mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-22 17:39:39 +01:00

Commit Graph

Author	SHA1	Message	Date
Alexander Kanavin	d2b7bf95fc	make: update 4.3 -> 4.4 Deleted patches: make/0001-makeinst-Do-not-undef-POSIX-on-clang-arm.patch (modified bit removed upstream) make/0001-src-dir.c-fix-buffer-overflow-warning.patch make/0002-w32-compat-dirent.c-follow-header.patch make/0003-posixfcn-fcntl-gnulib-make-emulated.patch (fixed upstream) make/0002-modules-fcntl-allow-being-detected-by-importing-proj.patch (code removed upstream) License-update: formatting (From OE-Core rev: fe9650c1766707067482206a3ed3288ba44c1050) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-15 09:38:37 +00:00
Tim Orling	6100383cc4	git: upgrade 2.37.3 -> 2.38.1 Fixes CVE-2022-39260 Git v2.38.1 Release Notes ========================= This release merges the security fix that appears in v2.30.6; see the release notes for that version for details. Excerpt from 2.30.6 release notes: * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. For 2.38.0 changes, see: https://github.com/git/git/blob/master/Documentation/RelNotes/2.38.0.txt (From OE-Core rev: b304768711374066db320fe87960be81f54a8424) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-10-26 12:28:40 +01:00

Author

SHA1

Message

Date

Alexander Kanavin

d2b7bf95fc

make: update 4.3 -> 4.4

Deleted patches:
make/0001-makeinst-Do-not-undef-POSIX-on-clang-arm.patch
(modified bit removed upstream)
make/0001-src-dir.c-fix-buffer-overflow-warning.patch
make/0002-w32-compat-dirent.c-follow-header.patch
make/0003-posixfcn-fcntl-gnulib-make-emulated.patch
(fixed upstream)
make/0002-modules-fcntl-allow-being-detected-by-importing-proj.patch
(code removed upstream)

License-update: formatting

(From OE-Core rev: fe9650c1766707067482206a3ed3288ba44c1050)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-11-15 09:38:37 +00:00

Tim Orling

6100383cc4

git: upgrade 2.37.3 -> 2.38.1

Fixes CVE-2022-39260

Git v2.38.1 Release Notes
=========================

This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.

Excerpt from 2.30.6 release notes:

 * CVE-2022-39260:
   An overly-long command string given to `git shell` can result in
   overflow in `split_cmdline()`, leading to arbitrary heap writes and
   remote code execution when `git shell` is exposed and the directory
   `$HOME/git-shell-commands` exists.

   `git shell` is taught to refuse interactive commands that are
   longer than 4MiB in size. `split_cmdline()` is hardened to reject
   inputs larger than 2GiB.

Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub.
The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau.

For 2.38.0 changes, see:
https://github.com/git/git/blob/master/Documentation/RelNotes/2.38.0.txt

(From OE-Core rev: b304768711374066db320fe87960be81f54a8424)

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2022-10-26 12:28:40 +01:00

2 Commits