]>
Commit | Line | Data |
---|---|---|
a0feb861 JH |
1 | Git 2.37.4 Release Notes |
2 | ======================== | |
3 | ||
4 | This primarily is to backport various fixes accumulated on the 'master' | |
f2798aa4 TB |
5 | front since 2.37.3, and also includes the same security fixes as in |
6 | v2.30.6. | |
a0feb861 JH |
7 | |
8 | Fixes since v2.37.3 | |
9 | ------------------- | |
10 | ||
f2798aa4 TB |
11 | * CVE-2022-39253: |
12 | When relying on the `--local` clone optimization, Git dereferences | |
13 | symbolic links in the source repository before creating hardlinks | |
14 | (or copies) of the dereferenced link in the destination repository. | |
15 | This can lead to surprising behavior where arbitrary files are | |
16 | present in a repository's `$GIT_DIR` when cloning from a malicious | |
17 | repository. | |
18 | ||
19 | Git will no longer dereference symbolic links via the `--local` | |
20 | clone mechanism, and will instead refuse to clone repositories that | |
21 | have symbolic links present in the `$GIT_DIR/objects` directory. | |
22 | ||
23 | Additionally, the value of `protocol.file.allow` is changed to be | |
24 | "user" by default. | |
25 | ||
26 | Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. | |
27 | The fix was authored by Taylor Blau, with help from Johannes | |
28 | Schindelin. | |
29 | ||
30 | * CVE-2022-39260: | |
31 | An overly-long command string given to `git shell` can result in | |
32 | overflow in `split_cmdline()`, leading to arbitrary heap writes and | |
33 | remote code execution when `git shell` is exposed and the directory | |
34 | `$HOME/git-shell-commands` exists. | |
35 | ||
36 | `git shell` is taught to refuse interactive commands that are | |
37 | longer than 4MiB in size. `split_cmdline()` is hardened to reject | |
38 | inputs larger than 2GiB. | |
39 | ||
40 | Credit for finding CVE-2022-39260 goes to Kevin Backhouse of | |
41 | GitHub. The fix was authored by Kevin Backhouse, Jeff King, and | |
42 | Taylor Blau. | |
43 | ||
a0feb861 JH |
44 | * An earlier optimization discarded a tree-object buffer that is |
45 | still in use, which has been corrected. | |
46 | ||
47 | * Fix deadlocks between main Git process and subprocess spawned via | |
48 | the pipe_command() API, that can kill "git add -p" that was | |
49 | reimplemented in C recently. | |
50 | ||
51 | * xcalloc(), imitating calloc(), takes "number of elements of the | |
52 | array", and "size of a single element", in this order. A call that | |
53 | does not follow this ordering has been corrected. | |
54 | ||
55 | * The preload-index codepath made copies of pathspec to give to | |
56 | multiple threads, which were left leaked. | |
57 | ||
58 | * Update the version of Ubuntu used for GitHub Actions CI from 18.04 | |
59 | to 22.04. | |
60 | ||
61 | * The auto-stashed local changes created by "git merge --autostash" | |
62 | was mixed into a conflicted state left in the working tree, which | |
63 | has been corrected. | |
64 | ||
65 | Also contains other minor documentation updates and code clean-ups. |