* [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5
@ 2017-08-11 17:17 Bernd Kuhls
2017-08-12 10:16 ` Yann E. MORIN
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Bernd Kuhls @ 2017-08-11 17:17 UTC (permalink / raw)
To: buildroot
Fixes CVE-2017-1000117:
http://www.mail-archive.com/linux-kernel at vger.kernel.org/msg1466490.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
Since bumping to 2.14.1 would be a feature patch we stick to 2.13.x in
the master branch and bump to 2.14.1 on the next branch.
package/git/git.hash | 2 +-
package/git/git.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/git/git.hash b/package/git/git.hash
index 66bb1367d..8aa0503db 100644
--- a/package/git/git.hash
+++ b/package/git/git.hash
@@ -1,4 +1,4 @@
# From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256 91aa23be428f67eb19616f43fa0229d567e9acf4f08fba33eb0b627e4d323e62 git-2.13.3.tar.xz
+sha256 21c9e29caac86d244ac7af78bc3422746dabb903cb3952a1ceefd801020ad1a1 git-2.13.5.tar.xz
sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
diff --git a/package/git/git.mk b/package/git/git.mk
index d95c2fec3..fe4d55376 100644
--- a/package/git/git.mk
+++ b/package/git/git.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GIT_VERSION = 2.13.3
+GIT_VERSION = 2.13.5
GIT_SOURCE = git-$(GIT_VERSION).tar.xz
GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
GIT_LICENSE = GPL-2.0, LGPL-2.1+
--
2.11.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5
2017-08-11 17:17 [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5 Bernd Kuhls
@ 2017-08-12 10:16 ` Yann E. MORIN
2017-08-12 10:18 ` Yann E. MORIN
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2017-08-12 10:16 UTC (permalink / raw)
To: buildroot
Bernd, All,
On 2017-08-11 19:17 +0200, Bernd Kuhls spake thusly:
> Fixes CVE-2017-1000117:
> http://www.mail-archive.com/linux-kernel at vger.kernel.org/msg1466490.html
Then we should also update subversion at the same time, to fix the same
CVE:
https://www.mail-archive.com/announce at apache.org/msg04041.html
Mercurial is also impacted, but we don;t have a package for it.
Regards,
Yann E. MORIN.
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
> Since bumping to 2.14.1 would be a feature patch we stick to 2.13.x in
> the master branch and bump to 2.14.1 on the next branch.
>
> package/git/git.hash | 2 +-
> package/git/git.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/git/git.hash b/package/git/git.hash
> index 66bb1367d..8aa0503db 100644
> --- a/package/git/git.hash
> +++ b/package/git/git.hash
> @@ -1,4 +1,4 @@
> # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
> -sha256 91aa23be428f67eb19616f43fa0229d567e9acf4f08fba33eb0b627e4d323e62 git-2.13.3.tar.xz
> +sha256 21c9e29caac86d244ac7af78bc3422746dabb903cb3952a1ceefd801020ad1a1 git-2.13.5.tar.xz
> sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
> sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
> diff --git a/package/git/git.mk b/package/git/git.mk
> index d95c2fec3..fe4d55376 100644
> --- a/package/git/git.mk
> +++ b/package/git/git.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -GIT_VERSION = 2.13.3
> +GIT_VERSION = 2.13.5
> GIT_SOURCE = git-$(GIT_VERSION).tar.xz
> GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
> GIT_LICENSE = GPL-2.0, LGPL-2.1+
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5
2017-08-11 17:17 [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5 Bernd Kuhls
2017-08-12 10:16 ` Yann E. MORIN
@ 2017-08-12 10:18 ` Yann E. MORIN
2017-08-12 20:57 ` Arnout Vandecappelle
2017-09-05 22:09 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2017-08-12 10:18 UTC (permalink / raw)
To: buildroot
Bernd, All,
On 2017-08-11 19:17 +0200, Bernd Kuhls spake thusly:
> Fixes CVE-2017-1000117:
> http://www.mail-archive.com/linux-kernel at vger.kernel.org/msg1466490.html
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Regards,
Yann E. MORIN.
> ---
> Since bumping to 2.14.1 would be a feature patch we stick to 2.13.x in
> the master branch and bump to 2.14.1 on the next branch.
>
> package/git/git.hash | 2 +-
> package/git/git.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/git/git.hash b/package/git/git.hash
> index 66bb1367d..8aa0503db 100644
> --- a/package/git/git.hash
> +++ b/package/git/git.hash
> @@ -1,4 +1,4 @@
> # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
> -sha256 91aa23be428f67eb19616f43fa0229d567e9acf4f08fba33eb0b627e4d323e62 git-2.13.3.tar.xz
> +sha256 21c9e29caac86d244ac7af78bc3422746dabb903cb3952a1ceefd801020ad1a1 git-2.13.5.tar.xz
> sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
> sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
> diff --git a/package/git/git.mk b/package/git/git.mk
> index d95c2fec3..fe4d55376 100644
> --- a/package/git/git.mk
> +++ b/package/git/git.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -GIT_VERSION = 2.13.3
> +GIT_VERSION = 2.13.5
> GIT_SOURCE = git-$(GIT_VERSION).tar.xz
> GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
> GIT_LICENSE = GPL-2.0, LGPL-2.1+
> --
> 2.11.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5
2017-08-11 17:17 [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5 Bernd Kuhls
2017-08-12 10:16 ` Yann E. MORIN
2017-08-12 10:18 ` Yann E. MORIN
@ 2017-08-12 20:57 ` Arnout Vandecappelle
2017-09-05 22:09 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Arnout Vandecappelle @ 2017-08-12 20:57 UTC (permalink / raw)
To: buildroot
On 11-08-17 19:17, Bernd Kuhls wrote:
> Fixes CVE-2017-1000117:
> http://www.mail-archive.com/linux-kernel at vger.kernel.org/msg1466490.html
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Applied to master, thanks.
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5
2017-08-11 17:17 [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5 Bernd Kuhls
` (2 preceding siblings ...)
2017-08-12 20:57 ` Arnout Vandecappelle
@ 2017-09-05 22:09 ` Peter Korsgaard
3 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2017-09-05 22:09 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Fixes CVE-2017-1000117:
> http://www.mail-archive.com/linux-kernel at vger.kernel.org/msg1466490.html
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
> Since bumping to 2.14.1 would be a feature patch we stick to 2.13.x in
> the master branch and bump to 2.14.1 on the next branch.
FYI, I've bumped git to 2.12.4 for 2017.02.x instead of cherry picking
this patch.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-09-05 22:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-11 17:17 [Buildroot] [PATCH 1/1] package/git: security bump to version 2.13.5 Bernd Kuhls
2017-08-12 10:16 ` Yann E. MORIN
2017-08-12 10:18 ` Yann E. MORIN
2017-08-12 20:57 ` Arnout Vandecappelle
2017-09-05 22:09 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.