lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 10 Sep 2015 13:24:52 -0700
From:	Junio C Hamano <gitster@...ox.com>
To:	git@...r.kernel.org
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: [ANNOUNCE] Git v2.5.2, v2.4.9, v2.3.9 and v2.2.3

The latest maintenance release Git v2.5.2 is now available at the
usual places, together with updates to older maintenance tracks,
v2.4.9, v2.3.9 and v2.2.3.  These updates to older tracks are to
plug buffer overflows due to fixed-sized buffers used to store
pathnames in a handful of codepaths (kudos to Peff).

The maintenance release 2.5.2 for the current maintenance track also
contains other fixes that was recently made on the 'master' front.

The tarballs are found at:

    https://www.kernel.org/pub/software/scm/git/

The following public repositories all have a copy of the 'v2.5.2'
tag and the 'maint' branch that the tag points at:

  url = https://kernel.googlesource.com/pub/scm/git/git
  url = git://repo.or.cz/alt-git.git
  url = git://git.sourceforge.jp/gitroot/git-core/git.git
  url = git://git-core.git.sourceforge.net/gitroot/git-core/git-core
  url = https://github.com/gitster/git

----------------------------------------------------------------

Git v2.5.2 Release Notes
========================

Fixes since v2.5.1
------------------

 * "git init empty && git -C empty log" said "bad default revision 'HEAD'",
   which was found to be a bit confusing to new users.

 * The "interpret-trailers" helper mistook a multi-paragraph title of
   a commit log message with a colon in it as the end of the trailer
   block.

 * When re-priming the cache-tree opportunistically while committing
   the in-core index as-is, we mistakenly invalidated the in-core
   index too aggressively, causing the experimental split-index code
   to unnecessarily rewrite the on-disk index file(s).

 * "git archive" did not use zip64 extension when creating an archive
   with more than 64k entries, which nobody should need, right ;-)?

 * The code in "multiple-worktree" support that attempted to recover
   from an inconsistent state updated an incorrect file.

 * "git rev-list" does not take "--notes" option, but did not complain
   when one is given.

 * Because the configuration system does not allow "alias.0foo" and
   "pager.0foo" as the configuration key, the user cannot use '0foo'
   as a custom command name anyway, but "git 0foo" tried to look these
   keys up and emitted useless warnings before saying '0foo is not a
   git command'.  These warning messages have been squelched.

 * We recently rewrote one of the build scripts in Perl, which made it
   necessary to have Perl to build Git.  Reduced Perl dependency by
   rewriting it again using sed.

 * t1509 test that requires a dedicated VM environment had some
   bitrot, which has been corrected.

 * strbuf_read() used to have one extra iteration (and an unnecessary
   strbuf_grow() of 8kB), which was eliminated.

 * The codepath to produce error messages had a hard-coded limit to
   the size of the message, primarily to avoid memory allocation while
   calling die().

 * When trying to see that an object does not exist, a state errno
   leaked from our "first try to open a packfile with O_NOATIME and
   then if it fails retry without it" logic on a system that refuses
   O_NOATIME.  This confused us and caused us to die, saying that the
   packfile is unreadable, when we should have just reported that the
   object does not exist in that packfile to the caller.

 * An off-by-one error made "git remote" to mishandle a remote with a
   single letter nickname.

 * A handful of codepaths that used to use fixed-sized arrays to hold
   pathnames have been corrected to use strbuf and other mechanisms to
   allow longer pathnames without fearing overflows.

Also contains typofixes, documentation updates and trivial code
clean-ups.

----------------------------------------------------------------

Changes since v2.5.1 are as follows:

Andreas Schwab (1):
      Documentation/config: fix inconsistent label on gc.*.reflogExpireUnreachable

Christian Couder (3):
      trailer: ignore first line of message
      trailer: retitle a test and correct an in-comment message
      trailer: support multiline title

Clemens Buchacher (1):
      git_open_noatime: return with errno=0 on success

David Turner (1):
      commit: don't rewrite shared index unnecessarily

Eric Sunshine (1):
      generate-cmdlist: re-implement as shell script

Erik Elfström (1):
      t7300: fix broken && chains

Jeff King (9):
      vreportf: report to arbitrary filehandles
      vreportf: avoid intermediate buffer
      config: silence warnings for command names with invalid keys
      rev-list: make it obvious that we do not support notes
      log: diagnose empty HEAD more clearly
      verify_absent: allow filenames longer than PATH_MAX
      notes: use a strbuf in add_non_note
      read_info_alternates: handle paths larger than PATH_MAX
      show-branch: use a strbuf for reflog descriptions

Jim Hill (1):
      strbuf_read(): skip unnecessary strbuf_grow() at eof

Johannes Sixt (1):
      t2019: skip test requiring '*' in a file name non Windows

Junio C Hamano (5):
      ps_matched: xcalloc() takes nmemb and then element size
      Git 2.2.3
      Git 2.3.9
      Git 2.4.9
      Git 2.5.2

Michael Haggerty (4):
      get_remote_group(): handle remotes with single-character names
      get_remote_group(): rename local variable "space" to "wordlen"
      get_remote_group(): eliminate superfluous call to strcspn()
      get_remote_group(): use skip_prefix()

Nguyễn Thái Ngọc Duy (1):
      setup: update the right file in multiple checkouts

Patrick Steinhardt (2):
      tests: fix broken && chains in t1509-root-worktree
      tests: fix cleanup after tests in t1509-root-worktree

Philip Oakley (1):
      po/README: Update directions for l10n contributors

René Scharfe (3):
      t5004: test ZIP archives with many entries
      archive-zip: use a local variable to store the creator version
      archive-zip: support more than 65535 entries

SZEDER Gábor (2):
      t3020: fix typo in test description
      wt-status: move #include "pathspec.h" to the header

Sven Strickroth (1):
      config: close config file handle in case of error

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