >  usr/libexec/git-core/git-add >  usr/libexec/git-core/git-add--interactive >  usr/libexec/git-core/git-am > @@ -172,6 +172,7 @@ usr/libexec/git-core/git-stash >  usr/libexec/git-core/git-status >  usr/libexec/git-core/git-stripspace >  usr/libexec/git-core/git-submodule > +usr/libexec/git-core/git-submodule--helper >  usr/libexec/git-core/git-svn >  usr/libexec/git-core/git-symbolic-ref >  usr/libexec/git-core/git-tag > @@ -188,8 +189,9 @@ usr/libexec/git-core/git-verify-pack >  usr/libexec/git-core/git-verify-tag >  usr/libexec/git-core/git-web--browse >  usr/libexec/git-core/git-whatchanged > +usr/libexec/git-core/git-worktree >  usr/libexec/git-core/git-write-tree > -usr/libexec/git-core/mergetools > +#usr/libexec/git-core/mergetools >  usr/libexec/git-core/mergetools/araxis >  usr/libexec/git-core/mergetools/bc >  usr/libexec/git-core/mergetools/bc3 > @@ -212,12 +214,13 @@ usr/libexec/git-core/mergetools/tortoisemerge >  usr/libexec/git-core/mergetools/vimdiff >  usr/libexec/git-core/mergetools/vimdiff2 >  usr/libexec/git-core/mergetools/vimdiff3 > +usr/libexec/git-core/mergetools/winmerge >  usr/libexec/git-core/mergetools/xxdiff > -usr/share/git-core > -usr/share/git-core/templates > +#usr/share/git-core > +#usr/share/git-core/templates >  usr/share/git-core/templates/branches >  usr/share/git-core/templates/description > -usr/share/git-core/templates/hooks > +#usr/share/git-core/templates/hooks >  usr/share/git-core/templates/hooks/applypatch-msg.sample >  usr/share/git-core/templates/hooks/commit-msg.sample >  usr/share/git-core/templates/hooks/post-update.sample > @@ -227,7 +230,7 @@ usr/share/git-core/templates/hooks/pre-push.sample >  usr/share/git-core/templates/hooks/pre-rebase.sample >  usr/share/git-core/templates/hooks/prepare-commit-msg.sample >  usr/share/git-core/templates/hooks/update.sample > -usr/share/git-core/templates/info > +#usr/share/git-core/templates/info >  usr/share/git-core/templates/info/exclude >  #usr/share/git-gui >  #usr/share/git-gui/lib > @@ -315,6 +318,7 @@ usr/share/git-core/templates/info/exclude >  #usr/share/locale/fr/LC_MESSAGES/git.mo >  #usr/share/locale/is/LC_MESSAGES/git.mo >  #usr/share/locale/it/LC_MESSAGES/git.mo > +#usr/share/locale/ko/LC_MESSAGES/git.mo >  #usr/share/locale/pt_PT/LC_MESSAGES/git.mo >  #usr/share/locale/ru/LC_MESSAGES/git.mo >  #usr/share/locale/sv/LC_MESSAGES/git.mo > diff --git a/lfs/git b/lfs/git > index bbec140..a3f6636 100644 > --- a/lfs/git > +++ b/lfs/git > @@ -24,7 +24,7 @@ >   >  include Config >   > -VER        = 2.4.4 > +VER        = 2.7.1 >   >  THISAPP    = git-$(VER) >  DL_FILE    = $(THISAPP).tar.xz > @@ -34,7 +34,7 @@ TARGET     = $(DIR_INFO)/$(THISAPP) >  PROG       = git >  PAK_VER    = 12 >   > -DEPS       = "perl-Authen-SASL perl-MIME-Base64 perl-Net-SMTP-SSL" > +DEPS       = "perl" Why did you change this? There is no such add-on as "perl". The other ones however are requirements that must be installed.   >  ############################################################################# > ## >  # Top-level Rules > @@ -44,7 +44,7 @@ objects = $(DL_FILE) >   >  $(DL_FILE) = $(DL_FROM)/$(DL_FILE) >   > -$(DL_FILE)_MD5 = 847787cd0616d38b0e429ea85f558c31 > +$(DL_FILE)_MD5 = eece7b1e87983271621a0cb6aab37a25 >   >  install : $(TARGET) >   > @@ -78,13 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >   @$(PREBUILD) >   @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) >   cd $(DIR_APP) && ./configure \ > + --with-gitconfig=/etc/gitconfig \ Why is this necessary? >   --prefix=/usr \ >   --with-libpcre \ >   --with-curl \ >   --with-expat > - >   cd $(DIR_APP) && make $(MAKETUNING) >   cd $(DIR_APP) && make install > - >   @rm -rf $(DIR_APP) >   @$(POSTBUILD) No need to remove empty lines that just improve readability. Best, -Michael