Sync with Git 2.17.1
* maint: (25 commits) Git 2.17.1 Git 2.16.4 Git 2.15.2 Git 2.14.4 Git 2.13.7 fsck: complain when .gitmodules is a symlink index-pack: check .gitmodules files with --strict unpack-objects: call fsck_finish() after fscking objects fsck: call fsck_finish() after fscking objects fsck: check .gitmodules content fsck: handle promisor objects in .gitmodules check fsck: detect gitmodules files fsck: actually fsck blob data fsck: simplify ".git" check index-pack: make fsck error message more specific verify_path: disallow symlinks in .gitmodules update-index: stat updated files earlier verify_dotfile: mention case-insensitivity in comment verify_path: drop clever fallthrough skip_prefix: add case-insensitive variant ...
This commit is contained in:
Junio C Hamano
20
Documentation/RelNotes/2.13.7.txt
Normal file
20
Documentation/RelNotes/2.13.7.txt
Normal file
@ -0,0 +1,20 @@
|
||||
Git v2.13.7 Release Notes
|
||||
=========================
|
||||
|
||||
Fixes since v2.13.6
|
||||
-------------------
|
||||
|
||||
* Submodule "names" come from the untrusted .gitmodules file, but we
|
||||
blindly append them to $GIT_DIR/modules to create our on-disk repo
|
||||
paths. This means you can do bad things by putting "../" into the
|
||||
name. We now enforce some rules for submodule names which will cause
|
||||
Git to ignore these malicious names (CVE-2018-11235).
|
||||
|
||||
Credit for finding this vulnerability and the proof of concept from
|
||||
which the test script was adapted goes to Etienne Stalmans.
|
||||
|
||||
* It was possible to trick the code that sanity-checks paths on NTFS
|
||||
into reading random piece of memory (CVE-2018-11233).
|
||||
|
||||
Credit for fixing for these bugs goes to Jeff King, Johannes
|
||||
Schindelin and others.
|
||||
5
Documentation/RelNotes/2.14.4.txt
Normal file
5
Documentation/RelNotes/2.14.4.txt
Normal file
@ -0,0 +1,5 @@
|
||||
Git v2.14.4 Release Notes
|
||||
=========================
|
||||
|
||||
This release is to forward-port the fixes made in the v2.13.7 version
|
||||
of Git. See its release notes for details.
|
||||
@ -43,5 +43,8 @@ Fixes since v2.15.1
|
||||
* Clarify and enhance documentation for "merge-base --fork-point", as
|
||||
it was clear what it computed but not why/what for.
|
||||
|
||||
* This release also contains the fixes made in the v2.13.7 version of
|
||||
Git. See its release notes for details.
|
||||
|
||||
|
||||
Also contains various documentation updates and code clean-ups.
|
||||
|
||||
5
Documentation/RelNotes/2.16.4.txt
Normal file
5
Documentation/RelNotes/2.16.4.txt
Normal file
@ -0,0 +1,5 @@
|
||||
Git v2.16.4 Release Notes
|
||||
=========================
|
||||
|
||||
This release is to forward-port the fixes made in the v2.13.7 version
|
||||
of Git. See its release notes for details.
|
||||
16
Documentation/RelNotes/2.17.1.txt
Normal file
16
Documentation/RelNotes/2.17.1.txt
Normal file
@ -0,0 +1,16 @@
|
||||
Git v2.17.1 Release Notes
|
||||
=========================
|
||||
|
||||
Fixes since v2.17
|
||||
-----------------
|
||||
|
||||
* This release contains the same fixes made in the v2.13.7 version of
|
||||
Git, covering CVE-2018-11233 and 11235, and forward-ported to
|
||||
v2.14.4, v2.15.2 and v2.16.4 releases. See release notes to
|
||||
v2.13.7 for details.
|
||||
|
||||
* In addition to the above fixes, this release has support on the
|
||||
server side to reject pushes to repositories that attempt to create
|
||||
such problematic .gitmodules file etc. as tracked contents, to help
|
||||
hosting sites protect their customers by preventing malicious
|
||||
contents from spreading.
|
||||
Reference in New Issue
Block a user