git: fix CVE-2021-21300

checkout: fix bug that makes checkout follow symlinks in leading path Upstream-Status: Acepted [https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592] CVE: CVE-2021-21300 Signed-off-by: Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Minjae Kim <flowergom@gmail.com> 2021-03-27 15:21:39 +0900
committer: Steve Sakoman <steve@sakoman.com> 2021-03-29 07:59:51 -1000
commit: 8293d5d1529629bd13028bdde1fa99da30313bac (patch)
tree: 5a3764c27611b9da120391490dec3e2a90c8b9f9 /meta/recipes-devtools/git/git.inc
parent: 3c78000aaf8e4ee8ffb7674f5c286e2c110f167b (diff)
download: openembedded-core-8293d5d1529629bd13028bdde1fa99da30313bac.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc
index ae463061d8..738a429875 100644
--- a/meta/recipes-devtools/git/git.inc
+++ b/meta/recipes-devtools/git/git.inc
@@ -8,7 +8,9 @@ DEPENDS = "openssl curl zlib expat"
 PROVIDES_append_class-native = " git-replacement-native"
 
 SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
-           ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages"
+           ${KERNELORG_MIRROR}/software/scm/git/git-manpages-${PV}.tar.gz;name=manpages \
+	   file://CVE-2021-21300.patch \
+"
 
 S = "${WORKDIR}/git-${PV}"
author	Minjae Kim <flowergom@gmail.com>	2021-03-27 15:21:39 +0900
committer	Steve Sakoman <steve@sakoman.com>	2021-03-29 07:59:51 -1000
commit	8293d5d1529629bd13028bdde1fa99da30313bac (patch)
tree	5a3764c27611b9da120391490dec3e2a90c8b9f9 /meta/recipes-devtools/git/git.inc
parent	3c78000aaf8e4ee8ffb7674f5c286e2c110f167b (diff)
download	openembedded-core-8293d5d1529629bd13028bdde1fa99da30313bac.tar.gz