NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2218a5b771
kumquat-buildroot/package/git/git.mk
Peter Korsgaard 0c226c4a11 package/git: security bump to version 2.24.3 
Fixes the following security issues:

 * (2.24.2) With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for a wrong
   host.  The attack has been made impossible by forbidding a newline
   character in any value passed via the credential protocol.

 * (2.24.3) With a crafted URL that contains a newline or empty host, or
   lacks a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the protocol
   in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-05-25 21:56:57 +02:00

85 lines
2.1 KiB
Makefile
Raw Blame History

################################################################################
#
# git
#
################################################################################
GIT_VERSION = 2.24.3
GIT_SOURCE = git-$(GIT_VERSION).tar.xz
GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
GIT_LICENSE = GPL-2.0, LGPL-2.1+
GIT_LICENSE_FILES = COPYING LGPL-2.1
GIT_DEPENDENCIES = zlib $(TARGET_NLS_DEPENDENCIES)
ifeq ($(BR2_PACKAGE_OPENSSL),y)
GIT_DEPENDENCIES += host-pkgconf openssl
GIT_CONF_OPTS += --with-openssl
GIT_MAKE_OPTS += LIB_4_CRYPTO="`$(PKG_CONFIG_HOST_BINARY) --libs libssl libcrypto`"
else
GIT_CONF_OPTS += --without-openssl
endif
ifeq ($(BR2_PACKAGE_PCRE2),y)
GIT_DEPENDENCIES += pcre2
GIT_CONF_OPTS += --with-libpcre2
else ifeq ($(BR2_PACKAGE_PCRE),y)
GIT_DEPENDENCIES += pcre
GIT_CONF_OPTS += --with-libpcre1
GIT_MAKE_OPTS += NO_LIBPCRE1_JIT=1
else
GIT_CONF_OPTS += --without-libpcre
endif
ifeq ($(BR2_PACKAGE_LIBCURL),y)
GIT_DEPENDENCIES += libcurl
GIT_CONF_OPTS += --with-curl
GIT_CONF_ENV += \
ac_cv_prog_CURL_CONFIG=$(STAGING_DIR)/usr/bin/$(LIBCURL_CONFIG_SCRIPTS)
else
GIT_CONF_OPTS += --without-curl
endif
ifeq ($(BR2_PACKAGE_EXPAT),y)
GIT_DEPENDENCIES += expat
GIT_CONF_OPTS += --with-expat
else
GIT_CONF_OPTS += --without-expat
endif
ifeq ($(BR2_PACKAGE_LIBICONV),y)
GIT_DEPENDENCIES += libiconv
GIT_CONF_ENV_LIBS += -liconv
GIT_CONF_OPTS += --with-iconv=/usr/lib
else
GIT_CONF_OPTS += --without-iconv
endif
ifeq ($(BR2_PACKAGE_TCL),y)
GIT_DEPENDENCIES += tcl
GIT_CONF_OPTS += --with-tcltk
else
GIT_CONF_OPTS += --without-tcltk
endif
ifeq ($(BR2_SYSTEM_ENABLE_NLS),)
GIT_MAKE_OPTS += NO_GETTEXT=1
endif
GIT_CFLAGS = $(TARGET_CFLAGS)
ifneq ($(BR2_TOOLCHAIN_HAS_GCC_BUG_85180)$(BR2_TOOLCHAIN_HAS_GCC_BUG_93847),)
GIT_CFLAGS += -O0
endif
GIT_CONF_OPTS += CFLAGS="$(GIT_CFLAGS)"
GIT_INSTALL_TARGET_OPTS = $(GIT_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install
# assume yes for these tests, configure will bail out otherwise
# saying error: cannot run test program while cross compiling
GIT_CONF_ENV += \
ac_cv_fread_reads_directories=yes \
ac_cv_snprintf_returns_bogus=yes LIBS='$(GIT_CONF_ENV_LIBS)'
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink