* [bug#63092] [PATCH] gnu: git: Update to 2.40.1 [security fixes].
@ 2023-04-26 16:40 Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 0/2] Update git " Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 0/2] Update git [security fixes] Greg Hogan
0 siblings, 2 replies; 8+ messages in thread
From: Greg Hogan @ 2023-04-26 16:40 UTC (permalink / raw)
To: 63092; +Cc: Greg Hogan
Fixes CVE-2023-25652 and CVE-2023-29007.
* gnu/packages/version-control.scm (git): Update to 2.40.1.
---
gnu/packages/version-control.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index c2ec490383..5f6766f510 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -227,14 +227,14 @@ (define git-cross-configure-flags
(define-public git
(package
(name "git")
- (version "2.39.2")
+ (version "2.40.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/software/scm/git/git-"
version ".tar.xz"))
(sha256
(base32
- "1mpjvhyw8mv2q941xny4d0gw3mb6b4bqaqbh73jd8b1v6zqpaps7"))))
+ "1li1xwgiwccy88bkshsah2kzl1006jg29jp7n32gvjggiswvi4s8"))))
(build-system gnu-build-system)
(native-inputs
`(("native-perl" ,perl)
@@ -254,7 +254,7 @@ (define-public git
version ".tar.xz"))
(sha256
(base32
- "09cva868qb4705s884dzvbwkm78jlw4q8m6xj7nd7cwxy2i2ff8b"))))
+ "04yy5za8963q6xzrirflvxbi1216jzqj8ssvgd9nkld3ifa9q1gy"))))
;; For subtree documentation.
("asciidoc" ,asciidoc)
("docbook2x" ,docbook2x)
--
2.40.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#63092] [PATCH v2 0/2] Update git [security fixes].
2023-04-26 16:40 [bug#63092] [PATCH] gnu: git: Update to 2.40.1 [security fixes] Greg Hogan
@ 2023-04-26 17:27 ` Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 1/2] gnu: git: Update to 2.40.1 " Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 2/2] gnu: git-minimal: Remove deletion of removed file Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 0/2] Update git [security fixes] Greg Hogan
1 sibling, 2 replies; 8+ messages in thread
From: Greg Hogan @ 2023-04-26 17:27 UTC (permalink / raw)
To: 63092; +Cc: Greg Hogan
v2 adds a fix for git-minimal.
Greg Hogan (2):
gnu: git: Update to 2.40.1 [security fixes].
gnu: git-minimal: Remove deletion of removed file.
gnu/packages/version-control.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--
2.40.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#63092] [PATCH v2 1/2] gnu: git: Update to 2.40.1 [security fixes].
2023-04-26 17:27 ` [bug#63092] [PATCH v2 0/2] Update git " Greg Hogan
@ 2023-04-26 17:27 ` Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 2/2] gnu: git-minimal: Remove deletion of removed file Greg Hogan
1 sibling, 0 replies; 8+ messages in thread
From: Greg Hogan @ 2023-04-26 17:27 UTC (permalink / raw)
To: 63092; +Cc: Greg Hogan
Fixes CVE-2023-25652 and CVE-2023-29007.
* gnu/packages/version-control.scm (git): Update to 2.40.1.
---
gnu/packages/version-control.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index c2ec490383..5f6766f510 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -227,14 +227,14 @@ (define git-cross-configure-flags
(define-public git
(package
(name "git")
- (version "2.39.2")
+ (version "2.40.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/software/scm/git/git-"
version ".tar.xz"))
(sha256
(base32
- "1mpjvhyw8mv2q941xny4d0gw3mb6b4bqaqbh73jd8b1v6zqpaps7"))))
+ "1li1xwgiwccy88bkshsah2kzl1006jg29jp7n32gvjggiswvi4s8"))))
(build-system gnu-build-system)
(native-inputs
`(("native-perl" ,perl)
@@ -254,7 +254,7 @@ (define-public git
version ".tar.xz"))
(sha256
(base32
- "09cva868qb4705s884dzvbwkm78jlw4q8m6xj7nd7cwxy2i2ff8b"))))
+ "04yy5za8963q6xzrirflvxbi1216jzqj8ssvgd9nkld3ifa9q1gy"))))
;; For subtree documentation.
