debian: new upstream point release

Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
diff --git a/debian/changelog b/debian/changelog
index 982b018..c868b2e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+git (1:2.26.2-1) unstable; urgency=high
+
+  * new upstream point release (see RelNotes/2.26.2.txt).
+    * Addresses the security issue CVE-2020-11008.
+
+      With a crafted URL that contains a newline or empty host, or
+      lacks a scheme, the credential helper machinery can be fooled
+      into providing credential information that is not appropriate
+      for the protocol in use and host being contacted.
+
+      Unlike the vulnerability fixed in 2.26.1, the credentials are
+      not for a host of the attacker's choosing.  Instead, they are
+      for an unspecified host, based on how the configured
+      credential helper handles an absent "host" parameter.
+
+      The attack has been made impossible by refusing to work with
+      underspecified credential patterns.
+
+      Thanks to Carlo Arenas for reporting that Git was still
+      vulnerable, Felix Wilhelm for providing the proof of concept
+      demonstrating this issue, and Jeff King for promptly providing
+      a corrected fix.
+
+      Tested using the proof of concept at
+      https://crbug.com/project-zero/2021.
+
+ -- Jonathan Nieder <jrnieder@gmail.com>  Mon, 20 Apr 2020 10:44:09 -0700
+
 git (1:2.26.1-1) unstable; urgency=high
 
   * new upstream point release (see RelNotes/2.26.1.txt).
diff --git a/debian/changelog.upstream b/debian/changelog.upstream
index 0722ed1..17d0ff5 100644
--- a/debian/changelog.upstream
+++ b/debian/changelog.upstream
@@ -1,3 +1,34 @@
+Version v2.26.2; changes since v2.26.1:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.26.1; changes since v2.26.0:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.26.0; changes since v2.26.0-rc2:
 -------------------------------------------
 
@@ -162,7 +193,7 @@
       remote-curl: show progress for fetches over dumb HTTP
 
 
-Version v2.26.0-rc0; changes since v2.25.2:
+Version v2.26.0-rc0; changes since v2.25.4:
 -------------------------------------------
 
 Abhishek Kumar (2):
@@ -588,6 +619,37 @@
       credential: allow wildcard patterns when matching config
 
 
+Version v2.25.4; changes since v2.25.3:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.25.3; changes since v2.25.2:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.25.2; changes since v2.25.1:
 ---------------------------------------
 
@@ -870,7 +932,7 @@
       Git 2.25-rc1
 
 
-Version v2.25.0-rc0; changes since v2.24.1:
+Version v2.25.0-rc0; changes since v2.24.3:
 -------------------------------------------
 
 Alban Gruin (6):
@@ -1475,6 +1537,40 @@
       userdiff: add Elixir to supported userdiff languages
 
 
+Version v2.24.3; changes since v2.24.2:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.24.2; changes since v2.24.1:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Johannes Schindelin (1):
+      msvc: accommodate for vcpkg's upgrade to OpenSSL v1.1.x
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.24.1; changes since v2.24.0:
 ---------------------------------------
 
@@ -1668,7 +1764,7 @@
       remote-curl: pass on atomic capability to remote side
 
 
-Version v2.24.0-rc0; changes since v2.23.1:
+Version v2.24.0-rc0; changes since v2.23.3:
 -------------------------------------------
 
 Adam Roben (1):
@@ -2291,6 +2387,37 @@
       rebase tests: test linear branch topology
 
 
+Version v2.23.3; changes since v2.23.2:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.23.2; changes since v2.23.1:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.23.1; changes since v2.23.0:
 ---------------------------------------
 
@@ -2511,7 +2638,7 @@
       t2203: avoid hard-coded object ID values
 
 
-Version v2.23.0-rc0; changes since v2.22.2:
+Version v2.23.0-rc0; changes since v2.22.4:
 -------------------------------------------
 
 Andrey Mazo (8):
@@ -2908,6 +3035,37 @@
       clone: test for our behavior on odd objects/* content
 
 
+Version v2.22.4; changes since v2.22.3:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.22.3; changes since v2.22.2:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.22.2; changes since v2.22.1:
 ---------------------------------------
 
@@ -3369,7 +3527,7 @@
       mingw: enable DEP and ASLR
 
 
-Version v2.22.0-rc0; changes since v2.21.1:
+Version v2.22.0-rc0; changes since v2.21.3:
 -------------------------------------------
 
 Alban Gruin (18):
@@ -4137,6 +4295,37 @@
       trace2: fix up a missing "leave" entry point
 
 
+Version v2.21.3; changes since v2.21.2:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.21.2; changes since v2.21.1:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.21.1; changes since v2.21.0:
 ---------------------------------------
 
@@ -4360,7 +4549,7 @@
       rebase: fix regression in rebase.useBuiltin=false test mode
 
 
-Version v2.21.0-rc0; changes since v2.20.2:
+Version v2.21.0-rc0; changes since v2.20.4:
 -------------------------------------------
 
