Accepted git 1:2.26.1-1~bpo10+1 (source) into buster-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 14 Apr 2020 10:59:48 -0700
Source: git
Architecture: source
Version: 1:2.26.1-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Closes: 955152
Changes:
git (1:2.26.1-1~bpo10+1) buster-backports; urgency=high
.
* upload to buster-backports.
.
git (1:2.26.1-1) unstable; urgency=high
.
* new upstream point release (see RelNotes/2.26.1.txt).
* Addresses the security issue CVE-2020-5260.
.
With a crafted URL that contains a newline, the credential
helper machinery can be fooled to supply credential information
for the wrong host. The attack has been made impossible by
forbidding a newline character in any value passed via the
credential protocol.
.
Thanks to Felix Wilhelm of Google Project Zero for finding
this vulnerability and Jeff King for fixing it.
.
git (1:2.26.0-2) unstable; urgency=low
.
* fixes to the (newly default) rebase --merge backend:
* honor GIT_REFLOG_ACTION (thx Ian Jackson and Elijah Newren;
closes: #955152).
* avoid "nothing to do" error when fast-forwarding a branch with
rebase.abbreviateCommands=true (thx Jan Alexander Steffens and
Alban Gruin).
* debian/control: downgrade Recommends by git-all on git-daemon-run
to Suggests. The git-all package is a "batteries included" full
installation of Git. Automatically running a daemon is not useful
to most of its users.
.
git (1:2.26.0-1) unstable; urgency=low
.
* new upstream release (see RelNotes/2.26.0.txt).
.
git (1:2.26.0~rc2-1) unstable; urgency=low
.
* new upstream release candidate (see RelNotes/2.26.0.txt).
.
git (1:2.25.1-1) unstable; urgency=low
.
* new upstream point release (see RelNotes/2.25.1.txt).
* update debian/copyright.
* debian/control: remove Gerrit Pape from the Maintainer field,
as requested. Thanks to Gerrit for putting together this
package in a way that has been pleasant to maintain.
* debian/rules: use "dpkg-architecture" instead of "uname -m" to
retrieve host arch. This makes the resulting "git version
--build-options" more predictable when building for i386 on an
amd64 machine (thx to Ceridwen for detecting this in reprotest).
Checksums-Sha1:
38b2b513b2dd74d303751de512bb74062cb8fbfe 2892 git_2.26.1-1~bpo10+1.dsc
9ec4ef53d157cb376aaedc0ca529d3857c3f8bf6 6006104 git_2.26.1.orig.tar.xz
f3bd9d0f184d00fed153d6d522e93e4f35a2817a 646200 git_2.26.1-1~bpo10+1.debian.tar.xz
5269896ce86c72246ba9d1a4ba2bb220fb202dfd 12910 git_2.26.1-1~bpo10+1_amd64.buildinfo
Checksums-Sha256:
b2dc8fc68079e8853bea78f4f47dc5eae9b6c4da51802a832c2c8fdf1c7ca715 2892 git_2.26.1-1~bpo10+1.dsc
888228408f254634330234df3cece734d190ef6381063821f31ec020538f0368 6006104 git_2.26.1.orig.tar.xz
ac28fa3f581841e0027bc3b6cc38d8b815dd8f5f81ce93efcbae4fa4841794e6 646200 git_2.26.1-1~bpo10+1.debian.tar.xz
0a8e396951342864bbf733af5801d8da0017260bfd05ecaeb85a482054bf7563 12910 git_2.26.1-1~bpo10+1_amd64.buildinfo
Files:
481eae532a1e6cdee2cd28d3b5e8e503 2892 vcs optional git_2.26.1-1~bpo10+1.dsc
50e68aaebbb554f4946d170a2765bfe7 6006104 vcs optional git_2.26.1.orig.tar.xz
834a004d3fd6546c7d5f6b36ef0d7c82 646200 vcs optional git_2.26.1-1~bpo10+1.debian.tar.xz
2aa947e9907c81f0792877f61ef0bc19 12910 vcs optional git_2.26.1-1~bpo10+1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAl6WAIgTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JUV4D/4lJEnaPcl+Z/YXaSRKtRfKcaJnzv1s
0voJkEUJxWM2J9/eFJDP4eE4mtWhRvxJ94RZjqbmBry1RbAwNGclEkiPxLipg6RA
qLGnMJ7nfKBluKIILCzdb7w5Dq9G2oDFsULAjGj1+fqi4mkt2cZ7KB3yPGiOWNHN
Kld2n4p86LgsVWU6uVooenhtMY/+q+5IgvogGYO8f6SUo2ZEkXqWhRfCvHF7G23z
rAKSVsjg7bF2V278vSj27I66YRqGoGxjA9SYj9qJLE/hHx5lhZMPlnQoCAdh3EnS
Y83QRsVg+OZduiNLDgP68FJDbPSbvOKhTnfqPr+TyWRY0ZZxm2M+/g6iTSK9BDsH
94Nrbi4IjbN49SEpLkIw7vv4NY8yJhQ7CdPUcPlaSHT9INqDiUJ7j42/CcYUOBeO
/YP4UzKqT9YzcsJPRLFopFchR+XzzR3rlKUcU23XGKsZ6lS2QZ5Q3vAOQ6KIgZtF
2jOwnnd8tKY/1+0MXcdTj+AEpM8NK8wNOD/XbUf1AnZBlTlzARrN4Ur/U2O1BAAK
liyy5VfDGPtiQaXAwuQ4bbYNPikGFE8n2/yKsnd9pKtsPdrbkAthgy2136RryJ9k
bLMaMsyx3Z/uCyTSQIvMYDmxznHtQ+e/ByGl3qpWgcLZfY7wrUUiuRuJtSA//JMz
mQ4GCdKJLq2m5g==
=NhLQ
-----END PGP SIGNATURE-----
Reply to: