From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. Resent-From: Zhu Zihao Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 18 Apr 2022 13:44:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 55001@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.165028941728102 (code B ref -1); Mon, 18 Apr 2022 13:44:01 +0000 Received: (at submit) by debbugs.gnu.org; 18 Apr 2022 13:43:37 +0000 Received: from localhost ([127.0.0.1]:38494 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngRfF-0007JC-CY for submit@debbugs.gnu.org; Mon, 18 Apr 2022 09:43:37 -0400 Received: from lists.gnu.org ([209.51.188.17]:47516) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngRfE-0007J5-4Z for submit@debbugs.gnu.org; Mon, 18 Apr 2022 09:43:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34586) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngRfD-0005cG-As for guix-patches@gnu.org; Mon, 18 Apr 2022 09:43:35 -0400 Received: from mail-m972.mail.163.com ([123.126.97.2]:61039) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngRf8-0006MO-2r for guix-patches@gnu.org; Mon, 18 Apr 2022 09:43:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=kc10J BZf78EnwGXEQla0G4y8Tfvn0L40b3jjFFvXAGM=; b=N4Uvh5L8HsQaFHBLf4iou iaxm/B2JraFlm1r1k+nIUobieAOCgTp2SBLSDihFEwHzvsBhnuN7jBwDLerwwSL5 24yz6KTZlZwfrSflLFOSiczwH29cmbGOJvDpYC0OZZLeA8S7ftSB+pBo0yNBHMmn 0gzYq5TSUrzYTR7HvpML9k= Received: from asus-laptop (unknown [27.38.172.10]) by smtp2 (Coremail) with SMTP id GtxpCgDHIKn1al1iSMurBw--.44493S2; Mon, 18 Apr 2022 21:43:18 +0800 (CST) User-agent: mu4e 1.6.10; emacs 27.2 From: Zhu Zihao Date: Mon, 18 Apr 2022 21:42:47 +0800 Message-ID: <8635iabj7y.fsf@163.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-CM-TRANSID: GtxpCgDHIKn1al1iSMurBw--.44493S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxU1T5LUUUUU X-Originating-IP: [27.38.172.10] X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/1tbiFBTmr1aEAQQ4tAAAsS Received-SPF: pass client-ip=123.126.97.2; envelope-from=all_but_last@163.com; helo=mail-m972.mail.163.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.2 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" --==-=-= Content-Type: text/plain --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYl1q8RUcYWxsX2J1dF9s YXN0QDE2My5jb20ACgkQZjl/hPdmk/kYkgEAtjVPUzU1SlIsCnWYDcz/Nd3n4eCV j6LSYbu5gBtTojgA/2zMS/9sA8reb80aKhF8awFbBYX8eeJ0mBo5H7Uq8e0D =5WI0 -----END PGP SIGNATURE----- --==-=-=-- --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-git-Update-to-2.35.2-fixes-CVE-2022-24765.patch >From c1ced93b4acc56f9a33d10ebed8b1cefc7dc1b9d Mon Sep 17 00:00:00 2001 From: Zhu Zihao Date: Mon, 18 Apr 2022 21:40:19 +0800 Subject: [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 * gnu/packages/version-control.scm (git): Update to 2.35.2. --- gnu/packages/version-control.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index d77c2e51f6..9902483d76 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -221,14 +221,14 @@ (define git-cross-configure-flags (define-public git (package (name "git") - (version "2.35.1") + (version "2.35.2") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "100h37cpw49pmlpf6lcpm1xi578gllf6y9in60h5mxj3cj754s6p")))) + "1wq0wrdg81b324y17fr4jaw5zk2i4fah0f99rhndpsywlm7hqgf7")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -248,7 +248,7 @@ (define-public git version ".tar.xz")) (sha256 (base32 - "00rqdj2bc3i7pfc16pciiz50ww41jkqg18iy5hi5jnf0y98sgqz4")))) + "1s3fbnl2slwd3b5j2281z8jwypsqydd1n7yg90v7vb369njvmsd0")))) ;; For subtree documentation. ("asciidoc" ,asciidoc) ("docbook-xsl" ,docbook-xsl) -- 2.35.1 --=-=-= Content-Type: text/plain -- Retrieve my PGP public key: gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F Zihao --=-=-=-- From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] Acknowledgement ([PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].) Resent-From: Zhu Zihao Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 18 Apr 2022 14:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 55001@debbugs.gnu.org Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.16502918581549 (code B ref 55001); Mon, 18 Apr 2022 14:25:02 +0000 Received: (at 55001) by debbugs.gnu.org; 18 Apr 2022 14:24:18 +0000 Received: from localhost ([127.0.0.1]:40402 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngSIb-0000Ov-Rh for submit@debbugs.gnu.org; Mon, 18 Apr 2022 10:24:18 -0400 Received: from mail-m973.mail.163.com ([123.126.97.3]:24901) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngSIY-0000OQ-Hn for 55001@debbugs.gnu.org; Mon, 18 Apr 2022 10:24:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=z6IsC fqbXGgwPxqBoSM1fti9zIVGPVW+imnm2mAXbRo=; b=k8V4G/YNKRI1pGzTtaIJL TI/aeqLlmqL59pxfNSfJ0M1IjZcsuS9MHdcxFaLRAUXFXZqPzVKIvzru5ZQfRQQq zHMRYb0b3wTWhpSUaglqNpYdmRq6dPmdMtz4X1U8bwVGBrOn+kXfbwxsvar50ZSz wNfTaVe3ElRoCA7byAQpg4= Received: from asus-laptop (unknown [27.38.172.10]) by smtp3 (Coremail) with SMTP id G9xpCgDXgVaEdF1iLLbkBw--.42899S2; Mon, 18 Apr 2022 22:24:05 +0800 (CST) References: <8635iabj7y.fsf@163.com> User-agent: mu4e 1.6.10; emacs 27.2 From: Zhu Zihao Date: Mon, 18 Apr 2022 22:23:47 +0800 In-reply-to: Message-ID: <86y202a2rf.fsf@163.