("asciidoc" ,asciidoc)
("docbook2x" ,docbook2x)
--
2.40.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#63092] [PATCH v2 2/2] gnu: git-minimal: Remove deletion of removed file.
2023-04-26 17:27 ` [bug#63092] [PATCH v2 0/2] Update git " Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 1/2] gnu: git: Update to 2.40.1 " Greg Hogan
@ 2023-04-26 17:27 ` Greg Hogan
1 sibling, 0 replies; 8+ messages in thread
From: Greg Hogan @ 2023-04-26 17:27 UTC (permalink / raw)
To: 63092; +Cc: Greg Hogan
* gnu/packages/version-control.scm (git-minimal)
[arguments]<#:phases>(remove-unusable-perl-commands): Remove
from deletion list the file deleted from upstream.
---
gnu/packages/version-control.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 5f6766f510..3f1f8d4ec2 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -638,7 +638,7 @@ (define-public git-minimal
"/git-core/" file)))
'("git-svn" "git-cvsimport" "git-archimport"
"git-cvsserver" "git-request-pull"
- "git-add--interactive" "git-cvsexportcommit"
+ "git-cvsexportcommit"
"git-instaweb" "git-send-email"))
(delete-file (string-append bin "/git-cvsserver"))
--
2.40.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#63092] [PATCH v3 0/2] Update git [security fixes].
2023-04-26 16:40 [bug#63092] [PATCH] gnu: git: Update to 2.40.1 [security fixes] Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 0/2] Update git " Greg Hogan
@ 2023-04-26 19:03 ` Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 1/2] gnu: git: Update to 2.40.1 " Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 2/2] gnu: git-minimal: Check files exist before delete Greg Hogan
1 sibling, 2 replies; 8+ messages in thread
From: Greg Hogan @ 2023-04-26 19:03 UTC (permalink / raw)
To: 63092; +Cc: Greg Hogan
v3 modifies the changes to git-minimal so that the older, pinned version
of git-minimal continues to pass the post-build check.
Greg Hogan (2):
gnu: git: Update to 2.40.1 [security fixes].
gnu: git-minimal: Check files exist before delete.
gnu/packages/version-control.scm | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--
2.40.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#63092] [PATCH v3 1/2] gnu: git: Update to 2.40.1 [security fixes].
2023-04-26 19:03 ` [bug#63092] [PATCH v3 0/2] Update git [security fixes] Greg Hogan
@ 2023-04-26 19:03 ` Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 2/2] gnu: git-minimal: Check files exist before delete Greg Hogan
1 sibling, 0 replies; 8+ messages in thread
From: Greg Hogan @ 2023-04-26 19:03 UTC (permalink / raw)
To: 63092; +Cc: Greg Hogan
Fixes CVE-2023-25652 and CVE-2023-29007.
* gnu/packages/version-control.scm (git): Update to 2.40.1.
---
gnu/packages/version-control.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index c2ec490383..5f6766f510 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -227,14 +227,14 @@ (define git-cross-configure-flags
(define-public git
(package
(name "git")
- (version "2.39.2")
+ (version "2.40.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/software/scm/git/git-"
version ".tar.xz"))
(sha256
(base32
- "1mpjvhyw8mv2q941xny4d0gw3mb6b4bqaqbh73jd8b1v6zqpaps7"))))
+ "1li1xwgiwccy88bkshsah2kzl1006jg29jp7n32gvjggiswvi4s8"))))
(build-system gnu-build-system)
(native-inputs
`(("native-perl" ,perl)
@@ -254,7 +254,7 @@ (define-public git
version ".tar.xz"))
(sha256
(base32
- "09cva868qb4705s884dzvbwkm78jlw4q8m6xj7nd7cwxy2i2ff8b"))))
+ "04yy5za8963q6xzrirflvxbi1216jzqj8ssvgd9nkld3ifa9q1gy"))))
;; For subtree documentation.
