Accepting request 970347 from devel:tools:scm

- git 2.35.3: * usability fix-up for CVE-2022-24765 bsc#1198234: '*' can be used as the value for the `safe.directory` variable to signal that the user considers that any directory is safe. * The code that was meant to parse the new `safe.directory` configuration variable was not checking what configuration variable was being fed to it - Require bash in git-daemon because the service file uses it - Reword git-daemon.service description to get a useful sentence in journalctl -b - git 2.35.2 (CVE-2022-24765, bsc#1198234): * CVE-2022-24765: git may execute commands defined by other users from unexpected worktrees - Require nogroup group for %pre (bsc#1192023) OBS-URL: https://build.opensuse.org/request/show/970347 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=276
2022-04-15 22:14:08 +00:00 · 2022-04-15 22:14:08 +00:00 · 6b8915c67b
commit 6b8915c67b
parent aec78cff84
7 changed files with 32 additions and 5 deletions
--- a/git-2.35.1.tar.sign
+++ b/git-2.35.1.tar.sign
--- a/git-2.35.1.tar.xz
+++ b/git-2.35.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d768528e6443f65a203036266f1ca50f9d127ba89751e32ead37117ed9191080
-size 6874520
--- a/git-2.35.3.tar.sign
+++ b/git-2.35.3.tar.sign
--- a/git-2.35.3.tar.xz
+++ b/git-2.35.3.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:15e9db4f9bf2ed9fff30cb62a00c5c7c0901015f5ab048cdb4e8b04ddee00fa2
+size 6876328
--- a/git-daemon.service
+++ b/git-daemon.service
@ -1,5 +1,5 @@
 [Unit]
-Description=Start Git Daemon
+Description=Git Daemon

 [Service]
 # added automatically, for details please see
--- a/git.changes
+++ b/git.changes
@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Thu Apr 14 06:01:19 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- git 2.35.3:
+  * usability fix-up for CVE-2022-24765 bsc#1198234:
+    '*' can be used as the value for the `safe.directory` variable
+    to signal that the user considers that any directory is safe.
+  * The code that was meant to parse the new `safe.directory`
+    configuration variable was not checking what configuration
+    variable was being fed to it
+
+-------------------------------------------------------------------
+Wed Apr 13 13:13:13 UTC 2022 - olaf@aepfle.de
+
+- Require bash in git-daemon because the service file uses it
+- Reword git-daemon.service description to get a useful sentence
+  in journalctl -b
+
+-------------------------------------------------------------------
+Tue Apr 12 17:56:41 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- git 2.35.2 (CVE-2022-24765, bsc#1198234):
+  * CVE-2022-24765: git may execute commands defined by other users
+    from unexpected worktrees
+
 -------------------------------------------------------------------
 Thu Mar 10 15:16:47 UTC 2022 - chris@computersalat.de

@ -114,6 +139,7 @@ Wed Oct 20 16:32:02 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
 - Add CONFIG parameter to %sysusers_generate_pre
 - Remove unneeded SHELL in git-daemon.conf
 - Fix sysusers usage in spec file
+- Require nogroup group for %pre (bsc#1192023)

 -------------------------------------------------------------------
 Wed Oct 13 18:09:43 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
--- a/git.spec
+++ b/git.spec
@ -36,7 +36,7 @@
 %bcond_with    asciidoctor
 %endif
 Name:           git
-Version:        2.35.1
+Version:        2.35.3
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only
@ -246,6 +246,7 @@ Email interface for the GIT version control system.
 %package daemon
 Summary:        Simple Server for Git Repositories
 Group:          Development/Tools/Version Control
+Requires:       bash
 Requires:       git-core = %{version}
 Requires(pre):  %fillup_prereq
 %if 0%{?suse_version} >= 1500