-
git-core (1:1.5.4.3-1ubuntu2.1) hardy-security; urgency=high
[ David Leadbeater ]
* SECURITY UPDATE: Fix remote code execution in gitweb (LP: #317052)
- CVE-2008-5516: http://repo.or.cz/w/git.git?a=commitdiff;h=c582abae
- CVE-2008-5517: http://repo.or.cz/w/git.git?a=commitdiff;h=516381d5
[ Marc Deslauriers ]
* SECURITY UPDATE: arbitrary code execution via long PATH in diff_addremove
and diff_change (LP: #248750)
- debian/diff/0007-SECURITY-CVE-2008-3546.diff: safely build the full path.
- CVE-2008-3546
* SECURITY UPDATE: arbitrary command execution via diff.external configuration
variable.
- debian/diff/0008-SECURITY-CVE-2008-5916.diff: remove unused legacy-style
URI code in gitweb/gitweb.perl.
- CVE-2008-5916
-- Marc Deslauriers <email address hidden> Thu, 12 Feb 2009 15:49:08 -0500
-
git-core (1:1.5.4.3-1ubuntu2) hardy; urgency=low
* debian/rules: Use wish8.4 for the tcl interpreter, to match our dependency
in debian/control. (LP: #196846)
-- Bryan Donlan <email address hidden> Sun, 06 Apr 2008 18:53:53 -0400
-
git-core (1:1.5.4.3-1ubuntu1) hardy; urgency=low
* debian/control: Switch back Tcl/Tk dependencies to 8.4, since that's what
we settled for in Hardy.
* debian/control: Drop recently introduced cvsps build dependency; it's only
necessary for some self tests, but is in universe.
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- Martin Pitt <email address hidden> Wed, 27 Feb 2008 16:34:26 +0100
-
git-core (1:1.5.4.3-1) unstable; urgency=low
* new upstream point release.
* git-clone.sh: properly configure remote even if remote's head is
dangling (closes: #466581).
* debian/diff/0004-gitk-properly-deal-with-tag-names-containing-sl.diff:
new: from upstream master: gitk: properly deal with tag names containing /
(slash) (closes: #464104).
* debian/git-daemon-run.postrm: adapt paths in /var/.
git-core (1:1.5.4.2-2) unstable; urgency=low
* debian/rules: git-daemon-run: no longer include symlinks for ./supervise/
subdirectories, update-service now takes care of this.
* debian/git-daemon-run.postinst: remove ad re-add git-daemon service on
upgrade from <= 1.5.4.2-1.
git-core (1:1.5.4.2-1) unstable; urgency=low
* new upstream point release.
* cvsimport: have default merge regex also match beginning of commit
message (thx Frédéric Brière, closes: #463468).
* builtin-commit: remove .git/SQUASH_MSG upon successful commit (closes:
#464656).
* debian/rules: change TCLTK_PATH to /usr/bin/wish8.5 in OPTS.
* debian/control: Build-Depends: tcl8.5; git-gui, gitk: Depends: tk8.5
(closes: #456423).
* debian/git-daemon-run.postinst, debian/git-daemon-run.postrm,
debian/git-daemon-run.prerm: use runit's update-service program to
add/remove the git daemon service, instead of dealing with symlinks in
/var/service/ directly.
* debian/control: package git-daemon: Depends: runit (>= 1.8.0-2) (1st
version that provides the update-service program).
git-core (1:1.5.4.1-1) unstable; urgency=medium
* debian/control: Build-Depends: cvsps (for selftests, thx Marco Rodrigues,
closes: #463896).
* new upstream point release.
git-core (1:1.5.4-1) unstable; urgency=low
* merge branch debian-experimental.
* new upstream release.
* debian/git-core.README.Debian: add Alias'es for git-favicon.png and
git-logo.png to the VirtualHost example (thx Frederic Briere, closes:
#463732).
* debian/rules: target build-arch-stamp: re-run selftests with --verbose
on test failures.
git-core (1:1.5.4~rc5-1) experimental; urgency=low
* new upstream release candidate.
git-core (1:1.5.4~rc4-1) experimental; urgency=low
* new upstream release candidate.
* debian/diff/0003-bug-448655-check-etc-mailname-if-author-email-is-un.diff:
adapt; don't warn if /etc/mailname does not exist (closes: #461844).
* debian/rules: install /usr/share/gitk/ into the gitk package, not
git-core.
git-core (1:1.5.4~rc3-1) experimental; urgency=low
* merge branch debian-sid.
* new upstream release candidate.
* "git pull --tags": error out with a better message (closes: #456035).
* gitk: use user-configured background in view definition dialog
(closes: #457124).
* debian/control: Build-Depends: cvs, libdbd-sqlite3-perl (for selftests).
-- Lucas Caba?as <email address hidden> Tue, 26 Feb 2008 20:36:36 +0000
-
git-core (1:1.5.3.8-1ubuntu1) hardy; urgency=low
* debian/diff/0006-svn-update-before-svn-commit.diff: make sure to do
an svn update before svn commit in the test, else we get a test
suite failure unrelated to the test itself. LP: #194460.
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- Steve Langasek <email address hidden> Mon, 25 Feb 2008 21:04:15 +0000
-
git-core (1:1.5.3.8-1) unstable; urgency=low
* debian/control: for all packages: Suggests: git-doc instead of
Recommends: (thx Andrew Moise, closes: #455369).
