From: Taylor Blau <me@ttaylorr.com>
Date: Wed, 25 Jan 2023 19:58:38 +0000 (-0500)
Subject: Merge branch 'tb/clone-local-symlinks' into maint-2.30
X-Git-Tag: v2.30.8~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c9a4c731010685b86559c06637aeef2ac5ea06e;p=thirdparty%2Fgit.git

Merge branch 'tb/clone-local-symlinks' into maint-2.30

Resolve a security vulnerability (CVE-2023-22490) where `clone_local()`
is used in conjunction with non-local transports, leading to arbitrary
path exfiltration.

* tb/clone-local-symlinks:
  dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
  clone: delay picking a transport until after get_repo_path()
  t5619: demonstrate clone_local() with ambiguous transport
---

2c9a4c731010685b86559c06637aeef2ac5ea06e