Version in base suite: 2.20.1-2+deb10u1 Base version: git_2.20.1-2+deb10u1 Target version: git_2.20.1-2+deb10u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/g/git/git_2.20.1-2+deb10u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/g/git/git_2.20.1-2+deb10u2.dsc changelog | 17 + patches/0039-Git-2.20.2.diff | 4 patches/0040-credential-avoid-writing-values-with-newlines.diff | 63 ++++ patches/0041-t-lib-credential-use-test_i18ncmp-to-check-stderr.diff | 34 ++ patches/0042-credential-detect-unrepresentable-values-when-parsing.diff | 154 ++++++++++ patches/0043-fsck-detect-gitmodules-URLs-with-embedded-newlines.diff | 102 ++++++ patches/0044-Git-2.17.4.diff | 38 ++ patches/0045-Git-2.18.3.diff | 27 + patches/0046-Git-2.19.4.diff | 27 + patches/0047-Git-2.20.3.diff | 41 ++ patches/series | 8 11 files changed, 513 insertions(+), 2 deletions(-) diff -Nru git-2.20.1/debian/changelog git-2.20.1/debian/changelog --- git-2.20.1/debian/changelog 2019-12-09 06:56:16.000000000 +0000 +++ git-2.20.1/debian/changelog 2020-04-12 07:24:43.000000000 +0000 @@ -1,3 +1,20 @@ +git (1:2.20.1-2+deb10u2) buster-security; urgency=high + + [ Salvatore Bonaccorso ] + * new upstream point release (see RelNotes/2.20.3.txt). + * Addresses the security issue CVE-2020-5260. + + With a crafted URL that contains a newline, the credential + helper machinery can be fooled to supply credential information + for the wrong host. The attack has been made impossible by + forbidding a newline character in any value passed via the + credential protocol. + + Thanks to Felix Wilhelm of Google Project Zero for finding + this vulnerability and Jeff King for fixing it. + + -- Jonathan Nieder Sun, 12 Apr 2020 00:24:43 -0700 + git (1:2.20.1-2+deb10u1) buster-security; urgency=high * new upstream point release (see RelNotes/2.20.2.txt). diff -Nru git-2.20.1/debian/patches/0039-Git-2.20.2.diff git-2.20.1/debian/patches/0039-Git-2.20.2.diff --- git-2.20.1/debian/patches/0039-Git-2.20.2.diff 2019-12-09 06:56:16.000000000 +0000 +++ git-2.20.1/debian/patches/0039-Git-2.20.2.diff 2020-04-12 07:24:43.000000000 +0000 @@ -9,7 +9,7 @@ --- Documentation/RelNotes/2.20.2.txt | 18 ++++++++++++++++++ GIT-VERSION-GEN | 2 +- - 2 files changed, 19 insertions(+), 1 deletions(-) + 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 Documentation/RelNotes/2.20.2.txt diff --git a/Documentation/RelNotes/2.20.2.txt b/Documentation/RelNotes/2.20.2.txt @@ -50,5 +50,5 @@ LF=' ' -- -2.24.0.393.g34dc348eaf +2.26.0.292.g33ef6b2f38 diff -Nru git-2.20.1/debian/patches/0040-credential-avoid-writing-values-with-newlines.diff git-2.20.1/debian/patches/0040-credential-avoid-writing-values-with-newlines.diff --- git-2.20.1/debian/patches/0040-credential-avoid-writing-values-with-newlines.diff 1970-01-01 00:00:00.000000000 +0000 +++ git-2.20.1/debian/patches/0040-credential-avoid-writing-values-with-newlines.diff 2020-04-12 07:24:43.000000000 +0000 @@ -0,0 +1,63 @@ +From a2d973517c7c2558fdbbb75c4fe0f435c7599bb6 Mon Sep 17 00:00:00 2001 +From: Jeff King +Date: Wed, 11 Mar 2020 17:53:41 -0400 +Subject: credential: avoid writing values with newlines + +The credential protocol that we use to speak to helpers can't represent +values with newlines in them. This was an intentional design choice to +keep the protocol simple, since none of the values we pass should +generally have newlines. + +However, if we _do_ encounter a newline in a value, we blindly transmit +it in credential_write(). Such values may break the protocol syntax, or +worse, inject new valid lines into the protocol stream. + +The most likely way for a newline to end up in a credential struct is by +decoding a URL with a percent-encoded newline. However, since the bug +occurs at the moment we write the value to the protocol, we'll