From 47478b1513a0ad0755d75d49c35bc6801722f3ac Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Tue, 12 Jul 2022 13:33:11 -0400
Subject: [PATCH] update to 2.37.1 (CVE-2022-29187)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From the release notes for 2.30.5¹:

    This release contains minor fix-ups for the changes that went into
    Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.

     * The safety check that verifies a safe ownership of the Git
       worktree is now extended to also cover the ownership of the Git
       directory (and the `.git` file, if there is any).

    Carlo Marcelo Arenas Belón (1):
          setup: tighten ownership checks post CVE-2022-24765

Additionally, from the release notes for 2.37.1²:

     * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
       correctly record a removed file to the index, which is an old
       regression but has become widely known because the C version has
       become the default in the latest release.

¹ https://github.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.30.5.txt
² https://github.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.37.1.txt
---
 git.spec | 5 ++++-
 sources  | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/git.spec b/git.spec
index 4863e00..8c50c7f 100644
--- a/git.spec
+++ b/git.spec
@@ -76,7 +76,7 @@
 %global _package_note_file  %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld
 
 Name:           git
-Version:        2.37.0
+Version:        2.37.1
 Release:        1%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
@@ -1007,6 +1007,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}
 
 %changelog
+* Tue Jul 12 2022 Todd Zullinger <tmz@pobox.com> - 2.37.1-1
+- update to 2.37.1 (CVE-2022-29187)
+
 * Mon Jun 27 2022 Todd Zullinger <tmz@pobox.com> - 2.37.0-1
 - update to 2.37.0
 
diff --git a/sources b/sources
index d351812..45b2c13 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (git-2.37.0.tar.xz) = 2ae3c845c9d0e0f5245e47f95c958c86a4aa2c47dfe31bff6fc81b2434d2e9402b7eced18700c04ba7158ed6a72807a81c4cde6a26dd30c969b4267b8fce4d0a
-SHA512 (git-2.37.0.tar.sign) = f2f8816cacf0abc66e52123618192ae87153492a95d2390fe457ca9b8910a261c4d2225937b45658a1c3d7e6a4dc4f05527831c232461b955be600d981e756e3
+SHA512 (git-2.37.1.tar.xz) = 3c9cad6b4757f425ee53996d8d80db2226b246513cbcec9011022e02e4235d7ec38c7c1aada73bb3c9279a91d1aaf8664633356ce1dce847e0d371f702a5b766
+SHA512 (git-2.37.1.tar.sign) = 204b84321e0eadcde81d4e2dc134d53706a569c77dd34a1919543ec3b0561b828eb6525a12cd3fba7238e03e9e26708d6d2b64cd1a4d902ee4d6e680339603a9