Git 2.35.3
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE4fA2sf7nIh/HeOzvsLXohpav5ssFAmJXTO4ACgkQsLXohpav 5ss62xAAzwmmKlJkcgdKRcVimfMF+hPNvBFsnKBZZRtAV+4vCOFa2EN2bgWJexZh SfuDzdJrFf+A4Emb0Z2nd9ZmSJJznybwYJCkHatfEnH+qy/H+5ju3NwgD84DOCad DauretQn2zhwosJDsF82MbogQrOTYQjfftalFZZwYyD5AoSbsiR/diIrjjP6q+Qo RlKXagPM8hxZLrdOjMir75Wr/OrFDXMlO2kE2+5IgR/EO8KmjltFZgeciLnFXllN qQ77Klu1B9xsUjypK0/Vxbg389pqSHRCR28MaKwHbPQsXz8+ZTeCfgv7u500BWa+ Yl3Cye1GtZtD3zCu4Ik/D++Bu53P8NmHXzAst6hhMnyZZUQ8meeVoLdZH5eZscc6 vlv+wyLiyqILWknWIEibATavqjBWeFAqRXC//RPdZbUjoeE7fAVA8u+LZvOBCKna altnI497uJAL15eWU8878X8y1rmZJfXpx0euwYZbmo6Hj/GHY/1w3RYanJ+shOkk f8Qu4AUWNYAyHUANbxczSVoV3VR9xLdKgqbuGZsNZDRPUMo6POBNSxnjExsAnr6b SRmpmQQsbZr2vO9i12dPQJbqRCo5++rrmM/qi+ozmM1xGCDyeSiHgsnDUQV7AGkZ 0/hwg+mhykvLEnMIbDLZirI1uNecomO83Q/YhcWdBFlsDXb0IJw= =AeAR -----END PGP SIGNATURE----- Sync with Git 2.35.3
This commit is contained in:
commit
1ac7422e39
21
Documentation/RelNotes/2.30.4.txt
Normal file
21
Documentation/RelNotes/2.30.4.txt
Normal file
@ -0,0 +1,21 @@
|
||||
Git v2.30.4 Release Notes
|
||||
=========================
|
||||
|
||||
This release contains minor fix-ups for the changes that went into
|
||||
Git 2.30.3, which was made to address CVE-2022-24765.
|
||||
|
||||
* The code that was meant to parse the new `safe.directory`
|
||||
configuration variable was not checking what configuration
|
||||
variable was being fed to it, which has been corrected.
|
||||
|
||||
* '*' can be used as the value for the `safe.directory` variable to
|
||||
signal that the user considers that any directory is safe.
|
||||
|
||||
|
||||
|
||||
Derrick Stolee (2):
|
||||
t0033: add tests for safe.directory
|
||||
setup: opt-out of check with safe.directory=*
|
||||
|
||||
Matheus Valadares (1):
|
||||
setup: fix safe.directory key not being checked
|
4
Documentation/RelNotes/2.31.3.txt
Normal file
4
Documentation/RelNotes/2.31.3.txt
Normal file
@ -0,0 +1,4 @@
|
||||
Git Documentation/RelNotes/2.31.3.txt Release Notes
|
||||
=========================
|
||||
|
||||
This release merges up the fixes that appear in v2.31.3.
|
4
Documentation/RelNotes/2.32.2.txt
Normal file
4
Documentation/RelNotes/2.32.2.txt
Normal file
@ -0,0 +1,4 @@
|
||||
Git Documentation/RelNotes/2.32.2.txt Release Notes
|
||||
=========================
|
||||
|
||||
This release merges up the fixes that appear in v2.32.2.
|
4
Documentation/RelNotes/2.33.3.txt
Normal file
4
Documentation/RelNotes/2.33.3.txt
Normal file
@ -0,0 +1,4 @@
|
||||
Git Documentation/RelNotes/2.33.3.txt Release Notes
|
||||
=========================
|
||||
|
||||
This release merges up the fixes that appear in v2.33.3.
|
4
Documentation/RelNotes/2.34.3.txt
Normal file
4
Documentation/RelNotes/2.34.3.txt
Normal file
@ -0,0 +1,4 @@
|
||||
Git Documentation/RelNotes/2.34.3.txt Release Notes
|
||||
=========================
|
||||
|
||||
This release merges up the fixes that appear in v2.34.3.
