The git rpms
Find a file
Todd Zullinger c96eaff993 Update to 2.14.4 (CVE-2018-11233, CVE-2018-11235)
Fixes two security issues, described in the 2.13.7 release notes¹:

 * Submodule "names" come from the untrusted .gitmodules file, but we
   blindly append them to $GIT_DIR/modules to create our on-disk repo
   paths. This means you can do bad things by putting "../" into the
   name. We now enforce some rules for submodule names which will cause
   Git to ignore these malicious names (CVE-2018-11235).

   Credit for finding this vulnerability and the proof of concept from
   which the test script was adapted goes to Etienne Stalmans.

 * It was possible to trick the code that sanity-checks paths on NTFS
   into reading random piece of memory (CVE-2018-11233).

¹ https://mirrors.edge.kernel.org/pub/software/scm/git/docs/RelNotes/2.13.7.txt
2018-05-29 13:20:54 -04:00
.gitignore Check upstream GPG signatures in %prep 2016-03-27 21:31:56 -04:00
0001-git-svn-control-destruction-order-to-avoid-segfault.patch git-svn: avoid segfaults in 'git svn branch' 2018-02-16 14:39:52 -05:00
0001-rev-parse-check-lookup-ed-commit-references-for-NULL.patch Fix segfault in rev-parse with invalid input (#1581678) 2018-05-24 14:57:31 -04:00
0001-revision-quit-pruning-diff-more-quickly-when-possibl.patch Fix git clone memory exhaustion (CVE-2017-15298) 2017-11-15 23:41:37 -05:00
git-1.8-gitweb-home-link.patch Update to 1.8.4.2 (#1024497) 2013-10-29 17:03:02 -04:00
git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch Update to git-1.6.2.2 2009-04-04 20:47:17 +00:00
git-gui.desktop Update to git-1.6.3.2 2009-06-06 01:45:16 +00:00
git-init.el Add git-status and git-blame autoloads for emacs 2007-06-26 11:27:51 +00:00
git.conf.httpd - Install git-* commands in %{_libexecdir}/git-core, the upstream default 2009-01-03 16:36:21 +00:00
git.socket use systemd instead of xinetd (bz 737183) 2013-04-30 14:25:37 -04:00
git.spec Update to 2.14.4 (CVE-2018-11233, CVE-2018-11235) 2018-05-29 13:20:54 -04:00
git.xinetd.in Update to git-1.6.6.1 2010-01-31 21:05:27 +00:00
git@.service Rename git.service into git@.service and bump release 2014-10-24 17:51:58 +02:00
gitweb.conf.in Update to git-1.6.6.1 2010-01-31 21:05:27 +00:00
gpgkey-junio.asc Update Junio's GPG key 2017-09-18 13:07:51 -04:00
sources Update to 2.14.4 (CVE-2018-11233, CVE-2018-11235) 2018-05-29 13:20:54 -04:00