aboutsummaryrefslogtreecommitdiff
path: root/package/git
Commit message (Collapse)AuthorAgeFilesLines
* package/git: security bump to version 2.24.1Gravatar Peter Korsgaard22 hours2-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the following security vulnerabilities: * CVE-2019-1348: The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. * CVE-2019-1349: When submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice. We now require the directory to be empty. * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs. * CVE-2019-1351: While the only permitted drive letters for physical drives on Windows are letters of the US-English alphabet, this restriction does not apply to virtual drives assigned via subst <letter>: <path>. Git mistook such paths for relative paths, allowing writing outside of the worktree while cloning. * CVE-2019-1352: Git was unaware of NTFS Alternate Data Streams, allowing files inside the .git/ directory to be overwritten during a clone. * CVE-2019-1353: When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. * CVE-2019-1354: Filenames on Linux/Unix can contain backslashes. On Windows, backslashes are directory separators. Git did not use to refuse to write out tracked files with such filenames. * CVE-2019-1387: Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/git: bump to 2.24.0Gravatar Matt Weber2019-11-162-2/+2
| | | | | Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/git: work around gcc bug 85180Gravatar Giulio Benetti2019-08-011-0/+8
| | | | | | | | | | | | | | | With Microblaze Gcc version < 8.x the build hangs due to gcc bug 85180: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85180. The bug shows up when building git with optimization but not when building with -O0. To work around this, if BR2_TOOLCHAIN_HAS_GCC_BUG_85180=y we force using -O0. Fixes: http://autobuild.buildroot.net/results/7ad/7adff001631053ae5a3cb3e176d321f6a2d3cceb/ Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/git: remove autoreconfGravatar Vadim Kochan2019-07-241-1/+0
| | | | | | | | | After (8aa5ee1721 package/git: bump to version 2.22.0) autoreconf is not needed anymore because patch which modified the configure script was removed. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/git: fix build with curlGravatar Fabrice Fontaine2019-06-111-1/+1
| | | | | | | | | | | curl-config path can be set through ac_cv_prog_CURL_CONFIG and not ac_cv_prog_curl_config Fixes: - http://autobuild.buildroot.org/results/4b22f761795d8760dac6ddfd40934259f0135a4d Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/git: bump to version 2.22.0Gravatar Vadim Kochan2019-06-113-51/+2
| | | | | | | Remove patch with NLS fix because it is was added into latest version. Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/git: fix build with NLS enabledGravatar Vadim Kochan2019-04-182-0/+50
| | | | | | | | | | | | | | | | | | | | | | | | | git fails to build with NLS enabled because of weak check for gettext in configure.ac. The AC_CHECK_LIB(c, gettext ...) is used to set LIBC_CONTAINS_LIBINTL variable. If the variable is set then '-libs' is not passed to the linker, but this variable is set to 'Yes' even libc implementation does not provide libintl support, the AC_CHECK passes because gcc has gettext builtin. So use instead AC_LINK_IFELSE with included libintl.h because it makes gettext to unfold as libintl_gettext which causes AC_CHECK to fail for cases when gettext is not provided by libc. Tested by ./utils/test-pkg with NLS disabled/enabled. Fixes: http://autobuild.buildroot.net/results/091b790ca6f5b46d5d29211dc1cb3ff05b62a965 http://autobuild.buildroot.net/results/a69b58b35b270fdd2df9b076e7030bb594520197 http://autobuild.buildroot.net/results/f104c4e6ff41b1dd175f2d27f3b4ea7c9b61f7c5 http://autobuild.buildroot.net/results/ee12bdba398a139995de5f6f6718be6a493541d9 http://autobuild.buildroot.net/results/74fa6b2bfbb1301e35c9dd1bbc04856c1cbf25f2 Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/git: use pkg-config to get ssl dependenciesGravatar Fabrice Fontaine2019-03-261-2/+2
| | | | | | | | | | | | | | | | | | | | | On some architectures, atomic binutils are provided by the libatomic library from gcc. Linking with libatomic is therefore necessary, otherwise the build fails with: /home/test/autobuild/run/instance-2/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_cert.o): In function `CRYPTO_DOWN_REF': /home/test/autobuild/run/instance-2/output/build/libopenssl-1.1.1a/include/internal/refcount.h:50: undefined reference to `__atomic_fetch_sub_4' This is often for example the case on sparcv8 32 bit. To fix this issue, use pkg-config to retrieve openssl dependencies including atomic library, these dependencies must be passed to LIB_4_CRYPTO IN GIT_MAKE_OPTS Fixes: - http://autobuild.buildroot.org/results/3093897d14a854a7252b25b2fa1f8fdcbb26c9b7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* git: security bump to version 2.16.5Gravatar Peter Korsgaard2018-10-072-2/+2
| | | | | | | | | Fixes CVE-2018-17456: RCE issue in handling of git submodules For more details, see the announcement: https://marc.info/?l=git&m=153875888916397&w=2 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: security bump to version 2.16.4Gravatar Baruch Siach2018-05-292-2/+2
