git 1:2.27.0~rc0-1ubuntu1 source package in Ubuntu

Changelog

git (1:2.27.0~rc0-1ubuntu1) groovy; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690)
    - Don't build-depend on subversion on i386, it is not reasonable to
      support on the partial arch.
  * Drop security update patches, included upstream.

git (1:2.27.0~rc0-1) unstable; urgency=low

  * new upstream release candidate (see RelNotes/2.27.0.txt).

git (1:2.26.2-1) unstable; urgency=high

  * new upstream point release (see RelNotes/2.26.2.txt).
    * Addresses the security issue CVE-2020-11008.

      With a crafted URL that contains a newline or empty host, or
      lacks a scheme, the credential helper machinery can be fooled
      into providing credential information that is not appropriate
      for the protocol in use and host being contacted.

      Unlike the vulnerability fixed in 2.26.1, the credentials are
      not for a host of the attacker's choosing.  Instead, they are
      for an unspecified host, based on how the configured
      credential helper handles an absent "host" parameter.

      The attack has been made impossible by refusing to work with
      underspecified credential patterns.

      Thanks to Carlo Arenas for reporting that Git was still
      vulnerable, Felix Wilhelm for providing the proof of concept
      demonstrating this issue, and Jeff King for promptly providing
      a corrected fix.

      Tested using the proof of concept at
      https://crbug.com/project-zero/2021.

git (1:2.26.1-1) unstable; urgency=high

  * new upstream point release (see RelNotes/2.26.1.txt).
    * Addresses the security issue CVE-2020-5260.

      With a crafted URL that contains a newline, the credential
      helper machinery can be fooled to supply credential information
      for the wrong host.  The attack has been made impossible by
      forbidding a newline character in any value passed via the
      credential protocol.

      Thanks to Felix Wilhelm of Google Project Zero for finding
      this vulnerability and Jeff King for fixing it.

git (1:2.26.0-2) unstable; urgency=low

  * fixes to the (newly default) rebase --merge backend:
    * honor GIT_REFLOG_ACTION (thx Ian Jackson and Elijah Newren;
      closes: #955152).
    * avoid "nothing to do" error when fast-forwarding a branch with
      rebase.abbreviateCommands=true (thx Jan Alexander Steffens and
      Alban Gruin).
  * debian/control: downgrade Recommends by git-all on git-daemon-run
    to Suggests. The git-all package is a "batteries included" full
    installation of Git. Automatically running a daemon is not useful
    to most of its users.

git (1:2.26.0-1) unstable; urgency=low

  * new upstream release (see RelNotes/2.26.0.txt).

git (1:2.26.0~rc2-1) unstable; urgency=low

  * new upstream release candidate (see RelNotes/2.26.0.txt).

 -- Steve Langasek <email address hidden>  Wed, 20 May 2020 16:48:49 -0700