Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: git-web | Distribution: openSUSE Tumbleweed |
Version: 2.51.1 | Vendor: openSUSE |
Release: 1.1 | Build date: Thu Oct 16 16:08:59 2025 |
Group: Development/Tools/Version Control | Build host: reproducible |
Size: 385400 | Source RPM: git-2.51.1-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://git-scm.com/ | |
Summary: Git Web Interface |
CGI script that allows browsing git repositories via web interface. The apache2 configuration contained in this package installs a virtual directory /git/ that calls the cgi script.
GPL-2.0-only
* Thu Oct 16 2025 Antonio Teixeira <antonio.teixeira@suse.com> - Update to 2.51.1: - Fixes since Git 2.51.0 * The "do you still use it?" message given by a command that is deeply deprecated and allow us to suggest alternatives has been updated. * The compatObjectFormat extension is used to hide an incomplete feature that is not yet usable for any purpose other than developing the feature further. Document it as such to discourage its use by mere mortals. * Manual page for "gitk" is updated with the current maintainer's name. * Update the instructions for using GGG in the MyFirstContribution document to say that a GitHub PR could be made against `git/git` instead of `gitgitgadget/git`. * Clang-format update to let our control macros be formatted the way we had them traditionally, e.g., "for_each_string_list_item()" without space before the parentheses. * A few places where a size_t value was cast to curl_off_t without checking has been updated to use the existing helper function. * The start_delayed_progress() function in the progress eye-candy API did not clear its internal state, making an initial delay value larger than 1 second ineffective, which has been corrected. * Makefile tried to run multiple "cargo build" which would not work very well; serialize their execution to work around this problem. * Adjust to the way newer versions of cURL selectively enable tracing options, so that our tests can continue to work. * During interactive rebase, using 'drop' on a merge commit led to an error, which has been corrected. * "git refs migrate" to migrate the reflog entries from a refs backend to another had a handful of bugs squashed. * "git push" had a code path that led to BUG() but it should have been a die(), as it is a response to a usual but invalid end-user action to attempt pushing an object that does not exist. * Various bugs about rename handling in "ort" merge strategy have been fixed. * "git diff --no-index" run inside a subdirectory under control of a Git repository operated at the top of the working tree and stripped the prefix from the output, and oddballs like "-" (stdin) did not work correctly because of it. Correct the set-up by undoing what the set-up sequence did to cwd and prefix. * Various options to "git diff" that make comparison ignore certain aspects of the differences (like "space changes are ignored", "differences in lines that match these regular expressions are ignored") did not work well with "--name-only" and friends. * Under a race against another process that is repacking the repository, especially a partially cloned one, "git fetch" may mistakenly think some objects we do have are missing, which has been corrected. * "git repack --path-walk" lost objects in some corner cases, which has been corrected. cf. <CABPp-BHFxxGrqKc0m==TjQNjDGdO=H5Rf6EFsf2nfE1=TuraOQ@mail.gmail.com> * Fixes multiple crashes around midx write-out codepaths. * A broken or malicious "git fetch" can say that it has the same object for many many times, and the upload-pack serving it can exhaust memory storing them redundantly, which has been corrected. * A corner case bug in "git log -L..." has been corrected. * Some among "git add -p" and friends ignored color.diff and/or color.ui configuration variables, which is an old regression, which has been corrected. * "git rebase -i" failed to clean-up the commit log message when the command commits the final one in a chain of "fixup" commands, which has been corrected. * Deal more gracefully with directory / file conflicts when the files backend is used for ref storage, by failing only the ones that are involved in the conflict while allowing others. * Wed Aug 20 2025 Antonio Teixeira <antonio.teixeira@suse.com> - Use zlib instead of zlib-ng for SLES16 * Mon Aug 18 2025 Marcus Rueckert <mrueckert@suse.de> - Update to 2.51.0 - UI, Workflows & Features - Userdiff patterns for the R language have been added. - Documentation for "git send-email" has been updated with a bit more credential helper and OAuth information. - "git cat-file --batch" learns to understand %(objectmode) atom to allow the caller to tell missing objects (due to repository corruption) and submodules (whose commit objects are OK to be missing) apart. - "git diff --no-index dirA dirB" can limit the comparison with pathspec at the end of the command line, just like normal "git diff". - "git subtree" (in contrib/) learned to grok GPG signing its commits. - "git whatchanged" that is longer to type than "git log --raw" which is its modern rough equivalent has outlived its usefulness more than 10 years ago. Plan to deprecate and remove it. - An interchange format for stash entries is defined, and subcommand of "git stash" to import/export has been added. - "git merge/pull" has been taught the "--compact-summary" option to use the compact-summary format, intead of diffstat, when showing the summary of the incoming changes. - "git imap-send" has been broken for a long time, which has been resurrected and then taught to talk OAuth2.0 etc. - Some error messages from "git imap-send" has been updated. - When "git daemon" sees a signal while attempting to accept() a new client, instead of retrying, it skipped it by mistake, which has been corrected. - The reftable ref backend has matured enough; Git 3.0 will make it the default format in a newly created repositories by default. - "netrc" credential helper has been improved to understand textual service names (like smtp) in addition to the numeric port numbers (like 25). - Lift the limitation to use changed-path filter in "git log" so that it can be used for a pathspec with multiple literal paths. - Clean up the way how signature on commit objects are exported to and imported from fast-import stream. - Remove unsupported, unused, and unsupportable old option from "git log". - Document recently added "git imap-send --list" with an example. - "git pull" learned to pay attention to pull.autostash configuration variable, which overrides rebase/merge.autostash. - "git for-each-ref" learns "--start-after" option to help applications that want to page its output. - "git switch" and "git restore" are declared to be no longer experimental. - "git -c alias.foo=bar foo -h baz" reported "'foo' is aliased to 'bar'" and then went on to run "git foo -h baz", which was unexpected. Tighten the rule so that alias expansion is reported only when "-h" is the sole option. - Performance, Internal Implementation, Development Support etc. - "git pack-objects" learned to find delta bases from blobs at the same path, using the --path-walk API. - CodingGuidelines update. - Add settings for Solaris 10 & 11. - Meson-based build/test framework now understands TAP output generated by our tests. - "Do not explicitly initialize to zero" rule has been clarified in the CodingGuidelines document. - A test helper "test_seq" function learned the "-f <fmt>" option, which allowed us to simplify a lot of test scripts. - A lot of stale stuff has been removed from the contrib/ hierarchy. - "git push" and "git fetch" are taught to update refs in batches to gain performance. - Some code paths in "git prune" used to ignore the passed-in repository object and used the `the_repository` singleton instance instead, which has been corrected. - Update ".clang-format" and ".editorconfig" to match our style guide a bit better. - "make coccicheck" succeeds even when spatch made suggestions, which has been updated to fail in such a case. - Code clean-up around object access API. - Define .precision to more canned parse-options type to avoid bugs coming from using a variable with a wrong type to capture the parsed values. - Flipping the default hash function to SHA-256 at Git 3.0 boundary is planned. - Declare weather-balloon we raised for "bool" type 18 months ago a success and officially allow using the type in our codebase. - GIT_TEST_INSTALLED was not honored in the recent topic related to SHA256 hashes, which has been corrected. - The pop_most_recent_commit() function can have quite expensive worst case performance characteristics, which has been optimized by using prio-queue data structure. - Move structure definition from unrelated header file to where it belongs. - To help our developers, document what C99 language features are being considered for adoption, in addition to what past experiments have already decided. - The reftable unit tests are now ported to the "clar" unit testing framework. - Redefine where the multi-pack-index sits in the object subsystem, which recently