|
|
|
|
Changelog for git-daemon-2.16.4-lp151.4.3.1.i586.rpm :
* Mon Dec 09 2019 Marketa Calabkova - Fix bsc#1158787 (CVE-2019-1349), bsc#1158795 (CVE-2019-19604), bsc#1158793 (CVE-2019-1387), bsc#1158792 (CVE-2019-1354), bsc#1158791 (CVE-2019-1353), bsc#1158790 (CVE-2019-1352), bsc#1158789 (CVE-2019-1351), bsc#1158788 (CVE-2019-1350), bsc#1158785 (CVE-2019-1348)- Add patches: 0001-t9300-drop-some-useless-uses-of-cat.patch 0002-t9300-create-marks-files-for-double-import-marks-tes.patch 0003-fast-import-tighten-parsing-of-boolean-command-line-.patch 0004-fast-import-stop-creating-leading-directories-for-im.patch 0005-fast-import-delay-creating-leading-directories-for-e.patch 0006-fast-import-disallow-feature-export-marks-by-default.patch 0007-fast-import-disallow-feature-import-marks-by-default.patch 0008-clone-recurse-submodules-prevent-name-squatting-on-W.patch 0009-mingw-disallow-backslash-characters-in-tree-objects-.patch 0010-path.c-document-the-purpose-of-is_ntfs_dotgit.patch 0011-submodule-reject-submodule.update-command-in-.gitmod.patch 0012-test-path-utils-offer-to-run-a-protectNTFS-protectHF.patch 0013-is_ntfs_dotgit-only-verify-the-leading-segment.patch 0014-mingw-fix-quoting-of-arguments.patch 0015-tests-add-a-helper-to-stress-test-argument-quoting.patch 0016-path-safeguard-.git-against-NTFS-Alternate-Streams-A.patch 0017-is_ntfs_dotgit-speed-it-up.patch 0018-quote-stress-test-accept-arguments-to-test-via-the-c.patch 0019-path-also-guard-.gitmodules-against-NTFS-Alternate-D.patch 0020-protect_ntfs-turn-on-NTFS-protection-by-default.patch 0021-Disallow-dubiously-nested-submodule-git-directories.patch 0022-t6130-t9350-prepare-for-stringent-Win32-path-validat.patch 0023-quote-stress-test-allow-skipping-some-trials.patch 0024-unpack-trees-let-merged_entry-pass-through-do_add_en.patch 0026-quote-stress-test-offer-to-test-quoting-arguments-fo.patch 0027-mingw-refuse-to-access-paths-with-trailing-spaces-or.patch 0028-mingw-handle-subst-ed-DOS-drives.patch * Wed Sep 18 2019 Jason Sikes - Add zlib dependency, which used to be provided by openssl-devel, so that package can compile successfully after openssl upgrade to 1.1.1. (bsc#1149792) * Wed Mar 20 2019 lnusselAATTsuse.de- Do not BuildRequire apache2: + it is only in the build chain for the directory ownership. Let\'s just own the directories ourselves. + This actually also fixes the issue that installing, then uninstalling git-web, without apache2 being present on the machine, leaves those directories stale on the disk. * Fri Nov 30 2018 Marketa Calabkova - Avoid boo#1082023 - git send-email fails to authenticate with SMTP server * Mon Nov 26 2018 Marketa Calabkova - fix CVE-2018-19486 (bsc#1117257) * git-mark-path-lookup-errors.patch * Mon Oct 08 2018 tiwaiAATTsuse.de- Fix VUL-0: arbitrary code execution via .gitmodules (CVE-2018-17456, bsc#1110949): 0001-submodule-helper-use-to-signal-end-of-clone-options.patch 0002-submodule-config-ban-submodule-urls-that-start-with-.patch 0003-submodule-config-ban-submodule-paths-that-start-with.patch * Wed May 30 2018 tiwaiAATTsuse.de- Update to git 2.16.4: security fix release * path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233, bsc#1095218) * arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235, bsc#1095219) * Tue Mar 27 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318] * Fri Mar 23 2018 avindraAATTopensuse.org- git 2.16.3: * \"git status\" after moving a path in the working tree (hence making it appear \"removed\") and then adding with the -N option (hence making that appear \"added\") detected it as a rename, but did not report the old and new pathnames correctly. * \"git commit --fixup\" did not allow \"-m\" option to be used at the same time; allow it to annotate resulting commit with more text. * When resetting the working tree files recursively, the working tree of submodules are now also reset to match. * Fix for a commented-out code to adjust it to a rather old API change around object ID. * When there are too many changed paths, \"git diff\" showed a warning message but in the middle of a line. * The http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable. * Crash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on. * The split-index mode had a few corner case bugs fixed. * Assorted fixes to \"git daemon\". * Completion of \"git merge -s\" (in contrib/) did not work well in non-C locale. * Workaround for segfault with more recent versions of SVN. * Recently introduced leaks in fsck have been plugged. * Travis CI integration now builds the executable in \'script\' phase to follow the established practice, rather than during \'before_script\' phase. This allows the CI categorize the failures better (\'failed\' is project\'s fault, \'errored\' is build environment\'s). * Thu Mar 08 2018 tiwaiAATTsuse.de- Drop superfluous xinetd snippet, no longer used (bsc#1084460) * Tue Mar 06 2018 tiwaiAATTsuse.de- Build with asciidoctor for the recent distros (bsc#1075764) * Mon Feb 26 2018 schwabAATTlinux-m68k.org- Move %{?systemd_requires} to daemon subpackage * Wed Feb 21 2018 fcrozatAATTsuse.com- Create subpackage for libsecret credential helper. * Sun Feb 18 2018 avindraAATTopensuse.org- git 2.16.2: * An old regression in \"git describe --all $annotated_tag^0\" has been fixed. * \"git svn dcommit\" did not take into account the fact that a svn+ssh:// URL with a usernameAATT (typically used for pushing) refers to the same SVN repository without the usernameAATT and failed when svn.pushmergeinfo option is set. * \"git merge -Xours/-Xtheirs\" learned to use our/their version when resolving a conflicting updates to a symbolic link. * \"git clone $there $here\" is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation. * \"git stash -- \" incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected. * \"git add -p\" was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway. * Tue Jan 23 2018 astiegerAATTsuse.com- git 2.16.1: * \"git clone\" segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem * Fri Jan 19 2018 avindraAATTopensuse.org- git 2.16.0: * See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt- partial cleanup