diff options
Diffstat (limited to '')
-rw-r--r-- | Documentation/RelNotes/2.37.4.txt | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.37.4.txt b/Documentation/RelNotes/2.37.4.txt new file mode 100644 index 0000000..e42a5c1 --- /dev/null +++ b/Documentation/RelNotes/2.37.4.txt @@ -0,0 +1,65 @@ +Git 2.37.4 Release Notes +======================== + +This primarily is to backport various fixes accumulated on the 'master' +front since 2.37.3, and also includes the same security fixes as in +v2.30.6. + +Fixes since v2.37.3 +------------------- + + * CVE-2022-39253: + When relying on the `--local` clone optimization, Git dereferences + symbolic links in the source repository before creating hardlinks + (or copies) of the dereferenced link in the destination repository. + This can lead to surprising behavior where arbitrary files are + present in a repository's `$GIT_DIR` when cloning from a malicious + repository. + + Git will no longer dereference symbolic links via the `--local` + clone mechanism, and will instead refuse to clone repositories that + have symbolic links present in the `$GIT_DIR/objects` directory. + + Additionally, the value of `protocol.file.allow` is changed to be + "user" by default. + + Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. + The fix was authored by Taylor Blau, with help from Johannes + Schindelin. + + * CVE-2022-39260: + An overly-long command string given to `git shell` can result in + overflow in `split_cmdline()`, leading to arbitrary heap writes and + remote code execution when `git shell` is exposed and the directory + `$HOME/git-shell-commands` exists. + + `git shell` is taught to refuse interactive commands that are + longer than 4MiB in size. `split_cmdline()` is hardened to reject + inputs larger than 2GiB. + + Credit for finding CVE-2022-39260 goes to Kevin Backhouse of + GitHub. The fix was authored by Kevin Backhouse, Jeff King, and + Taylor Blau. + + * An earlier optimization discarded a tree-object buffer that is + still in use, which has been corrected. + + * Fix deadlocks between main Git process and subprocess spawned via + the pipe_command() API, that can kill "git add -p" that was + reimplemented in C recently. + + * xcalloc(), imitating calloc(), takes "number of elements of the + array", and "size of a single element", in this order. A call that + does not follow this ordering has been corrected. + + * The preload-index codepath made copies of pathspec to give to + multiple threads, which were left leaked. + + * Update the version of Ubuntu used for GitHub Actions CI from 18.04 + to 22.04. + + * The auto-stashed local changes created by "git merge --autostash" + was mixed into a conflicted state left in the working tree, which + has been corrected. + +Also contains other minor documentation updates and code clean-ups. |