Format: 1.8 Date: Thu, 03 Mar 2022 18:33:33 +0000 Source: git Built-For-Profiles: noudeb Architecture: source Version: 1:2.34.1-1ubuntu1~bpo16.04.1~ppa1 Distribution: xenial Urgency: high Maintainer: Ubuntu Developers Changed-By: Colin Watson Closes: 648329 707790 757402 813912 818318 834566 834870 834886 836516 840800 842477 843011 843393 847961 865789 866059 868871 878189 879165 884890 901897 907587 914695 915644 933519 942674 948832 955152 972871 984931 985416 987264 Launchpad-Bugs-Fixed: 1712694 1713690 1719740 1729075 1792544 Changes: git (1:2.34.1-1ubuntu1~bpo16.04.1~ppa1) xenial; urgency=medium . * Backport to xenial. * Drop version from asciidoc build-dependency. * Revert to debhelper 9. . git (1:2.34.1-1ubuntu1) jammy; urgency=low . * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.34.1-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.34.1.txt). . git (1:2.34.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.34.0.txt). . git (1:2.33.1-1ubuntu1) jammy; urgency=low . [ Ubuntu Merge-o-Matic ] * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.33.1-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.33.1.txt). . git (1:2.33.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.33.0.txt). . git (1:2.32.0-1ubuntu1) impish; urgency=medium . * Merge with Debian; remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.32.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.32.0.txt). . git (1:2.32.0~rc2-1) unstable; urgency=low . * new upstream release candidate. * remove git-el package (closes: #987264, #984931). Since version 1:2.18.0~rc2-1, it only contained modules that error out with a message pointing to other Emacs packages. Nowadays users can use the README.emacs file from the git package for that instead. . git (1:2.32.0~rc0-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.32.0.txt). . git (1:2.31.1-1ubuntu1) impish; urgency=medium . * Merge with Debian; remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.31.1-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.31.1.txt). * install dashed commands to /usr/lib again (thx Sven Joachim; closes: #985416). . git (1:2.31.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.31.0.txt). * install dashed commands to /usr/libexec instead of /usr/lib (thx Chris Lamb for suggesting it through lintian). * remove compatibility code and NEWS.Debian entries that supported upgrades from versions before 1.7.9.5 (the version in Ubuntu 12.04, which reached the end of extended security maintenance in April, 2019). . git (1:2.30.2-1ubuntu1) hirsute; urgency=medium . * Merge with Debian; remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.30.2-1) unstable; urgency=medium . * new upstream point release (see RelNotes/2.30.2.txt). . git (1:2.30.1-1ubuntu1) hirsute; urgency=medium . * Merge with Debian; remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.30.1-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.30.1.txt). . git (1:2.30.0-1ubuntu1) hirsute; urgency=low . * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.30.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.30.0.txt). . git (1:2.30.0~rc2-1) unstable; urgency=low . * new upstream release candidate. . git (1:2.30.0~rc1-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.30.0.txt). . git (1:2.29.2-1ubuntu1) hirsute; urgency=low . * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.29.2-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.29.2.txt). * debian/copyright: remove unused BSD-2-Clause text. The last part of Git under that license was removed in v2.29.0. . git (1:2.29.1-1) unstable; urgency=low . * new upstream release (see RelNotes/2.29.0.txt). * update debian/copyright. * debian/control: Build-Depends: debhelper-compat (= 10) * debian/rules: run "dh --without autoreconf" to speed up build, since we don't use the autotools-generated configure script. * git-el: install elisp for the "emacs" flavor, too (thx Zack Weinberg; closes: #972871). Breaks: emacsen-common (<< 3.0.0~) to avoid triggering on older systems where "emacs" was a virtual package. . git (1:2.28.0-1ubuntu1) hirsute; urgency=low . * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.28.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.28.0.txt). . git (1:2.28.0~rc2-1) unstable; urgency=low . * new upstream release candidate. . git (1:2.28.0~rc1-1) unstable; urgency=low . * new upstream release candidate. . git (1:2.28.0~rc0-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.28.0.txt). . git (1:2.27.0-1ubuntu1) groovy; urgency=low . * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.27.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.27.0.txt). . git (1:2.27.0~rc2-1) unstable; urgency=low . * new upstream release candidate (closes: #757402). . git (1:2.27.0~rc0-1ubuntu1) groovy; urgency=low . * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. * Drop security update patches, included upstream. . git (1:2.27.0~rc0-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.27.0.txt). . git (1:2.26.2-1) unstable; urgency=high . * new upstream point release (see RelNotes/2.26.2.txt). * Addresses the security issue CVE-2020-11008. . With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. . Unlike the vulnerability fixed in 2.26.1, the credentials are not for a host of the attacker's choosing. Instead, they are for an unspecified host, based on how the configured credential helper handles an absent "host" parameter. . The attack has been made impossible by refusing to work with underspecified credential patterns. . Thanks to Carlo Arenas for reporting that Git was still vulnerable, Felix Wilhelm for providing the proof of concept demonstrating this issue, and Jeff King for promptly providing a corrected fix. . Tested using the proof of concept at https://crbug.com/project-zero/2021. . git (1:2.26.1-1) unstable; urgency=high . * new upstream point release (see RelNotes/2.26.1.txt). * Addresses the security issue CVE-2020-5260. . With a crafted URL that contains a newline, the credential helper machinery can be fooled to supply credential information for the wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. . Thanks to Felix Wilhelm of Google Project Zero for finding this vulnerability and Jeff King for fixing it. . git (1:2.26.0-2) unstable; urgency=low . * fixes to the (newly default) rebase --merge backend: * honor GIT_REFLOG_ACTION (thx Ian Jackson and Elijah Newren; closes: #955152). * avoid "nothing to do" error when fast-forwarding a branch with rebase.abbreviateCommands=true (thx Jan Alexander Steffens and Alban Gruin). * debian/control: downgrade Recommends by git-all on git-daemon-run to Suggests. The git-all package is a "batteries included" full installation of Git. Automatically running a daemon is not useful to most of its users. . git (1:2.26.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.26.0.txt). . git (1:2.26.0~rc2-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.26.0.txt). . git (1:2.25.1-1ubuntu3) focal; urgency=medium . * SECURITY UPDATE: credential helper issue with missing host or scheme - debian/patches/CVE-2020-11008-1.patch: make "quit" helper more realistic in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-3.patch: parse URL without host as empty host, not unset in credential.c, http.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing host or protocol in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL passed to curl in fsck.c, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid urls in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as invalid in credential.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in .gitmodules in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-11008 . git (1:2.25.1-1ubuntu2) focal; urgency=medium . * SECURITY UPDATE: credential helper issue with newlines in URL - debian/patches/CVE-2020-5260-1.patch: avoid writing values with newlines in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-2.patch: use test_i18ncmp to check stderr in t/lib-credential.sh. - debian/patches/CVE-2020-5260-3.patch: detect unrepresentable values when parsing urls in credential.c, credential.h, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-4.patch: detect gitmodules URLs with embedded newlines in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-5260 . git (1:2.25.1-1ubuntu1) focal; urgency=low . * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.25.1-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.25.1.txt). * update debian/copyright. * debian/control: remove Gerrit Pape from the Maintainer field, as requested. Thanks to Gerrit for putting together this package in a way that has been pleasant to maintain. * debian/rules: use "dpkg-architecture" instead of "uname -m" to retrieve host arch. This makes the resulting "git version --build-options" more predictable when building for i386 on an amd64 machine (thx to Ceridwen for detecting this in reprotest). . git (1:2.25.0-1ubuntu1) focal; urgency=medium . * Resynchronise with Debian. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. . git (1:2.25.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.25.0.txt). * build against Python 3 (thx Steve Langasek, closes: #948832). . git (1:2.25.0~rc2-1) unstable; urgency=low . * new upstream release candidate. . git (1:2.25.0~rc1-1) unstable; urgency=low . * new upstream release candidate. . git (1:2.25.0~rc0-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.25.0.txt). . git (1:2.24.1-1) unstable; urgency=low . * update to use upstream tarball for 2.24.1. . git (1:2.24.0-2) unstable; urgency=high . * new upstream point release (see RelNotes/2.24.1.txt). * Addresses the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387. . Credit for finding these vulnerabilities goes to Microsoft Security Response Center, in particular to Nicolas Joly. Fixes were provided by Jeff King and Johannes Schindelin with help from Garima Singh. . * Addresses CVE-2019-19604, arbitrary code execution via the "update" field in .gitmodules. . Credit for finding this vulnerability goes to Joern Schneeweisz from GitLab. . git (1:2.24.0-1ubuntu2) focal; urgency=medium . * Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. * Set PYTHON_PATH=/usr/bin/python2 and build-depend on python2 not python. . git (1:2.24.0-1ubuntu1) focal; urgency=medium . * Resynchronise with Debian. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) . git (1:2.24.1-1) unstable; urgency=low . * update to use upstream tarball for 2.24.1. . git (1:2.24.0-2) unstable; urgency=high . * new upstream point release (see RelNotes/2.24.1.txt). * Addresses the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387. . Credit for finding these vulnerabilities goes to Microsoft Security Response Center, in particular to Nicolas Joly. Fixes were provided by Jeff King and Johannes Schindelin with help from Garima Singh. . * Addresses CVE-2019-19604, arbitrary code execution via the "update" field in .gitmodules. . Credit for finding this vulnerability goes to Joern Schneeweisz from GitLab. . git (1:2.24.0-1) unstable; urgency=medium . * new upstream release (see RelNotes/2.24.0.txt). . git (1:2.24.0~rc2-1) unstable; urgency=low . * new upstream release candidate. . git (1:2.24.0~rc1-1) unstable; urgency=medium . * new upstream release candidate. * test-tool: read --total as an int, not uint64 (thx John Paul Adrian Glaubitz; closes: #942674) . git (1:2.24.0~rc0-1) unstable; urgency=medium . * new upstream release candidate (see RelNotes/2.24.0.txt). . git (1:2.23.0-1) unstable; urgency=medium . * new upstream release (see RelNotes/2.23.0.txt). . git (1:2.23.0~rc1-1) unstable; urgency=low . * new upstream release candidate. * tests: sort output of hashmap iteration (closes: #933519) . git (1:2.23.0~rc0-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.23.0.txt). . git (1:2.22.