with spec-cleaner- drop git-gui-tclIndex.patch * merged upstream in da10ea373b80cc8bf8efca5acb1d11ecf410fb0c * Fri Dec 01 2017 aavindraaAATTgmail.com- git 2.15.1: * fix \"auto\" column output * fixes to moved lines diffing * documentation updates * fix use of repositories immediately under the root directory * improve usage of libsecret * fixes to various error conditions in git commands * Tue Nov 28 2017 tiwaiAATTsuse.de- Rewrite from sysv init to systemd unit file for git-daemon (bsc#1069803) * Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Thu Nov 09 2017 jmatejekAATTsuse.com- split off p4 to a subpackage (bsc#1067502)- do not buildrequire asciidoc (dependent on Python 2) when not building docs- switch to Python 3 for tests * Mon Nov 06 2017 tiwaiAATTsuse.de- Build with the external libsha1detectcoll (bsc#1042644) * Wed Nov 01 2017 astiegerAATTsuse.com- git 2.15.0: * Use of an empty string as a pathspec element that is used for \'everything matches\' is still warned and Git asks users to use a more explicit \'.\' for that instead. Removal scheduled for 2.16 * Git now avoids blindly falling back to \".git\" when the setup sequence said we are _not_ in Git repository (another corner case removed) * \"branch --set-upstream\" was retired, deprecated since 1.8 * many other improvements and updates * Mon Oct 23 2017 astiegerAATTsuse.com- git 2.14.3: * git send-email understands more cc: formats * fixes so gitk --bisect * git commit-tree fixed to handle -F file alike * Prevent segfault in \"git cat-file --textconv\" * Fix function header parsing for HTML * Various small fixes to user commands and and internal functions * Tue Sep 26 2017 astiegerAATTsuse.com- git 2.14.2: * fixes to color output * http.{sslkey,sslCert} now interpret \"~[username]/\" prefix * fixes to walking of reflogs via \"log -g\" and friends * various fixes to output correctness * \"git push --recurse-submodules $there HEAD:$target\" is now propagated down to the submodules * \"git clone --recurse-submodules --quiet\" c$how propagates quiet option down to submodules. * \"git svn --localtime\" correctness fixes * \"git grep -L\" and \"git grep --quiet -L\" now report same exit code * fixes to \"git apply\" when converting line endings * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041 * \"git cvsserver\" no longer is invoked by \"git daemon\" by default * Thu Aug 10 2017 astiegerAATTsuse.com- git 2.14.1 (bsc#1052481): * Security fix for CVE-2017-1000117: A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim\'s machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability. * A \"ssh://...\" URL can result in a \"ssh\" command line with a hostname that begins with a dash \"-\", which would cause the \"ssh\" command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from \"ssh://...\" URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash \"-\" as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage). * In the same spirit, a repository name that begins with a dash \"-\" is also forbidden now. * Sat Aug 05 2017 astiegerAATTsuse.com- git 2.14.0: * Use of an empty string as a pathspec element that is used for \'everything matches\' is deprecated, use \'.\' * Avoid blindly falling back to \".git\" when the setup sequence indicates operation not on a Git repository * \"indent heuristics\" are now the default. * Builds with pcre2 * Many bug fixes, improvements and updates * Wed Aug 02 2017 astiegerAATTsuse.com- git 2.13.4: * Update the character width tables. * Fix an alias that contained an uppercase letter * Progress meter fixes * git gc concurrency fixes * Thu Jul 13 2017 astiegerAATTsuse.com- git 2.13.3: * various internal bug fixes * Fix a regression to \"git rebase -i\" * Correct unaligned 32-bit access in pack-bitmap code * Tighten error checks for invalid \"git apply\" input * The split index code did not honor core.sharedrepository setting correctly * Fix \"git branch --list\" handling of color.branch.local * Sun Jun 25 2017 astiegerAATTsuse.com- git 2.13.2: * \"collision detecting\" SHA-1 update for platform fixes * \"git checkout --recurse-submodules\" did not quite work with a submodule that itself has submodules. * The \"run-command\" API implementation has been made more robust against dead-locking in a threaded environment. * \"git clean -d\" now only cleans ignored files with \"-x\" * \"git status --ignored\" did not list ignored and untracked files without \"-uall\" * \"git pull --rebase --autostash\" didn\'t auto-stash when the local history fast-forwards to the upstream. * \"git describe --contains\" gives as much weight to lightweight tags as annotated tags * Fix \"git stash push \" from a subdirectory * Mon Jun 05 2017 astiegerAATTsuse.com- git 2.13.1: * Setting \"log.decorate=false\" in the configuration file did not take effect in v2.13, which has been corrected. * corrections to documentation and command help output * garbage collection fixes * memory leaks fixed * receive-pack now makes sure that the push certificate records the same set of push options used for pushing * shell completion corrections for git stash * fix \"git clone --config var=val\" with empty strings * internal efficiency improvements * Update sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches * Sat May 27 2017 schwabAATTlinux-m68k.org- Fix packaging of documentation * Wed May 10 2017 astiegerAATTsuse.com- git 2.13.0: * empty string as a pathspec element for \'everything matches\' is still warned, for future removal. * deprecated argument order \"git merge HEAD ...\" was removed * default location \"~/.git-credential-cache/socket\" for the socket used to communicate with the credential-cache daemon moved to \"~/.cache/git/credential/socket\". * now avoid blindly falling back to \".git\" when the setup sequence indicated otherwise * many workflow features, improvements and bug fixes * add a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640) * Wed May 10 2017 astiegerAATTsuse.com- git 2.12.3: * CVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395) * Sat Mar 25 2017 astiegerAATTsuse.com- git 2.12.2: * CLI output fixes * \"Dump http\" transport fixes * various fixes for internal code paths * Trailer \"Cc:\" RFC fix * Tue Mar 21 2017 astiegerAATTsuse.com- git 2.12.1: * Reduce authentication round-trip over HTTP when the server supports just a single authentication method. * \"git add -i\" patch subcommand fixed to have a path selection * various path verification fixes * fix \"git log -L...\" buffer overrun * Tue Mar 07 2017 lchiquittoAATTsuse.de- Submit version 2.12.0 to SLE-12 (fate#322294, bsc#977477) * Fri Feb 24 2017 astiegerAATTsuse.com- git 2.12.0: * Use of an empty string that is used for \'everything matches\' is still warned and Git asks users to use a more explicit \'.\' for that instead. The hope is that existing users will not mind this change, and eventually the warning can be turned into a hard error, upgrading the deprecation into removal of this (mis)feature. That is not scheduled to happen in the upcoming release (yet). * The historical argument order \"git merge HEAD ...\" has been deprecated for quite some time, and will be removed in a future release. * An ancient script \"git relink\" has been removed. * Thu Feb 09 2017 dimstarAATTopensuse.org- Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13. * Fri Feb 03 2017 astiegerAATTsuse.com- git 2.11.1: * The default Travis-CI configuration specifies newer P4 and GitLFS. * The character width table has been updated to match Unicode 9.0 * various fixes affecting multiple subcommands for correctness, bugs, and unexpected behavior. * documentation updates * git-svn updates * Wed Feb 01 2017 lchiquittoAATTsuse.de- Refresh all patches to update line numbers- Add old bug reference to allow submission to SLE-12 * Fri Dec 09 2016 olafAATTaepfle.de- git-gui: Sort entries in optimized tclIndex git-gui-tclIndex.patch * Wed Nov 30 2016 astiegerAATTsuse.com- git 2.11.0: * backward compatibility: + empty string (matching everything) used as pathspec now triggers a warning + historical argument order \"git merge HEAD ...\" is deprecated + default abbreviation length of 7 now scales by repo size * updates + new version of git-gui + many new command line and configuration options + many workflow and output improvements * dropped upstreamed patches: + git-setup-i18n-fix.patch + git-tclIndex.patch * Sat Oct 29 2016 astiegerAATTsuse.com- git 2.10.2: * minor bug fixes * internal code improvements * documentation updates * Tue Oct 04 2016 astiegerAATTsuse.com- git 2.10.1: * documentation and command output updates * Prevents loops on submodules with broken metadata * Forbid removal of the symbolic reference HEAD * Update Japanese translation for \"git-gui\". * Fix \"git commit-tree\" reading commit.gpgsign configuration * Ignore merges when matching with \"git log --cherry-pick\" * Fix \"git format-patch --base=...\" usage of signature separator * \"git add --chmod=+x \" added recently only toggled the executable bit for paths that are either new or modified. This has been corrected to flip the executable bit for all paths that match the given pathspec. * Wed Sep 07 2016 astiegerAATTsuse.com- fix shell lib include path in git-sh-setup (boo#1011169) adding git-setup-i18n-fix.patch * Sat Sep 03 2016 astiegerAATTsuse.com- git 2.10.0, feature and bugfix update: * various workflow output improvements * various improvements and extensions of command line options * A handful of \"git svn\" updates. * internal performance improvements * Wed Aug 31 2016 olafAATTaepfle.de- Reduce build-compare noise git-asciidoc.patch git-tclIndex.patch * Sat Aug 13 2016 astiegerAATTsuse.com- git 2.9.3: * many compatible fixes and improvements to various git commands and functions * Sat Jul 16 2016 astiegerAATTsuse.com- git 2.9.2: * fix test suite failues with 64 bit timestamps * Tue Jul 12 2016 astiegerAATTsuse.com- git 2.9.1: * socket-level KEEPALIVE for git daemon * Various compatible workflow and UI fixes * Various optimisations and documentation updates * Fix regression in v2.9 affecting \"clone --depth\" * Mon Jun 13 2016 astiegerAATTsuse.com- git 2.9.0: * commands in the \"git diff\" and \"git log\" family by default enable the rename detection; use \"diff.renames\" configuration variable to disable this. * merging two branches that have no common ancestor with \"git merge\" is by default forbidden now to prevent creating such an unusual merge by mistake. * output formats of \"git log\" that indents the commit log message by 4 spaces now expands HT in the log message by default. The \"--no-expand-tabs\" option disables this. * \"git commit-tree\" plumbing command required the user to always sign its result when the user sets the commit.gpgsign configuration variable, this is no longer the case. Scrips using commit-tree which may rely on this mistake no needs to read commit.gpgsign and pass the -S option as necessary. * Many more bug fixes and minor updates. * Tue Jun 07 2016 astiegerAATTsuse.com- git 2.8.4: * Documentation updates * \"git fsck\" learned to catch NUL byte in a commit object as potential error and warn. * \"git describe --contains\" improvements * Treat \"http.cookieFile\" config as a path * Suggest \"submodule deinit --all\" for deinitializing all submodules * A couple of bugs around core.autocrlf have been fixed. * \"git difftool\" learned to handle unmerged paths correctly in dir-diff mode. * Thu May 19 2016 astiegerAATTsuse.com- git 2.8.3: * \"git send-email\" now uses a more readable timestamps when formulating a message ID. * When \"git worktree\" feature is in use, \"git branch -d\" allowed deletion of a branch that is checked out in another worktree * When \"git worktree\" feature is in use, \"git branch -m\" renamed a branch that is checked out in another worktree without adjusting the HEAD symbolic ref for the worktree. * \"git format-patch --help\" showed `-s` and `--no-patch` as if these are valid options to the command. We already hide `--patch` option from the documentation, because format-patch is about showing the diff, and the documentation now hides these options as well. * A change back in version 2.7 to \"git branch\" broke display of a symbolic ref in a non-standard place in the refs/ hierarchy (we expect symbolic refs to appear in refs/remotes/ */HEAD to