Commit Graph

71 Commits

Author SHA1 Message Date
Peter Korsgaard
063eff9bc6 git: security bump to version 2.16.5
Fixes CVE-2018-17456: RCE issue in handling of git submodules

For more details, see the announcement:
https://marc.info/?l=git&m=153875888916397&w=2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-07 21:52:37 +02:00
Baruch Siach
ae1f047295 git: security bump to version 2.16.4
Forward port of security fixes from the 2.13.7 release. The 2.13.7
release notes say this:

 * Submodule "names" come from the untrusted .gitmodules file, but we
   blindly append them to $GIT_DIR/modules to create our on-disk repo
   paths. This means you can do bad things by putting "../" into the
   name. We now enforce some rules for submodule names which will cause
   Git to ignore these malicious names (CVE-2018-11235).

   Credit for finding this vulnerability and the proof of concept from
   which the test script was adapted goes to Etienne Stalmans.

 * It was possible to trick the code that sanity-checks paths on NTFS
   into reading random piece of memory (CVE-2018-11233).

Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-29 21:45:36 +02:00
Bernd Kuhls
9447e86618 package/git: bump version to 2.16.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-02 15:45:02 +02:00
Bernd Kuhls
5e7e27a3a7 package/git: bump version to 2.16.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-28 11:54:20 +01:00
Bernd Kuhls
9c2a54a542 package/git: add optional support for pcre2
Renamed --with-libpcre to --with-libpcre1. Currently --with-libpcre
activates pcre1 support but this can change in the future to pcre2:
df7fd961a9/configure.ac (L258)

Please note that we cannot use --with-/--without because it will lead
to an error reported by configure, for example

    --with-libpcre1 --without-libpcre2

will produce

configure: error: Only supply one of --with-libpcre1 or --with-libpcre2!

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-23 23:20:05 +01:00
Bernd Kuhls
e8ba19ba60 package/git: bump version to 2.15.0
To avoid the build error

grep.c:(.text+0xa02): undefined reference to `pcre_jit_exec'

we need to add NO_LIBPCRE1_JIT=1 according to
https://www.spinics.net/lists/git/msg314515.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-31 20:09:20 +01:00
Bernd Kuhls
8e0c7ce50b package/git: security bump to version 2.13.6
Release notes:
https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-27 22:03:50 +02:00
Bernd Kuhls
20cf789403 package/git: security bump to version 2.13.5
Fixes CVE-2017-1000117:
http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2017-08-12 22:56:21 +02:00
Adam Duskett
be9d731edf package/g*: fix wrapping of Config.in help text
The check-package script when ran gives warnings on text wrapping
on all of these Config files.  This patch cleans up all warnings
related to the text wrapping for the Config files starting with
the letter g in the package directory.

The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-31 19:09:20 +02:00
Baruch Siach
cd60692427 git: bump to version 2.13.3
Add license files hashes.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-18 23:57:18 +02:00
Baruch Siach
c1e4a57686 git: use BR2_KERNEL_MIRROR as download site
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-18 23:57:13 +02:00
Baruch Siach
de66071850 git: fix build with NLS disabled
Since commit bbfb02598b (git: use the new gettext logic) host-gettext is no
longer an unconditional dependency of git. When NLS is disabled host-gettext
is not built. This breaks the build of git, because the git Makefile runs
msgfmt unless NO_GETTEXT is defined.

Define NO_GETTEXT when NLS is disabled to fix the build.

Fixes:
http://autobuild.buildroot.net/results/c87/c8717619a1307f21cb9fe61196511cea44f72015/
http://autobuild.buildroot.net/results/e7a/e7acff51f988c333c3fe0c4a18eed42a273932d3/
http://autobuild.buildroot.net/results/153/153b17959847ec2079883c087cee27afbdf9571e/

Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Sagaert Johan <sagaert.johan@skynet.be>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-07-15 17:49:28 +02:00
Thomas Petazzoni
bbfb02598b git: use the new gettext logic
This commit switches to use the new gettext logic, which involves
using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies
on gettext/host-gettext.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 01:27:25 +02:00
Vicente Olivert Riera
312d71c7a9 git: bump version to 2.13.0
Patches 0001 and 0002 already included in this release:
  379642bcd8
  2225e1ea20

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-10 23:44:27 +02:00
Adam Duskett
e2a7822415 package makefiles: clean up backslash spacing.
The check-package script when ran gave warnings on only using
one space before backslashes on all of these makefiles.
This patch cleans up all warnings related to the one space before
backslashes rule in the make files in the package directory.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:57:23 +02:00
Rahul Bedarkar
30a3e8d108 boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:18:10 +02:00
Rahul Bedarkar
af31c309e7 boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.

This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:16:38 +02:00
Vicente Olivert Riera
3967abfc89 git: bump version to 2.12.2
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-28 21:44:21 +02:00
Rahul Bedarkar
37847bbd3f git: fix build with with no threads
When building git with toolchain that don't have thread support, we
get following build errors:

      CC builtin/hash-object.o
  builtin/grep.c: In function 'grep_submodule_launch':
  builtin/grep.c:596:34: error: dereferencing pointer to incomplete type 'struct work_item'
    status = capture_command(&cp, &w->out, 0);
                                    ^
  builtin/grep.c: In function 'grep_submodule':
  builtin/grep.c:644:20: error: storage size of 'w' isn't known
     struct work_item w;
                      ^
  make[2]: *** [builtin/grep.o] Error 1
  make[2]: *** Waiting for unfinished jobs....