("asciidoc" ,asciidoc)
("docbook2x" ,docbook2x)
--
2.40.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#63092] [PATCH v3 2/2] gnu: git-minimal: Check files exist before delete.
2023-04-26 19:03 ` [bug#63092] [PATCH v3 0/2] Update git [security fixes] Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 1/2] gnu: git: Update to 2.40.1 " Greg Hogan
@ 2023-04-26 19:03 ` Greg Hogan
2023-05-11 13:15 ` bug#63092: [PATCH] gnu: git: Update to 2.40.1 [security fixes] Ludovic Courtès
1 sibling, 1 reply; 8+ messages in thread
From: Greg Hogan @ 2023-04-26 19:03 UTC (permalink / raw)
To: 63092; +Cc: Greg Hogan
* gnu/packages/version-control.scm (git-minimal)
[arguments]<#:phases>(remove-unusable-perl-commands): Add file check
before deleting perl scripts so that this phase works for both new and
old, pinned versions.
---
gnu/packages/version-control.scm | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 5f6766f510..0467e9f4cb 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -634,8 +634,11 @@ (define-public git-minimal
(bin (string-append out "/bin"))
(libexec (string-append out "/libexec")))
(for-each (lambda (file)
- (delete-file (string-append libexec
- "/git-core/" file)))
+ (if (file-exists? file)
+ (delete-file (string-append libexec
+ "/git-core/" file))))
+ ;; git-add--interactive was removed in Git 2.40 but
+ ;; this phase is inherited by older versions.
'("git-svn" "git-cvsimport" "git-archimport"
"git-cvsserver" "git-request-pull"
"git-add--interactive" "git-cvsexportcommit"
--
2.40.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* bug#63092: [PATCH] gnu: git: Update to 2.40.1 [security fixes].
2023-04-26 19:03 ` [bug#63092] [PATCH v3 2/2] gnu: git-minimal: Check files exist before delete Greg Hogan
@ 2023-05-11 13:15 ` Ludovic Courtès
0 siblings, 0 replies; 8+ messages in thread
From: Ludovic Courtès @ 2023-05-11 13:15 UTC (permalink / raw)
To: Greg Hogan; +Cc: 63092-done
Hi Greg,
Greg Hogan <code@greghogan.com> skribis:
> * gnu/packages/version-control.scm (git-minimal)
> [arguments]<#:phases>(remove-unusable-perl-commands): Add file check
> before deleting perl scripts so that this phase works for both new and
> old, pinned versions.
[...]
> + (if (file-exists? file)
> + (delete-file (string-append libexec
> + "/git-core/" file))))
> + ;; git-add--interactive was removed in Git 2.40 but
> + ;; this phase is inherited by older versions.
The ‘file-exists?’ and ‘delete-file’ calls are passed different file
names. Also, this won’t prevent a rebuild of ‘git-minimal/pinned’.
So I went with a different approach to achieve that goal. Applied now.
Thanks!
Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-05-11 13:16 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-26 16:40 [bug#63092] [PATCH] gnu: git: Update to 2.40.1 [security fixes] Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 0/2] Update git " Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 1/2] gnu: git: Update to 2.40.1 " Greg Hogan
2023-04-26 17:27 ` [bug#63092] [PATCH v2 2/2] gnu: git-minimal: Remove deletion of removed file Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 0/2] Update git [security fixes] Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 1/2] gnu: git: Update to 2.40.1 " Greg Hogan
2023-04-26 19:03 ` [bug#63092] [PATCH v3 2/2] gnu: git-minimal: Check files exist before delete Greg Hogan
2023-05-11 13:15 ` bug#63092: [PATCH] gnu: git: Update to 2.40.1 [security fixes] Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).