point at the primary branch the remote has, and as .git/HEAD to point at the branch we locally checked out). * A partial rewrite of \"git submodule\" in the 2.7 timeframe changed the way the gitdir: pointer in the submodules point at the real repository location to use absolute paths by accident. This has been corrected. * \"git commit\" misbehaved in a few minor ways when an empty message is given via -m \'\', all of which has been corrected. * Support for CRAM-MD5 authentication method in \"git imap-send\" did not work well. * The socks5:// proxy support added back in 2.6.4 days was not aware that socks5h:// proxies behave differently. * \"git config\" had a codepath that tried to pass a NULL to printf(\"%s\"), which nobody seems to have noticed. * \"git replace -e\" did not honour \"core.editor\" configuration. * \"git submodule\" reports the paths of submodules the command recurses into, but this was incorrect when the command was not run from the root level of the superproject. * The \"user.useConfigOnly\" configuration variable makes it an error if users do not explicitly set user.name and user.email. However, its check was not done early enough and allowed another error to trigger, reporting that the default value we guessed from the system setting was unusable. This was a suboptimal end-user experience as we want the users to set user.name/user.email without relying on the auto-detection at all. * \"git mv old new\" did not adjust the path for a submodule that lives as a subdirectory inside old/ directory correctly. * \"git push\" from a corrupt repository that attempts to push a large number of refs deadlocked; the thread to relay rejection notices for these ref updates blocked on writing them to the main thread, after the main thread at the receiving end notices that the push failed and decides not to read these notices and return a failure. * A question by \"git send-email\" to ask the identity of the sender has been updated. * Recent update to Git LFS broke \"git p4\" by changing the output from its \"lfs pointer\" subcommand. * Some multi-byte encoding can have a backslash byte as a later part of one letter, which would confuse \"highlight\" filter used in gitweb. * Sat Apr 30 2016 astiegerAATTsuse.com- git 2.8.2: * \"index-pack --keep=\" was broken since v2.1.0 timeframe. * \"git config --get-urlmatch\", unlike other variants of the \"git config --get\" family, did not signal error with its exit status when there was no matching configuration. * The \"--local-env-vars\" and \"--resolve-git-dir\" options of \"git rev-parse\" failed to work outside a repository when the command\'s option parsing was rewritten in 1.8.5 era. * Fetching of history by naming a commit object name directly didn\'t work across remote-curl transport. * A small memory leak in an error codepath has been plugged in xdiff code. * \"git mergetool\" did not work well with conflicts that both sides deleted. * \"git send-email\" had trouble parsing alias file in mailrc format when lines in it had trailing whitespaces on them. * When \"git merge --squash\" stopped due to conflict, the concluding \"git commit\" failed to read in the SQUASH_MSG that shows the log messages from all the squashed commits. * \"git merge FETCH_HEAD\" dereferenced NULL pointer when merging nothing into an unborn history (which is arguably unusual usage, which perhaps was the reason why nobody noticed it). * \"git diff -M\" used to work better when two originally identical files A and B got renamed to X/A and X/B by pairing A to X/A and B to X/B, but this was broken in the 2.0 timeframe. * \"git send-pack --all \" was broken when its command line option parsing was written in the 2.6 timeframe. * When running \"git blame $path\" with unnormalized data in the index for the path, the data in the working tree was blamed, even though \"git add\" would not have changed what is already in the index, due to \"safe crlf\" that disables the line-end conversion. It has been corrected. * Mon Apr 18 2016 termimAATTgmail.com- add desktop entry for the git gui * Sun Apr 03 2016 astiegerAATTsuse.com- git 2.8.1: * make rpmbuild target was broken, unused in openSUSE package * Fri Apr 01 2016 astiegerAATTsuse.com- git 2.8.0 * Backward compatibility: + The rsync:// transport has been removed. * various subcommands improvements * various output improvements * improved handling of notes * improved handling of end of line styles * http.proxyAuthMethod configures proxy authentication method * new \"^{/!-}\" notation * \"user.useConfigOnly\" configuration variable forces individual project configuration * \"git fetch\" and friends that make network connections can now be told to only use ipv4 (or ipv6). * http.[.]pinnedpubkey to specify the pinned public key * bug fixes and performance improvements * Thu Mar 17 2016 astiegerAATTsuse.com- git 2.7.4: Fix remote code execution via buffer overflow (CVE-2016-2315, CVE-2016-2324, bsc#971328) * plug heap corruption holes * catch integer overflow in the computation of pathname lengths * get rid of the name_path API. Both of These would have resulted in writing over an under-allocated buffer when formulating pathnames while tree traversal. * Fri Mar 11 2016 astiegerAATTsuse.com- git 2.7.3: * \"git show \'HEAD:Foo[BAR]Baz\'\" did not interpret the argument as a rev, i.e. the object named by the the pathname with wildcard characters in a tree object. * \"git rev-parse --git-common-dir\" used in the worktree feature misbehaved when run from a subdirectory. * The \"v(iew)\" subcommand of the interactive \"git am -i\" command was broken in 2.6.0 timeframe when the command was rewritten in C. * \"git merge-tree\" used to mishandle \"both sides added\" conflict with its own \"create a fake ancestor file that has the common parts of what both sides have added and do a 3-way merge\" logic; this has been updated to use the usual \"3-way merge with an empty blob as the fake common ancestor file\" approach used in the rest of the system. * The documentation did not clearly state that the \'simple\' mode is now the default for \"git push\" when push.default configuration is not set. * Test adjustments