catch it +there. That should leave no possibility of accidentally missing a code +path that can trigger the problem. + +At this level of the code we have little choice but to die(). However, +since we'd not ever expect to see this case outside of a malicious URL, +that's an acceptable outcome. + +Reported-by: Felix Wilhelm +(cherry picked from commit 9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b) +Signed-off-by: Jonathan Nieder +--- + credential.c | 2 ++ + t/t0300-credentials.sh | 6 ++++++ + 2 files changed, 8 insertions(+) + +diff --git a/credential.c b/credential.c +index 62be651b03..a79aff0c9c 100644 +--- a/credential.c ++++ b/credential.c +@@ -195,6 +195,8 @@ static void credential_write_item(FILE *fp, const char *key, const char *value) + { + if (!value) + return; ++ if (strchr(value, '\n')) ++ die("credential value for %s contains newline", key); + fprintf(fp, "%s=%s\n", key, value); + } + +diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh +index 82eaaea0f4..26f3c3a972 100755 +--- a/t/t0300-credentials.sh ++++ b/t/t0300-credentials.sh +@@ -308,4 +308,10 @@ test_expect_success 'empty helper spec resets helper list' ' + EOF + ' + ++test_expect_success 'url parser rejects embedded newlines' ' ++ test_must_fail git credential fill <<-\EOF ++ url=https://one.example.com?%0ahost=two.example.com/ ++ EOF ++' ++ + test_done +-- +2.26.0.292.g33ef6b2f38 + diff -Nru git-2.20.1/debian/patches/0041-t-lib-credential-use-test_i18ncmp-to-check-stderr.diff git-2.20.1/debian/patches/0041-t-lib-credential-use-test_i18ncmp-to-check-stderr.diff --- git-2.20.1/debian/patches/0041-t-lib-credential-use-test_i18ncmp-to-check-stderr.diff 1970-01-01 00:00:00.000000000 +0000 +++ git-2.20.1/debian/patches/0041-t-lib-credential-use-test_i18ncmp-to-check-stderr.diff 2020-04-12 07:24:43.000000000 +0000 @@ -0,0 +1,34 @@ +From e0a9a60ec2e99d1a15846aaf5feacba4563f18f8 Mon Sep 17 00:00:00 2001 +From: Jeff King +Date: Wed, 11 Mar 2020 18:11:37 -0400 +Subject: t/lib-credential: use test_i18ncmp to check stderr + +The credential tests have a "check" function which feeds some input to +git-credential and checks the stdout and stderr. We look for exact +matches in the output. For stdout, this makes sense; the output is +the credential protocol. But for stderr, we may be showing various +diagnostic messages, or the prompts fed to the askpass program, which +could be translated. Let's mark them as such. + +(cherry picked from commit 17f1c0b8c7e447aa62f85dc355bb48133d2812f2) +Signed-off-by: Jonathan Nieder +--- + t/lib-credential.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/t/lib-credential.sh b/t/lib-credential.sh +index 937b831ea6..bb88cc0108 100755 +--- a/t/lib-credential.sh ++++ b/t/lib-credential.sh +@@ -19,7 +19,7 @@ check() { + false + fi && + test_cmp expect-stdout stdout && +- test_cmp expect-stderr stderr ++ test_i18ncmp expect-stderr stderr + } + + read_chunk() { +-- +2.26.0.292.g33ef6b2f38 + diff -Nru git-2.20.1/debian/patches/0042-credential-detect-unrepresentable-values-when-parsing.diff git-2.20.1/debian/patches/0042-credential-detect-unrepresentable-values-when-parsing.diff --- git-2.20.1/debian/patches/0042-credential-detect-unrepresentable-values-when-parsing.diff 1970-01-01 00:00:00.000000000 +0000 +++ git-2.20.1/debian/patches/0042-credential-detect-unrepresentable-values-when-parsing.diff 2020-04-12 07:24:43.000000000 +0000 @@ -0,0 +1,154 @@ +From 4767ee743a3e1a5bd033cffa10a6e6cd82305337 Mon Sep 17 00:00:00 2001 +From: Jeff King +Date: Thu, 12 Mar 2020 01:31:11 -0400 +Subject: credential: detect unrepresentable values when parsing urls + +The credential protocol can't represent newlines in values, but URLs can +embed percent-encoded newlines in various components. A previous commit +taught the low-level