--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-2a5de7cb8b
2022-07-29 01:24:05.033634
--------------------------------------------------------------------------------
Name : git
Product : Fedora 35
Version : 2.37.1
Release : 1.fc35
URL :
https://git-scm.com/
Summary : Fast Version Control System
Description :
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations
and full access to internals.
The git rpm installs common set of tools which are usually using with
small amount of dependencies. To install all git packages, including
tools for integrating with other SCMs, install the git-all meta-package.
--------------------------------------------------------------------------------
Update Information:
Update to 2.37.1 (CVE-2022-29187) From the release notes for [2.30.5](https://g
ithub.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.30.5.txt): This
release contains minor fix-ups for the changes that went into Git 2.30.3 and
2.30.4, addressing CVE-2022-29187. * The safety check that verifies a
safe ownership of the Git worktree is now extended to also cover the
ownership of the Git directory (and the `.git` file, if there is any).
Carlo Marcelo Arenas Bel��n (1): setup: tighten ownership checks post
CVE-2022-24765 Further details are available in the [upstream
advisory](https://github.com/git/git/security/advisories/GHSA-j342-m5hw-r....
Additionally, from the release notes for [
2.37.1](https://github.com/git/git/raw
/v2.37.1/Documentation/RelNotes/2.37.1.txt): * Rewrite of "git add
-i"
in C that appeared in Git 2.25 didn't correctly record a removed file to
the index, which is an old regression but has become widely known because
the C version has become the default in the latest release. Last, but
not least, are the usual bugfixes and improvements found since the 2.35 and 2.36
release. For details, refer to the release notes for [2.36.0](https://github.co
m/git/git/raw/v2.36.0/Documentation/RelNotes/2.36.0.txt) and [2.37.0](https://gi
thub.com/git/git/raw/v2.37.0/Documentation/RelNotes/2.37.0.txt).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 12 2022 Todd Zullinger <tmz(a)pobox.com> - 2.37.1-1
- update to 2.37.1 (CVE-2022-29187)
* Mon Jun 27 2022 Todd Zullinger <tmz(a)pobox.com> - 2.37.0-1
- update to 2.37.0
* Wed Jun 22 2022 Todd Zullinger <tmz(a)pobox.com> - 2.37.0-0.2.rc2
- update to 2.37.0-rc2
* Fri Jun 17 2022 Todd Zullinger <tmz(a)pobox.com> - 2.37.0-0.1.rc1
- update to 2.37.0-rc1
* Tue Jun 14 2022 Todd Zullinger <tmz(a)pobox.com> - 2.37.0-0.0.rc0
- update to 2.37.0-rc0
- fix GIT_SKIP_TESTS for EL8 s390x
- remove --with/--without emacs build conditional
* Fri Jun 3 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.36.1-1.2
- Perl 5.36 re-rebuild of bootstrapped packages
* Wed Jun 1 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.36.1-1.1
- Perl 5.36 rebuild
* Fri May 6 2022 Todd Zullinger <tmz(a)pobox.com> - 2.36.1-1
- update to 2.36.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2107439 - CVE-2022-29187 git: Bypass of safe.directory protections
https://bugzilla.redhat.com/show_bug.cgi?id=2107439
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-2a5de7cb8b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------