git.ipfire.org Git - thirdparty/git.git/commit

Merge branch 'js/fix-open-exec-git'

This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:

When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.

* js/fix-open-exec-git:
  git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls
  git-gui: do not mistake command arguments as redirection operators
  git-gui: introduce function git_redir for git calls with redirections
  git-gui: pass redirections as separate argument to git_read
  git-gui: pass redirections as separate argument to _open_stdout_stderr
  git-gui: convert git_read*, git_write to be non-variadic
  git-gui: use git_read in githook_read
  git-gui: break out a separate function git_read_nice
  git-gui: remove option --stderr from git_read
  git-gui: sanitize 'exec' arguments: background
  git-gui: sanitize 'exec' arguments: simple cases
  git-gui: treat file names beginning with "|" as relative paths
  git-gui: remove git config --list handling for git < 1.5.3
  git-gui: remove HEAD detachment implementation for git < 1.5.3
  git-gui: remove Tcl 8.4 workaround on 2>@1 redirection

Signed-off-by: Johannes Sixt <j6t@kdbg.org>

author	Johannes Sixt <j6t@kdbg.org>
	Tue, 8 Jul 2025 19:22:00 +0000 (21:22 +0200)
committer	Johannes Sixt <j6t@kdbg.org>
	Tue, 8 Jul 2025 19:22:48 +0000 (21:22 +0200)
commit	3f072308447ed2aab0228d21a7ce334beeeca7e8
tree	c793ec4ca2df45d93e85f63f91537bf3d7243abf	tree
parent	88125ffe702fcc3aaf5dbcd8b87f74752291f294	commit \| diff
parent	a437f5bc93330a70b42a230e52f3bd036ca1b1da	commit \| diff

git-gui.sh	diff1 \|	diff2 \|	blob \| history
lib/commit.tcl	diff1 \|	diff2 \|	blob \| history
lib/console.tcl	diff1 \|	diff2 \|	blob \| history
lib/diff.tcl	diff1 \|	diff2 \|	blob \| history
lib/mergetool.tcl	diff1 \|	diff2 \|	blob \| history