was restructured to allow multiple backends that support a single object source that belongs to one repository. A MIDX does span multiple "object sources". - Reduce implicit assumption and dependence on the_repository in the object-file subsystem. - Fixes since v2.50 Unless otherwise noted, all the changes in 2.50.X maintenance track, including security updates, are included in this release. - A memory-leak in an error code path has been plugged. (merge 7082da85cb ly/commit-graph-graph-write-leakfix later to maint). - A memory-leak in an error code path has been plugged. (merge aedebdb6b9 ly/fetch-pack-leakfix later to maint). - Some leftover references to documentation source files that no longer exist, due to recent ".txt" -> ".adoc" renaming, have been corrected. (merge 3717a5775a jw/doc-txt-to-adoc-refs later to maint). - "git stash -p <pathspec>" improvements. (merge 468817bab2 pw/stash-p-pathspec-fixes later to maint). - "git send-email" incremented its internal message counter when a message was edited, which made logic that treats the first message specially misbehave, which has been corrected. (merge 2cc27b3501 ag/send-email-edit-threading-fix later to maint). - "git stash" recorded a wrong branch name when submodules are present in the current checkout, which has been corrected. (merge ffb36c64f2 kj/stash-onbranch-submodule-fix later to maint). - When asking to apply mailmap to both author and committer field while showing a commit object, the field that appears later was not correctly parsed and replaced, which has been corrected. (merge abf94a283f sa/multi-mailmap-fix later to maint). - "git maintenance" lacked the care "git gc" had to avoid holding onto the repository lock for too long during packing refs, which has been remedied. (merge 1b5074e614 ps/maintenance-ref-lock later to maint). - Avoid regexp_constraint and instead use comparison_constraint when listing functions to exclude from application of coccinelle rules, as spatch can be built with different regexp engine X-<. (merge f2ad545813 jc/cocci-avoid-regexp-constraint later to maint). - Updating submodules from the upstream did not work well when submodule's HEAD is detached, which has been improved. (merge ca62f524c1 jk/submodule-remote-lookup-cleanup later to maint). - Remove unnecessary check from "git daemon" code. (merge 0c856224d2 cb/daemon-fd-check-fix later to maint). - Use of sysctl() system call to learn the total RAM size used on BSDs has been corrected. (merge 781c1cf571 cb/total-ram-bsd-fix later to maint). - Drop FreeBSD 4 support and declare that we support only FreeBSD 12 or later, which has memmem() supported. (merge 0392f976a7 bs/config-mak-freebsd later to maint). - A diff-filter with negative-only specification like "git log - -diff-filter=d" did not trigger correctly, which has been fixed. (merge 375ac087c5 jk/all-negative-diff-filter-fix later to maint). - A failure to open the index file for writing due to conflicting access did not state what went wrong, which has been corrected. (merge 9455397a5c hy/read-cache-lock-error-fix later to maint). - Tempfile removal fix in the codepath to sign commits with SSH keys. (merge 4498127b04 re/ssh-sign-buffer-fix later to maint). - Code and test clean-up around string-list API. (merge 6e5b26c3ff sj/string-list later to maint). - "git apply -N" should start from the current index and register only new files, but it instead started from an empty index, which has been corrected. (merge 2b49d97fcb rp/apply-intent-to-add-fix later to maint). - Leakfix with a new and a bit invasive test on pack-bitmap files. (merge bfd5522e98 ly/load-bitmap-leakfix later to maint). - "git fetch --prune" used to be O(n^2) expensive when there are many refs, which has been corrected. (merge 87d8d8c5d0 ph/fetch-prune-optim later to maint). - When a ref creation at refs/heads/foo/bar fails, the files backend now removes refs/heads/foo/ if the directory is otherwise not used. (merge a3a7f20516 ps/refs-files-remove-empty-parent later to maint). - "pack-objects" has been taught to avoid pointing into objects in cruft packs from midx. - "git remote" now detects remote names that overlap with each other (e.g., remote nickname "outer" and "outer/inner" are used at the same time), as it will lead to overlapping remote-tracking branches. (merge a5a727c448 jk/remote-avoid-overlapping-names later to maint). - The gpg.program configuration variable, which names a pathname to the (custom) GPG compatible program, can now be spelled with ~tilde expansion. (merge 7d275cd5c0 jb/gpg-program-variable-is-a-pathname later to maint). - Our <sane-ctype.h> header file relied on that the system-supplied <ctype.h> header is not later included, which would override our macro definitions, but "amazon linux" broke this assumption. Fix this by preemptively including <ctype.h> near the beginning of <sane-ctype.h> ourselves. (merge 9d3b33125f ps/sane-ctype-workaround later to maint). - Clean-up compat/bswap.h mess. (merge f4ac32c03a ss/compat-bswap-revamp later to maint). - Meson-based build did not handle libexecdir setting correctly, which has been corrected. (merge 056dbe8612 rj/meson-libexecdir-fix later to maint). - Document that we do not require "real" name when signing your patches off. (merge 1f0fed312a bc/contribution-under-non-real-names later to maint). - "git commit" that concludes a conflicted merge failed to notice and remove existing comment added automatically (like "# Conflicts:") when the core.commentstring is set to 'auto'. (merge 92b7c7c9f5 ac/auto-comment-char-fix later to maint). - "git rebase -i" with bogus rebase.instructionFormat configuration failed to produce the todo file after recording the state files, leading to confused "git status"; this has been corrected. (merge ade14bffd7 ow/rebase-verify-insn-fmt-before-initializing-state later to maint). - A few file descriptors left unclosed upon program completion in a few test helper programs are now closed. (merge 0f1b33815b hl/test-helper-fd-close later to maint). - Interactive prompt code did not correctly strip CRLF from the end of line on Windows. (merge 711a20827b js/prompt-crlf-fix later to maint). - The config API had a set of convenience wrapper functions that implicitly use the_repository instance; they have been removed and inlined at the calling sites. - "git add/etc -p" now honor the diff.context configuration variable, and also they learn to honor the -U<n> command-line option. (merge 2b3ae04011 lm/add-p-context later to maint). - The case where a new submodule takes a path where there used to be a completely different subproject is now dealt with a bit better than before. (merge 5ed8c5b465 kj/renamed-submodule later to maint). - The deflate codepath in "git archive --format=zip" had a longstanding bug coming from misuse of zlib API, which has been corrected. - drop patches included in update: 0001-git-gui-Replace-null_sha1-with-nullid.patch 0001-gitk-Add-support-of-SHA256-repo.patch 0002-git-gui-Add-support-of-SHA256-repo.patch - refreshed patches: CVE-2024-24577.patch completion-wordbreaks.diff git-tcsh-completion-fixes.diff setup-don-t-fail-if-commondir-reference-is-deleted.patch - contrib/workdir is dropped. remove references for it. * Tue Jul 15 2025 Takashi Iwai <tiwai@suse.com> - update git-gui sha256 patches after the upstream review: 0001-git-gui-Replace-null_sha1-with-nullid.patch 0002-git-gui-Add-support-of-SHA256-repo.patch * Wed Jul 09 2025 Marcus Rueckert <mrueckert@suse.de> - refreshed gitk sha256 patches: 0001-gitk-Add-support-of-SHA256-repo.patch 0002-git-gui-Add-support-of-SHA256-repo.patch * Wed Jul 09 2025 Marcus Rueckert <mrueckert@suse.de> - update to 2.50.1 (boo#1245938 boo#1245939 boo#1245942 boo#1245943 boo#1245946 boo#1245947) Security fixes for CVE-2025-27613, CVE-2025-27614, CVE-2025-46334, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385, and CVE-2025-48386 CVE-2025-27613, Gitk: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of the option being enabled or not. CVE-2025-27614, Gitk: A Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure. CVE-2025-46334, Git GUI (Windows only): A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects "Git Bash" or "Browse Files" from the menu. CVE-2025-46835, Git GUI: When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file. CVE-2025-48384, Git: When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. CVE-2025-48385, Git: When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. CVE-2025-48386, Git: The wincred credential helper uses a static buffer (`target`) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with `wcsncat()`, leading to potential buffer overflows. * Thu Jun 26 2025 Takashi Iwai <tiwai@suse.com> - Fix git-gui citool SHA256 repo handling: refreshed 0002-git-gui-Add-support-of-SHA256-repo.patch * Tue Jun 17 2025 Marcus Rueckert <mrueckert@suse.de> - update to 2.50.0 https://about.gitlab.com/blog/what-s-new-in-git-2-50-0/ https://raw.githubusercontent.com/git/git/refs/tags/v2.50.0/Documentation/RelNotes/2.50.0.adoc * Fri Jun 13 2025 Takashi Iwai <tiwai@suse.com> - Refresh gitk SHA256 patch