summary refs log tree commit diff
diff options
context:
space:
mode:
authorGreg Hogan <code@greghogan.com>2023-04-26 19:03:45 +0000
committerLudovic Courtès <ludo@gnu.org>2023-05-11 16:38:28 +0200
commit92a7817fcb932eebbd12a5746bc966f4592a0437 (patch)
tree66c23b302667777a3641abc03493dab81f07cdc9
parentb984ac16dc9c5af27fb2355dc15bb333cbf7eaef (diff)
downloadguix-92a7817fcb932eebbd12a5746bc966f4592a0437.tar.gz
gnu: git: Update to 2.40.1 [security fixes].
Fixes CVE-2023-25652 and CVE-2023-29007.

* gnu/packages/version-control.scm (git): Update to 2.40.1.
(git-minimal)[arguments]: Rewrite to use gexps.  In
'remove-unusable-perl-commands' phase, make "git-add--interactive"
removal conditional.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r--gnu/packages/version-control.scm89
1 files changed, 48 insertions, 41 deletions
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 6774dcb046..f53e7dff0c 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -227,14 +227,14 @@ Python 3.3 and later, rather than on Python 2.")
 (define-public git
   (package
    (name "git")
-   (version "2.39.2")
+   (version "2.40.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "1mpjvhyw8mv2q941xny4d0gw3mb6b4bqaqbh73jd8b1v6zqpaps7"))
+              "1li1xwgiwccy88bkshsah2kzl1006jg29jp7n32gvjggiswvi4s8"))
             (patches (search-patches "git-header-cmd.patch"))))
    (build-system gnu-build-system)
    (native-inputs
@@ -255,7 +255,7 @@ Python 3.3 and later, rather than on Python 2.")
                 version ".tar.xz"))
           (sha256
            (base32
-            "09cva868qb4705s884dzvbwkm78jlw4q8m6xj7nd7cwxy2i2ff8b"))))
+            "04yy5za8963q6xzrirflvxbi1216jzqj8ssvgd9nkld3ifa9q1gy"))))
       ;; For subtree documentation.
       ("asciidoc" ,asciidoc)
       ("docbook2x" ,docbook2x)
@@ -617,46 +617,53 @@ everything from small to very large projects with speed and efficiency.")
     (arguments
      (substitute-keyword-arguments (package-arguments git)
        ((#:phases phases)
-        `(modify-phases ,phases
-           (replace 'patch-makefiles
-             (lambda _
-               (substitute* "Makefile"
-                 (("/usr/bin/perl") (which "perl")))))
-           (delete 'build-subtree)
-           (delete 'split)
-           (delete 'install-man-pages)
-           (delete 'install-info-manual)
-           (delete 'install-subtree)
-           (delete 'install-credential-netrc)
-           (delete 'install-credential-libsecret)
-           (add-after 'install 'remove-unusable-perl-commands
-             (lambda* (#:key outputs #:allow-other-keys)
-               (let* ((out     (assoc-ref outputs "out"))
-                      (bin     (string-append out "/bin"))
-                      (libexec (string-append out "/libexec")))
-                 (for-each (lambda (file)
-                             (delete-file (string-append libexec
-                                                         "/git-core/" file)))
-                           '("git-svn" "git-cvsimport" "git-archimport"
-                             "git-cvsserver" "git-request-pull"
-                             "git-add--interactive" "git-cvsexportcommit"
-                             "git-instaweb" "git-send-email"))
-                 (delete-file (string-append bin "/git-cvsserver"))
-
-                 ;; These templates typically depend on Perl.  Remove them.
-                 (delete-file-recursively
-                  (string-append out "/share/git-core/templates/hooks"))
-
-                 ;; Gitweb depends on Perl as well.
-                 (delete-file-recursively
-                  (string-append out "/share/gitweb")))))))
+        #~(modify-phases #$phases
+            (replace 'patch-makefiles
+              (lambda _
+                (substitute* "Makefile"
+                  (("/usr/bin/perl") (which "perl")))))
+            (delete 'build-subtree)
+            (delete 'split)
+            (delete 'install-man-pages)
+            (delete 'install-info-manual)
+            (delete 'install-subtree)
+            (delete 'install-credential-netrc)
+            (delete 'install-credential-libsecret)
+            (add-after 'install 'remove-unusable-perl-commands
+              (lambda* (#:key outputs #:allow-other-keys)
+                (let* ((out     (assoc-ref outputs "out"))
+                       (bin     (string-append out "/bin"))
+                       (libexec (string-append out "/libexec")))
+                  (for-each (lambda (file)
+                              (delete-file (string-append libexec
+                                                          "/git-core/" file)))
+                            '("git-svn" "git-cvsimport" "git-archimport"
+                              "git-cvsserver" "git-request-pull"
+
+                              ;; git-add--interactive was removed in Git 2.40 but
+                              ;; this phase is inherited by older versions.
+                              #$@(if (version>=? (package-version this-package)
+                                                 "2.40.1")
+                                     #~()
+                                     #~("git-add--interactive"))
+
+                              "git-cvsexportcommit"
+                              "git-instaweb" "git-send-email"))
+                  (delete-file (string-append bin "/git-cvsserver"))
+
+                  ;; These templates typically depend on Perl.  Remove them.
+                  (delete-file-recursively
+                   (string-append out "/share/git-core/templates/hooks"))
+
+                  ;; Gitweb depends on Perl as well.
+                  (delete-file-recursively
+                   (string-append out "/share/gitweb")))))))
        ((#:make-flags flags)
-        `(delete "USE_LIBPCRE2=yes" ,flags))
+        #~(delete "USE_LIBPCRE2=yes" #$flags))
        ((#:configure-flags flags)
-        `(list
-          ,@(if (%current-target-system)
-                git-cross-configure-flags
-                '())))
+        #~(list #$@(if (%current-target-system)
+                       git-cross-configure-flags
+                       '())))
        ((#:disallowed-references lst '())
         `(,perl ,@lst))))
     (outputs '("out"))