rpm/git
SHA256
1
0
Fork 0
forked from pool/git
Code Pull Requests Activity

Accepting request 1032894 from devel:tools:scm

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1032894
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=290
This commit is contained in:
Dominique Leuenberger 2022-11-08 09:53:08 +00:00 committed by Git OBS Bridge
parent 7d88583a8d
commit 713763acd2
6 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
git-2.38.0.tar.sign
View File

Binary file not shown.

3
git-2.38.0.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:923eade26b1814de78d06bda8e0a9f5da8b7c4b304b3f9050ffb464f0310320a
size 7086664

BIN
git-2.38.1.tar.sign Normal file
View File

Binary file not shown.

3
git-2.38.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:97ddf8ea58a2b9e0fbc2508e245028ca75911bd38d1551616b148c1aa5740ad9
size 7088208

30
git.changes
View File

@ -1,3 +1,33 @@
-------------------------------------------------------------------
Tue Nov 1 20:55:50 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- disable tests on s390x (check-chainlint)
-------------------------------------------------------------------
Wed Oct 26 19:57:18 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.38.1 (bsc#1204455, CVE-2022-39253, bsc#1204456, CVE-2022-39260):
* CVE-2022-39253:
When relying on the `--local` clone optimization, Git dereferences
symbolic links in the source repository before creating hardlinks
(or copies) of the dereferenced link in the destination repository.
This can lead to surprising behavior where arbitrary files are
present in a repository's `$GIT_DIR` when cloning from a malicious
repository.
Git will no longer dereference symbolic links via the `--local`
clone mechanism, and will instead refuse to clone repositories that
have symbolic links present in the `$GIT_DIR/objects` directory.
Additionally, the value of `protocol.file.allow` is changed to be
"user" by default.
* CVE-2022-39260:
An overly-long command string given to `git shell` can result in
overflow in `split_cmdline()`, leading to arbitrary heap writes and
remote code execution when `git shell` is exposed and the directory
`$HOME/git-shell-commands` exists.
`git shell` is taught to refuse interactive commands that are
longer than 4MiB in size. `split_cmdline()` is hardened to reject
inputs larger than 2GiB.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Oct 6 19:29:30 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> Thu Oct 6 19:29:30 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>

5
git.spec
View File

@ -36,7 +36,7 @@
%bcond_with asciidoctor %bcond_with asciidoctor
%endif %endif
Name: git Name: git
Version: 2.38.0 Version: 2.38.1
Release: 0 Release: 0
Summary: Fast, scalable, distributed revision control system Summary: Fast, scalable, distributed revision control system
License: GPL-2.0-only License: GPL-2.0-only
@ -460,7 +460,10 @@ cat %{name}.lang >>bin-man-doc-files
%fdupes -s %{buildroot} %fdupes -s %{buildroot}
%check %check
# https://public-inbox.org/git/f1a5f758-d81f-5985-9b5d-2f0dbfaac071@opensuse.org/
%ifnarch s390x
./.make %{?_smp_mflags} test ./.make %{?_smp_mflags} test
%endif
%if 0%{?suse_version} >= 1500 %if 0%{?suse_version} >= 1500
%pre daemon -f git-daemon.pre %pre daemon -f git-daemon.pre