-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE4fA2sf7nIh/HeOzvsLXohpav5ssFAmJXTO4ACgkQsLXohpav
 5ss62xAAzwmmKlJkcgdKRcVimfMF+hPNvBFsnKBZZRtAV+4vCOFa2EN2bgWJexZh
 SfuDzdJrFf+A4Emb0Z2nd9ZmSJJznybwYJCkHatfEnH+qy/H+5ju3NwgD84DOCad
 DauretQn2zhwosJDsF82MbogQrOTYQjfftalFZZwYyD5AoSbsiR/diIrjjP6q+Qo
 RlKXagPM8hxZLrdOjMir75Wr/OrFDXMlO2kE2+5IgR/EO8KmjltFZgeciLnFXllN
 qQ77Klu1B9xsUjypK0/Vxbg389pqSHRCR28MaKwHbPQsXz8+ZTeCfgv7u500BWa+
 Yl3Cye1GtZtD3zCu4Ik/D++Bu53P8NmHXzAst6hhMnyZZUQ8meeVoLdZH5eZscc6
 vlv+wyLiyqILWknWIEibATavqjBWeFAqRXC//RPdZbUjoeE7fAVA8u+LZvOBCKna
 altnI497uJAL15eWU8878X8y1rmZJfXpx0euwYZbmo6Hj/GHY/1w3RYanJ+shOkk
 f8Qu4AUWNYAyHUANbxczSVoV3VR9xLdKgqbuGZsNZDRPUMo6POBNSxnjExsAnr6b
 SRmpmQQsbZr2vO9i12dPQJbqRCo5++rrmM/qi+ozmM1xGCDyeSiHgsnDUQV7AGkZ
 0/hwg+mhykvLEnMIbDLZirI1uNecomO83Q/YhcWdBFlsDXb0IJw=
 =AeAR
 -----END PGP SIGNATURE-----

Sync with Git 2.35.3
pull/1236/head
Junio C Hamano 5 months ago
commit 1ac7422e39
  1. 21
      Documentation/RelNotes/2.30.4.txt
  2. 4
      Documentation/RelNotes/2.31.3.txt
  3. 4
      Documentation/RelNotes/2.32.2.txt
  4. 4
      Documentation/RelNotes/2.33.3.txt
  5. 4
      Documentation/RelNotes/2.34.3.txt
  6. 4
      Documentation/RelNotes/2.35.3.txt
  7. 7
      Documentation/config/safe.txt
  8. 12
      setup.c
  9. 49
      t/t0033-safe-directory.sh

@ -0,0 +1,21 @@
Git v2.30.4 Release Notes
=========================
This release contains minor fix-ups for the changes that went into
Git 2.30.3, which was made to address CVE-2022-24765.
* The code that was meant to parse the new `safe.directory`
configuration variable was not checking what configuration
variable was being fed to it, which has been corrected.
* '*' can be used as the value for the `safe.directory` variable to
signal that the user considers that any directory is safe.
Derrick Stolee (2):
t0033: add tests for safe.directory
setup: opt-out of check with safe.directory=*
Matheus Valadares (1):
setup: fix safe.directory key not being checked

@ -0,0 +1,4 @@
Git Documentation/RelNotes/2.31.3.txt Release Notes
=========================
This release merges up the fixes that appear in v2.31.3.

@ -0,0 +1,4 @@
Git Documentation/RelNotes/2.32.2.txt Release Notes
=========================
This release merges up the fixes that appear in v2.32.2.

@ -0,0 +1,4 @@
Git Documentation/RelNotes/2.33.3.txt Release Notes
=========================
This release merges up the fixes that appear in v2.33.3.

@ -0,0 +1,4 @@
Git Documentation/RelNotes/2.34.3.txt Release Notes
=========================
This release merges up the fixes that appear in v2.34.3.

@ -0,0 +1,4 @@
Git Documentation/RelNotes/2.35.3.txt Release Notes
=========================
This release merges up the fixes that appear in v2.35.3.

@ -19,3 +19,10 @@ line option `-c safe.directory=<path>`.
The value of this setting is interpolated, i.e. `~/<path>` expands to a
path relative to the home directory and `%(prefix)/<path>` expands to a
path relative to Git's (runtime) prefix.
+
To completely opt-out of this security check, set `safe.directory` to the
string `*`. This will allow all repositories to be treated as if their
directory was listed in the `safe.directory` list. If `safe.directory=*`
is set in system config and you want to re-enable this protection, then
initialize your list with an empty value before listing the repositories
that you deem safe.

@ -1100,9 +1100,14 @@ static int safe_directory_cb(const char *key, const char *value, void *d)
{
struct safe_directory_data *data = d;
if (!value || !*value)
if (strcmp(key, "safe.directory"))
return 0;
if (!value || !*value) {
data->is_safe = 0;
else {
} else if (!strcmp(value, "*")) {
data->is_safe = 1;
} else {
const char *interpolated = NULL;
if (!git_config_pathname(&interpolated, key, value) &&
@ -1119,7 +1124,8 @@ static int ensure_valid_ownership(const char *path)
{
struct safe_directory_data data = { .path = path };
if (is_path_owned_by_current_user(path))
if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
is_path_owned_by_current_user(path))
return 1;
read_very_early_config(safe_directory_cb, &data);

@ -0,0 +1,49 @@
#!/bin/sh
test_description='verify safe.directory checks'
. ./test-lib.sh
GIT_TEST_ASSUME_DIFFERENT_OWNER=1
export GIT_TEST_ASSUME_DIFFERENT_OWNER
expect_rejected_dir () {
test_must_fail git status 2>err &&
grep "safe.directory" err
}
test_expect_success 'safe.directory is not set' '
expect_rejected_dir
'
test_expect_success 'safe.directory does not match' '
git config --global safe.directory bogus &&
expect_rejected_dir
'
test_expect_success 'path exist as different key' '
git config --global foo.bar "$(pwd)" &&
expect_rejected_dir
'
test_expect_success 'safe.directory matches' '
git config --global --add safe.directory "$(pwd)" &&
git status
'
test_expect_success 'safe.directory matches, but is reset' '
git config --global --add safe.directory "" &&
expect_rejected_dir
'
test_expect_success 'safe.directory=*' '
git config --global --add safe.directory "*" &&
git status
'
test_expect_success 'safe.directory=*, but is reset' '
git config --global --add safe.directory "" &&
expect_rejected_dir
'
test_done
Loading…
Cancel
Save