mbox

git: update to 2.7.1

Message ID 1458282983-17374-1-git-send-email-marcel.lorenz@ipfire.org
State Superseded
Headers

Message

Marcel Lorenz March 18, 2016, 5:36 p.m. UTC 
  This patch updates git to the last version and fixes
a buffer overflow in all git versions before 2.7.1
 
http://seclists.org/oss-sec/2016/q1/645

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>

---
 config/rootfiles/packages/git | 22 +++++++++++++---------
 lfs/git                       |  9 ++++-----
 2 files changed, 17 insertions(+), 14 deletions(-)

Comments

Michael Tremer March 22, 2016, 10:30 a.m. UTC | #1 
Hi,

On Fri, 2016-03-18 at 07:36 +0100, Marcel Lorenz wrote:
> This patch updates git to the last version and fixes
> a buffer overflow in all git versions before 2.7.1
>  
> http://seclists.org/oss-sec/2016/q1/645
> 
> Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
> 
> ---
>  config/rootfiles/packages/git | 22 +++++++++++++---------
>  lfs/git                       |  9 ++++-----
>  2 files changed, 17 insertions(+), 14 deletions(-)
> 
> diff --git a/config/rootfiles/packages/git b/config/rootfiles/packages/git
> index e168483..9988877 100644
> --- a/config/rootfiles/packages/git
> +++ b/config/rootfiles/packages/git
> @@ -6,10 +6,10 @@ usr/bin/git-upload-archive
>  usr/bin/git-upload-pack
>  #usr/bin/gitk
>  usr/lib/perl5/site_perl/5.12.3/Error.pm
> -usr/lib/perl5/site_perl/5.12.3/Git
> +#usr/lib/perl5/site_perl/5.12.3/Git
>  usr/lib/perl5/site_perl/5.12.3/Git.pm
>  usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm
> -#usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm
> +usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm
>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN
>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN.pm
>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Editor.pm
> @@ -24,8 +24,8 @@ usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm
>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Utils.pm
>  #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git
>  #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git/.packlist
> -usr/libexec/git-core
> -usr/libexec/git-core/git
> +#usr/libexec/git-core
> +#usr/libexec/git-core/git
>  usr/libexec/git-core/git-add
>  usr/libexec/git-core/git-add--interactive
>  usr/libexec/git-core/git-am
> @@ -172,6 +172,7 @@ usr/libexec/git-core/git-stash
>  usr/libexec/git-core/git-status
>  usr/libexec/git-core/git-stripspace
>  usr/libexec/git-core/git-submodule
> +usr/libexec/git-core/git-submodule--helper
>  usr/libexec/git-core/git-svn
>  usr/libexec/git-core/git-symbolic-ref
>  usr/libexec/git-core/git-tag
> @@ -188,8 +189,9 @@ usr/libexec/git-core/git-verify-pack
>  usr/libexec/git-core/git-verify-tag
>  usr/libexec/git-core/git-web--browse
>  usr/libexec/git-core/git-whatchanged
> +usr/libexec/git-core/git-worktree
>  usr/libexec/git-core/git-write-tree
> -usr/libexec/git-core/mergetools
> +#usr/libexec/git-core/mergetools
>  usr/libexec/git-core/mergetools/araxis
>  usr/libexec/git-core/mergetools/bc
>  usr/libexec/git-core/mergetools/bc3
> @@ -212,12 +214,13 @@ usr/libexec/git-core/mergetools/tortoisemerge
>  usr/libexec/git-core/mergetools/vimdiff
>  usr/libexec/git-core/mergetools/vimdiff2
>  usr/libexec/git-core/mergetools/vimdiff3
> +usr/libexec/git-core/mergetools/winmerge
>  usr/libexec/git-core/mergetools/xxdiff
> -usr/share/git-core
> -usr/share/git-core/templates
> +#usr/share/git-core
> +#usr/share/git-core/templates
>  usr/share/git-core/templates/branches
>  usr/share/git-core/templates/description
> -usr/share/git-core/templates/hooks
> +#usr/share/git-core/templates/hooks
>  usr/share/git-core/templates/hooks/applypatch-msg.sample
>  usr/share/git-core/templates/hooks/commit-msg.sample
>  usr/share/git-core/templates/hooks/post-update.sample
> @@ -227,7 +230,7 @@ usr/share/git-core/templates/hooks/pre-push.sample
>  usr/share/git-core/templates/hooks/pre-rebase.sample
>  usr/share/git-core/templates/hooks/prepare-commit-msg.sample
>  usr/share/git-core/templates/hooks/update.sample
> -usr/share/git-core/templates/info
> +#usr/share/git-core/templates/info
>  usr/share/git-core/templates/info/exclude
>  #usr/share/git-gui
>  #usr/share/git-gui/lib
> @@ -315,6 +318,7 @@ usr/share/git-core/templates/info/exclude
>  #usr/share/locale/fr/LC_MESSAGES/git.mo
>  #usr/share/locale/is/LC_MESSAGES/git.mo
>  #usr/share/locale/it/LC_MESSAGES/git.mo
> +#usr/share/locale/ko/LC_MESSAGES/git.mo
>  #usr/share/locale/pt_PT/LC_MESSAGES/git.mo
>  #usr/share/locale/ru/LC_MESSAGES/git.mo
>  #usr/share/locale/sv/LC_MESSAGES/git.mo
> diff --git a/lfs/git b/lfs/git
> index bbec140..a3f6636 100644
> --- a/lfs/git
> +++ b/lfs/git
> @@ -24,7 +24,7 @@
>  
>  include Config
>  
> -VER        = 2.4.4
> +VER        = 2.7.1
>  
>  THISAPP    = git-$(VER)
>  DL_FILE    = $(THISAPP).tar.xz
> @@ -34,7 +34,7 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
>  PROG       = git
>  PAK_VER    = 12
>  
> -DEPS       = "perl-Authen-SASL perl-MIME-Base64 perl-Net-SMTP-SSL"
> +DEPS       = "perl"

