1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00

git: Security Advisory - git - CVE-2020-11008

Backport the 1st -- 9th patches listed by
<https://github.com/git/git/compare/v2.17.4...v2.17.5>
to solve CVE-2020-11008.

Also backport the 2nd -- 4th patches listed by
<https://github.com/git/git/compare/v2.17.3...v2.17.4>
for CVE-2020-5260 (not necessary, and only the 1st patch is necessary
for this CVE), because some of the above 9 patches are based on them.

(From OE-Core rev: 63c7f76912f097cdfb95296778c42887b7336925)

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Li Zhou
2020-04-27 17:17:49 +08:00
committed by Richard Purdie
parent cfcd63e044
commit 3412c7b713
13 changed files with 1667 additions and 0 deletions
+12
View File
@@ -9,6 +9,18 @@ PROVIDES_append_class-native = " git-replacement-native"
SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
file://CVE-2020-5260.patch \
file://0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch \
file://0002-credential-detect-unrepresentable-values-when-parsin.patch \
file://0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch \
file://CVE-2020-11008-1.patch \
file://CVE-2020-11008-2.patch \
file://CVE-2020-11008-3.patch \
file://CVE-2020-11008-4.patch \
file://CVE-2020-11008-5.patch \
file://CVE-2020-11008-6.patch \
file://CVE-2020-11008-7.patch \
file://CVE-2020-11008-8.patch \
file://CVE-2020-11008-9.patch \
"
S = "${WORKDIR}/git-${PV}"