Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* maint: (25 commits) Git 2.17.1 Git 2.16.4 Git 2.15.2 Git 2.14.4 Git 2.13.7 fsck: complain when .gitmodules is a symlink index-pack: check .gitmodules files with --strict unpack-objects: call fsck_finish() after fscking objects fsck: call fsck_finish() after fscking objects fsck: check .gitmodules content fsck: handle promisor objects in .gitmodules check fsck: detect gitmodules files fsck: actually fsck blob data fsck: simplify ".git" check index-pack: make fsck error message more specific verify_path: disallow symlinks in .gitmodules update-index: stat updated files earlier verify_dotfile: mention case-insensitivity in comment verify_path: drop clever fallthrough skip_prefix: add case-insensitive variant ...
- Loading branch information
Showing
28 changed files
with
794 additions
and
72 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
Git v2.13.7 Release Notes | ||
========================= | ||
|
||
Fixes since v2.13.6 | ||
------------------- | ||
|
||
* Submodule "names" come from the untrusted .gitmodules file, but we | ||
blindly append them to $GIT_DIR/modules to create our on-disk repo | ||
paths. This means you can do bad things by putting "../" into the | ||
name. We now enforce some rules for submodule names which will cause | ||
Git to ignore these malicious names (CVE-2018-11235). | ||
|
||
Credit for finding this vulnerability and the proof of concept from | ||
which the test script was adapted goes to Etienne Stalmans. | ||
|
||
* It was possible to trick the code that sanity-checks paths on NTFS | ||
into reading random piece of memory (CVE-2018-11233). | ||
|
||
Credit for fixing for these bugs goes to Jeff King, Johannes | ||
Schindelin and others. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Git v2.14.4 Release Notes | ||
========================= | ||
|
||
This release is to forward-port the fixes made in the v2.13.7 version | ||
of Git. See its release notes for details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Git v2.16.4 Release Notes | ||
========================= | ||
|
||
This release is to forward-port the fixes made in the v2.13.7 version | ||
of Git. See its release notes for details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
Git v2.17.1 Release Notes | ||
========================= | ||
|
||
Fixes since v2.17 | ||
----------------- | ||
|
||
* This release contains the same fixes made in the v2.13.7 version of | ||
Git, covering CVE-2018-11233 and 11235, and forward-ported to | ||
v2.14.4, v2.15.2 and v2.16.4 releases. See release notes to | ||
v2.13.7 for details. | ||
|
||
* In addition to the above fixes, this release has support on the | ||
server side to reject pushes to repositories that attempt to create | ||
such problematic .gitmodules file etc. as tracked contents, to help | ||
hosting sites protect their customers by preventing malicious | ||
contents from spreading. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.