--- /dev/null
+Git v2.30.4 Release Notes
+=========================
+
+This release contains minor fix-ups for the changes that went into
+Git 2.30.3, which was made to address CVE-2022-24765.
+
+ * The code that was meant to parse the new `safe.directory`
+ configuration variable was not checking what configuration
+ variable was being fed to it, which has been corrected.
+
+ * '*' can be used as the value for the `safe.directory` variable to
+ signal that the user considers that any directory is safe.
+
+
+
+Derrick Stolee (2):
+ t0033: add tests for safe.directory
+ setup: opt-out of check with safe.directory=*
+
+Matheus Valadares (1):
+ setup: fix safe.directory key not being checked
--- /dev/null
+Git Documentation/RelNotes/2.31.3.txt Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.31.3.
--- /dev/null
+Git Documentation/RelNotes/2.32.2.txt Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.32.2.
--- /dev/null
+Git Documentation/RelNotes/2.33.3.txt Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.33.3.
The value of this setting is interpolated, i.e. `~/<path>` expands to a
path relative to the home directory and `%(prefix)/<path>` expands to a
path relative to Git's (runtime) prefix.
++
+To completely opt-out of this security check, set `safe.directory` to the
+string `*`. This will allow all repositories to be treated as if their
+directory was listed in the `safe.directory` list. If `safe.directory=*`
+is set in system config and you want to re-enable this protection, then
+initialize your list with an empty value before listing the repositories
+that you deem safe.
#!/bin/sh
GVF=GIT-VERSION-FILE
-DEF_VER=v2.33.2
+DEF_VER=v2.33.3
LF='
'
-Documentation/RelNotes/2.33.2.txt
\ No newline at end of file
+Documentation/RelNotes/2.33.3.txt
\ No newline at end of file
{
struct safe_directory_data *data = d;
- if (!value || !*value)
+ if (strcmp(key, "safe.directory"))
+ return 0;
+
+ if (!value || !*value) {
data->is_safe = 0;
- else {
+ } else if (!strcmp(value, "*")) {
+ data->is_safe = 1;
+ } else {
const char *interpolated = NULL;
if (!git_config_pathname(&interpolated, key, value) &&
{
struct safe_directory_data data = { .path = path };
- if (is_path_owned_by_current_user(path))
+ if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
+ is_path_owned_by_current_user(path))
return 1;
read_very_early_config(safe_directory_cb, &data);
--- /dev/null
+#!/bin/sh
+
+test_description='verify safe.directory checks'
+
+. ./test-lib.sh
+
+GIT_TEST_ASSUME_DIFFERENT_OWNER=1
+export GIT_TEST_ASSUME_DIFFERENT_OWNER
+
+expect_rejected_dir () {
+ test_must_fail git status 2>err &&
+ grep "safe.directory" err
+}
+
+test_expect_success 'safe.directory is not set' '
+ expect_rejected_dir
+'
+
+test_expect_success 'safe.directory does not match' '
+ git config --global safe.directory bogus &&
+ expect_rejected_dir
+'
+
+test_expect_success 'path exist as different key' '
+ git config --global foo.bar "$(pwd)" &&
+ expect_rejected_dir
+'
+
+test_expect_success 'safe.directory matches' '
+ git config --global --add safe.directory "$(pwd)" &&
+ git status
+'
+
+test_expect_success 'safe.directory matches, but is reset' '
+ git config --global --add safe.directory "" &&
+ expect_rejected_dir
+'
+
+test_expect_success 'safe.directory=*' '
+ git config --global --add safe.directory "*" &&
+ git status
+'
+
+test_expect_success 'safe.directory=*, but is reset' '
+ git config --global --add safe.directory "" &&
+ expect_rejected_dir
+'
+
+test_done