80 lines
2.6 KiB
Plaintext
80 lines
2.6 KiB
Plaintext
Git v2.39.4 Release Notes
|
|
=========================
|
|
|
|
This addresses the security issues CVE-2024-32002, CVE-2024-32004,
|
|
CVE-2024-32020 and CVE-2024-32021.
|
|
|
|
This release also backports fixes necessary to let the CI builds pass
|
|
successfully.
|
|
|
|
Fixes since v2.39.3
|
|
-------------------
|
|
|
|
* CVE-2024-32002:
|
|
|
|
Recursive clones on case-insensitive filesystems that support symbolic
|
|
links are susceptible to case confusion that can be exploited to
|
|
execute just-cloned code during the clone operation.
|
|
|
|
* CVE-2024-32004:
|
|
|
|
Repositories can be configured to execute arbitrary code during local
|
|
clones. To address this, the ownership checks introduced in v2.30.3
|
|
are now extended to cover cloning local repositories.
|
|
|
|
* CVE-2024-32020:
|
|
|
|
Local clones may end up hardlinking files into the target repository's
|
|
object database when source and target repository reside on the same
|
|
disk. If the source repository is owned by a different user, then
|
|
those hardlinked files may be rewritten at any point in time by the
|
|
untrusted user.
|
|
|
|
* CVE-2024-32021:
|
|
|
|
When cloning a local source repository that contains symlinks via the
|
|
filesystem, Git may create hardlinks to arbitrary user-readable files
|
|
on the same filesystem as the target repository in the objects/
|
|
directory.
|
|
|
|
* CVE-2024-32465:
|
|
|
|
It is supposed to be safe to clone untrusted repositories, even those
|
|
unpacked from zip archives or tarballs originating from untrusted
|
|
sources, but Git can be tricked to run arbitrary code as part of the
|
|
clone.
|
|
|
|
* Defense-in-depth: submodule: require the submodule path to contain
|
|
directories only.
|
|
|
|
* Defense-in-depth: clone: when symbolic links collide with directories, keep
|
|
the latter.
|
|
|
|
* Defense-in-depth: clone: prevent hooks from running during a clone.
|
|
|
|
* Defense-in-depth: core.hooksPath: add some protection while cloning.
|
|
|
|
* Defense-in-depth: fsck: warn about symlink pointing inside a gitdir.
|
|
|
|
* Various fix-ups on HTTP tests.
|
|
|
|
* Test update.
|
|
|
|
* HTTP Header redaction code has been adjusted for a newer version of
|
|
cURL library that shows its traces differently from earlier
|
|
versions.
|
|
|
|
* Fix was added to work around a regression in libcURL 8.7.0 (which has
|
|
already been fixed in their tip of the tree).
|
|
|
|
* Replace macos-12 used at GitHub CI with macos-13.
|
|
|
|
* ci(linux-asan/linux-ubsan): let's save some time
|
|
|
|
* Tests with LSan from time to time seem to emit harmless message that makes
|
|
our tests unnecessarily flakey; we work it around by filtering the
|
|
uninteresting output.
|
|
|
|
* Update GitHub Actions jobs to avoid warnings against using deprecated
|
|
version of Node.js.
|