writing routines to die() when encountering this, +but we can be a little friendlier to the user by detecting them earlier +and handling them gracefully. + +This patch teaches credential_from_url() to notice such components, +issue a warning, and blank the credential (which will generally result +in prompting the user for a username and password). We blank the whole +credential in this case. Another option would be to blank only the +invalid component. However, we're probably better off not feeding a +partially-parsed URL result to a credential helper. We don't know how a +given helper would handle it, so we're better off to err on the side of +matching nothing rather than something unexpected. + +The die() call in credential_write() is _probably_ impossible to reach +after this patch. Values should end up in credential structs only by URL +parsing (which is covered here), or by reading credential protocol input +(which by definition cannot read a newline into a value). But we should +definitely keep the low-level check, as it's our final and most accurate +line of defense against protocol injection attacks. Arguably it could +become a BUG(), but it probably doesn't matter much either way. + +Note that the public interface of credential_from_url() grows a little +more than we need here. We'll use the extra flexibility in a future +patch to help fsck catch these cases. + +(cherry picked from commit c716fe4bd917e013bf376a678b3a924447777b2d) +Signed-off-by: Jonathan Nieder +--- + credential.c | 36 ++++++++++++++++++++++++++++++++++-- + credential.h | 16 ++++++++++++++++ + t/t0300-credentials.sh | 12 ++++++++++-- + 3 files changed, 60 insertions(+), 4 deletions(-) + +diff --git a/credential.c b/credential.c +index a79aff0c9c..24823829f6 100644 +--- a/credential.c ++++ b/credential.c +@@ -324,7 +324,22 @@ void credential_reject(struct credential *c) + c->approved = 0; + } + +-void credential_from_url(struct credential *c, const char *url) ++static int check_url_component(const char *url, int quiet, ++ const char *name, const char *value) ++{ ++ if (!value) ++ return 0; ++ if (!strchr(value, '\n')) ++ return 0; ++ ++ if (!quiet) ++ warning(_("url contains a newline in its %s component: %s"), ++ name, url); ++ return -1; ++} ++ ++int credential_from_url_gently(struct credential *c, const char *url, ++ int quiet) + { + const char *at, *colon, *cp, *slash, *host, *proto_end; + +@@ -338,7 +353,7 @@ void credential_from_url(struct credential *c, const char *url) + */ + proto_end = strstr(url, "://"); + if (!proto_end) +- return; ++ return 0; + cp = proto_end + 3; + at = strchr(cp, '@'); + colon = strchr(cp, ':'); +@@ -373,4 +388,21 @@ void credential_from_url(struct credential *c, const char *url) + while (p > c->path && *p == '/') + *p-- = '\0'; + } ++ ++ if (check_url_component(url, quiet, "username", c->username) < 0 || ++ check_url_component(url, quiet, "password", c->password) < 0 || ++ check_url_component(url, quiet, "protocol", c->protocol) < 0 || ++ check_url_component(url, quiet, "host", c->host) < 0 || ++ check_url_component(url, quiet, "path", c->path) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++void credential_from_url(struct credential *c, const char *url) ++{ ++ if (credential_from_url_gently(c, url, 0) < 0) { ++ warning(_("skipping credential lookup for url: %s"), url); ++ credential_clear(c); ++ } + } +diff --git a/credential.h b/credential.h +index 6b0cd16be2..122a23cd2f 100644 +--- a/credential.h ++++ b/credential.h +@@ -28,7 +28,23 @@ void credential_reject(struct credential *); + + int credential_read(struct credential *, FILE *); + void credential_write(const struct credential *, FILE *); ++ ++/* ++ * Parse a url into a credential struct, replacing any existing contents. ++ * ++ * Ifthe url