diff options
Diffstat (limited to 'Documentation/RelNotes')
-rw-r--r-- | Documentation/RelNotes/2.30.5.txt | 12 | ||||
-rw-r--r-- | Documentation/RelNotes/2.31.4.txt | 6 | ||||
-rw-r--r-- | Documentation/RelNotes/2.32.3.txt | 6 | ||||
-rw-r--r-- | Documentation/RelNotes/2.33.4.txt | 6 | ||||
-rw-r--r-- | Documentation/RelNotes/2.34.4.txt | 6 | ||||
-rw-r--r-- | Documentation/RelNotes/2.35.4.txt | 7 | ||||
-rw-r--r-- | Documentation/RelNotes/2.36.2.txt | 14 | ||||
-rw-r--r-- | Documentation/RelNotes/2.37.0.txt | 35 | ||||
-rw-r--r-- | Documentation/RelNotes/2.37.1.txt | 17 | ||||
-rw-r--r-- | Documentation/RelNotes/2.37.2.txt | 47 | ||||
-rw-r--r-- | Documentation/RelNotes/2.38.0.txt | 191 |
11 files changed, 333 insertions, 14 deletions
diff --git a/Documentation/RelNotes/2.30.5.txt b/Documentation/RelNotes/2.30.5.txt new file mode 100644 index 0000000..5191cab --- /dev/null +++ b/Documentation/RelNotes/2.30.5.txt @@ -0,0 +1,12 @@ +Git v2.30.5 Release Notes +========================= + +This release contains minor fix-ups for the changes that went into +Git 2.30.3 and 2.30.4, addressing CVE-2022-29187. + + * The safety check that verifies a safe ownership of the Git + worktree is now extended to also cover the ownership of the Git + directory (and the `.git` file, if there is any). + +Carlo Marcelo Arenas Belón (1): + setup: tighten ownership checks post CVE-2022-24765 diff --git a/Documentation/RelNotes/2.31.4.txt b/Documentation/RelNotes/2.31.4.txt new file mode 100644 index 0000000..97a91fd --- /dev/null +++ b/Documentation/RelNotes/2.31.4.txt @@ -0,0 +1,6 @@ +Git v2.31.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5 to address +the security issue CVE-2022-29187; see the release notes for that +version for details. diff --git a/Documentation/RelNotes/2.32.3.txt b/Documentation/RelNotes/2.32.3.txt new file mode 100644 index 0000000..583fabe --- /dev/null +++ b/Documentation/RelNotes/2.32.3.txt @@ -0,0 +1,6 @@ +Git v2.32.3 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5 and +v2.31.4 to address the security issue CVE-2022-29187; see the +release notes for these versions for details. diff --git a/Documentation/RelNotes/2.33.4.txt b/Documentation/RelNotes/2.33.4.txt new file mode 100644 index 0000000..a145cc2 --- /dev/null +++ b/Documentation/RelNotes/2.33.4.txt @@ -0,0 +1,6 @@ +Git v2.33.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, v2.31.4 +and v2.32.3 to address the security issue CVE-2022-29187; see +the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.34.4.txt b/Documentation/RelNotes/2.34.4.txt new file mode 100644 index 0000000..2a6b223 --- /dev/null +++ b/Documentation/RelNotes/2.34.4.txt @@ -0,0 +1,6 @@ +Git v2.34.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3 and v2.33.4 to address the security issue CVE-2022-29187; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.35.4.txt b/Documentation/RelNotes/2.35.4.txt new file mode 100644 index 0000000..47abd5a --- /dev/null +++ b/Documentation/RelNotes/2.35.4.txt @@ -0,0 +1,7 @@ +Git v2.35.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, +v2.31.4, v2.32.3, v2.33.4 and v2.34.4 to address the security +issue CVE-2022-29187; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.36.2.txt b/Documentation/RelNotes/2.36.2.txt index ba5d5ac..958f5b4 100644 --- a/Documentation/RelNotes/2.36.2.txt +++ b/Documentation/RelNotes/2.36.2.txt @@ -1,10 +1,16 @@ Git v2.36.2 Release Notes ========================= -This maintenance release is primarily to merge down updates to the -build and CI procedures from the 'master' front, in order to ensure -that we can cut healthy maintenance releases in the future. It also -contains a handful of small and trivially-correct bugfixes. +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3, v2.33.4, v2.34.4 and v2.35.4 to address the security +issue CVE-2022-29187; see the release notes for these versions +for details. + +Apart from that, this maintenance release is primarily to merge down +updates to the build and CI procedures from the 'master' front, in +order to ensure that we can cut healthy maintenance releases in the +future. It also contains a handful of small and trivially-correct +bugfixes. Fixes since v2.36.1 ------------------- diff --git a/Documentation/RelNotes/2.37.0.txt b/Documentation/RelNotes/2.37.0.txt index 8f1ff3a..99dc7e3 100644 --- a/Documentation/RelNotes/2.37.0.txt +++ b/Documentation/RelNotes/2.37.0.txt @@ -54,8 +54,19 @@ UI, Workflows & Features * Update the doctype written in gitweb output to xhtml5. - * The "fetch.credentialsInUrl" configuration variable controls what - happens when a URL with embedded login credential is used. + * The "transfer.credentialsInURL" configuration variable controls what + happens when a URL with embedded login credential is used on either + "fetch" or "push". Credentials are currently only detected in + `remote.