* [PATCH 1/1] git: update to v2.7.4
@ 2016-03-17 21:27 list
2016-03-18 20:49 ` peter
0 siblings, 1 reply; 6+ messages in thread
From: list @ 2016-03-17 21:27 UTC (permalink / raw)
From: Christian Hesse <mail at eworm.de>
Update to git version v2.7.4, no changes required.
Signed-off-by: Christian Hesse <mail at eworm.de>
---
Makefile | 2 +-
git | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index c01701c..87d82b6 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@ htmldir = $(docdir)
pdfdir = $(docdir)
mandir = $(prefix)/share/man
SHA1_HEADER = <openssl/sha.h>
-GIT_VER = 2.7.2
+GIT_VER = 2.7.4
GIT_URL = https://www.kernel.org/pub/software/scm/git/git-$(GIT_VER).tar.gz
INSTALL = install
COPYTREE = cp -r
diff --git a/git b/git
index 326e5bc..937978e 160000
--- a/git
+++ b/git
@@ -1 +1 @@
-Subproject commit 326e5bc91eecf73234ead29636207bc516573e79
+Subproject commit 937978e0f3e750d917768c77665d5f8cfbd802b6
--
2.7.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/1] git: update to v2.7.4
2016-03-17 21:27 [PATCH 1/1] git: update to v2.7.4 list
@ 2016-03-18 20:49 ` peter
2016-03-18 22:21 ` Jason
0 siblings, 1 reply; 6+ messages in thread
From: peter @ 2016-03-18 20:49 UTC (permalink / raw)
On Thu, Mar 17, 2016 at 10:27:02PM +0100, Christian Hesse wrote:
> Update to git version v2.7.4, no changes required.
Could you tag a new cgit version based on this commit?
git v2.7.4 resolves multiple vulnerabilities:
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt
Peter
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/1] git: update to v2.7.4
2016-03-18 20:49 ` peter
@ 2016-03-18 22:21 ` Jason
2016-05-31 22:11 ` peter
0 siblings, 1 reply; 6+ messages in thread
From: Jason @ 2016-03-18 22:21 UTC (permalink / raw)
Yes, I'll try to get that done this weekend.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/1] git: update to v2.7.4
2016-03-18 22:21 ` Jason
@ 2016-05-31 22:11 ` peter
2016-06-01 4:39 ` Jason
0 siblings, 1 reply; 6+ messages in thread
From: peter @ 2016-05-31 22:11 UTC (permalink / raw)
On Fri, Mar 18, 2016 at 11:21:56PM +0100, Jason A. Donenfeld wrote:
> Yes, I'll try to get that done this weekend.
Any chance you could tag a new release in June? The latest cgit
release (0.12) still contains a git version (2.7.0) with known
security vulnerabilities.
Thanks,
Peter
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/1] git: update to v2.7.4
2016-05-31 22:11 ` peter
@ 2016-06-01 4:39 ` Jason
2016-06-01 9:01 ` john
0 siblings, 1 reply; 6+ messages in thread
From: Jason @ 2016-06-01 4:39 UTC (permalink / raw)
Does that vuln apply to our usage of libgit?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20160601/63628501/attachment.html>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/1] git: update to v2.7.4
2016-06-01 4:39 ` Jason
@ 2016-06-01 9:01 ` john
0 siblings, 0 replies; 6+ messages in thread
From: john @ 2016-06-01 9:01 UTC (permalink / raw)
On Wed, Jun 01, 2016 at 01:39:01PM +0900, Jason A. Donenfeld wrote:
> Does that vuln apply to our usage of libgit?
Yes, I think CVE-2016-2315 affects anything that uses libgit's tree
reading code.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-06-01 9:01 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-17 21:27 [PATCH 1/1] git: update to v2.7.4 list
2016-03-18 20:49 ` peter
2016-03-18 22:21 ` Jason
2016-05-31 22:11 ` peter
2016-06-01 4:39 ` Jason
2016-06-01 9:01 ` john
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).