Closed Bug 1257633 Opened 10 years ago Closed 10 years ago

Upgrade git version to > 2.7.3 on OS X build and test machines to address CVE-2016-2324 and CVE‑2016‑2315

Categories

(Infrastructure & Operations :: RelOps: Puppet, task)

Product:
Infrastructure & Operations
Component:
RelOps: Puppet
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: arich, Assigned: dividehex)

References

Details

Attachments

(3 files)

bug1257633-1-upgrade-git-osx.patch
4.04 KB, patch
dustin
: review+
dividehex
: checked-in+
Details | Diff | Splinter Review
bug1257633-2-fix-git-osx-10.7.patch
2.36 KB, patch
dustin
: review+
dividehex
: checked-in+
Details | Diff | Splinter Review
bug1257633-3-bump-release-git-dmg-script.patch
494 bytes, patch
dustin
: review+
dividehex
: checked-in+
Details | Diff | Splinter Review
No description provided.
No longer blocks: 1257614
Installs git-2.7.4 to osx Also adds back in the anchors which shouldn't have been removed previously
Attachment #8733612 - Flags: review?(dustin)
I'm going out on a limb here and assuming we can get away with a single non os specific version build. If this proves incorrect, I'll backout by linking and bumping the previous version by release number. pkgdmg isn't versionable but the can be worked around for rollbacks in this way.
Attachment #8733612 - Flags: review?(dustin) → review+
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
See bug 1263082 for comments, it looks like there is a bogus version of git for mac in automation, this is hitting us in on the bld-lion-r5 machines that we are using to run release automation
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I've rebuilt git for 10.6, 10.7 and 10.10 and tested the binaries on each os version respectively. Deployed here: remote: https://hg.mozilla.org/build/puppet/rev/c010230e92ed
Depends on: 1263617
This is a fixed release of git 2.7.4 for osx 10.7. Since the package resource on osx is not versionable, I had to separate out 10.7 in a case statement. Comments are including in the manifest as a reminder. Tested on bld-lion-r5-088: [root@bld-lion-r5-088.build.releng.scl3.mozilla.com ~]# /tools/git/bin/git --version dyld: Library not loaded: /opt/local/lib/libiconv.2.dylib Referenced from: /tools/git/bin/git Reason: Incompatible library version: git requires version 8.0.0 or later, but libiconv.2.dylib provides version 7.0.0 Trace/BPT trap: 5 [root@bld-lion-r5-088.build.releng.scl3.mozilla.com ~]# /tools/git/bin/git --version git version 2.7.4
Attachment #8740053 - Flags: review?(dustin)
Attachment #8740053 - Flags: review?(dustin) → review+
Updates the release # in the git-dmg.sh build script
Attachment #8740065 - Flags: review?(dustin)
Comment on attachment 8740065 [details] [diff] [review] bug1257633-3-bump-release-git-dmg-script.patch I assume all three versions didn't get upgraded to -3 because it was too much work to build 'em all?
Attachment #8740065 - Flags: review?(dustin) → review+
(In reply to Dustin J. Mitchell [:dustin] from comment #10) > Comment on attachment 8740065 [details] [diff] [review] > bug1257633-3-bump-release-git-dmg-script.patch > > I assume all three versions didn't get upgraded to -3 because it was too > much work to build 'em all? Correct.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: