debian: new upstream point release
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
diff --git a/debian/changelog b/debian/changelog
index 982b018..c868b2e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+git (1:2.26.2-1) unstable; urgency=high
+
+ * new upstream point release (see RelNotes/2.26.2.txt).
+ * Addresses the security issue CVE-2020-11008.
+
+ With a crafted URL that contains a newline or empty host, or
+ lacks a scheme, the credential helper machinery can be fooled
+ into providing credential information that is not appropriate
+ for the protocol in use and host being contacted.
+
+ Unlike the vulnerability fixed in 2.26.1, the credentials are
+ not for a host of the attacker's choosing. Instead, they are
+ for an unspecified host, based on how the configured
+ credential helper handles an absent "host" parameter.
+
+ The attack has been made impossible by refusing to work with
+ underspecified credential patterns.
+
+ Thanks to Carlo Arenas for reporting that Git was still
+ vulnerable, Felix Wilhelm for providing the proof of concept
+ demonstrating this issue, and Jeff King for promptly providing
+ a corrected fix.
+
+ Tested using the proof of concept at
+ https://crbug.com/project-zero/2021.
+
+ -- Jonathan Nieder <jrnieder@gmail.com> Mon, 20 Apr 2020 10:44:09 -0700
+
git (1:2.26.1-1) unstable; urgency=high
* new upstream point release (see RelNotes/2.26.1.txt).
diff --git a/debian/changelog.upstream b/debian/changelog.upstream
index 0722ed1..17d0ff5 100644
--- a/debian/changelog.upstream
+++ b/debian/changelog.upstream
@@ -1,3 +1,34 @@
+Version v2.26.2; changes since v2.26.1:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.26.1; changes since v2.26.0:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.26.0; changes since v2.26.0-rc2:
-------------------------------------------
@@ -162,7 +193,7 @@
remote-curl: show progress for fetches over dumb HTTP
-Version v2.26.0-rc0; changes since v2.25.2:
+Version v2.26.0-rc0; changes since v2.25.4:
-------------------------------------------
Abhishek Kumar (2):
@@ -588,6 +619,37 @@
credential: allow wildcard patterns when matching config
+Version v2.25.4; changes since v2.25.3:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.25.3; changes since v2.25.2:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.25.2; changes since v2.25.1:
---------------------------------------
@@ -870,7 +932,7 @@
Git 2.25-rc1
-Version v2.25.0-rc0; changes since v2.24.1:
+Version v2.25.0-rc0; changes since v2.24.3:
-------------------------------------------
Alban Gruin (6):
@@ -1475,6 +1537,40 @@
userdiff: add Elixir to supported userdiff languages
+Version v2.24.3; changes since v2.24.2:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.24.2; changes since v2.24.1:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Johannes Schindelin (1):
+ msvc: accommodate for vcpkg's upgrade to OpenSSL v1.1.x
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.24.1; changes since v2.24.0:
---------------------------------------
@@ -1668,7 +1764,7 @@
remote-curl: pass on atomic capability to remote side
-Version v2.24.0-rc0; changes since v2.23.1:
+Version v2.24.0-rc0; changes since v2.23.3:
-------------------------------------------
Adam Roben (1):
@@ -2291,6 +2387,37 @@
rebase tests: test linear branch topology
+Version v2.23.3; changes since v2.23.2:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.23.2; changes since v2.23.1:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.23.1; changes since v2.23.0:
---------------------------------------
@@ -2511,7 +2638,7 @@
t2203: avoid hard-coded object ID values
-Version v2.23.0-rc0; changes since v2.22.2:
+Version v2.23.0-rc0; changes since v2.22.4:
-------------------------------------------
Andrey Mazo (8):
@@ -2908,6 +3035,37 @@
clone: test for our behavior on odd objects/* content
+Version v2.22.4; changes since v2.22.3:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.22.3; changes since v2.22.2:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.22.2; changes since v2.22.1:
---------------------------------------
@@ -3369,7 +3527,7 @@
mingw: enable DEP and ASLR
-Version v2.22.0-rc0; changes since v2.21.1:
+Version v2.22.0-rc0; changes since v2.21.3:
