diff -Nru git-2.25.1/debian/changelog git-2.25.1/debian/changelog
--- git-2.25.1/debian/changelog	2022-04-08 12:57:16.000000000 +0000
+++ git-2.25.1/debian/changelog	2022-04-25 23:21:34.000000000 +0000
@@ -1,3 +1,14 @@
+git (1:2.25.1-1ubuntu3.4) focal-security; urgency=medium
+
+  * SECURITY REGRESSION: Previous update was incomplete causing regressions
+    and not correctly fixing the issue.
+    - debian/patches/CVE-2022-24765-5.patch: fix safe.directory
+      key not being checked in setup.c.
+    - debian/patches/CVE-2022-24765-6.patch:
+      opt-out of check with safe.directory=* in setup.c. (LP: #1970260)
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Mon, 25 Apr 2022 20:21:34 -0300
+
 git (1:2.25.1-1ubuntu3.3) focal-security; urgency=medium
 
   * SECURITY UPDATE: Run commands in diff users
diff -Nru git-2.25.1/debian/patches/CVE-2022-24765-5.patch git-2.25.1/debian/patches/CVE-2022-24765-5.patch
--- git-2.25.1/debian/patches/CVE-2022-24765-5.patch	1970-01-01 00:00:00.000000000 +0000
+++ git-2.25.1/debian/patches/CVE-2022-24765-5.patch	2022-04-25 23:20:45.000000000 +0000
@@ -0,0 +1,32 @@
+From bb50ec3cc300eeff3aba7a2bea145aabdb477d31 Mon Sep 17 00:00:00 2001
+From: Matheus Valadares <me@m28.io>
+Date: Wed, 13 Apr 2022 15:32:30 +0000
+Subject: [PATCH] setup: fix safe.directory key not being checked
+
+It seems that nothing is ever checking to make sure the safe directories
+in the configs actually have the key safe.directory, so some unrelated
+config that has a value with a certain directory would also make it a
+safe directory.
+
+Signed-off-by: Matheus Valadares <me@m28.io>
+Signed-off-by: Derrick Stolee <derrickstolee@github.com>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+---
+ setup.c                   | 3 +++
+ t/t0033-safe-directory.sh | 5 +++++
+ 2 files changed, 8 insertions(+)
+
+Index: git-2.25.1/setup.c
+===================================================================
+--- git-2.25.1.orig/setup.c
++++ git-2.25.1/setup.c
+@@ -899,6 +899,9 @@ static int safe_directory_cb(const char
+ {
+ 	struct safe_directory_data *data = d;
+ 
++	if (strcmp(key, "safe.directory"))
++		return 0;
++
+ 	if (!value || !*value)
+ 		data->is_safe = 0;
+ 	else {
diff -Nru git-2.25.1/debian/patches/CVE-2022-24765-6.patch git-2.25.1/debian/patches/CVE-2022-24765-6.patch
--- git-2.25.1/debian/patches/CVE-2022-24765-6.patch	1970-01-01 00:00:00.000000000 +0000
+++ git-2.25.1/debian/patches/CVE-2022-24765-6.patch	2022-04-25 23:21:03.000000000 +0000
@@ -0,0 +1,69 @@
+From 0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8 Mon Sep 17 00:00:00 2001
+From: Derrick Stolee <derrickstolee@github.com>
+Date: Wed, 13 Apr 2022 15:32:31 +0000
+Subject: [PATCH] setup: opt-out of check with safe.directory=*
+
+With the addition of the safe.directory in 8959555ce
+(setup_git_directory(): add an owner check for the top-level directory,
+2022-03-02) released in v2.35.2, we are receiving feedback from a
+variety of users about the feature.
+
+Some users have a very large list of shared repositories and find it
+cumbersome to add this config for every one of them.
+
+In a more difficult case, certain workflows involve running Git commands
+within containers. The container boundary prevents any global or system
+config from communicating `safe.directory` values from the host into the
+container. Further, the container almost always runs as a different user
+than the owner of the directory in the host.
+
+To simplify the reactions necessary for these users, extend the
+definition of the safe.directory config value to include a possible '*'
+value. This value implies that all directories are safe, providing a
+single setting to opt-out of this protection.
+
+Note that an empty assignment of safe.directory clears all previous
+values, and this is already the case with the "if (!value || !*value)"
+condition.
+
+Signed-off-by: Derrick Stolee <derrickstolee@github.com>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+---
+ Documentation/config/safe.txt |  7 +++++++
+ setup.c                       |  6 ++++--
+ t/t0033-safe-directory.sh     | 10 ++++++++++
+ 3 files changed, 21 insertions(+), 2 deletions(-)
+
+Index: git-2.25.1/Documentation/config/safe.txt
+===================================================================
+--- git-2.25.1.orig/Documentation/config/safe.txt
++++ git-2.25.1/Documentation/config/safe.txt
+@@ -19,3 +19,10 @@ line option `-c safe.directory=<path>`.
+ The value of this setting is interpolated, i.e. `~/<path>` expands to a
+ path relative to the home directory and `%(prefix)/<path>` expands to a
+ path relative to Git's (runtime) prefix.
+++
++To completely opt-out of this security check, set `safe.directory` to the
++string `*`. This will allow all repositories to be treated as if their
++directory was listed in the `safe.directory` list. If `safe.directory=*`
++is set in system config and you want to re-enable this protection, then
++initialize your list with an empty value before listing the repositories
++that you deem safe.
+Index: git-2.25.1/setup.c
+===================================================================
+--- git-2.25.1.orig/setup.c
++++ git-2.25.1/setup.c
+@@ -902,9 +902,11 @@ static int safe_directory_cb(const char
+ 	if (strcmp(key, "safe.directory"))
+ 		return 0;
+ 
+-	if (!value || !*value)
++	if (!value || !*value) {
+ 		data->is_safe = 0;
+-	else {
++	} else if (!strcmp(value, "*")) {
++		data->is_safe = 1;
++	} else {
+ 		const char *interpolated = NULL;
+ 
+ 		if (!git_config_pathname(&interpolated, key, value) &&
diff -Nru git-2.25.1/debian/patches/series git-2.25.1/debian/patches/series
--- git-2.25.1/debian/patches/series	2022-04-08 12:57:06.000000000 +0000
+++ git-2.25.1/debian/patches/series	2022-04-25 23:21:34.000000000 +0000
@@ -17,3 +17,5 @@
 CVE-2022-24765-2.patch
 CVE-2022-24765-3.patch
 CVE-2022-24765-4.patch
+CVE-2022-24765-5.patch
+CVE-2022-24765-6.patch