Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New curl version] 8.10.0 #5134

Closed
github-actions bot opened this issue Sep 11, 2024 · 10 comments · Fixed by git-for-windows/MSYS2-packages#186 or git-for-windows/MINGW-packages#129
Closed

[New curl version] 8.10.0 #5134

github-actions bot opened this issue Sep 11, 2024 · 10 comments · Fixed by git-for-windows/MSYS2-packages#186 or git-for-windows/MINGW-packages#129
Labels
component-update
Milestone
v2.46.1

Comments

@github-actions
Copy link

https://github.com/curl/curl/releases/tag/curl-8_10_0
@rimrul
Copy link
Member

rimrul commented Sep 11, 2024
edited by gitforwindowshelper bot
Loading

/open pr

The MSYS workflow run was started

The MINGW workflow run was started

This was referenced Sep 11, 2024
Merged
Merged
@dscho
Copy link
Member

dscho commented Sep 11, 2024

Looks like the only security-relevant change is the fix for CVE-2024-8096, which does not affect us because it is relevant to GnuTLS backends only, and we do not ship any libcurl binaries with that backend.

@dscho dscho added this to the Next release milestone Sep 11, 2024
@dscho
Copy link
Member

dscho commented Sep 11, 2024
edited by gitforwindowshelper bot
Loading

/add relnote

The workflow run was started

@rimrul
Copy link
Member

rimrul commented Sep 13, 2024

Looks like curl/curl#14895 is relevant to Gits HTTP 2 code.

@dscho
Copy link
Member

dscho commented Sep 13, 2024

Looks like curl/curl#14895 is relevant to Gits HTTP 2 code.

Do you know of any easy way to test this?

@PhilipOakley
Copy link

Do you know of any easy way to test this?

there's some clues in the discussion https://lore.kernel.org/git/[email protected]/

@dscho
Copy link
Member

dscho commented Sep 13, 2024

Do you know of any easy way to test this?

there's some clues in the discussion https://lore.kernel.org/git/[email protected]/

Thank you! I haven't been able to pay attention to the Git mailing list lately. If I read this correctly, then we'll get CI failures in t5559 with the new cURL version? (But then, our shears/* CI builds are all broken now, before even reaching the test suite...)

@dscho
Copy link
Member

dscho commented Sep 13, 2024

If I read this correctly, then we'll get CI failures in t5559 with the new cURL version?

But of course we'll only get them when we actually exercise the tests, which we don't, because they require an Apache server :-(

So I tried to reproduce according to this nutshell description, using a current minimal SDK (which has the current libcurl), but no dice, it works:

usr\bin\bash.exe -lc "git -c http.version=HTTP/2 -c http.postbuffer=65536 clone --bare https://github.com/git/git git.git"

The good news is that we don't need to do much of anything until September 18th, when a new cURL version is planned.

@dscho dscho mentioned this issue Sep 14, 2024
Closed
@dscho
Copy link
Member

dscho commented Sep 15, 2024

The good news is that we don't need to do much of anything until September 18th, when a new cURL version is planned.

The not-so-good news is that Git v2.46.1 was released in the meantime, and the corresponding Git for Windows release will have to wait :-(

@dscho
Copy link
Member

dscho commented Sep 18, 2024

This was fixed in #5150 and will be released via Git for Windows v2.46.1 in a moment, via #5151.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-update
Projects
None yet
Milestone
v2.46.1
3 participants
@dscho @PhilipOakley @rimrul