188 lines
9.7 KiB
Plaintext
188 lines
9.7 KiB
Plaintext
<patchinfo incident="48">
|
|
<!-- generated from request(s) 332614 -->
|
|
<issue tracker="bnc" id="779536">Some Bash completions do not work</issue>
|
|
<issue tracker="bnc" id="1042640">VUL-1: CVE-2005-4900: git: hardening against practical SHA1 attacks (SHATTERED)</issue>
|
|
<issue tracker="bnc" id="1061041">VUL-0: CVE-2017-14867: git: cvsserver command injection</issue>
|
|
<issue tracker="bnc" id="1069468">Packages should no longer use /var/adm/fillup-templates</issue>
|
|
<issue tracker="bnc" id="1082023">git send-email fails to authenticate with SMTP server</issue>
|
|
<issue tracker="bnc" id="1216545">git-web package update overrides custom app armor profile in /etc</issue>
|
|
<issue tracker="bnc" id="1218588">git instaweb returns "No such projects found"</issue>
|
|
<issue tracker="bnc" id="1218664">`git instaweb` on OpenSUSE Tumbleweed: /etc/gitweb-common.conf is not being read</issue>
|
|
<issue tracker="bnc" id="1224168">VUL-0: CVE-2024-32002: git: recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion</issue>
|
|
<issue tracker="bnc" id="1224170">VUL-0: CVE-2024-32004: git: arbitrary code execution during local clones</issue>
|
|
<issue tracker="bnc" id="1224171">VUL-0: CVE-2024-32020: git: file overwriting vulnerability during local clones</issue>
|
|
<issue tracker="bnc" id="1224172">VUL-0: CVE-2024-32021: git: git may create hardlinks to arbitrary user-readable files</issue>
|
|
<issue tracker="bnc" id="1224173">VUL-0: CVE-2024-32465: git: arbitrary code execution during clone operations</issue>
|
|
<issue tracker="cve" id="2005-4900"/>
|
|
<issue tracker="cve" id="2017-14867"/>
|
|
<issue tracker="cve" id="2024-32002"/>
|
|
<issue tracker="cve" id="2024-32004"/>
|
|
<issue tracker="cve" id="2024-32020"/>
|
|
<issue tracker="cve" id="2024-32021"/>
|
|
<issue tracker="cve" id="2024-32465"/>
|
|
<issue tracker="jsc" id="SLE-17838"/>
|
|
<packager>dspinella</packager>
|
|
<rating>important</rating>
|
|
<category>security</category>
|
|
<summary>Security update for git</summary>
|
|
<description>This update for git fixes the following issues:
|
|
|
|
git was updated to 2.45.1:
|
|
|
|
* CVE-2024-32002: recursive clones on case-insensitive
|
|
filesystems that support symbolic links are susceptible to case
|
|
confusion (bsc#1224168)
|
|
* CVE-2024-32004: arbitrary code execution during local clones
|
|
(bsc#1224170)
|
|
* CVE-2024-32020: file overwriting vulnerability during local
|
|
clones (bsc#1224171)
|
|
* CVE-2024-32021: git may create hardlinks to arbitrary user-
|
|
readable files (bsc#1224172)
|
|
* CVE-2024-32465: arbitrary code execution during clone operations
|
|
(bsc#1224173)
|
|
|
|
Update to 2.45.0:
|
|
|
|
* Improved efficiency managing repositories with many references
|
|
("git init --ref-format=reftable")
|
|
* "git checkout -p" and friends learned that that "@" is a
|
|
synonym for "HEAD"
|
|
* cli improvements handling refs
|
|
* Expanded a number of commands and options, UI improvements
|
|
* status.showUntrackedFiles now accepts "true"
|
|
* git-cherry-pick(1) now automatically drops redundant commits
|
|
with new --empty option
|
|
* The userdiff patterns for C# has been updated.
|
|
|
|
Update to 2.44.0:
|
|
|
|
* "git checkout -B <branch>" now longer allows switching to a
|
|
branch that is in use on another worktree. The users need to
|
|
use "--ignore-other-worktrees" option.
|
|
* Faster server-side rebases with git replay
|
|
* Faster pack generation with multi-pack reuse
|
|
* rebase auto-squashing now works in non-interactive mode
|
|
* pathspec now understands attr, e.g. ':(attr:~binary) for
|
|
selecting non-binaries, or builtin_objectmode for selecting
|
|
items by file mode or other properties
|
|
* Many other cli UI and internal improvements and extensions
|
|
|
|
- Do not replace apparmor configuration, fixes bsc#1216545
|
|
|
|
Update to 2.43.2:
|
|
|
|
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.txt
|
|
* Update to a new feature recently added, "git show-ref --exists".
|
|
* Rename detection logic ignored the final line of a file if it
|
|
is an incomplete line.
|
|
* "git diff --no-rename A B" did not disable rename detection but
|
|
did not trigger an error from the command line parser.
|
|
* "git diff --no-index file1 file2" segfaulted while invoking the
|
|
external diff driver, which has been corrected.
|
|
* A failed "git tag -s" did not necessarily result in an error
|
|
depending on the crypto backend, which has been corrected.
|
|
* "git stash" sometimes was silent even when it failed due to
|
|
unwritable index file, which has been corrected.
