Signed-off-by: Daniel Lang <d.lang@abatec.at>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 159df6a531)
[Peter: drop 6.1.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a
heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted
TIFF image.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d7ae47f0c6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
A flaw was found in all released versions of m2crypto, where they are
vulnerable to Bleichenbacher timing attacks in the RSA decryption API
via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest
threat from this vulnerability is to confidentiality.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a86d44a3eb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d6f194c513)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without NPTL raised since the addition
of the package in commit 1e64fa2956:
/tmp/instance-7/output-1/build/gdal-3.5.2/port/cpl_multiproc.cpp: In function 'CPLSpinLock* CPLCreateSpinLock()':
/tmp/instance-7/output-1/build/gdal-3.5.2/port/cpl_multiproc.cpp:2265:9: error: 'pthread_spin_init' was not declared in this scope; did you mean 'pthread_cond_init'?
2265 | pthread_spin_init(&(psSpin->spin), PTHREAD_PROCESS_PRIVATE) == 0 )
| ^~~~~~~~~~~~~~~~~
| pthread_cond_init
Fixes:
- http://autobuild.buildroot.org/results/aa2a88990a07e551c40efb0c2180768add600c4f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 93f5ba3853)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following libressl build failure which is probably raised since
the addition of the package in commit
65d891efc2:
../src/server/listener.cc: In member function 'void Pistache::Tcp::Listener::setupSSLAuth(const std::string&, const std::string&, int (*)(int, void*))':
../src/server/listener.cc:582:29: error: 'SSL_verify_cb' was not declared in this scope; did you mean 'RSA_verify'?
582 | (SSL_verify_cb)cb
| ^~~~~~~~~~~~~
| RSA_verify
Fixes:
- http://autobuild.buildroot.org/results/066fc078980e5216f38411eee455088e15fa1101
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0b9dda434f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
C++ is mandatory since at least version 1.23.0 and
c91a7d0c56
resulting in the following build failure since bump to version 1.23.4 in
commit 32d8e23b97:
RuntimeError: Broken toolchain: cannot link a simple C++ program. note: A compiler with support for C++11 language features is required.
Fixes:
- http://autobuild.buildroot.org/results/2d048d9b669ad60f37eeb2162b0a4f9fb425be1e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cc5a6c4af7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure raised since bump to version 0.10.2 in
commit 58cc3977e8:
In file included from /home/thomas/autobuild/instance-3/output-1/per-package/lirc-tools/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/include/python3.11/Python.h:38,
from lirc/_client.c:1:
/home/thomas/autobuild/instance-3/output-1/per-package/lirc-tools/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/include/python3.11/pyport.h:601:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
601 | #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/85359d3f678b49e46821a1c10da5f14edfb5e6d0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6ec2a9d438)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure:
Can't locate object method "hexhash" via package "MD5" at utils/git-testament.pl line 47
Fixes:
- http://autobuild.buildroot.org/results/3dddcbbe7f6ecae5a2db6fac11fb659719452f73
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b83a9675cb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure without stack-protector raised since the
addition of the package in commit
27b8d0ba8c:
Checking for library ssp : not found
Checking for library ssp_nonshared : not found
Checking if C compiler supports -fstack-protector-all : yes
[...]
The configuration failed
(complete log in /home/autobuild/autobuild/instance-2/output-1/build/ntpsec-1_2_2/build/config.log)
Fixes:
- http://autobuild.buildroot.org/results/f38abc6b7f8464836231192cfe078a5b27319a8a
- http://autobuild.buildroot.org/results/62be818e2f2eac07b4a2de6f4a8898cc4cc05b1f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4a99d6611f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
locale_t is unconditionally used since version 1.5 and
4ed6f0b3a4
resulting in the following build failure since the addition of the
package in commit 0c52826291:
module.c:33:37: error: unknown type name 'locale_t'
33 | static char *strerror_l(int errnum, locale_t locale UNUSED)
| ^~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/ede9eb1f13d56c77005cc448416fb2efa9d16ff0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a6b4217312)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl by using SSL_is_server
which is available since version 2.7.0 and
d7ec516916:
iostream.c: In function 'ast_iostream_close':
iostream.c:559:41: error: invalid use of incomplete typedef 'SSL' {aka 'struct ssl_st'}
559 | if (!stream->ssl->server) {
| ^~
Fixes:
- http://autobuild.buildroot.org/results/ce4d62d00bb77ba5b303cacf6be7e350581a62f9
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c8985cf50c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
CPE ID is wrong since the addition of the package in commit
27b8d0ba8c, the correct CPE ID is
cpe:2.3🅰️ntpsec:ntpsec:1.2.2:*:*:*:*:*:*:*, not
cpe:2.3🅰️ntpsec:ntpsec:1.2:2:*:*:*:*:*:*
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 723ecc9297)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- remove 001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch
(upstream applied, see [1])
- rename 0002-wscript-remove-checks-for-bsd-string.h-fixes-host-co.patch
to 0001-wscript-remove-checks-for-bsd-string.h-fixes-host-co.patch
- remove 0003-fix-build-with-libressl.patch
(upstream applied, see [2])
- update license file list (change from LICENSE.adoc to LICENSES/BSD-2,
LICENSES/BSD-3, LICENSES/CC-BY-4.0, LICENSES/MIT, LICENSES/NTP)
For details see [3].
