Revisions of git
git 2.27.0
- Protocol v2 in_vain fixes (bsc#1170741, bsc#1170939).
- With recent switch to protocol v2 people are reporting fetches transferring unreasonable amount of data. Upstream proposes switching the protocol back until the issue is properly diagnosed. The regression is problematic for people with lower network connection speed. Added: Revert-fetch-default-to-protocol-version-2.patch - git 2.26.2: * CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (boo#1169936) - Submit to SLE15 / resubmit to Factory (bsc#1169786, jsc#SLE-12396, bsc#1149792)
Automatic submission by obs-autosubmit
- git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (boo#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (boo#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (boo#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (boo#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (boo#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (boo#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (boo#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (boo#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (boo#1158795)
- 0001-DOC-Move-to-DocBook-5-when-using-asciidoctor.patch: Don't remove "-x manpage.xsl" option - BuildRequire docbook5-xsl-stylesheets - git 2.24.0 * The command line parser learned "--end-of-options" notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * "git fetch" learned "--set-upstream" option to help those who first clone from their private fork they intend to push to, add the true upstream via "git remote add" and then "git fetch" from it. * fixes and improvements to UI, workflow and features, bash completion fixes - modified patch 0001-DOC-Move-to-DocBook-5-when-using-asciidoctor.patch * part of it merged upstream * the Makefile attempted to download some documentation, banned
changelog merge because of SLE git update
Displaying revisions 61 - 80 of 312