Revisions of git

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1146242 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 307)
- update to 2.43.1:
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.txt
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1127934 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 304)
- update to 2.43.0:
 * The "--rfc" option of "git format-patch" used to be a valid way to
   override an earlier "--subject-prefix=<something>" on the command
   line and replace it with "[RFC PATCH]", but from this release, it
   merely prefixes the string "RFC " in front of the given subject
   prefix.  If you are negatively affected by this change, please use
   "--subject-prefix=PATCH --rfc" as a replacement.
 * In Git 2.42, "git rev-list --stdin" learned to take non-revisions
   (like "--not") from the standard input, but the way such a "--not" was
   handled was quite confusing, which has been rethought.  The updated
   rule is that "--not" given from the command line only affects revs
   given from the command line that comes but not revs read from the
   standard input, and "--not" read from the standard input affects
   revs given from the standard input and not revs given from the
   command line.
 * A message written in olden time prevented a branch from getting
   checked out, saying it is already checked out elsewhere. But these
   days, we treat a branch that is being bisected or rebased just like
   a branch that is checked out and protect it from getting modified
   with the same codepath.  The message has been rephrased to say that
   the branch is "in use" to avoid confusion.
 * Hourly and other schedules of "git maintenance" jobs are randomly
   distributed now.
 * "git cmd -h" learned to signal which options can be negated by
   listing such options like "--[no-]opt".
 * The way authentication related data other than passwords (e.g.,
   oauth token and password expiration data) are stored in libsecret
   keyrings has been rethought.
 * Update the libsecret and wincred credential helpers to correctly
   match which credential to erase; they erased the wrong entry in
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1123351 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 303)
git 2.24.1 (forwarded request 1123323 from AndreasStieger)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1082939 from Danilo Spinella's avatar Danilo Spinella (dspinella) (revision 298)
- git 2.40.1:
  * CVE-2023-25652: By feeding specially crafted input to git apply
    --reject, a path outside the working tree can be overwritten
    with partially controlled contents (corresponding to the
    rejected hunk(s) from the given patch).
  * CVE-2023-25815: When Git is compiled with runtime prefix
    support and runs without translated messages, it still used
    the gettext machinery to display messages, which subsequently
    potentially looked for translated messages in unexpected
    places. This allowed for malicious placement of crafted
    messages.
  * CVE-2023-29007: When renaming or deleting a section from a
    configuration file, certain malicious configuration values may
    be misinterpreted as the beginning of a new configuration
    section, leading to arbitrary configuration injection.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1079426 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 297)
- sha256_clone_fix.patch: fix cloning of empty sha256 repositories (jsc#PED-3891)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1065811 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 294)
- git 2.39.2:
  * CVE-2023-22490: Using a specially-crafted repository, Git can
    be tricked into using its local clone optimization even when
    using a non-local transport boo#1208027
  * CVE-2023-23946: a path outside the working tree can be
    overwritten as the user who is running "git apply" boo#1208028
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1059326 from Marcus Rueckert's avatar Marcus Rueckert (darix) (revision 293)
- git 2.39.1, fixing two security issues that could allow remote
  code execution when accessing specially crafted repositories:
  * CVE-2022-41903: log format integer overflow boo#1207033
  * CVE-2022-23521: gitattributed parsing integer overflow
    boo#1207032
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1043115 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 292)
- switch to pkgconfig(zlib) so that alternative providers can be
  used
Displaying revisions 1 - 20 of 309
openSUSE Build Service is sponsored by