about summary refs log tree commit diff
path: root/third_party/git/Documentation/RelNotes/2.20.2.txt
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-09-21T10·03+0300
committerVincent Ambo <mail@tazj.in>2021-09-21T11·29+0300
commit43b1791ec601732ac31195df96781a848360a9ac (patch)
treedaae8d638343295d2f1f7da955e556ef4c958864 /third_party/git/Documentation/RelNotes/2.20.2.txt
parent2d8e7dc9d9c38127ec4ebd13aee8e8f586a43318 (diff)
chore(3p/git): Unvendor git and track patches instead r/2903
This was vendored a long time ago under the expectation that keeping
it in sync with cgit would be easier this way, but it has proven not
to be a big issue.

On the other hand, a vendored copy of git is an annoying maintenance
burden. It is much easier to rebase the single (dottime) patch that we
have.

This removes the vendored copy of git and instead passes the git
source code to cgit via `pkgs.srcOnly`, which includes the applied
patch so that cgit can continue rendering dottime.

Change-Id: If31f62dea7ce688fd1b9050204e9378019775f2b
Diffstat (limited to 'third_party/git/Documentation/RelNotes/2.20.2.txt')
-rw-r--r--third_party/git/Documentation/RelNotes/2.20.2.txt18
1 files changed, 0 insertions, 18 deletions
diff --git a/third_party/git/Documentation/RelNotes/2.20.2.txt b/third_party/git/Documentation/RelNotes/2.20.2.txt
deleted file mode 100644
index 8e680cb9fbf4..000000000000
--- a/third_party/git/Documentation/RelNotes/2.20.2.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-Git v2.20.2 Release Notes
-=========================
-
-This release merges up the fixes that appear in v2.14.6, v2.15.4
-and in v2.17.3, addressing the security issues CVE-2019-1348,
-CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352,
-CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387; see the release notes
-for those versions for details.
-
-The change to disallow `submodule.<name>.update=!command` entries in
-`.gitmodules` which was introduced v2.15.4 (and for which v2.17.3
-added explicit fsck checks) fixes the vulnerability in v2.20.x where a
-recursive clone followed by a submodule update could execute code
-contained within the repository without the user explicitly having
-asked for that (CVE-2019-19604).
-
-Credit for finding this vulnerability goes to Joern Schneeweisz,
-credit for the fixes goes to Jonathan Nieder.