summaryrefslogtreecommitdiff
path: root/Documentation/RelNotes
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <gitster@pobox.com>2018-05-22 14:18:06 +0900
committerLibravatar Junio C Hamano <gitster@pobox.com>2018-05-22 14:18:06 +0900
commit023020401d21c8c48d7f0a123c7ff50888e101c7 (patch)
tree1529374ef1c5c8ca26804d1e212f0dfc75789e1d /Documentation/RelNotes
parentGit 2.16.3 (diff)
parentGit 2.15.2 (diff)
downloadtgif-023020401d21c8c48d7f0a123c7ff50888e101c7.tar.xz
Sync with Git 2.15.2
* maint-2.15: Git 2.15.2 Git 2.14.4 Git 2.13.7 verify_path: disallow symlinks in .gitmodules update-index: stat updated files earlier verify_dotfile: mention case-insensitivity in comment verify_path: drop clever fallthrough skip_prefix: add case-insensitive variant is_{hfs,ntfs}_dotgitmodules: add tests is_ntfs_dotgit: match other .git files is_hfs_dotgit: match other .git files is_ntfs_dotgit: use a size_t for traversing string submodule-config: verify submodule names as paths
Diffstat (limited to 'Documentation/RelNotes')
-rw-r--r--Documentation/RelNotes/2.13.7.txt20
-rw-r--r--Documentation/RelNotes/2.14.4.txt5
-rw-r--r--Documentation/RelNotes/2.15.2.txt3
3 files changed, 28 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.13.7.txt b/Documentation/RelNotes/2.13.7.txt
new file mode 100644
index 0000000000..09fc01406c
--- /dev/null
+++ b/Documentation/RelNotes/2.13.7.txt
@@ -0,0 +1,20 @@
+Git v2.13.7 Release Notes
+=========================
+
+Fixes since v2.13.6
+-------------------
+
+ * Submodule "names" come from the untrusted .gitmodules file, but we
+ blindly append them to $GIT_DIR/modules to create our on-disk repo
+ paths. This means you can do bad things by putting "../" into the
+ name. We now enforce some rules for submodule names which will cause
+ Git to ignore these malicious names (CVE-2018-11235).
+
+ Credit for finding this vulnerability and the proof of concept from
+ which the test script was adapted goes to Etienne Stalmans.
+
+ * It was possible to trick the code that sanity-checks paths on NTFS
+ into reading random piece of memory (CVE-2018-11233).
+
+Credit for fixing for these bugs goes to Jeff King, Johannes
+Schindelin and others.
diff --git a/Documentation/RelNotes/2.14.4.txt b/Documentation/RelNotes/2.14.4.txt
new file mode 100644
index 0000000000..97755a89d9
--- /dev/null
+++ b/Documentation/RelNotes/2.14.4.txt
@@ -0,0 +1,5 @@
+Git v2.14.4 Release Notes
+=========================
+
+This release is to forward-port the fixes made in the v2.13.7 version
+of Git. See its release notes for details.
diff --git a/Documentation/RelNotes/2.15.2.txt b/Documentation/RelNotes/2.15.2.txt
index 9f7e28f8a2..b480e56b68 100644
--- a/Documentation/RelNotes/2.15.2.txt
+++ b/Documentation/RelNotes/2.15.2.txt
@@ -43,5 +43,8 @@ Fixes since v2.15.1
* Clarify and enhance documentation for "merge-base --fork-point", as
it was clear what it computed but not why/what for.
+ * This release also contains the fixes made in the v2.13.7 version of
+ Git. See its release notes for details.
+
Also contains various documentation updates and code clean-ups.