* debian/control: add Vcs-Git: http://smarden.org/git/git.git/.
* new upstream point release.
-- LaMont Jones <email address hidden> Fri, 25 Jan 2008 11:10:07 +0000
-
git-core (1:1.5.3.7-1) unstable; urgency=low
* new upstream point release.
* debian/diff/0005-Don-t-cache-DESTDIR-in-perl-perl.mak.diff: new; don't
cache DESTDIR in perl/perl.mak (#452077).
* debian/rules: remove $(MAKE) -C perl clean to remove the perl/perl.mak
again, this is now handled through debian/diff/0005 (thx Pierre
Habouzit, #452077).
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Dec 2007 00:28:20 +0000
-
git-core (1:1.5.3.6-1.1) unstable; urgency=low
* Non-maintainer upload: Gerrit is currently changing home, and this bug is
preventing people from installing git, I took the initiative to fix it
before his return.
* debian/rules: force a $(MAKE) -C perl clean to remove the perl/perl.mak
that remembers our DESTDIR and makes perl modules be installed in
debian/git-core/ in the install-indep target again
(closes: #452077, #452078, #452080, #452111, #452324).
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 23 Nov 2007 08:49:59 +0000
-
git-core (1:1.5.3.6-1) unstable; urgency=low
* debian/implicit: add proper dependencies to support 'parallel build'
through make -j (thx Daniel Schepler for the patch).
* debian/rules: support 'nocheck' in DEB_BUILD_OPTIONS to skip running
the selftests.
* debian/diff/0003-bug-448655-check-etc-mailname-if-author-email-is-un.diff:
new; check /etc/mailname if author email is unknown (closes: #448655).
* debian/gitweb.docs: new; install gitweb/README.
* new upstream point release.
* git-cvsimport: really convert underscores in branch names to dots with
-u (closes: #446495).
* git-mailsplit: with maildirs not only process cur/, but also new/
(closes: #447396).
* debian/diff/0004-contrib-hooks-post-receive-email-make-subject-prefix.diff:
new; cherry-pick'ed from master: contrib/hooks/post-receive-email: make
subject prefix configurable (closes: #428418).
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 20 Nov 2007 13:37:43 +0000
-
git-core (1:1.5.3.5-1) unstable; urgency=low
* new upstream point release.
* git-config: handle --file option with relative pathname properly;
git-config: print error message if the config file cannot be read;
git-config: don't silently ignore options after --list (closes:
#445208).
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 05 Nov 2007 19:21:42 +0000
-
git-core (1:1.5.3.4-1) unstable; urgency=low
* new upstream point release (closes: #445188).
git-core (1:1.5.3.3-1) unstable; urgency=low
* new upstream point release.
git-core (1:1.5.3.2-1) unstable; urgency=low
* new upstream point release.
* git-svn: fix "Malformed network data" with svn:// servers (closes:
#430091, #436142).
* git-commit: Allow partial commit of file removal (closes: #437817).
* git-gui: lib/index.tcl: handle files with % in the filename properly
(closes: #441167).
* git-clone: improve error message if curl program is missing or not
executable (closes: #440976).
* debian/git-daemon-run.postinst: use 'sv -v term git-daemon' instead of
'sv restart git-daemon' to restart git-daemon service if it was running.
* debian/control: git-core: no longer Suggests: cogito, which was removed.
* debian/diff/genindex.diff: apply and remove.
* debian/gitweb.conf: comment out $home_link, and set to gitweb.cgi's
default (thx Ansgar Burchardt for the patch, closes: 441694).
git-core (1:1.5.3.1-1) unstable; urgency=low
* new upstream point release.
* debian/control: git-daemon-run: improve long description (closes:
#440699).
* debian/git-daemon-run.README.Debian: improve.
* debian/control: git-svn: improve long description.
* debian/control: git-cvs: improve long description.
* debian/control: git-core: improve long description (closes: #412560).
git-core (1:1.5.3-1) unstable; urgency=low
* merge branch debian-experimental.
* new upstream release.
* debian/control: git-email: move libemail-valid-perl from Depends: to
Recommends: (thx Uwe Kleine-Koenig, closes: #439902).
* debian/control: git-email: no longer Depends: libmail-sendmail-perl (thx
Uwe Kleine-Koenig).
git-core (1:1.5.3~rc7-1) experimental; urgency=low
* new upstream release candidate.
* debian/diff/0002-git-merge-do-up-to-date-check-also-for-all-strategie.diff:
remove; included upstream.
git-core (1:1.5.3~rc6-1) experimental; urgency=low
* new upstream release candidate.
* git-am: initialize variable $resume on startup (closes: #435807).
* debian/diff/0002-git-merge-do-up-to-date-check-also-for-all-strategie.diff:
new; http://article.gmane.org/gmane.comp.version-control.git/55981.
* debian/diff/0003-git-sh-setup.sh-fallback-to-editor-not-vi-if-VI.diff:
new; git-sh-setup.sh: fallback to 'editor' not 'vi' if $VISUAL and $EDITOR
are unset (thx Mike Hommey, closes: #438793).
* merge branch debian-sid.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Oct 2007 16:21:05 +0100
-
git-core (1:1.5.2.5-2build1) gutsy; urgency=low
* No changes from Debian.
-- LaMont Jones <email address hidden> Fri, 07 Sep 2007 10:39:45 -0600