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-CM-TRANSID: G9xpCgDXgVaEdF1iLLbkBw--.42899S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjTRVBT0UUUUU X-Originating-IP: [27.38.172.10] X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/1tbiFBnmr1aEAQS2OgAAsf X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" --==-=-= Content-Type: text/plain Update to 2.35.3 instead. --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYl10hBUcYWxsX2J1dF9s YXN0QDE2My5jb20ACgkQZjl/hPdmk/m8ngEAyhPfuHqX7o7+/n4ZiThB8tAErNSg /qA5ZPUJknGm1p4A/0iYQckFGnHmSYxwA1UzxLD3H04moWvq6AkRkFZ6npYK =8439 -----END PGP SIGNATURE----- --==-=-=-- --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-git-Update-to-2.35.3-fixes-CVE-2022-24765.patch >From ecae314a30e43a4d706b68dc3345a2b32303e8fe Mon Sep 17 00:00:00 2001 From: Zhu Zihao Date: Mon, 18 Apr 2022 21:40:19 +0800 Subject: [PATCH] gnu: git: Update to 2.35.3 [fixes CVE-2022-24765]. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 * gnu/packages/version-control.scm (git): Update to 2.35.3. --- gnu/packages/version-control.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index d77c2e51f6..1fbfe0b9bd 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -221,14 +221,14 @@ (define git-cross-configure-flags (define-public git (package (name "git") - (version "2.35.1") + (version "2.35.3") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "100h37cpw49pmlpf6lcpm1xi578gllf6y9in60h5mxj3cj754s6p")))) + "18hgw3g4vc78nk6lic2sbw0h22bwbh6a0qnb63zrzvgjkd7xps8m")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -248,7 +248,7 @@ (define-public git version ".tar.xz")) (sha256 (base32 - "00rqdj2bc3i7pfc16pciiz50ww41jkqg18iy5hi5jnf0y98sgqz4")))) + "0973y7g356fjyrqxgvac04g3qhf6fbs3lzpizl1skkri0zh7x357")))) ;; For subtree documentation. ("asciidoc" ,asciidoc) ("docbook-xsl" ,docbook-xsl) -- 2.35.1 --=-=-= Content-Type: text/plain -- Retrieve my PGP public key: gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F Zihao --=-=-=-- From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. Resent-From: Greg Hogan Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 18 Apr 2022 15:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Zhu Zihao Cc: 55001@debbugs.gnu.org Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.165029725810128 (code B ref 55001); Mon, 18 Apr 2022 15:55:02 +0000 Received: (at 55001) by debbugs.gnu.org; 18 Apr 2022 15:54:18 +0000 Received: from localhost ([127.0.0.1]:40466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngThi-0002dI-7L for submit@debbugs.gnu.org; Mon, 18 Apr 2022 11:54:18 -0400 Received: from mail-pj1-f45.google.com ([209.85.216.45]:39559) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngThg-0002d5-B3 for 55001@debbugs.gnu.org; Mon, 18 Apr 2022 11:54:16 -0400 Received: by mail-pj1-f45.google.com with SMTP id mp16-20020a17090b191000b001cb5efbcab6so17562846pjb.4 for <55001@debbugs.gnu.org>; Mon, 18 Apr 2022 08:54:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=greghogan-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OgF62PIOup3Kg4aYIbHq4rlAMoXAMQBmW4u2gh3whc8=; b=J4oBngP9MKoFIAuncNCuHfOyIs+jBJEBOO1MUPj2+F4EdjtN3XZ/wZe/vW9d3c2hmg CTSpQ7fPkIn4XGz4sN1pAXwl/6vH48OLvbTpNwJFaF+8Bp46FAQ7Ohpc/JB/GRyL13i/ hS0ZEQxbNLo6NXXLO6dVLaltH3JNyKtXpe4EhJkoeVxz/RWCarfc4BU/LCPMfGyl6fQx SHj8HVfLQ6LBpUcLwy9e6VhwaykvejEfjojYf/s9jAHasjFlxNwkBI90+KKZ6A/qA0ka wzPdV2KhLLk45w8ibb+JwLBd6adIp5ftS7jPWpWWNs3jMlyiLVypb7LcUbRSrV1qM29h bjEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OgF62PIOup3Kg4aYIbHq4rlAMoXAMQBmW4u2gh3whc8=; b=w04ybC+Udr/E4NnyUQJ0THSZBXvddROUCRXzVdFsR+w4Glr7wmknDr/R2cTYQ609JD qhWDG1K3x6Z4zzaPZOX75FfrC6Yo1+7gwsYBm6lkqnHaTu2F0zGevNYPh0FPB5lRVLiD qCsGdm7k2FfUa8YO1UyNLFLvwIfZfCy4X52BQRtK3Nnmx/WS7cQ1deJ5Pxf9pRqCplmC 6qXePZPokKNdgvMFC8JcKUKWWNj3AEpciH7JD/NMCQiofr1sea1weZJ+d9Ty2WZfcNX2 wBCtfpgZL/vxw8VvX71CUQM0ZxslFzM5ukSJgH7lGS1ZpgadO5yM6HtQYj/+JzIScG+f LsWw== X-Gm-Message-State: AOAM532guIsytJevW/5g8K6k/Cq/zJdwG4il6fQ76k7tFF1U7/wsdHtS 96EVMJvUVHWihPNNvNxWNe9AuRjorItiY0p9PeFwuA== X-Google-Smtp-Source: ABdhPJxt1m8p3oWFHkw8xNHHlrwoex/hA9NlMammKSAJrsgR8hAQ4J9KG0NHrXL+uRSbHUK7Kz3YmXkT7+C4rppZ50I= X-Received: by 2002:a17:90a:ba13:b0:1cb:6296:ce41 with SMTP id s19-20020a17090aba1300b001cb6296ce41mr13756070pjr.104.1650297250340; Mon, 18 Apr 2022 08:54:10 -0700 (PDT) MIME-Version: 1.0 References: <8635iabj7y.fsf@163.com> In-Reply-To: <8635iabj7y.fsf@163.com> From: Greg Hogan Date: Mon, 18 Apr 2022 11:53:58 -0400 Message-ID: Content-Type: multipart/alternative; boundary="000000000000617a4805dcefc530" X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --000000000000617a4805dcefc530 Content-Type: text/plain; charset="UTF-8" Hi Zihao, Is this not a Windows-only vulnerability and bugfix release (also CVE-2022-24767)? Greg On Mon, Apr 18, 2022 at 9:44 AM Zhu Zihao wrote: > > -- > Retrieve my PGP public key: > > gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F > > Zihao > --000000000000617a4805dcefc530 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Zihao,