for GNU grep, obsoleting git-2.7.1-fix-tests-grep-2.23.patch * \"git config section.var value\" to set a value in per-repository configuration file failed when it was run outside any repository, but didn\'t say the reason correctly. * Tue Feb 23 2016 astiegerAATTsuse.com- git 2.7.2: * improvements placing conflict markers with different line terminators * \"git worktree\" fixes for manually moved paths * \"git push --force-with-lease\" has been taught to report if the push needed to force (or fast-forwarded). * vimdiff backend improvements for \"git mergetool\": buffer order * improvements for handling paths added to index with \"add -N\" which are not in the index yet * Mon Feb 15 2016 astiegerAATTsuse.com- fix test failures with grep 2.23 add git-2.7.1-fix-tests-grep-2.23.patch * Sat Feb 06 2016 astiegerAATTsuse.com- git 2.7.1: * fix hooks and aliases fixes with GIT_WORK_TREE * fix \"git send-email\" reading escaped quotes in mutt alias files * fix some crashes and regressions * Tue Jan 26 2016 bwiedemannAATTsuse.com- use %perl_requires to allow for easier git+perl updates (boo#961112) * Mon Jan 11 2016 astiegerAATTsuse.com- package git-new-workdir [boo#961292] * Tue Jan 05 2016 astiegerAATTsuse.com- git 2.7.0: * UI, Workflows & Features updates * new subcommands, parameters and configuration options * performance improvements and code clean-ups * remove upstreamed patches: 0001-gitk-Fix-crash-with-all-in-non-English-locales.patch 0002-gitk-Update-msgid-s-for-menu-items-with-accelerator.patch 0003-gitk-Add-accelerators-to-Japanese-locale.patch 0004-gitk-Add-accelerator-to-German-locale.patch * Tue Jan 05 2016 astiegerAATTsuse.com- git 2.6.5: * Update \"git subtree\" (in contrib/) so that it can take whitespaces in the pathnames, not only in the in-tree pathname but the name of the directory that the repository is in. * \"git p4\" used to import Perforce CLs that touch only paths outside the client spec as empty commits. It has been corrected to ignorethem instead, with a new configuration git-p4.keepEmptyCommits as a backward compatibility knob. * Improve error reporting when SMTP TLS fails. * \"git symbolic-ref\" forgot to report a failure with its exit status. * History traversal with \"git log --source\" that starts with an annotated tag failed to report the tag as \"source\", due to an old regression in the command line parser back in v2.2 days. * Wed Dec 09 2015 astiegerAATTsuse.com- git 2.6.4: * Add support for talking http/https over socks proxy. * Allow all hooks to ignore their standard input, rather than having git complain of SIGPIPE. * Allow tilde-expansion in some http config variables. * Make git-p4 work on a detached head. * Add \"git rebase --no-autostash\" * Allow \"git interpret-trailers\" to run outside of a Git repository. * Sat Nov 07 2015 astiegerAATTsuse.com- git 2.6.3: * UI output fixes * Bug fixes on case insensitive filesystems * git p4 fixes * Prepare for Git on-disk repository representation to undergo backward incompatible changes by introducing a new repository format version \"1\", with an extension mechanism.- include gpg2 for tests * Thu Oct 22 2015 tiwaiAATTsuse.de- Fix crash of gitk with --all option in non-English locales (bsc#951153): 0001-gitk-Fix-crash-with-all-in-non-English-locales.patch 0002-gitk-Update-msgid-s-for-menu-items-with-accelerator.patch 0003-gitk-Add-accelerators-to-Japanese-locale.patch 0004-gitk-Add-accelerator-to-German-locale.patch * Mon Oct 19 2015 astiegerAATTsuse.com- git 2.6.2: * git fsck return status fixes * Fix for case insensitive filesystems * Fix \"git am\" ignoring user.signingkey * For ssh transport, explicitly clear GIT_ * environment variables * Other compatible minor bug fixes and improvements- drop pager-don-t-use-unsafe-functions-in-signal-handle.patch * Tue Oct 06 2015 astiegerAATTsuse.com- git 2.6.1, with a security fix: * Make xdiff code handle extremely large files, cap around 1GB. * Some protocols (like git-remote-ext) can execute arbitrary code found in the URL. The URLs that submodules use may come from arbitrary sources (e.g., .gitmodules files in a remote repository), and can hurt those who blindly enable recursive fetch. Restrict the allowed protocols to well known and safe ones. [boo#948969] * Tue Sep 29 2015 astiegerAATTsuse.com- git 2.6.0: * many UI and workflow updates, added parameters and options * some performance optimisations and resource use reduction- refresh pager-don-t-use-unsafe-functions-in-signal-handle.patch * Fri Sep 25 2015 tiwaiAATTsuse.de- Fix deadlock in signal handler in pager (boo#942297): pager-don-t-use-unsafe-functions-in-signal-handle.patch * Sun Sep 20 2015 astiegerAATTsuse.com- git 2.5.3: * The experimental untracked-cache feature were buggy when paths with a few levels of subdirectories are involved. * Fix performance regression in \"git am --skip\" * Sat Sep 19 2015 dimstarAATTopensuse.org- Suggest instead of recommend git-web: git-web is the web-server browsing part. Users that install git-core and appache will still get it auto-recommended based on the supplements. * Fri Sep 11 2015 astiegerAATTsuse.com- git 2.5.2: * usability bug fixes * performance bug fixes * fix \"git archive\" usage of zip64 for >64k entries * Sun Aug 30 2015 astiegerAATTsuse.com- git 2.5.1: * Performance optimisation for some casee * Minor bug fixes * Fix a regression for clone repository name guessing * Fix a regressoin in \"git pull\" related to --upload-pack * Tue Aug 25 2015 schwabAATTsuse.de- In SLE 11 perl-Term-ReadKey is called perl-TermReadKey * Tue Jul 28 2015 astiegerAATTsuse.com- git 2.5.0: * Improvements working with perforce (git p4) * A new short-hand AATT{push} * Introduce http..SSLCipherList configuration variable to tweak the list of cipher suite to be used with libcURL when talking with https:// sites. * \"git cat-file --batch(-check)\" new option \"--follow-symlinks\" * \"git send-email\" learned the alias file format used by the sendmail program * For 3-way merge drivers, add %P (final path) * \"git blame\" learned blame.showEmail configuration variable. * Add the \"--allow-unknown-type\" option to \"cat-file\" * Many long-running operations