Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

7z.sfx: update to v24.08 #575

Merged
merged 3 commits into from
Aug 14, 2024
Merged

7z.sfx: update to v24.08 #575

merged 3 commits into from
Aug 14, 2024

Conversation

dscho
Copy link
Member

@dscho dscho commented Aug 13, 2024

This corresponds to the commit 4e0cd6fa (Add a Dependabot configuration, 2024-06-28) of
https://github.com/git-for-windows/7-Zip/commits/v24.08-VS2022-sfx and the artifacts have been copied from the workflow run at https://github.com/git-for-windows/7-Zip/actions/runs/10374851525.

This addresses git-for-windows/git#5104

@dscho
7z.sfx: update to v24.08
998d724 
This corresponds to the commit 4e0cd6fa (Add a Dependabot configuration,
2024-06-28) of
https://github.com/git-for-windows/7-Zip/commits/v24.08-VS2022-sfx and
the artifacts have been copied from the workflow run at
https://github.com/git-for-windows/7-Zip/actions/runs/10374851525.

Signed-off-by: Johannes Schindelin <[email protected]>
@dscho dscho self-assigned this Aug 13, 2024
@dscho dscho linked an issue Aug 13, 2024 that may be closed by this pull request
[New 7-zip version] 15 new items git-for-windows/git#5104
Closed
dscho added 2 commits August 13, 2024 20:41
@dscho
ci: test 7-Zip artifact when it is updated
c5f0622 
When a PR touches `7-Zip/`, we want to make sure that it verifies that
it works correctly in Portable Git (which is based on 7-Zip, after all,
and uses its self-extracting module, or more precisely: Git for Windows'
fork of 7-Zip's self-extracting module).

Signed-off-by: Johannes Schindelin <[email protected]>
@dscho
ci(portable): when building Portable Git, also test it
47366ab 
Just like the installer, we can run the Portable Git self-extractor and
validate that it works as intended.

Signed-off-by: Johannes Schindelin <[email protected]>
@dscho dscho merged commit cb70db9 into git-for-windows:main Aug 14, 2024
6 checks passed
@dscho dscho deleted the update-to-7-Zip-24.08 branch August 14, 2024 10:16
@dscho
Copy link
Member Author

dscho commented Dec 5, 2024

I just got notified of https://www.cve.org/CVERecord?id=CVE-2024-11477, and am glad that we got this here PR merged in time for Git for Windows v2.46.1. Having said that, my assessment is that Git for Windows would not have been affected anyway:

  • We do not ship 7-Zip, only PortableGit uses the SFX module.
  • The vulnerability affects only the Zstandard decompression (which the SFX module does not even include)
  • It requires a crafted archive (but we craft those archives ourselves, thanks very much 😉)
  • The bug was fixed in version 24.07 (we upgraded to 24.08 via this here PR, in time for Git for Windows v2.46.1).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dscho dscho

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[New 7-zip version] 15 new items
1 participant
@dscho