Is this not a Windows-only vu= lnerability and bugfix release (also CVE-2022-24767)?

<= div>Greg

On Mon, Apr 18, 2022 at 9:44 AM Zhu Zihao <all_but_last@163.com> wrote:

--
Retrieve my PGP public key:

=C2=A0 gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
--000000000000617a4805dcefc530-- From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. Resent-From: Zhu Zihao Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 18 Apr 2022 16:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Greg Hogan Cc: 55001@debbugs.gnu.org Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.165029789411299 (code B ref 55001); Mon, 18 Apr 2022 16:05:01 +0000 Received: (at 55001) by debbugs.gnu.org; 18 Apr 2022 16:04:54 +0000 Received: from localhost ([127.0.0.1]:40494 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngTry-0002wB-5M for submit@debbugs.gnu.org; Mon, 18 Apr 2022 12:04:54 -0400 Received: from mail-m973.mail.163.com ([123.126.97.3]:47335) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngTrv-0002vm-7Z for 55001@debbugs.gnu.org; Mon, 18 Apr 2022 12:04:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=+Lk5q tIdAqGPi8yOR0kisyfp67Q/FGM3DoJ553oirQ8=; b=dnFqLata1tomfGkmU06ic wF4kiUg/7/AZKPVKzjEsWZjvIcqSU7OZXaajniafAy3Ssf9ZZY1yN1d8et+Yq4oz OKBkRRmw01cLr8xhrRs6u1LA8Oo3IEys9be7DEPEKTUcLpJKNnmSpQlwun22a06l jgVygLJDALtSLyuosB6Z/I= Received: from asus-laptop (unknown [27.38.172.10]) by smtp3 (Coremail) with SMTP id G9xpCgAHUTAXjF1iCt7vBw--.48235S2; Tue, 19 Apr 2022 00:04:40 +0800 (CST) References: <8635iabj7y.fsf@163.com> User-agent: mu4e 1.6.10; emacs 27.2 From: Zhu Zihao Date: Tue, 19 Apr 2022 00:02:40 +0800 In-reply-to: Message-ID: <86mtgi8jjd.fsf@163.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-CM-TRANSID: G9xpCgAHUTAXjF1iCt7vBw--.48235S2 X-Coremail-Antispam: 1Uf129KBjvdXoWruw45JrykJF1xZw1xtF18Krg_yoW3XFb_WF Z8Jws5WrWvqa17J3Z3Cr4furs3tryfXry8Gr42gw4jvr1UXF18Wwn3ur1Sgr1q9an7Kryq grn8XrW0yr1IvjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7xRXa9-7UUUUU== X-Originating-IP: [27.38.172.10] X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/xtbBPQDmr2AY-2caYQADss X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Greg Hogan writes: > Hi Zihao, > > Is this not a Windows-only vulnerability and bugfix release (also CVE-202= 2-24767)? > > Greg > > On Mon, Apr 18, 2022 at 9:44 AM Zhu Zihao wrote: > > --=20 > Retrieve my PGP public key: > > gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F > > Zihao Hi. https://www.phoronix.com/scan.php?page=3Dnews_item&px=3DGit-CVE-2022-24765 This article says "likely due to only affect Microsoft Windows". I haven't test this CVE on *nix systems. If it doesn't affect Guix systems, should I remove "[fixes CVE-2022-24765]" in the git commit message or leave it there? =2D-=20 Retrieve my PGP public key: gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F Zihao --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYl2MFhUcYWxsX2J1dF9s YXN0QDE2My5jb20ACgkQZjl/hPdmk/l9MwEAoMr5QEkeM/FJeXpbjxBqltS0ayDN uxLSNPQp5z4x/6YBAMCz3V2x1FJYLtR+5rCFuChZQFH9wkE3rlE/VUezSRwH =1e9C -----END PGP SIGNATURE----- --=-=-=-- From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] Acknowledgement ([PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].) Resent-From: Greg Hogan Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 18 Apr 2022 17:34:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Zhu Zihao Cc: 55001@debbugs.gnu.org Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.165030320720259 (code B ref 55001); Mon, 18 Apr 2022 17:34:01 +0000 Received: (at 55001) by debbugs.gnu.org; 18 Apr 2022 17:33:27 +0000 Received: from localhost ([127.0.0.1]:40614 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngVFf-0005Gh-LO for submit@debbugs.gnu.org; Mon, 18 Apr 2022 13:33:27 -0400 Received: from mail-pl1-f169.google.com ([209.85.214.169]:36716) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngVFe-0005GU-Fe for 55001@debbugs.gnu.org; Mon, 18 Apr 2022 13:33:26 -0400 Received: by mail-pl1-f169.google.com with SMTP id q3so12908749plg.3 for <55001@debbugs.gnu.org>; Mon, 18 Apr 2022 10:33:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=greghogan-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nUBkYWuHH4oBiGweA6zqY1xKdodyLRqFNQAtW1c8Sps=; b=OXWHp1cc6Xm8RFmepsuKWtIf9F9ztfTCQbFWr4a1B+M9dY4rJM5NpkT+NBIZ9zcNmA nDdoAybpjMr/MLWJ/J6a8CZxgvzlTK2WnQMHDMGC/qbyzz8HOI9d2VgHZwNOaL1cBkWb U+WNqAfuENpzg3x7NHzGL30dEq37fh/3hTclLWrFpyoXiZBHdpDXeLBWovYTVHfZFOmE ay5HAZIR0SWIhhKqwLIombFXsj7G/kXKl+UIhTf+V1IMWwHCV3zd2PHaCQzXHbnH09YX fgasqdUhNddH8+9M4GsEdni0PCyUdc1xg+llQ57WwhkkpcfiBhgEB9gGjfrB+oJXNEAn teBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nUBkYWuHH4oBiGweA6zqY1xKdodyLRqFNQAtW1c8Sps=; b=FQABX4+3DsPziLmpyQH/mAmzmhaTdCT7SuaKPKd4KDlquKgVQfj3WT5Tm6cWFsg7gZ TnJ7SqEQcB6gbdVnXViLtLA3xmXCKYkcCGnQNvc7aexZG9mvYLxwXZK641rcaPfDGe4Z +ArFar3F+ITL+2q5fhBIKEnDSxZLWGw2G6/RkdFaN6y7mwh5c9C9k24hrny5XRO/cp5R TaZVwQ32odqZvxJVpMEaXV/VzjUcIDQ0wKNPg73tqsoXK2SAuvOmeZOeKQcBo1F3kiEn qPa4OGiJ4784aTN6SXi9ae4+At9QTrxHBOJ1ql8Y1uDa2laFf16uYGOVuKPnmqIO2ToZ O9Bg== X-Gm-Message-State: AOAM531vTY8lTuMUjDIL7z5WrzzkTKiR9QnUmJt8d8Xf/QG20GpcxF6W o5wbDsLKwjxd6grPEp5m98nXEwaXeynWtDokQpSmVQ== X-Google-Smtp-Source: ABdhPJy2QfkzVuGRr5KyHfhYjX0zZW2eddO3s2wZpNc8sqr9mKUYCtkCd7dWN5Imj6oFU7T7LF1fNwL57oDUxzAlQ2w= X-Received: by 2002:a17:90b:33ca:b0:1cb:d0c:e1b5 with SMTP id lk10-20020a17090b33ca00b001cb0d0ce1b5mr19308326pjb.178.1650303200625; Mon, 18 Apr 2022 10:33:20 -0700 (PDT) MIME-Version: 1.0 References: <8635iabj7y.fsf@163.com> <86y202a2rf.fsf@163.com> In-Reply-To: <86y202a2rf.fsf@163.com> From: Greg Hogan Date: Mon, 18 Apr 2022 13:33:09 -0400 Message-ID: Content-Type: multipart/alternative; boundary="0000000000000b9c9b05dcf12842" X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --0000000000000b9c9b05dcf12842 Content-Type: text/plain; charset="UTF-8" And now git 2.36 has been released. On Mon, Apr 18, 2022 at 10:25 AM Zhu Zihao wrote: > > Update to 2.35.3 instead. > > > -- > Retrieve my PGP public key: > > gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F > > Zihao > --0000000000000b9c9b05dcf12842 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
And now git 2.36 has been released.

On Mon, Apr 18, 2022 at= 10:25 AM Zhu Zihao <all_but_las= t@163.com> wrote:

Update to 2.35.3 instead.


--
Retrieve my PGP public key:

