Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted git 1:2.26.1-1~bpo10+1 (source) into buster-backports
Date: Tue, 14 Apr 2020 21:03:50 +0000
Signed by: Jonathan Nieder <jrnieder@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 14 Apr 2020 10:59:48 -0700
Source: git
Architecture: source
Version: 1:2.26.1-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Closes: 955152
Changes:
 git (1:2.26.1-1~bpo10+1) buster-backports; urgency=high
 .
   * upload to buster-backports.
 .
 git (1:2.26.1-1) unstable; urgency=high
 .
   * new upstream point release (see RelNotes/2.26.1.txt).
     * Addresses the security issue CVE-2020-5260.
 .
       With a crafted URL that contains a newline, the credential
       helper machinery can be fooled to supply credential information
       for the wrong host.  The attack has been made impossible by
       forbidding a newline character in any value passed via the
       credential protocol.
 .
       Thanks to Felix Wilhelm of Google Project Zero for finding
       this vulnerability and Jeff King for fixing it.
 .
 git (1:2.26.0-2) unstable; urgency=low
 .
   * fixes to the (newly default) rebase --merge backend:
     * honor GIT_REFLOG_ACTION (thx Ian Jackson and Elijah Newren;
       closes: #955152).
     * avoid "nothing to do" error when fast-forwarding a branch with
       rebase.abbreviateCommands=true (thx Jan Alexander Steffens and
       Alban Gruin).
   * debian/control: downgrade Recommends by git-all on git-daemon-run
     to Suggests. The git-all package is a "batteries included" full
     installation of Git. Automatically running a daemon is not useful
     to most of its users.
 .
 git (1:2.26.0-1) unstable; urgency=low
 .
   * new upstream release (see RelNotes/2.26.0.txt).
 .
 git (1:2.26.0~rc2-1) unstable; urgency=low
 .
   * new upstream release candidate (see RelNotes/2.26.0.txt).
 .
 git (1:2.25.1-1) unstable; urgency=low
 .
   * new upstream point release (see RelNotes/2.25.1.txt).
   * update debian/copyright.
   * debian/control: remove Gerrit Pape from the Maintainer field,
     as requested. Thanks to Gerrit for putting together this
     package in a way that has been pleasant to maintain.
   * debian/rules: use "dpkg-architecture" instead of "uname -m" to
     retrieve host arch.  This makes the resulting "git version
     --build-options" more predictable when building for i386 on an
     amd64 machine (thx to Ceridwen for detecting this in reprotest).
Checksums-Sha1:
 38b2b513b2dd74d303751de512bb74062cb8fbfe 2892 git_2.26.1-1~bpo10+1.dsc
 9ec4ef53d157cb376aaedc0ca529d3857c3f8bf6 6006104 git_2.26.1.orig.tar.xz
 f3bd9d0f184d00fed153d6d522e93e4f35a2817a 646200 git_2.26.1-1~bpo10+1.debian.tar.xz
 5269896ce86c72246ba9d1a4ba2bb220fb202dfd 12910 git_2.26.1-1~bpo10+1_amd64.buildinfo
Checksums-Sha256:
 b2dc8fc68079e8853bea78f4f47dc5eae9b6c4da51802a832c2c8fdf1c7ca715 2892 git_2.26.1-1~bpo10+1.dsc
 888228408f254634330234df3cece734d190ef6381063821f31ec020538f0368 6006104 git_2.26.1.orig.tar.xz
 ac28fa3f581841e0027bc3b6cc38d8b815dd8f5f81ce93efcbae4fa4841794e6 646200 git_2.26.1-1~bpo10+1.debian.tar.xz
 0a8e396951342864bbf733af5801d8da0017260bfd05ecaeb85a482054bf7563 12910 git_2.26.1-1~bpo10+1_amd64.buildinfo
Files:
 481eae532a1e6cdee2cd28d3b5e8e503 2892 vcs optional git_2.26.1-1~bpo10+1.dsc
 50e68aaebbb554f4946d170a2765bfe7 6006104 vcs optional git_2.26.1.orig.tar.xz
 834a004d3fd6546c7d5f6b36ef0d7c82 646200 vcs optional git_2.26.1-1~bpo10+1.debian.tar.xz
 2aa947e9907c81f0792877f61ef0bc19 12910 vcs optional git_2.26.1-1~bpo10+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAl6WAIgTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JUV4D/4lJEnaPcl+Z/YXaSRKtRfKcaJnzv1s
0voJkEUJxWM2J9/eFJDP4eE4mtWhRvxJ94RZjqbmBry1RbAwNGclEkiPxLipg6RA
qLGnMJ7nfKBluKIILCzdb7w5Dq9G2oDFsULAjGj1+fqi4mkt2cZ7KB3yPGiOWNHN
Kld2n4p86LgsVWU6uVooenhtMY/+q+5IgvogGYO8f6SUo2ZEkXqWhRfCvHF7G23z
rAKSVsjg7bF2V278vSj27I66YRqGoGxjA9SYj9qJLE/hHx5lhZMPlnQoCAdh3EnS
Y83QRsVg+OZduiNLDgP68FJDbPSbvOKhTnfqPr+TyWRY0ZZxm2M+/g6iTSK9BDsH
94Nrbi4IjbN49SEpLkIw7vv4NY8yJhQ7CdPUcPlaSHT9INqDiUJ7j42/CcYUOBeO
/YP4UzKqT9YzcsJPRLFopFchR+XzzR3rlKUcU23XGKsZ6lS2QZ5Q3vAOQ6KIgZtF
2jOwnnd8tKY/1+0MXcdTj+AEpM8NK8wNOD/XbUf1AnZBlTlzARrN4Ur/U2O1BAAK
liyy5VfDGPtiQaXAwuQ4bbYNPikGFE8n2/yKsnd9pKtsPdrbkAthgy2136RryJ9k
bLMaMsyx3Z/uCyTSQIvMYDmxznHtQ+e/ByGl3qpWgcLZfY7wrUUiuRuJtSA//JMz
mQ4GCdKJLq2m5g==
=NhLQ
-----END PGP SIGNATURE-----
News for package git
