From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Thu, 3 Oct 2019 18:44:34 +0000 (+0200)
Subject: Merge branch 'jk/fast-import-unsafe'
X-Git-Tag: v2.24.1~1^2~1^2~1^2~3^2~3^2~1^2~1^2~2^2~2^2~2^2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a7b1ad3b05fd1dc03c3de12ea4f2d8118ad24e2c;p=thirdparty%2Fgit.git

Merge branch 'jk/fast-import-unsafe'

The `--export-marks` option of `git fast-import` is exposed also via the
in-stream command `feature export-marks=...` and it allows overwriting
arbitrary paths.

This topic branch prevents the in-stream version, to prevent arbitrary
file accesses by `git fast-import` streams coming from untrusted sources
(e.g. in remote helpers that are based on `git fast-import`).

This fixes CVE-2019-1348.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---

a7b1ad3b05fd1dc03c3de12ea4f2d8118ad24e2c