update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)

Refer to the release notes for 2.30.9 for details of each CVE as well as the following security advisories from the git project: https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx (CVE-2023-25652) https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 (CVE-2023-29007) (At this time there is no upstream advisory for CVE-2023-25815. This issue does not affect the Fedora packages as we do not use the runtime prefix support.) Release notes: https://github.com/git/git/raw/v2.30.9/Documentation/RelNotes/2.30.9.txt https://github.com/git/git/raw/v2.40.1/Documentation/RelNotes/2.40.1.txt
2023-04-25 13:12:02 -04:00 · 2023-04-25 13:12:02 -04:00 · b477fc3318
commit b477fc3318
parent 459d08b118
2 changed files with 6 additions and 3 deletions
--- a/git.spec
+++ b/git.spec
@ -80,7 +80,7 @@
 %global _package_note_file  %{_builddir}/%{name}-%{version}%{?rcrev}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld
 Name:           git
-Version:        2.40.0
+Version:        2.40.1
 Release:        1%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT
@ -1035,6 +1035,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}
 %changelog
 * Tue Apr 25 2023 Todd Zullinger <tmz@pobox.com> - 2.40.1-1
 - update to 2.40.1 (CVE-2023-25652, CVE-2023-25815, CVE-2023-29007)
 * Mon Mar 13 2023 Todd Zullinger <tmz@pobox.com> - 2.40.0-1
 - update to 2.40.0
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (git-2.40.0.tar.xz) = a2720f8f9a0258c0bb5e23badcfd68a147682e45a5d039a42c47128296c508109d5039029db89311a35db97a9008585e84ed11b400846502c9be913d67f0fd90
+SHA512 (git-2.40.1.tar.xz) = 9ab41c64c6e666c314683bc4925535e037d43f947b8d327ff7d0379ac12899f4effcc2fe4e47b1ce652ad7140aa4f01f3b99f9cc0cf854cfeface1a5d3e1893e
-SHA512 (git-2.40.0.tar.sign) = 30376e2487abb247d32b080b37c008dca59067f94f93769197fc2c096ac6a433598578af852f6b343a18e57587f7ff9eac30899393abae0658d68317a5b2fe65
+SHA512 (git-2.40.1.tar.sign) = b8becacee3736bf2f5c661da4d3f86042544717556e8924a4f385c4966886ffe7558ef05bf5ce58c38e404c477b299f952fd83ed249802ddaf6bd4bf9f3885f8
`@ -1,2 +1,2 @@`
	`SHA512 (git-2.40.0.tar.xz) = a2720f8f9a0258c0bb5e23badcfd68a147682e45a5d039a42c47128296c508109d5039029db89311a35db97a9008585e84ed11b400846502c9be913d67f0fd90`	`SHA512 (git-2.40.1.tar.xz) = 9ab41c64c6e666c314683bc4925535e037d43f947b8d327ff7d0379ac12899f4effcc2fe4e47b1ce652ad7140aa4f01f3b99f9cc0cf854cfeface1a5d3e1893e`
	`SHA512 (git-2.40.0.tar.sign) = 30376e2487abb247d32b080b37c008dca59067f94f93769197fc2c096ac6a433598578af852f6b343a18e57587f7ff9eac30899393abae0658d68317a5b2fe65`	`SHA512 (git-2.40.1.tar.sign) = b8becacee3736bf2f5c661da4d3f86042544717556e8924a4f385c4966886ffe7558ef05bf5ce58c38e404c477b299f952fd83ed249802ddaf6bd4bf9f3885f8`