git (1:2.39.2-1.1) unstable; urgency=medium
* Non-maintainer upload (only changes to git-doc).
* Correct paths in git-doc doc-base control files (Closes: #1023255)
-- Matthew Vernon <matthew@debian.org> Tue, 28 Feb 2023 09:25:32 +0000
git (1:2.39.2-1) unstable; urgency=medium
* new upstream point release (see RelNotes/2.39.2.txt). Addresses
CVE-2023-22490 and CVE-2023-23946.
-- Jonathan Nieder <jrnieder@gmail.com> Wed, 15 Feb 2023 17:08:12 -0800
git (1:2.39.1-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream stable release (Closes: #1029114)
Fixes CVE-2022-23521 and CVE-2022-41903.
-- Aron Xu <aron@debian.org> Thu, 26 Jan 2023 13:43:04 +0800
git (1:2.39.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.39.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 12 Dec 2022 12:53:44 -0800
git (1:2.38.1-1) unstable; urgency=medium
* new upstream release (closes: #1022046; see RelNotes/2.38.0.txt,
RelNotes/2.38.1.txt).
* Addresses the security issue CVE-2022-39253: cloning an
attacker-controlled local repository could store arbitrary files
in the ".git" directory of the destination repository.
Thanks to Cory Snider of Mirantis for reporting this
vulnerability and Taylor Blau for the mitigation.
* Addresses CVE-2022-39260: a long command string passed to a `git
shell` configured to support custom commands could overflow and
run arbitrary code.
Thanks to Kevin Backhouse of GitHub for reporting this
vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau
for mitigating it.
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 31 Oct 2022 18:32:00 -0700
git (1:2.37.2-1) unstable; urgency=low
* new upstream release (closes: #1016723; see RelNotes/2.37.0.txt,
RelNotes/2.37.1.txt, RelNotes/2.37.2.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Fri, 12 Aug 2022 19:27:24 -0700
git (1:2.36.1-1) unstable; urgency=low
* new upstream point release (closes: #1010720; see
RelNotes/2.36.1.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 09 May 2022 12:43:15 -0700
git (1:2.36.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.36.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Fri, 22 Apr 2022 16:43:03 -0700
git (1:2.35.2-1) unstable; urgency=medium
* new upstream point release (see RelNotes/2.35.2.txt).
* Addresses the security issue CVE-2022-24765: Git users might
have found themselves unexpectedly in a Git worktree, e.g. when
another user created a repository in `/tmp/.git`, in a mounted
network drive or in a scratch space. Having a Git-aware prompt
that runs `git status` (or `git diff`) and navigating to a
directory which is supposedly not a Git worktree, or opening
such a directory in an IDE with Git support such as VS Code,
could then run commands specified by that other user.
Thanks to 俞晨东 for discovering this vulnerability and
Johannes Schindelin for the mitigation.
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 12 Apr 2022 21:25:57 -0700
git (1:2.35.1-1) unstable; urgency=low
* new upstream release (see RelNotes/2.35.0.txt, RelNotes/2.35.1.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 14 Feb 2022 08:24:39 -0800
git (1:2.34.1-1) unstable; urgency=low
* new upstream point release (see RelNotes/2.34.1.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 29 Nov 2021 11:04:56 -0800
git (1:2.34.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.34.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Sat, 20 Nov 2021 13:14:45 -0800
git (1:2.33.1-1) unstable; urgency=low
* new upstream point release (see RelNotes/2.33.1.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 25 Oct 2021 15:02:19 -0700
git (1:2.33.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.33.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 16 Aug 2021 17:54:01 -0700
git (1:2.32.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.32.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Sun, 06 Jun 2021 14:34:33 -0700
git (1:2.32.0~rc2-1) unstable; urgency=low
* new upstream release candidate.
* remove git-el package (closes: #987264, #984931). Since version
1:2.18.0~rc2-1, it only contained modules that error out with a
message pointing to other Emacs packages. Nowadays users can
use the README.emacs file from the git package for that instead.
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 31 May 2021 15:02:28 -0700
git (1:2.32.0~rc0-1) unstable; urgency=low
* new upstream release candidate (see RelNotes/2.32.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Thu, 20 May 2021 13:20:15 -0700
git (1:2.31.1-1) unstable; urgency=low
* new upstream point release (see RelNotes/2.31.1.txt).
* install dashed commands to /usr/lib again (thx Sven Joachim;
closes: #985416).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 19 Apr 2021 09:23:57 -0700
git (1:2.31.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.31.0.txt).
* install dashed commands to /usr/libexec instead of /usr/lib (thx
Chris Lamb for suggesting it through lintian).
