#61583 - [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Fri, 17 Feb 2023 18:05:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Message #17 received at 61583 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name> To: Simon Tournier <zimon.toutoune <at> gmail.com> Cc: 61583 <at> debbugs.gnu.org, Greg Hogan <code <at> greghogan.com> Subject: Re: [bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946]. Date: Fri, 3 Mar 2023 16:56:58 -0500

On Mon, Feb 20, 2023 at 12:44:23PM +0100, Simon Tournier wrote: > On ven., 17 févr. 2023 at 18:04, Greg Hogan <code <at> greghogan.com> wrote: > > * gnu/packages/version-control.scm (git): Update to 2.39.2. > > As noticed previously for an update of Git, this implies a lot of > rebuilds because git-minimal inherits from git. ------ $ guix refresh -l git-minimal Building the following 43 packages would ensure 69 dependent packages are rebuilt: r-biocpkgtools <at> 1.16.0 r-biocthis <at> 1.8.1 r-biocworkflowtools <at> 1.24.0 r-golem <at> 0.3.5 r-megadepth <at> 1.8.0 r-chromunity <at> 0.0.1-1.09fce8b r-rnaseqdtu <at> 2.0-1.5bee1e7 r-spectre <at> 0.5.5-1.f6648ab r-battenberg <at> 2.2.9 r-chemometricswithr <at> 0.1.13 r-adapr <at> 2.0.0 r-activpal <at> 0.1.3 rust-git2-6 <at> 0.6.11 rust-git2 <at> 0.15.0 rust-git2 <at> 0.13.24 rust-git2 <at> 0.11.0 rust-git2 <at> 0.14.4 rust-git2 <at> 0.9.1 emacs-libgit <at> 0.0.1-1.ab1a53a nuspell <at> 3.1.2 kicad-doc <at> 7.0.0 musescore <at> 4.0.1 python-oslosphinx <at> 4.18.0 conan <at> 1.50.0 python-jupytext <at> 1.14.1 snakemake <at> 7.7.0 vorta <at> 0.8.7 clipper <at> 2.0.1 gnome <at> 42.4 mate <at> 1.24.1 r-prereg <at> 0.6.0 python-ipython-documentation <at> 8.2.0 python-numpy-documentation <at> 1.21.6 nototools <at> 0.2.16 python-clorm <at> 1.4.1 python-telingo <at> 2.1.1 python-screenkey <at> 1.4 mbed-tools <at> 7.53.0 snakemake <at> 6.15.5 emacs-ghq <at> 0.1.2 pre-commit <at> 2.20.0 gitless <at> 0.8.8 vlang <at> 0.2.4 ------ That's not a significant number of packages. Overall, git and git-minimal will cause more than 300 rebuilds, but not too many for the current state of the build farm. Concretely, why can't we push this to master immediately?

This bug report was last modified 2 years and 77 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #61583 [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].

GNU bug report logs - #61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].