=C2=A0 gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
--0000000000000b9c9b05dcf12842-- From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 18 Apr 2022 18:04:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Zhu Zihao , Greg Hogan Cc: 55001@debbugs.gnu.org Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.165030500623302 (code B ref 55001); Mon, 18 Apr 2022 18:04:01 +0000 Received: (at 55001) by debbugs.gnu.org; 18 Apr 2022 18:03:26 +0000 Received: from localhost ([127.0.0.1]:40657 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngVig-00063l-2F for submit@debbugs.gnu.org; Mon, 18 Apr 2022 14:03:26 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:33598) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngVid-00063Y-FB for 55001@debbugs.gnu.org; Mon, 18 Apr 2022 14:03:24 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by baptiste.telenet-ops.be with bizsmtp id LJ3M2700R4UW6Th01J3MPB; Mon, 18 Apr 2022 20:03:21 +0200 Message-ID: From: Maxime Devos Date: Mon, 18 Apr 2022 20:03:16 +0200 In-Reply-To: <86mtgi8jjd.fsf@163.com> References: <8635iabj7y.fsf@163.com> <86mtgi8jjd.fsf@163.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-z7lP8pj9EtX0E2LAhFjc" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1650305002; bh=6SbEjYS6m/h17DSH2BS2eeEqIePXpXoV4ZvYav9jhMQ=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=HsSXXMwUrsuHauGhegYDr7P0v8bE6W6aOrE5gcVseRfwpfWu6HBSKF0N8hE9aSrqh +rmmT1xaNSWp4yiLVVXnvyFjnRjN10Pvh71D+Tqzg+eImoRvbGnwFqRXL02YbtEAM6 sxPrgvnjbwgDtMRKEHRwT46kigSfBsEyStfPX+oY2OLj/qPyKI3DIZjDp6O65QUBCV p/c/iGwpbYJY5Ti1kdf0BWp5hibsvq0Fq7X867MMQLs7EJnVRQ+XsDZWwSY3K3Gmqz noWwdjiP7xqBfVpZIpGayYsnoJUbxYvwHbQb2cQL4Sp8AwUD06Qp/tFOAL+ZoXrWr+ vIaSlKr/5D3uA== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-z7lP8pj9EtX0E2LAhFjc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Zhu Zihao schreef op di 19-04-2022 om 00:02 [+0800]: >=20 > Hi. >=20 > https://www.phoronix.com/scan.php?page=3Dnews_item&px=3DGit-CVE-2022-2476= 5 >=20 > This article says "likely due to only affect Microsoft Windows". I > haven't test this CVE on *nix systems. >=20 > If it doesn't affect Guix systems, should I remove "[fixes > CVE-2022-24765]" in the git commit message or leave it there? According to and its comments, it affects =E2=80=98multi-user (*) Linux (**) systems=E2=80=99 as= well, if someone has their git repo inside /tmp. (Does anyone actually do that?) (*) I would think this includes otherwise single-user systems with a compromised daemon as well? =20 (**) Presumably also GNU/Hurd and the BSDs. Greetings, Maxime. --=-z7lP8pj9EtX0E2LAhFjc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYl2n5BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7s75AQDnxZ82KMzNYzQClcJoguVXfZc/ SBK/yAT1DXZ6b1Y4RwD8Ck/LjCmGZbFsICdDnnY96Rf+qZJ42mUYA3VaN7DU1gY= =mVPA -----END PGP SIGNATURE----- --=-z7lP8pj9EtX0E2LAhFjc-- From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] gnu: git: Update to 2.36.0 [fixes CVE-2022-24765] Was: Acknowledgement ([PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].) Resent-From: Zhu Zihao Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 19 Apr 2022 09:22:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Greg Hogan Cc: 55001@debbugs.gnu.org Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.165036008017660 (code B ref 55001); Tue, 19 Apr 2022 09:22:02 +0000 Received: (at 55001) by debbugs.gnu.org; 19 Apr 2022 09:21:20 +0000 Received: from localhost ([127.0.0.1]:41653 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngk2x-0004al-M5 for submit@debbugs.gnu.org; Tue, 19 Apr 2022 05:21:19 -0400 Received: from mail-m971.mail.163.com ([123.126.97.1]:24835) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngk2u-0004aQ-MW for 55001@debbugs.gnu.org; Tue, 19 Apr 2022 05:21:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=22Lky DkomUHbNSGxp9HuMIhEd5qFSN2iO+Gnp5GbC1U=; b=KY6Rz2IrvNmzUm6NLy2sn 5ZNmh3YqupOvFX/sd/24n+lpBfY948E9DzgiJ4EJOtMHQZTm6T9b+XisdHMMzL2H fqTPOOB5b7GOhurTAqeo4iFCZO8g+5uMjLgq9QfweJsO7OADmUhdRwKvOizpi1gX 4SYX0jmSzINbtDM8XlzyOs= Received: from asus-laptop (unknown [27.38.202.0]) by smtp1 (Coremail) with SMTP id GdxpCgCHJX7_fl5iaf28Bw--.14555S2; Tue, 19 Apr 2022 17:21:03 +0800 (CST) References: <8635iabj7y.fsf@163.com> <86y202a2rf.fsf@163.com> User-agent: mu4e 1.6.10; emacs 27.2 From: Zhu Zihao Date: Tue, 19 Apr 2022 17:19:35 +0800 In-reply-to: Message-ID: <86mtgh77k2.fsf@163.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-CM-TRANSID: GdxpCgCHJX7_fl5iaf28Bw--.14555S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjTE73sFUUUUU X-Originating-IP: [27.38.202.0] X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/xtbBawDnr1et4J5rxwAAsL X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" --==-=-= Content-Type: text/plain Greg Hogan writes: > And now git 2.36 has been released. A new patch that updates to 2.36 is uploaded. Thanks for your mention :) --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYl5+/RUcYWxsX2J1dF9s YXN0QDE2My5jb20ACgkQZjl/hPdmk/lFvAEAhnv5AXoUPDYN8u38CkB2rHXXhaEy 1NQa7pcQNz1j0xABANrF2KCtdVhY39hfEnQwVcpWliWpOXCpFbcAUlf24sAF =rZdF -----END PGP SIGNATURE----- --==-=-=-- --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-git-Update-to-2.36.0-fixes-CVE-2022-24765.patch >From bad9eea70d56ec9ace36f7f62c5ea7c8f3e399a3 Mon Sep 17 00:00:00 2001 From: Zhu Zihao Date: Mon, 18 Apr 2022 21:40:19 +0800 Subject: [PATCH] gnu: git: Update to 2.36.0 [fixes CVE-2022-24765]. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 * gnu/packages/version-control.scm (git): Update to 2.36.0. --- gnu/packages/version-control.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index d77c2e51f6..ff9c6f7c14 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -221,14 +221,14 @@ (define git-cross-configure-flags (define-public git (package (name "git") - (version "2.35.1") + (version "2.36.0") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "100h37cpw49pmlpf6lcpm1xi578gllf6y9in60h5mxj3cj754s6p")))) + "1ly13j37h1y8bgcj3h0cl43vcpwk9j4gsasssk8gar44cp0vypmg")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -248,7 +248,7 @@ (define-public git version ".tar.xz")) (sha256 (base32 - "00rqdj2bc3i7pfc16pciiz50ww41jkqg18iy5hi5jnf0y98sgqz4")))) + "0p6vc6nyaibx2lxirjj2nm5spk5q6svz8l3w0pqnaa3i7l7c6qy0")))) ;; For subtree documentation. ("asciidoc" ,asciidoc) ("docbook-xsl" ,docbook-xsl) -- 2.35.1 --=-=-= Content-Type: text/plain -- Retrieve my PGP public key: gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F Zihao --=-=-=-- From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] gnu: git: Update to 2.36.0 [fixes CVE-2022-24765] Was: Acknowledgement ([PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].) Resent-From: Greg Hogan Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 19 Apr 2022 14:09:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Zhu Zihao Cc: 55001@debbugs.gnu.org Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.165037731524919 (code B ref 55001); Tue, 19 Apr 2022 14:09:01 +0000 Received: (at 55001) by debbugs.gnu.org; 19 Apr 2022 14:08:35 +0000 Received: from localhost ([127.0.0.1]:43848 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngoWw-0006Tr-QG for submit@debbugs.gnu.org; Tue, 19 Apr 2022 10:08:35 -0400 Received: from mail-pj1-f46.google.com ([209.85.216.46]:39448) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngoWv-0006Tc-JS for 55001@debbugs.gnu.org; Tue, 19 Apr 2022 10:08:34 -0400 Received: by mail-pj1-f46.google.com with SMTP id mp16-20020a17090b191000b001cb5efbcab6so1922356pjb.4 for <55001@debbugs.gnu.org>; Tue, 19 Apr 2022 07:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=greghogan-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Mx9Ia2q4r9o0q4dvbxZzUThVcYVXn7xXMiRScpkKbSw=; b=ufzReZBZMGytY3zHyoO63gufrJ7BfvzGMq8ScVwXDGhYrVGc+HKW+SkDJ/drfnRU+y iWcOaIX066cIiZC0VhP8TulKf386MLZsFJuVu5LL0uwTs9NxGEIefj0uyRs5UW1kjocG gzIlFUmzCs0TVvbHgQ63pzPDlo5NOP4DMF79J05B6HdA772EwKRMTB4ayXh/lG85GIaY dWyJTcbzTKkhFR/fHF0JIGFlaefNF2L/zytbSHLpXlpRp+LyuXL8FvueJydFB5ly+mXG t2Gk6jUA6J9PWM/AvoVeuBh30Z8A1yf7+bQCc+3jgRqzj8h7hhU0BuugpStq6J3f4G97 5Vvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Mx9Ia2q4r9o0q4dvbxZzUThVcYVXn7xXMiRScpkKbSw=; b=SZBZT8k2ZvNJOh3jqfWWWflxYV2Rg3K1j+WY7U3Uc5i5MSnuQ+FIOm7UhKqocPLZhO SJUvhaMty+qrwItO6gR3SBNPNmSmfZQVDCHpKygX2OZZ8D4twRgMJI31/eAwtJZohL+L sX2s0pI6LzEyFNX3bt7Mv2uK6VJVFhayRmxZVE7ywDND24SRuC3CMks4r41MjY6Xmqfn WFzgFqOiHIOQrE9VRSivs6M2R9/3YBG8sFbFXkrFVD/AT+SX4ZmVWuKcvVvf+7kFABmb 9Y0I7QsrubQF3rvLJMIXH5qvTTed57OQEVTgmlrgZqrMjevBDpq7Br/UNKUyjeRy3xep dbNA== X-Gm-Message-State: AOAM5325D9Vi1/SwS8/qMKhb6UoBg8AkJqBk1tmiTnEYwwa8817YwX8a 7vdzslZTtksXPuFdJ9JHBSlM89ZVcNkYkmRQ5Z6IfQ== X-Google-Smtp-Source: ABdhPJwpCxpmaYciaFmpiQxG3FHEftmmM23OJNLyg8OFHdHg+MKpm1QN4ymKlX2TKSc0qvQ2O/c/LYIztNu36ve1aQk= X-Received: by 2002:a17:90b:33ca:b0:1cb:d0c:e1b5 with SMTP id lk10-20020a17090b33ca00b001cb0d0ce1b5mr23954925pjb.178.1650377307580; Tue, 19 Apr 2022 07:08:27 -0700 (PDT) MIME-Version: 1.0 References: <8635iabj7y.fsf@163.com> <86y202a2rf.fsf@163.com> <86mtgh77k2.fsf@163.com> In-Reply-To: <86mtgh77k2.fsf@163.com> From: Greg Hogan Date: Tue, 19 Apr 2022 10:08:16 -0400 Message-ID: Content-Type: multipart/alternative; boundary="0000000000002a033b05dd0269a0" X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --0000000000002a033b05dd0269a0 Content-Type: text/plain; charset="UTF-8" This update built successfully for me, and also all dependent packages with 'git' in the name: ./pre-inst-env guix refresh -l git | cut -d: -f2- | tr ' ' '\n' | grep git | xargs ./pre-inst-env guix build On Tue, Apr 19, 2022 at 5:21 AM Zhu Zihao wrote: > > Greg Hogan writes: > > > And now git 2.36 has been released. > > A new patch that updates to 2.36 is uploaded. Thanks for your mention :) > > > -- > Retrieve my PGP public key: > > gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F > > Zihao > --0000000000002a033b05dd0269a0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
This update built successfully for me, and also all d= ependent packages with 'git' in the= name:
./pre-inst-env guix refresh -l=C2=A0git=C2=A0| cut -d: -f2- | tr ' ' '\n' | grep=C2= =A0git=C2=A0| xargs ./pre-inst-env guix bui= ld

