From 394a759d2b5f0a1a1908c820cf142f45cb78718c Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 3 Feb 2023 14:58:10 -0800 Subject: Git 2.30.8 Signed-off-by: Junio C Hamano --- Documentation/RelNotes/2.30.8.txt | 52 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 Documentation/RelNotes/2.30.8.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.30.8.txt b/Documentation/RelNotes/2.30.8.txt new file mode 100644 index 0000000000..38c23e0345 --- /dev/null +++ b/Documentation/RelNotes/2.30.8.txt @@ -0,0 +1,52 @@ +Git v2.30.8 Release Notes +========================= + +This release addresses the security issues CVE-2023-22490 and +CVE-2023-23946. + + +Fixes since v2.30.7 +------------------- + + * CVE-2023-22490: + + Using a specially-crafted repository, Git can be tricked into using + its local clone optimization even when using a non-local transport. + Though Git will abort local clones whose source $GIT_DIR/objects + directory contains symbolic links (c.f., CVE-2022-39253), the objects + directory itself may still be a symbolic link. + + These two may be combined to include arbitrary files based on known + paths on the victim's filesystem within the malicious repository's + working copy, allowing for data exfiltration in a similar manner as + CVE-2022-39253. + + * CVE-2023-23946: + + By feeding a crafted input to "git apply", a path outside the + working tree can be overwritten as the user who is running "git + apply". + + * A mismatched type in `attr.c::read_attr_from_index()` which could + cause Git to errantly reject attributes on Windows and 32-bit Linux + has been corrected. + +Credit for finding CVE-2023-22490 goes to yvvdwf, and the fix was +developed by Taylor Blau, with additional help from others on the +Git security mailing list. + +Credit for finding CVE-2023-23946 goes to Joern Schneeweisz, and the +fix was developed by Patrick Steinhardt. + + +Johannes Schindelin (1): + attr: adjust a mismatched data type + +Patrick Steinhardt (1): + apply: fix writing behind newly created symbolic links + +Taylor Blau (3): + t5619: demonstrate clone_local() with ambiguous transport + clone: delay picking a transport until after get_repo_path() + dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS + -- cgit v1.3 From 0bbcf951943eefbbfee2a7e08b7150bef5b60562 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:24:07 +0100 Subject: Git 2.31.7 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.31.7.txt | 6 ++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.31.7.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.31.7.txt b/Documentation/RelNotes/2.31.7.txt new file mode 100644 index 0000000000..dd44d5bc62 --- /dev/null +++ b/Documentation/RelNotes/2.31.7.txt @@ -0,0 +1,6 @@ +Git v2.31.7 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8 to +address the security issues CVE-2023-22490 and CVE-2023-23946; +see the release notes for that version for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 7e159104b2..c2fe910925 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.31.6 +DEF_VER=v2.31.7 LF=' ' diff --git a/RelNotes b/RelNotes index e25264ca35..139721637d 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.31.6.txt \ No newline at end of file +Documentation/RelNotes/2.31.7.txt \ No newline at end of file -- cgit v1.3 From 2aedeff35fde779b03b57125b1f50f6c528bfbea Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:25:09 +0100 Subject: Git 2.32.6 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.32.6.txt | 6 ++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.32.6.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.32.6.txt b/Documentation/RelNotes/2.32.6.txt new file mode 100644 index 0000000000..fd659612e3 --- /dev/null +++ b/Documentation/RelNotes/2.32.6.txt @@ -0,0 +1,6 @@ +Git v2.32.6 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8 and v2.31.7 +to address the security issues CVE-2023-22490 and CVE-2023-23946; +see the release notes for these versions for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 3d2538de85..b989f81d5e 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.32.5 +DEF_VER=v2.32.6 LF=' ' diff --git a/RelNotes b/RelNotes index e60115fd82..a9cfb103cc 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.32.5.txt \ No newline at end of file +Documentation/RelNotes/2.32.6.txt \ No newline at end of file -- cgit v1.3 From ed4404af3c936d87ac2c6ff12cc3da495511bec9 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:25:58 +0100 Subject: Git 2.33.7 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.33.7.txt | 7 +++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.33.7.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.33.7.txt b/Documentation/RelNotes/2.33.7.txt new file mode 100644 index 0000000000..078a837cb4 --- /dev/null +++ b/Documentation/RelNotes/2.33.7.txt @@ -0,0 +1,7 @@ +Git v2.33.7 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7 +and v2.32.6 to address the security issues CVE-2023-22490 and +CVE-2023-23946; see the release notes for these versions for +details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 08677a66f5..19d4d618cf 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.33.6 +DEF_VER=v2.33.7 LF=' ' diff --git a/RelNotes b/RelNotes index f0458d7556..f89efbeae6 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.33.6.txt \ No newline at end of file +Documentation/RelNotes/2.33.7.txt \ No newline at end of file -- cgit v1.3 From 91da4a29e168ab465beb713fca4d389193f8f16c Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:29:17 +0100 Subject: Git 2.34.7 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.34.7.txt | 7 +++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.34.7.