diff options
| author | Junio C Hamano <gitster@pobox.com> | 2022-10-18 08:44:24 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2022-10-18 08:44:24 -0700 |
| commit | ba206ef748949aeb0876eea4fe820d92fe4a662f (patch) | |
| tree | 902c0b83e13b8e53eacf6f569e957c7771eeee0e | |
| parent | dac8a36b534b6c8ed2b9be2398e225a9ea272ceb (diff) | |
| download | git-htmldocs-ba206ef748949aeb0876eea4fe820d92fe4a662f.tar.gz | |
Autogenerated HTML docs for v2.38.1-119-g9c32c
26 files changed, 149 insertions, 20 deletions
diff --git a/RelNotes/2.30.6.txt b/RelNotes/2.30.6.txt new file mode 100644 index 000000000..d649071b7 --- /dev/null +++ b/RelNotes/2.30.6.txt @@ -0,0 +1,60 @@ +Git v2.30.6 Release Notes +========================= + +This release addresses the security issues CVE-2022-39253 and +CVE-2022-39260. + +Fixes since v2.30.5 +------------------- + + * CVE-2022-39253: + When relying on the `--local` clone optimization, Git dereferences + symbolic links in the source repository before creating hardlinks + (or copies) of the dereferenced link in the destination repository. + This can lead to surprising behavior where arbitrary files are + present in a repository's `$GIT_DIR` when cloning from a malicious + repository. + + Git will no longer dereference symbolic links via the `--local` + clone mechanism, and will instead refuse to clone repositories that + have symbolic links present in the `$GIT_DIR/objects` directory. + + Additionally, the value of `protocol.file.allow` is changed to be + "user" by default. + + * CVE-2022-39260: + An overly-long command string given to `git shell` can result in + overflow in `split_cmdline()`, leading to arbitrary heap writes and + remote code execution when `git shell` is exposed and the directory + `$HOME/git-shell-commands` exists. + + `git shell` is taught to refuse interactive commands that are + longer than 4MiB in size. `split_cmdline()` is hardened to reject + inputs larger than 2GiB. + +Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The +fix was authored by Taylor Blau, with help from Johannes Schindelin. + +Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. +The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. + + +Jeff King (2): + shell: add basic tests + shell: limit size of interactive commands + +Kevin Backhouse (1): + alias.c: reject too-long cmdline strings in split_cmdline() + +Taylor Blau (11): + builtin/clone.c: disallow `--local` clones with symlinks + t/lib-submodule-update.sh: allow local submodules + t/t1NNN: allow local submodules + t/2NNNN: allow local submodules + t/t3NNN: allow local submodules + t/t4NNN: allow local submodules + t/t5NNN: allow local submodules + t/t6NNN: allow local submodules + t/t7NNN: allow local submodules + t/t9NNN: allow local submodules + transport: make `protocol.file.allow` be "user" by default diff --git a/RelNotes/2.31.5.txt b/RelNotes/2.31.5.txt new file mode 100644 index 000000000..0d87e6e03 --- /dev/null +++ b/RelNotes/2.31.5.txt @@ -0,0 +1,5 @@ +Git v2.31.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/RelNotes/2.32.4.txt b/RelNotes/2.32.4.txt new file mode 100644 index 000000000..76c67b209 --- /dev/null +++ b/RelNotes/2.32.4.txt @@ -0,0 +1,5 @@ +Git v2.32.4 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/RelNotes/2.33.5.txt b/RelNotes/2.33.5.txt new file mode 100644 index 000000000..a63652602 --- /dev/null +++ b/RelNotes/2.33.5.txt @@ -0,0 +1,5 @@ +Git v2.33.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/RelNotes/2.34.5.txt b/RelNotes/2.34.5.txt new file mode 100644 index 000000000..0e8999204 --- /dev/null +++ b/RelNotes/2.34.5.txt @@ -0,0 +1,5 @@ +Git v2.34.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/RelNotes/2.35.5.txt b/RelNotes/2.35.5.txt new file mode 100644 index 000000000..e19cc48b3 --- /dev/null +++ b/RelNotes/2.35.5.txt @@ -0,0 +1,5 @@ +Git v2.35.