diff options
| author | Junio C Hamano <gitster@pobox.com> | 2023-01-17 09:01:37 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2023-01-17 09:01:37 -0800 |
| commit | f3537485ce51b617a09d99c17ef9b6cd378ece6d (patch) | |
| tree | afca1475e1b3099b66251b33488459b7d04f4649 | |
| parent | d2309374057e387bf3b3f77ed51de90c6f1af162 (diff) | |
| download | git-htmldocs-f3537485ce51b617a09d99c17ef9b6cd378ece6d.tar.gz | |
Autogenerated HTML docs for v2.39.1-231-ga7caae
28 files changed, 194 insertions, 16 deletions
diff --git a/RelNotes/2.30.7.txt b/RelNotes/2.30.7.txt new file mode 100644 index 000000000..285beed23 --- /dev/null +++ b/RelNotes/2.30.7.txt @@ -0,0 +1,86 @@ +Git v2.30.7 Release Notes +========================= + +This release addresses the security issues CVE-2022-41903 and +CVE-2022-23521. + + +Fixes since v2.30.6 +------------------- + + * CVE-2022-41903: + + git log has the ability to display commits using an arbitrary + format with its --format specifiers. This functionality is also + exposed to git archive via the export-subst gitattribute. + + When processing the padding operators (e.g., %<(, %<|(, %>(, + %>>(, or %><( ), an integer overflow can occur in + pretty.c::format_and_pad_commit() where a size_t is improperly + stored as an int, and then added as an offset to a subsequent + memcpy() call. + + This overflow can be triggered directly by a user running a + command which invokes the commit formatting machinery (e.g., git + log --format=...). It may also be triggered indirectly through + git archive via the export-subst mechanism, which expands format + specifiers inside of files within the repository during a git + archive. + + This integer overflow can result in arbitrary heap writes, which + may result in remote code execution. + +* CVE-2022-23521: + + gitattributes are a mechanism to allow defining attributes for + paths. These attributes can be defined by adding a `.gitattributes` + file to the repository, which contains a set of file patterns and + the attributes that should be set for paths matching this pattern. + + When parsing gitattributes, multiple integer overflows can occur + when there is a huge number of path patterns, a huge number of + attributes for a single pattern, or when the declared attribute + names are huge. + + These overflows can be triggered via a crafted `.gitattributes` file + that may be part of the commit history. Git silently splits lines + longer than 2KB when parsing gitattributes from a file, but not when + parsing them from the index. Consequentially, the failure mode + depends on whether the file exists in the working tree, the index or + both. + + This integer overflow can result in arbitrary heap reads and writes, + which may result in remote code execution. + +Credit for finding CVE-2022-41903 goes to Joern Schneeweisz of GitLab. +An initial fix was authored by Markus Vervier of X41 D-Sec. Credit for +finding CVE-2022-23521 goes to Markus Vervier and Eric Sesterhenn of X41 +D-Sec. This work was sponsored by OSTIF. + +The proposed fixes have been polished and extended to cover additional +findings by Patrick Steinhardt of GitLab, with help from others on the +Git security mailing list. + +Patrick Steinhardt (21): + attr: fix overflow when upserting attribute with overly long name + attr: fix out-of-bounds read with huge attribute names + attr: fix integer overflow when parsing huge attribute names + attr: fix out-of-bounds write when parsing huge number of attributes + attr: fix out-of-bounds read with unreasonable amount of patterns + attr: fix integer overflow with more than INT_MAX macros + attr: harden allocation against integer overflows + attr: fix silently splitting up lines longer than 2048 bytes + attr: ignore attribute lines exceeding 2048 bytes + attr: ignore overly large gitattributes files + pretty: fix out-of-bounds write caused by integer overflow + pretty: fix out-of-bounds read when left-flushing with stealing + pretty: fix out-of-bounds read when parsing invalid padding format + pretty: fix adding linefeed when placeholder is not expanded + pretty: fix integer overflow in wrapping format + utf8: fix truncated string lengths in `utf8_strnwidth()` + utf8: fix returning negative string width + utf8: fix overflow when returning string width + utf8: fix checking for glyph width in `strbuf_utf8_replace()` + utf8: refactor `strbuf_utf8_replace` to not rely on preallocated buffer + pretty: restrict input lengths for padding and wrapping formats + diff --git a/RelNotes/2.31.6.txt b/RelNotes/2.31.6.txt new file mode 100644 index 000000000..425a51875 --- /dev/null +++ b/RelNotes/2.31.6.txt @@ -0,0 +1,5 @@ +Git v2.31.6 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/RelNotes/2.32.5.txt b/RelNotes/2.32.5.txt new file mode 100644 index 000000000..a8cad1a05 --- /dev/null +++ b/RelNotes/2.32.5.txt @@ -0,0 +1,8 @@ +Git v2.32.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. + +In addition, included are additional code for "git fsck" to check +for questionable .gitattributes files. diff --git a/RelNotes/2.33.6.txt b/RelNotes/2.33.6.txt new file mode 100644 index 000000000..b63e4e625 --- /dev/null +++ b/RelNotes/2.33.6.txt @@ -0,0 +1,5 @@ +Git v2.33.6 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/RelNotes/2.34.6.txt b/RelNotes/2.34.6.txt new file mode 100644 index 000000000..b32080dba --- /dev/null +++ b/RelNotes/2.34.6.txt @@ -0,0 +1,5 @@ +Git v2.34.6 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/RelNotes/2.35.6.txt b/RelNotes/2.35.6.txt new file mode 100644 index 000000000..e7ca57bb4 --- /dev/null +++ b/RelNotes/2.35.6.txt @@ -0,0 +1,5 @@ +Git v2.35.6 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/RelNotes/2.36.4.txt b/RelNotes/2.36.4.txt new file mode 100644 index 000000000..58fb93a35 --- /dev/null +++ b/RelNotes/2.36.4.txt @@ -0,0 +1,5 @@ +Git v2.36.4 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/RelNotes/2.37.5.txt b/RelNotes/2.37.5.txt new file mode 100644 index 000000000..faa144729 --- /dev/null +++ b/RelNotes/2.37.5.txt @@ -0,0 +1,5 @@ +Git v2.37.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/RelNotes/2.38.3.txt b/RelNotes/2.38.3.txt new file mode 100644 index 000000000..4a46bb430 --- /dev/null +++ b/RelNotes/2.38.3.txt @@ -0,0 +1,5 @@ +Git v2.38.3 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/RelNotes/2.39.1.txt b/RelNotes/2.39.1.txt new file mode 100644 index 000000000..60c86f412 --- /dev/null +++ b/RelNotes/2.39.1.txt @@ -0,0 +1,5 @@ +Git v2.39.1 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/fsck-msgids.txt b/fsck-msgids.txt index 7af76ff99..12eae8a22 100644 --- a/fsck-msgids.txt +++ b/fsck-msgids.txt @@ -46,6 +46,18 @@ `fullPathname`:: (WARN) A path contains the full path starting with "/". +`gitattributesBlob`:: + (ERROR) A non-blob found at `.gitattributes`. + +`gitattributesLarge`:: + (ERROR) The `.gitattributes` blob is too large. + +`gitattributesLineLength`:: + (ERROR) The `.gitattributes` blob contains too long lines. + +`gitattributesMissing`:: + (ERROR) Unable to read `.gitattributes` blob. + `gitattributesSymlink`:: (INFO) `.gitattributes` is a symlink. diff --git a/git-fsck.html b/git-fsck.html index b6bcbcf57..51f80dba4 100644 --- a/git-fsck.html +++ b/git-fsck.html @@ -1203,6 +1203,38 @@ by setting the corresponding <code>fsck.<msg-id></code> configuration vari </p>
</dd>
<dt class="hdlist1">
+<code>gitattributesBlob</code>
+</dt>
+<dd>
+<p>
+ (ERROR) A non-blob found at <code>.gitattributes</code>.
