From cbfe2a35166566c5c9104645606df619d03f9547 Mon Sep 17 00:00:00 2001
From: suresh-thelkar <suresh.thelkar@yahoo.com>
Date: Fri, 17 Jan 2025 09:19:14 +0530
Subject: [PATCH] Patch CVE-2024-50349 and CVE-2024-52006 in git (#11948)

Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
---
 SPECS/git/git.signatures.json | 2 +-
 SPECS/git/git.spec            | 8 ++++++--
 cgmanifest.json               | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/SPECS/git/git.signatures.json b/SPECS/git/git.signatures.json
index d9c4f4fd79f..d2431f0ee34 100644
--- a/SPECS/git/git.signatures.json
+++ b/SPECS/git/git.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "git-2.39.4.tar.xz": "ff2972e002c1bdf9f053243c934a2a1bc8248f8d419aaee8f6d5a4ed205c6633"
+    "git-2.40.4.tar.gz": "7b0bf4b8bd4aa2687e2db304d1f96899d835f0c4ce2eae49f300f3987e14521e"
   }
 }
diff --git a/SPECS/git/git.spec b/SPECS/git/git.spec
index c9c4feb05fd..cabe08941bc 100644
--- a/SPECS/git/git.spec
+++ b/SPECS/git/git.spec
@@ -1,13 +1,13 @@
 Summary:        Fast distributed version control system
 Name:           git
-Version:        2.39.4
+Version:        2.40.4
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          System Environment/Programming
 URL:            https://git-scm.com/
-Source0:        https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz
+Source0:        https://github.com/git/git/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 BuildRequires:  curl-devel
 BuildRequires:  python3-devel
 Requires:       curl
@@ -106,6 +106,7 @@ BuildArch:      noarch
 %{py3_shebang_fix} git-p4.py
 
 %build
+make configure
 %configure \
     CFLAGS="%{optflags}" \
     CXXFLAGS="%{optflags}" \
@@ -168,6 +169,9 @@ fi
 %endif
 
 %changelog
+* Thu Jan 16 2024 Suresh Thelkar <sthelkar@microsoft.com> - 2.40.4-1
+- Upgrade to 2.40.4 to address CVE-2024-50349 and CVE-2024-52006
+
 * Tue May 21 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.39.4-1
 - Auto-upgrade to 2.39.4 - Fix CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465
 
diff --git a/cgmanifest.json b/cgmanifest.json
index c689cdec502..91a76ad053f 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -4300,8 +4300,8 @@
         "type": "other",
         "other": {
           "name": "git",
-          "version": "2.39.4",
-          "downloadUrl": "https://www.kernel.org/pub/software/scm/git/git-2.39.4.tar.xz"
+          "version": "2.40.4",
+          "downloadUrl": "https://github.com/git/git/archive/refs/tags/v2.40.4.tar.gz"
         }
       }
     },