1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00

git: fix CVE-2021-21300

checkout: fix bug that makes checkout follow symlinks in leading path

Upstream-Status: Acepted [https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592]
CVE: CVE-2021-21300
(From OE-Core rev: 51450bb2a1cce636258c207d52696e436daa5097)

Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Minjae Kim
2021-03-27 14:15:38 +09:00
committed by Richard Purdie
parent f1b820e368
commit ea4682c61d
2 changed files with 307 additions and 1 deletions
+3 -1
View File
@@ -8,7 +8,9 @@ PROVIDES_append_class-native = " git-replacement-native"
SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
file://fixsort.patch"
file://fixsort.patch \
file://CVE-2021-21300.patch \
"
S = "${WORKDIR}/git-${PV}"