now show progress eye-candy * Tue Jul 28 2015 astiegerAATTsuse.com- git 2.4.7: * Fix \"git fsck\" regression related to body-less tag object * Ask libCURL to use the most secure proxy authentication method * Fix shell handling issues in git log * Fix git config on read-only fs * Make \"git rebase\" exit with failure when format-patch fails * Wed Jul 22 2015 jslabyAATTsuse.com- put git-credential-cache--daemon into git-core -- it is needed for git-credential-cache (bnc#939065) * Fri Jul 17 2015 astiegerAATTsuse.com- git 2.4.6: * \"git fetch --depth=\" and \"git clone --depth=\" issued a shallow transfer request even to an upload-pack that does not support the capability. * \"git fsck\" used to ignore missing or invalid objects recorded in reflog. * The tcsh completion writes a bash scriptlet but that would have failed for users with noclobber set. * \"git format-patch --ignore-if-upstream A..B\" did not like to be fed tags as boundary commits.- git-tcsh-completion-fixes.diff adjusted for context changes * Fri Jun 26 2015 astiegerAATTsuse.com- git 2.4.5: * internal code and stability improvements * \"\"git rebase -i\" fired post-rewrite hook when it shouldn\'t (namely, when it was told to stop sequencing with \'exec\' insn). * Wed Jun 17 2015 astiegerAATTsuse.com- git 2.4.4: * l10n updates for German. * An earlier leakfix to bitmap testing code was incomplete. * \"git clean pathspec...\" tried to lstat(2) and complain even for paths outside the given pathspec. * Communication between the HTTP server and http_backend process can lead to a dead-lock when relaying a large ref negotiation request. Diagnose the situation better, and mitigate it by reading such a request first into core (to a reasonable limit). * The clean/smudge interface did not work well when filtering an empty contents (failed and then passed the empty input through). It can be argued that a filter that produces anything but empty for an empty input is nonsense, but if the user wants to do strange things, then why not? * Make \"git stash something --help\" error out, so that users can safely say \"git stash drop --help\". * Clarify that \"log --raw\" and \"log --format=raw\" are unrelated concepts. * Catch a programmer mistake to feed a pointer not an array to ARRAY_SIZE() macro, by using a couple of GCC extensions. * Sun Jun 07 2015 astiegerAATTsuse.com- git 2.4.3: * Ui message corrections and improvements * \"git pull --log\" and \"git pull --no-log\" worked as expected, but \"git pull --log=20\" did not. * Fix pull.ff configuration overriding merge.ff * fix memory leaks and resource exhaustion errors * documentation fixes * Fix core.excludesfile priorities * Wed May 27 2015 astiegerAATTsuse.com- git 2.4.2: * \"git rev-list --objects $old --not --all\" to see if everything that is reachable from $old is already connected to the existing refs was very inefficient. * \"hash-object --literally\" introduced in v2.2 was not prepared to take a really long object type name. * \"git rebase --quiet\" was not quite quiet when there is nothing to do. * The completion for \"log --decorate=\" parameter value was incorrect. * \"filter-branch\" corrupted commit log message that ends with an incomplete line on platforms with some \"sed\" implementations that munge such a line. Work it around by avoiding to use \"sed\". * \"git daemon\" fails to build from the source under NO_IPV6 configuration (regression in 2.4). * \"git stash pop/apply\" forgot to make sure that not just the working tree is clean but also the index is clean. The latter is important as a stash application can conflict and the index will be used for conflict resolution. * No longer prepend $GIT_EXEC_PATH and install path to path of executed subprograms and hooks. * Thu May 14 2015 astiegerAATTsuse.com- git 2.4.1: * git diff bugfixes and improvements * Fix spelling in .gitconfig created upon \"git config --global\" * \"git commit --date=now\" or anything that relies on approxidate lost the daylight-saving-time offset. * \"git cat-file bl $blob\" failed to barf even though there is no object type that is \"bl\". * Improvements for repositories on NFS * Mon May 04 2015 jengelhAATTinai.de- Update to new upstream release 2.4.0 * \"git push\" has been taught an \"--atomic\" option that makes a push that updates more than one ref an \"all-or-none\" affair. * Output from \"git log --decorate\" now distinguishes between a detached HEAD vs. a HEAD that points at a branch. * The phrasing `git branch` uses to describe a detached HEAD has been updated to agree with the phrasing used by `git status`. * A new \"push.followTags\" configuration turns the \"--follow-tags\" option on by default for the `git push` command.- Retrieve tarball signature * Tue Apr 28 2015 astiegerAATTsuse.com- git 2.3.7: * An earlier update to the parser that disects a URL broke an address, followed by a colon, followed by an empty string (instead of the port number), e.g. ssh://example.com:/path/to/repo. * The completion script (in contrib/) contaminated global namespace and clobbered on a shell variable $x. * The \"git push --signed\" protocol extension did not limit what the \"nonce\" that is a server-chosen string can contain or how long it can be, which was unnecessarily lax. Limit both the length and the alphabet to a reasonably small space that can still have enough entropy. * Sun Apr 26 2015 astiegerAATTsuse.com- git 2.3.6: * \"diff-highlight\" (in contrib/) multibyte character support * Thu Apr 02 2015 astiegerAATTsuse.com- git 2.3.5: * The prompt script (in contrib/) did not show the untracked sign when working in a subdirectory without any untracked files. * Even though \"git grep --quiet\" is run merely to ask for the exit status, we spawned the pager regardless. Stop doing that. * Recommend format-patch and send-email for those who want to submit patches to this project. * An failure early in the \"git clone\" that started creating the working tree and repository could have resulted in some directories and files left without getting cleaned up. * \"git fetch\" that fetches a commit using the allow-tip-sha1-in-want extension could have failed to fetch all the requested