 Arti Zirk (1):
@@ -4896,6 +5085,37 @@
       diff-tree doc: correct & remove wrong documentation
 
 
+Version v2.20.4; changes since v2.20.3:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.20.3; changes since v2.20.2:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.20.2; changes since v2.20.1:
 ---------------------------------------
 
@@ -5124,7 +5344,7 @@
       git-compat-util: prefer poll.h to sys/poll.h
 
 
-Version v2.20.0-rc0; changes since v2.19.3:
+Version v2.20.0-rc0; changes since v2.19.5:
 -------------------------------------------
 
 Aaron Lindsay (1):
@@ -5999,6 +6219,37 @@
       tests: add a special setup where rebase.useBuiltin is off
 
 
+Version v2.19.5; changes since v2.19.4:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.19.4; changes since v2.19.3:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.19.3; changes since v2.19.2:
 ---------------------------------------
 
@@ -6384,7 +6635,7 @@
       refactor various if (x) FREE_AND_NULL(x) to just FREE_AND_NULL(x)
 
 
-Version v2.19.0-rc0; changes since v2.18.2:
+Version v2.19.0-rc0; changes since v2.18.4:
 -------------------------------------------
 
 Aaron Schrab (1):
@@ -7215,6 +7466,37 @@
       completion: complete remote names too
 
 
+Version v2.18.4; changes since v2.18.3:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.18.3; changes since v2.18.2:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.18.2; changes since v2.18.1:
 ---------------------------------------
 
@@ -7483,7 +7765,7 @@
       t3430: test clean-up
 
 
-Version v2.18.0-rc0; changes since v2.17.3:
+Version v2.18.0-rc0; changes since v2.17.5:
 -------------------------------------------
 
 Anders Kaseorg (1):
@@ -8384,6 +8666,37 @@
       get_short_oid: sort ambiguous objects by type, then SHA-1
 
 
+Version v2.17.5; changes since v2.17.4:
+---------------------------------------
+
+Jeff King (6):
+      t0300: make "quit" helper more realistic
+      t0300: use more realistic inputs
+      credential: parse URL without host as empty host, not unset
+      credential: refuse to operate when missing host or protocol
+      credential: die() when parsing invalid urls
+      Git 2.17.5
+
+Jonathan Nieder (4):
+      fsck: convert gitmodules url to URL passed to curl
+      credential: treat URL without scheme as invalid
+      credential: treat URL with empty scheme as invalid
+      fsck: reject URL with empty host in .gitmodules
+
+
+Version v2.17.4; changes since v2.17.3:
+---------------------------------------
+
+Jeff King (4):
+      credential: avoid writing values with newlines
+      t/lib-credential: use test_i18ncmp to check stderr
+      credential: detect unrepresentable values when parsing urls
+      fsck: detect gitmodules URLs with embedded newlines
+
+Junio C Hamano (1):
+      Git 2.17.4
+
+
 Version v2.17.3; changes since v2.17.2:
 ---------------------------------------
 
diff --git a/debian/versions.upstream b/debian/versions.upstream
index 18733f0..224cac8 100644
--- a/debian/versions.upstream
+++ b/debian/versions.upstream
@@ -623,12 +623,16 @@
 v2.17.1
 v2.17.2
 v2.17.3
+v2.17.4
+v2.17.5
 v2.18.0-rc0
 v2.18.0-rc1
 v2.18.0-rc2
 v2.18.0
 v2.18.1
 v2.18.2
+v2.18.3
+v2.18.4
 v2.19.0-rc0
 v2.19.0-rc1
 v2.19.0-rc2
@@ -636,17 +640,23 @@
 v2.19.1
 v2.19.2
 v2.19.3
+v2.19.4
+v2.19.5
 v2.20.0-rc0
 v2.20.0-rc1
 v2.20.0-rc2
 v2.20.0
 v2.20.1
 v2.20.2
+v2.20.3
+v2.20.4
 v2.21.0-rc0
 v2.21.0-rc1
 v2.21.0-rc2
 v2.21.0
 v2.21.1
+v2.21.2
+v2.21.3
 v2.22.0-rc0
 v2.22.0-rc1
 v2.22.0-rc2
@@ -654,23 +664,33 @@
 v2.22.0
 v2.22.1
 v2.22.2
+v2.22.3
+v2.22.4
 v2.23.0-rc0
 v2.23.0-rc1
 v2.23.0-rc2
 v2.23.0
 v2.23.1
+v2.23.2
+v2.23.3
 v2.24.0-rc0
 v2.24.0-rc1
 v2.24.0-rc2
 v2.24.0
 v2.24.1
+v2.24.2
+v2.24.3
 v2.25.0-rc0
 v2.25.0-rc1
 v2.25.0-rc2
 v2.25.0
 v2.25.1
 v2.25.2
+v2.25.3
+v2.25.4
 v2.26.0-rc0
 v2.26.0-rc1
 v2.26.0-rc2
 v2.26.0
+v2.26.1
+v2.26.2