From: Taylor Blau Date: Thu, 6 Oct 2022 21:48:57 +0000 (-0400) Subject: Sync with 2.36.3 X-Git-Tag: v2.37.4~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f2798aa404c32a7ba4a10c1e8657dcacff5188db;p=thirdparty%2Fgit.git Sync with 2.36.3 Signed-off-by: Taylor Blau --- f2798aa404c32a7ba4a10c1e8657dcacff5188db diff --cc Documentation/RelNotes/2.37.4.txt index 732176376f,0000000000..e42a5c1620 mode 100644,000000..100644 --- a/Documentation/RelNotes/2.37.4.txt +++ b/Documentation/RelNotes/2.37.4.txt @@@ -1,31 -1,0 +1,65 @@@ +Git 2.37.4 Release Notes +======================== + +This primarily is to backport various fixes accumulated on the 'master' - front since 2.37.3. ++front since 2.37.3, and also includes the same security fixes as in ++v2.30.6. + +Fixes since v2.37.3 +------------------- + ++ * CVE-2022-39253: ++ When relying on the `--local` clone optimization, Git dereferences ++ symbolic links in the source repository before creating hardlinks ++ (or copies) of the dereferenced link in the destination repository. ++ This can lead to surprising behavior where arbitrary files are ++ present in a repository's `$GIT_DIR` when cloning from a malicious ++ repository. ++ ++ Git will no longer dereference symbolic links via the `--local` ++ clone mechanism, and will instead refuse to clone repositories that ++ have symbolic links present in the `$GIT_DIR/objects` directory. ++ ++ Additionally, the value of `protocol.file.allow` is changed to be ++ "user" by default. ++ ++ Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. ++ The fix was authored by Taylor Blau, with help from Johannes ++ Schindelin. ++ ++ * CVE-2022-39260: ++ An overly-long command string given to `git shell` can result in ++ overflow in `split_cmdline()`, leading to arbitrary heap writes and ++ remote code execution when `git shell` is exposed and the directory ++ `$HOME/git-shell-commands` exists. ++ ++ `git shell` is taught to refuse interactive commands that are ++ longer than 4MiB in size. `split_cmdline()` is hardened to reject ++ inputs larger than 2GiB. ++ ++ Credit for finding CVE-2022-39260 goes to Kevin Backhouse of ++ GitHub. The fix was authored by Kevin Backhouse, Jeff King, and ++ Taylor Blau. ++ + * An earlier optimization discarded a tree-object buffer that is + still in use, which has been corrected. + + * Fix deadlocks between main Git process and subprocess spawned via + the pipe_command() API, that can kill "git add -p" that was + reimplemented in C recently. + + * xcalloc(), imitating calloc(), takes "number of elements of the + array", and "size of a single element", in this order. A call that + does not follow this ordering has been corrected. + + * The preload-index codepath made copies of pathspec to give to + multiple threads, which were left leaked. + + * Update the version of Ubuntu used for GitHub Actions CI from 18.04 + to 22.04. + + * The auto-stashed local changes created by "git merge --autostash" + was mixed into a conflicted state left in the working tree, which + has been corrected. + +Also contains other minor documentation updates and code clean-ups. diff --cc t/t5537-fetch-shallow.sh index dc7a824254,9573a2655e..37f7547a4c --- a/t/t5537-fetch-shallow.sh +++ b/t/t5537-fetch-shallow.sh @@@ -162,10 -162,10 +162,12 @@@ test_expect_success 'fetch --update-sha ' test_expect_success 'fetch --update-shallow into a repo with submodules' ' + test_config_global protocol.file.allow always && + git init a-submodule && test_commit -C a-submodule foo && + + test_when_finished "rm -rf repo-with-sub" && git init repo-with-sub && git -C repo-with-sub submodule add ../a-submodule a-submodule && git -C repo-with-sub commit -m "added submodule" &&