rpms/git
6
0
Fork 0
Code Issues Pull Requests Releases Activity

update to 2.36.0-rc2 (CVE-2022-24765)

Browse Source 
Regarding CVE-2022-24765, the release announcement says:

   On multi-user machines, Git users might find themselves
   unexpectedly in a Git worktree, e.g. when another user created a
   repository in `C:\.git`, in a mounted network drive or in a
   scratch space. Merely having a Git-aware prompt that runs `git
   status` (or `git diff`) and navigating to a directory which is
   supposedly not a Git worktree, or opening such a directory in an
   editor or IDE such as VS Code or Atom, will potentially run
   commands defined by that other user.

The new `safe.directory` setting may be used in either the system or
global configuration to list directories which git should consider safe
even if they are owned by someone other than the current user.

Release notes:
https://github.com/git/git/raw/v2.36.0-rc2/Documentation/RelNotes/2.36.0.txt
This commit is contained in:
Todd Zullinger 2022-04-12 21:02:44 -04:00
parent d1736385d5
commit 4787e39b40
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
git.spec
View File

@ -77,14 +77,14 @@
%endif %endif
# Define for release candidates # Define for release candidates
%global rcrev .rc1 %global rcrev .rc2
# Set path to the package-notes linker script # Set path to the package-notes linker script
%global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld %global _package_note_file %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld
Name: git Name: git
Version: 2.36.0 Version: 2.36.0
Release: 0.1%{?rcrev}%{?dist} Release: 0.2%{?rcrev}%{?dist}
Summary: Fast Version Control System Summary: Fast Version Control System
License: GPLv2 License: GPLv2
URL: https://git-scm.com/ URL: https://git-scm.com/
@ -1016,6 +1016,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
%{?with_docs:%{_pkgdocdir}/git-svn.html} %{?with_docs:%{_pkgdocdir}/git-svn.html}
%changelog %changelog
* Wed Apr 13 2022 Todd Zullinger <tmz@pobox.com> - 2.36.0-0.2.rc2
- update to 2.36.0-rc2 (CVE-2022-24765)
* Fri Apr 08 2022 Todd Zullinger <tmz@pobox.com> - 2.36.0-0.1.rc1 * Fri Apr 08 2022 Todd Zullinger <tmz@pobox.com> - 2.36.0-0.1.rc1
- update to 2.36.0-rc1 - update to 2.36.0-rc1

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (git-2.36.0.rc1.tar.xz) = 48c17b4071128bc8d5e79545cbf835cd8bcca5d204fcd7e81a7207254ae3ff47a52edc2cbd132f27c575860cd53e354e6b5f277753b91d51ffd7e6313ee5e6f2 SHA512 (git-2.36.0.rc2.tar.xz) = dfdd49fc7d25c6e2c4291afd5e9c234f4180226d9219cb6e70328dfdeb585a982a2f3b375ede578570825fff9f68ea126b3342512644906dc4333f9f953fe4a3
SHA512 (git-2.36.0.rc1.tar.sign) = c7de5cd63425cf4ae4f6e38805461296de737b637f0d0008ac6e6d260c3623d5c576cb97d04673aee21cd8bb1294c5e618c9a5f8ad3ffd2a43a936ada05d8ebd SHA512 (git-2.36.0.rc2.tar.sign) = 8b7abfabd47f2be269717e6eb832bcdecf502efc11caa8533a3851e7fbd21e41644322d0784e73efc4dfd5bf4bc1b1094f8dedbd72758e7522b12d045507618c