Git 1.7.3.4, 1.6.6.3 and others

The latest maintenance release Git 1.7.3.4 is available at the
usual places:

http://www.kernel.org/pub/software/scm/git/
git-1.7.3.4.tar.{gz,bz2}                      (source tarball)
git-htmldocs-1.7.3.4.tar.{gz,bz2}             (preformatted docs)
git-manpages-1.7.3.4.tar.{gz,bz2}             (preformatted docs)

The RPM binary packages for a few architectures are found in:

RPMS/$arch/git-*-1.7.3.4-1.fc13.$arch.rpm     (RPM)

Among many fixes since v1.7.3.3, it contains a fix to a recently
discovered XSS vulnerability in Gitweb (CVE 2010-3906). A backport
to an earlier maintenance track 1.6.6.3 is available (replace 1.7.3.4 with
1.6.6.3 above).

The Gitweb fix has also been backported to maintenance tracks of other
earlier releases (1.7.2.5, 1.7.1.4, 1.7.0.9, 1.6.5.9, and 1.6.4.5) and are
available from the main repository and shortly will be available from its
mirrors:

git://git.kernel.org/pub/scm/git/git.git/
git://repo.or.cz/alt-git.git/
git://git-core.git.sourceforge.net/gitroot/git-core/git-core/
git://github.com/git/git.git/
Git v1.7.3.4 Release Notes
==========================

Fixes since v1.7.3.3
  • Smart HTTP transport used to incorrectly retry redirected POST
    request with GET request.

  • “git apply” did not correctly handle patches that only change modes
    if told to apply while stripping leading paths with -p option.

  • “git apply” can deal with patches with timezone formatted with a
    colon between the hours and minutes part (e.g. “-08:00” instead of
    “-0800”).

  • “git checkout” removed an untracked file “foo” from the working
    tree when switching to a branch that contains a tracked path
    “foo/bar”. Prevent this, just like the case where the conflicting
    path were “foo” (c752e7f..7980872d).

  • “git cherry-pick” or “git revert” refused to work when a path that
    would be modified by the operation was stat-dirty without a real
    difference in the contents of the file.

  • “git diff –check” reported an incorrect line number for added
    blank lines at the end of file.

  • “git imap-send” failed to build under NO_OPENSSL.

  • Setting log.decorate configuration variable to “0” or “1” to mean
    “false” or “true” did not work.

  • “git push” over dumb HTTP protocol did not work against WebDAV
    servers that did not terminate a collection name with a slash.

  • “git tag -v” did not work with GPG signatures in rfc1991 mode.

  • The post-receive-email sample hook was accidentally broken in 1.7.3.3
    update.

  • “gitweb” can sometimes be tricked into parrotting a filename argument
    given in a request without properly quoting.

Other minor fixes and documentation updates are also included.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s