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.21.0.txt, RelNotes/2.22.0.txt). . git (1:2.20.1-2ubuntu1) disco; urgency=medium . * Merge with Debian; remaining change: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) * Dropped change: - Build against pcre3 (pcre2 is now in main) (LP: #1792544) . git (1:2.20.1-2) unstable; urgency=low . * package git-gui: actually Suggests: meld for mergetool support; describe what meld is used for in package description (thx Jens Reyer; closes: #707790). * package gitweb: Depends: libhttp-date-perl | libtime-parsedate-perl instead of ... | libtime-modules-perl (thx gregor herrmann; closes: #879165). * debian/control: use https in Vcs-Browser URL. * debian/rules: build and test quietly if DEB_BUILD_OPTIONS=terse. * debian/control: Standards-Version: 4.3.0.1. . git (1:2.20.1-1) unstable; urgency=medium . * new upstream point release (see RelNotes/2.20.1.txt). * package git-gui: Suggests: meld for mergetool support (thx Jens Reyer; closes: #707790). . git (1:2.20.0-1) unstable; urgency=medium . * new upstream release (see RelNotes/2.20.0.txt). * package git: Recommends: ca-certificates for https support (thx HJ; closes: #915644). . git (1:2.20.0~rc2-1) unstable; urgency=low . * new upstream release candidate. * rebase: specify 'rebase -i' in reflog for interactive rebase (closes: #914695). . git (1:2.20.0~rc1-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.20.0.txt). * debian/rules: target clean: don't remove t/t4256/1/mailinfo.c.orig. . git (1:2.19.2-1) unstable; urgency=high . * new upstream point release (see RelNotes/2.19.2.txt). * run-command: do not fall back to cwd when command is not in $PATH. . git (1:2.19.1-1ubuntu1) cosmic; urgency=medium . * Merge with Debian; remaining changes: - debian/control: build against pcre v3 only - debian/rules: s390x libpcre3 library has JIT disabled, set NO_LIBPCRE1_JIT on that arch to stop the build from failing. - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) . git (1:2.19.1-1) unstable; urgency=high . * new upstream point release (see RelNotes/2.19.1.txt, CVE-2018-17456). . git (1:2.19.0-1ubuntu1) cosmic; urgency=medium . * Merge with Debian; remaining changes: - debian/control: build against pcre v3 only - debian/rules: s390x libpcre3 library has JIT disabled, set NO_LIBPCRE1_JIT on that arch to stop the build from failing. - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) . git (1:2.19.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.19.0.txt). * debian/patches/0001-*, 0002-*: remove; applied upstream. . git (1:2.19.0~rc2-2) unstable; urgency=low . * debian/patches: * 0001-http-backend-allow-empty-CONTENT_LENGTH: new from upstream: http-backend: treat empty CONTENT_LENGTH as absent (closes: #907587). * 0002-Revert-Merge-branch-sb-submodule-core-worktree.diff: new from upstream: stop setting and unsetting core.worktree in submodules, since the code to do so does not handle submodules with an embedded .git directory (thx Allan Sandfeld Jensen). . git (1:2.19.0~rc2-1) unstable; urgency=low . * new upstream release candidate. . git (1:2.19.0~rc1-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.19.0.txt). * debian/control: Standards-Version: 4.1.5.0. . git (1:2.18.