can't be parsed (e.g., a missing "proto://" component), the ++ * resulting credential will be empty but we'll still return success from the ++ * "gently" form. ++ * ++ * If we encounter a component which cannot be represented as a credential ++ * value (e.g., because it contains a newline), the "gently" form will return ++ * an error but leave the broken state in the credential object for further ++ * examination. The non-gentle form will issue a warning to stderr and return ++ * an empty credential. ++ */ + void credential_from_url(struct credential *, const char *url); ++int credential_from_url_gently(struct credential *, const char *url, int quiet); ++ + int credential_match(const struct credential *have, + const struct credential *want); + +diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh +index 26f3c3a972..b9c0f1f279 100755 +--- a/t/t0300-credentials.sh ++++ b/t/t0300-credentials.sh +@@ -308,9 +308,17 @@ test_expect_success 'empty helper spec resets helper list' ' + EOF + ' + +-test_expect_success 'url parser rejects embedded newlines' ' +- test_must_fail git credential fill <<-\EOF ++test_expect_success 'url parser ignores embedded newlines' ' ++ check fill <<-EOF + url=https://one.example.com?%0ahost=two.example.com/ ++ -- ++ username=askpass-username ++ password=askpass-password ++ -- ++ warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/ ++ warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/ ++ askpass: Username: ++ askpass: Password: + EOF + ' + +-- +2.26.0.292.g33ef6b2f38 + diff -Nru git-2.20.1/debian/patches/0043-fsck-detect-gitmodules-URLs-with-embedded-newlines.diff git-2.20.1/debian/patches/0043-fsck-detect-gitmodules-URLs-with-embedded-newlines.diff --- git-2.20.1/debian/patches/0043-fsck-detect-gitmodules-URLs-with-embedded-newlines.diff 1970-01-01 00:00:00.000000000 +0000 +++ git-2.20.1/debian/patches/0043-fsck-detect-gitmodules-URLs-with-embedded-newlines.diff 2020-04-12 07:24:43.000000000 +0000 @@ -0,0 +1,102 @@ +From 7e07103640f281a84bd55a267f79f0a005f3ea97 Mon Sep 17 00:00:00 2001 +From: Jeff King +Date: Wed, 11 Mar 2020 18:48:24 -0400 +Subject: fsck: detect gitmodules URLs with embedded newlines + +The credential protocol can't handle values with newlines. We already +detect and block any such URLs from being used with credential helpers, +but let's also add an fsck check to detect and block gitmodules files +with such URLs. That will let us notice the problem earlier when +transfer.fsckObjects is turned on. And in particular it will prevent bad +objects from spreading, which may protect downstream users running older +versions of Git. + +We'll file this under the existing gitmodulesUrl flag, which covers URLs +with option injection. There's really no need to distinguish the exact +flaw in the URL in this context. Likewise, I've expanded the description +of t7416 to cover all types of bogus URLs. + +(cherry picked from commit 07259e74ec1237c836874342c65650bdee8a3993) +Signed-off-by: Jonathan Nieder +--- + fsck.c | 16 +++++++++++++++- + t/t7416-submodule-dash-url.sh | 18 +++++++++++++++++- + 2 files changed, 32 insertions(+), 2 deletions(-) + +diff --git a/fsck.c b/fsck.c +index 535f806c67..faac610a35 100644 +--- a/fsck.c ++++ b/fsck.c +@@ -15,6 +15,7 @@ + #include "packfile.h" + #include "submodule-config.h" + #include "config.h" ++#include "credential.h" + #include "help.h" + + static struct oidset gitmodules_found = OIDSET_INIT; +@@ -982,6 +983,19 @@ static int fsck_tag(struct tag *tag, const char *data, + return fsck_tag_buffer(tag, data, size, options); + } + ++static int check_submodule_url(const char *url) ++{ ++ struct credential c = CREDENTIAL_INIT; ++ int ret; ++ ++ if (looks_like_command_line_option(url)) ++ return -1; ++ ++ ret = credential_from_url_gently(&c, url, 