and add SHA256 support to git-gui (bsc#1239989): 0001-gitk-Add-support-of-SHA256-repo.patch 0002-git-gui-Add-support-of-SHA256-repo.patch The previous patches are dropped: 0001-gitk-Add-a-basic-support-of-SHA256-repositories-into.patch 0002-gitk-Add-auto-select-length-preference-for-SHA256.patch * Mon Mar 24 2025 Takashi Iwai <tiwai@suse.com> - Add support of SHA256 git repo for gitk (bsc#1239989): 0001-gitk-Add-a-basic-support-of-SHA256-repositories-into.patch 0002-gitk-Add-auto-select-length-preference-for-SHA256.patch * Fri Mar 14 2025 Marcus Rueckert <mrueckert@suse.de> - update to 2.49.0 https://about.gitlab.com/blog/2025/03/14/whats-new-in-git-2-49-0/ https://raw.githubusercontent.com/git/git/refs/tags/v2.49.0/Documentation/RelNotes/2.49.0.adoc - switch to zlib-ng for code 16 - docs switched to asciidoc * Tue Jan 14 2025 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.48.1: (boo#1235600 boo#1235601) * CVE-2024-50349, CVE-2024-52006: refuse to accept URLs that contain control sequences * Mon Jan 13 2025 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.48.0 * Reference consistency checks: git refs verify * Reflogs can now be migrated with git refs migrate * git is free of memory leaks as covered by the test suite * Performance improvements * Other improvements, UI changes, options extensions and largely compatible behavior changes as listed in https://raw.githubusercontent.com/git/git/refs/tags/v2.48.0/Documentation/RelNotes/2.48.0.txt * Mon Nov 25 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.47.1: * Use after free and double freeing at the end in "git log -L... -p" had been identified and fixed. * "git maintenance start" crashed due to an uninitialized variable reference, which has been corrected. * Fail gracefully instead of crashing when attempting to write the contents of a corrupt in-core index as a tree object. * A "git fetch" from the superproject going down to a submodule used a wrong remote when the default remote names are set differently between them. * The "gitk" project tree has been synchronized again * Wed Oct 09 2024 Dirk Müller <dmueller@suse.com> - update to 2.47.0: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.txt * Many Porcelain commands that internally use the merge machinery were taught to consistently honor the diff.algorithm configuration. * A few descriptions in "git show-ref -h" have been clarified. * A 'P' command to "git add -p" that passes the patch hunk to the pager has been added. * "git grep -W" omits blank lines that follow the found function at the end of the file, just like it omits blank lines before the next function. * The value of http.proxy can have "path" at the end for a socks proxy that listens to a unix-domain socket, but we started to discard it when we taught proxy auth code path to use the credential helpers, which has been corrected. * The code paths to compact multiple reftable files have been updated to correctly deal with multiple compaction triggering at the same time. * Support to specify ref backend for submodules has been enhanced. * "git svn" has been taught about svn:global-ignores property recent versions of Subversion has. * The default object hash and ref backend format used to be settable only with explicit command line option to "git init" and environment variables, but now they can be configured in the user's global and system wide configuration. * "git send-email" learned "--translate-aliases" option that reads addresses from the standard input and emits the result of applying aliases on them to the standard output. * 'git for-each-ref' learned a new "--format" atom to find the branch that the history leading to a given commit "%(is-base:<commit>)" is likely based on. * The command line prompt support used to be littered with bash-isms, which has been corrected to work with more shells. * Support for the RUNTIME_PREFIX feature has been added to z/OS port. * "git send-email" learned "--mailmap" option to allow rewriting the recipient addresses. * "git mergetool" learned to use VSCode as a merge backend. * "git pack-redundant" has been marked for removal in Git 3.0. * One-line messages to "die" and other helper functions will get LF added by these helper functions, but many existing messages had an unnecessary LF at the end, which have been corrected. * The "scalar clone" command learned the "--no-tags" option. * The environment GIT_ADVICE has been intentionally kept undocumented to discourage its use by interactive users. Add documentation to help tool writers. * "git apply --3way" learned to take "--ours" and other options. * Mon Oct 07 2024 Antonio Teixeira <antonio.teixeira@suse.com> - Update to version 2.46.2: * Revert the "git patch-id" change that went into 2.46.1, as it seems to have got a regression reported (I haven't verified, but it is better to keep a known breakage than adding an unintended regression). * In a few corner cases "git diff --exit-code" failed to report "changes" (e.g., renamed without any content change), which has been corrected. * The interpret-trailers command failed to recognise the end of the message when the commit log ends in an incomplete line. * Fri Sep 20 2024 Dominique Leuenberger <dimstar@opensuse.org> - Update to version 2.46.1; * "git checkout --ours" (no other arguments) complained that the option is incompatible with branch switching, which is technically correct, but found confusing by some users. It now says that the user needs to give pathspec to specify what paths to checkout. * It has been documented that we avoid "VAR=VAL shell_func" and why. * "git add -p" by users with diff.suppressBlankEmpty set to true failed to parse the patch that represents an unmodified empty line with an empty line (not a line with a single space on it), which has been corrected. * "git rebase --help" referred to "offset" (the difference between the location a change was taken from and the change gets replaced) incorrectly and called it "fuzz", which has been corrected. * "git notes add -m '' --allow-empty" and friends that take prepared data to create notes should not invoke an editor, but it started doing so since Git 2.42, which has been corrected. * An expensive operation to prepare tracing was done in re-encoding code path even when the tracing was not requested, which has been corrected. * Perforce tests have been updated. * The credential helper to talk to OSX keychain sometimes sent garbage bytes after the username, which has been corrected. * A recent update broke "git ls-remote" used outside a repository, which has been corrected. * "git config --value=foo --fixed-value section.key newvalue" barfed when the existing value in the configuration file used the valueless true syntax, which has been corrected. * "git reflog expire" failed to honor annotated tags when computing reachable commits. * A flakey test and incorrect calls to strtoX() functions have been fixed. * Follow-up on 2.45.1 regression fix. * "git rev-list ... | git diff-tree -p --remerge-diff --stdin" should behave more or less like "git log -p --remerge-diff" but instead it crashed, forgetting to prepare a temporary object store needed. * The patch parser in "git patch-id" has been tightened to avoid getting confused by lines that look like a patch header in the log message. * "git bundle unbundle" outside a repository triggered a BUG() unnecessarily, which has been corrected. * The code forgot to discard unnecessary in-core commit buffer data for commits that "git log --skip=<number>" traversed but omitted from the output, which has been corrected. * "git verify-pack" and "git index-pack" started dying outside a repository, which has been corrected. * A corner case bug in "git stash" was fixed. * Wed Aug 28 2024 Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com> - Change less requirement to path to allow for use with BusyBox * Tue Jul 30 2024 Marcus Rueckert <mrueckert@suse.de> - update to 2.46.0 UI, Workflows & Features * The "--rfc" option of "git format-patch" learned to take an optional string value to be used in place of "RFC" to tweak the "[PATCH]" on the subject header. * The credential helper protocol, together with the HTTP layer, have been enhanced to support authentication schemes different from username & password pair, like Bearer and NTLM. * Command line completion script (in contrib/) learned to complete "git symbolic-ref" a bit better (you need to enable plumbing commands to be completed with GIT_COMPLETION_SHOW_ALL_COMMANDS). * When the user responds to a prompt given by "git add -p" with an unsupported command, list of available commands were given, which was too much if the user knew what they wanted to type but merely made a typo. Now the user gets a much shorter error message. * The color parsing code learned to handle 12-bit RGB colors, spelled as "#RGB" (in addition to "#RRGGBB" that is already supported). * The operation mode options (like "--get") the "git config" command uses have been deprecated and replaced with subcommands (like "git config get"). * "git tag" learned the "--trailer" option to futz with the trailers in the same way as "git commit" does. * A new global "--no-advice" option can be used to disable all advice messages, which is meant to be used only in scripts. * Updates to symbolic refs can now be made as a part of ref transaction. * The trailer API has been reshuffled a bit. * Terminology to call various ref-like things are getting straightened out. * The command line completion script (in contrib/) has been adjusted to the recent update to "git config" that adopted subcommand based UI. * The knobs to tweak how reftable files are written have been made available as configuration variables. * When "git push" notices that the commit at the tip of the ref on the other side it is about to overwrite does not exist locally, it used to first try fetching it if the local repository is a partial clone. The command has been taught not to do so and immediately fail instead. * The promisor.quiet configuration knob can be set to true to make lazy fetching from promisor remotes silent. * The inter/range-diff output has been moved to the end of the patch when format-patch adds it to a single patch, instead of writing it before the patch text, to be consistent with what is done for a cover letter for a multi-patch series. * A new command has been added to migrate a repository that uses the files backend for its ref storage to use the reftable backend, with limitations. * "git diff --exit-code --ext-diff" learned to take the exit status of the external diff driver into account when deciding the exit status of the overall "git diff" invocation when configured to do so. * "git update-ref --stdin" learned to handle transactional updates of symbolic-refs. * "git format-patch --interdiff" for multi-patch series learned to turn on cover letters automatically (unless told never to enable cover letter with "--no-cover-letter" and such). * The "--heads" option of "ls-remote" and "show-ref" has been been deprecated; "--branches" replaces "--heads". * For over a year, setting add.interactive.useBuiltin configuration variable did nothing but giving a "this does not do anything" warning. The warning has been removed. * The http transport can now be told to send request with authentication material without first getting a 401 response. * A handful of entries are added to the GitFAQ document. * "git var GIT_SHELL_PATH" should report the path to the shell used to spawn external commands, but it didn't do so on Windows, which has been corrected. Performance, Internal Implementation, Development Support etc. * Advertise "git contacts", a tool for newcomers to find people to ask review for their patches, a bit more in our developer documentation. * In addition to building the objects needed, try to link the objects that are used in fuzzer tests, to make sure at least they build without bitrot, in Linux CI runs. * Code to write out reftable has seen some optimization and simplification. * Tests to ensure interoperability between reftable written by jgit and our code have been added and enabled in CI. * The singleton index_state instance "the_index" has been eliminated by always instantiating "the_repository" and replacing references to "the_index" with references to its .index member. * Git-GUI has a new maintainer, Johannes Sixt. * The "test-tool" has been taught to run testsuite tests in parallel, bypassing the need to use the "prove" tool. * The "whitespace check" task that was enabled for GitHub Actions CI has been ported to GitLab CI. * The refs API lost functions that implicitly assumes to work on the primary ref_store by forcing the callers to pass a ref_store as an argument. * Code clean-up to reduce inter-function communication inside builtin/config.c done via the use of global variables. * The pack bitmap code saw some clean-up to prepare for a follow-up topic. * Preliminary code clean-up for "git send-email". * The default "creation-factor" used by "git format-patch" has been raised to make it more aggressively find matching commits. * Before discovering the repository details, We used to assume SHA-1 as the "default" hash function, which has been corrected. Hopefully this will smoke out codepaths that rely on such an unwarranted assumptions. * The project decision making policy has been documented. * The strcmp-offset tests have been rewritten using the unit test framework. * "git add -p" learned to complain when an answer with more than one letter is given to a prompt that expects a single letter answer. * The alias-expanded command lines are logged to the trace output. * A new test was added to ensure git commands that are designed to run outside repositories do work. * A few tests in reftable library have been rewritten using the unit test framework. * A pair of test helpers that essentially are unit tests on hash algorithms have been rewritten using the unit-tests framework. * A test helper that essentially is unit tests on the "decorate" logic has been rewritten using the unit-tests framework. * Many memory leaks in the sparse-checkout code paths have been plugged. * "make check-docs" noticed problems and reported to its output but failed to signal its findings with its exit status, which has been corrected. * Building with "-Werror -Wwrite-strings" is now supported. * To help developers, the build procedure now allows builders to use CFLAGS_APPEND to specify additional CFLAGS. * "oidtree" tests were rewritten to use the unit test framework. * The structure of the document that records longer-term project decisions to deprecate/remove/update various behaviour has been outlined. * The pseudo-merge reachability bitmap to help more efficient storage of the reachability bitmap in a repository with too many refs has been added. * When "git merge" sees that the index cannot be refreshed (e.g. due to another process doing the same in the background), it died but after writing MERGE_HEAD etc. files, which was useless for the purpose to recover from the failure. * The output from "git cat-file --batch-check" and "--batch-command (info)" should not be unbuffered, for which some tests have been added. * A CPP macro USE_THE_REPOSITORY_VARIABLE is introduced to help transition the codebase to rely less on the availability of the singleton the_repository instance. * "git version --build-options" reports the version information of OpenSSL and other libraries (if used) in the build. * Memory ownership rules for the in-core representation of remote.*.url configuration values have been straightened out, which resulted in a few leak fixes and code clarification. * When bundleURI interface fetches multiple bundles, Git failed to take full advantage of all bundles and ended up slurping duplicated objects, which has been corrected. * The code to deal with modified paths that are out-of-cone in a sparsely checked out working tree has been optimized. * An existing test of oidmap API has been rewritten with the unit-test framework. * The "ort" merge backend saw one bugfix for a crash that happens when inner merge gets killed, and assorted code clean-ups. * A new warning message is issued when a command has to expand a sparse index to handle working tree cruft that are outside of the sparse checkout. * The test framework learned to take the test body not as a single string but as a here-document. * "git push '' HEAD:there" used to hit a BUG(); it has been corrected to die with "fatal: bad repository ''". * What happens when http.cookieFile gets the special value "" has been clarified in the documentation. Fixes * "git rebase --signoff" used to forget that it needs to add a sign-off to the resulting commit when told to continue after a conflict stops its operation. * The procedure to build multi-pack-index got confused by the replace-refs mechanism, which has been corrected by disabling the latter. * The "-k" and "--rfc" options of "format-patch" will now error out when used together, as one tells us not to add anything to the title of the commit, and the other one tells us to add "RFC" in addition to "PATCH". * "git stash -S" did not handle binary files correctly, which has been corrected. * A scheduled "git maintenance" job is expected to work on all repositories it knows about, but it stopped at the first one that errored out. Now it keeps going. * zsh can pretend to be a normal shell pretty well except for some glitches that we tickle in some of our scripts. Work them around so that "vimdiff" and our test suite works well enough with it. * Command line completion support for zsh (in contrib/) has been updated to stop exposing internal state to end-user shell interaction. * Tests that try to corrupt in-repository files in chunked format did not work well on macOS due to its broken "mv", which has been worked around. * The maximum size of attribute files is enforced more consistently. * Unbreak CI jobs so that we do not attempt to use Python 2 that has been removed from the platform. * Git 2.43 started using the tree of HEAD as the source of attributes in a bare repository, which has severe performance implications. For now, revert the change, without ripping out a more explicit support for the attr.tree configuration