summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/RelNotes/2.3.10.txt18
-rw-r--r--Documentation/RelNotes/2.4.10.txt18
-rw-r--r--Documentation/git.txt33
3 files changed, 67 insertions, 2 deletions
diff --git a/Documentation/RelNotes/2.3.10.txt b/Documentation/RelNotes/2.3.10.txt
new file mode 100644
index 0000000000..9d425d814d
--- /dev/null
+++ b/Documentation/RelNotes/2.3.10.txt
@@ -0,0 +1,18 @@
+Git v2.3.10 Release Notes
+=========================
+
+Fixes since v2.3.9
+------------------
+
+ * xdiff code we use to generate diffs is not prepared to handle
+ extremely large files. It uses "int" in many places, which can
+ overflow if we have a very large number of lines or even bytes in
+ our input files, for example. Cap the input size to soemwhere
+ around 1GB for now.
+
+ * Some protocols (like git-remote-ext) can execute arbitrary code
+ found in the URL. The URLs that submodules use may come from
+ arbitrary sources (e.g., .gitmodules files in a remote
+ repository), and can hurt those who blindly enable recursive
+ fetch. Restrict the allowed protocols to well known and safe
+ ones.
diff --git a/Documentation/RelNotes/2.4.10.txt b/Documentation/RelNotes/2.4.10.txt
new file mode 100644
index 0000000000..8621199bc6
--- /dev/null
+++ b/Documentation/RelNotes/2.4.10.txt
@@ -0,0 +1,18 @@
+Git v2.4.10 Release Notes
+=========================
+
+Fixes since v2.4.9
+------------------
+
+ * xdiff code we use to generate diffs is not prepared to handle
+ extremely large files. It uses "int" in many places, which can
+ overflow if we have a very large number of lines or even bytes in
+ our input files, for example. Cap the input size to soemwhere
+ around 1GB for now.
+
+ * Some protocols (like git-remote-ext) can execute arbitrary code
+ found in the URL. The URLs that submodules use may come from
+ arbitrary sources (e.g., .gitmodules files in a remote
+ repository), and can hurt those who blindly enable recursive
+ fetch. Restrict the allowed protocols to well known and safe
+ ones.
diff --git a/Documentation/git.txt b/Documentation/git.txt
index 2b39aa9f51..b2d88688aa 100644
--- a/Documentation/git.txt
+++ b/Documentation/git.txt
@@ -51,9 +51,10 @@ Documentation for older releases are available here:
link:RelNotes/2.5.1.txt[2.5.1],
link:RelNotes/2.5.0.txt[2.5].
-* link:v2.4.9/git.html[documentation for release 2.4.9]
+* link:v2.4.10/git.html[documentation for release 2.4.10]
* release notes for
+ link:RelNotes/2.4.10.txt[2.4.10],
link:RelNotes/2.4.9.txt[2.4.9],
link:RelNotes/2.4.8.txt[2.4.8],
link:RelNotes/2.4.7.txt[2.4.7],
@@ -65,9 +66,10 @@ Documentation for older releases are available here:
link:RelNotes/2.4.1.txt[2.4.1],
link:RelNotes/2.4.0.txt[2.4].
-* link:v2.3.9/git.html[documentation for release 2.3.9]
+* link:v2.3.10/git.html[documentation for release 2.3.10]
* release notes for
+ link:RelNotes/2.3.10.txt[2.3.10],
link:RelNotes/2.3.9.txt[2.3.9],
link:RelNotes/2.3.8.txt[2.3.8],
link:RelNotes/2.3.7.txt[2.3.7],
@@ -1076,6 +1078,33 @@ GIT_ICASE_PATHSPECS::
an operation has touched every ref (e.g., because you are
cloning a repository to make a backup).
+`GIT_ALLOW_PROTOCOL`::
+ If set, provide a colon-separated list of protocols which are
+ allowed to be used with fetch/push/clone. This is useful to
+ restrict recursive submodule initialization from an untrusted
+ repository. Any protocol not mentioned will be disallowed (i.e.,
+ this is a whitelist, not a blacklist). If the variable is not
+ set at all, all protocols are enabled. The protocol names
+ currently used by git are:
+
+ - `file`: any local file-based path (including `file://` URLs,
+ or local paths)
+
+ - `git`: the anonymous git protocol over a direct TCP
+ connection (or proxy, if configured)
+
+ - `ssh`: git over ssh (including `host:path` syntax,
+ `git+ssh://`, etc).
+
+ - `rsync`: git over rsync
+
+ - `http`: git over http, both "smart http" and "dumb http".
+ Note that this does _not_ include `https`; if you want both,
+ you should specify both as `http:https`.
+
+ - any external helpers are named by their protocol (e.g., use
+ `hg` to allow the `git-remote-hg` helper)
+
Discussion[[Discussion]]
------------------------