[SECURITY] Fedora 35 Update: git-2.37.1-1.fc35

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-2a5de7cb8b 2022-07-29 01:24:05.033634 -------------------------------------------------------------------------------- Name : git Product : Fedora 35 Version : 2.37.1 Release : 1.fc35 URL : https://git-scm.com/ Summary : Fast Version Control System Description : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. -------------------------------------------------------------------------------- Update Information: Update to 2.37.1 (CVE-2022-29187) From the release notes for [2.30.5](https://g ithub.com/git/git/raw/v2.37.1/Documentation/RelNotes/2.30.5.txt): This release contains minor fix-ups for the changes that went into Git 2.30.3 and 2.30.4, addressing CVE-2022-29187. * The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). Carlo Marcelo Arenas Bel��n (1): setup: tighten ownership checks post CVE-2022-24765 Further details are available in the [upstream advisory](https://github.com/git/git/security/advisories/GHSA-j342-m5hw-r.... Additionally, from the release notes for [2.37.1](https://github.com/git/git/raw /v2.37.1/Documentation/RelNotes/2.37.1.txt): * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't correctly record a removed file to the index, which is an old regression but has become widely known because the C version has become the default in the latest release. Last, but not least, are the usual bugfixes and improvements found since the 2.35 and 2.36 release. For details, refer to the release notes for [2.36.0](https://github.co m/git/git/raw/v2.36.0/Documentation/RelNotes/2.36.0.txt) and [2.37.0](https://gi thub.com/git/git/raw/v2.37.0/Documentation/RelNotes/2.37.0.txt). -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 12 2022 Todd Zullinger <tmz(a)pobox.com&gt; - 2.37.1-1 - update to 2.37.1 (CVE-2022-29187) * Mon Jun 27 2022 Todd Zullinger <tmz(a)pobox.com&gt; - 2.37.0-1 - update to 2.37.0 * Wed Jun 22 2022 Todd Zullinger <tmz(a)pobox.com&gt; - 2.37.0-0.2.rc2 - update to 2.37.0-rc2 * Fri Jun 17 2022 Todd Zullinger <tmz(a)pobox.com&gt; - 2.37.0-0.1.rc1 - update to 2.37.0-rc1 * Tue Jun 14 2022 Todd Zullinger <tmz(a)pobox.com&gt; - 2.37.0-0.0.rc0 - update to 2.37.0-rc0 - fix GIT_SKIP_TESTS for EL8 s390x - remove --with/--without emacs build conditional * Fri Jun 3 2022 Jitka Plesnikova <jplesnik(a)redhat.com&gt; - 2.36.1-1.2 - Perl 5.36 re-rebuild of bootstrapped packages * Wed Jun 1 2022 Jitka Plesnikova <jplesnik(a)redhat.com&gt; - 2.36.1-1.1 - Perl 5.36 rebuild * Fri May 6 2022 Todd Zullinger <tmz(a)pobox.com&gt; - 2.36.1-1 - update to 2.36.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2107439 - CVE-2022-29187 git: Bypass of safe.directory protections https://bugzilla.redhat.com/show_bug.cgi?id=2107439 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-2a5de7cb8b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------