Merge branch 'master' of github.com:git/git

* 'master' of github.com:git/git: (25 commits)
  Git 2.36-rc2
  i18n: fix some badly formatted i18n strings
  Git 2.36-rc1
  t9902: split test to run on appropriate systems
  ls-tree doc: document interaction with submodules
  Documentation: add --batch-command to cat-file synopsis
  git-ls-tree.txt: fix the name of "%(objectsize:padded)"
  submodule-helper: fix usage string
  doc: replace "--" with {litdd} in credential-cache/fsmonitor
  contrib/scalar: fix 'all' target in Makefile
  Documentation/Makefile: fix "make info" regression in dad9cd7d518
  configure.ac: fix HAVE_SYNC_FILE_RANGE definition
  git-compat-util: really support openssl as a source of entropy
  ls-tree: `-l` should not imply recursive listing
  Git 2.35.2
  Git 2.34.2
  Git 2.33.2
  Git 2.32.1
  Git 2.31.2
  Git 2.30.3
  ...

1 files changed, 24 insertions, 0 deletions

diff --git a/Documentation/RelNotes/2.30.3.txt b/Documentation/RelNotes/2.30.3.txt
new file mode 100644
index 0000000000..31b2a4daa6
--- /dev/null
+++ b/Documentation/RelNotes/2.30.3.txt
@@ -0,0 +1,24 @@
+Git v2.30.2 Release Notes
+=========================
+
+This release addresses the security issue CVE-2022-24765.
+
+Fixes since v2.30.2
+-------------------
+
+ * Build fix on Windows.
+
+ * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories.
+
+ * CVE-2022-24765:
+   On multi-user machines, Git users might find themselves
+   unexpectedly in a Git worktree, e.g. when another user created a
+   repository in `C:\.git`, in a mounted network drive or in a
+   scratch space. Merely having a Git-aware prompt that runs `git
+   status` (or `git diff`) and navigating to a directory which is
+   supposedly not a Git worktree, or opening such a directory in an
+   editor or IDE such as VS Code or Atom, will potentially run
+   commands defined by that other user.
+
+Credit for finding this vulnerability goes to 俞晨东; The fix was
+authored by Johannes Schindelin.