From 97fc5ccb2cd7a9a6aa0e694f1c41a9ec876fabc99f29bc9622fb4d8a7b924b98 Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Tue, 14 Feb 2023 21:27:05 +0000
Subject: [PATCH] Accepting request 1065806 from
 home:AndreasStieger:branches:devel:tools:scm

- git 2.39.2:
  * CVE-2023-22490: Using a specially-crafted repository, Git can
    be tricked into using its local clone optimization even when
    using a non-local transport boo#1208027
  * CVE-2023-23946: a path outside the working tree can be
    overwritten as the user who is running "git apply" boo#1208028

OBS-URL: https://build.opensuse.org/request/show/1065806
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/git?expand=0&rev=608
---
 git-2.39.1.tar.sign | Bin 566 -> 0 bytes
 git-2.39.1.tar.xz   |   3 ---
 git-2.39.2.tar.sign | Bin 0 -> 566 bytes
 git-2.39.2.tar.xz   |   3 +++
 git.changes         |  10 ++++++++++
 git.spec            |   2 +-
 6 files changed, 14 insertions(+), 4 deletions(-)
 delete mode 100644 git-2.39.1.tar.sign
 delete mode 100644 git-2.39.1.tar.xz
 create mode 100644 git-2.39.2.tar.sign
 create mode 100644 git-2.39.2.tar.xz

diff --git a/git-2.39.1.tar.sign b/git-2.39.1.tar.sign
deleted file mode 100644
index d69a968211445f576052a16d3748514df7df1f96a06d8184f8e811d8b171cd5d..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0%O6MU;qjU5U{oA
zhL*49%L=&=0L$#@EG-text{!>LyW#Zy3GZXz7`?I!hcKotCX3#WRFJLMQN*Xsk+re
z>~Aii_jz6WM@1gqR@aM}(|3Du0=-yV;sN}3@A^xuu)Y$QLblvfb68Al$b_YfO(4<=
zNe^p-P_aXn*AhsVd18m2(uz(b=l&tDG~qAcf~X+IOH(-1n}3cp6R7Bu!Nl=^ykv@<
zaL<Gtn4)sOZTh>PmWH#+&FBBmc*+-5P7CG4;Bgw(!dH6JD{T|LHR+6|VpKGIF<&{=
z*-Lyj$tit<TaamLE?vmMk{=DZ^gbS<=G`3kLb*=v6Dqb9n-i?6eP|M4O3T9lqaUoF
zCbH!yNfy-G4vsyBEI0U4C>uU<(ma-A6tK>HWGIHMgl6Tw_cgDqaE(Dht%ERQ#u6j^
zleUf!SM2(6GXD59qN-@Kz96+wl6}HIIt1LLUp?8ZhE-Hs^+cZ9KzJzGei=)A#A2IO
z3I}G1tc>n%H&S_Do9zX`^ffr!<e8-l0nP3y^7CbbN54(g9ACbchCZXj^dtduohpN&
z-jj-591TrFmUpYksb2#u0&A}!1v%Kv%)}47LTt@!Hf1Bvi_<h+lnhem<SaWLc=CVz
zOu*%k6|oW>`AM{o;{Iv!>n*s&RIGQ^tZ|ZS2!=$bf45RECnuC&Q<0-2;oytsFGhJn
EW+X2eg8%>k

diff --git a/git-2.39.1.tar.xz b/git-2.39.1.tar.xz
deleted file mode 100644
index 5a33d71..0000000
--- a/git-2.39.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:40a38a0847b30c371b35873b3afcf123885dd41ea3ecbbf510efa97f3ce5c161
-size 7160744
diff --git a/git-2.39.2.tar.sign b/git-2.39.2.tar.sign
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..1767fa7aead34793a9df5781596d1c3bc6ced5e5fc3da8607b8057dbd7937be3
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+c<k@6wdjVHujb1I0%PMyl>iC}5U{oA
zhL*49%Uk3R|5e~D+6HQa@Y#%!#z;;iO3aA@|6Bvs^Y;^WMcH~jg5Q&HVy8WtE#d5Z
z=vr9!Sw)7h1Q|)vRS^2GiQ^&xCp0hF6x6_57sx_Z&rIr#0NIF~FAje4#SG2AY>ndu
zSl@l=0`S05NezrwTkrFjjr941io>j#!l0EA29}^<u8_vAMFdsg<O!`Ag6Si-cf4IF
z3Tz2oBcxA94XLVaWQT<DKsTxK>6CQPS>TRMI>dL7+eO9(g%?#*s1~TCLCE~MS`N53
zd!D2(ihJ{6sx-xNGlC8(iLH?1#jR3RYSpxnpB<NaqPmeS4qYFbRW)(B;)e8^mx9hA
zqeu8xlV!1$lzq~<Y04R$<E)(MdEWBJr{CM-fy_ymZ@zi=iNyFa`!{yuG26(_{w_FX
zUN&xoJbHpUchB|G%qAF5RF!eIPn#wBIuyk75O(TzdCI<(Gn{Y$R$Y~K{PIQde0$Zh
zk_LY)G1%b2XK*b$@il38&u$E{aKTo3t?uKL;sNzkJXnhRoAQJ05*&zIM{0EmDut#N
zCN$uu{D<4rtosCbaB+MsAd%R+j<*Qw?0Jxtdbr9WU_yQ?+F$Fw^g026ZCaBnM+z^E
zICLV+z9f&O>-;$95EHoBIB|>Ju`8O<^Cs7aVz~8L{7XX~BbbJ{`w<ihLfpq@my4!3
El1Ba@{Qv*}

literal 0
HcmV?d00001

diff --git a/git-2.39.2.tar.xz b/git-2.39.2.tar.xz
new file mode 100644
index 0000000..2fb1a79
--- /dev/null
+++ b/git-2.39.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:475f75f1373b2cd4e438706185175966d5c11f68c4db1e48c26257c43ddcf2d6
+size 7163224
diff --git a/git.changes b/git.changes
index 288ea91..b0d6ce2 100644
--- a/git.changes
+++ b/git.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Feb 14 20:06:06 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- git 2.39.2:
+  * CVE-2023-22490: Using a specially-crafted repository, Git can
+    be tricked into using its local clone optimization even when
+    using a non-local transport boo#1208027
+  * CVE-2023-23946: a path outside the working tree can be
+    overwritten as the user who is running "git apply" boo#1208028
+
 -------------------------------------------------------------------
 Tue Jan 17 19:13:03 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/git.spec b/git.spec
index 5aa25b2..45e1d13 100644
--- a/git.spec
+++ b/git.spec
@@ -36,7 +36,7 @@
 %bcond_with    asciidoctor
 %endif
 Name:           git
-Version:        2.39.1
+Version:        2.39.2
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only