deleted file mode 100644

@@ -1,58 +0,0 @@

-From 9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b Mon Sep 17 00:00:00 2001

-From: Jeff King <peff@peff.net>

-Date: Wed, 11 Mar 2020 17:53:41 -0400

-Subject: [PATCH] credential: avoid writing values with newlines

-

-The credential protocol that we use to speak to helpers can't represent

-values with newlines in them. This was an intentional design choice to

-keep the protocol simple, since none of the values we pass should

-generally have newlines.

-

-However, if we _do_ encounter a newline in a value, we blindly transmit

-it in credential_write(). Such values may break the protocol syntax, or

-worse, inject new valid lines into the protocol stream.

-

-The most likely way for a newline to end up in a credential struct is by

-decoding a URL with a percent-encoded newline. However, since the bug

-occurs at the moment we write the value to the protocol, we'll catch it

-there. That should leave no possibility of accidentally missing a code

-path that can trigger the problem.

-

-At this level of the code we have little choice but to die(). However,

-since we'd not ever expect to see this case outside of a malicious URL,

-that's an acceptable outcome.

-

-Reported-by: Felix Wilhelm <fwilhelm@google.com>

- credential.c           | 2 ++

- t/t0300-credentials.sh | 6 ++++++

- 2 files changed, 8 insertions(+)

-

-diff --git a/credential.c b/credential.c

-index 9747f47b18bf2..00ee4d62db121 100644

-+++ b/credential.c

-@@ -194,6 +194,8 @@ static void credential_write_item(FILE *fp, const char *key, const char *value)

- {

- 	if (!value)

- 		return;

-+	if (strchr(value, '\n'))

-+		die("credential value for %s contains newline", key);

- 	fprintf(fp, "%s=%s\n", key, value);

- }

- 

-diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh

-index 03bd31e9f22a1..15cc3c5abb5b1 100755

-+++ b/t/t0300-credentials.sh

-@@ -309,4 +309,10 @@ test_expect_success 'empty helper spec resets helper list' '

- 	EOF

- '

- 

-+test_expect_success 'url parser rejects embedded newlines' '

-+	test_must_fail git credential fill <<-\EOF

-+	url=https://one.example.com?%0ahost=two.example.com/

-+	EOF

-+'

-+

- test_done

@@ -1,15 +1,14 @@

 Summary:        Fast distributed version control system

 Name:           git

-Version:        2.26.0

-Release:        2%{?dist}

+Version:        2.26.2

+Release:        1%{?dist}

 License:        GPLv2

 URL:            http://git-scm.com/

 Group:          System Environment/Programming

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz

-%define sha1    git=1580df90eecae21664646ac6eb7eba4af4934fe4

-Patch0:         CVE-2020-5260.patch

+%define sha1    git=bdb5eb6c014d7c372be70782a5155d964abe2c08

 BuildRequires:  curl-devel

 BuildRequires:  python2

 BuildRequires:  openssl-devel

@@ -42,7 +41,6 @@ These are the additional language files of git.

 %prep

 %setup -q

-%patch0 -p1

 %build

 %configure \

     CFLAGS="%{optflags}" \

@@ -93,6 +91,8 @@ rm -rf %{buildroot}/*

 %defattr(-,root,root)

 %changelog

+*   Tue May 19 2020 Prashant S Chauhan <psinghchauhan@vmware.com> 2.26.2-1

+-   Updated to version 2.26.2, fix CVE-2020-11008, CVE-2020-5260

 *   Mon Apr 27 2020 Prashant S Chauhan <psinghchauha@vmware.com> 2.26.0-2

 -   Added patch, Fixes CVE-2020-5260

 *   Wed Apr 01 2020 Susant Sahani <ssahani@vmware.com> 2.26.0-1