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.34.7.txt b/Documentation/RelNotes/2.34.7.txt new file mode 100644 index 0000000000..88898adacc --- /dev/null +++ b/Documentation/RelNotes/2.34.7.txt @@ -0,0 +1,7 @@ +Git v2.34.7 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6 and v2.33.7 to address the security issues CVE-2023-22490 +and CVE-2023-23946; see the release notes for these versions +for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index f08521109c..f829504b5b 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.34.6 +DEF_VER=v2.34.7 LF=' ' diff --git a/RelNotes b/RelNotes index da5579a85a..52edb09ee8 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.34.6.txt \ No newline at end of file +Documentation/RelNotes/2.34.7.txt \ No newline at end of file -- cgit v1.3 From b7a92d078b9b9a39553623815699eb029074e39d Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:29:45 +0100 Subject: Git 2.35.7 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.35.7.txt | 7 +++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.35.7.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.35.7.txt b/Documentation/RelNotes/2.35.7.txt new file mode 100644 index 0000000000..42baabfc3b --- /dev/null +++ b/Documentation/RelNotes/2.35.7.txt @@ -0,0 +1,7 @@ +Git v2.35.7 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7 and v2.34.7 to address the security issues +CVE-2023-22490 and CVE-2023-23946; see the release notes for +these versions for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 4ed31ea54d..03bc4ada42 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.35.6 +DEF_VER=v2.35.7 LF=' ' diff --git a/RelNotes b/RelNotes index cc971ec122..6b076b50fa 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.35.6.txt \ No newline at end of file +Documentation/RelNotes/2.35.7.txt \ No newline at end of file -- cgit v1.3 From 673472a9635805d3b1fcd0038ecc0a9418078685 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:37:53 +0100 Subject: Git 2.36.5 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.36.5.txt | 7 +++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.36.5.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.36.5.txt b/Documentation/RelNotes/2.36.5.txt new file mode 100644 index 0000000000..8a098c7916 --- /dev/null +++ b/Documentation/RelNotes/2.36.5.txt @@ -0,0 +1,7 @@ +Git v2.36.5 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7, v2.34.7 and v2.35.7 to address the security +issues CVE-2023-22490 and CVE-2023-23946; see the release notes +for these versions for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 6f52323b5e..4ac6f3ab03 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.36.4 +DEF_VER=v2.36.5 LF=' ' diff --git a/RelNotes b/RelNotes index 800f4e1b37..8c469851cb 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.36.4.txt \ No newline at end of file +Documentation/RelNotes/2.36.5.txt \ No newline at end of file -- cgit v1.3 From eb88fe1ff5ceb34845f0919b8bdc60d8a1703cf6 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:38:32 +0100 Subject: Git 2.37.6 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.37.6.txt | 7 +++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.37.6.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.37.6.txt b/Documentation/RelNotes/2.37.6.txt new file mode 100644 index 0000000000..51dc149711 --- /dev/null +++ b/Documentation/RelNotes/2.37.6.txt @@ -0,0 +1,7 @@ +Git v2.37.6 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7, v2.34.7, v2.35.7 and v2.36.5 to address the +security issues CVE-2023-22490 and CVE-2023-23946; see the release +notes for these versions for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index ebde32aedc..3b69e40e22 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.37.5 +DEF_VER=v2.37.6 LF=' ' diff --git a/RelNotes b/RelNotes index ff029a2e32..e4a3abaead 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.37.5.txt \ No newline at end of file +Documentation/RelNotes/2.37.6.txt \ No newline at end of file -- cgit v1.3 From 7556e5d737b917d31ac3729b0f5e2391da7e132a Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:43:30 +0100 Subject: Git 2.38.4 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.38.4.txt | 7 +++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.38.4.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.38.4.txt b/Documentation/RelNotes/2.38.4.txt new file mode 100644 index 0000000000..fdfde22022 --- /dev/null +++ b/Documentation/RelNotes/2.38.4.txt @@ -0,0 +1,7 @@ +Git v2.38.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7, v2.34.7, v2.35.7, v2.36.5 and v2.37.6 to +address the security issues CVE-2023-22490 and CVE-2023-23946; +see the release notes for these versions for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index b7ec05b0af..775d560fd2 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.38.3 +DEF_VER=v2.38.4 LF=' ' diff --git a/RelNotes b/RelNotes index 3bac47712e..5420def32d 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.38.3.txt \ No newline at end of file +Documentation/RelNotes/2.38.4.txt \ No newline at end of file -- cgit v1.3 From cbf04937d5b9fcf0a76c28f69e6294e9e3ecd7e6 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 6 Feb 2023 09:43:41 +0100 Subject: Git 2.39.2 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.39.2.txt | 7 +++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.39.2.txt (limited to 'Documentation/RelNotes') diff --git a/Documentation/RelNotes/2.39.2.txt b/Documentation/RelNotes/2.39.2.txt new file mode 100644 index 0000000000..ebb9900bc5 --- /dev/null +++ b/Documentation/RelNotes/2.39.2.txt @@ -0,0 +1,7 @@ +Git v2.39.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7, v2.34.7, v2.35.7, v2.36.5, v2.37.6 and v2.38.4 +to address the security issues CVE-2023-22490 and CVE-2023-23946; +see the release notes for these versions for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 1937bc6802..674110ca3b 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.39.1 +DEF_VER=v2.39.2 LF=' ' diff --git a/RelNotes b/RelNotes index 61b8226a18..25a76d390e 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.39.1.txt \ No newline at end of file +Documentation/RelNotes/2.39.2.txt \ No newline at end of file -- cgit v1.3