variable. * The "--exit-code" option of "git diff" command learned to work with the "--ext-diff" option. * Windows CI running in GitHub Actions started complaining about the order of arguments given to calloc(); the imported regex code uses the wrong order almost consistently, which has been corrected. * Expose "name conflict" error when a ref creation fails due to D/F conflict in the ref namespace, to improve an error message given by "git fetch". (merge 9339fca23e it/refs-name-conflict later to maint). * The SubmittingPatches document now refers folks to manpages translation project. * The documentation for "git diff --name-only" has been clarified that it is about showing the names in the post-image tree. * The credential helper that talks with osx keychain learned to avoid storing back the authentication material it just got received from the keychain. (merge e1ab45b2da kn/osxkeychain-skip-idempotent-store later to maint). * The chainlint script (invoked during "make test") did nothing when it failed to detect the number of available CPUs. It now falls back to 1 CPU to avoid the problem. * Revert overly aggressive "layered defence" that went into 2.45.1 and friends, which broke "git-lfs", "git-annex", and other use cases, so that we can rebuild necessary counterparts in the open. * "git init" in an already created directory, when the user configuration has includeif.onbranch, started to fail recently, which has been corrected. * Memory leaks in "git mv" has been plugged. * The safe.directory configuration knob has been updated to optionally allow leading path matches. * An overly large ".gitignore" files are now rejected silently. * Upon expiration event, the credential subsystem forgot to clear in-core authentication material other than password (whose support was added recently), which has been corrected. * Fix for an embarrassing typo that prevented Python2 tests from running anywhere. * Varargs functions that are unannotated as printf-like or execl-like have been annotated as such. * "git am" has a safety feature to prevent it from starting a new session when there already is a session going. It reliably triggers when a mbox is given on the command line, but it has to rely on the tty-ness of the standard input. Add an explicit way to opt out of this safety with a command line option. (merge 62c71ace44 jk/am-retry later to maint). * A leak in "git imap-send" that somehow escapes LSan has been plugged. * Setting core.abbrev too early before the repository set-up (typically in "git clone") caused segfault, which as been corrected. * When the user adds to "git rebase -i" instruction to "pick" a merge commit, the error experience is not pleasant. Such an error is now caught earlier in the process that parses the todo list. * We forgot to normalize the result of getcwd() to NFC on macOS where all other paths are normalized, which has been corrected. This still does not address the case where core.precomposeUnicode configuration is not defined globally. * Earlier we stopped using the tree of HEAD as the default source of attributes in a bare repository, but failed to document it. This has been corrected. * "git update-server-info" and "git commit-graph --write" have been updated to use the tempfile API to avoid leaving cruft after failing. * An unused extern declaration for mingw has been removed to prevent it from causing build failure. * A helper function shared between two tests had a copy-paste bug, which has been corrected. * "git fetch-pack -k -k" without passing "--lock-pack" (which we never do ourselves) did not work at all, which has been corrected. * CI job to build minimum fuzzers learned to pass NO_CURL=NoThanks to the build procedure, as its build environment does not offer, or the rest of the build needs, anything cURL. (merge 4e66b5a990 jc/fuzz-sans-curl later to maint). * "git diff --no-ext-diff" when diff.external is configured ignored the "--color-moved" option. (merge 0f4b0d4cf0 rs/diff-color-moved-w-no-ext-diff-fix later to maint). * "git archive --add-virtual-file=<path>:<contents>" never paid attention to the --prefix=<prefix> option but the documentation said it would. The documentation has been corrected. (merge 72c282098d jc/archive-prefix-with-add-virtual-file later to maint). * When GIT_PAGER failed to spawn, depending on the code path taken, we failed immediately (correct) or just spew the payload to the standard output (incorrect). The code now always fail immediately when GIT_PAGER fails. (merge 78f0a5d187 rj/pager-die-upon-exec-failure later to maint). * date parser updates to be more careful about underflowing epoch based timestamp. (merge 9d69789770 db/date-underflow-fix later to maint). * The Bloom filter used for path limited history traversal was broken on systems whose "char" is unsigned; update the implementation and bump the format version to 2. (merge 9c8a9ec787 tb/path-filter-fix later to maint). * Typofix. (merge 231cf7370e as/pathspec-h-typofix later to maint). * Code clean-up. (merge 4b837f821e rs/simplify-submodule-helper-super-prefix-invocation later to maint). * "git describe --dirty --broken" forgot to refresh the index before seeing if there is any chang, ("git describe --dirty" correctly did so), which has been corrected. (merge b8ae42e292 as/describe-broken-refresh-index-fix later to maint). * Test suite has been taught not to unnecessarily rely on DNS failing a bogus external name. (merge 407cdbd271 jk/tests-without-dns later to maint). * GitWeb update to use committer date consistently in rss/atom feeds. (merge cf6ead095b am/gitweb-feed-use-committer-date later to maint). * Custom control structures we invented more recently have been taught to the clang-format file. (merge 1457dff9be rs/clang-format-updates later to maint). * Developer build procedure fix. (merge df32729866 tb/dev-build-pedantic-fix later to maint). * "git push" that pushes only deletion gave an unnecessary and harmless error message when push negotiation is configured, which has been corrected. (merge 4d8ee0317f jc/disable-push-nego-for-deletion later to maint). * Address-looking strings found on the trailer are now placed on the Cc: list after running through sanitize_address by "git send-email". (merge c852531f45 cb/send-email-sanitize-trailer-addresses later to maint). * Tests that use GIT_TEST_SANITIZE_LEAK_LOG feature got their exit status inverted, which has been corrected. (merge 8c1d6691bc rj/test-sanitize-leak-log-fix later to maint). * The http.cookieFile and http.saveCookies configuration variables have a few values that need to be avoided, which are now ignored with warning messages. (merge 4f5822076f jc/http-cookiefile later to maint). * Repacking a repository with multi-pack index started making stupid pack selections in Git 2.45, which has been corrected. (merge 8fb6d11fad ds/midx-write-repack-fix later to maint). * Fix documentation mark-up regression in 2.45. (merge 6474da0aa4 ja/doc-markup-updates-fix later to maint). * Work around asciidoctor's css that renders `monospace` material in the SYNOPSIS section of manual pages as block elements. (merge d44ce6ddd5 js/doc-markup-updates-fix later to maint). * Other code cleanup, docfix, build fix, etc. (merge 493fdae046 ew/object-convert-leakfix later to maint). (merge 00f3661a0a ss/doc-eol-attr-fix later to maint). (merge 428c40da61 ri/doc-show-branch-fix later to maint). (merge 58696bfcaa jc/where-is-bash-for-ci later to maint). (merge 616e94ca24 tb/doc-max-tree-depth-fix later to maint). * Thu Jul 18 2024 Antonio Teixeira <antonio.teixeira@suse.com> - Add CVE-2024-24577.patch * CVE-2024-24577: arbitrary code execution due to heap corruption in git_index_add (boo#1219660) * Fri May 31 2024 Matej Cepl <mcepl@cepl.eu> - Compat stub for %python3_fix_shebang_path * Fri May 31 2024 Marcus Rueckert <mrueckert@suse.de> - only call the %python3_fix_shebang_path if it is actually defined. This fixes the build on 15.x * Fri May 31 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.45.2: * Revert "defense in depth" fixes from 2.45.1 broke 'git lfs' and 'git annex' * Mon May 27 2024 Matej Cepl <mcepl@cepl.eu> - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] * Tue May 14 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.45.1: * CVE-2024-32002: recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (boo#1224168) * CVE-2024-32004: arbitrary code execution during local clones (boo#1224170) * CVE-2024-32020: file overwriting vulnerability during local clones (boo#1224171) * CVE-2024-32021: git may create hardlinks to arbitrary user- readable files (boo#1224172) * CVE-2024-32465: arbitrary code execution during clone operations (boo#1224173) * Wed May 01 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.45.0: * Improved efficiency managing repositories with many references ("git init --ref-format=reftable") * "git checkout -p" and friends learned that that "@" is a synonym for "HEAD" * cli improvements handling refs * Expanded a number of commands and options, UI improvements * status.showUntrackedFiles now accepts "true" * git-cherry-pick(1) now automatically drops