Commits on May 10, 2023

1. merge-tree: load default git config …

   The 'git merge-tree' command handles creating root trees for merges
   without using the worktree. This is a critical operation in many Git
   hosts, as they typically store bare repositories.
   
   This builtin does not load the default Git config, which can have
   several important ramifications.
   
   In particular, one config that is loaded by default is
   core.useReplaceRefs. This is typically disabled in Git hosts due to
   the ability to spoof commits in strange ways.
   
   Since this config is not loaded specifically during merge-tree, users
   were previously able to use refs/replace/ references to make pull
   requests that looked valid but introduced malicious content. The
   resulting merge commit would have the correct commit history, but the
   malicious content would exist in the root tree of the merge.
   
   The fix is simple: load the default Git config in cmd_merge_tree().
   This may also fix other behaviors that are effected by reading default
   config. The only possible downside is a little extra computation time
   spent reading config. The config parsing is placed after basic argument
   parsing so it does not slow down usage errors.
   
   Helped-by: Johannes Schindelin <johannes.schindelin@gmx.de>
   Signed-off-by: Derrick Stolee <derrickstolee@github.com>

   

   derrickstolee committed May 10, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 49d65c4
   • Browse repository at this point

   Copy the full SHA

   49d65c4 View commit details

   Browse the repository at this point in the history