Why did you change this? There is no such add-on as "perl". The other ones
however are requirements that must be installed.
 
>  #############################################################################
> ##
>  # Top-level Rules
> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
>  
>  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>  
> -$(DL_FILE)_MD5 = 847787cd0616d38b0e429ea85f558c31
> +$(DL_FILE)_MD5 = eece7b1e87983271621a0cb6aab37a25
>  
>  install : $(TARGET)
>  
> @@ -78,13 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  	@$(PREBUILD)
>  	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
>  	cd $(DIR_APP) && ./configure \
> +		--with-gitconfig=/etc/gitconfig \

Why is this necessary?

>  		--prefix=/usr \
>  		--with-libpcre \
>  		--with-curl \
>  		--with-expat
> -
>  	cd $(DIR_APP) && make $(MAKETUNING)
>  	cd $(DIR_APP) && make install
> -
>  	@rm -rf $(DIR_APP)
>  	@$(POSTBUILD)

No need to remove empty lines that just improve readability.

Best,
-Michael
Marcel Lorenz March 22, 2016, 5:38 p.m. UTC | #2 
Am 2016-03-22 00:30, schrieb Michael Tremer:
> Hi,
> 
> On Fri, 2016-03-18 at 07:36 +0100, Marcel Lorenz wrote:
>> This patch updates git to the last version and fixes
>> a buffer overflow in all git versions before 2.7.1
>>  
>> http://seclists.org/oss-sec/2016/q1/645
>> 
>> Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
>> 
>> ---
>>  config/rootfiles/packages/git | 22 +++++++++++++---------
>>  lfs/git                       |  9 ++++-----
>>  2 files changed, 17 insertions(+), 14 deletions(-)
>> 
>> diff --git a/config/rootfiles/packages/git 
>> b/config/rootfiles/packages/git
>> index e168483..9988877 100644
>> --- a/config/rootfiles/packages/git
>> +++ b/config/rootfiles/packages/git
>> @@ -6,10 +6,10 @@ usr/bin/git-upload-archive
>>  usr/bin/git-upload-pack
>>  #usr/bin/gitk
>>  usr/lib/perl5/site_perl/5.12.3/Error.pm
>> -usr/lib/perl5/site_perl/5.12.3/Git
>> +#usr/lib/perl5/site_perl/5.12.3/Git
>>  usr/lib/perl5/site_perl/5.12.3/Git.pm
>>  usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm
>> -#usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm
>> +usr/lib/perl5/site_perl/5.12.3/Git/IndexInfo.pm
>>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN
>>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN.pm
>>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Editor.pm
>> @@ -24,8 +24,8 @@ usr/lib/perl5/site_perl/5.12.3/Git/I18N.pm
>>  #usr/lib/perl5/site_perl/5.12.3/Git/SVN/Utils.pm
>>  #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git
>>  #usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Git/.packlist
>> -usr/libexec/git-core
>> -usr/libexec/git-core/git
>> +#usr/libexec/git-core
>> +#usr/libexec/git-core/git
>>  usr/libexec/git-core/git-add
>>  usr/libexec/git-core/git-add--interactive
>>  usr/libexec/git-core/git-am
>> @@ -172,6 +172,7 @@ usr/libexec/git-core/git-stash
>>  usr/libexec/git-core/git-status
>>  usr/libexec/git-core/git-stripspace
>>  usr/libexec/git-core/git-submodule
>> +usr/libexec/git-core/git-submodule--helper
>>  usr/libexec/git-core/git-svn
>>  usr/libexec/git-core/git-symbolic-ref
>>  usr/libexec/git-core/git-tag
>> @@ -188,8 +189,9 @@ usr/libexec/git-core/git-verify-pack
>>  usr/libexec/git-core/git-verify-tag
>>  usr/libexec/git-core/git-web--browse
>>  usr/libexec/git-core/git-whatchanged
>> +usr/libexec/git-core/git-worktree
>>  usr/libexec/git-core/git-write-tree
>> -usr/libexec/git-core/mergetools