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/RelNotes/2.36.3.txt b/RelNotes/2.36.3.txt new file mode 100644 index 000000000..56db77b5b --- /dev/null +++ b/RelNotes/2.36.3.txt @@ -0,0 +1,5 @@ +Git v2.36.3 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/RelNotes/2.37.4.txt b/RelNotes/2.37.4.txt index 732176376..e42a5c162 100644 --- a/RelNotes/2.37.4.txt +++ b/RelNotes/2.37.4.txt @@ -2,11 +2,45 @@ Git 2.37.4 Release Notes ======================== This primarily is to backport various fixes accumulated on the 'master' -front since 2.37.3. +front since 2.37.3, and also includes the same security fixes as in +v2.30.6. Fixes since v2.37.3 ------------------- + * CVE-2022-39253: + When relying on the `--local` clone optimization, Git dereferences + symbolic links in the source repository before creating hardlinks + (or copies) of the dereferenced link in the destination repository. + This can lead to surprising behavior where arbitrary files are + present in a repository's `$GIT_DIR` when cloning from a malicious + repository. + + Git will no longer dereference symbolic links via the `--local` + clone mechanism, and will instead refuse to clone repositories that + have symbolic links present in the `$GIT_DIR/objects` directory. + + Additionally, the value of `protocol.file.allow` is changed to be + "user" by default. + + Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. + The fix was authored by Taylor Blau, with help from Johannes + Schindelin. + + * CVE-2022-39260: + An overly-long command string given to `git shell` can result in + overflow in `split_cmdline()`, leading to arbitrary heap writes and + remote code execution when `git shell` is exposed and the directory + `$HOME/git-shell-commands` exists. + + `git shell` is taught to refuse interactive commands that are + longer than 4MiB in size. `split_cmdline()` is hardened to reject + inputs larger than 2GiB. + + Credit for finding CVE-2022-39260 goes to Kevin Backhouse of + GitHub. The fix was authored by Kevin Backhouse, Jeff King, and + Taylor Blau. + * An earlier optimization discarded a tree-object buffer that is still in use, which has been corrected. diff --git a/RelNotes/2.38.1.txt b/RelNotes/2.38.1.txt new file mode 100644 index 000000000..b2b5854aa --- /dev/null +++ b/RelNotes/2.38.1.txt @@ -0,0 +1,5 @@ +Git v2.38.1 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/git-config.html b/git-config.html index 7ad61933d..a56d461d4 100644 --- a/git-config.html +++ b/git-config.html @@ -8966,10 +8966,10 @@ protocol.allow <p>
If set, provide a user defined default policy for all protocols which
don’t explicitly have a policy (<code>protocol.<name>.allow</code>). By default,
- if unset, known-safe protocols (http, https, git, ssh, file) have a
+ if unset, known-safe protocols (http, https, git, ssh) have a
default policy of <code>always</code>, known-dangerous protocols (ext) have a
- default policy of <code>never</code>, and all other protocols have a default
- policy of <code>user</code>. Supported policies:
+ default policy of <code>never</code>, and all other protocols (including file)
+ have a default policy of <code>user</code>. Supported policies:
</p>
<div class="openblock">
<div class="content">
diff --git a/howto/coordinate-embargoed-releases.html b/howto/coordinate-embargoed-releases.html index a9ec1dbf7..f719cb375 100644 --- a/howto/coordinate-embargoed-releases.html +++ b/howto/coordinate-embargoed-releases.html @@ -873,7 +873,7 @@ Thanks, <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:10 PDT
+ 2022-10-18 08:42:45 PDT
</div>
</div>
</body>
diff --git a/howto/keep-canonical-history-correct.html b/howto/keep-canonical-history-correct.html index 686216cc3..0eb7df97f 100644 --- a/howto/keep-canonical-history-correct.html +++ b/howto/keep-canonical-history-correct.html @@ -938,7 +938,7 @@ tip of your <em>master</em> again and redo the two merges:</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:09 PDT
+ 2022-10-18 08:42:45 PDT
</div>
</div>
</body>
diff --git a/howto/maintain-git.html b/howto/maintain-git.html index 66010d891..f8dc104d5 100644 --- a/howto/maintain-git.html +++ b/howto/maintain-git.html @@ -1469,7 +1469,7 @@ $ git update-ref -d $mf/ai/topic</code></pre> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:10 PDT
+ 2022-10-18 08:42:45 PDT
</div>
</div>
</body>
diff --git a/howto/new-command.html b/howto/new-command.html index 2fcf85bd0..f77358f3a 100644 --- a/howto/new-command.html +++ b/howto/new-command.html @@ -863,7 +863,7 @@ letter [PATCH 0/n]. <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:07 PDT
+ 2022-10-18 08:42:43 PDT
</div>
</div>
</body>
diff --git a/howto/rebase-from-internal-branch.html b/howto/rebase-from-internal-branch.html index 8af2dd691..0cbe37875 100644 --- a/howto/rebase-from-internal-branch.html +++ b/howto/rebase-from-internal-branch.html @@ -895,7 +895,7 @@ the #1' commit.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:09 PDT
