From 608a98b3caba934b609a13a14a575d7ebefe548f15248bf64fd48bb74fa6d841 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Wed, 15 May 2024 07:33:04 +0000
Subject: [PATCH] Accepting request 1174111 from
 home:AndreasStieger:branches:devel:tools:scm

git 2.45.1:
CVE-2024-32002 boo#1224168
CVE-2024-32004 boo#1224170
CVE-2024-32020 boo#1224171
CVE-2024-32021 boo#1224172
CVE-2024-32465 boo#1224173

OBS-URL: https://build.opensuse.org/request/show/1174111
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/git?expand=0&rev=643
---
 git-2.45.0.tar.sign | Bin 566 -> 0 bytes
 git-2.45.0.tar.xz   |   3 ---
 git-2.45.1.tar.sign | Bin 0 -> 566 bytes
 git-2.45.1.tar.xz   |   3 +++
 git.changes         |  16 ++++++++++++++++
 git.spec            |   3 ++-
 6 files changed, 21 insertions(+), 4 deletions(-)
 delete mode 100644 git-2.45.0.tar.sign
 delete mode 100644 git-2.45.0.tar.xz
 create mode 100644 git-2.45.1.tar.sign
 create mode 100644 git-2.45.1.tar.xz

diff --git a/git-2.45.0.tar.sign b/git-2.45.0.tar.sign
deleted file mode 100644
index e36c8686022db2eb731e654abde64bede626a436cec9e7d165c2f3b8d72b44ec..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0%kAB-2e&+5U{oA
zhL*49%kq>D|5RmOHANC)n_}`g-yKUuJD3cGN`slYz^bXDKM+-5+HmqNKcj@sHyXDU
zwHKb+0M-KG4+do*3a*Yr%V6!HFe<j_BJt=XoR2UUop9q(F-h!^9T73(E>`V99pCfX
z7UEmS87i{9k6_OLxX{X$81ngyNV8=>Xk5Ww3AJZ#wAO}k#dlB>?8$zIUK7IV9`ICK
zM|`28Z5D*$y!Y$^neVoXBWGb!Ko9%3(??OsC9?X^qn^E|;0hNX%PvjT6<A|rq6G;o
zT||voV-P?^6sc-k0j=em&0a@OTCf*B^oei`p3`_w9KS(<@h_dLvx)R-izfqFJYcR{
z=c+V5q>Q6xf@}c2sn#;E6dfcNNSv40nvSjlcFrqLc=50qkf-a3Lxk*MOGtI2q|Uf$
zp<1Bpw>PNr)Yqi@jRY!dNV2GfwhVNBS!_Z1dFe|Qro*Vj0#LmXM)YnW;pHnNdg`)&
zI~Vh}oZ59EyLkVMiR(|#qJ4U71{JUDAx1<$lXO7Cqr~&a`p@wQ%Z#%Dqh3Xh!bvkb
z$L6up5RONO5DtcWaWKkw(BD6ZQ92(s>4H|{WNouAilf48Qe|v%NHZ$VMW7=;t+kxa
zoLdIMRuT6gQ>nXmThx5Rf|+W0Pm#xzD7w(yqYZmeG=Eo10=)SIx?35a5$LwHwRgES
E+1pzaR{#J2

diff --git a/git-2.45.0.tar.xz b/git-2.45.0.tar.xz
deleted file mode 100644
index d6f334f..0000000
--- a/git-2.45.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0aac200bd06476e7df1ff026eb123c6827bc10fe69d2823b4bf2ebebe5953429
-size 7482988
diff --git a/git-2.45.1.tar.sign b/git-2.45.1.tar.sign
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..efdb7d44fd6f8465493b1adc140aa0064e95bbf33e5410f3ed00fac008ab7ced
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0%kD{5daDa5U{oA
zhL*49%M=a||7}OR5<|VGjq$YHNPS)EIFE^<SJerj_8k%Z5r5u7awB5pbWRpM>^OKC
zEfW(al0aVv&mJ-yLr%0x*{9HC;#@&iuHBkzS>N6Fq41++(Ngt$DoOIS<omI4xW@sI
zA&hI+wdr*KiW-VeqL-32*1F9>|G|^|<9o!y=V0$LMs7*o<f=O#_OLbFm?JY5J%6)n
z`CUSjo*Wr)cU&QR5NwEvW@woVK22HIFA_{woyB1TeT5Rv05{)NN(3OtC*}Y;_Lr>|
z?453V|1qIYf;jLD{K5bcVWKWatK=`k^`|7jT2K*NEs2J`GH&z$btBbL{jL}j<rRiR
zXufxgIPmJft}rbO*!?q71#SlWbAjZv5O&CQF)qbCfQb*M8S$(Rx#Cv@b+Ek;$m=5|
z7hK0=X+$kc0PauaM`?3Dq=;N+UlrjN_`F`4SYwMtgn_sHo$REXZ>LjSB-|z<#RBja
z;|Q?QLPy%#KcsdAyV1tPH={td2(1hiD}=lqNHD{JK&xyNRjvtl^;U)a1q*xJ`u$wl
z7p{hEpZdNE^~M=v-M7c$TQ^9E2#{Wrld>{sa8lLouPaT|$FSr(h+4?#H$3#;Pz6*z
zPzyUI_+?-M09Fq;8k)eIC%@NdpNqdoiB#{2cm~;cJzIWf7qaAi2X*NdUmJJ)vBb}6
Ew#p+7@c;k-

literal 0
HcmV?d00001

diff --git a/git-2.45.1.tar.xz b/git-2.45.1.tar.xz
new file mode 100644
index 0000000..7596e5b
--- /dev/null
+++ b/git-2.45.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e64d340a8e627ae22cfb8bcc651cca0b497cf1e9fdf523735544ff4a732f12bf
+size 7490268
diff --git a/git.changes b/git.changes
index d5e4527..ebbaf16 100644
--- a/git.changes
+++ b/git.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue May 14 22:38:09 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 2.45.1:
+ * CVE-2024-32002: recursive clones on case-insensitive
+   filesystems that support symbolic links are susceptible to case
+   confusion (boo#1224168)
+ * CVE-2024-32004: arbitrary code execution during local clones
+   (boo#1224170)
+ * CVE-2024-32020: file overwriting vulnerability during local
+   clones (boo#1224171)
+ * CVE-2024-32021: git may create hardlinks to arbitrary user-
+   readable files (boo#1224172)
+ * CVE-2024-32465: arbitrary code execution during clone operations
+   (boo#1224173)
+
 -------------------------------------------------------------------
 Wed May  1 16:47:14 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/git.spec b/git.spec
index c16c2ed..046a4c7 100644
--- a/git.spec
+++ b/git.spec
@@ -2,6 +2,7 @@
 # spec file for package git
 #
 # Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,7 +36,7 @@
 %bcond_with    asciidoctor
 %endif
 Name:           git
-Version:        2.45.0
+Version:        2.45.1
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only