Accepting request 613093 from devel:tools:scm

git 2.17.1
   (CVE-2018-11235, bsc#1095219)
   (CVE-2018-11233, bsc#1095218)

OBS-URL: https://build.opensuse.org/request/show/613093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=220
This commit is contained in:
Dominique Leuenberger 2018-06-03 10:31:12 +00:00 committed by Git OBS Bridge
parent f7bc847ca0
commit 0a9fed604d
6 changed files with 22 additions and 4 deletions

Binary file not shown.

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e916e5e95e81dbeafa7aac5d719c01108b5c814eb90b746695afa1afedf955c7
size 5011556

BIN
git-2.17.1.tar.sign Normal file

Binary file not shown.

3
git-2.17.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:79136e7aa83abae4d8a25c8111f113d3c5a63aeb5fd93cc72c26d49c6d5ba65e
size 5015484

View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Tue May 29 23:11:45 UTC 2018 - avindra@opensuse.org
- git 2.17.1
* Submodule "names" come from the untrusted .gitmodules file, but
we blindly append them to $GIT_DIR/modules to create our on-disk
repo paths. This means you can do bad things by putting "../"
into the name. We now enforce some rules for submodule names
which will cause Git to ignore these malicious names
(CVE-2018-11235, bsc#1095219)
* It was possible to trick the code that sanity-checks paths on
NTFS into reading random piece of memory
(CVE-2018-11233, bsc#1095218)
* Support on the server side to reject pushes to repositories
that attempt to create such problematic .gitmodules file etc.
as tracked contents, to help hosting sites protect their
customers by preventing malicious contents from spreading.
-------------------------------------------------------------------
Thu May 24 12:05:33 UTC 2018 - tchvatal@suse.com

View File

@ -35,7 +35,7 @@
%bcond_without docs
Name: git
Version: 2.17.0
Version: 2.17.1
Release: 0
Summary: Fast, scalable, distributed revision control system
License: GPL-2.0-only