refs. * The split-index mode introduced at v2.3.0-rc0~41 was broken in the codepath to protect us against a broken reimplementation of Git that writes an invalid index with duplicated index entries, etc. * \"git prune\" used to largely ignore broken refs when deciding which objects are still being used, which could spread an existing small damage and make it a larger one. * \"git tag -h\" used to show the \"--column\" and \"--sort\" options that are about listing in a wrong section. * The transfer.hiderefs support did not quite work for smart-http transport. * The code that reads from the ctags file in the completion script (in contrib/) did not spell ${param/pattern/string} substitution correctly, which happened to work with bash but not with zsh. * The explanation on \"rebase --preserve-merges\", \"pull - -rebase=preserve\", and \"push --force-with-lease\" in the documentation was unclear. * Tue Mar 24 2015 astiegerAATTsuse.com- git 2.3.4: * The \'color.status.unmerged\' configuration was not described. * \"git log --decorate\" did not reset colors correctly around the branch names. * \"git -C \'\' subcmd\" refused to work in the current directory, unlike \"cd \'\'\" which silently behaves as a no-op. * \"git imap-send\" learned to optionally talk with an IMAP server via libcURL; because there is no other option when Git is built with NO_OPENSSL option, use that codepath by default under such configuration. * A workaround for certain build of GPG that triggered false breakage in a test has been added. * \"git rebase -i\" recently started to include the number of commits in the insn sheet to be processed, but on a platform that prepends leading whitespaces to \"wc -l\" output, the numbers are shown with extra whitespaces that aren\'t necessary. * We did not parse username followed by literal IPv6 address in SSH transport URLs, e.g. ssh://userAATT[2001:db8::1]:22/repo.git correctly. * Sat Mar 14 2015 astiegerAATTsuse.com- git 2.3.3: * A corrupt input to \"git diff -M\" used cause us to segfault. * The borrowed code in kwset API did not follow our usual convention to use \"unsigned char\" to store values that range from 0-255. * Description given by \"grep -h\" for its --exclude-standard option was phrased poorly. * Documentaton for \"git remote add\" mentioned \"--tags\" and \"--no-tags\" and it was not clear that fetch from the remote in the future will use the default behaviour when neither is given to override it. * \"git diff --shortstat --dirstat=changes\" showed a dirstat based on lines that was never asked by the end user in addition to the dirstat that the user asked for. * The interaction between \"git submodule update\" and the submodule. *.update configuration was not clearly documented. * \"git apply\" was not very careful about reading from, removing, updating and creating paths outside the working tree (under - -index/--cached) or the current directory (when used as a replacement for GNU patch). * \"git daemon\" looked up the hostname even when \"%CH\" and \"%IP\" interpolations are not requested, which was unnecessary. * The \"interpolated-path\" option of \"git daemon\" inserted any string client declared on the \"host=\" capability request without checking. Sanitize and limit %H and %CH to a saner and a valid DNS name. * Thu Mar 12 2015 tiwaiAATTsuse.de- Fix missing /usr/share/tcsh/git.complete (bnc#919105): git-tcsh-completion-fixes.diff was refreshed for generating the script correctly * Sat Mar 07 2015 astiegerAATTsuse.com- git 2.3.2: * \"update-index --refresh\" used to leak when an entry cannot be refreshed for whatever reason. * \"git fast-import\" used to crash when it could not close and conclude the resulting packfile cleanly. * \"git blame\" died, trying to free an uninitialized piece of memory. * \"git merge-file\" did not work correctly in a subdirectory. * \"git submodule add\" failed to squash \"path/to/././submodule\" to \"path/to/submodule\". * In v2.2.0, we broke \"git prune\" that runs in a repository that borrows from an alternate object store. * Certain older vintages of cURL give irregular output from \"curl-config --vernum\", which confused our build system. * Longstanding configuration variable naming rules has been added to the documentation. * Older GnuPG implementations may not correctly import the keyring material we prepare for the tests to use. * Clarify in the documentation that \"remote..pushURL\" and \"remote..URL\" are there to name the same repository accessed via different transports, not two separate repositories. * The pack bitmap support did not build with older versions of GCC. * Reading configuration from a blob object, when it ends with a lone CR, use to confuse the configuration parser. * We didn\'t format an integer that wouldn\'t fit in \"int\" but in \"uintmax_t\" correctly. * \"git push --signed\" gave an incorrectly worded error message when the other side did not support the capability. * \"git fetch\" over a remote-helper that cannot respond to \"list\" command could not fetch from a symbolic reference e.g. HEAD. * The insn sheet \"git rebase -i\" creates did not fully honor core.abbrev settings. * The tests that wanted to see that file becomes unreadable after running \"chmod a-r file\", and the tests that wanted to make sure it is not run as root, we used \"can we write into the / directory?