GNU bug report logs -
#61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].
Previous Next
Reported by: Greg Hogan <code <at> greghogan.com>
Date: Fri, 17 Feb 2023 18:05:01 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On Fri, Mar 3, 2023, at 22:39, Maxim Cournoyer wrote:
> Hi Simon,
>
> Simon Tournier <zimon.toutoune <at> gmail.com> writes:
>
>> Hi,
>>
>> CC: core team
>>
>> On Mon, 20 Feb 2023 at 12:44, Simon Tournier <zimon.toutoune <at> gmail.com> wrote:
>>
>>> On ven., 17 févr. 2023 at 18:04, Greg Hogan <code <at> greghogan.com> wrote:
>>
>>>> * gnu/packages/version-control.scm (git): Update to 2.39.2.
>>>
>>> As noticed previously for an update of Git, this implies a lot of
>>> rebuilds because git-minimal inherits from git.
>>
>> Well, I locally rebuilt all and maybe a couple of packages break. The
>> rebuild is intensive and I do not know if such update should to master
>> or core-updates and/or use some grafts.
>>
>> For instance, QA is still saying nothing after 12 days.
>>
>> https://qa.guix.gnu.org/issue/61583
>>
>>
>>> Well, I am checking if git-minimal is used only for the tests by some of
>>> the packages.
>>
>> I have tried to replace the plain ’git’ or ’git-minimal’ by
>> ’git-minimal/pinned’ for some packages. It does not change much.
>>
>>
>>> For sure, it is a concern since it is a security fixes.
>>
>> Hum, we are not very reactive. :-)
>
> I think the number of rebuilt packages is in the thousands, so that's a
> core-updates change. On master it should be grafted instead, if that's
> possible.
`guix refresh -l git git-minimal` shows only hundreds of rebuilds. Am I missing something?
This bug report was last modified 2 years and 77 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.