From 4787e39b4029c1a9e195c61404dce160091e6652 Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Tue, 12 Apr 2022 21:02:44 -0400
Subject: [PATCH] update to 2.36.0-rc2 (CVE-2022-24765)

Regarding CVE-2022-24765, the release announcement says:

   On multi-user machines, Git users might find themselves
   unexpectedly in a Git worktree, e.g. when another user created a
   repository in `C:\.git`, in a mounted network drive or in a
   scratch space. Merely having a Git-aware prompt that runs `git
   status` (or `git diff`) and navigating to a directory which is
   supposedly not a Git worktree, or opening such a directory in an
   editor or IDE such as VS Code or Atom, will potentially run
   commands defined by that other user.

The new `safe.directory` setting may be used in either the system or
global configuration to list directories which git should consider safe
even if they are owned by someone other than the current user.

Release notes:
https://github.com/git/git/raw/v2.36.0-rc2/Documentation/RelNotes/2.36.0.txt
---
 git.spec | 7 +++++--
 sources  | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/git.spec b/git.spec
index 08dc543..39cd06c 100644
--- a/git.spec
+++ b/git.spec
@@ -77,14 +77,14 @@
 %endif
 
 # Define for release candidates
-%global rcrev   .rc1
+%global rcrev   .rc2
 
 # Set path to the package-notes linker script
 %global _package_note_file  %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld
 
 Name:           git
 Version:        2.36.0
-Release:        0.1%{?rcrev}%{?dist}
+Release:        0.2%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
 URL:            https://git-scm.com/
@@ -1016,6 +1016,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}
 
 %changelog
+* Wed Apr 13 2022 Todd Zullinger <tmz@pobox.com> - 2.36.0-0.2.rc2
+- update to 2.36.0-rc2 (CVE-2022-24765)
+
 * Fri Apr 08 2022 Todd Zullinger <tmz@pobox.com> - 2.36.0-0.1.rc1
 - update to 2.36.0-rc1
 
diff --git a/sources b/sources
index 0d98a58..134454c 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (git-2.36.0.rc1.tar.xz) = 48c17b4071128bc8d5e79545cbf835cd8bcca5d204fcd7e81a7207254ae3ff47a52edc2cbd132f27c575860cd53e354e6b5f277753b91d51ffd7e6313ee5e6f2
-SHA512 (git-2.36.0.rc1.tar.sign) = c7de5cd63425cf4ae4f6e38805461296de737b637f0d0008ac6e6d260c3623d5c576cb97d04673aee21cd8bb1294c5e618c9a5f8ad3ffd2a43a936ada05d8ebd
+SHA512 (git-2.36.0.rc2.tar.xz) = dfdd49fc7d25c6e2c4291afd5e9c234f4180226d9219cb6e70328dfdeb585a982a2f3b375ede578570825fff9f68ea126b3342512644906dc4333f9f953fe4a3
+SHA512 (git-2.36.0.rc2.tar.sign) = 8b7abfabd47f2be269717e6eb832bcdecf502efc11caa8533a3851e7fbd21e41644322d0784e73efc4dfd5bf4bc1b1094f8dedbd72758e7522b12d045507618c