>> +#usr/libexec/git-core/mergetools
>>  usr/libexec/git-core/mergetools/araxis
>>  usr/libexec/git-core/mergetools/bc
>>  usr/libexec/git-core/mergetools/bc3
>> @@ -212,12 +214,13 @@ usr/libexec/git-core/mergetools/tortoisemerge
>>  usr/libexec/git-core/mergetools/vimdiff
>>  usr/libexec/git-core/mergetools/vimdiff2
>>  usr/libexec/git-core/mergetools/vimdiff3
>> +usr/libexec/git-core/mergetools/winmerge
>>  usr/libexec/git-core/mergetools/xxdiff
>> -usr/share/git-core
>> -usr/share/git-core/templates
>> +#usr/share/git-core
>> +#usr/share/git-core/templates
>>  usr/share/git-core/templates/branches
>>  usr/share/git-core/templates/description
>> -usr/share/git-core/templates/hooks
>> +#usr/share/git-core/templates/hooks
>>  usr/share/git-core/templates/hooks/applypatch-msg.sample
>>  usr/share/git-core/templates/hooks/commit-msg.sample
>>  usr/share/git-core/templates/hooks/post-update.sample
>> @@ -227,7 +230,7 @@ usr/share/git-core/templates/hooks/pre-push.sample
>>  usr/share/git-core/templates/hooks/pre-rebase.sample
>>  usr/share/git-core/templates/hooks/prepare-commit-msg.sample
>>  usr/share/git-core/templates/hooks/update.sample
>> -usr/share/git-core/templates/info
>> +#usr/share/git-core/templates/info
>>  usr/share/git-core/templates/info/exclude
>>  #usr/share/git-gui
>>  #usr/share/git-gui/lib
>> @@ -315,6 +318,7 @@ usr/share/git-core/templates/info/exclude
>>  #usr/share/locale/fr/LC_MESSAGES/git.mo
>>  #usr/share/locale/is/LC_MESSAGES/git.mo
>>  #usr/share/locale/it/LC_MESSAGES/git.mo
>> +#usr/share/locale/ko/LC_MESSAGES/git.mo
>>  #usr/share/locale/pt_PT/LC_MESSAGES/git.mo
>>  #usr/share/locale/ru/LC_MESSAGES/git.mo
>>  #usr/share/locale/sv/LC_MESSAGES/git.mo
>> diff --git a/lfs/git b/lfs/git
>> index bbec140..a3f6636 100644
>> --- a/lfs/git
>> +++ b/lfs/git
>> @@ -24,7 +24,7 @@
>>  
>>  include Config
>>  
>> -VER        = 2.4.4
>> +VER        = 2.7.1
>>  
>>  THISAPP    = git-$(VER)
>>  DL_FILE    = $(THISAPP).tar.xz
>> @@ -34,7 +34,7 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
>>  PROG       = git
>>  PAK_VER    = 12
>>  
>> -DEPS       = "perl-Authen-SASL perl-MIME-Base64 perl-Net-SMTP-SSL"
>> +DEPS       = "perl"
> 
> Why did you change this? There is no such add-on as "perl". The other 
> ones
> however are requirements that must be installed.
>  
Oh soory, not seen, i make an new patch with all deps.

>>  #############################################################################
>> ##
>>  # Top-level Rules
>> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
>>  
>>  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>  
>> -$(DL_FILE)_MD5 = 847787cd0616d38b0e429ea85f558c31
>> +$(DL_FILE)_MD5 = eece7b1e87983271621a0cb6aab37a25
>>  
>>  install : $(TARGET)
>>  
>> @@ -78,13 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>  	@$(PREBUILD)
>>  	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
>>  	cd $(DIR_APP) && ./configure \
>> +		--with-gitconfig=/etc/gitconfig \
> 
> Why is this necessary?

It is a default from Linux from scratch website.
http://www.linuxfromscratch.org/blfs/view/svn/general/git.html
This sets /etc/gitconfig as the file that stores the default, system 
wide, Git settings

> 
>>  		--prefix=/usr \
>>  		--with-libpcre \
>>  		--with-curl \
>>  		--with-expat
>> -
>>  	cd $(DIR_APP) && make $(MAKETUNING)
>>  	cd $(DIR_APP) && make install
>> -
>>  	@rm -rf $(DIR_APP)
>>  	@$(POSTBUILD)
> 
> No need to remove empty lines that just improve readability.
> Best,
> -Michael