Accepting request 494473 from devel:tools:scm

git 2.13.0 git 2.12.3 * CVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395) OBS-URL: https://build.opensuse.org/request/show/494473 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=197
2017-05-20 08:06:50 +00:00 · 2017-05-20 08:06:50 +00:00 · b18505bb0a
commit b18505bb0a
parent 8b81b222a4
7 changed files with 36 additions and 12 deletions
--- a/completion-wordbreaks.diff
+++ b/completion-wordbreaks.diff
@ -2,13 +2,13 @@
 contrib/completion/git-completion.bash |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

-Index: git-2.11.0/contrib/completion/git-completion.bash
+Index: git-2.13.0/contrib/completion/git-completion.bash
 ===================================================================
--- git-2.11.0.orig/contrib/completion/git-completion.bash
-+++ git-2.11.0/contrib/completion/git-completion.bash
-@@ -29,10 +29,12 @@
- # tell the completion to use commit completion.  This also works with aliases
- # of form "!sh -c '...'".  For example, "!sh -c ': git commit ; ... '".
+--- git-2.13.0.orig/contrib/completion/git-completion.bash	2017-05-09 16:47:28.000000000 +0200
+++ git-2.13.0/contrib/completion/git-completion.bash	2017-05-10 12:09:05.594109083 +0200
+@@ -37,10 +37,12 @@
+ #     When set to "1", do not include "DWIM" suggestions in git-checkout
+ #     completion (e.g., completing "foo" when "origin/foo" exists).
 
 -case "$COMP_WORDBREAKS" in
 -*:*) : great ;;
@ -21,5 +21,5 @@ Index: git-2.11.0/contrib/completion/git-completion.bash
 +#*)   COMP_WORDBREAKS="$COMP_WORDBREAKS:"
 +#esac
 
- # __gitdir accepts 0 or 1 arguments (i.e., location)
- # returns location of .git repo
+ # Discovers the path to the git repository taking any '--git-dir=<path>' and
+ # '-C <path>' options into account and stores it in the $__git_repo_path
--- a/git-2.12.2.tar.sign
+++ b/git-2.12.2.tar.sign
--- a/git-2.12.2.tar.xz
+++ b/git-2.12.2.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d21a9e23506e618d561fb25a8a7bd6134f927b86147930103487117a7a678c4a
-size 4273748
--- a/git-2.13.0.tar.sign
+++ b/git-2.13.0.tar.sign
--- a/git-2.13.0.tar.xz
+++ b/git-2.13.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4bbf2ab6f2341253a38f95306ec7936833eb1c42572da5c1fa61f0abb2191258
+size 4744388
--- a/git.changes
+++ b/git.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Wed May 10 21:09:53 UTC 2017 - astieger@suse.com
+
+- git 2.13.0:
+  * empty string as a pathspec element for 'everything matches'
+    is still warned, for future removal.
+  * deprecated argument order "git merge <msg> HEAD <commit>..."
+    was removed
+  * default location "~/.git-credential-cache/socket" for the
+    socket used to communicate with the credential-cache daemon 
+    moved to "~/.cache/git/credential/socket".
+  * now avoid blindly falling back to ".git" when the setup
+    sequence indicated otherwise
+  * many workflow features, improvements and bug fixes
+
+-------------------------------------------------------------------
+Wed May 10 07:54:52 UTC 2017 - astieger@suse.com
+
+- git 2.12.3:
+  * CVE-2017-8386: On a server running git-shell as login shell to
+    restrict user to git commands, remote users may have been able
+    to have git service programs spawn an interactive pager
+    and thus escape the shell restrictions. (bsc#1038395)
+
 -------------------------------------------------------------------
 Sat Mar 25 13:43:23 UTC 2017 - astieger@suse.com

--- a/git.spec
+++ b/git.spec
@ -26,7 +26,7 @@
 %endif

 Name:           git
-Version:        2.12.2
+Version:        2.13.0
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0