Add two upstream patches to fix this issue.

Fixes:
  http://autobuild.buildroot.net/results/94b/94bce9a99a5ce9894a6918774ab75e23d12c1394/

Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-22 22:57:20 +01:00
Vicente Olivert Riera
cbb23d5d05 git: bump version to 2.12.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-21 17:30:29 +01:00
Bernd Kuhls
d830807794 package/git: fix pcre support
The current code contains some obvious typos.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-12 14:13:53 +01:00
Bernd Kuhls
aecab2f29c package/git: add optional support for gettext
git links to libintl if available:

$ output/host/usr/bin/i586-buildroot-linux-uclibc-readelf -a output/target/usr/bin/git | grep NEEDED
 0x00000001 (NEEDED)                     Shared library: [libz.so.1]
 0x00000001 (NEEDED)                     Shared library: [libintl.so.8]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-12 14:10:35 +01:00
Vicente Olivert Riera
941dc2ac8c git: bump version to 2.12.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-10 21:50:26 +01:00
Danomi Manchego
a3a2dbc409 packages: improve license type lists
Make license type lists more uniform:

* put content license applies to in parenthesis; ex: "GPLv2+ (programs)"
* use commas to separate types listed without conjuction; ex: "GPLv2, LGPLv2"

No attempt was made to validate the claimed licenses.  This is just a tweak
to increase uniformity of the _LICENSE variables.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas: replace semi-colons by commas in LIBURCU_LICENSE.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-20 22:16:01 +01:00
Bernd Kuhls
738871e601 package/git: bump version to 2.11.1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-04 13:03:09 +01:00
Vicente Olivert Riera
a8ab83fada git: bump version to 2.11.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-11-30 11:59:27 +01:00
Vicente Olivert Riera
dcf7a64b46 git: bump version to 2.10.2
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-01 14:58:34 +01:00
Vicente Olivert Riera
917bf769db git: bump version to 2.10.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-13 08:01:55 +02:00
Vicente Olivert Riera
d1cb59adac git: bump version to 2.10.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-09-05 21:07:42 +02:00
Rodrigo Rebello
ca4237c766 git: bump version to 2.9.3
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-08-17 15:04:23 +02:00
Vicente Olivert Riera
f96e951275 git: bump version to 2.9.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-14 12:31:45 +02:00
Vicente Olivert Riera
ae61f4ecbb git: bump version to 2.8.3
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-22 22:48:16 +02:00
Vicente Olivert Riera
f3698c600c git: bump version to 2.8.2
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-05-04 22:45:26 +02:00
Vicente Olivert Riera
576e073a36 git: bump version to 2.8.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-04-05 21:32:12 +02:00
Vicente Olivert Riera
62b1de3fb4 git: bump version to 2.8.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-03-29 16:55:29 +02:00
Vicente Olivert Riera
8d73629bb2 git: bump version to 2.7.4
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-18 21:52:47 +01:00
Vicente Olivert Riera
bdf2bfe8b4 git: bump version to 2.6.4
- Bump version to 2.6.4
- Update the hash value
- Remove 0002-Makefile-make-curl-config-path-configurable.patch
  - This patch is now part of upstream:
    f89158760d

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-09 23:12:01 +01:00
Remi Pommarel
a8f35c71bb package/git: Used curl-config program for target
Fix cross compilation by using curl-config script for target instead of the
one from host.

Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-11-04 14:52:41 +01:00
Thomas Petazzoni
986bbee1ff git: fix config option used to detect libcurl availability
BR2_PACKAGE_CURL is currently used by the git package to find out if
libcurl is available. While indeed BR2_PACKAGE_CURL indicates that
libcurl is available, it is not the most appropriate option for this:
BR2_PACKAGE_LIBCURL is better. BR2_PACKAGE_LIBCURL indicates that
libcurl is available, while BR2_PACKAGE_CURL indicates that both
libcurl and the curl program are available. Only the former is needed
by Git.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-11-04 14:44:43 +01:00
Vicente Olivert Riera
1c25c63a14 git: bump to version 2.6.1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-06 18:34:59 +02:00
Vicente Olivert Riera
3cda54971e git: bump to version 2.6.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-09-30 13:52:44 +02:00
Vicente Olivert Riera
71a0b33a0d git: bump to version 2.5.3
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-09-19 13:58:15 +02:00
Vicente Olivert Riera
d4d2bcfa1e git: bump version to 2.5.2
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-09-11 19:48:43 +02:00
Vicente Olivert Riera
614c287a6c git: bump to version 2.4.5
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-02 11:00:29 +02:00
Vicente Olivert Riera
c7fec23ecc git: bump to version 2.4.4
- Bump to version 2.4.4
- Update hash file

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-06-19 20:13:50 +02:00
Gustavo Zacarias
f4716f79a0 packages: remove (non-)lfs dependencies and tweaks
Now that largefile is mandatory removes package dependencies and
conditionals.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-01 22:47:22 +02:00
Jerzy Grzegorek
bd8c733fb4 packages: indentation cleanup
This commit doesn't touch infra packages.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-31 13:57:41 +02:00
Vicente Olivert Riera
9a426b6bcb git: bump version to 2.3.2
- Bump version to 2.3.2
- Update the hash file

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-07 17:41:40 +01:00
Peter Korsgaard
7403ea730d Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-02 23:26:20 +01:00
Vicente Olivert Riera
9085505c02 git: bump version to 2.3.1
- Bump version to 2.3.1
- Update the hash file

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-26 22:36:25 +01:00