From d4f20c985f6aebd8bf7fe14d9f02c8dfffc7bd8c Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Mon, 18 Apr 2022 14:50:44 -0400
Subject: [PATCH] update to 2.35.3 (#2073414, CVE-2022-24765)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Per the upstream release notes from 2.30.3¹:

    This release addresses the security issue CVE-2022-24765.

     * CVE-2022-24765:
       On multi-user machines, Git users might find themselves
       unexpectedly in a Git worktree, e.g. when another user created a
       repository in `C:\.git`, in a mounted network drive or in a
       scratch space. Merely having a Git-aware prompt that runs `git
       status` (or `git diff`) and navigating to a directory which is
       supposedly not a Git worktree, or opening such a directory in an
       editor or IDE such as VS Code or Atom, will potentially run
       commands defined by that other user.

and 2.30.4²:

    This release contains minor fix-ups for the changes that went into
    Git 2.30.3, which was made to address CVE-2022-24765.

     * The code that was meant to parse the new `safe.directory`
       configuration variable was not checking what configuration
       variable was being fed to it, which has been corrected.

     * '*' can be used as the value for the `safe.directory` variable to
       signal that the user considers that any directory is safe.

¹ https://github.com/git/git/raw/v2.30.3/Documentation/RelNotes/2.30.3.txt
² https://github.com/git/git/raw/v2.30.4/Documentation/RelNotes/2.30.4.txt
---
 git.spec | 5 ++++-
 sources  | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/git.spec b/git.spec
index b8ea26b..58e9160 100644
--- a/git.spec
+++ b/git.spec
@@ -83,7 +83,7 @@
 #global rcrev   .rc0
 
 Name:           git
-Version:        2.35.1
+Version:        2.35.3
 Release:        1%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
@@ -1018,6 +1018,9 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}
 
 %changelog
+* Mon Apr 18 2022 Todd Zullinger <tmz@pobox.com> - 2.35.3-1
+- update to 2.35.3 (#2073414, CVE-2022-24765)
+
 * Sat Jan 29 2022 Todd Zullinger <tmz@pobox.com> - 2.35.1-1
 - update to 2.35.1
 
diff --git a/sources b/sources
index 4095968..92d5b62 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (git-2.35.1.tar.xz) = 926c6813ef61931e1a1c43dfd7b15e20dc5878c1752876bd08f039249c9ed09f20f096b2f01947de9c9522c942e9fa8c1363d7d31a488bbe3f93c0cff31fcbcb
-SHA512 (git-2.35.1.tar.sign) = 27adbb0628a18ae13ce76c2812c2f2a8a9da002105ca1f550a864ae769a27efa697ab7cbd8582e69be99d8731fe2f53895321c3a71990ffbcfe1e7f2064fd9b7
+SHA512 (git-2.35.3.tar.xz) = c92f8663988c57702bb5ee542ac8f36e8a43d377d16106ee462ce0b0a575b9d51baaafc654bf1821fbea2fe476ffd64d7fb87084c7de4dd8065b01d5083492c5
+SHA512 (git-2.35.3.tar.sign) = 5a4d300eb30af4cf8723110a25189b3d252f3e816ee9446aec0629fad21cb53ff95e3e6a00259d81589e7bae015b0209098391a44a52290b4f5f926b8fcd1852