| | | | | | | | | | | | | | | | | | | | | Forward port of security fixes from the 2.13.7 release. The 2.13.7 release notes say this: * Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). Cc: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/git: bump version to 2.16.3Gravatar Bernd Kuhls2018-04-022-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/git: bump version to 2.16.1Gravatar Bernd Kuhls2018-01-282-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/git: add optional support for pcre2Gravatar Bernd Kuhls2017-11-231-2/+5
| | | | | | | | | | | | | | | | | | Renamed --with-libpcre to --with-libpcre1. Currently --with-libpcre activates pcre1 support but this can change in the future to pcre2: https://github.com/git/git/blob/df7fd961a9d9ba60840ffc0868d36cc3db2aec74/configure.ac#L258 Please note that we cannot use --with-/--without because it will lead to an error reported by configure, for example --with-libpcre1 --without-libpcre2 will produce configure: error: Only supply one of --with-libpcre1 or --with-libpcre2! Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/git: bump version to 2.15.0Gravatar Bernd Kuhls2017-10-312-3/+4
| | | | | | | | | | | | To avoid the build error grep.c:(.text+0xa02): undefined reference to `pcre_jit_exec' we need to add NO_LIBPCRE1_JIT=1 according to https://www.spinics.net/lists/git/msg314515.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/git: security bump to version 2.13.6Gravatar Bernd Kuhls2017-09-272-2/+2
| | | | | | | | Release notes: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/git: security bump to version 2.13.5Gravatar Bernd Kuhls2017-08-122-2/+2
| | | | | | | | | Fixes CVE-2017-1000117: http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/g*: fix wrapping of Config.in help textGravatar Adam Duskett2017-07-311-2/+3
| | | | | | | | | | | | | | The check-package script when ran gives warnings on text wrapping on all of these Config files. This patch cleans up all warnings related to the text wrapping for the Config files starting with the letter g in the package directory. The appropriate indentation is: <tab><2 spaces><62 chars> See http://nightly.buildroot.org/#writing-rules-config-in for more information. Signed-off-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump to version 2.13.3Gravatar Baruch Siach2017-07-182-2/+4
| | | | | | | Add license files hashes. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: use BR2_KERNEL_MIRROR as download siteGravatar Baruch Siach2017-07-181-1/+1
| | | | | Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: fix build with NLS disabledGravatar Baruch Siach2017-07-151-0/+6
| | | | | | | | | | | | | | | | | | | Since commit bbfb02598bf75 (git: use the new gettext logic) host-gettext is no longer an unconditional dependency of git. When NLS is disabled host-gettext is not built. This breaks the build of git, because the git Makefile runs msgfmt unless NO_GETTEXT is defined. Define NO_GETTEXT when NLS is disabled to fix the build. Fixes: http://autobuild.buildroot.net/results/c87/c8717619a1307f21cb9fe61196511cea44f72015/ http://autobuild.buildroot.net/results/e7a/e7acff51f988c333c3fe0c4a18eed42a273932d3/ http://autobuild.buildroot.net/results/153/153b17959847ec2079883c087cee27afbdf9571e/ Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Sagaert Johan <sagaert.johan@skynet.be> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: use the new gettext logicGravatar Thomas Petazzoni2017-07-051-5/+1
| | | | | | | | This commit switches to use the new gettext logic, which involves using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies on gettext/host-gettext. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.13.0Gravatar Vicente Olivert Riera2017-05-104-148/+2
| | | | | | | | | Patches 0001 and 0002 already included in this release: https://github.com/git/git/commit/379642bcd8d89db52feba88a651e4e56d6ac5767 https://github.com/git/git/commit/2225e1ea20481a7c0da526891470abf9ece623e7 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package makefiles: clean up backslash spacing.Gravatar Adam Duskett2017-04-221-1/+1
| | | | | | | | | | The check-package script when ran gave warnings on only using one space before backslashes on all of these makefiles. This patch cleans up all warnings related to the one space before backslashes rule in the make files in the package directory. Signed-off-by: Adam Duskett <aduskett@codeblue.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+Gravatar Rahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license string as much as possible. SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+Gravatar Rahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license strings as much as possible. SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+. This change is done by using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.12.2Gravatar Vicente Olivert Riera2017-03-282-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: fix build with with no threadsGravatar Rahul Bedarkar2017-03-222-0/+146
| | | | | | | | | | | | | | | | | | | | | | | | | When building git with toolchain that don't have thread support, we get following build errors: CC builtin/hash-object.o builtin/grep.c: In function 'grep_submodule_launch': builtin/grep.c:596:34: error: dereferencing pointer to incomplete type 'struct work_item' status = capture_command(&cp, &w->out, 0); ^ builtin/grep.c: In function 'grep_submodule': builtin/grep.c:644:20: error: storage size of 'w' isn't known struct work_item w; ^ make[2]: *** [builtin/grep.o] Error 1 make[2]: *** Waiting for unfinished jobs.... Add two upstream patches to fix this issue. Fixes: http://autobuild.buildroot.net/results/94b/94bce9a99a5ce9894a6918774ab75e23d12c1394/ Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.12.1Gravatar Vicente Olivert Riera2017-03-212-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/git: fix pcre supportGravatar Bernd Kuhls2017-03-121-2/+2
| | | | | | | The current code contains some obvious typos. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/git: add optional support for gettextGravatar Bernd Kuhls2017-03-121-0/+4
| | | | | | | | | | | | git links to libintl if available: $ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/bin/git | grep NEEDED 0x00000001 (NEEDED) Shared library: [libz.so.1] 0x00000001 (NEEDED) Shared library: [libintl.so.8] 0x00000001 (NEEDED) Shared library: [libc.so.0] Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.12.0Gravatar Vicente Olivert Riera2017-03-102-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: improve license type listsGravatar Danomi Manchego2017-02-201-1/+1
| | | | | | | | | | | | | | | Make license type lists more uniform: * put content license applies to in parenthesis; ex: "GPLv2+ (programs)" * use commas to separate types listed without conjuction; ex: "GPLv2, LGPLv2" No attempt was made to validate the claimed licenses. This is just a tweak to increase uniformity of the _LICENSE variables. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> [Thomas: replace semi-colons by commas in LIBURCU_LICENSE.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/git: bump version to 2.11.1Gravatar Bernd Kuhls2017-02-042-2/+2
| | | | | Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump version to 2.11.0Gravatar Vicente Olivert Riera2016-11-302-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump version to 2.10.2Gravatar Vicente Olivert Riera2016-11-012-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.10.1Gravatar Vicente Olivert Riera2016-10-132-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump version to 2.10.0Gravatar Vicente Olivert Riera2016-09-052-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.9.3Gravatar Rodrigo Rebello2016-08-172-2/+2
| | | | | Signed-off-by: Rodrigo Rebello <rprebello@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump version to 2.9.1Gravatar Vicente Olivert Riera2016-07-142-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.8.3Gravatar Vicente Olivert Riera2016-05-222-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.8.2Gravatar Vicente Olivert Riera2016-05-042-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump version to 2.8.1Gravatar Vicente Olivert Riera2016-04-052-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump version to 2.8.0Gravatar Vicente Olivert Riera2016-03-292-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump version to 2.7.4Gravatar Vicente Olivert Riera2016-03-182-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump version to 2.6.4Gravatar Vicente Olivert Riera2015-12-093-90/+2
| | | | | | | | | | | - Bump version to 2.6.4 - Update the hash value - Remove 0002-Makefile-make-curl-config-path-configurable.patch - This patch is now part of upstream: https://github.com/git/git/commit/f89158760d5f02ba59f644799abd921e6be22f13 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/git: Used curl-config program for targetGravatar Remi Pommarel2015-11-042-1/+91
| | | | | | | | Fix cross compilation by using curl-config script for target instead of the one from host. Signed-off-by: Remi Pommarel <repk@triplefau.lt> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: fix config option used to detect libcurl availabilityGravatar Thomas Petazzoni2015-11-041-1/+1
| | | | | | | | | | | | BR2_PACKAGE_CURL is currently used by the git package to find out if libcurl is available. While indeed BR2_PACKAGE_CURL indicates that libcurl is available, it is not the most appropriate option for this: BR2_PACKAGE_LIBCURL is better. BR2_PACKAGE_LIBCURL indicates that libcurl is available, while BR2_PACKAGE_CURL indicates that both libcurl and the curl program are available. Only the former is needed by Git. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* git: bump to version 2.6.1Gravatar Vicente Olivert Riera2015-10-062-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump to version 2.6.0Gravatar Vicente Olivert Riera2015-09-302-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* git: bump to version 2.5.3Gravatar Vicente Olivert Riera2015-09-192-2/+2
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>