<name>.url` config, not `remote.<name>.pushurl`. + + * "git revert" learns "--reference" option to use more human-readable + reference to the commit it reverts in the message template it + prepares for the user. + + * Various error messages that talk about the removal of + "--preserve-merges" in "rebase" have been strengthened, and "rebase + --abort" learned to get out of a state that was left by an earlier + use of the option. Performance, Internal Implementation, Development Support etc. @@ -80,14 +91,15 @@ Performance, Internal Implementation, Development Support etc. * A workflow change for translators are being proposed. git.pot is no longer version controlled and it is local responsibility of - translaters to generate it. + translators to generate it. * Plug the memory leaks from the trickiest API of all, the revision walker. * Rename .env_array member to .env in the child_process structure. - * More fsmonitor--daemon. + * The fsmonitor--daemon handles even more corner cases when + watching filesystem events. * A new bug() and BUG_if_bug() API is introduced to make it easier to uniformly log "detect multiple bugs and abort in the end" pattern. @@ -133,7 +145,7 @@ Fixes since v2.36 (merge 08bdd3a185 jc/cocci-xstrdup-or-null-fix later to maint). * The path taken by "git multi-pack-index" command from the end user - was compared with path internally prepared by the tool withut first + was compared with path internally prepared by the tool without first normalizing, which lead to duplicated paths not being noticed, which has been corrected. (merge 11f9e8de3d ds/midx-normalize-pathname-before-comparison later to maint). @@ -163,7 +175,7 @@ Fixes since v2.36 is given in "git status" not to use the break-rewrite heuristics. (merge 84792322ed rs/commit-summary-wo-break-rewrite later to maint). - * Update a few end-user facing messages around eol conversion. + * Update a few end-user facing messages around EOL conversion. (merge c970d30c2c ah/convert-warning-message later to maint). * Trace2 documentation updates. @@ -222,9 +234,8 @@ Fixes since v2.36 * With a recent update to refuse access to repositories of other people by default, "sudo make install" and "sudo git describe" - stopped working. This series intends to loosen it while keeping - the safety. - (merge b9063afda1 cb/path-owner-check-with-sudo later to maint). + stopped working, which has been corrected. + (merge 6b11e3d52e cb/path-owner-check-with-sudo-plus later to maint). * The tests that ensured merges stop when interfering local changes are present did not make sure that local changes are preserved; now @@ -256,7 +267,7 @@ Fixes since v2.36 has been corrected. (merge b02fdbc80a jc/all-negative-pathspec later to maint). - * With a more targetted workaround in http.c in another topic, we may + * With a more targeted workaround in http.c in another topic, we may be able to lift this blanket "GCC12 dangling-pointer warning is broken and unsalvageable" workaround. (merge 419141e495 cb/buggy-gcc-12-workaround later to maint). @@ -297,6 +308,9 @@ Fixes since v2.36 * Use-after-free (with another forget-to-free) fix. (merge 323822c72b ab/remote-free-fix later to maint). + * Remove a coccinelle rule that is no longer relevant. + (merge b1299de4a1 jc/cocci-cleanup later to maint). + * Other code cleanup, docfix, build fix, etc. (merge e6b2582da3 cm/reftable-0-length-memset later to maint). (merge 0b75e5bf22 ab/misc-cleanup later to maint). @@ -320,3 +334,4 @@ Fixes since v2.36 (merge 8c49d704ef fh/transport-push-leakfix later to maint). (merge 1d232d38bd tl/ls-tree-oid-only later to maint). (merge db7961e6a6 gc/document-config-worktree-scope later to maint). + (merge ce18a30bb7 fs/ssh-default-key-command-doc later to maint). diff --git a/Documentation/RelNotes/2.37.1.txt b/Documentation/RelNotes/2.37.1.txt new file mode 100644 index 0000000..8460932 --- /dev/null +++ b/Documentation/RelNotes/2.37.1.txt @@ -0,0 +1,17 @@ +Git 2.37.1 Release Notes +======================== + +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the +security issue CVE-2022-29187; see the release notes for these +versions for details. + +Fixes since Git 2.37 +-------------------- + + * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't + correctly record a removed file to the index, which is an old + regression but has become widely known because the C version has + become the default in the latest release. + + * Fix for CVS-2022-29187. diff --git a/Documentation/RelNotes/2.37.2.txt b/Documentation/RelNotes/2.37.2.txt new file mode 100644 index 0000000..d4acf9e --- /dev/null +++ b/Documentation/RelNotes/2.37.2.txt @@ -0,0 +1,47 @@ +Git 2.37.2 Release Notes +======================== + +This primarily is to backport various fixes accumulated on the 'master' +front since 2.37.1. + +Fixes since v2.37.1 +------------------- + + * "git shortlog -n" relied on the underlying qsort() to be stable, + which shouldn't have. Fixed. + + * Variable quoting fix in the vimdiff driver of "git mergetool". + + * An earlier attempt to plug leaks placed a clean-up label to jump to + at a bogus place, which as been corrected. + + * Fixes a long-standing corner case bug around directory renames in + the merge-ort strategy. + + * Recent update to vimdiff layout code has been made more robust + against different end-user vim settings. + + * In a non-bare repository, the behavior of Git when the + core.worktree configuration variable points at a directory that has + a repository as its subdirectory, regressed in Git 2.27 days. + + * References to commands-to-be-typed-literally in "git rebase" + documentation mark-up have been corrected. + + * Give _() markings to fatal/warning/usage: labels that are shown in + front of these messages. + + * "git mktree --missing" lazily fetched objects that are missing from + the local object store, which was totally unnecessary for the purpose + of creating the tree object(s) from its input. + + * Fixes for tests when the source directory has unusual characters in + its path, e.g. whitespaces, double-quotes, etc. + + * Adjust technical/bitmap-format to be formatted by AsciiDoc, and + add some missing information to the documentation. + + * Certain diff options are currently ignored when combined-diff is + shown; mark them as incompatible with the feature. + +Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.38.0.txt b/Documentation/RelNotes/2.38.0.txt new file mode 100644 index 0000000..66e278b --- /dev/null +++ b/Documentation/RelNotes/2.38.0.txt @@ -0,0 +1,191 @@ +Git v2.38 Release Notes +======================= + +UI, Workflows & Features + + * "git remote show [-n] frotz" now pays attention to negative + pathspec. + + * "git push" sometimes perform poorly when reachability bitmaps are + used, even in a repository where other operations are helped by + bitmaps. The push.useBitmaps configuration variable is introduced + to allow disabling use of reachability bitmaps only for "git push". + + * "git grep -m<max-hits>" is a way to limit the hits shown per file. + + * "git merge-tree" learned a new mode where it takes two commits and + computes a tree that would result in the merge commit, if the + histories leading to these two commits were to be merged. + + * "git mv A B" in a sparsely populated working tree can be asked to + move a path between directories that are "in cone" (i.e. expected + to be materialized in the working tree) and "out of cone" + (i.e. expected to be hidden). The handling of such cases has been + improved. + + * Earlier, HTTP transport clients learned to tell the server side + what locale they are in by sending Accept-Language HTTP header, but + this was done only for some requests but not others. + + * Introduce a discovery.barerepository configuration variable that + allows users to forbid discovery of bare repositories. + + * Various messages that come from the pack-bitmap codepaths have been + tweaked. + + * "git rebase -i" learns to update branches whose tip appear in the + rebased range with "--update-refs" option. + + +Performance, Internal Implementation, Development Support etc. + + * Collection of what is referenced by objects in promisor packs have + been optimized to inspect these objects in the in-pack order. + + * Introduce a helper to see if a branch is already being worked on + (hence should not be newly checked out in a working tree), which + performs much better than the existing find_shared_symref() to + replace many uses of the latter. + + * Teach "git archive" to (optionally and then by default) avoid + spawning an external "gzip" process when creating ".tar.gz" (and + ".tgz") archives. + + * Allow large objects read from a packstream to be streamed into a + loose object file straight, without having to keep it in-core as a + whole. + + * Further preparation to turn git-submodule.sh into a builtin + continues. + + * Apply Coccinelle rule to turn raw memmove() into MOVE_ARRAY() cpp + macro, which would improve maintainability and readability. + + * Teach "make all" to build gitweb as well. + + * Tweak tests so that they still work when the "git init" template + did not create .git/info directory. + + * Add Coccinelle rules to detect the pattern of initializing and then + finalizing a structure without using it in between at all, which + happens after code restructuring and the compilers