redundant commits with new --empty option * The userdiff patterns for C# has been updated. * Sun Feb 25 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.44.0: * "git checkout -B <branch>" now longer allows switching to a branch that is in use on another worktree. The users need to use "--ignore-other-worktrees" option. * Faster server-side rebases with git replay * Faster pack generation with multi-pack reuse * rebase auto-squashing now works in non-interactive mode * pathspec now understands attr, e.g. ':(attr:~binary) for selecting non-binaries, or builtin_objectmode for selecting items by file mode or other properties * Many other cli UI and internal improvements and extensions * Tue Feb 20 2024 Danilo Spinella <danilo.spinella@suse.com> - Do not replace apparmor configuration, fixes bsc#1216545 * Thu Feb 15 2024 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.43.2: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.txt * Update to a new feature recently added, "git show-ref --exists". * Rename detection logic ignored the final line of a file if it is an incomplete line. * "git diff --no-rename A B" did not disable rename detection but did not trigger an error from the command line parser. * "git diff --no-index file1 file2" segfaulted while invoking the external diff driver, which has been corrected. * A failed "git tag -s" did not necessarily result in an error depending on the crypto backend, which has been corrected. * "git stash" sometimes was silent even when it failed due to unwritable index file, which has been corrected. * Recent conversion to allow more than 0/1 in GIT_FLUSH broke the mechanism by flipping what yes/no means by mistake, which has been corrected. * Mon Feb 12 2024 Dirk Müller <dmueller@suse.com> - update to 2.43.1: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.txt * Tue Jan 09 2024 Christian Boltz <suse-beta@cboltz.de> - gitweb AppArmor profile: allow reading etc/gitweb-common.conf (boo#1218664) * Mon Jan 08 2024 Christian Boltz <suse-beta@cboltz.de> - git moved to /usr/libexec/git/git, update AppArmor profile accordingly (boo#1218588) * Tue Nov 21 2023 Dirk Müller <dmueller@suse.com> - update to 2.43.0: * The "--rfc" option of "git format-patch" used to be a valid way to override an earlier "--subject-prefix=<something>" on the command line and replace it with "[RFC PATCH]", but from this release, it merely prefixes the string "RFC " in front of the given subject prefix. If you are negatively affected by this change, please use "--subject-prefix=PATCH --rfc" as a replacement. * In Git 2.42, "git rev-list --stdin" learned to take non-revisions (like "--not") from the standard input, but the way such a "--not" was handled was quite confusing, which has been rethought. The updated rule is that "--not" given from the command line only affects revs given from the command line that comes but not revs read from the standard input, and "--not" read from the standard input affects revs given from the standard input and not revs given from the command line. * A message written in olden time prevented a branch from getting checked out, saying it is already checked out elsewhere. But these days, we treat a branch that is being bisected or rebased just like a branch that is checked out and protect it from getting modified with the same codepath. The message has been rephrased to say that the branch is "in use" to avoid confusion. * Hourly and other schedules of "git maintenance" jobs are randomly distributed now. * "git cmd -h" learned to signal which options can be negated by listing such options like "--[no-]opt". * The way authentication related data other than passwords (e.g., oauth token and password expiration data) are stored in libsecret keyrings has been rethought. * Update the libsecret and wincred credential helpers to correctly match which credential to erase; they erased the wrong entry in some cases. * Git GUI updates. * "git format-patch" learned a new "--description-file" option that lets cover letter description to be fed; this can be used on detached HEAD where there is no branch description available, and also can override the branch description if there is one. * Use of the "--max-pack-size" option to allow multiple packfiles to be created is now supported even when we are sending unreachable objects to cruft packs. * "git format-patch --rfc --subject-prefix=<foo>" used to ignore the "--subject-prefix" option and used "[RFC PATCH]"; now we will add "RFC" prefix to whatever subject prefix is specified. * "git log --format" has been taught the %(decorate) placeholder for further customization over what the "--decorate" option offers. * The default log message created by "git revert", when reverting a commit that records a revert, has been tweaked, to encourage people to describe complex "revert of revert of revert" situations better in their own words. * The command-line completion support (in contrib/) learned to complete "git commit --trailer=" for possible trailer keys. * "git update-index" learned the "--show-index-version" option to inspect the index format version used by the on-disk index file. * "git diff" learned the "diff.statNameWidth" configuration variable, to give the default width for the name part in the "--stat" output. * "git range-diff --notes=foo" compared "log --notes=foo --notes" of the two ranges, instead of using just the specified notes tree, which has been corrected to use only the specified notes tree. * The command line completion script (in contrib/) can be told to complete aliases by including ": git <cmd> ;" in the alias to tell it that the alias should be completed in a similar way to how "git <cmd>" is completed. The parsing code for the alias has been loosened to allow ';' without an extra space before it. * "git for-each-ref" and friends learned to apply mailmap to authorname and other fields in a more flexible way than using separate placeholder letters like %a[eElL] every time we want to come up with small variants. * "git repack" machinery learned to pay attention to the "--filter=" option. * "git repack" learned the "--max-cruft-size" option to prevent cruft packs from growing without bounds. * "git merge-tree" learned to take strategy backend specific options via the "-X" option, like "git merge" does. * "git log" and friends learned the "--dd" option that is a short-hand for "--diff-merges=first-parent -p". * The attribute subsystem learned to honor the "attr.tree" configuration variable that specifies which tree to read the .gitattributes files from. * "git merge-file" learns a mode to read three variants of the contents to be merged from blob objects. * see https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.0.txt * Sat Nov 04 2023 Andreas Stieger <andreas.stieger@gmx.de> - git 2.42.1: * The usual number of bug fixes, including * Fix "git diff" exit code handling * Various fixes to the behavior of "rebase -i" when the command got interrupted by conflicting changes * Mon Oct 23 2023 Michal Suchanek <msuchanek@suse.com> - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). * Mon Oct 23 2023 Christian Boltz <suse-beta@cboltz.de> - gitweb.cgi AppArmor profile - make the profile a named profile - add local/ include to make custom additions easier * Fri Sep 22 2023 Michal Suchanek <msuchanek@suse.com> - Downgrade openssh dependency to recommends (bsc#1215533) * Wed Aug 23 2023 Andreas Stieger <andreas.stieger@gmx.de> - git 2.42.0: * "git pack-refs" learns "--include" and "--exclude" to tweak the ref hierarchy to be packed using pattern matching. * 'git worktree add' learned how to create a worktree based on an orphaned branch with `--orphan`. * "git pack-objects" learned to invoke a new hook program that enumerates extra objects to be used as anchoring points to keep otherwise unreachable objects in cruft packs. * Add more "git var" for toolsmiths to learn various locations Git is configured with either via the configuration or hard-coded defaults. * 'git notes append' was taught '--separator' to specify string to insert between paragraphs. * The "git for-each-ref" family of commands learned placeholders related to GPG signature verification. * "git diff --no-index" learned to read from named pipes as if they were regular files, to allow "git diff <(process) <(substitution)" some shells support. * Help newbies by suggesting that there are cases where force-pushing is a valid and sensible thing to update a branch at a remote repository, rather than reconciling with merge/rebase. * "git blame --contents=file" has been taught to work in a bare repository. * "git branch -f X" to repoint the branch X said that X was "checked out" in another worktree, even when branch X was not and instead being bisected or rebased. The message was reworded to say the branch was "in use". * Tone down the warning on SHA-256 repositories being an experimental curiosity. We do not have support for them to interoperate with traditional SHA-1 repositories, but at this point, we do not plan to make breaking changes to SHA-256 repositories and there is no longer need for such a strongly phrased warning. * "git diff-tree" has been taught to take advantage of the sparse-index feature. * The object traversal using reachability bitmap done by "pack-object" has been tweaked to take advantage of the fact that using "boundary" commits as representative of all the uninteresting ones can save quite a lot of object enumeration. * "git worktree" learned to work better with sparse index feature. * When the external merge driver is killed by a signal, its output should not be trusted as a resolution with conflicts that is proposed by the driver, but the code did. * The set-up code for the get_revision() API now allows feeding options like --all and --not in the --stdin mode. * Move functions that are not about pure string manipulation out of strbuf.