1); ++ credential_clear(&c); ++ return ret; ++} ++ + struct fsck_gitmodules_data { + struct object *obj; + struct fsck_options *options; +@@ -1006,7 +1020,7 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata) + "disallowed submodule name: %s", + name); + if (!strcmp(key, "url") && value && +- looks_like_command_line_option(value)) ++ check_submodule_url(value) < 0) + data->ret |= report(data->options, data->obj, + FSCK_MSG_GITMODULES_URL, + "disallowed submodule url: %s", +diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh +index 5ba041f537..41431b1ac3 100755 +--- a/t/t7416-submodule-dash-url.sh ++++ b/t/t7416-submodule-dash-url.sh +@@ -1,6 +1,6 @@ + #!/bin/sh + +-test_description='check handling of .gitmodule url with dash' ++test_description='check handling of disallowed .gitmodule urls' + . ./test-lib.sh + + test_expect_success 'create submodule with protected dash in url' ' +@@ -60,4 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' ' + test_i18ngrep ! "unknown option" err + ' + ++test_expect_success 'fsck rejects embedded newline in url' ' ++ # create an orphan branch to avoid existing .gitmodules objects ++ git checkout --orphan newline && ++ cat >.gitmodules <<-\EOF && ++ [submodule "foo"] ++ url = "https://one.example.com?%0ahost=two.example.com/foo.git" ++ EOF ++ git add .gitmodules && ++ git commit -m "gitmodules with newline" && ++ test_when_finished "rm -rf dst" && ++ git init --bare dst && ++ git -C dst config transfer.fsckObjects true && ++ test_must_fail git push dst HEAD 2>err && ++ grep gitmodulesUrl err ++' ++ + test_done +-- +2.26.0.292.g33ef6b2f38 + diff -Nru git-2.20.1/debian/patches/0044-Git-2.17.4.diff git-2.20.1/debian/patches/0044-Git-2.17.4.diff --- git-2.20.1/debian/patches/0044-Git-2.17.4.diff 1970-01-01 00:00:00.000000000 +0000 +++ git-2.20.1/debian/patches/0044-Git-2.17.4.diff 2020-04-12 07:24:43.000000000 +0000 @@ -0,0 +1,38 @@ +From 191fa298b66f2145f210573b4322bf61adbc303f Mon Sep 17 00:00:00 2001 +From: Junio C Hamano +Date: Tue, 17 Mar 2020 13:23:48 -0700 +Subject: Git 2.17.4 + +Signed-off-by: Junio C Hamano +(cherry picked from commit c42c0f12972194564f039dcf580d89ca14ae72d6) +Signed-off-by: Jonathan Nieder +--- + Documentation/RelNotes/2.17.4.txt | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + create mode 100644 Documentation/RelNotes/2.17.4.txt + +diff --git a/Documentation/RelNotes/2.17.4.txt b/Documentation/RelNotes/2.17.4.txt +new file mode 100644 +index 0000000000..7d794ca01a +--- /dev/null ++++ b/Documentation/RelNotes/2.17.4.txt +@@ -0,0 +1,16 @@ ++Git v2.17.4 Release Notes ++========================= ++ ++This release is to address the security issue: CVE-2020-5260 ++ ++Fixes since v2.17.3 ++------------------- ++ ++ * With a crafted URL that contains a newline in it, the credential ++ helper machinery can be fooled to give credential information for ++ a wrong host. The attack has been made impossible by forbidding ++ a newline character in any value passed via the credential ++ protocol. ++ ++Credit for finding the vulnerability goes to Felix Wilhelm of Google ++Project Zero. +-- +2.26.0.292.g33ef6b2f38 + diff -Nru git-2.20.1/debian/patches/0045-Git-2.18.3.diff git-2.20.1/debian/patches/0045-Git-2.18.3.diff --- git-2.20.1/debian/patches/0045-Git-2.18.3.diff 1970-01-01 00:00:00.000000000 +0000 +++ git-2.20.1/debian/patches/0045-Git-2.18.3.diff 2020-04-12 07:24:43.000000000 +0000 @@ -0,0 +1,27 @@ +From d99d986e22c4a87bd55ab0fd50c2ca4e6a093b07 Mon Sep 17 00:00:00 2001 +From: Junio C Hamano +Date: Tue, 17 Mar 2020 13:34:12 -0700 +Subject: Git 2.18.3 + +Signed-off-by: Junio C Hamano +(cherry picked from commit 21a3e5016bb218dc9b016284c88ba685bc446b70) +Signed-off-by: Jonathan Nieder +--- + Documentation/RelNotes/2.18.3.txt | 5 +++++ + 1 file