* remove compatibility code and NEWS.Debian entries that supported
upgrades from versions before 1.7.9.5 (the version in Ubuntu
12.04, which reached the end of extended security maintenance in
April, 2019).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 15 Mar 2021 19:32:17 -0700
git (1:2.30.2-1) unstable; urgency=medium
* new upstream point release (see RelNotes/2.30.2.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 09 Mar 2021 17:45:38 -0800
git (1:2.30.1-1) unstable; urgency=low
* new upstream point release (see RelNotes/2.30.1.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 16 Feb 2021 21:55:22 -0800
git (1:2.30.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.30.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 28 Dec 2020 16:22:30 -0800
git (1:2.30.0~rc2-1) unstable; urgency=low
* new upstream release candidate.
-- Jonathan Nieder <jrnieder@gmail.com> Wed, 23 Dec 2020 15:17:54 -0800
git (1:2.30.0~rc1-1) unstable; urgency=low
* new upstream release candidate (see RelNotes/2.30.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 21 Dec 2020 13:58:04 -0800
git (1:2.29.2-1) unstable; urgency=low
* new upstream point release (see RelNotes/2.29.2.txt).
* debian/copyright: remove unused BSD-2-Clause text. The last part
of Git under that license was removed in v2.29.0.
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 02 Nov 2020 09:33:37 -0800
git (1:2.29.1-1) unstable; urgency=low
* new upstream release (see RelNotes/2.29.0.txt).
* update debian/copyright.
* debian/control: Build-Depends: debhelper-compat (= 10)
* debian/rules: run "dh --without autoreconf" to speed up build,
since we don't use the autotools-generated configure script.
* git-el: install elisp for the "emacs" flavor, too (thx Zack Weinberg;
closes: #972871). Breaks: emacsen-common (<< 3.0.0~) to avoid
triggering on older systems where "emacs" was a virtual package.
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 26 Oct 2020 17:25:55 -0700
git (1:2.28.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.28.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 27 Jul 2020 11:02:01 -0700
git (1:2.28.0~rc2-1) unstable; urgency=low
* new upstream release candidate.
-- Jonathan Nieder <jrnieder@gmail.com> Wed, 22 Jul 2020 17:36:57 -0700
git (1:2.28.0~rc1-1) unstable; urgency=low
* new upstream release candidate.
-- Jonathan Nieder <jrnieder@gmail.com> Fri, 17 Jul 2020 18:40:53 -0700
git (1:2.28.0~rc0-1) unstable; urgency=low
* new upstream release candidate (see RelNotes/2.28.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 13 Jul 2020 15:03:55 -0700
git (1:2.27.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.27.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 01 Jun 2020 10:05:06 -0700
git (1:2.27.0~rc2-1) unstable; urgency=low
* new upstream release candidate (closes: #757402).
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 26 May 2020 14:27:25 -0700
git (1:2.27.0~rc0-1) unstable; urgency=low
* new upstream release candidate (see RelNotes/2.27.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 18 May 2020 16:57:41 -0700
git (1:2.26.2-1) unstable; urgency=high
* new upstream point release (see RelNotes/2.26.2.txt).
* Addresses the security issue CVE-2020-11008.
With a crafted URL that contains a newline or empty host, or
lacks a scheme, the credential helper machinery can be fooled
into providing credential information that is not appropriate
for the protocol in use and host being contacted.
Unlike the vulnerability fixed in 2.26.1, the credentials are
not for a host of the attacker's choosing. Instead, they are
for an unspecified host, based on how the configured
credential helper handles an absent "host" parameter.
The attack has been made impossible by refusing to work with
underspecified credential patterns.
Thanks to Carlo Arenas for reporting that Git was still
vulnerable, Felix Wilhelm for providing the proof of concept
demonstrating this issue, and Jeff King for promptly providing
a corrected fix.
Tested using the proof of concept at
https://crbug.com/project-zero/2021.
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 20 Apr 2020 10:44:09 -0700
git (1:2.26.1-1) unstable; urgency=high
* new upstream point release (see RelNotes/2.26.1.txt).
* Addresses the security issue CVE-2020-5260.
With a crafted URL that contains a newline, the credential
helper machinery can be fooled to supply credential information
for the wrong host. The attack has been made impossible by
forbidding a newline character in any value passed via the
credential protocol.
Thanks to Felix Wilhelm of Google Project Zero for finding
this vulnerability and Jeff King for fixing it.
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 14 Apr 2020 10:29:38 -0700
git (1:2.26.0-2) unstable; urgency=low
* fixes to the (newly default) rebase --merge backend:
* honor GIT_REFLOG_ACTION (thx Ian Jackson and Elijah Newren;
closes: #955152).
* avoid "nothing to do" error when fast-forwarding a branch with
rebase.abbreviateCommands=true (thx Jan Alexander Steffens and
Alban Gruin).
* debian/control: downgrade Recommends by git-all on git-daemon-run
to Suggests. The git-all package is a "batteries included" full
installation of Git. Automatically running a daemon is not useful
to most of its users.
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 14 Apr 2020 10:09:37 -0700
git (1:2.26.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.26.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 23 Mar 2020 13:19:36 -0700
git (1:2.26.0~rc2-1) unstable; urgency=low
* new upstream release candidate (see RelNotes/2.26.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 16 Mar 2020 21:17:23 -0700
git (1:2.25.1-1) unstable; urgency=low
* new upstream point release (see RelNotes/2.25.1.txt).
* update debian/copyright.
* debian/control: remove Gerrit Pape from the Maintainer field,
as requested. Thanks to Gerrit for putting together this
package in a way that has been pleasant to maintain.
* debian/rules: use "dpkg-architecture" instead of "uname -m" to
retrieve host arch. This makes the resulting "git version
--build-options" more predictable when building for i386 on an
amd64 machine (thx to Ceridwen for detecting this in reprotest).
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 18 Feb 2020 17:26:36 -0800
git (1:2.25.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.25.0.txt).
* build against Python 3 (thx Steve Langasek, closes: #948832).
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 14 Jan 2020 02:58:47 +0000
git (1:2.25.0~rc2-1) unstable; urgency=low
* new upstream release candidate.
-- Jonathan Nieder <jrnieder@gmail.com> Wed, 08 Jan 2020 16:08:27 -0800
git (1:2.25.0~rc1-1) unstable; urgency=low
* new upstream release candidate.
-- Jonathan Nieder <jrnieder@gmail.com> Fri, 03 Jan 2020 15:12:18 -0800
git (1:2.25.0~rc0-1) unstable; urgency=low
* new upstream release candidate (see RelNotes/2.25.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Fri, 27 Dec 2019 15:08:51 -0800
git (1:2.24.1-1) unstable; urgency=low
* update to use upstream tarball for 2.24.1.
-- Jonathan Nieder <jrnieder@gmail.com> Tue, 10 Dec 2019 13:21:59 -0800
git (1:2.24.0-2) unstable; urgency=high
* new upstream point release (see RelNotes/2.24.1.txt).
* Addresses the security issues CVE-2019-1348, CVE-2019-1349,
CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353,
CVE-2019-1354, and CVE-2019-1387.
Credit for finding these vulnerabilities goes to Microsoft
Security Response Center, in particular to Nicolas Joly. Fixes
were provided by Jeff King and Johannes Schindelin with help
from Garima Singh.
* Addresses CVE-2019-19604, arbitrary code execution via the
"update" field in .gitmodules.
Credit for finding this vulnerability goes to Joern
Schneeweisz from GitLab.
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 09 Dec 2019 06:20:25 +0000
git (1:2.24.0-1) unstable; urgency=medium
* new upstream release (see RelNotes/2.24.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Sun, 03 Nov 2019 22:16:20 -0800
git (1:2.24.0~rc2-1) unstable; urgency=low
* new upstream release candidate.
-- Jonathan Nieder <jrnieder@gmail.com> Wed, 30 Oct 2019 12:52:19 -0700
git (1:2.24.0~rc1-1) unstable; urgency=medium
* new upstream release candidate.
* test-tool: read --total as an int, not uint64 (thx John Paul Adrian
Glaubitz; closes: #942674)
-- Jonathan Nieder <jrnieder@gmail.com> Thu, 24 Oct 2019 15:44:01 -0700
git (1:2.24.0~rc0-1) unstable; urgency=medium
* new upstream release candidate (see RelNotes/2.24.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Fri, 18 Oct 2019 15:15:37 -0700
git (1:2.23.0-1) unstable; urgency=medium
* new upstream release (see RelNotes/2.23.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Sun, 18 Aug 2019 16:58:15 -0700
git (1:2.23.0~rc1-1) unstable; urgency=low
* new upstream release candidate.
* tests: sort output of hashmap iteration (closes: #933519)
-- Jonathan Nieder <jrnieder@gmail.com> Fri, 02 Aug 2019 17:21:22 -0700
git (1:2.23.0~rc0-1) unstable; urgency=low
* new upstream release candidate (see RelNotes/2.23.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 29 Jul 2019 17:07:53 -0700
git (1:2.22.0-1) unstable; urgency=low
* new upstream release (see RelNotes/2.21.0.txt, RelNotes/2.22.0.txt).
-- Jonathan Nieder <jrnieder@gmail.com> Mon, 08 Jul 2019 10:50:51 -0700
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog gitk`.
Generated by dwww version 1.15 on Thu May 23 21:03:15 CEST 2024.