[ch] * "imap-send" codepaths got cleaned up to get rid of unused parameters. * Enumerating refs in the packed-refs file, while excluding refs that match certain patterns, has been optimized. * Mark-up unused parameters in the code so that we can eventually enable -Wunused-parameter by default. * Instead of inventing a custom counter variables for debugging, use existing trace2 facility in the fsync customization codepath. * "git branch --list --format=<format>" and friends are taught a new "%(describe)" placeholder. * Clarify how to choose the starting point for a new topic in developer guidance document. * The implementation of "get_sha1_hex()" that reads a hexadecimal string that spells a full object name has been extended to cope with any hash function used in the repository, but the "sha1" in its name survived. Rename it to get_hash_hex(), a name that is more consistent within its friends like get_hash_hex_algop(). * Command line parser fix, and a small parse-options API update. * bug fixes * Sat Jun 03 2023 Andreas Stieger <Andreas.Stieger@gmx.de> - git 2.41.0: This update contains a number of compatible updates, improvements and extensions to multiple workflows. Some changes may break backwards compatibility: * The libsecret credential helper obsoletes direct GNOME keyring support, which was dropped (git-credential-gnome-keyring) * "git format-patch" has been taught to ignore end-user configuration ("diff.noprefix") and always use the standard prefixes, to avoid breaking the receiving end of the patch - drop sha256_clone_fix.patch * Tue Apr 25 2023 Andreas Stieger <Andreas.Stieger@gmx.de> - git 2.40.1: * CVE-2023-25652: By feeding specially crafted input to git apply - -reject, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). * CVE-2023-25815: When Git is compiled with runtime prefix support and runs without translated messages, it still used the gettext machinery to display messages, which subsequently potentially looked for translated messages in unexpected places. This allowed for malicious placement of crafted messages. * CVE-2023-29007: When renaming or deleting a section from a configuration file, certain malicious configuration values may be misinterpreted as the beginning of a new configuration section, leading to arbitrary configuration injection. * Thu Apr 06 2023 Adam Majer <adam.majer@suse.de> - sha256_clone_fix.patch: fix cloning of empty sha256 repositories (jsc#PED-3891) * Mon Mar 13 2023 Andreas Stieger <andreas.stieger@gmx.de> - git 2.40.0: * backward incompatible change: The format.attach configuration variable lacked a way to override a value defined in a lower-priority configuration file (e.g. the system one) by redefining it in a higher-priority configuration file. Now, setting format.attach to an empty string means show the patch inline in the e-mail message, without using MIME attachment. * multiple commands and workflows gained additional options, compatible functionality, or more helpful output * "grep -P" learned to use Unicode Character Property to grok character classes when processing \b and \w etc. * under-the-hood improvements and bug fixes - The scripted "git add -p/-i" implementation was removed upstream. The openSUSE package already preferred the C implementation. * Tue Feb 14 2023 Andreas Stieger <andreas.stieger@gmx.de> - git 2.39.2: * CVE-2023-22490: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport boo#1208027 * CVE-2023-23946: a path outside the working tree can be overwritten as the user who is running "git apply" boo#1208028 * Tue Jan 17 2023 Andreas Stieger <andreas.stieger@gmx.de> - git 2.39.1, fixing two security issues that could allow remote code execution when accessing specially crafted repositories: * CVE-2022-41903: log format integer overflow boo#1207033 * CVE-2022-23521: gitattributed parsing integer overflow boo#1207032 * Thu Dec 15 2022 Dirk Müller <dmueller@suse.com> - switch to pkgconfig(zlib) so that alternative providers can be used * Mon Dec 12 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.39.0: * "git grep" learned to expand the sparse-index more lazily and on demand in a sparse checkout. * By default, use of fsmonitor on a repository on networked filesystem is disabled. * After checking out a "branch" that is a symbolic-ref that points at another branch, "git symbolic-ref HEAD" reports the underlying branch, not the symbolic-ref the user gave checkout as argument. The command learned the "--no-recurse" option to stop after dereferencing a symbolic-ref only once. * "git branch --edit-description @{-1}" is now a way to edit branch description of the branch you were on before switching to the current branch. * "git merge-tree --stdin" is a new way to request a series of merges and report the merge results. * "git shortlog" learned to group by the "format" string. * A new "--include-whitespace" option is added to "git patch-id", and existing bugs in the internal patch-id logic that did not match what "git patch-id" produces have been corrected. * Enable gc.cruftpacks by default for those who opt into feature.experimental setting. * "git repack" learns to send cruft objects out of the way into packfiles outside the repository. * 'scalar reconfigure -a' is taught to automatically remove scalar.repo entires which no longer exist. * Redact headers from cURL's h2h3 module in GIT_CURL_VERBOSE and others. * 'git maintenance register' is taught to write configuration to an arbitrary path, and 'git for-each-repo' is taught to expand tilde characters in paths. * When creating new notes, the template used to get a stray empty newline, which has been removed. * "git receive-pack" used to use all the local refs as the boundary for checking connectivity of the data "git push" sent, but now it uses only the refs that it advertised to the pusher. In a repository with the .hideRefs configuration, this reduces the resources needed to perform the check. * With '--recurse-submodules=on-demand', all submodules are recursively pushed. * developer visible fixes * Mon Dec 12 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.38.2, a general maintenance release: * Fix unaligned memory access for reads from the index v4 * "git remote rename" failed to rename a remote without fetch refspec, which has been corrected. * "git clone" did not like to see the "--bare" and the "--origin" options used together without a good reason. * "git fsck" failed to release contents of tree objects already used from the memory * "git rebase -i" can mistakenly attempt to apply a fixup to commit itself, which has been corrected. * Fix segfault with "git merge-tree" on read-only repositories * Fix a logic in "mailinfo -b" that miscomputed the length of a substring, which lead to an out-of-bounds access. * The codepath to sign learned to report errors when it fails to read from "ssh-keygen". * "GIT_EDITOR=: git branch --edit-description" resulted in failure * "git multi-pack-index repack/expire" used to repack unreachable cruft into a new pack, which have been corrected. * The code to clean temporary object directories (used for quarantine) tried to remove them inside its signal handler * "git branch --edit-description" on an unborh branch misleadingly said that no such branch exists * `git rebase --update-refs` would delete references when all `update-ref` commands in the sequencer were removed * Tue Nov 01 2022 Andreas Stieger <andreas.stieger@gmx.de> - disable tests on s390x (check-chainlint) * Wed Oct 26 2022 Dirk Müller <dmueller@suse.com> - update to 2.38.1 (bsc#1204455, CVE-2022-39253, bsc#1204456, CVE-2022-39260): * CVE-2022-39253: When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. * Thu Oct 06 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.38.0: * scalar: a repository management tool for large repositories * new git rebase --update-refs (global rebase.updateRefs) to update dependent branches * merge-tree integrated with the new ort merge strategy - -write-tree, while --trivial-merge retains the old mode * bare git repositories can now be stored and distributed in other git repositories * Setting the safe.bareRepository configuration to "explicit" avoids running arbitrary commands from filesystem monitoring hooks of untrusted git repositories unless --git-dir is set * git grep: new -m / --max-count options to limit the number of matches per file * git