From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Sat, 30 Mar 2024 23:22:41 +0000 (+0100)
Subject: Merge branch 'icasefs-symlink-confusion'
X-Git-Tag: v2.39.4~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=86cb6a3f059968d031fdf6ed49ab38a7ae00847f;p=thirdparty%2Fgit.git

Merge branch 'icasefs-symlink-confusion'

This topic branch fixes two vulnerabilities:

- Recursive clones on case-insensitive filesystems that support symbolic
  links are susceptible to case confusion that can be exploited to
  execute just-cloned code during the clone operation.

- Repositories can be configured to execute arbitrary code during local
  clones. To address this, the ownership checks introduced in v2.30.3
  are now extended to cover cloning local repositories.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---

86cb6a3f059968d031fdf6ed49ab38a7ae00847f