From 787be26c665fc0cba94ac6bf44dbc70f2274bb0b81745ee36258c9df13306ab3 Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Tue, 25 Apr 2023 21:10:07 +0000
Subject: [PATCH] Accepting request 1082819 from
 home:AndreasStieger:branches:devel:tools:scm

git 2.40.1

OBS-URL: https://build.opensuse.org/request/show/1082819
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/git?expand=0&rev=616
---
 git-2.40.0.tar.sign | Bin 566 -> 0 bytes
 git-2.40.0.tar.xz   |   3 ---
 git-2.40.1.tar.sign | Bin 0 -> 566 bytes
 git-2.40.1.tar.xz   |   3 +++
 git.changes         |  19 +++++++++++++++++++
 git.spec            |   2 +-
 6 files changed, 23 insertions(+), 4 deletions(-)
 delete mode 100644 git-2.40.0.tar.sign
 delete mode 100644 git-2.40.0.tar.xz
 create mode 100644 git-2.40.1.tar.sign
 create mode 100644 git-2.40.1.tar.xz

diff --git a/git-2.40.0.tar.sign b/git-2.40.0.tar.sign
deleted file mode 100644
index 3afdc6c2e7152de59feddf077605798863d65debca1d2eefd2197f32f1db1d8b..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0%Q+b;s6Q>5U{oA
zhL*49%O1cG0FAcyLggB&S>j>xuY*&wC7h^alzZ_+O8U+Q;wsB5=~+<iOPWcDi$wAM
zw|$gWZ5M=9d7oE_cy|WDsqiYmtl+WgoB^XTS>U<vErYnBZx^wJ@jXw8K#U<7oJUBg
z))`*j5hN46RA!PMt{w$;jfv3Jygonul*VD-3}3%1&=9cS$i^UkPQ!(M$NY=oQ1<xb
z<&`u&@(+7fn1KeYJi_BR$z~J~YDWM6)b{90V4KZY>&Gf~l1bqEjP(uzLE1mhS(;W+
z;5xNntspE$fcm=H0}(^uK>JK(i#rlTrS;WPSv+t^&GHtm%mS5DdXk@gZ&DP~;pVqb
zQD{$)kexXC5d<_2dLIy-7%MUEMzc4f7*4lIlg|~;<}_uKA1H~kG!UBw`t{Fb8<#tD
z@QNRY?XZB!#8`>`uMQu!R4E!mKxrDMdC=R8w%`9Gj!YscSQ}1>=KU$=CmtHBgl5C%
zfW)ks6ub89XV>tm(&Gsxof8eZB$$476=XB6T22>mOzhyw%7mrqxgd#oD~?S0HoE#4
zBF>$U`F_1)GUZ8JsFN)81Hs({5Tkn4`R;vox?VCGH=884@)<weRkAJ3BmK1y!)o9D
z;MgVZw(sbr`Jm8meYCzI(JDtw*?;Oa4if$=uIY9mJ%mkq5jZLe|J5Ir7FBiENt&1_
ESkRFgcmMzZ

diff --git a/git-2.40.0.tar.xz b/git-2.40.0.tar.xz
deleted file mode 100644
index 682728b..0000000
--- a/git-2.40.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b17a598fbf58729ef13b577465eb93b2d484df1201518b708b5044ff623bf46d
-size 7183692
diff --git a/git-2.40.1.tar.sign b/git-2.40.1.tar.sign
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..37deeec1335a9da645d9f2dc7aee706ed842e2d0c3be042d70b81feccd66f676
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0%S(RK>!K~5U{oA
zhL*49%h)6j{xz5cx<4Bi{K>Cu^Zidn#=bZ9d7B_ejG85AB~f!v`62|o2*%rnaKKxJ
z?~BRp*4aMEZ$6%N^E8=W6rIh-${^H^F9zRf7XW#uR&j@IE9p$e#FQra{+p+)1A?WD
z8imzBXb9_Si<v=g;k>NAYcTNrh9D<X$;#?<C*~i0J*F9J-U9b>xNA|S5p#z3vrg6t
z-!4?1#LR|%mt=Qw4nEGbFJjMCSHh@I+NM99gP-9ezrCY^V<?uuS_sNE8~TOz`&SJd
zpl7!e*eO`K()1CVGj!-<4mPv8oV&(|Q(@EBHMt|dp#|MhGT{eEa5eVr!?>d^T98*c
z&e4qMjPa)zbcb(E+cHjfgq@7~jf`HEkBLY@zC(PGp~NuJFvP-++TSCp6E0_f6&~M}
zBJ78MfCl4Q$>zirJMG>6?)g_gCGpJ)#yQ%siVn0hdPiItmU11n&8Mk!US}_*>{s$(
z{ju={C2>fVdQ#P8N797XK)!QUjbHFaWWrCS_I<Dn{pZ8yNlWal6HNq5B=D0rwY!km
zV^U&Klr^~mqy%S=5q1*(IEJ?Egg9wn^hrw~B^Ui9k@9wU_{3WdIr;A5`BHR&WMfRp
zG;R)#44};nthb5i{5zHU92fwihMNV_PBFnhVKx#0gdGV=0>aKxNr_+i(Txgx;=D=r
EPPzIUApigX

literal 0
HcmV?d00001

diff --git a/git-2.40.1.tar.xz b/git-2.40.1.tar.xz
new file mode 100644
index 0000000..9b13a0b
--- /dev/null
+++ b/git-2.40.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4893b8b98eefc9fdc4b0e7ca249e340004faa7804a433d17429e311e1fef21d2
+size 7185260
diff --git a/git.changes b/git.changes
index b93bbe0..cea7a02 100644
--- a/git.changes
+++ b/git.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Apr 25 20:43:30 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- git 2.40.1:
+  * CVE-2023-25652: By feeding specially crafted input to git apply
+    --reject, a path outside the working tree can be overwritten
+    with partially controlled contents (corresponding to the
+    rejected hunk(s) from the given patch).
+  * CVE-2023-25815: When Git is compiled with runtime prefix
+    support and runs without translated messages, it still used
+    the gettext machinery to display messages, which subsequently
+    potentially looked for translated messages in unexpected
+    places. This allowed for malicious placement of crafted
+    messages.
+  * CVE-2023-29007: When renaming or deleting a section from a
+    configuration file, certain malicious configuration values may
+    be misinterpreted as the beginning of a new configuration
+    section, leading to arbitrary configuration injection.
+
 -------------------------------------------------------------------
 Thu Apr  6 10:51:06 UTC 2023 - Adam Majer <adam.majer@suse.de>
 
diff --git a/git.spec b/git.spec
index 2f07ff9..2ccce26 100644
--- a/git.spec
+++ b/git.spec
@@ -36,7 +36,7 @@
 %bcond_with    asciidoctor
 %endif
 Name:           git
-Version:        2.40.0
+Version:        2.40.1
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only