+ 2022-10-18 08:42:45 PDT
</div>
</div>
</body>
diff --git a/howto/rebuild-from-update-hook.html b/howto/rebuild-from-update-hook.html index 990d0ae02..caa654b26 100644 --- a/howto/rebuild-from-update-hook.html +++ b/howto/rebuild-from-update-hook.html @@ -847,7 +847,7 @@ This is still crude and does not protect against simultaneous <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:09 PDT
+ 2022-10-18 08:42:45 PDT
</div>
</div>
</body>
diff --git a/howto/recover-corrupted-blob-object.html b/howto/recover-corrupted-blob-object.html index 45542d1a0..428d9d67f 100644 --- a/howto/recover-corrupted-blob-object.html +++ b/howto/recover-corrupted-blob-object.html @@ -880,7 +880,7 @@ thing.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:09 PDT
+ 2022-10-18 08:42:45 PDT
</div>
</div>
</body>
diff --git a/howto/recover-corrupted-object-harder.html b/howto/recover-corrupted-object-harder.html index 4f9f3f058..4e7d84c1a 100644 --- a/howto/recover-corrupted-object-harder.html +++ b/howto/recover-corrupted-object-harder.html @@ -1189,7 +1189,7 @@ int main(int argc, char **argv) <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:09 PDT
+ 2022-10-18 08:42:45 PDT
</div>
</div>
</body>
diff --git a/howto/revert-a-faulty-merge.html b/howto/revert-a-faulty-merge.html index 734cbe204..f7ff55247 100644 --- a/howto/revert-a-faulty-merge.html +++ b/howto/revert-a-faulty-merge.html @@ -1025,7 +1025,7 @@ P---o---o---M---x---x---W---x---M2 <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:09 PDT
+ 2022-10-18 08:42:45 PDT
</div>
</div>
</body>
diff --git a/howto/revert-branch-rebase.html b/howto/revert-branch-rebase.html index 6c9dbe397..8cd084f51 100644 --- a/howto/revert-branch-rebase.html +++ b/howto/revert-branch-rebase.html @@ -907,7 +907,7 @@ Committed merge 7fb9b7262a1d1e0a47bbfdcbbcf50ce0635d3f8f <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:07 PDT
+ 2022-10-18 08:42:43 PDT
</div>
</div>
</body>
diff --git a/howto/separating-topic-branches.html b/howto/separating-topic-branches.html index 4f8bf933c..6c4677869 100644 --- a/howto/separating-topic-branches.html +++ b/howto/separating-topic-branches.html @@ -841,7 +841,7 @@ o---o"master"</code></pre> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:09 PDT
+ 2022-10-18 08:42:44 PDT
</div>
</div>
</body>
diff --git a/howto/setup-git-server-over-http.html b/howto/setup-git-server-over-http.html index be19d2d11..8d997ac28 100644 --- a/howto/setup-git-server-over-http.html +++ b/howto/setup-git-server-over-http.html @@ -1071,7 +1071,7 @@ help diagnosing the problem, but removes security checks.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:08 PDT
+ 2022-10-18 08:42:44 PDT
</div>
</div>
</body>
diff --git a/howto/update-hook-example.html b/howto/update-hook-example.html index 6ed30c679..4da7e7130 100644 --- a/howto/update-hook-example.html +++ b/howto/update-hook-example.html @@ -930,7 +930,7 @@ that JC can make non-fast-forward pushes on it.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:08 PDT
+ 2022-10-18 08:42:44 PDT
</div>
</div>
</body>
diff --git a/howto/use-git-daemon.html b/howto/use-git-daemon.html index b1fb48e0e..42448d667 100644 --- a/howto/use-git-daemon.html +++ b/howto/use-git-daemon.html @@ -791,7 +791,7 @@ a good practice to put the paths after a "--" separator.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:08 PDT
+ 2022-10-18 08:42:44 PDT
</div>
</div>
</body>
diff --git a/howto/using-merge-subtree.html b/howto/using-merge-subtree.html index a69c015ee..4f5a3a14c 100644 --- a/howto/using-merge-subtree.html +++ b/howto/using-merge-subtree.html @@ -848,7 +848,7 @@ Please note that if the other project merges from you, then it will <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:08 PDT
+ 2022-10-18 08:42:43 PDT
</div>
</div>
</body>
diff --git a/howto/using-signed-tag-in-pull-request.html b/howto/using-signed-tag-in-pull-request.html index a8e4d21f0..8fdc6d31b 100644 --- a/howto/using-signed-tag-in-pull-request.html +++ b/howto/using-signed-tag-in-pull-request.html @@ -952,7 +952,7 @@ as part of the merge commit.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2022-10-17 15:24:08 PDT
+ 2022-10-18 08:42:44 PDT
</div>
</div>
</body>
|