From 43b1791ec601732ac31195df96781a848360a9ac Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Tue, 21 Sep 2021 13:03:01 +0300 Subject: chore(3p/git): Unvendor git and track patches instead This was vendored a long time ago under the expectation that keeping it in sync with cgit would be easier this way, but it has proven not to be a big issue. On the other hand, a vendored copy of git is an annoying maintenance burden. It is much easier to rebase the single (dottime) patch that we have. This removes the vendored copy of git and instead passes the git source code to cgit via `pkgs.srcOnly`, which includes the applied patch so that cgit can continue rendering dottime. Change-Id: If31f62dea7ce688fd1b9050204e9378019775f2b --- third_party/git/Documentation/RelNotes/2.17.4.txt | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 third_party/git/Documentation/RelNotes/2.17.4.txt (limited to 'third_party/git/Documentation/RelNotes/2.17.4.txt') diff --git a/third_party/git/Documentation/RelNotes/2.17.4.txt b/third_party/git/Documentation/RelNotes/2.17.4.txt deleted file mode 100644 index 7d794ca01a..0000000000 --- a/third_party/git/Documentation/RelNotes/2.17.4.txt +++ /dev/null @@ -1,16 +0,0 @@ -Git v2.17.4 Release Notes -========================= - -This release is to address the security issue: CVE-2020-5260 - -Fixes since v2.17.3 -------------------- - - * With a crafted URL that contains a newline in it, the credential - helper machinery can be fooled to give credential information for - a wrong host. The attack has been made impossible by forbidding - a newline character in any value passed via the credential - protocol. - -Credit for finding the vulnerability goes to Felix Wilhelm of Google -Project Zero. -- cgit 1.4.1