-------------------------------------------
Alban Gruin (18):
@@ -4137,6 +4295,37 @@
trace2: fix up a missing "leave" entry point
+Version v2.21.3; changes since v2.21.2:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.21.2; changes since v2.21.1:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.21.1; changes since v2.21.0:
---------------------------------------
@@ -4360,7 +4549,7 @@
rebase: fix regression in rebase.useBuiltin=false test mode
-Version v2.21.0-rc0; changes since v2.20.2:
+Version v2.21.0-rc0; changes since v2.20.4:
-------------------------------------------
Arti Zirk (1):
@@ -4896,6 +5085,37 @@
diff-tree doc: correct & remove wrong documentation
+Version v2.20.4; changes since v2.20.3:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.20.3; changes since v2.20.2:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.20.2; changes since v2.20.1:
---------------------------------------
@@ -5124,7 +5344,7 @@
git-compat-util: prefer poll.h to sys/poll.h
-Version v2.20.0-rc0; changes since v2.19.3:
+Version v2.20.0-rc0; changes since v2.19.5:
-------------------------------------------
Aaron Lindsay (1):
@@ -5999,6 +6219,37 @@
tests: add a special setup where rebase.useBuiltin is off
+Version v2.19.5; changes since v2.19.4:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.19.4; changes since v2.19.3:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.19.3; changes since v2.19.2:
---------------------------------------
@@ -6384,7 +6635,7 @@
refactor various if (x) FREE_AND_NULL(x) to just FREE_AND_NULL(x)
-Version v2.19.0-rc0; changes since v2.18.2:
+Version v2.19.0-rc0; changes since v2.18.4:
-------------------------------------------
Aaron Schrab (1):
@@ -7215,6 +7466,37 @@
completion: complete remote names too
+Version v2.18.4; changes since v2.18.3:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.18.3; changes since v2.18.2:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.18.2; changes since v2.18.1:
---------------------------------------
@@ -7483,7 +7765,7 @@
t3430: test clean-up
-Version v2.18.0-rc0; changes since v2.17.3:
+Version v2.18.0-rc0; changes since v2.17.5:
-------------------------------------------
Anders Kaseorg (1):
@@ -8384,6 +8666,37 @@
get_short_oid: sort ambiguous objects by type, then SHA-1
+Version v2.17.5; changes since v2.17.4:
+---------------------------------------
+
+Jeff King (6):
+ t0300: make "quit" helper more realistic
+ t0300: use more realistic inputs
+ credential: parse URL without host as empty host, not unset
+ credential: refuse to operate when missing host or protocol
+ credential: die() when parsing invalid urls
+ Git 2.17.5
+
+Jonathan Nieder (4):
+ fsck: convert gitmodules url to URL passed to curl
+ credential: treat URL without scheme as invalid
+ credential: treat URL with empty scheme as invalid
+ fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.17.4; changes since v2.17.3:
+---------------------------------------
+
+Jeff King (4):
+ credential: avoid writing values with newlines
+ t/lib-credential: use test_i18ncmp to check stderr
+ credential: detect unrepresentable values when parsing urls
+ fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+ Git 2.17.4
+
+
Version v2.17.3; changes since v2.17.2:
---------------------------------------
diff --git a/debian/versions.upstream b/debian/versions.upstream
index 18733f0..224cac8 100644
--- a/debian/versions.upstream
+++ b/debian/versions.upstream
@@ -623,12 +623,16 @@
v2.17.1
v2.17.2
v2.17.3
+v2.17.4
+v2.17.5
v2.18.0-rc0
v2.18.0-rc1
v2.18.0-rc2
v2.18.0
v2.18.1
v2.18.2
+v2.18.3
+v2.18.4
v2.19.0-rc0
v2.19.0-rc1
v2.19.0-rc2
@@ -636,17 +640,23 @@
v2.19.1
v2.19.2
v2.19.3
+v2.19.4
+v2.19.5
v2.20.0-rc0
v2.20.0-rc1
v2.20.0-rc2
v2.20.0
v2.20.1
v2.20.2
+v2.20.3
+v2.20.4
v2.21.0-rc0
v2.21.0-rc1
v2.21.0-rc2
v2.21.0
v2.21.1
+v2.21.2
+v2.21.3
v2.22.0-rc0
v2.22.0-rc1
v2.22.0-rc2
@@ -654,23 +664,33 @@
v2.22.0
v2.22.1
v2.22.2
+v2.22.3
+v2.22.4
v2.23.0-rc0
v2.23.0-rc1
v2.23.0-rc2
v2.23.0
v2.23.1
+v2.23.2
+v2.23.3
v2.24.0-rc0
v2.24.0-rc1
v2.24.0-rc2
v2.24.0
v2.24.1
+v2.24.2
+v2.24.3
v2.25.0-rc0
v2.25.0-rc1
v2.25.0-rc2
v2.25.0
v2.25.1
v2.25.2
+v2.25.3
+v2.25.4
v2.26.0-rc0
v2.26.0-rc1
v2.26.0-rc2
v2.26.0
+v2.26.1
+v2.26.2