|
4
Documentation/RelNotes/2.35.3.txt
Normal file
4
Documentation/RelNotes/2.35.3.txt
Normal file
@ -0,0 +1,4 @@
|
||||
Git Documentation/RelNotes/2.35.3.txt Release Notes
|
||||
=========================
|
||||
|
||||
This release merges up the fixes that appear in v2.35.3.
|
@ -19,3 +19,10 @@ line option `-c safe.directory=<path>`.
|
||||
The value of this setting is interpolated, i.e. `~/<path>` expands to a
|
||||
path relative to the home directory and `%(prefix)/<path>` expands to a
|
||||
path relative to Git's (runtime) prefix.
|
||||
+
|
||||
To completely opt-out of this security check, set `safe.directory` to the
|
||||
string `*`. This will allow all repositories to be treated as if their
|
||||
directory was listed in the `safe.directory` list. If `safe.directory=*`
|
||||
is set in system config and you want to re-enable this protection, then
|
||||
initialize your list with an empty value before listing the repositories
|
||||
that you deem safe.
|
||||
|
12
setup.c
12
setup.c
@ -1100,9 +1100,14 @@ static int safe_directory_cb(const char *key, const char *value, void *d)
|
||||
{
|
||||
struct safe_directory_data *data = d;
|
||||
|
||||
if (!value || !*value)
|
||||
if (strcmp(key, "safe.directory"))
|
||||
return 0;
|
||||
|
||||
if (!value || !*value) {
|
||||
data->is_safe = 0;
|
||||
else {
|
||||
} else if (!strcmp(value, "*")) {
|
||||
data->is_safe = 1;
|
||||
} else {
|
||||
const char *interpolated = NULL;
|
||||
|
||||
if (!git_config_pathname(&interpolated, key, value) &&
|
||||
@ -1119,7 +1124,8 @@ static int ensure_valid_ownership(const char *path)
|
||||
{
|
||||
struct safe_directory_data data = { .path = path };
|
||||
|
||||
if (is_path_owned_by_current_user(path))
|
||||
if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
|
||||
is_path_owned_by_current_user(path))
|
||||
return 1;
|
||||
|
||||
read_very_early_config(safe_directory_cb, &data);
|
||||
|
49
t/t0033-safe-directory.sh
Executable file
49
t/t0033-safe-directory.sh
Executable file
@ -0,0 +1,49 @@
|
||||
#!/bin/sh
|
||||
|
||||
test_description='verify safe.directory checks'
|
||||
|
||||
. ./test-lib.sh
|
||||
|
||||
GIT_TEST_ASSUME_DIFFERENT_OWNER=1
|
||||
export GIT_TEST_ASSUME_DIFFERENT_OWNER
|
||||
|
||||
expect_rejected_dir () {
|
||||
test_must_fail git status 2>err &&
|
||||
grep "safe.directory" err
|
||||
}
|
||||
|
||||
test_expect_success 'safe.directory is not set' '
|
||||
expect_rejected_dir
|
||||
'
|
||||
|
||||
test_expect_success 'safe.directory does not match' '
|
||||
git config --global safe.directory bogus &&
|
||||
expect_rejected_dir
|
||||
'
|
||||
|
||||
test_expect_success 'path exist as different key' '
|
||||
git config --global foo.bar "$(pwd)" &&
|
||||
expect_rejected_dir
|
||||
'
|
||||
|
||||
test_expect_success 'safe.directory matches' '
|
||||
git config --global --add safe.directory "$(pwd)" &&
|
||||
git status
|
||||
'
|
||||
|
||||
test_expect_success 'safe.directory matches, but is reset' '
|
||||
git config --global --add safe.directory "" &&
|
||||
expect_rejected_dir
|
||||
'
|
||||
|
||||
test_expect_success 'safe.directory=*' '
|
||||
git config --global --add safe.directory "*" &&
|
||||
git status
|
||||
'
|
||||
|
||||
test_expect_success 'safe.directory=*, but is reset' '
|
||||
git config --global --add safe.directory "" &&
|
||||
expect_rejected_dir
|
||||
'
|
||||
|
||||
test_done
|
Loading…
Reference in New Issue
Block a user