update to 2.26.1 (CVE-2020-5260)

From the upstream release notes¹: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. ¹ https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt
2020-04-14 17:43:46 -04:00 · 2020-04-14 17:43:46 -04:00 · 580a5d3518
commit 580a5d3518
parent 5c331b2580
2 changed files with 7 additions and 4 deletions
--- a/git.spec
+++ b/git.spec
@ -84,8 +84,8 @@
 #global rcrev   .rc0

 Name:           git
-Version:        2.26.0
-Release:        2%{?rcrev}%{?dist}
+Version:        2.26.1
+Release:        1%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
 URL:            https://git-scm.com/
@ -1060,6 +1060,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}

 %changelog
+* Tue Apr 14 2020 Todd Zullinger <tmz@pobox.com> - 2.26.1-1
+- update to 2.26.1 (CVE-2020-5260)
+
 * Sat Apr 04 2020 Todd Zullinger <tmz@pobox.com> - 2.26.0-2
 - fix issue with fast-forward rebases when rebase.abbreviateCommands is set
 - fix/quiet rpmlint issues from libsecret split
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (git-2.26.0.tar.xz) = bf8a832211782a9446d041a54da254f2586b894375191fb1a6dc7a6594856ca43230fa1ea804b54daceb68caa8d20c02bdbdbf7b2fa1761ce05a11a26b122a9b
-SHA512 (git-2.26.0.tar.sign) = b60b547d0043695a0efe1495941fb374beea975befcdbd01a288641bd3fd460ef43b40a6dc0332a6906591a59764aa019506bcaf67b9a993b042deba7bbe40ae
+SHA512 (git-2.26.1.tar.xz) = 1defa0d94e26e474abd47ec8a0c43c05152e10a5aca5f1aee7480ef0db9f5abd03275fefb7c4e0ee816199c87c0b2a13c164c5f7aa5ff36cafdacf27b3573785
+SHA512 (git-2.26.1.tar.sign) = 9bf881b4d5f99ea4aaa9e77e0c753d8cd466cfc15c18f8a2392da6402c349f27c7e6d7c3844d46ec9e329a534029919bbfedb150a24d21bd27f24667726ee6d5