diff options
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/RelNotes/2.30.4.txt | 21 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.31.3.txt | 4 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.32.2.txt | 4 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.33.3.txt | 4 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.34.3.txt | 4 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.35.3.txt | 4 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.36.0.txt | 29 | ||||
| -rw-r--r-- | Documentation/config/safe.txt | 7 |
8 files changed, 61 insertions, 16 deletions
diff --git a/Documentation/RelNotes/2.30.4.txt b/Documentation/RelNotes/2.30.4.txt new file mode 100644 index 0000000000..4eedb74b16 --- /dev/null +++ b/Documentation/RelNotes/2.30.4.txt @@ -0,0 +1,21 @@ +Git v2.30.4 Release Notes +========================= + +This release contains minor fix-ups for the changes that went into +Git 2.30.3, which was made to address CVE-2022-24765. + + * The code that was meant to parse the new `safe.directory` + configuration variable was not checking what configuration + variable was being fed to it, which has been corrected. + + * '*' can be used as the value for the `safe.directory` variable to + signal that the user considers that any directory is safe. + + + +Derrick Stolee (2): + t0033: add tests for safe.directory + setup: opt-out of check with safe.directory=* + +Matheus Valadares (1): + setup: fix safe.directory key not being checked diff --git a/Documentation/RelNotes/2.31.3.txt b/Documentation/RelNotes/2.31.3.txt new file mode 100644 index 0000000000..ca143abad0 --- /dev/null +++ b/Documentation/RelNotes/2.31.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.31.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.31.3. diff --git a/Documentation/RelNotes/2.32.2.txt b/Documentation/RelNotes/2.32.2.txt new file mode 100644 index 0000000000..cf49695f2f --- /dev/null +++ b/Documentation/RelNotes/2.32.2.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.32.2.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.32.2. diff --git a/Documentation/RelNotes/2.33.3.txt b/Documentation/RelNotes/2.33.3.txt new file mode 100644 index 0000000000..e2bada12a1 --- /dev/null +++ b/Documentation/RelNotes/2.33.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.33.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.33.3. diff --git a/Documentation/RelNotes/2.34.3.txt b/Documentation/RelNotes/2.34.3.txt new file mode 100644 index 0000000000..10f6171ace --- /dev/null +++ b/Documentation/RelNotes/2.34.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.34.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.34.3. diff --git a/Documentation/RelNotes/2.35.3.txt b/Documentation/RelNotes/2.35.3.txt new file mode 100644 index 0000000000..5458ba3441 --- /dev/null +++ b/Documentation/RelNotes/2.35.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.35.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.35.3. diff --git a/Documentation/RelNotes/2.36.0.txt b/Documentation/RelNotes/2.36.0.txt index d61ade21e2..e477fba12d 100644 --- a/Documentation/RelNotes/2.36.0.txt +++ b/Documentation/RelNotes/2.36.0.txt @@ -13,6 +13,15 @@ Backward compatibility warts top-level a partial clone, while submodules are fully cloned. This behaviour is changed to pass the same filter down to the submodules. + * With the fixes for CVE-2022-24765 that are common with versions of + Git 2.30.4, 2.31.3, 2.32.2, 2.33.3, 2.34.3, and 2.35.3, Git has + been taught not to recognise repositories owned by other users, in + order to avoid getting affected by their config files and hooks. + You can list the path to the safe/trusted repositories that may be + owned by others on a multi-valued configuration variable + `safe.directory` to override this behaviour, or use '*' to declare + that you trust anything. + Note to those who build from the source @@ -46,10 +55,10 @@ UI, Workflows & Features * "git branch" learned the "--recurse-submodules" option. - * A not-so-common mistake is to write a script to feed "git bisect - run" without making it executable, in which case all tests will - exit with 126 or 127 error codes, even on revisions that are marked - as good. Try to recognize this situation and stop iteration early. + * A user can forget to make a script file executable before giving + it to "git bisect run". In such a case, all tests will exit with + 126 or 127 error codes, even on revisions that are marked as good. + Try to recognize this situation and stop iteration early. * When "index-pack" dies due to incoming data exceeding the maximum allowed input size, include the value of the limit in the error @@ -289,12 +298,6 @@ Fixes since v2.35 future "gc" needs to clean up. (merge 5407764069 cb/clear-quarantine-early-on-all-ref-update-errors later to maint). - * Because a deletion of ref would need to remove it from both the - loose ref store and the packed ref store, a delete-ref operation - that logically removes one ref may end up invoking ref-transaction - hook twice, which has been corrected. - (merge 2ed1b64ebd ps/avoid-unnecessary-hook-invocation-with-packed-refs later to maint). - * When there is no object to write .bitmap file for, "git multi-pack-index" triggered an error, instead of just skipping, which has been corrected. @@ -342,10 +345,6 @@ Fixes since v2.35 recorded the last level component of the branch name, which has been corrected. - * "git fetch" can make two separate fetches, but ref updates coming - from them were in two separate ref transactions under "--atomic", - which has been corrected. - * Check the return value from parse_tree_indirect() to turn segfaults into calls to die(). (merge 8d2eaf649a gc/parse-tree-indirect-errors later to maint). @@ -397,8 +396,6 @@ Fixes since v2.35 entry it moved. (merge b7f9130a06 vd/mv-refresh-stat later to maint). - * Fix for CVE-2022-24765 has been merged up from 2.35.2 and others. - * Other code cleanup, docfix, build fix, etc. (merge cfc5cf428b jc/find-header later to maint). (merge 40e7cfdd46 jh/p4-fix-use-of-process-error-exception later to maint). diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt index 63597b2df8..6d764fe0cc 100644 --- a/Documentation/config/safe.txt +++ b/Documentation/config/safe.txt @@ -19,3 +19,10 @@ line option `-c safe.directory=<path>`. The value of this setting is interpolated, i.e. `~/<path>` expands to a path relative to the home directory and `%(prefix)/<path>` expands to a path relative to Git's (runtime) prefix. ++ +To completely opt-out of this security check, set `safe.directory` to the +string `*`. This will allow all repositories to be treated as if their +directory was listed in the `safe.directory` list. If `safe.directory=*` +is set in system config and you want to re-enable this protection, then +initialize your list with an empty value before listing the repositories +that you deem safe. |