lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7v8vzqntl0.fsf@alter.siamese.dyndns.org>
Date:	Wed, 15 Dec 2010 22:02:35 -0800
From:	Junio C Hamano <gitster@...ox.com>
To:	git@...r.kernel.org
Subject: [ANNOUNCE] Git 1.7.3.4, 1.6.6.3 and others

The latest maintenance release Git 1.7.3.4 is available at the
usual places:

  http://www.kernel.org/pub/software/scm/git/

  git-1.7.3.4.tar.{gz,bz2}			(source tarball)
  git-htmldocs-1.7.3.4.tar.{gz,bz2}		(preformatted docs)
  git-manpages-1.7.3.4.tar.{gz,bz2}		(preformatted docs)

The RPM binary packages for a few architectures are found in:

  RPMS/$arch/git-*-1.7.3.4-1.fc13.$arch.rpm	(RPM)

Among many fixes since v1.7.3.3, it contains a fix to a recently
discovered XSS vulnerability in Gitweb (CVE 2010-3906).  A backport
to an earlier maintenance track 1.6.6.3 is available (replace 1.7.3.4 with
1.6.6.3 above).

The Gitweb fix has also been backported to maintenance tracks of other
earlier releases (1.7.2.5, 1.7.1.4, 1.7.0.9, 1.6.5.9, and 1.6.4.5) and are
available from the main repository and shortly will be available from its
mirrors:

  git://git.kernel.org/pub/scm/git/git.git/
  git://repo.or.cz/alt-git.git/
  git://git-core.git.sourceforge.net/gitroot/git-core/git-core/
  git://github.com/git/git.git/

----------------------------------------------------------------

Git v1.7.3.4 Release Notes
==========================

Fixes since v1.7.3.3
--------------------

 * Smart HTTP transport used to incorrectly retry redirected POST
   request with GET request.

 * "git apply" did not correctly handle patches that only change modes
   if told to apply while stripping leading paths with -p option.

 * "git apply" can deal with patches with timezone formatted with a
   colon between the hours and minutes part (e.g. "-08:00" instead of
   "-0800").

 * "git checkout" removed an untracked file "foo" from the working
   tree when switching to a branch that contains a tracked path
   "foo/bar".  Prevent this, just like the case where the conflicting
   path were "foo" (c752e7f..7980872d).

 * "git cherry-pick" or "git revert" refused to work when a path that
   would be modified by the operation was stat-dirty without a real
   difference in the contents of the file.

 * "git diff --check" reported an incorrect line number for added
   blank lines at the end of file.

 * "git imap-send" failed to build under NO_OPENSSL.

 * Setting log.decorate configuration variable to "0" or "1" to mean
   "false" or "true" did not work.

 * "git push" over dumb HTTP protocol did not work against WebDAV
   servers that did not terminate a collection name with a slash.

 * "git tag -v" did not work with GPG signatures in rfc1991 mode.

 * The post-receive-email sample hook was accidentally broken in 1.7.3.3
   update.

 * "gitweb" can sometimes be tricked into parrotting a filename argument
   given in a request without properly quoting.

Other minor fixes and documentation updates are also included.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