+</p>
+</dd>
+<dt class="hdlist1">
+<code>gitattributesLarge</code>
+</dt>
+<dd>
+<p>
+ (ERROR) The <code>.gitattributes</code> blob is too large.
+</p>
+</dd>
+<dt class="hdlist1">
+<code>gitattributesLineLength</code>
+</dt>
+<dd>
+<p>
+ (ERROR) The <code>.gitattributes</code> blob contains too long lines.
+</p>
+</dd>
+<dt class="hdlist1">
+<code>gitattributesMissing</code>
+</dt>
+<dd>
+<p>
+ (ERROR) Unable to read <code>.gitattributes</code> blob.
+</p>
+</dd>
+<dt class="hdlist1">
<code>gitattributesSymlink</code>
</dt>
<dd>
diff --git a/howto/coordinate-embargoed-releases.html b/howto/coordinate-embargoed-releases.html index 0b39a5d2b..59f3d25a4 100644 --- a/howto/coordinate-embargoed-releases.html +++ b/howto/coordinate-embargoed-releases.html @@ -1038,7 +1038,7 @@ Thanks, <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:28 PST
+ 2023-01-17 08:59:15 PST
</div>
</div>
</body>
diff --git a/howto/keep-canonical-history-correct.html b/howto/keep-canonical-history-correct.html index 7e2620b4d..c2be874b2 100644 --- a/howto/keep-canonical-history-correct.html +++ b/howto/keep-canonical-history-correct.html @@ -938,7 +938,7 @@ tip of your <em>master</em> again and redo the two merges:</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:28 PST
+ 2023-01-17 08:59:15 PST
</div>
</div>
</body>
diff --git a/howto/maintain-git.html b/howto/maintain-git.html index ff104ba6f..32045d5f2 100644 --- a/howto/maintain-git.html +++ b/howto/maintain-git.html @@ -1478,7 +1478,7 @@ $ git update-ref -d $mf/ai/topic</code></pre> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:28 PST
+ 2023-01-17 08:59:15 PST
</div>
</div>
</body>
diff --git a/howto/new-command.html b/howto/new-command.html index 08d004acb..39715cc44 100644 --- a/howto/new-command.html +++ b/howto/new-command.html @@ -863,7 +863,7 @@ letter [PATCH 0/n]. <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:26 PST
+ 2023-01-17 08:59:13 PST
</div>
</div>
</body>
diff --git a/howto/rebase-from-internal-branch.html b/howto/rebase-from-internal-branch.html index 2feae1044..46412ec8f 100644 --- a/howto/rebase-from-internal-branch.html +++ b/howto/rebase-from-internal-branch.html @@ -895,7 +895,7 @@ the #1' commit.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:28 PST
+ 2023-01-17 08:59:15 PST
</div>
</div>
</body>
diff --git a/howto/rebuild-from-update-hook.html b/howto/rebuild-from-update-hook.html index e92282f21..650ba5ff1 100644 --- a/howto/rebuild-from-update-hook.html +++ b/howto/rebuild-from-update-hook.html @@ -847,7 +847,7 @@ This is still crude and does not protect against simultaneous <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:28 PST
+ 2023-01-17 08:59:15 PST
</div>
</div>
</body>
diff --git a/howto/recover-corrupted-blob-object.html b/howto/recover-corrupted-blob-object.html index 9532a3b82..8fffc2c20 100644 --- a/howto/recover-corrupted-blob-object.html +++ b/howto/recover-corrupted-blob-object.html @@ -880,7 +880,7 @@ thing.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:28 PST
+ 2023-01-17 08:59:14 PST
</div>
</div>
</body>