changed, 5 insertions(+) + create mode 100644 Documentation/RelNotes/2.18.3.txt + +diff --git a/Documentation/RelNotes/2.18.3.txt b/Documentation/RelNotes/2.18.3.txt +new file mode 100644 +index 0000000000..25143f0cec +--- /dev/null ++++ b/Documentation/RelNotes/2.18.3.txt +@@ -0,0 +1,5 @@ ++Git v2.18.3 Release Notes ++========================= ++ ++This release merges the security fix that appears in v2.17.4; see ++the release notes for that version for details. +-- +2.26.0.292.g33ef6b2f38 + diff -Nru git-2.20.1/debian/patches/0046-Git-2.19.4.diff git-2.20.1/debian/patches/0046-Git-2.19.4.diff --- git-2.20.1/debian/patches/0046-Git-2.19.4.diff 1970-01-01 00:00:00.000000000 +0000 +++ git-2.20.1/debian/patches/0046-Git-2.19.4.diff 2020-04-12 07:24:43.000000000 +0000 @@ -0,0 +1,27 @@ +From 0e6e595cbdf95d46762a231bc6b5c9f222abb561 Mon Sep 17 00:00:00 2001 +From: Junio C Hamano +Date: Tue, 17 Mar 2020 13:37:37 -0700 +Subject: Git 2.19.4 + +Signed-off-by: Junio C Hamano +(cherry picked from commit a5979d7009017c79b0100b7b66e8567b3ad7b022) +Signed-off-by: Jonathan Nieder +--- + Documentation/RelNotes/2.19.4.txt | 5 +++++ + 1 file changed, 5 insertions(+) + create mode 100644 Documentation/RelNotes/2.19.4.txt + +diff --git a/Documentation/RelNotes/2.19.4.txt b/Documentation/RelNotes/2.19.4.txt +new file mode 100644 +index 0000000000..35d0ae561b +--- /dev/null ++++ b/Documentation/RelNotes/2.19.4.txt +@@ -0,0 +1,5 @@ ++Git v2.19.4 Release Notes ++========================= ++ ++This release merges the security fix that appears in v2.17.4; see ++the release notes for that version for details. +-- +2.26.0.292.g33ef6b2f38 + diff -Nru git-2.20.1/debian/patches/0047-Git-2.20.3.diff git-2.20.1/debian/patches/0047-Git-2.20.3.diff --- git-2.20.1/debian/patches/0047-Git-2.20.3.diff 1970-01-01 00:00:00.000000000 +0000 +++ git-2.20.1/debian/patches/0047-Git-2.20.3.diff 2020-04-12 07:24:43.000000000 +0000 @@ -0,0 +1,41 @@ +From be0a1785e78fc2ce1ebdbb9039ec274a8a7ca53e Mon Sep 17 00:00:00 2001 +From: Junio C Hamano +Date: Tue, 17 Mar 2020 13:42:38 -0700 +Subject: Git 2.20.3 + +Signed-off-by: Junio C Hamano +(cherry picked from commit d1259ce117d0714f1441956805612fb36d7ce7f8) +Signed-off-by: Jonathan Nieder +--- + Documentation/RelNotes/2.20.3.txt | 5 +++++ + GIT-VERSION-GEN | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + create mode 100644 Documentation/RelNotes/2.20.3.txt + +diff --git a/Documentation/RelNotes/2.20.3.txt b/Documentation/RelNotes/2.20.3.txt +new file mode 100644 +index 0000000000..f6eccd103b +--- /dev/null ++++ b/Documentation/RelNotes/2.20.3.txt +@@ -0,0 +1,5 @@ ++Git v2.20.3 Release Notes ++========================= ++ ++This release merges the security fix that appears in v2.17.4; see ++the release notes for that version for details. +diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN +index 492f3480f0..1482b4d75f 100755 +--- a/GIT-VERSION-GEN ++++ b/GIT-VERSION-GEN +@@ -1,7 +1,7 @@ + #!/bin/sh + + GVF=GIT-VERSION-FILE +-DEF_VER=v2.20.2 ++DEF_VER=v2.20.3 + + LF=' + ' +-- +2.26.0.292.g33ef6b2f38 + diff -Nru git-2.20.1/debian/patches/series git-2.20.1/debian/patches/series --- git-2.20.1/debian/patches/series 2019-12-09 06:49:21.000000000 +0000 +++ git-2.20.1/debian/patches/series 2020-04-12 07:24:43.000000000 +0000 @@ -37,3 +37,11 @@ 0037-t7415-adjust-test-for-dubiously-nested-submodule-gitd.diff 0038-submodule-defend-against-submodule.update-command-in-.diff 0039-Git-2.20.2.diff +0040-credential-avoid-writing-values-with-newlines.diff +0041-t-lib-credential-use-test_i18ncmp-to-check-stderr.diff +0042-credential-detect-unrepresentable-values-when-parsing.diff +0043-fsck-detect-gitmodules-URLs-with-embedded-newlines.diff +0044-Git-2.17.4.diff +0045-Git-2.18.3.diff +0046-Git-2.19.4.diff +0047-Git-2.20.3.diff