[1] 0bea0bef36
[2] 128b66ae12
[3] https://gitlab.com/NTPsec/ntpsec/-/blob/master/NEWS.adoc
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 658ece1afa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
threads are mandatory since version 19.1.1 and
9e4aa143fb
resulting in the following build failure since commit
cd206d9b80:
CMake Error at /home/thomas/autobuild/instance-2/output-1/host/share/cmake-3.22/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
Could NOT find Threads (missing: Threads_FOUND)
Fixes:
- http://autobuild.buildroot.org/results/c1120932e8c212820b239ee8cd4a057623a73376
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b5d310772d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Current website is down:
https://github.com/amzn/hawktracer/issues/87
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit edc6350d42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with libressl >= 3.5.0 raised since bump
to version 3.5.2 in commit 8b216927db:
api_ng.c: In function 'EVP_CIPHER_CTX_copy':
api_ng.c:392:28: error: invalid use of incomplete typedef 'EVP_CIPHER_CTX' {aka 'const struct evp_cipher_ctx_st'}
392 | if ((in == NULL) || (in->cipher == NULL))
| ^~
Fixes:
- http://autobuild.buildroot.org/results/90f7365d8477d35fca452b7b3f38babba086375e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2625406643)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
SAE, unlike OWE or DPP, does not explicitly enable support for sha384
hash functions. Possible WPA3 build issue is masked, since all three
SAE/OWE/DPP are included. However, there exist other configurations
that enable only SAE. For instance, one such build configuration is
wpa_supplicant AP mode with mesh support.
This change adds upstream patch that includes sha384 and sha256 hash
functions to builds with SAE support.
Fixes: http://autobuild.buildroot.net/results/f349130985870f4a781cca56c3f551108f81aa3e/
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 93b461bb5e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Add a thread dependency as Upstream quickly closed
https://github.com/rhboot/efivar/pull/238 to fix the following build
failure without threads raised since bump to version 38 in commit
f24029b561 and
cff88dd96b:
thread-test.c:14:10: fatal error: pthread.h: No such file or directory
14 | #include <pthread.h>
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/f2da14f91dc602a32dd5b2b7bdf3d3aa43afa7f4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c29f6d63e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
netsurf raises the following build failure since bump of libressl to
version 3.5.2 in commit 8b216927db:
content/fetchers/about.c: In function 'ns_X509_get_signature_nid':
content/fetchers/about.c:548:25: error: dereferencing pointer to incomplete type 'X509 {aka struct x509_st}'
return OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
^~
Fixes:
- http://autobuild.buildroot.org/results/c225aaac31398ba495921bd4b85e588199822561
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit efe2734fc5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with sparc raised since bump to version
1.9.11p2 in commit 9b7f8da96b and
9fbbca7b7a:
hecking for X509_STORE_CTX_get0_cert
configure:21215: /home/thomas/autobuild/instance-3/output-1/host/bin/sparc-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DZLIB_CONST -static conftest.c -L/home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic -lcrypto >&5
/home/thomas/autobuild/instance-3/output-1/host/lib/gcc/sparc-buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in function `X509_CRL_up_ref':
x509cset.c:(.text+0x108): undefined reference to `__atomic_fetch_add_4'
[...]
In file included from ./hostcheck.c:38:
../../include/sudo_compat.h:342:41: error: conflicting types for 'ASN1_STRING_data'
342 | # define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
| ^~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e36e62a28373b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 4655d84ff5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure when OPENSBI_PLAT is empty raised since
commit 9b5b7165de:
/usr/bin/install -m 0644 -D /nvmedata/autobuild/instance-4/output-1/build/opensbi-0.9/build/platform//firmware/fw_jump.bin /nvmedata/autobuild/instance-4/output-1/images/fw_jump.bin
/usr/bin/install: cannot stat '/nvmedata/autobuild/instance-4/output-1/build/opensbi-0.9/build/platform//firmware/fw_jump.bin': No such file or directory
Fixes:
- http://autobuild.buildroot.org/results/8033327f090e4a3d84a7fce1f62b14fdf89dbd89
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bd061466f9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 9fc652a373 was incomplete as
mbedtls can be pulled in libcurl through libssh2 resulting in the
following build failure:
/home/autobuild/autobuild/instance-4/output-1/host/lib/gcc/powerpc64le-buildroot-linux-musl/11.3.0/../../../../powerpc64le-buildroot-linux-musl/bin/ld: /home/autobuild/autobuild/instance-4/output-1/host/powerpc64le-buildroot-linux-musl/sysroot/usr/lib//libmbedcrypto.a(md5.c.o): in function `mbedtls_md5_init':
md5.c:(.text+0x0): multiple definition of `mbedtls_md5_init'; ../../src/.libs/libmodsecurity.a(libmbedtls_la-md5.o):md5.c:(.text+0x0): first defined here
Fixes:
- http://autobuild.buildroot.org/results/4c235e46188f23d1a48297f4e5942cec7b25959a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 97bdc0616c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, with many security fixes, including (but not limited to)
a patch for CVE-2023-23529.