diff --git a/howto/recover-corrupted-object-harder.html b/howto/recover-corrupted-object-harder.html index 37d25bc38..17e031142 100644 --- a/howto/recover-corrupted-object-harder.html +++ b/howto/recover-corrupted-object-harder.html @@ -1189,7 +1189,7 @@ int main(int argc, char **argv) <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:28 PST
+ 2023-01-17 08:59:15 PST
</div>
</div>
</body>
diff --git a/howto/revert-a-faulty-merge.html b/howto/revert-a-faulty-merge.html index ffcfa49ae..f001b8a81 100644 --- a/howto/revert-a-faulty-merge.html +++ b/howto/revert-a-faulty-merge.html @@ -1025,7 +1025,7 @@ P---o---o---M---x---x---W---x---M2 <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:28 PST
+ 2023-01-17 08:59:14 PST
</div>
</div>
</body>
diff --git a/howto/revert-branch-rebase.html b/howto/revert-branch-rebase.html index 5876d1d1d..9f823c285 100644 --- a/howto/revert-branch-rebase.html +++ b/howto/revert-branch-rebase.html @@ -907,7 +907,7 @@ Committed merge 7fb9b7262a1d1e0a47bbfdcbbcf50ce0635d3f8f <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:26 PST
+ 2023-01-17 08:59:13 PST
</div>
</div>
</body>
diff --git a/howto/separating-topic-branches.html b/howto/separating-topic-branches.html index fd04d9b37..4115c6396 100644 --- a/howto/separating-topic-branches.html +++ b/howto/separating-topic-branches.html @@ -841,7 +841,7 @@ o---o"master"</code></pre> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:27 PST
+ 2023-01-17 08:59:14 PST
</div>
</div>
</body>
diff --git a/howto/setup-git-server-over-http.html b/howto/setup-git-server-over-http.html index d5753d51b..6f3fa0f2a 100644 --- a/howto/setup-git-server-over-http.html +++ b/howto/setup-git-server-over-http.html @@ -1071,7 +1071,7 @@ help diagnosing the problem, but removes security checks.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:27 PST
+ 2023-01-17 08:59:14 PST
</div>
</div>
</body>
diff --git a/howto/update-hook-example.html b/howto/update-hook-example.html index a8cf98ba0..04b38325f 100644 --- a/howto/update-hook-example.html +++ b/howto/update-hook-example.html @@ -930,7 +930,7 @@ that JC can make non-fast-forward pushes on it.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:27 PST
+ 2023-01-17 08:59:14 PST
</div>
</div>
</body>
diff --git a/howto/use-git-daemon.html b/howto/use-git-daemon.html index c4bbc680f..df7906d5b 100644 --- a/howto/use-git-daemon.html +++ b/howto/use-git-daemon.html @@ -791,7 +791,7 @@ a good practice to put the paths after a "--" separator.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:27 PST
+ 2023-01-17 08:59:13 PST
</div>
</div>
</body>
diff --git a/howto/using-merge-subtree.html b/howto/using-merge-subtree.html index fd39063f8..9eb34bcea 100644 --- a/howto/using-merge-subtree.html +++ b/howto/using-merge-subtree.html @@ -848,7 +848,7 @@ Please note that if the other project merges from you, then it will <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:27 PST
+ 2023-01-17 08:59:13 PST
</div>
</div>
</body>
diff --git a/howto/using-signed-tag-in-pull-request.html b/howto/using-signed-tag-in-pull-request.html index 24b25bd8f..6f9fe9e86 100644 --- a/howto/using-signed-tag-in-pull-request.html +++ b/howto/using-signed-tag-in-pull-request.html @@ -952,7 +952,7 @@ as part of the merge commit.</p></div> <div id="footer">
<div id="footer-text">
Last updated
- 2023-01-16 13:17:27 PST
+ 2023-01-17 08:59:13 PST
</div>
</div>
</body>
|