|
|
* Recent conversion to allow more than 0/1 in GIT_FLUSH broke the
|
|
mechanism by flipping what yes/no means by mistake, which has
|
|
been corrected.
|
|
|
|
Update to 2.43.1:
|
|
|
|
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.txt
|
|
|
|
- gitweb AppArmor profile: allow reading etc/gitweb-common.conf
|
|
(bsc#1218664)
|
|
|
|
- git moved to /usr/libexec/git/git, update AppArmor profile
|
|
accordingly (bsc#1218588)
|
|
|
|
Update to 2.43.0:
|
|
|
|
* The "--rfc" option of "git format-patch" used to be a valid way to
|
|
override an earlier "--subject-prefix=<something>" on the command
|
|
line and replace it with "[RFC PATCH]", but from this release, it
|
|
merely prefixes the string "RFC " in front of the given subject
|
|
prefix. If you are negatively affected by this change, please use
|
|
"--subject-prefix=PATCH --rfc" as a replacement.
|
|
* In Git 2.42, "git rev-list --stdin" learned to take non-revisions
|
|
(like "--not") from the standard input, but the way such a "--not" was
|
|
handled was quite confusing, which has been rethought. The updated
|
|
rule is that "--not" given from the command line only affects revs
|
|
given from the command line that comes but not revs read from the
|
|
standard input, and "--not" read from the standard input affects
|
|
revs given from the standard input and not revs given from the
|
|
command line.
|
|
* A message written in olden time prevented a branch from getting
|
|
checked out, saying it is already checked out elsewhere. But these
|
|
days, we treat a branch that is being bisected or rebased just like
|
|
a branch that is checked out and protect it from getting modified
|
|
with the same codepath. The message has been rephrased to say that
|
|
the branch is "in use" to avoid confusion.
|
|
* Hourly and other schedules of "git maintenance" jobs are randomly
|
|
distributed now.
|
|
* "git cmd -h" learned to signal which options can be negated by
|
|
listing such options like "--[no-]opt".
|
|
* The way authentication related data other than passwords (e.g.,
|
|
oauth token and password expiration data) are stored in libsecret
|
|
keyrings has been rethought.
|
|
* Update the libsecret and wincred credential helpers to correctly
|
|
match which credential to erase; they erased the wrong entry in
|
|
some cases.
|
|
* Git GUI updates.
|
|
* "git format-patch" learned a new "--description-file" option that
|
|
lets cover letter description to be fed; this can be used on
|
|
detached HEAD where there is no branch description available, and
|
|
also can override the branch description if there is one.
|
|
* Use of the "--max-pack-size" option to allow multiple packfiles to
|
|
be created is now supported even when we are sending unreachable
|
|
objects to cruft packs.
|
|
* "git format-patch --rfc --subject-prefix=<foo>" used to ignore the
|
|
"--subject-prefix" option and used "[RFC PATCH]"; now we will add
|
|
"RFC" prefix to whatever subject prefix is specified.
|
|
* "git log --format" has been taught the %(decorate) placeholder for
|
|
further customization over what the "--decorate" option offers.
|
|
* The default log message created by "git revert", when reverting a
|
|
commit that records a revert, has been tweaked, to encourage people
|
|
to describe complex "revert of revert of revert" situations better in
|
|
their own words.
|
|
* The command-line completion support (in contrib/) learned to
|
|
complete "git commit --trailer=" for possible trailer keys.
|
|
* "git update-index" learned the "--show-index-version" option to
|
|
inspect the index format version used by the on-disk index file.
|
|
* "git diff" learned the "diff.statNameWidth" configuration variable,
|
|
to give the default width for the name part in the "--stat" output.
|
|
* "git range-diff --notes=foo" compared "log --notes=foo --notes" of
|
|
the two ranges, instead of using just the specified notes tree,
|
|
which has been corrected to use only the specified notes tree.
|
|
* The command line completion script (in contrib/) can be told to
|
|
complete aliases by including ": git <cmd> ;" in the alias to tell
|
|
it that the alias should be completed in a similar way to how "git
|
|
<cmd>" is completed. The parsing code for the alias has been
|
|
loosened to allow ';' without an extra space before it.
|
|
* "git for-each-ref" and friends learned to apply mailmap to
|
|
authorname and other fields in a more flexible way than using
|
|
separate placeholder letters like %a[eElL] every time we want to
|
|
come up with small variants.
|
|
* "git repack" machinery learned to pay attention to the "--filter="
|
|
option.
|
|
* "git repack" learned the "--max-cruft-size" option to prevent cruft
|
|
packs from growing without bounds.
|
|
* "git merge-tree" learned to take strategy backend specific options
|
|
via the "-X" option, like "git merge" does.
|
|
* "git log" and friends learned the "--dd" option that is a
|
|
short-hand for "--diff-merges=first-parent -p".
|
|
* The attribute subsystem learned to honor the "attr.tree"
|
|
configuration variable that specifies which tree to read the
|
|
.gitattributes files from.
|
|
* "git merge-file" learns a mode to read three variants of the
|
|
contents to be merged from blob objects.
|
|
* see https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.0.txt
|
|
|
|
Update 2.42.1:
|
|
|
|
* Fix "git diff" exit code handling
|
|
</description>
|
|
<package>git</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |