package/git: security bump to version 2.43.6

Fixes the following vulnerabilities: - CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the user susceptible to crafted URLs (e.g. in recursive clones) that mislead the user into typing in passwords for trusted sites that would then be sent to untrusted sites instead. - CVE-2024-52006 Git may pass on Carriage Returns via the credential protocol to credential helpers which use line-reading functions that interpret said Carriage Returns as line endings, even though Git did not intend that. For more details, see the announcement: https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2025-01-22 17:32:11 +01:00 · 2025-01-22 17:32:11 +01:00 · 954711047f
commit 954711047f
parent ff13942c67
2 changed files with 2 additions and 2 deletions
--- a/package/git/git.hash
+++ b/package/git/git.hash
@ -1,5 +1,5 @@
 # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256  8b7cc3db84c5c6a2eeb39c63686ff5cde26278e32bb0d2226a8b424488420b98  git-2.43.5.tar.xz
+sha256  25f329439ebcc8a6fe160a5600499f6a179c784d8efa4d50d54e5d77a4d13a62  git-2.43.6.tar.xz
 # Locally calculated
 sha256  5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e  COPYING
 sha256  1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a  LGPL-2.1
--- a/package/git/git.mk
+++ b/package/git/git.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-GIT_VERSION = 2.43.5
+GIT_VERSION = 2.43.6
 GIT_SOURCE = git-$(GIT_VERSION).tar.xz
 GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
 GIT_LICENSE = GPL-2.0, LGPL-2.1+