On Tue, Apr 19, 2022 at 5:21 AM Zhu Zihao <all_but_last@163.com> wrote:

Greg Hogan <code= @greghogan.com> writes:

> And now git 2.36 has been released.

A new patch that updates to 2.36 is uploaded. Thanks for your mention :)

--
Retrieve my PGP public key:

=C2=A0 gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F

Zihao
--0000000000002a033b05dd0269a0-- From unknown Sun Jun 22 08:04:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#55001] gnu: git: Update to 2.36.0 [fixes CVE-2022-24765] Was: Acknowledgement ([PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].) Resent-From: Zhu Zihao Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 23 Apr 2022 04:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 55001 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch Cc: 55001@debbugs.gnu.org Received: via spool by 55001-submit@debbugs.gnu.org id=B55001.165068767424466 (code B ref 55001); Sat, 23 Apr 2022 04:22:01 +0000 Received: (at 55001) by debbugs.gnu.org; 23 Apr 2022 04:21:14 +0000 Received: from localhost ([127.0.0.1]:54986 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ni7Gk-0006MY-L7 for submit@debbugs.gnu.org; Sat, 23 Apr 2022 00:21:14 -0400 Received: from mail-m973.mail.163.com ([123.126.97.3]:1474) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ni7GT-0006LJ-Tk for 55001@debbugs.gnu.org; Sat, 23 Apr 2022 00:21:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=vR5r8 z7jt5YSx1o2cNWRbb7WVkQz6txGBDCLO4Dhegc=; b=TdUaOX2Vh4D+uFtBxAz0Q YQiiM8kA8HNqp6fjipFKflYRP17q6nRDFN6yGlLjI+tNTEy6KzZq8zCqHc7+grFI Bxb8nJYV6cEWy8HDtfL6YoBLcxDNl9Yo4YSkgZze3wqXxPuMP1NJyKAhNbKwnZxA d7NzZDU00T4ssUkZLX1TbU= Received: from asus-laptop (unknown [163.125.202.140]) by smtp3 (Coremail) with SMTP id G9xpCgDX3xOcfmNijnnOCg--.35373S2; Sat, 23 Apr 2022 12:20:45 +0800 (CST) References: <8635iabj7y.fsf@163.com> <86y202a2rf.fsf@163.com> <86mtgh77k2.fsf@163.com> User-agent: mu4e 1.6.10; emacs 27.2 From: Zhu Zihao Date: Sat, 23 Apr 2022 12:20:14 +0800 In-reply-to: Message-ID: <861qxoo2gn.fsf@163.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-CM-TRANSID: G9xpCgDX3xOcfmNijnnOCg--.35373S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjTRVT5HDUUUU X-Originating-IP: [163.125.202.140] X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/1tbiKR3rr1Xl21vXHAAAsL X-Spam-Score: 1.2 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Ping for response. -- Retrieve my PGP public key: gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F Zihao Content analysis details: (1.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 MISSING_HEADERS Missing To: header 0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (all_but_last[at]163.com) -0.0 T_SCC_BODY_TEXT_LINE No description available. X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.2 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Ping for response. =2D-=20 Retrieve my PGP public key: gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F Zihao --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYmN+iBUcYWxsX2J1dF9s YXN0QDE2My5jb20ACgkQZjl/hPdmk/kwmwEA1paw4uCDEDw5a0LKfgQAWzKTsU7z rbRr15arYkT0PP0A/2jI2L+McDN3Q+EOKKWYrmBk/EQwQPdHSr8PpouX3YsJ =HJE2 -----END PGP SIGNATURE----- --=-=-=-- From unknown Sun Jun 22 08:04:11 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Zhu Zihao Subject: bug#55001: closed (Re: bug#55001: [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765].) Message-ID: References: <87y1zqkh0m.fsf_-_@gnu.org> <8635iabj7y.fsf@163.com> X-Gnu-PR-Message: they-closed 55001 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 55001@debbugs.gnu.org Date: Wed, 27 Apr 2022 09:34:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1651052042-12224-1" This is a multi-part message in MIME format... ------------=_1651052042-12224-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #55001: [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 55001@debbugs.gnu.org. --=20 55001: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D55001 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1651052042-12224-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 55001-done) by debbugs.gnu.org; 27 Apr 2022 09:33:24 +0000 Received: from localhost ([127.0.0.1]:41284 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nje32-0003AG-7P for submit@debbugs.gnu.org; Wed, 27 Apr 2022 05:33:24 -0400 Received: from eggs.gnu.org ([209.51.188.92]:54704) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nje31-0003A4-07 for 55001-done@debbugs.gnu.org; Wed, 27 Apr 2022 05:33:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50750) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nje2v-0007X8-OF; Wed, 27 Apr 2022 05:33:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=dnUWNbalU34W43l+CSnKdOnD1n3lvIph8LW43eIrB2w=; b=ATFPUnFv6R7x1cN8rhGU