From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id sDuEF5eGXmKc5gAAbAwnHQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 19 Apr 2022 11:53:27 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id cJG1FpeGXmK+cQEAG6o9tA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 19 Apr 2022 11:53:27 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id F1C7B3F853
	for <larch@yhetil.org>; Tue, 19 Apr 2022 11:53:26 +0200 (CEST)
Received: from localhost ([::1]:35330 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1ngkY1-0001Zf-I6
	for larch@yhetil.org; Tue, 19 Apr 2022 05:53:25 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:39292)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ngk3f-000256-Hn
 for guix-patches@gnu.org; Tue, 19 Apr 2022 05:22:05 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:47762)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1ngk3f-0001rH-75
 for guix-patches@gnu.org; Tue, 19 Apr 2022 05:22:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ngk3f-0004c8-0t
 for guix-patches@gnu.org; Tue, 19 Apr 2022 05:22:03 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#55001] gnu: git: Update to 2.36.0 [fixes CVE-2022-24765] Was:
 Acknowledgement ([PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].)
Resent-From: Zhu Zihao <all_but_last@163.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 19 Apr 2022 09:22:02 +0000
Resent-Message-ID: <handler.55001.B55001.165036008017660@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 55001
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Greg Hogan <code@greghogan.com>
Cc: 55001@debbugs.gnu.org
Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.165036008017660
 (code B ref 55001); Tue, 19 Apr 2022 09:22:02 +0000
Received: (at 55001) by debbugs.gnu.org; 19 Apr 2022 09:21:20 +0000
Received: from localhost ([127.0.0.1]:41653 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1ngk2x-0004al-M5
 for submit@debbugs.gnu.org; Tue, 19 Apr 2022 05:21:19 -0400
Received: from mail-m971.mail.163.com ([123.126.97.1]:24835)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <all_but_last@163.com>) id 1ngk2u-0004aQ-MW
 for 55001@debbugs.gnu.org; Tue, 19 Apr 2022 05:21:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=22Lky
 DkomUHbNSGxp9HuMIhEd5qFSN2iO+Gnp5GbC1U=; b=KY6Rz2IrvNmzUm6NLy2sn
 5ZNmh3YqupOvFX/sd/24n+lpBfY948E9DzgiJ4EJOtMHQZTm6T9b+XisdHMMzL2H
 fqTPOOB5b7GOhurTAqeo4iFCZO8g+5uMjLgq9QfweJsO7OADmUhdRwKvOizpi1gX
 4SYX0jmSzINbtDM8XlzyOs=
Received: from asus-laptop (unknown [27.38.202.0])
 by smtp1 (Coremail) with SMTP id GdxpCgCHJX7_fl5iaf28Bw--.14555S2;
 Tue, 19 Apr 2022 17:21:03 +0800 (CST)
References: <8635iabj7y.fsf@163.com>
 <handler.55001.B.165028941728102.ack@debbugs.gnu.org>
 <86y202a2rf.fsf@163.com>
 <CA+3U0ZmebnqeQ3Dc1jQNiT5Fni67qiM_J7Jh7yY0BOsUiAPsbQ@mail.gmail.com>
User-agent: mu4e 1.6.10; emacs 27.2
From: Zhu Zihao <all_but_last@163.com>
Date: Tue, 19 Apr 2022 17:19:35 +0800
In-reply-to: <CA+3U0ZmebnqeQ3Dc1jQNiT5Fni67qiM_J7Jh7yY0BOsUiAPsbQ@mail.gmail.com>
Message-ID: <86mtgh77k2.fsf@163.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-CM-TRANSID: GdxpCgCHJX7_fl5iaf28Bw--.14555S2
X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73
 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjTE73sFUUUUU
X-Originating-IP: [27.38.202.0]
X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/xtbBawDnr1et4J5rxwAAsL
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1650362007;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post:
	 dkim-signature; bh=22LkyDkomUHbNSGxp9HuMIhEd5qFSN2iO+Gnp5GbC1U=;
	b=A1CKq4a2bakti67PywNiRgItQgSYOxOwPJKSg4NKQ62LScIKgmMCzwVnvk8mVeCOf9ukgm
	p2XDXNHPEukYJ+DADqGo+0bYukvU+FOxAQRsWAU9t4LRapv9HPJ9FWP4rfDDMdE3552oru
	8Cl0zGVcGNCJRcLiYXCvcc2+H5LakPcQJ/EHnIkNpU7RGpsd5uxPwc5xg6LKv7+KAmQV2D
	vM5zB9X3ezBjgKPLBZoVsAaJcs34xLOPWxfhnG5/Y2+WRTTb43uJhMudn5sk9zAPaaaLLu
	C5vN42qNP8MJDVr7CZQ55VEjWufYHdhILYJ933N+aWLOUywmRayihwahCqgsPw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1650362007; a=rsa-sha256; cv=none;
	b=jWAXWBvX5sYdkIwI0EVxsRlhNwrmvYq3KITyEEVSwDi8VcW7P22OuHlCnBkEwrg+o4hpgd
	CMmuELk4HvLDd8t+mLF1IX0j4pZcB98gSVJmVK2rlaDLaIFOvG+zhrGM+Tc5s7EVPVRzYG
	Q0Uq3zeU+N58C+UsOkmbFmGPvI+FgtgGUOCLW8qo/mfU0xmr261y3RAi0cd86UKu4/h4zO
	RPVq5CxP1k7FQ/sOv4A9u8Skoc5P696O1ao5NxeamQwybXULx81pHhZQKKoH9Epny0X+EU
	2sE3yY7DjLc9xNjoRczb38usLDis7Lxeh1QVrHTDOPwz3Uv6np8Y94+VkOSvGA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=163.com header.s=s110527 header.b=KY6Rz2Ir;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=163.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: 3.86
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=163.com header.s=s110527 header.b=KY6Rz2Ir;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=163.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: F1C7B3F853
X-Spam-Score: 3.86
X-Migadu-Scanner: scn1.migadu.com
X-TUID: O1y0dG7gBfK5

--=-=-=
Content-Type: multipart/signed; boundary="==-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"

--==-=-=
Content-Type: text/plain


Greg Hogan <code@greghogan.com> writes:

> And now git 2.36 has been released.

A new patch that updates to 2.36 is uploaded. Thanks for your mention :)


--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYl5+/RUcYWxsX2J1dF9s
YXN0QDE2My5jb20ACgkQZjl/hPdmk/lFvAEAhnv5AXoUPDYN8u38CkB2rHXXhaEy
1NQa7pcQNz1j0xABANrF2KCtdVhY39hfEnQwVcpWliWpOXCpFbcAUlf24sAF
=rZdF
-----END PGP SIGNATURE-----
--==-=-=--

--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=0001-gnu-git-Update-to-2.36.0-fixes-CVE-2022-24765.patch

>From bad9eea70d56ec9ace36f7f62c5ea7c8f3e399a3 Mon Sep 17 00:00:00 2001
From: Zhu Zihao <all_but_last@163.com>
Date: Mon, 18 Apr 2022 21:40:19 +0800
Subject: [PATCH] gnu: git: Update to 2.36.0 [fixes CVE-2022-24765].

See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765

* gnu/packages/version-control.scm (git): Update to 2.36.0.
---
 gnu/packages/version-control.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index d77c2e51f6..ff9c6f7c14 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -221,14 +221,14 @@ (define git-cross-configure-flags
 (define-public git
   (package
    (name "git")
-   (version "2.35.1")
+   (version "2.36.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "100h37cpw49pmlpf6lcpm1xi578gllf6y9in60h5mxj3cj754s6p"))))
+              "1ly13j37h1y8bgcj3h0cl43vcpwk9j4gsasssk8gar44cp0vypmg"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -248,7 +248,7 @@ (define-public git
                 version ".tar.xz"))
           (sha256
            (base32
-            "00rqdj2bc3i7pfc16pciiz50ww41jkqg18iy5hi5jnf0y98sgqz4"))))
+            "0p6vc6nyaibx2lxirjj2nm5spk5q6svz8l3w0pqnaa3i7l7c6qy0"))))
       ;; For subtree documentation.
       ("asciidoc" ,asciidoc)
       ("docbook-xsl" ,docbook-xsl)
-- 
2.35.1


--=-=-=
Content-Type: text/plain


-- 
Retrieve my PGP public key:

  gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao

--=-=-=--