git (1:2.39.2-1.1) unstable; urgency=medium * Non-maintainer upload (only changes to git-doc). * Correct paths in git-doc doc-base control files (Closes: #1023255) -- Matthew Vernon <matthew@debian.org> Tue, 28 Feb 2023 09:25:32 +0000 git (1:2.39.2-1) unstable; urgency=medium * new upstream point release (see RelNotes/2.39.2.txt). Addresses CVE-2023-22490 and CVE-2023-23946. -- Jonathan Nieder <jrnieder@gmail.com> Wed, 15 Feb 2023 17:08:12 -0800 git (1:2.39.1-0.1) unstable; urgency=medium * Non-maintainer upload. * New upstream stable release (Closes: #1029114) Fixes CVE-2022-23521 and CVE-2022-41903. -- Aron Xu <aron@debian.org> Thu, 26 Jan 2023 13:43:04 +0800 git (1:2.39.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.39.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 12 Dec 2022 12:53:44 -0800 git (1:2.38.1-1) unstable; urgency=medium * new upstream release (closes: #1022046; see RelNotes/2.38.0.txt, RelNotes/2.38.1.txt). * Addresses the security issue CVE-2022-39253: cloning an attacker-controlled local repository could store arbitrary files in the ".git" directory of the destination repository. Thanks to Cory Snider of Mirantis for reporting this vulnerability and Taylor Blau for the mitigation. * Addresses CVE-2022-39260: a long command string passed to a `git shell` configured to support custom commands could overflow and run arbitrary code. Thanks to Kevin Backhouse of GitHub for reporting this vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau for mitigating it. -- Jonathan Nieder <jrnieder@gmail.com> Mon, 31 Oct 2022 18:32:00 -0700 git (1:2.37.2-1) unstable; urgency=low * new upstream release (closes: #1016723; see RelNotes/2.37.0.txt, RelNotes/2.37.1.txt, RelNotes/2.37.2.txt). -- Jonathan Nieder <jrnieder@gmail.com> Fri, 12 Aug 2022 19:27:24 -0700 git (1:2.36.1-1) unstable; urgency=low * new upstream point release (closes: #1010720; see RelNotes/2.36.1.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 09 May 2022 12:43:15 -0700 git (1:2.36.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.36.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Fri, 22 Apr 2022 16:43:03 -0700 git (1:2.35.2-1) unstable; urgency=medium * new upstream point release (see RelNotes/2.35.2.txt). * Addresses the security issue CVE-2022-24765: Git users might have found themselves unexpectedly in a Git worktree, e.g. when another user created a repository in `/tmp/.git`, in a mounted network drive or in a scratch space. Having a Git-aware prompt that runs `git status` (or `git diff`) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an IDE with Git support such as VS Code, could then run commands specified by that other user. Thanks to 俞晨东 for discovering this vulnerability and Johannes Schindelin for the mitigation. -- Jonathan Nieder <jrnieder@gmail.com> Tue, 12 Apr 2022 21:25:57 -0700 git (1:2.35.1-1) unstable; urgency=low * new upstream release (see RelNotes/2.35.0.txt, RelNotes/2.35.1.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 14 Feb 2022 08:24:39 -0800 git (1:2.34.1-1) unstable; urgency=low * new upstream point release (see RelNotes/2.34.1.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 29 Nov 2021 11:04:56 -0800 git (1:2.34.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.34.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Sat, 20 Nov 2021 13:14:45 -0800 git (1:2.33.1-1) unstable; urgency=low * new upstream point release (see RelNotes/2.33.1.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 25 Oct 2021 15:02:19 -0700 git (1:2.33.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.33.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 16 Aug 2021 17:54:01 -0700 git (1:2.32.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.32.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Sun, 06 Jun 2021 14:34:33 -0700 git (1:2.32.0~rc2-1) unstable; urgency=low * new upstream release candidate. * remove git-el package (closes: #987264, #984931). Since version 1:2.18.0~rc2-1, it only contained modules that error out with a message pointing to other Emacs packages. Nowadays users can use the README.emacs file from the git package for that instead. -- Jonathan Nieder <jrnieder@gmail.com> Mon, 31 May 2021 15:02:28 -0700 git (1:2.32.0~rc0-1) unstable; urgency=low * new upstream release candidate (see RelNotes/2.32.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Thu, 20 May 2021 13:20:15 -0700 git (1:2.31.1-1) unstable; urgency=low * new upstream point release (see RelNotes/2.31.1.txt). * install dashed commands to /usr/lib again (thx Sven Joachim; closes: #985416). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 19 Apr 2021 09:23:57 -0700 git (1:2.31.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.31.0.txt). * install dashed commands to /usr/libexec instead of /usr/lib (thx Chris Lamb for suggesting it through lintian). * remove compatibility code and NEWS.Debian entries that supported upgrades from versions before 1.7.9.5 (the version in Ubuntu 12.04, which reached the end of extended security maintenance in April, 2019). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 15 Mar 2021 19:32:17 -0700 git (1:2.30.2-1) unstable; urgency=medium * new upstream point release (see RelNotes/2.30.2.txt). -- Jonathan Nieder <jrnieder@gmail.com> Tue, 09 Mar 2021 17:45:38 -0800 git (1:2.30.1-1) unstable; urgency=low * new upstream point release (see RelNotes/2.30.1.txt). -- Jonathan Nieder <jrnieder@gmail.com> Tue, 16 Feb 2021 21:55:22 -0800 git (1:2.30.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.30.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 28 Dec 2020 16:22:30 -0800 git (1:2.30.0~rc2-1) unstable; urgency=low * new upstream release candidate. -- Jonathan Nieder <jrnieder@gmail.com> Wed, 23 Dec 2020 15:17:54 -0800 git (1:2.30.0~rc1-1) unstable; urgency=low * new upstream release candidate (see RelNotes/2.30.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 21 Dec 2020 13:58:04 -0800 git (1:2.29.2-1) unstable; urgency=low * new upstream point release (see RelNotes/2.29.2.txt). * debian/copyright: remove unused BSD-2-Clause text. The last part of Git under that license was removed in v2.29.0. -- Jonathan Nieder <jrnieder@gmail.com> Mon, 02 Nov 2020 09:33:37 -0800 git (1:2.29.1-1) unstable; urgency=low * new upstream release (see RelNotes/2.29.0.txt). * update debian/copyright. * debian/control: Build-Depends: debhelper-compat (= 10) * debian/rules: run "dh --without autoreconf" to speed up build, since we don't use the autotools-generated configure script. * git-el: install elisp for the "emacs" flavor, too (thx Zack Weinberg; closes: #972871). Breaks: emacsen-common (<< 3.0.0~) to avoid triggering on older systems where "emacs" was a virtual package. -- Jonathan Nieder <jrnieder@gmail.com> Mon, 26 Oct 2020 17:25:55 -0700 git (1:2.28.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.28.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 27 Jul 2020 11:02:01 -0700 git (1:2.28.0~rc2-1) unstable; urgency=low * new upstream release candidate. -- Jonathan Nieder <jrnieder@gmail.com> Wed, 22 Jul 2020 17:36:57 -0700 git (1:2.28.0~rc1-1) unstable; urgency=low * new upstream release candidate. -- Jonathan Nieder <jrnieder@gmail.com> Fri, 17 Jul 2020 18:40:53 -0700 git (1:2.28.0~rc0-1) unstable; urgency=low * new upstream release candidate (see RelNotes/2.28.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 13 Jul 2020 15:03:55 -0700 git (1:2.27.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.27.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 01 Jun 2020 10:05:06 -0700 git (1:2.27.0~rc2-1) unstable; urgency=low * new upstream release candidate (closes: #757402). -- Jonathan Nieder <jrnieder@gmail.com> Tue, 26 May 2020 14:27:25 -0700 git (1:2.27.0~rc0-1) unstable; urgency=low * new upstream release candidate (see RelNotes/2.27.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 18 May 2020 16:57:41 -0700 git (1:2.26.2-1) unstable; urgency=high * new upstream point release (see RelNotes/2.26.2.txt). * Addresses the security issue CVE-2020-11008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability fixed in 2.26.1, the credentials are not for a host of the attacker's choosing. Instead, they are for an unspecified host, based on how the configured credential helper handles an absent "host" parameter. The attack has been made impossible by refusing to work with underspecified credential patterns. Thanks to Carlo Arenas for reporting that Git was still vulnerable, Felix Wilhelm for providing the proof of concept demonstrating this issue, and Jeff King for promptly providing a corrected fix. Tested using the proof of concept at https://crbug.com/project-zero/2021. -- Jonathan Nieder <jrnieder@gmail.com> Mon, 20 Apr 2020 10:44:09 -0700 git (1:2.26.1-1) unstable; urgency=high * new upstream point release (see RelNotes/2.26.1.txt). * Addresses the security issue CVE-2020-5260. With a crafted URL that contains a newline, the credential helper machinery can be fooled to supply credential information for the wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. Thanks to Felix Wilhelm of Google Project Zero for finding this vulnerability and Jeff King for fixing it. -- Jonathan Nieder <jrnieder@gmail.com> Tue, 14 Apr 2020 10:29:38 -0700 git (1:2.26.0-2) unstable; urgency=low * fixes to the (newly default) rebase --merge backend: * honor GIT_REFLOG_ACTION (thx Ian Jackson and Elijah Newren; closes: #955152). * avoid "nothing to do" error when fast-forwarding a branch with rebase.abbreviateCommands=true (thx Jan Alexander Steffens and Alban Gruin). * debian/control: downgrade Recommends by git-all on git-daemon-run to Suggests. The git-all package is a "batteries included" full installation of Git. Automatically running a daemon is not useful to most of its users. -- Jonathan Nieder <jrnieder@gmail.com> Tue, 14 Apr 2020 10:09:37 -0700 git (1:2.26.