[Buildroot] [PATCH v1] package/git: bump version to 2.39.1
Bagas Sanjaya
bagasdotme at gmail.com
Fri Jan 20 02:41:15 UTC 2023
On 1/20/23 03:42, Peter Seiderer wrote:
> Hello *,
>
> On Thu, 19 Jan 2023 15:10:04 +0700, Bagas Sanjaya <bagasdotme at gmail.com> wrote:
>
>> On Wed, Jan 18, 2023 at 10:35:17PM +0100, Peter Seiderer wrote:
>>> - fixes CVE-2022-41903 and CVE-2022-23521
>>>
>>> For details see [1].
>>>
>>> [1] https://lore.kernel.org/git/xmqq7cxl9h0i.fsf@gitster.g/
>>>
>>
>> Ah! I'm about to submit the same bump. My bump builds fine, so I think
>> it is also applicable to yours.
>>
>> Tested-by: Bagas Sanjaya <bagasdotme at gmail.com>
>
> Thanks for confirmation...
>
>>
>>> Signed-off-by: Peter Seiderer <ps.report at gmx.net>
>>> ---
>>> package/git/git.hash | 2 +-
>>> package/git/git.mk | 2 +-
>>> 2 files changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/package/git/git.hash b/package/git/git.hash
>>> index 57a77b2810..75398896e5 100644
>>> --- a/package/git/git.hash
>>> +++ b/package/git/git.hash
>>> @@ -1,5 +1,5 @@
>>> # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
>>> -sha256 ba199b13fb5a99ca3dec917b0bd736bc0eb5a9df87737d435eddfdf10d69265b git-2.39.0.tar.xz
>>> +sha256 40a38a0847b30c371b35873b3afcf123885dd41ea3ecbbf510efa97f3ce5c161 git-2.39.1.tar.xz
>>> # Locally calculated
>>> sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
>>> sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
>>> diff --git a/package/git/git.mk b/package/git/git.mk
>>> index 9918d4c1ef..1d728e1964 100644
>>> --- a/package/git/git.mk
>>> +++ b/package/git/git.mk
>>> @@ -4,7 +4,7 @@
>>> #
>>> ################################################################################
>>>
>>> -GIT_VERSION = 2.39.0
>>> +GIT_VERSION = 2.39.1
>>> GIT_SOURCE = git-$(GIT_VERSION).tar.xz
>>> GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
>>> GIT_LICENSE = GPL-2.0, LGPL-2.1+
>>
>> The package patches apply here (with fuzz), so you need to refresh these
>> against v2.39.1:
>
> Matter of taste (?), but for my taste unneeded code churn... as long as the
> patches apply unchanged...
>
The fuzziness when applying the patch is due to commit 48050c42c7 (pretty:
fix integer overflow in wrapping format, 2022-12-01).
IMO, in any case, when a new upstream version is released, any out-of-tree
patches (like ones Buildroot ship) should be refreshed in order for them
to be applied cleanly.
Thanks.
--
An old man doll... just what I always wanted! - Clara
More information about the buildroot
mailing list