qOi02oTuBOVM1JOJOrM0tzNBUAqbl1zHFARqjGJv5818SLNjylsa2Ca6weCR4DYeD+g1xPiHWy71k FTaYL2K1lcXbNoAXnDkoanlulylypmGvshouj6bzEUPbGchVlvCRJqPZ0YB7fHasnpYRkWvcNFgAK VmtWPEQL4LptAE9phx+rj7J6iXgtC9OdfAGz0irZJL5hLj9twRTHewsVdB8Hd7GWzZw3KvsaboQxN xBwDKKNzvvSLbBRJvdAjaFlgsJ5uw0B+aIPgF1GAR0fWN3kN4dAJ8xN2XJllhY50m4u25DOHWuOUY 1Mmvcf5h6nwyhQ==; Received: from 71.125.192.77.rev.sfr.net ([77.192.125.71]:42334 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nje2v-0003FE-0M; Wed, 27 Apr 2022 05:33:17 -0400 From: Mathieu Othacehe To: Zhu Zihao Subject: Re: bug#55001: [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. References: <8635iabj7y.fsf@163.com> <86y202a2rf.fsf@163.com> <86mtgh77k2.fsf@163.com> <861qxoo2gn.fsf@163.com> Date: Wed, 27 Apr 2022 11:33:13 +0200 In-Reply-To: <861qxoo2gn.fsf@163.com> (Zhu Zihao's message of "Sat, 23 Apr 2022 12:20:14 +0800") Message-ID: <87y1zqkh0m.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 55001-done Cc: 55001-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Pushed as 4fb6ef6636acd7608889639c1b2e492517256f76. Thanks, Mathieu ------------=_1651052042-12224-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 18 Apr 2022 13:43:37 +0000 Received: from localhost ([127.0.0.1]:38494 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngRfF-0007JC-CY for submit@debbugs.gnu.org; Mon, 18 Apr 2022 09:43:37 -0400 Received: from lists.gnu.org ([209.51.188.17]:47516) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngRfE-0007J5-4Z for submit@debbugs.gnu.org; Mon, 18 Apr 2022 09:43:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34586) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngRfD-0005cG-As for guix-patches@gnu.org; Mon, 18 Apr 2022 09:43:35 -0400 Received: from mail-m972.mail.163.com ([123.126.97.2]:61039) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngRf8-0006MO-2r for guix-patches@gnu.org; Mon, 18 Apr 2022 09:43:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=kc10J BZf78EnwGXEQla0G4y8Tfvn0L40b3jjFFvXAGM=; b=N4Uvh5L8HsQaFHBLf4iou iaxm/B2JraFlm1r1k+nIUobieAOCgTp2SBLSDihFEwHzvsBhnuN7jBwDLerwwSL5 24yz6KTZlZwfrSflLFOSiczwH29cmbGOJvDpYC0OZZLeA8S7ftSB+pBo0yNBHMmn 0gzYq5TSUrzYTR7HvpML9k= Received: from asus-laptop (unknown [27.38.172.10]) by smtp2 (Coremail) with SMTP id GtxpCgDHIKn1al1iSMurBw--.44493S2; Mon, 18 Apr 2022 21:43:18 +0800 (CST) User-agent: mu4e 1.6.10; emacs 27.2 From: Zhu Zihao To: guix-patches@gnu.org Subject: [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. Date: Mon, 18 Apr 2022 21:42:47 +0800 Message-ID: <8635iabj7y.fsf@163.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-CM-TRANSID: GtxpCgDHIKn1al1iSMurBw--.44493S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxU1T5LUUUUU X-Originating-IP: [27.38.172.10] X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/1tbiFBTmr1aEAQQ4tAAAsS Received-SPF: pass client-ip=123.126.97.2; envelope-from=all_but_last@163.com; helo=mail-m972.mail.163.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" --==-=-= Content-Type: text/plain --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIsEARYIADMWIQRefA5qkqvnKdl/GTlmOX+E92aT+QUCYl1q8RUcYWxsX2J1dF9s YXN0QDE2My5jb20ACgkQZjl/hPdmk/kYkgEAtjVPUzU1SlIsCnWYDcz/Nd3n4eCV j6LSYbu5gBtTojgA/2zMS/9sA8reb80aKhF8awFbBYX8eeJ0mBo5H7Uq8e0D =5WI0 -----END PGP SIGNATURE----- --==-=-=-- --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-git-Update-to-2.35.2-fixes-CVE-2022-24765.patch >From c1ced93b4acc56f9a33d10ebed8b1cefc7dc1b9d Mon Sep 17 00:00:00 2001 From: Zhu Zihao Date: Mon, 18 Apr 2022 21:40:19 +0800 Subject: [PATCH] gnu: git: Update to 2.35.2 [fixes CVE-2022-24765]. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 * gnu/packages/version-control.scm (git): Update to 2.35.2. --- gnu/packages/version-control.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index d77c2e51f6..9902483d76 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -221,14 +221,14 @@ (define git-cross-configure-flags (define-public git (package (name "git") - (version "2.35.1") + (version "2.35.2") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "100h37cpw49pmlpf6lcpm1xi578gllf6y9in60h5mxj3cj754s6p")))) + "1wq0wrdg81b324y17fr4jaw5zk2i4fah0f99rhndpsywlm7hqgf7")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -248,7 +248,7 @@ (define-public git version ".tar.xz")) (sha256 (base32 - "00rqdj2bc3i7pfc16pciiz50ww41jkqg18iy5hi5jnf0y98sgqz4")))) + "1s3fbnl2slwd3b5j2281z8jwypsqydd1n7yg90v7vb369njvmsd0")))) ;; For subtree documentation. ("asciidoc" ,asciidoc) ("docbook-xsl" ,docbook-xsl) -- 2.35.1 --=-=-= Content-Type: text/plain -- Retrieve my PGP public key: gpg --recv-keys D47A9C8B2AE3905B563D9135BE42B352A9F6821F Zihao --=-=-=-- ------------=_1651052042-12224-1--