From da087ee7194b07c7d21c962eba08e49321aee186 Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Dec 10 2019 18:23:30 +0000
Subject: update to 2.24.1


Per the upstream release announcement¹, this release fixes "various
security flaws, which allowed an attacker to overwrite arbitrary paths,
remotely execute code, and/or overwrite files in the .git/ directory
etc.  See the release notes attached for the list for their descriptions
and CVE identifiers."

Refer to the 2.14.6 release notes² for details on these vulnerabilities.

¹ https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/
² https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.14.6.txt

---

diff --git a/git.spec b/git.spec
index 1b4969c..0267e78 100644
--- a/git.spec
+++ b/git.spec
@@ -92,8 +92,8 @@
 #global rcrev   .rc0
 
 Name:           git
-Version:        2.24.0
-Release:        2%{?rcrev}%{?dist}
+Version:        2.24.1
+Release:        1%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
 URL:            https://git-scm.com/
@@ -1029,6 +1029,10 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}
 
 %changelog
+* Tue Dec 10 2019 Todd Zullinger <tmz@pobox.com> - 2.24.1-1
+- update to 2.24.1 (CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351,
+  CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387)
+
 * Wed Dec 04 2019 Todd Zullinger <tmz@pobox.com> - 2.24.0-2
 - restore jgit BR for use in tests
 
diff --git a/sources b/sources
index a939b41..e0d08d5 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (git-2.24.0.tar.xz) = 31c8c001fdea3b1e3e732cc42299979f1329d564f76d3950c90a0090afc1fa1ba50bdb7f86da92066843887986cc73a34c13dd651566d1af9036ecbe8aee42c3
-SHA512 (git-2.24.0.tar.sign) = 155d713905d6296f7be010ca50f07de310604957ee6514fd4d68fab5866ac91e9ea42bcda5ac7f8b73c9c2a0cfba7e9afc7b0c38e1783e21209031eb75d69933
+SHA512 (git-2.24.1.tar.xz) = 010c13d4023c142876d0e075a394b74bef422944d8ca602325d0b2b47bf28b1d534283c7f295751113c83fdfcc0c91f97090e8f906560d44b04a94607fd8fcf7
+SHA512 (git-2.24.1.tar.sign) = 078b41f47f9609798ba2b9a00a2d09c359904da92d3a9d32d3f4fc442f79950e91a0c4df02987258e31e7d33ebfc09711b2f3b6923585799053c2efeab896390