diff --git a/CHANGELOG.md b/CHANGELOG.md index 2db40788..d941d654 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,140 @@ # Git LFS Changelog +## 3.2.0 (25 May 2022) + +This release is a feature release which includes support for machine-readable +formats for a couple more commands, plus the ability to automatically merge +LFS-based text files from the command-line. It's likely that the merge driver +will see future improvements, but if you have feedback on the design, please use +the discussions feature. + +Note that our binary release archives no longer unpack into the current +directory, and now contain a top-level directory just like the source archives +do. + +We would like to extend a special thanks to the following open-source +contributors: + +* @bbodenmiller for fixing the formatting in our manual pages +* @breyed for fixing a typo in our manual pages +* @btoll for improving our README +* @rcoup for fixing our Accept header syntax +* @vtbassmatt for documenting our deprecation of NTLM + +### Features + +* ls-files: add a --json option #5007 (@bk2204) +* Add --json output for git lfs track #5006 (@bk2204) +* Add a merge driver #4970 (@bk2204) +* lfs: don't write hooks when they haven't changed #4935 (@bk2204) +* Tarballs, not tarbombs #4980 (@bk2204) + +### Bugs + +* Apply several Makefile fixes for Windows #5016 (@bk2204) +* git: don't panic on pkt-line without equals #4982 (@bk2204) +* lfshttp: fix invalid Accept header syntax #4996 (@rcoup) +* Grammar fix #4981 (@breyed) +* Use `gitignore`-style path matching for additional commands #4951 (@chrisd8088) +* Avoid pruning when identical files both match and do not match `lfs.fetchexclude` #4973 (@chrisd8088) +* Apply `lfs.fetchexclude` filter to previous commits when pruning #4968 (@chrisd8088) +* Update and correct several error message strings #4943 (@chrisd8088) +* script/upload: correct RHEL 8 package repo #4936 (@bk2204) +* lfs: add old hook content to the list of old hooks #4878 (@bk2204) +* .github/workflows: install packagecloud gem #4873 (@bk2204) + +### Misc + +* Update distros for packagecloud.io #5010 (@bk2204) +* lfshttp: log the Negotiate error on failure #5000 (@bk2204) +* Build CI on Windows 2022 #4997 (@chrisd8088) +* workflows: use ronn-ng #4992 (@bk2204) +* Multiple hash support #4971 (@bk2204) +* note deprecation of NTLM #4987 (@vtbassmatt) +* Update to Go 1.18, drop older Go version support, and update modules and dependencies #4963 (@chrisd8088) +* Update tests to check `prune` command excludes `lfs.fetchexclude` paths #4964 (@chrisd8088) +* Add test to check `prune` command retains tagged unpushed objects #4962 (@chrisd8088) +* Adjust test helpers and tests related to path filtering #4960 (@chrisd8088) +* Include shell path in restricted `PATH` in credential helper path test #4959 (@chrisd8088) +* Build test helper commands with `.exe` file extension on Windows #4954 (@chrisd8088) +* Update Windows signing certificate SHA hash in `Makefile` #4946 (@chrisd8088) +* remove unused `Pipe[Media]Command()` functions #4942 (@chrisd8088) +* Makefile: remove legacy trimpath code #4938 (@bk2204) +* add Inno Setup check of Git install paths and remove old uninstaller checks #4925 (@chrisd8088) +* note `git lfs push --all` only pushes local refs in man page #4898 (@chrisd8088) +* Build man pages into per-section subdirectories #4890 (@chrisd8088) +* Call out destructive command in README #4880 (@btoll) +* Improve formatting #4863 (@bbodenmiller) +* docs/howto: remind core team member to check Actions workflows #4868 (@bk2204) +* .github: fix syntax error in release workflow #4866 (@bk2204) + +## 3.1.4 (19 Apr 2022) + +This release is a bugfix release to fix some problems during the build