Accepting request 613093 from devel:tools:scm

git 2.17.1
   (CVE-2018-11235, bsc#1095219)
   (CVE-2018-11233, bsc#1095218)

OBS-URL: https://build.opensuse.org/request/show/613093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=220

git-2.17.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e916e5e95e81dbeafa7aac5d719c01108b5c814eb90b746695afa1afedf955c7
-size 5011556

git-2.17.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:79136e7aa83abae4d8a25c8111f113d3c5a63aeb5fd93cc72c26d49c6d5ba65e
+size 5015484

git.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue May 29 23:11:45 UTC 2018 - avindra@opensuse.org
+
+- git 2.17.1
+ * Submodule "names" come from the untrusted .gitmodules file, but
+   we blindly append them to $GIT_DIR/modules to create our on-disk
+   repo paths. This means you can do bad things by putting "../"
+   into the name. We now enforce some rules for submodule names
+   which will cause Git to ignore these malicious names
+   (CVE-2018-11235, bsc#1095219)
+ * It was possible to trick the code that sanity-checks paths on
+   NTFS into reading random piece of memory
+   (CVE-2018-11233, bsc#1095218)
+ * Support on the server side to reject pushes to repositories
+   that attempt to create such problematic .gitmodules file etc.
+   as tracked contents, to help hosting sites protect their
+   customers by preventing malicious contents from spreading.
+
 -------------------------------------------------------------------
 Thu May 24 12:05:33 UTC 2018 - tchvatal@suse.com
 

git.spec

@@ -35,7 +35,7 @@
 %bcond_without docs
 
 Name:           git
-Version:        2.17.0
+Version:        2.17.1
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only