From 740d7d51dcfa8290a400073aa77bff3e15ea58c83cf2a067c52b76fa7f75fcbc Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa13@gmail.com>
Date: Sat, 22 Aug 2020 20:23:21 +0000
Subject: [PATCH] - Upgrade to 1.12.1   + Validate path read from repomd.xml
 (rh#1868639, CVE-2020-14352)

OBS-URL: https://build.opensuse.org/package/show/system:packagemanager:dnf/librepo?expand=0&rev=32
---
 librepo-1.12.0.tar.gz | 3 ---
 librepo-1.12.1.tar.gz | 3 +++
 librepo.changes       | 6 ++++++
 librepo.spec          | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)
 delete mode 100644 librepo-1.12.0.tar.gz
 create mode 100644 librepo-1.12.1.tar.gz

diff --git a/librepo-1.12.0.tar.gz b/librepo-1.12.0.tar.gz
deleted file mode 100644
index 0b85b96..0000000
--- a/librepo-1.12.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e26e142582ae32b2f6ee8f1f384f7d502ca9ea416b9db77a76b12f9cf339c133
-size 815065
diff --git a/librepo-1.12.1.tar.gz b/librepo-1.12.1.tar.gz
new file mode 100644
index 0000000..fab4e35
--- /dev/null
+++ b/librepo-1.12.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b78113f3aeb0d562b034dbeb926609019b7bed27e05c9ab5a584a9938de8da9f
+size 816206
diff --git a/librepo.changes b/librepo.changes
index 628ff92..7918e21 100644
--- a/librepo.changes
+++ b/librepo.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sat Aug 22 20:18:17 UTC 2020 - Neal Gompa <ngompa13@gmail.com>
+
+- Upgrade to 1.12.1
+  + Validate path read from repomd.xml (rh#1868639, CVE-2020-14352)
+
 -------------------------------------------------------------------
 Tue Jul  7 10:38:49 UTC 2020 - Neal Gompa <ngompa13@gmail.com>
 
diff --git a/librepo.spec b/librepo.spec
index 92fc9e4..1ec7cbd 100644
--- a/librepo.spec
+++ b/librepo.spec
@@ -37,7 +37,7 @@
 %define devname %{name}-devel
 
 Name:           librepo
-Version:        1.12.0
+Version:        1.12.1
 Release:        0
 Summary:        Repodata downloading library
 License:        LGPL-2.0-or-later