merge(3p/git): Merge git subtree at v2.29.2
This also bumps the stable nixpkgs to 20.09 as of 2020-11-21, because there is some breakage in the git build related to the netrc credentials helper which someone has taken care of in nixpkgs. The stable channel is not used for anything other than git, so this should be fine. Change-Id: I3575a19dab09e1e9556cf8231d717de9890484fb
This commit is contained in:
Vincent Ambo
parent
082c006c04
commit
f4609b896f
1485 changed files with 241535 additions and 109418 deletions
16
third_party/git/Documentation/RelNotes/2.17.4.txt
vendored
Normal file
16
third_party/git/Documentation/RelNotes/2.17.4.txt
vendored
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
Git v2.17.4 Release Notes
|
||||
=========================
|
||||
|
||||
This release is to address the security issue: CVE-2020-5260
|
||||
|
||||
Fixes since v2.17.3
|
||||
-------------------
|
||||
|
||||
* With a crafted URL that contains a newline in it, the credential
|
||||
helper machinery can be fooled to give credential information for
|
||||
a wrong host. The attack has been made impossible by forbidding
|
||||
a newline character in any value passed via the credential
|
||||
protocol.
|
||||
|
||||
Credit for finding the vulnerability goes to Felix Wilhelm of Google
|
||||
Project Zero.
|
||||
Loading…
Add table
Add a link
Reference in a new issue