of +v3.1.3. There are otherwise no substantial changes from v3.1.3. + +### Misc + +* Use only Windows Server 2019 runners for CI in GitHub Actions #4883 (@chrisd8088) +* remove unused `Pipe[Media]Command()` functions #4942 (@chrisd8088) + +## 3.1.3 (19 Apr 2022) + +This release introduces a security fix for Windows systems, which has been +assigned CVE-2022-24826. + +On Windows, if Git LFS operates on a malicious repository with a `..exe` file as +well as a file named `git.exe`, and `git.exe` is not found in PATH, the `..exe` +program will be executed, permitting the attacker to execute arbitrary code. +Similarly, if the malicious repository contains files named `..exe` and +`cygpath.exe`, and `cygpath.exe` is not found in PATH, the `..exe` program will +be executed when certain Git LFS commands are run. + +This security problem does not affect Unix systems. This is the same issue as +CVE-2020-27955 and CVE-2021-21237, but the fix for those issue was incomplete +and certain options can still cause the problem to occur. + +This occurs because on Windows, Go includes (and prefers) the current directory +when the name of a command run does not contain a directory separator, and it +continues to search for programs even when the specified program name is empty. +This has been solved by failing if the path is empty or not found. + +We would like to extend a special thanks to the following open-source +contributors: + +* @yuske for reporting this to us responsibly + +### Bugs + +* Report errors when finding executables and revise PATH search tests (@chrisd8088) + +### Misc + +* Update Windows signing certificate SHA hash in Makefile (@chrisd8088) + +## 3.1.2 (16 Feb 2022) + +This is a bugfix release which fixes a bug in `git lfs install` and some issues +in our CI release processes, including one that prevented arm64 packages for +Debian 11 from being uploaded. + +### Bugs + +* lfs: add old hook content to the list of old hooks #4878 (@bk2204) + +### Misc + +* Revert "Merge pull request #4795 from bk2204/actions-checkout-v2" #4877 (@bk2204) +* .github/workflows: install packagecloud gem #4873 (@bk2204) + +## 3.1.1 (14 Feb 2022) + +This is a bugfix release which fixes a syntax error in the release workflow. + +### Misc + +* .github: fix syntax error in release workflow #4866 (@bk2204) + ## 3.1.0 (14 Feb 2022) This release is a feature release which includes support for fallback from diff --git a/config/version.go b/config/version.go index 24f256a2..5ee1200d 100644 --- a/config/version.go +++ b/config/version.go @@ -13,7 +13,7 @@ var ( ) const ( - Version = "3.1.0" + Version = "3.2.0" ) func init() { diff --git a/debian/changelog b/debian/changelog index c5d207fb..3ed2cd53 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +git-lfs (3.2.0) stable; urgency=low + + * New upstream version + + -- brian m. carlson Wed, 25 May 2022 14:29:00 -0000 + git-lfs (3.1.0) stable; urgency=low * New upstream version diff --git a/rpm/SPECS/git-lfs.spec b/rpm/SPECS/git-lfs.spec index d8434384..8ff50509 100644 --- a/rpm/SPECS/git-lfs.spec +++ b/rpm/SPECS/git-lfs.spec @@ -1,5 +1,5 @@ Name: git-lfs -Version: 3.1.0 +Version: 3.2.0 Release: 1%{?dist} Summary: Git extension for versioning large files diff --git a/versioninfo.json b/versioninfo.json index 213e1a1d..7fc424e6 100644 --- a/versioninfo.json +++ b/versioninfo.json @@ -3,7 +3,7 @@ { "FileVersion": { "Major": 3, - "Minor": 1, + "Minor": 2, "Patch": 0, "Build": 0 } @@ -13,7 +13,7 @@ "FileDescription": "Git LFS", "LegalCopyright": "GitHub, Inc. and Git LFS contributors", "ProductName": "Git Large File Storage (LFS)", - "ProductVersion": "3.1.0" + "ProductVersion": "3.2.0" }, "IconPath": "script/windows-installer/git-lfs-logo.ico" }