From 3bf789c68fd2aac4e4aa4d794a29fe8944df15b8 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Wed, 10 Mar 2021 13:53:11 -0400
Subject: [PATCH] git on OSX dmg updated to fix CVE

This mostly affects OSX and (possibly) Windows, but the Windows
installer does not bundle git. The linux standalone builds are not
updated yet pending debian stable getting a backport of the security
fix, but the security hole is unlikely to affect linux as
case-insensitive filesystems that support symlinks are a rarity on it.
Using the linux standalone build on windows via WSL is another way it
could be affected.

This commit was sponsored by Brett Eisenberg on Patreon.
---
 CHANGELOG | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG b/CHANGELOG
index 8935d2167a..928ab6a08b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -19,6 +19,7 @@ git-annex (8.20210224) UNRELEASED; urgency=medium
   * Fix support for local gcrypt repositories with a space in their URI.
   * uninit: Fix a small bug that left a lock file in .git/annex
   * Windows: Correct the path to the html help file for 64 bit build.
+  * OSX dmg: Updated bundled git to 2.30.2 which fixes CVE-2021-21300.
 
  -- Joey Hess <id@joeyh.name>  Wed, 24 Feb 2021 13:18:38 -0400