Release notes:
https://webkitgtk.org/2023/02/15/webkitgtk2.38.5-released.html
Accompanying security advisory:
https://webkitgtk.org/security/WSA-2023-0002.html
Also raise the minimal GCC version to 8.3, which was already required since webkitgtk-2.36.4.
Similar to commit ec1ff802df,
we do check on >= GCC 8, because we can't check on >= GCC 8.3.
f812c5db1f
Signed-off-by: Thomas Devoogdt <thomas.devoogdt@gmail.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c7fcbbe75)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
rockchip-mali pre-built libraries needs C++ since the addition of the
package in commit 97c74a73e5:
readelf -a output/build/rockchip-mali-721653b5b3b525a4f80d15aa7e2f9df7b7e60427/lib/aarch64-linux-gnu/libmali-bifrost-g31-rxp0-gbm.so|grep NEEDED
0x0000000000000001 (NEEDED) Shared library: [libpthread.so.0]
0x0000000000000001 (NEEDED) Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED) Shared library: [librt.so.1]
0x0000000000000001 (NEEDED) Shared library: [libdrm.so.2]
0x0000000000000001 (NEEDED) Shared library: [libm.so.6]
0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6]
0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
While at it, add a comment when dependencies are not met
Fixes:
- No autobuilder failures (yet), found when debugging an issue with
rockchip-mali and glslsandbox-player
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5f1858e859)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
wayland-protocols is an optional dependency which is enabled by default
resulting in the following wayland build failure since the addition of
the package in commit f201ca9d0d:
checking for wayland_client... yes
checking for wayland_egl... yes
configure: Wayland EGL support enabled
checking for wayland_protocols... no
configure: error: Package requirements (wayland-protocols >= 1.12) were not met:
Package 'wayland-protocols', required by 'virtual:world', not found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables wayland_protocols_CFLAGS
and wayland_protocols_LIBS to avoid the need to call pkg-config.
Fixes:
- http://autobuild.buildroot.org/results/865af860f9e52fe5311bb0c6a246ff871ae5a989
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ee13e3fb41)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2023-23931: cryptography is a package designed to expose
cryptographic primitives and recipes to Python developers. In affected
versions `Cipher.update_into` would accept Python objects which
implement the buffer protocol, but provide only immutable buffers. This
would allow immutable objects (such as `bytes`) to be mutated, thus
violating fundamental rules of Python and resulting in corrupted output.
This now correctly raises an exception. This issue has been present
since `update_into` was originally introduced in cryptography 1.8.
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6rhttps://cryptography.io/en/latest/changelog/#v39-0-1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 67c967c2d1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit c81ab9f8a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0f0ceb49be)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2fe854e9fc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfix release, fixes zero-day CVE-2023-23529 and includes a few build
and behaviour patches as well.
Release notes:
https://wpewebkit.org/release/wpewebkit-2.38.5.html
Accompanying security advisory:
https://wpewebkit.org/security/WSA-2023-0002.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7852618c23)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In GNU Less before 609, crafted data can result in "less -R" not
filtering ANSI escape sequences sent to the terminal.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 924ca9414f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Shyam's email address at Savoir Faire Linux is bouncing, so drop it
from the DEVELOPERS file.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bd351c4e93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For an unknown reason, wchar_t is incorrectly detected with uclibc
resulting in the following build failure:
In file included from igetevent.c:136:
imb_api.h:150:5: error: unknown type name 'wchar_t'
150 | wchar_t *Buffer;
| ^~~~~~~
The build failure can be reproduced even when reverting bump to version
3.1.8.
Fixes:
- http://autobuild.buildroot.org/results/e9ff3bd08e106dc834968bf5e4296ce8299027f8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 7b4937a170)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* CVE-2023-22490:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
* CVE-2023-23946:
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
For more details, see the announcement:
https://lore.kernel.org/git/xmqqr0us5dio.fsf@gitster.g/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
