Accepting request 970347 from devel:tools:scm

- git 2.35.3:
  * usability fix-up for CVE-2022-24765 bsc#1198234:
    '*' can be used as the value for the `safe.directory` variable
    to signal that the user considers that any directory is safe.
  * The code that was meant to parse the new `safe.directory`
    configuration variable was not checking what configuration
    variable was being fed to it

- Require bash in git-daemon because the service file uses it
- Reword git-daemon.service description to get a useful sentence
  in journalctl -b

- git 2.35.2 (CVE-2022-24765, bsc#1198234):
  * CVE-2022-24765: git may execute commands defined by other users
    from unexpected worktrees

- Require nogroup group for %pre (bsc#1192023)

OBS-URL: https://build.opensuse.org/request/show/970347
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=276
This commit is contained in:
Dominique Leuenberger 2022-04-15 22:14:08 +00:00 committed by Git OBS Bridge
parent aec78cff84
commit 6b8915c67b
7 changed files with 32 additions and 5 deletions

Binary file not shown.

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d768528e6443f65a203036266f1ca50f9d127ba89751e32ead37117ed9191080
size 6874520

BIN
git-2.35.3.tar.sign Normal file

Binary file not shown.

3
git-2.35.3.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:15e9db4f9bf2ed9fff30cb62a00c5c7c0901015f5ab048cdb4e8b04ddee00fa2
size 6876328

View File

@ -1,5 +1,5 @@
[Unit] [Unit]
Description=Start Git Daemon Description=Git Daemon
[Service] [Service]
# added automatically, for details please see # added automatically, for details please see

View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Thu Apr 14 06:01:19 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- git 2.35.3:
* usability fix-up for CVE-2022-24765 bsc#1198234:
'*' can be used as the value for the `safe.directory` variable
to signal that the user considers that any directory is safe.
* The code that was meant to parse the new `safe.directory`
configuration variable was not checking what configuration
variable was being fed to it
-------------------------------------------------------------------
Wed Apr 13 13:13:13 UTC 2022 - olaf@aepfle.de
- Require bash in git-daemon because the service file uses it
- Reword git-daemon.service description to get a useful sentence
in journalctl -b
-------------------------------------------------------------------
Tue Apr 12 17:56:41 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- git 2.35.2 (CVE-2022-24765, bsc#1198234):
* CVE-2022-24765: git may execute commands defined by other users
from unexpected worktrees
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 10 15:16:47 UTC 2022 - chris@computersalat.de Thu Mar 10 15:16:47 UTC 2022 - chris@computersalat.de
@ -114,6 +139,7 @@ Wed Oct 20 16:32:02 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Add CONFIG parameter to %sysusers_generate_pre - Add CONFIG parameter to %sysusers_generate_pre
- Remove unneeded SHELL in git-daemon.conf - Remove unneeded SHELL in git-daemon.conf
- Fix sysusers usage in spec file - Fix sysusers usage in spec file
- Require nogroup group for %pre (bsc#1192023)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Oct 13 18:09:43 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> Wed Oct 13 18:09:43 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>

View File

@ -36,7 +36,7 @@
%bcond_with asciidoctor %bcond_with asciidoctor
%endif %endif
Name: git Name: git
Version: 2.35.1 Version: 2.35.3
Release: 0 Release: 0
Summary: Fast, scalable, distributed revision control system Summary: Fast, scalable, distributed revision control system
License: GPL-2.0-only License: GPL-2.0-only
@ -246,6 +246,7 @@ Email interface for the GIT version control system.
%package daemon %package daemon
Summary: Simple Server for Git Repositories Summary: Simple Server for Git Repositories
Group: Development/Tools/Version Control Group: Development/Tools/Version Control
Requires: bash
Requires: git-core = %{version} Requires: git-core = %{version}
Requires(pre): %fillup_prereq Requires(pre): %fillup_prereq
%if 0%{?suse_version} >= 1500 %if 0%{?suse_version} >= 1500