\" as a cheap substitute, but on some platforms that is not a good heuristics. The tests and their prerequisites have been updated to check what they really require. * The configuration variable \'mailinfo.scissors\' was hard to discover in the documentation. * Correct a breakage to git-svn around v2.2 era that triggers premature closing of FileHandle. * Even though we officially haven\'t dropped Perl 5.8 support, the Getopt::Long package that came with it does not support \"--no-\" prefix to negate a boolean option; manually add support to help people with older Getopt::Long package. * Wed Mar 04 2015 schwabAATTlinux-m68k.org- Don\'t install dummy hg and bzr remote helpers * Thu Feb 26 2015 astiegerAATTsuse.com- git 2.3.1: * The interactive \"show a list and let the user choose from it\" interface \"add -i\" used showed and prompted to the user even when the candidate list was empty, against which the only \"choice\" the user could have made was to choose nothing. * \"git apply --whitespace=fix\" used to under-allocate the memory when the fix resulted in a longer text than the original patch. * \"git log --help\" used to show rev-list options that are irrelevant to the \"log\" command. * The error message from \"git commit\", when a non-existing author name was given as value to the \"--author=\" parameter, has been reworded to avoid misunderstanding. * A broken pack .idx file in the receiving repository prevented the dumb http transport from fetching a good copy of it from the other side. * The documentation incorrectly said that C(opy) and R(ename) are the only ones that can be followed by the score number in the output in the --raw format. * Fix a misspelled conditional that is always true. * Code to read branch name from various files in .git/ directory would have misbehaved if the code to write them left an empty file. * The \"git push\" documentation made the \"--repo=\" option easily misunderstood. * After attempting and failing a password-less authentication (e.g. kerberos), libcURL refuses to fall back to password based Basic authentication without a bit of help/encouragement. * Setting diff.submodule to \'log\' made \"git format-patch\" produce broken patches. * \"git rerere\" (invoked internally from many mergy operations) did not correctly signal errors when told to update the working tree files and failed to do so for whatever reason. * \"git blame HEAD -- missing\" failed to correctly say \"HEAD\" when it tried to say \"No such path \'missing\' in HEAD\". * Fri Feb 06 2015 astiegerAATTsuse.com- git 2.3.0: Many small corrections and improvements.- UI, Workflows and Features: * New GIT_SSH_COMMAND environment variable * Can now store empty notes * \"git interpret-trailers\" learned to properly handle the \"Conflicts:\" block at the end. * \"git am\" learned \"--message-id\" option * \"git clone --reference=\" learned the \"--dissociate\" option * \"git send-email\" learned the \"--transfer-encoding\" option * \"git send-email\" learned the \"--no-xmailer\" option * \"git branch -d\" (delete) and \"git branch -m\" (move) learned to honor \"-f\" (force) flag * \"git imap-send\" learned to take \"-v\" (verbose) and \"-q\" (quiet) command line options. * Tue Jan 13 2015 andreas.stiegerAATTgmx.de- git 2.2.2: + \"git checkout $treeish $path\", when $path in the index and the working tree already matched what is in $treeish at the $path, still overwrote the $path unnecessarily. + \"git config --get-color\" did not parse its command line arguments carefully. + A few code paths used abs() when they should have used labs() on long integers. + \"gitweb\" used to depend on a behaviour recent CGI.pm deprecated. + \"git init\" (hence \"git clone\") initialized the per-repository configuration file .git/config with x-bit by mistake. + Git 2.0 was supposed to make the \"simple\" mode for the default of \"git push\", but it didn\'t. + \"Everyday\" document had a broken link. + The build procedure did not bother fixing perl and python scripts when NO_PERL and NO_PYTHON build-time configuration changed. + The code that reads the reflog from the newer to the older entries did not handle an entry that crosses a boundary of block it uses to read them correctly. + \"git apply\" was described in the documentation to take --ignore-date option, which it does not. + Traditionally we tried to avoid interpreting date strings given by the user as future dates, e.g. GIT_COMMITTER_DATE=2014-12-10 when used early November 2014 was taken as \"October 12, 2014\" because it is likely that a date in the future, December 10, is a mistake. This heuristics has been loosened to allow people to express future dates (most notably, --until= may want to be far in the future) and we no longer tiebreak by future-ness of the date when (1) ISO-like format is used, and (2) the string can make sense interpreted as both y-m-d and y-d-m. Git may still have to use the heuristics to tiebreak between dd/mm/yy and mm/dd/yy, though. + The code to abbreviate an object name to its short unique prefix has been optimized when no abbreviation was requested. + \"git add --ignore-errors ...\" did not ignore an error to give a file that did not exist. + Git did not correctly read an overlong refname from a packed refs file. * Fri Dec 19 2014 andreas.stiegerAATTgmx.de- git 2.2.1 Fixes arbitrary command execution vulnerability on case- insensitive file systems. [boo#910756] [CVE-2014-9390] This is not a usual case on GNU/Linux, but this update prevents such commits to propagate to third parties (Windows, OS X) that may be vulnerable. * Thu Nov 27 2014 andreas.stiegerAATTgmx.de- git 2.2.0: + improvements and updates to UI, Workflows, Features and options + better temporary file handling + API updates + bug fixes- package new git-subtree.html * Tue Nov 18 2014 novellAATTmirell.de- Add git-credential-gnome-keyring subpackage for GNOME keyring credential storage support * Mon Nov 17 2014 bwiedemannAATTsuse.com- Allow snapshot generation in apparmor profile (bnc#905707) * Wed Oct 29 2014 andreas.stiegerAATTgmx.de- git 2.1.3: * Some MUAs mangled a line in a message that begins with \"From \" to \">From \" when writing to a mailbox file and feeding such an input to \"git am\" used to lose such a line. * \"git daemon\" (with NO_IPV6 build configuration) used to incorrectly use the hostname even when gethostbyname() reported that the given hostname is not found. * Newer versions of \'meld\' breaks the auto-detection we use to see if they are new enough to support the `--output` option. * \"git pack-objects\" forgot to disable the codepath to generate object recheability bitmap when it needs to split the resulting pack. * \"gitweb\" used deprecated CGI::startfrom, which was removed from CGI.pm as of 4.04; use CGI::start_from instead. * \"git log\" documentation had an example section marked up not quite correctly, which passed AsciiDoc but failed with AsciiDoctor. * Also contains some documentation updates.
|
|
|