fail to + recognize as an unused variable. + + * The code to convert between GPG trust level strings and internal + constants we use to represent them have been cleaned up. + + * Support for libnettle as SHA256 implementation has been added. + + * The way "git multi-pack" uses parse-options API has been improved. + + * A coccinelle rule (in contrib/) to encourage use of COPY_ARRAY + macro has been improved. + + * API tweak to make it easier to run fuzz testing on commit-graph parser. + + * Omit fsync-related trace2 entries when their values are all zero. + + +Fixes since v2.37 +----------------- + + * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't + correctly record a removed file to the index, which was fixed. + + * Certain diff options are currently ignored when combined-diff is + shown; mark them as incompatible with the feature. + + * Adjust technical/bitmap-format to be formatted by AsciiDoc, and + add some missing information to the documentation. + + * Fixes for tests when the source directory has unusual characters in + its path, e.g. whitespaces, double-quotes, etc. + + * "git mktree --missing" lazily fetched objects that are missing from + the local object store, which was totally unnecessary for the purpose + of creating the tree object(s) from its input. + + * Give _() markings to fatal/warning/usage: labels that are shown in + front of these messages. + + * References to commands-to-be-typed-literally in "git rebase" + documentation mark-up have been corrected. + + * In a non-bare repository, the behavior of Git when the + core.worktree configuration variable points at a directory that has + a repository as its subdirectory, regressed in Git 2.27 days. + + * Recent update to vimdiff layout code has been made more robust + against different end-user vim settings. + + * Plug various memory leaks. + (merge ece3974ba6 ab/leakfix later to maint). + + * Plug various memory leaks in test-tool commands. + (merge f40a693450 ab/test-tool-leakfix later to maint). + + * Fixes a long-standing corner case bug around directory renames in + the merge-ort strategy. + + * The resolve-undo information in the index was not protected against + GC, which has been corrected. + (merge e0ad13977a jc/resolve-undo later to maint). + + * A corner case bug where lazily fetching objects from a promisor + remote resulted in infinite recursion has been corrected. + (merge cb88b37cb9 hx/lookup-commit-in-graph-fix later to maint). + + * "git clone" from a repository with some ref whose HEAD is unborn + did not set the HEAD in the resulting repository correctly, which + has been corrected. + (merge daf7898abb jk/clone-unborn-confusion later to maint). + + * An earlier attempt to plug leaks placed a clean-up label to jump to + at a bogus place, which as been corrected. + + * Variable quoting fix in the vimdiff driver of "git mergetool" + + * "git shortlog -n" relied on the underlying qsort() to be stable, + which shouldn't have. Fixed. + + * A fix for a regression in test framework. + + * mkstemp() emulation on Windows has been improved. + (merge ae25974de3 rs/mingw-tighten-mkstemp later to maint). + + * Add missing documentation for "include" and "includeIf" features in + "git config" file format, which incidentally teaches the command + line completion to include them in its offerings. + (merge 07aed58017 mb/config-document-include later to maint). + + * Avoid "white/black-list" in documentation and code comments. + (merge f5adaa5cc3 ds/doc-wo-whitelist later to maint). + + * Workaround for a compiler warning against use of die() in + osx-keychain (in contrib/). + (merge f2fc531585 ld/osx-keychain-usage-fix later to maint). + + * Workaround for a false positive compiler warning. + (merge b4f52f09ae ds/win-syslog-compiler-fix later to maint). + + * "git p4" working on UTF-16 files on Windows did not implement + CRLF-to-LF conversion correctly, which has been corrected. + (merge 4d35f74421 mb/p4-utf16-crlf later to maint). + + * "git p4" did not handle non-ASCII client name well, which has been + corrected. + (merge d205483695 kk/p4-client-name-encoding-fix later to maint). + + * "rerere-train" script (in contrib/) used to honor commit.gpgSign + while recreating the throw-away merges. + (merge cc391fc886 cl/rerere-train-with-no-sign later to maint). + + * "git checkout" miscounted the paths it updated, which has been + corrected. + (merge 611c7785e8 mt/checkout-count-fix later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge a700395eaf ma/t4200-update later to maint). + (merge ae436f283c ma/sparse-checkout-cone-doc-fix later to maint). + (merge a10f6e2bda sg/index-format-doc-update later to maint). + (merge ce5f07983d mt/pkt-line-comment-tweak later to maint). |