rpms/git
6
0
Fork 0
Code Issues Pull Requests Releases Activity

update to 2.37.1 (CVE-2022-29187)

Browse Source 
From the release notes for 2.30.5¹:

    This release contains minor fix-ups for the changes that went into
    Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.

     * The safety check that verifies a safe ownership of the Git
       worktree is now extended to also cover the ownership of the Git
       directory (and the `.git` file, if there is any).

    Carlo Marcelo Arenas Belón (1):
          setup: tighten ownership checks post CVE-2022-24765

Additionally, from the release notes for 2.37.1²:

     * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
       correctly record a removed file to the index, which is an old
       regression but has become widely known because the C version has
       become the default in the latest release.

¹ https://github.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.30.5.txt
² https://github.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.37.1.txt
This commit is contained in:
Todd Zullinger 2022-07-12 13:33:11 -04:00
parent eab9894931
commit 47478b1513
2 changed files with 6 additions and 3 deletions

5
git.spec
View File

@ -76,7 +76,7 @@
%global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld
Name: git
Version: 2.37.0
Version: 2.37.1
Release: 1%{?rcrev}%{?dist}
Summary: Fast Version Control System
License: GPLv2
@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
%{?with_docs:%{_pkgdocdir}/git-svn.html}
%changelog
* Tue Jul 12 2022 Todd Zullinger <tmz@pobox.com> - 2.37.1-1
- update to 2.37.1 (CVE-2022-29187)
* Mon Jun 27 2022 Todd Zullinger <tmz@pobox.com> - 2.37.0-1
- update to 2.37.0

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (git-2.37.0.tar.xz) = 2ae3c845c9d0e0f5245e47f95c958c86a4aa2c47dfe31bff6fc81b2434d2e9402b7eced18700c04ba7158ed6a72807a81c4cde6a26dd30c969b4267b8fce4d0a
SHA512 (git-2.37.0.tar.sign) = f2f8816cacf0abc66e52123618192ae87153492a95d2390fe457ca9b8910a261c4d2225937b45658a1c3d7e6a4dc4f05527831c232461b955be600d981e756e3
SHA512 (git-2.37.1.tar.xz) = 3c9cad6b4757f425ee53996d8d80db2226b246513cbcec9011022e02e4235d7ec38c7c1aada73bb3c9279a91d1aaf8664633356ce1dce847e0d371f702a5b766
SHA512 (git-2.37.1.tar.sign) = 204b84321e0eadcde81d4e2dc134d53706a569c77dd34a1919543ec3b0561b828eb6525a12cd3fba7238e03e9e26708d6d2b64cd1a4d902ee4d6e680339603a9