From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dalaran.tastycake.net (dalaran.tastycake.net [IPv6:2001:ba8:0:1c0::1:1]) by sourceware.org (Postfix) with ESMTPS id 5135B3858C2C for ; Thu, 14 Apr 2022 13:01:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 5135B3858C2C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dinwoodie.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=dinwoodie.org Received: from b.8.0.0.8.9.b.0.2.f.0.9.2.a.d.b.d.a.0.2.5.1.e.d.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:de15:20ad:bda2:90f2:b98:8b] helo=lucy.dinwoodie.org) by dalaran.tastycake.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nez6B-0000IQ-FG for cygwin-announce@cygwin.com; Thu, 14 Apr 2022 14:01:23 +0100 Received: from adam by lucy.dinwoodie.org with local (Exim 4.94.2) (envelope-from ) id 1nez69-003Fcu-3p for cygwin-announce@cygwin.com; Thu, 14 Apr 2022 14:01:21 +0100 Date: Thu, 14 Apr 2022 14:01:21 +0100 From: Adam Dinwoodie To: cygwin-announce@cygwin.com Subject: Security update: Git v2.35.3-1 Message-ID: <20220414130121.czttrtehqw2ylwy6@lucy.dinwoodie.org> Reply-To: cygwin@cygwin.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_NUMSUBJECT, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin-announce@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Read-only mailing list announcing new and updated Cygwin packages List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2022 13:01:27 -0000 Version 2.35.3-1 of Git has been uploaded and should be coming soon to a mirror near you. This is an update to the latest upstream release; it contains two fixes, one improving the security of yesterday's security fix for CVE-2022-24765, and one improving the usability of that fix: > * The code that was meant to parse the new `safe.directory` > configuration variable was not checking what configuration > variable was being fed to it, which has been corrected. > > * '*' can be used as the value for the `safe.directory` variable to > signal that the user considers that any directory is safe. This update includes the following patches: - git - git-cvs - git-debuginfo - git-email - git-gui - gitk - git-p4 - git-svn As ever, the full upstream changelogs are available with the source package, or at: https://git.kernel.org/cgit/git/git.git/tree/Documentation/RelNotes https://github.com/git/git/tree/master/Documentation/RelNotes Enjoy!