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.18.0.txt). . git (1:2.18.0~rc2-2) unstable; urgency=low . * debian/control: Breaks: dgit (<< 5.1~) that lacks support for working-tree-encoding attribute (thx Ian Jackson; closes: #901897). . git (1:2.18.0~rc2-1) unstable; urgency=low . * new upstream release candidate. * debian/README.emacs: describe removed emacs support. * debian/control: package git-el: describe transitional modules; Recommends: elpa-magit. . git (1:2.17.1-1ubuntu2) cosmic; urgency=medium . * Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) . git (1:2.17.1-1ubuntu1) cosmic; urgency=medium . * Merge with Debian; remaining changes: - debian/control: build against pcre v3 only - debian/rules: s390x libpcre3 library has JIT disabled, set NO_LIBPCRE1_JIT on that arch to stop the build from failing. . git (1:2.17.1-1) unstable; urgency=high . * new upstream point release to fix CVE-2018-11235, arbitary code execution via submodule names in .gitmodules (see RelNotes/2.17.1.txt). . git (1:2.17.0-1ubuntu1) bionic; urgency=medium . * Merge with Debian; remaining changes: - debian/control: build against pcre v3 only - debian/rules: s390x libpcre3 library has JIT disabled, set NO_LIBPCRE1_JIT on that arch to stop the build from failing. . git (1:2.17.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.17.0.txt). * debian/rules: add NO_USE_CPAN_FALLBACKS=1 to OPTS to avoid installing bundled copies of perl modules. * debian/control: Build-Depends: libmailtools-perl, liberror-perl; git-email: Depends: libmailtools-perl for Mail::Address. . git (1:2.16.3-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.16.3.txt). . git (1:2.16.2-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.16.2.txt). * debian/control: correct spelling of openssh-client in Breaks relation. . git (1:2.16.1-1) unstable; urgency=low . * new upstream release (see RelNotes/2.16.txt, RelNotes/2.16.1.txt). * debian/control: Breaks: openssh-client (<< 1:6.8) since the latter lacks support for the "-G" option (thx Bryan Turner; see https://crbug.com/git/7). * debian/patches/git-gui-Sort-entries-in-optimized-tclIndex.diff: remove; applied upstream. * debian/rules: do not install contrib/**/.gitattributes to /usr/share/doc (thx Paul Wise and Bastien Roucaries for suggesting it through lintian). . git (1:2.15.1-3) unstable; urgency=low . * debian/rules: remove remnants of git-core package that prevented building twice in a row (thx Andreas Beckmann; closes: #884890). . git (1:2.15.1-2) unstable; urgency=low . * gitweb: Recommends: 'apache2 (>= 2.4.6-4~) | lynx | httpd' instead of ... | lynx-cur | ... (thx Łukasz Zemczak; see #490265). * debian/control: Standards-Version: 4.1.2.0. . git (1:2.15.1-1ubuntu2) bionic; urgency=medium . * debian/gitweb.apache2: use lynx instead of the deprecated transitional lynx-cur package. . git (1:2.15.1-1ubuntu1) bionic; urgency=low . * Merge from Debian unstable. LP: #1729075. * Remaining changes: - debian/control: build against pcre v3 only - debian/rules: s390x libpcre3 library has JIT disabled, set NO_LIBPCRE1_JIT on that arch to stop the build from failing. * Dropped changes, included upstream: - debian/patches/git-branch-fix-regressions.patch: Fix branch renaming not updating HEADs correctly. - SECURITY UPDATE: Git cvsserver OS Command Injection . git (1:2.15.1-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.15.1.txt). * debian/control: Build-Depends-Indep: asciidoc (>= 8.6.10). * debian/control: Standards-Version: 4.1.1.1. * debian/patches: * Normalize-generated-asciidoc-timestamps-...diff: remove; no longer needed (thx Anders Kaseorg; see #782294). * git-gui-Sort-entries-in-optimized-tclIndex.diff: update to upstream version. . git (1:2.15.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.15.0.txt). . git (1:2.15.0~rc2-1) unstable; urgency=low . * new upstream release candidate. . git (1:2.15.0~rc1-1) unstable; urgency=low . * new upstream release candidate. * remove transitional git-core package (thx Holger Levsen; closes: #878189). . git (1:2.15.0~rc0-1) unstable; urgency=low . * new upstream release candidate (see RelNotes/2.15.0.txt). . git (1:2.14.2-1) unstable; urgency=high . * new upstream point release (see RelNotes/2.14.1.txt). Among other changes, this fixes a remote shell command execution vulnerability via CVS protocol: - git-shell: drop cvsserver support by default - git-cvsserver: harden backtick captures against user input . Thanks to joernchen of Phenoelit for discovering, reporting, and fixing this vulnerability, and to Junio C Hamano and Jeff King for the fixes to related issues. . git (1:2.14.1-3) unstable; urgency=low . * git.README.Debian: remove obsolete instructions about setting up a server to handle rsync:// protocol. . git (1:2.14.1-2) unstable; urgency=low . * debian/control: git-daemon-sysvinit: Priority: optional. * debian/control: clarify how to decide between git-daemon-run and git-daemon-sysvinit in package descriptions. * debian/control: Standards-Version: 4.0.1.0. . git (1:2.14.1-1ubuntu4) artful; urgency=high . * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740) - shell-drop-git-cvsserver-support-by-default.diff - cvsserver-use-safe_pipe_capture.diff - cvsimport-shell-quote-variable-used-in-backticks.diff - archimport-use-safe_pipe_capture-for-user-input.diff - CVE-2017-14867 . git (1:2.14.1-1ubuntu3) artful; urgency=medium . * debian/patches/git-branch-fix-regressions.patch: Fix branch renaming not updating HEADs correctly. Thanks to Nguyễn Thái Ngọc Duy . Closes LP: #1712694. . git (1:2.14.1-1ubuntu2) artful; urgency=medium . * Merge from debian. Remaining changes: - debian/control: build against pcre v3 only * debian/rules: s390x libpcre3 library has JIT disabled, set NO_LIBPCRE1_JIT on that arch to stop the build from failing. . git (1:2.14.1-1) unstable; urgency=high . * new upstream point release to fix CVE-2017-1000117, arbitrary code execution issues via URLs (see RelNotes/2.14.1.txt). . git (1:2.14.0-1ubuntu1) artful; urgency=medium . * Build against pcre v3 only, as that is the only on in main. Non-deterministic builds w.r.t. library ABI dependencies are bad. . git (1:2.14.0-1) unstable; urgency=low . * new upstream release (see RelNotes/2.14.0.txt). * debian/patches/0001-pre-rebase-hook-capture-documentation-...diff: remove; applied upstream. * build against PCRE v2 if available at build time (thx to Ævar Arnfjörð Bjarmason for the suggestion). Build-Depends: libpcre2-dev | libpcre3-dev. . git (1:2.13.3-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.13.3.txt). . git (1:2.13.2-3) unstable; urgency=low . * remove git-arch package. It depended on GNU Arch, which has not been maintained upstream for more than 10 years (thx Adrian Bunk; closes: #866059). * debian/rules: do not allow flaky git-svn tests t9128.4 or t9167.3 to cause the build to fail, either (closes: #865789). . git (1:2.13.2-2) unstable; urgency=low . * git-email: use perl in dependency instead of perl-modules (thx Damyan Ivanov for suggesting it through lintian). * debian/rules: do not allow flaky git-svn test t9128.3 to cause the build to fail (closes: #865789). . git (1:2.13.2-1) unstable; urgency=low . * new upstream point release (see RelNotes/2.13.2.txt). * git-email: Depends: perl-modules (>> 5.21.5) | libnet-smtp-ssl-perl for starttls support instead of unconditionally requiring Net::SMTP::SSL (thx Dennis Kaarsemaker). * debian/rules: skip HTML documentation generation when DEB_BUILD_OPTIONS=nodoc. * debian/copyright: use https form of Format URL. * debian/control: Standards-Version: 4.0.0.0. . git (1:2.13.1-1) unstable; urgency=low . * new upstream release (see RelNotes/2.12.0.txt, RelNotes/2.13.0.txt). * debian/patches/xdiff-Do-not-enable-XDF_FAST_HASH-by-default.diff, shell-disallow-repo-names-beginning-with-dash.patch: remove; applied upstream. * update debian/copyright * debian/rules: run tests once and always produce verbose output. . git (1:2.11.0-4) unstable; urgency=low . [ Alan Jenkins ] * git: remove Recommends: rsync (closes #862435). * git-arch: Depends: rsync. . git (1:2.11.0-3) unstable; urgency=high . * Do not allow git helpers run via git-shell to launch a pager (CVE-2017-8386). . git (1:2.11.0-2) unstable; urgency=medium . * gitweb: Depends: libcgi-pm-perl; Build-Depends: libcgi-pm-perl (thx Mikko Rasa; closes: #847961). . git (1:2.11.0-1) unstable; urgency=medium . * New upstream release (see RelNotes/2.11.0.txt). * debian/patches/git-sh-setup-Restore-sourcability-from-outside-script.diff: remove; applied upstream. * Replace debian/patches/Documentation-omit-asciidoc-footer-on-generated-input.diff with the more upstreamable debian/patches/Normalize-generated-asciidoc-timestamps-with-SOURCE_D.diff. * debian/patches/git-gui-Sort-entries-in-optimized-tclIndex.diff, debian/patches/xdiff-Do-not-enable-XDL_FAST_HASH-by-default.diff: Further improvements to build reproducibility. . git (1:2.10.2-3) unstable; urgency=medium . * debian/rules: Split override_dh_installdocs into -arch and -indep parts. (Closes: #843393) . git (1:2.10.2-2) unstable; urgency=medium . * Add missing upstream changelog entries from v2.10.2. * gitweb: Add version to Breaks: apache2.2-common (<< 2.3~). * git-mediawiki: Shorten description. * Link extra license files to common-licenses. * Invoke dpkg-maintscript-helper dir_to_symlink correctly. (Closes: #843011) * debian/patches/Documentation-omit-asciidoc-footer-on-generated-input.diff: Omit the “last updated” footer when processing asciidoc inputs that are generated at build time. (Closes: #813912) . git (1:2.10.2-1) unstable; urgency=medium . * New upstream point release (see RelNotes/2.10.2.txt). - imap-send: Tell cURL to use imap:// or imaps:// (Closes: #648329) * Run asciidoc in TZ=UTC to improve the reproducibility of documentation footer timestamps. * debian/patches/git-sh-setup-Restore-sourcability-from-outside-script.diff: Restore sourcability of git-sh-setup from outside scripts. (Closes: #842477) . git (1:2.10.1-1) unstable; urgency=medium . * New upstream release (see RelNotes/2.10.0.txt, RelNotes/2.10.1.txt). (Closes: #840800) * debian/rules: Fix clean target to remove GIT-VERSION-FILE and contrib/subtree build products. (Closes: #834870) * Fix a missing reference in /usr/share/doc-base/everyday-git. (Closes: #836516) * Migrate patches to 3.0 (quilt) format. (Closes: #834566) * Migrate packaging to Debhelper. (Closes: #834886) * Replace perl-modules dependency with perl. * git-daemon-sysvinit: Depend lsb-base (>= 3.0-6) for /lib/lsb/init-functions. . git (1:2.9.3-1) unstable; urgency=medium . * New upstream release (see RelNotes/2.8.2.txt, RelNotes/2.8.3.txt, RelNotes/2.9.0.txt, RelNotes/2.9.1.txt, RelNotes/2.9.2.txt, RelNotes/2.9.3.txt). . git (1:2.8.1-1) unstable; urgency=low . * new upstream point release. * debian/diff/0003-0007-srv-be-more-tolerant-of-broken-DNS-replies.diff: remove. . git (1:2.8.0~rc3-1) unstable; urgency=medium . * new upstream release candidate (see RelNotes/2.8.0.txt). * harden against on-stack and on-heap buffer overflows (CVE-2016-2324, CVE-2016-2315; closes: #818318). * debian/git.docs: update for README -> README.md renaming. Checksums-Sha1: 22f9cc346e77b2d1a3f589d0df9b78e8e901a14b 2964 git_2.34.1-1ubuntu1~bpo16.04.1~ppa1.dsc b4baef0d36eea59e75b05d39238263997cc092e2 703088 git_2.34.1-1ubuntu1~bpo16.04.1~ppa1.debian.tar.xz f9c71430da7ddc93ff745301b7849a6294e87a15 9604 git_2.34.1-1ubuntu1~bpo16.04.1~ppa1_source.buildinfo Checksums-Sha256: 51c285a83d5ef7febf184b89967f59c271a8c4a41de3c63267bb6b82de8a5662 2964 git_2.34.1-1ubuntu1~bpo16.04.1~ppa1.dsc 1095bb387b43336da11a51dc5bdfb6be0a0ff3ce74e59d6b86fa7f090a9f069e 703088 git_2.34.1-1ubuntu1~bpo16.04.1~ppa1.debian.tar.xz cea545dcebf53494f15dbdbc18972093f2b5e9906b2e732ad44f4e4dea55d572 9604 git_2.34.1-1ubuntu1~bpo16.04.1~ppa1_source.buildinfo Files: 896827be159629611766a3a96875e7fb 2964 vcs optional git_2.34.1-1ubuntu1~bpo16.04.1~ppa1.dsc 891a5ef1f077d0498bd49ea296a2bcc1 703088 vcs optional git_2.34.1-1ubuntu1~bpo16.04.1~ppa1.debian.tar.xz ecb2133532377a52738f63ebc4e88aec 9604 vcs optional git_2.34.1-1ubuntu1~bpo16.04.1~ppa1_source.buildinfo Original-Maintainer: Jonathan Nieder