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.26.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 23 Mar 2020 13:19:36 -0700 git (1:2.26.0~rc2-1) unstable; urgency=low * new upstream release candidate (see RelNotes/2.26.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 16 Mar 2020 21:17:23 -0700 git (1:2.25.1-1) unstable; urgency=low * new upstream point release (see RelNotes/2.25.1.txt). * update debian/copyright. * debian/control: remove Gerrit Pape from the Maintainer field, as requested. Thanks to Gerrit for putting together this package in a way that has been pleasant to maintain. * debian/rules: use "dpkg-architecture" instead of "uname -m" to retrieve host arch. This makes the resulting "git version --build-options" more predictable when building for i386 on an amd64 machine (thx to Ceridwen for detecting this in reprotest). -- Jonathan Nieder <jrnieder@gmail.com> Tue, 18 Feb 2020 17:26:36 -0800 git (1:2.25.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.25.0.txt). * build against Python 3 (thx Steve Langasek, closes: #948832). -- Jonathan Nieder <jrnieder@gmail.com> Tue, 14 Jan 2020 02:58:47 +0000 git (1:2.25.0~rc2-1) unstable; urgency=low * new upstream release candidate. -- Jonathan Nieder <jrnieder@gmail.com> Wed, 08 Jan 2020 16:08:27 -0800 git (1:2.25.0~rc1-1) unstable; urgency=low * new upstream release candidate. -- Jonathan Nieder <jrnieder@gmail.com> Fri, 03 Jan 2020 15:12:18 -0800 git (1:2.25.0~rc0-1) unstable; urgency=low * new upstream release candidate (see RelNotes/2.25.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Fri, 27 Dec 2019 15:08:51 -0800 git (1:2.24.1-1) unstable; urgency=low * update to use upstream tarball for 2.24.1. -- Jonathan Nieder <jrnieder@gmail.com> Tue, 10 Dec 2019 13:21:59 -0800 git (1:2.24.0-2) unstable; urgency=high * new upstream point release (see RelNotes/2.24.1.txt). * Addresses the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387. Credit for finding these vulnerabilities goes to Microsoft Security Response Center, in particular to Nicolas Joly. Fixes were provided by Jeff King and Johannes Schindelin with help from Garima Singh. * Addresses CVE-2019-19604, arbitrary code execution via the "update" field in .gitmodules. Credit for finding this vulnerability goes to Joern Schneeweisz from GitLab. -- Jonathan Nieder <jrnieder@gmail.com> Mon, 09 Dec 2019 06:20:25 +0000 git (1:2.24.0-1) unstable; urgency=medium * new upstream release (see RelNotes/2.24.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Sun, 03 Nov 2019 22:16:20 -0800 git (1:2.24.0~rc2-1) unstable; urgency=low * new upstream release candidate. -- Jonathan Nieder <jrnieder@gmail.com> Wed, 30 Oct 2019 12:52:19 -0700 git (1:2.24.0~rc1-1) unstable; urgency=medium * new upstream release candidate. * test-tool: read --total as an int, not uint64 (thx John Paul Adrian Glaubitz; closes: #942674) -- Jonathan Nieder <jrnieder@gmail.com> Thu, 24 Oct 2019 15:44:01 -0700 git (1:2.24.0~rc0-1) unstable; urgency=medium * new upstream release candidate (see RelNotes/2.24.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Fri, 18 Oct 2019 15:15:37 -0700 git (1:2.23.0-1) unstable; urgency=medium * new upstream release (see RelNotes/2.23.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Sun, 18 Aug 2019 16:58:15 -0700 git (1:2.23.0~rc1-1) unstable; urgency=low * new upstream release candidate. * tests: sort output of hashmap iteration (closes: #933519) -- Jonathan Nieder <jrnieder@gmail.com> Fri, 02 Aug 2019 17:21:22 -0700 git (1:2.23.0~rc0-1) unstable; urgency=low * new upstream release candidate (see RelNotes/2.23.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 29 Jul 2019 17:07:53 -0700 git (1:2.22.0-1) unstable; urgency=low * new upstream release (see RelNotes/2.21.0.txt, RelNotes/2.22.0.txt). -- Jonathan Nieder <jrnieder@gmail.com> Mon, 08 Jul 2019 10:50:51 -0700 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog gitk`.
Generated by dwww version 1.15 on Thu May 23 21:03:15 CEST 2024.