gnu: git: Update to 2.40.1 [security fixes].

Fixes CVE-2023-25652 and CVE-2023-29007. * gnu/packages/version-control.scm (git): Update to 2.40.1. (git-minimal)[arguments]: Rewrite to use gexps. In 'remove-unusable-perl-commands' phase, make "git-add--interactive" removal conditional. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2023-04-26 19:03:45 +00:00 · 2023-04-26 19:03:45 +00:00 · 92a7817fcb
parent b984ac16dc
commit 92a7817fcb
1 changed files with 46 additions and 39 deletions
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@ -227,14 +227,14 @@ Python 3.3 and later, rather than on Python 2.")
 (define-public git
  (package
   (name "git")
-   (version "2.39.2")
+   (version "2.40.1")
   (source (origin
            (method url-fetch)
            (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                version ".tar.xz"))
            (sha256
             (base32
-              "1mpjvhyw8mv2q941xny4d0gw3mb6b4bqaqbh73jd8b1v6zqpaps7"))
+              "1li1xwgiwccy88bkshsah2kzl1006jg29jp7n32gvjggiswvi4s8"))
            (patches (search-patches "git-header-cmd.patch"))))
   (build-system gnu-build-system)
   (native-inputs
@ -255,7 +255,7 @@ Python 3.3 and later, rather than on Python 2.")
                version ".tar.xz"))
          (sha256
           (base32
-            "09cva868qb4705s884dzvbwkm78jlw4q8m6xj7nd7cwxy2i2ff8b"))))
+            "04yy5za8963q6xzrirflvxbi1216jzqj8ssvgd9nkld3ifa9q1gy"))))
      ;; For subtree documentation.
      ("asciidoc" ,asciidoc)
      ("docbook2x" ,docbook2x)
@ -617,46 +617,53 @@ everything from small to very large projects with speed and efficiency.")
    (arguments
     (substitute-keyword-arguments (package-arguments git)
       ((#:phases phases)
-        `(modify-phases ,phases
+        #~(modify-phases #$phases
-           (replace 'patch-makefiles
+            (replace 'patch-makefiles
-             (lambda _
+              (lambda _
-               (substitute* "Makefile"
+                (substitute* "Makefile"
-                 (("/usr/bin/perl") (which "perl")))))
+                  (("/usr/bin/perl") (which "perl")))))
-           (delete 'build-subtree)
+            (delete 'build-subtree)
-           (delete 'split)
+            (delete 'split)
-           (delete 'install-man-pages)
+            (delete 'install-man-pages)
-           (delete 'install-info-manual)
+            (delete 'install-info-manual)
-           (delete 'install-subtree)
+            (delete 'install-subtree)
-           (delete 'install-credential-netrc)
+            (delete 'install-credential-netrc)
-           (delete 'install-credential-libsecret)
+            (delete 'install-credential-libsecret)
-           (add-after 'install 'remove-unusable-perl-commands
+            (add-after 'install 'remove-unusable-perl-commands
-             (lambda* (#:key outputs #:allow-other-keys)
+              (lambda* (#:key outputs #:allow-other-keys)
-               (let* ((out     (assoc-ref outputs "out"))
+                (let* ((out     (assoc-ref outputs "out"))
-                      (bin     (string-append out "/bin"))
+                       (bin     (string-append out "/bin"))
-                      (libexec (string-append out "/libexec")))
+                       (libexec (string-append out "/libexec")))
-                 (for-each (lambda (file)
+                  (for-each (lambda (file)
-                             (delete-file (string-append libexec
+                              (delete-file (string-append libexec
-                                                         "/git-core/" file)))
+                                                          "/git-core/" file)))
-                           '("git-svn" "git-cvsimport" "git-archimport"
+                            '("git-svn" "git-cvsimport" "git-archimport"
-                             "git-cvsserver" "git-request-pull"
+                              "git-cvsserver" "git-request-pull"
                             "git-add--interactive" "git-cvsexportcommit"
                             "git-instaweb" "git-send-email"))
                 (delete-file (string-append bin "/git-cvsserver"))
-                 ;; These templates typically depend on Perl.  Remove them.
+                              ;; git-add--interactive was removed in Git 2.40 but
-                 (delete-file-recursively
+                              ;; this phase is inherited by older versions.
-                  (string-append out "/share/git-core/templates/hooks"))
+                              #$@(if (version>=? (package-version this-package)
                                                 "2.40.1")
                                     #~()
                                     #~("git-add--interactive"))
-                 ;; Gitweb depends on Perl as well.
+                              "git-cvsexportcommit"
-                 (delete-file-recursively
+                              "git-instaweb" "git-send-email"))
-                  (string-append out "/share/gitweb")))))))
+                  (delete-file (string-append bin "/git-cvsserver"))
                  ;; These templates typically depend on Perl.  Remove them.
                  (delete-file-recursively
                   (string-append out "/share/git-core/templates/hooks"))
                  ;; Gitweb depends on Perl as well.
                  (delete-file-recursively
                   (string-append out "/share/gitweb")))))))
       ((#:make-flags flags)
-        `(delete "USE_LIBPCRE2=yes" ,flags))
+        #~(delete "USE_LIBPCRE2=yes" #$flags))
       ((#:configure-flags flags)
-        `(list
+        #~(list #$@(if (%current-target-system)
-          ,@(if (%current-target-system)
+                       git-cross-configure-flags
-                git-cross-configure-flags
+                       '())))
                '())))
       ((#:disallowed-references lst '())
        `(,perl ,@lst))))
    (outputs '("out"))