Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 8b5004fa322f
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 825a88e6031e
Choose a head ref
  • 4 commits
  • 2 files changed
  • 3 contributors

Commits on Apr 22, 2020

  1. git: Allow the update script to target non-latest versions 

    This came in handy when I wanted to bump a patch version while avoiding
a new minor version.

(cherry picked from commit 4848eef)
    @primeos
    James Ottaway authored and primeos committed Apr 22, 2020
    Copy the full SHA
    9b9fa3f View commit details

  2. git: Fix the update.sh script and use HTTPS 

    The syntax is ${parameter:-word} (i.e. previously this used
"latestTag" instead of the actual value).
(Fixes a regression from #85278.)

Also: Even though getting the latest tag isn't really security critical
(as long as Git itself is secure against untrusted input), I'd prefer to
switch from the Git to the HTTPS protocol (for authentication of the
server and encryption + uses a standard port).

(cherry picked from commit 6660421)
    @primeos
    primeos committed Apr 22, 2020
    Copy the full SHA
    0658740 View commit details

  3. git: 2.25.3 -> 2.25.4 (security, CVE-2020-11008) 

    See: https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.17.5.txt
    @primeos
    primeos committed Apr 22, 2020
    Copy the full SHA
    961dbb2 View commit details

  4. Merge pull request #85785 from primeos/git-backport-stable 

    [20.03] git: 2.25.3 -> 2.25.4 (security, CVE-2020-11008)
    @FRidh
    FRidh authored Apr 22, 2020
    Copy the full SHA
    825a88e View commit details
Showing with 7 additions and 6 deletions.
  1. +2 −2 pkgs/applications/version-management/git-and-tools/git/default.nix
  2. +5 −4 pkgs/applications/version-management/git-and-tools/git/update.sh
4 changes: 2 additions & 2 deletions pkgs/applications/version-management/git-and-tools/git/default.nix
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@ assert sendEmailSupport -> perlSupport;
assert svnSupport -> perlSupport;

let
version = "2.25.3";
version = "2.25.4";
svn = subversionClient.override { perlBindings = perlSupport; };

gitwebPerlLibs = with perlPackages; [ CGI HTMLParser CGIFast FCGI FCGIProcManager HTMLTagCloud ];
@@ -33,7 +33,7 @@ stdenv.mkDerivation {

src = fetchurl {
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
sha256 = "0yvr97cl0dvj3fwblq1mb0cp97v8hrn9l98p8b1jx8815mbsnz9h";
sha256 = "11am6s46wmn1yll5614smjhzlghbqq6gysgcs64igjr9y5wzpdxq";
};

outputs = [ "out" ];
9 changes: 5 additions & 4 deletions pkgs/applications/version-management/git-and-tools/git/update.sh
View file
Original file line number Diff line number Diff line change
@@ -4,15 +4,16 @@
set -eu -o pipefail

oldVersion="$(nix-instantiate --eval -E "with import ./. {}; lib.getVersion git" | tr -d '"')"
latestTag="$(git ls-remote --tags --sort="v:refname" git://github.com/git/git.git | grep -v '\{\}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')"
latestTag="$(git ls-remote --tags --sort="v:refname" https://github.com/git/git.git | grep -v '\{\}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')"
targetVersion="${1:-$latestTag}"

if [ ! "${oldVersion}" = "${latestTag}" ]; then
update-source-version git "${latestTag}"
if [ ! "${oldVersion}" = "${targetVersion}" ]; then
update-source-version git "${targetVersion}"
nixpkgs="$(git rev-parse --show-toplevel)"
default_nix="$nixpkgs/pkgs/applications/version-management/git-and-tools/git/default.nix"
nix-build -A git
git add "${default_nix}"
git commit -m "git: ${oldVersion} -> ${latestTag}"
git commit -m "git: ${oldVersion} -> ${targetVersion}"
else
echo "git is already up-to-date"
fi