mirror of
https://git.yoctoproject.org/poky
synced 2026-07-17 04:07:06 +00:00
git: Security Advisory - git - CVE-2020-11008
Backport the 1st -- 9th patches listed by <https://github.com/git/git/compare/v2.17.4...v2.17.5> to solve CVE-2020-11008. Also backport the 2nd -- 4th patches listed by <https://github.com/git/git/compare/v2.17.3...v2.17.4> for CVE-2020-5260 (not necessary, and only the 1st patch is necessary for this CVE), because some of the above 9 patches are based on them. (From OE-Core rev: 63c7f76912f097cdfb95296778c42887b7336925) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
@@ -9,6 +9,18 @@ PROVIDES_append_class-native = " git-replacement-native"
|
||||
SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
|
||||
${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
|
||||
file://CVE-2020-5260.patch \
|
||||
file://0001-t-lib-credential-use-test_i18ncmp-to-check-stderr.patch \
|
||||
file://0002-credential-detect-unrepresentable-values-when-parsin.patch \
|
||||
file://0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch \
|
||||
file://CVE-2020-11008-1.patch \
|
||||
file://CVE-2020-11008-2.patch \
|
||||
file://CVE-2020-11008-3.patch \
|
||||
file://CVE-2020-11008-4.patch \
|
||||
file://CVE-2020-11008-5.patch \
|
||||
file://CVE-2020-11008-6.patch \
|
||||
file://CVE-2020-11008-7.patch \
|
||||
file://CVE-2020-11008-8.patch \
|
||||
file://CVE-2020-11008-9.patch \
|
||||
"
|
||||
|
||||
S = "${WORKDIR}/git-${PV}"
|
||||
|
||||
Reference in New Issue
Block a user