Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4573098imw;
        Tue, 12 Jul 2022 10:13:33 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1s66EvKOva8X+rfrsB022uwkEf7LaycnTYfnb740FTmcfv7JvG0sS5riK+pTqtwwF1n2yXR
X-Received: by 2002:a05:6402:3689:b0:43a:7c1c:8960 with SMTP id ej9-20020a056402368900b0043a7c1c8960mr32687093edb.79.1657646013224;
        Tue, 12 Jul 2022 10:13:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657646013; cv=none;
        d=google.com; s=arc-20160816;
        b=b+5gMjJvdreMzYuUG5u03cRhRd2y3PNxSyF65FzZGsQyn82gqvtMrnVSDOT5TtmFuF
         VwIt328evVba1aF+t58zh5Uxx77DtBz75X3J3tpLaSewpek18S8hBU8KOpLfQcf1l1/x
         IIVFMBjhhJwAPVXw3yTUEDaQTlrPPP6DstZiWd11aZAPcv0TZQBTwSjYeMff1Cdd9lso
         JQ5oSL9DkgVpz5MYQwJT5gin6/LHg/YxEaTNu/7RY+JbegD06V+49hqRkUjjAzb6GCqN
         +LZV6cibPEn8NVhzd0n9sWESWZJ8lsbXDq94tkLZoISR6caklTidcWmXpokh/74sdtfX
         0Rww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:message-id:date:subject:cc:to:from:dkim-signature;
        bh=DQ3OOgysAhulQs+pCdL3/UfH9rVTp2gDPZmr7g5gqVs=;
        b=rVpZwD8g5vScq+ZhqcETKsRhe0E/8y1LIq4lNbOrFUGE//hGTnuaWuw3Ay1iXugr8u
         fkwvvAyW8JFNddWJ+ZAW+Pb7J9YWVjDU6U0LvkVLVBeRv1TIRXiXUsDv4dvHoNGytk/Z
         ek36fx4GKGc1DhMNaWPiKztElFgpTPYeopWFdjcV3UbLwe7rWkibrtztBFwvn4rIuoWl
         6B4UTnuk51GOvvD2Plmxjii6os0LkSwReg6+TGe0OxV62/nFDcLZe9zzsBNBG1TleKC2
         rV8yqP+U+p6vkuuBrnxYJ9QeJflEhmIzVSHhCkm3V9uDV51KJB1Ag7Xz5cUvCVHQz0zG
         wS8w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@pobox.com header.s=sasl header.b=RE3OnpXV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=pobox.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q20-20020a056402519400b0043ad95b6b0bsi8842623edd.239.2022.07.12.10.13.07;
        Tue, 12 Jul 2022 10:13:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@pobox.com header.s=sasl header.b=RE3OnpXV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=pobox.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233169AbiGLRJo (ORCPT <rfc822;alexzyp@gmail.com> + 99 others);
        Tue, 12 Jul 2022 13:09:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53862 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230015AbiGLRJk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Jul 2022 13:09:40 -0400
X-Greylist: delayed 158 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 12 Jul 2022 10:09:38 PDT
Received: from pb-smtp2.pobox.com (pb-smtp2.pobox.com [64.147.108.71])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A310A26AF9;
        Tue, 12 Jul 2022 10:09:38 -0700 (PDT)
Received: from pb-smtp2.pobox.com (unknown [127.0.0.1])
        by pb-smtp2.pobox.com (Postfix) with ESMTP id 5B8DC13C9FE;
        Tue, 12 Jul 2022 13:06:59 -0400 (EDT)
        (envelope-from junio@pobox.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=from:to:cc
        :subject:date:message-id:mime-version:content-type
        :content-transfer-encoding; s=sasl; bh=w0UKyYdQ1A+V1udZfVAXLlWWc
        FkkGbvbz51v1rTX1/k=; b=RE3OnpXVoYq5NOlkZEVfSBiZlV93QbcG1Apn9xzvs
        CchKu5jUf5S2JHPNLp7MJpIdjTA7sPyZcDm/dXcOp9RiEtQevy6cx1iHkfZnHBFS
        z1Ba6MRhCkh9eVZfh/OX0a4b8FeywLSBfY7qqLqkFY5q63nYGRIbtZRfjgnyF9Dp
        uY=
Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1])
        by pb-smtp2.pobox.com (Postfix) with ESMTP id 521B313C9FD;
        Tue, 12 Jul 2022 13:06:59 -0400 (EDT)
        (envelope-from junio@pobox.com)
Received: from pobox.com (unknown [34.83.92.57])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by pb-smtp2.pobox.com (Postfix) with ESMTPSA id AED7B13C9FC;
        Tue, 12 Jul 2022 13:06:58 -0400 (EDT)
        (envelope-from junio@pobox.com)
From:   Junio C Hamano <gitster@pobox.com>
To:     git@vger.kernel.org
Cc:     Linux Kernel <linux-kernel@vger.kernel.org>,
        git-packagers@googlegroups.com
Subject: [ANNOUNCE] Git v2.37.1 and others
Date:   Tue, 12 Jul 2022 10:06:57 -0700
Message-ID: <xmqqv8s2fefi.fsf@gitster.g>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
X-Pobox-Relay-ID: 0A2F8064-0205-11ED-AA91-CB998F0A682E-77302942!pb-smtp2.pobox.com
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Git v2.37.1, together with v2.30.5, v2.31.4, v2.32.3, v2.33.4,
v2.34.4, v2.35.4, and v2.36.2 for older maintenance tracks, are now
available at the usual places.

These are to address CVE-2022-29187, where the fixes in v2.36.1 and
below to address CVE-2022-24765 released earlier may not have been
complete.

The tarballs are found at:

    https://www.kernel.org/pub/software/scm/git/

The following public repositories all have a copy of the 'v2.37.1'
tag and other tags for older maintenance tracks.

  url =3D https://git.kernel.org/pub/scm/git/git
  url =3D https://kernel.googlesource.com/pub/scm/git/git
  url =3D git://repo.or.cz/alt-git.git
  url =3D https://github.com/gitster/git

----------------------------------------------------------------

Git 2.37.1 Release Notes
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This release merges up the fixes that appear in v2.30.5, v2.31.4,
v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the
security issue CVE-2022-29187; see the release notes for these
versions for details.

Fixes since Git 2.37
--------------------

 * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
   correctly record a removed file to the index, which is an old
   regression but has become widely known because the C version has
   become the default in the latest release.

 * Fix for CVE-2022-29187.

----------------------------------------------------------------

Git v2.30.5 Release Notes
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This release contains minor fix-ups for the changes that went into
Git 2.30.3 and 2.30.4, addressing CVE-2022-29187.

 * The safety check that verifies a safe ownership of the Git
   worktree is now extended to also cover the ownership of the Git
   directory (and the `.git` file, if there is any).

Carlo Marcelo Arenas Bel=C3=B3n (1):
      setup: tighten ownership checks post CVE-2022-24765