From 0a9fed604d2cc07933d21c63f22abf7f08600eea6b3dcfb5b37e93f14f572897 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Sun, 3 Jun 2018 10:31:12 +0000
Subject: [PATCH] Accepting request 613093 from devel:tools:scm

git 2.17.1
   (CVE-2018-11235, bsc#1095219)
   (CVE-2018-11233, bsc#1095218)

OBS-URL: https://build.opensuse.org/request/show/613093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=220
---
 git-2.17.0.tar.sign | Bin 566 -> 0 bytes
 git-2.17.0.tar.xz   |   3 ---
 git-2.17.1.tar.sign | Bin 0 -> 566 bytes
 git-2.17.1.tar.xz   |   3 +++
 git.changes         |  18 ++++++++++++++++++
 git.spec            |   2 +-
 6 files changed, 22 insertions(+), 4 deletions(-)
 delete mode 100644 git-2.17.0.tar.sign
 delete mode 100644 git-2.17.0.tar.xz
 create mode 100644 git-2.17.1.tar.sign
 create mode 100644 git-2.17.1.tar.xz

diff --git a/git-2.17.0.tar.sign b/git-2.17.0.tar.sign
deleted file mode 100644
index 63a254ff6b0f3b3b56cda35218d966ebc5eb4ca2a450e6edf56aae389cd83378..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0$Rd$Y5)oe5U{oA
zhL*49%YEDr|5{TxJ4IX+|3zSI$FpIPwL6ZwTlgs`062gPlJtlK%1X18=oWWcai4oG
zMU#ctFq}TW9kwk><3$I&#XsLtiigF#fCkbijYrK(>qhD?KTq_ddQly@BnhtqQ(3Vy
zl}pou6_D6XgA7Fbpq&-~-kpA^>Gm>RPq8j30Z28s0ddP`X)H-UX<wfVmRYWDuC0uN
zzBflikknWzr_yZ0_KK~mfnGvvH?xbK%up0902k&Q>zy>|TqZTGsPqK)R>cIhzFH);
zBN?kIP0k(~Upa%ebg4J$F^{BdRIqkbGAkm&Pv~bveBp-AL8Xu(OscPSKGqwfIVaO@
zz7yU^`_>L*(s<>0DMCSj`b!v1Rd7|)YdU(VOwfO?B5yEZg?%H=Xsng``0!TRn1F-}
zX3<*%hmkBea+W@@*5-~?xd=d;2f7_P?aiR8(lvZ1L8g7{>ePDAecfkyeU9in>6KC6
z`OE?j*uh}_Be7%e8r;#h{x+&vNId`trYWGpP{8X$3yvK;px@~W$5!OuThi2n05TO>
zFjZh7X$Oonv53cX_kCM(9p`-6^Pvk-wnb};Iu%h;Pd@9AVyXl&-(O=Rgzd?zx+eQ!
zF+f%dsG0rL)dZNj@@DFLXy&3KZxa8a*LNRMeEX|b=ub;6*6Kx_hTV~Phk}yB1jq?S
EyfA1F{{R30

diff --git a/git-2.17.0.tar.xz b/git-2.17.0.tar.xz
deleted file mode 100644
index d1db3df..0000000
--- a/git-2.17.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e916e5e95e81dbeafa7aac5d719c01108b5c814eb90b746695afa1afedf955c7
-size 5011556
diff --git a/git-2.17.1.tar.sign b/git-2.17.1.tar.sign
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..89d9581f537c6a62ceb493c31918fa3d4e62a02a56075819edb507b06bd2a74a
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0$UAnE&vJ%5U{oA
zhL*49%Xn@O0MgiUJyp>W5^+%68vN7M4sE+f{Qtvi6HMt_^xHQm1V%2~U=0D;^#4wd
z+>!Ag_MrlR$wpAKB=HLEoiBt`W^axr5Pu(xYY5F4-o*JTw@NKv|Ho2K%!a6Hs1Q`d
zzfq=s>RCsURvvXC*d93X4lJ{4n{t?Fpa>e$c2?cre|4pF@!REn5{KB#EupI&zmqBM
zx5ry3R5Z#5VR*v=XMO4CPZp;;=$hIjPcHd=K<NOk_scKn`-6=gm{e5tXf2L}y($l`
zpExWrg>JOVvqjh*2hfc~OhOn2?*<uSU7(->SD52hB^;C%;B)UgElaQ|S`89x9YZh9
zra$Z`!B&^WI5zv7RHzEWWnz7|yfFdV<^ZJMcgkC`mlhiY=EO&ZE|20WSz%nCQ-}#Y
zb>Ssvp=?>^P)a=_e%9rj%~Tz_M%QPFBEbXCtFVGL1>X{qST6Q{<x8Q)I>$7hG&hbt
z&nJ(Wo_a?62>hB|tZ#+FGUC4jXr5A|8Ms5nlAyR!1w3fYOb7hha9l^|2s>L-Zqd<$
zuZGE9L>Y9z#O2R{e9~o${q+mti$)hN*CHdp!VmQADw0%0wqm%1qw0rOCoRx@8*YKz
z%>%}EHN#_n?Q>4E7d9$~8cXW4QCBeQJ04h*j|Y@4?t8XfUpZ`s*HEjJ=gyjDuy88W
EZ6U4>SpWb4

literal 0
HcmV?d00001

diff --git a/git-2.17.1.tar.xz b/git-2.17.1.tar.xz
new file mode 100644
index 0000000..e3d49ac
--- /dev/null
+++ b/git-2.17.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:79136e7aa83abae4d8a25c8111f113d3c5a63aeb5fd93cc72c26d49c6d5ba65e
+size 5015484
diff --git a/git.changes b/git.changes
index c69cad2..2f9f30b 100644
--- a/git.changes
+++ b/git.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue May 29 23:11:45 UTC 2018 - avindra@opensuse.org
+
+- git 2.17.1
+ * Submodule "names" come from the untrusted .gitmodules file, but
+   we blindly append them to $GIT_DIR/modules to create our on-disk
+   repo paths. This means you can do bad things by putting "../"
+   into the name. We now enforce some rules for submodule names
+   which will cause Git to ignore these malicious names
+   (CVE-2018-11235, bsc#1095219)
+ * It was possible to trick the code that sanity-checks paths on
+   NTFS into reading random piece of memory
+   (CVE-2018-11233, bsc#1095218)
+ * Support on the server side to reject pushes to repositories
+   that attempt to create such problematic .gitmodules file etc.
+   as tracked contents, to help hosting sites protect their
+   customers by preventing malicious contents from spreading.
+
 -------------------------------------------------------------------
 Thu May 24 12:05:33 UTC 2018 - tchvatal@suse.com
 
diff --git a/git.spec b/git.spec
index 1478c60..8bc5dab 100644
--- a/git.spec
+++ b/git.spec
@@ -35,7 +35,7 @@
 %bcond_without docs
 
 Name:           git
-Version:        2.17.0
+Version:        2.17.1
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only