package/git: security bump to version 2.31.2

Fixes the following security issue: CVE-2022-24765: On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when there is a scratch space (`/scratch/`) intended for all users and another user created a repository in `/scratch/.git`. Merely having a Git-aware prompt that runs `git status` (or `git diff`) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user via `/scratch/.git/config`. https://www.openwall.com/lists/oss-security/2022/04/12/7 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 832107c6dc) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-13 14:42:52 +02:00 · 2022-04-13 14:42:52 +02:00 · 4059d9d67b
commit 4059d9d67b
parent f019665901
2 changed files with 2 additions and 2 deletions
--- a/package/git/git.hash
+++ b/package/git/git.hash
@ -1,5 +1,5 @@
 # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256  9f61417a44d5b954a5012b6f34e526a3336dcf5dd720e2bb7ada92ad8b3d6680  git-2.31.1.tar.xz
+sha256  d9167d801cf4aa2abca6e8f43d5d1b383e02e4d257ac1dc071802bb773ed0e2a  git-2.31.2.tar.xz
 # Locally calculated
 sha256  5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e  COPYING
 sha256  1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a  LGPL-2.1
--- a/package/git/git.mk
+++ b/package/git/git.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-GIT_VERSION = 2.31.1
+GIT_VERSION = 2.31.2
 GIT_SOURCE = git-$(GIT_VERSION).tar.xz
 GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
 GIT_LICENSE = GPL-2.0, LGPL-2.1+