diff options
| author | Todd Gamblin <tgamblin@llnl.gov> | 2016-03-16 14:03:33 -0700 |
|---|---|---|
| committer | Todd Gamblin <tgamblin@llnl.gov> | 2016-03-16 14:03:33 -0700 |
| commit | 63f9f4291aedf0871c75e5aed31a5625fe9c4613 (patch) | |
| tree | 1490dcd4154c69e8a38800f74277cf6e83f8f63e | |
| parent | d46d897ac967afcd3437b667b343cb577a250f14 (diff) | |
| parent | fa2a66db6721ef5d7b54b9cede69aa2f1b5b7531 (diff) | |
| download | spack-63f9f4291aedf0871c75e5aed31a5625fe9c4613.tar.gz spack-63f9f4291aedf0871c75e5aed31a5625fe9c4613.tar.bz2 spack-63f9f4291aedf0871c75e5aed31a5625fe9c4613.tar.xz spack-63f9f4291aedf0871c75e5aed31a5625fe9c4613.zip | |
Merge pull request #560 from citibeth/efischer/160316-GitFix
Disabled Vulnerable Git Versions
| -rw-r--r-- | var/spack/repos/builtin/packages/git/package.py | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/var/spack/repos/builtin/packages/git/package.py b/var/spack/repos/builtin/packages/git/package.py index ddc5078c4d..586b6ce3c3 100644 --- a/var/spack/repos/builtin/packages/git/package.py +++ b/var/spack/repos/builtin/packages/git/package.py @@ -5,14 +5,22 @@ class Git(Package): system designed to handle everything from small to very large projects with speed and efficiency.""" homepage = "http://git-scm.com" - url = "https://www.kernel.org/pub/software/scm/git/git-2.2.1.tar.gz" + url = "https://github.com/git/git/tarball/v2.7.1" - version('2.6.3', 'b711be7628a4a2c25f38d859ee81b423') - version('2.6.2', 'da293290da69f45a86a311ad3cd43dc8') - version('2.6.1', '4c62ee9c5991fe93d99cf2a6b68397fd') - version('2.6.0', 'eb76a07148d94802a1745d759716a57e') - version('2.5.4', '3eca2390cf1fa698b48e2a233563a76b') - version('2.2.1', 'ff41fdb094eed1ec430aed8ee9b9849c') + version('2.8.0-rc2', 'c2cf9f2cc70e35f2fafbaf9258f82e4c') + version('2.7.3', 'fa1c008b56618c355a32ba4a678305f6') + version('2.7.1', 'bf0706b433a8dedd27a63a72f9a66060') + + + # See here for info on vulnerable Git versions: + # http://www.theregister.co.uk/2016/03/16/git_server_client_patch_now/ + # All the following are vulnerable + #version('2.6.3', 'b711be7628a4a2c25f38d859ee81b423') + #version('2.6.2', 'da293290da69f45a86a311ad3cd43dc8') + #version('2.6.1', '4c62ee9c5991fe93d99cf2a6b68397fd') + #version('2.6.0', 'eb76a07148d94802a1745d759716a57e') + #version('2.5.4', '3eca2390cf1fa698b48e2a233563a76b') + #version('2.2.1', 'ff41fdb094eed1ec430aed8ee9b9849c') # Git compiles with curl support by default on but if your system @@ -24,6 +32,7 @@ class Git(Package): variant("expat", default=False, description="Add the internal support of expat for https push") depends_on("openssl") + depends_on("autoconf") depends_on("curl", when="+curl") depends_on("expat", when="+expat") @@ -47,6 +56,7 @@ class Git(Package): if '+expat' in spec: configure_args.append("--with-expat=%s" % spec['expat'].prefix) + which('autoreconf')('-i') configure(*configure_args) make() make("install") |