From 580a5d35185005f06bbbbef7e22e46dca19b2678 Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Tue, 14 Apr 2020 17:43:46 -0400
Subject: [PATCH] update to 2.26.1 (CVE-2020-5260)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From the upstream release notes¹:

  With a crafted URL that contains a newline in it, the credential
  helper machinery can be fooled to give credential information for
  a wrong host.  The attack has been made impossible by forbidding
  a newline character in any value passed via the credential
  protocol.

¹ https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt
---
 git.spec | 7 +++++--
 sources  | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/git.spec b/git.spec
index 4902707..17e395a 100644
--- a/git.spec
+++ b/git.spec
@@ -84,8 +84,8 @@
 #global rcrev   .rc0
 
 Name:           git
-Version:        2.26.0
-Release:        2%{?rcrev}%{?dist}
+Version:        2.26.1
+Release:        1%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
 URL:            https://git-scm.com/
@@ -1060,6 +1060,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}
 
 %changelog
+* Tue Apr 14 2020 Todd Zullinger <tmz@pobox.com> - 2.26.1-1
+- update to 2.26.1 (CVE-2020-5260)
+
 * Sat Apr 04 2020 Todd Zullinger <tmz@pobox.com> - 2.26.0-2
 - fix issue with fast-forward rebases when rebase.abbreviateCommands is set
 - fix/quiet rpmlint issues from libsecret split
diff --git a/sources b/sources
index 9b45185..556c663 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (git-2.26.0.tar.xz) = bf8a832211782a9446d041a54da254f2586b894375191fb1a6dc7a6594856ca43230fa1ea804b54daceb68caa8d20c02bdbdbf7b2fa1761ce05a11a26b122a9b
-SHA512 (git-2.26.0.tar.sign) = b60b547d0043695a0efe1495941fb374beea975befcdbd01a288641bd3fd460ef43b40a6dc0332a6906591a59764aa019506bcaf67b9a993b042deba7bbe40ae
+SHA512 (git-2.26.1.tar.xz) = 1defa0d94e26e474abd47ec8a0c43c05152e10a5aca5f1aee7480ef0db9f5abd03275fefb7c4e0ee816199c87c0b2a13c164c5f7aa5ff36cafdacf27b3573785
+SHA512 (git-2.26.1.tar.sign) = 9bf881b4d5f99ea4aaa9e77e0c753d8cd466cfc15c18f8a2392da6402c349f27c7e6d7c3844d46ec9e329a534029919bbfedb150a24d21bd27f24667726ee6d5