ls-files --format is a new option to customize outout * git cat-file and git show now support mailmap author mapping * bug fixes and performance improvements * Thu Sep 22 2022 Dirk Müller <dmueller@suse.com> - drop python2 requires as git-p4 is documented to work with python3 * Fri Sep 09 2022 Callum Farmer <gmbr3@opensuse.org> - Remove nogroup requirement: no longer needed * Fri Sep 02 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.37.3: * Plug memory leaks in the failure code path in the "merge-ort" merge strategy backend. * "vimdiff3" regression has been corrected * "git fsck" improvements * Fixes to sparse index compatibility work for "reset" and "checkout" commands * Documentation for "git add --renormalize" has been improved * developer visible fixes * Mon Aug 15 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.37.2: * multiple bug fixes, developer visible or handling corner cases * "git p4" improved non-ASCII support * Tue Jul 12 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.37.1: * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't correctly record a removed file to the index, which is an old regression but has become widely known because the C version has become the default in the latest release. * Fix for CVE-2022-29187 [boo#1201431]: The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). * Mon Jul 11 2022 olaf@aepfle.de - Usage of sysusers_requires is optional, like during quilt setup * Sun Jul 10 2022 Callum Farmer <gmbr3@opensuse.org> - Use the system user's group instead of nogroup * Fri Jul 08 2022 Petr Vorel <pvorel@suse.cz> - Add /etc/bash_completion.d/git-prompt: checks for git-prompt.sh and source it if available. Some users rely on the __git_ps1 function becoming available when bash-completion is loaded. Continue to load this library at bash-completion startup for now, to ease the transition to a world order where the prompt function is requested separately. Inspired by Debian. * Thu Jul 07 2022 Danilo Spinella <danilo.spinella@suse.com> - Update git to 2.37.0: https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.37.0.txt - git add --interactive is now default upstream, remove suse patch: * suse-use-builtin-add-interactive.patch * Wed Jun 15 2022 Antoine Belvire <antoine.belvire@opensuse.org> - Fix rpmlint errors/warnings about bash/zsh completion locations. - Remove now obsolete git-zsh-completion-fixes.diff. - Adjust git-tcsh-completion-fixes.diff. * Tue May 24 2022 Dominique Leuenberger <dimstar@opensuse.org> - Do not recommend git-cvs and git-svn by git, but rather have those two packages supplement the combination of git and their respective counterparts. * Fri May 06 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.36.1: * fix "git submodule update" noisyness without pathspec * fix "diff-tree --stdin" * fix "git name-rev" referenging strings after they are freed * fix "git show <commit1> <commit2>... -- <pathspec>" loosing the pathspec when showing the second and subsequent commits * fix "git fast-export -- <pathspec>" loosing the pathspec when showing the second and subsequent commits * fix "git format-patch <args> -- <pathspec>" loosing the pathspec when showing the second and subsequent commits * Tue Apr 19 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.36.0: * "git name-rev --stdin" has been deprecated and issues a warning when used; use "git name-rev --annotate-stdin" instead. * "git clone --filter=... --recurse-submodules" only makes the top-level a partial clone, while submodules are fully cloned. This behaviour is changed to pass the same filter down to the submodules. * improvements and extensions to multiple workflows and features * bug fixes and performance improvements * Thu Apr 14 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.35.3: * usability fix-up for CVE-2022-24765 bsc#1198234: '*' can be used as the value for the `safe.directory` variable to signal that the user considers that any directory is safe. * The code that was meant to parse the new `safe.directory` configuration variable was not checking what configuration variable was being fed to it * Wed Apr 13 2022 olaf@aepfle.de - Require bash in git-daemon because the service file uses it - Reword git-daemon.service description to get a useful sentence in journalctl -b * Tue Apr 12 2022 Andreas Stieger <andreas.stieger@gmx.de> - git 2.35.2 (CVE-2022-24765, bsc#1198234): * CVE-2022-24765: git may execute commands defined by other users from unexpected worktrees * Thu Mar 10 2022 chris@computersalat.de - fix deps for SLES 12 * Mon Feb 21 2022 Bjørn Lie <bjorn.lie@gmail.com> - "Downgrade" git-gui and gitk Recommends to Suggests. * Sat Jan 29 2022 Andreas Stieger <andreas.stieger@gmx.de> - update to 2.35.1: * fix "rebase" and "stash" in a secondary worktree * Fri Jan 28 2022 Dirk Müller <dmueller@suse.com> - update to 2.35.0: * "_" is now treated as any other URL-valid characters in an URL when matching the per-URL configuration variable names. * The color palette used by "git grep" has been updated to match that of GNU grep. * "git status --porcelain=v2" now show the number of stash entries with --show-stash like the normal output does. * "git stash" learned the "--staged" option to stash away what has been added to the index (and nothing else). * "git var GIT_DEFAULT_BRANCH" is a way to see what name is used for the newly created branch if "git init" is run. * Various operating modes of "git reset" have been made to work better with the sparse index. * "git submodule deinit" for a submodule whose .git metadata directory is embedded in its working tree refused to work, until the submodule gets converted to use the "absorbed" form where the metadata directory is stored in superproject, and a gitfile at the top-level of the working tree of the submodule points at it. The command is taught to convert such submodules to the absorbed form as needed. * The completion script (in contrib/) learns that the "--date" option of commands from the "git log" family takes "human" and "auto" as valid values. * "Zealous diff3" style of merge conflict presentation has been added. * The "git log --format=%(describe)" placeholder has been extended to allow passing selected command-line options to the underlying "git describe" command. * "default" and "reset" have been added to our color palette. * The cryptographic signing using ssh keys can specify literal keys for keytypes whose name do not begin with the "ssh-" prefix by using the "key::" prefix mechanism (e.g. "key::ecdsa-sha2-nistp256"). * "git fetch" without the "--update-head-ok" option ought to protect a checked out branch from getting updated, to prevent the working tree that checks it out to go out of sync. The code was written before the use of "git worktree" got widespread, and only checked the branch that was checked out in the current worktree, which has been updated. * "git name-rev" has been tweaked to give output that is shorter and easier to understand. * "git apply" has been taught to ignore a message without a patch with the "--allow-empty" option. It also learned to honor the "--quiet" option given from the command line. * The "init" and "set" subcommands in "git sparse-checkout" have been unified for a better user experience and performance. * Many git commands that deal with working tree files try to remove a directory that becomes empty (i.e. "git switch" from a branch that has the directory to another branch that does not would attempt remove all files in the directory and the directory itself). This drops users into an unfamiliar situation if the command was run in a subdirectory that becomes subject to removal due to the command. The commands have been taught to keep an empty directory if it is the directory they were started in to avoid surprising users. * "git am" learns "--empty=(stop|drop|keep)" option to tweak what is done to a piece of e-mail without a patch in it. * The default merge message prepared by "git merge" records the name of the current branch; the name can be overridden with a new option to allow users to pretend a merge is made on a different branch. * The way "git p4" shows file sizes in its output has been updated to use human-readable units. * "git -c branch.autosetupmerge=inherit branch new old" makes "new" to have the same upstream as the "old" branch, instead of marking "old" itself as its upstream.
/etc/apache2 /etc/apache2/conf.d /etc/apache2/conf.d/gitweb.conf /etc/apparmor.d /etc/apparmor.d/usr.share.git-web.gitweb.cgi /usr/libexec/git/git-instaweb /usr/libexec/git/git-web--browse /usr/share/doc/packages/git-web /usr/share/doc/packages/git-web/INSTALL.gitweb /usr/share/doc/packages/git-web/README.gitweb /usr/share/gitweb /usr/share/gitweb/gitweb.cgi /usr/share/gitweb/static /usr/share/gitweb/static/git-favicon.png /usr/share/gitweb/static/git-logo.png /usr/share/gitweb/static/gitweb.css /usr/share/gitweb/static/gitweb.js /usr/share/man/man1/git-instaweb.1.gz /usr/share/man/man1/git-web--browse.1.gz /usr/share/man/man1/gitweb.1.gz /usr/share/man/man5/gitweb.conf.5.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 22:29:00 2025