Accepting request 755723 from devel:tools:scm

- git 2.24.1:
  * CVE-2019-1348: The --export-marks option of fast-import is
    exposed also via the in-stream command feature export-marks=...
    and it allows overwriting arbitrary paths (boo#1158785)
  * CVE-2019-1349: on Windows, when submodules are cloned
    recursively, under certain circumstances Git could be fooled
    into using the same Git directory twice (boo#1158787)
  * CVE-2019-1350: Incorrect quoting of command-line arguments
    allowed remote code execution during a recursive clone in
    conjunction with SSH URLs (boo#1158788)
  * CVE-2019-1351: on Windows mistakes drive letters outside of
    the US-English alphabet as relative paths (boo#1158789)
  * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data
    Streams (boo#1158790)
  * CVE-2019-1353: when run in the Windows Subsystem for Linux
    while accessing a working directory on a regular Windows
    drive, none of the NTFS protections were active (boo#1158791)
  * CVE-2019-1354: on Windows refuses to write tracked files with
    filenames that contain backslashes (boo#1158792)
  * CVE-2019-1387: Recursive clones vulnerability that is caused
    by too-lax validation of submodule names, allowing very
    targeted attacks via remote code execution in recursive
    clones (boo#1158793)
  * CVE-2019-19604: a recursive clone followed by a submodule
    update could execute code contained within the repository
    without the user explicitly having asked for that (boo#1158795)

OBS-URL: https://build.opensuse.org/request/show/755723
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=242

git-2.24.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9f71d61973626d8b28c4cdf8e2484b4bf13870ed643fed982d68b2cfd754371b
-size 5766056

git-2.24.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:723f24dce8fdd621a308b6187553fce7d5244205c065fe0a3aebd0b7c3f88562
+size 5772304

git.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Wed Dec 11 06:37:34 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- git 2.24.1:
+  * CVE-2019-1348: The --export-marks option of fast-import is
+    exposed also via the in-stream command feature export-marks=...
+    and it allows overwriting arbitrary paths (boo#1158785)
+  * CVE-2019-1349: on Windows, when submodules are cloned
+    recursively, under certain circumstances Git could be fooled
+    into using the same Git directory twice (boo#1158787)
+  * CVE-2019-1350: Incorrect quoting of command-line arguments
+    allowed remote code execution during a recursive clone in
+    conjunction with SSH URLs (boo#1158788)
+  * CVE-2019-1351: on Windows mistakes drive letters outside of
+    the US-English alphabet as relative paths (boo#1158789)
+  * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data
+    Streams (boo#1158790)
+  * CVE-2019-1353: when run in the Windows Subsystem for Linux
+    while accessing a working directory on a regular Windows
+    drive, none of the NTFS protections were active (boo#1158791)
+  * CVE-2019-1354: on Windows refuses to write tracked files with
+    filenames that contain backslashes (boo#1158792)
+  * CVE-2019-1387: Recursive clones vulnerability that is caused
+    by too-lax validation of submodule names, allowing very
+    targeted attacks via remote code execution in recursive
+    clones (boo#1158793)
+  * CVE-2019-19604: a recursive clone followed by a submodule
+    update could execute code contained within the repository
+    without the user explicitly having asked for that (boo#1158795)
+
 -------------------------------------------------------------------
 Fri Nov 29 14:57:55 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
 

git.spec

@@ -32,7 +32,7 @@
 %endif
 
 Name:           git
-Version:        2.24.0
+Version:        2.24.1
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only