]> git.ipfire.org Git - thirdparty/git.git/commitdiff
projects / thirdparty / git.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: d0832b2 a52ed76)
Merge branch 'jk/fast-import-unsafe'
authorJohannes Schindelin <johannes.schindelin@gmx.de>
Thu, 3 Oct 2019 18:44:34 +0000 (20:44 +0200)
committerJohannes Schindelin <johannes.schindelin@gmx.de>
Wed, 4 Dec 2019 12:23:22 +0000 (13:23 +0100)
The `--export-marks` option of `git fast-import` is exposed also via the
in-stream command `feature export-marks=...` and it allows overwriting
arbitrary paths.

This topic branch prevents the in-stream version, to prevent arbitrary
file accesses by `git fast-import` streams coming from untrusted sources
(e.g. in remote helpers that are based on `git fast-import`).

This fixes CVE-2019-1348.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Trivial merge
Unnamed repository; edit this file 'description' to name the repository.