diff options
Diffstat (limited to 'meta/recipes-devtools/git/git.inc')
| -rw-r--r-- | meta/recipes-devtools/git/git.inc | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc index 4131c98977..e64472ea28 100644 --- a/meta/recipes-devtools/git/git.inc +++ b/meta/recipes-devtools/git/git.inc @@ -1,5 +1,6 @@ SUMMARY = "Distributed version control system" HOMEPAGE = "http://git-scm.com" +DESCRIPTION = "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency." SECTION = "console/utils" LICENSE = "GPLv2" DEPENDS = "openssl curl zlib expat" @@ -7,14 +8,44 @@ DEPENDS = "openssl curl zlib expat" PROVIDES_append_class-native = " git-replacement-native" SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ - ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages" - + ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \ + file://fixsort.patch \ + file://CVE-2021-40330.patch \ + file://CVE-2022-23521.patch \ + file://CVE-2022-41903-01.patch \ + file://CVE-2022-41903-02.patch \ + file://CVE-2022-41903-03.patch \ + file://CVE-2022-41903-04.patch \ + file://CVE-2022-41903-05.patch \ + file://CVE-2022-41903-06.patch \ + file://CVE-2022-41903-07.patch \ + file://CVE-2022-41903-08.patch \ + file://CVE-2022-41903-09.patch \ + file://CVE-2022-41903-10.patch \ + file://CVE-2022-41903-11.patch \ + file://CVE-2022-41903-12.patch \ + file://CVE-2023-22490-1.patch \ + file://CVE-2023-22490-2.patch \ + file://CVE-2023-22490-3.patch \ + file://CVE-2023-23946.patch \ + file://CVE-2023-29007.patch \ + file://CVE-2023-25652.patch \ + " S = "${WORKDIR}/git-${PV}" LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" CVE_PRODUCT = "git-scm:git" +# This is about a manpage not mentioning --mirror may "leak" information +# in mirrored git repos. Most OE users wouldn't build the docs and +# we don't see this as a major issue for our general users/usecases. +CVE_CHECK_WHITELIST += "CVE-2022-24975" +# This is specific to Git-for-Windows +CVE_CHECK_WHITELIST += "CVE-2022-41953" +# specific to Git for Windows +CVE_CHECK_WHITELIST += "CVE-2023-22743" + PACKAGECONFIG ??= "" PACKAGECONFIG[cvsserver] = "" PACKAGECONFIG[svn] = "" |