Git 2.20.2

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

diff --git a/Documentation/RelNotes/2.20.2.txt b/Documentation/RelNotes/2.20.2.txt
new file mode 100644 (file)
index 0000000..8e680cb
--- /dev/null
+++ b/Documentation/RelNotes/2.20.2.txt
@@ -0,0 +1,18 @@
+Git v2.20.2 Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.14.6, v2.15.4
+and in v2.17.3, addressing the security issues CVE-2019-1348,
+CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352,
+CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387; see the release notes
+for those versions for details.
+
+The change to disallow `submodule.<name>.update=!command` entries in
+`.gitmodules` which was introduced v2.15.4 (and for which v2.17.3
+added explicit fsck checks) fixes the vulnerability in v2.20.x where a
+recursive clone followed by a submodule update could execute code
+contained within the repository without the user explicitly having
+asked for that (CVE-2019-19604).
+
+Credit for finding this vulnerability goes to Joern Schneeweisz,
+credit for the fixes goes to Jonathan Nieder.

diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN
index d1a2814ec7e415a525e58ac234df8184a2d0f93c..492f3480f0e06b288b0315dfbfff156d40d78031 100755 (executable)
--- a/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 GVF=GIT-VERSION-FILE
-DEF_VER=v2.20.1
+DEF_VER=v2.20.2
 
 LF='
 '

diff --git a/RelNotes b/RelNotes
index 463a237c65db66593e317d55103a6212a095b8aa..b6fe6c7f6a0a7c8f848b01f001d489995e864b38 120000 (symlink)
--- a/RelNotes
+++ b/RelNotes
@@ -1 +1 @@
-Documentation/RelNotes/2.20.1.txt
\ No newline at end of file
+Documentation/RelNotes/2.20.2.txt
\ No newline at end of file