Am 2016-03-22 00:30, schrieb Michael Tremer:
Hi,
On Fri, 2016-03-18 at 07:36 +0100, Marcel Lorenz wrote:
This patch updates git to the last version and fixes a buffer overflow in all git versions before 2.7.1 http://seclists.org/oss-sec/2016/q1/645
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org
config/rootfiles/packages/git | 22 +++++++++++++--------- lfs/git | 9 ++++----- 2 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/config/rootfiles/packages/git b/config/rootfiles/packages/git index e168483..9988877 100644 --- a/config/rootfiles/packages/git +++ b/config/rootfiles/packages/git @@ -6,10 +6,10 @@ usr/bin/git-upload-archive usr/bin/git-upload-pack #usr/bin/gitk usr/lib/perl5/site_perl/5.12.3/Error.pm -usr/lib/perl5/site_perl/5.12.3/Git +#usr/lib/perl5/site_perl/5.12.3/Git usr/lib/perl5/site_perl/5.12.3/Git.pm usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm -#usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm +usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm #usr/lib/perl5/site_perl/5.12.3/Git/SVN #usr/lib/perl5/site_perl/5.12.3/Git/SVN.pm #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Editor.pm @@ -24,8 +24,8 @@ usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Utils.pm #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git/.packlist -usr/libexec/git-core -usr/libexec/git-core/git +#usr/libexec/git-core +#usr/libexec/git-core/git usr/libexec/git-core/git-add usr/libexec/git-core/git-add--interactive usr/libexec/git-core/git-am @@ -172,6 +172,7 @@ usr/libexec/git-core/git-stash usr/libexec/git-core/git-status usr/libexec/git-core/git-stripspace usr/libexec/git-core/git-submodule +usr/libexec/git-core/git-submodule--helper usr/libexec/git-core/git-svn usr/libexec/git-core/git-symbolic-ref usr/libexec/git-core/git-tag @@ -188,8 +189,9 @@ usr/libexec/git-core/git-verify-pack usr/libexec/git-core/git-verify-tag usr/libexec/git-core/git-web--browse usr/libexec/git-core/git-whatchanged +usr/libexec/git-core/git-worktree usr/libexec/git-core/git-write-tree -usr/libexec/git-core/mergetools +#usr/libexec/git-core/mergetools usr/libexec/git-core/mergetools/araxis usr/libexec/git-core/mergetools/bc usr/libexec/git-core/mergetools/bc3 @@ -212,12 +214,13 @@ usr/libexec/git-core/mergetools/tortoisemerge usr/libexec/git-core/mergetools/vimdiff usr/libexec/git-core/mergetools/vimdiff2 usr/libexec/git-core/mergetools/vimdiff3 +usr/libexec/git-core/mergetools/winmerge usr/libexec/git-core/mergetools/xxdiff -usr/share/git-core -usr/share/git-core/templates +#usr/share/git-core +#usr/share/git-core/templates usr/share/git-core/templates/branches usr/share/git-core/templates/description -usr/share/git-core/templates/hooks +#usr/share/git-core/templates/hooks usr/share/git-core/templates/hooks/applypatch-msg.sample usr/share/git-core/templates/hooks/commit-msg.sample usr/share/git-core/templates/hooks/post-update.sample @@ -227,7 +230,7 @@ usr/share/git-core/templates/hooks/pre-push.sample usr/share/git-core/templates/hooks/pre-rebase.sample usr/share/git-core/templates/hooks/prepare-commit-msg.sample usr/share/git-core/templates/hooks/update.sample -usr/share/git-core/templates/info +#usr/share/git-core/templates/info usr/share/git-core/templates/info/exclude #usr/share/git-gui #usr/share/git-gui/lib @@ -315,6 +318,7 @@ usr/share/git-core/templates/info/exclude #usr/share/locale/fr/LC_MESSAGES/git.mo #usr/share/locale/is/LC_MESSAGES/git.mo #usr/share/locale/it/LC_MESSAGES/git.mo +#usr/share/locale/ko/LC_MESSAGES/git.mo #usr/share/locale/pt_PT/LC_MESSAGES/git.mo #usr/share/locale/ru/LC_MESSAGES/git.mo #usr/share/locale/sv/LC_MESSAGES/git.mo diff --git a/lfs/git b/lfs/git index bbec140..a3f6636 100644 --- a/lfs/git +++ b/lfs/git @@ -24,7 +24,7 @@ include Config -VER = 2.4.4 +VER = 2.7.1 THISAPP = git-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ TARGET = $(DIR_INFO)/$(THISAPP) PROG = git PAK_VER = 12 -DEPS = "perl-Authen-SASL perl-MIME-Base64 perl-Net-SMTP-SSL" +DEPS = "perl"
Why did you change this? There is no such add-on as "perl". The other ones however are requirements that must be installed.
Oh soory, not seen, i make an new patch with all deps.
############################################################################# ## # Top-level Rules @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 847787cd0616d38b0e429ea85f558c31 +$(DL_FILE)_MD5 = eece7b1e87983271621a0cb6aab37a25 install : $(TARGET) @@ -78,13 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \
--with-gitconfig=/etc/gitconfig \
Why is this necessary?
It is a default from Linux from scratch website. http://www.linuxfromscratch.org/blfs/view/svn/general/git.html This sets /etc/gitconfig as the file that stores the default, system wide, Git settings
--prefix=/usr \ --with-libpcre \ --with-curl \ --with-expat
cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install
@rm -rf $(DIR_APP) @$(POSTBUILD)
No need to remove empty lines that just improve readability. Best, -Michael