2024-05-31 17:47:22

by Junio C Hamano

[permalink] [raw]
Subject: [ANNOUNCE] Git v2.45.2 and friends to unbreak "git lfs" and others

The latest maintenance release Git v2.45.2 and its siblings
(v2.39.5, v2.40.3, v2.41.2, v2.42.3, v2.43.5, and v2.44.2) are now
available at the usual places. They are to revert overly strict
checks, which were "added while at it to help enhance security, even
though these changes alone would not solve any known security
problems", in the recent security updates that addressed four CVEs.

They unfortunately broke valid setups of "git lfs" and "git annex"
(among other unknown things), so we are first reverting them, with
an intention to later reassess the situation and rebuild
replacements that are much less aggressive and more precise, if
needed.

The tarballs are found at:

https://www.kernel.org/pub/software/scm/git/

The following public repositories all have a copy of the 'v2.45.2'
and other tags:

url = https://git.kernel.org/pub/scm/git/git
url = https://kernel.googlesource.com/pub/scm/git/git
url = git://repo.or.cz/alt-git.git
url = https://github.com/gitster/git

----------------------------------------------------------------

Git v2.45.2 Release Notes
=========================

In preparing security fixes for four CVEs, we made overly aggressive
"defense in depth" changes that broke legitimate use cases like 'git
lfs' and 'git annex.' This release is to revert these misguided, if
well-intentioned, changes that were shipped in 2.45.1 and were not
direct security fixes.

Jeff King (5):
send-email: drop FakeTerm hack
send-email: avoid creating more than one Term::ReadLine object
ci: drop mention of BREW_INSTALL_PACKAGES variable
ci: avoid bare "gcc" for osx-gcc job
ci: stop installing "gcc-13" for osx-gcc

Johannes Schindelin (6):
hook: plug a new memory leak
init: use the correct path of the templates directory again
Revert "core.hooksPath: add some protection while cloning"
tests: verify that `clone -c core.hooksPath=/dev/null` works again
clone: drop the protections where hooks aren't run
Revert "Add a helper function to compare file contents"

Junio C Hamano (1):
Revert "fsck: warn about symlink pointing inside a gitdir"

----------------------------------------------------------------

Changes since v2.45.1 are as follows:

Jeff King (5):
send-email: drop FakeTerm hack
send-email: avoid creating more than one Term::ReadLine object
ci: drop mention of BREW_INSTALL_PACKAGES variable
ci: avoid bare "gcc" for osx-gcc job
ci: stop installing "gcc-13" for osx-gcc

Johannes Schindelin (6):
hook: plug a new memory leak
init: use the correct path of the templates directory again
Revert "core.hooksPath: add some protection while cloning"
tests: verify that `clone -c core.hooksPath=/dev/null` works again
clone: drop the protections where hooks aren't run
Revert "Add a helper function to compare file contents"

Junio C Hamano (2):
Revert "fsck: warn about symlink pointing inside a gitdir"
Git 2.39.5