Sync with 2.14.6
* maint-2.14: (28 commits) Git 2.14.6 mingw: handle `subst`-ed "DOS drives" mingw: refuse to access paths with trailing spaces or periods mingw: refuse to access paths with illegal characters unpack-trees: let merged_entry() pass through do_add_entry()'s errors quote-stress-test: offer to test quoting arguments for MSYS2 sh t6130/t9350: prepare for stringent Win32 path validation quote-stress-test: allow skipping some trials quote-stress-test: accept arguments to test via the command-line tests: add a helper to stress test argument quoting mingw: fix quoting of arguments Disallow dubiously-nested submodule git directories protect_ntfs: turn on NTFS protection by default path: also guard `.gitmodules` against NTFS Alternate Data Streams is_ntfs_dotgit(): speed it up mingw: disallow backslash characters in tree objects' file names path: safeguard `.git` against NTFS Alternate Streams Accesses clone --recurse-submodules: prevent name squatting on Windows is_ntfs_dotgit(): only verify the leading segment test-path-utils: offer to run a protectNTFS/protectHFS benchmark ...
This commit is contained in:
Johannes Schindelin
54
Documentation/RelNotes/2.14.6.txt
Normal file
54
Documentation/RelNotes/2.14.6.txt
Normal file
@ -0,0 +1,54 @@
|
||||
Git v2.14.6 Release Notes
|
||||
=========================
|
||||
|
||||
This release addresses the security issues CVE-2019-1348,
|
||||
CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352,
|
||||
CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387.
|
||||
|
||||
Fixes since v2.14.5
|
||||
-------------------
|
||||
|
||||
* CVE-2019-1348:
|
||||
The --export-marks option of git fast-import is exposed also via
|
||||
the in-stream command feature export-marks=... and it allows
|
||||
overwriting arbitrary paths.
|
||||
|
||||
* CVE-2019-1349:
|
||||
When submodules are cloned recursively, under certain circumstances
|
||||
Git could be fooled into using the same Git directory twice. We now
|
||||
require the directory to be empty.
|
||||
|
||||
* CVE-2019-1350:
|
||||
Incorrect quoting of command-line arguments allowed remote code
|
||||
execution during a recursive clone in conjunction with SSH URLs.
|
||||
|
||||
* CVE-2019-1351:
|
||||
While the only permitted drive letters for physical drives on
|
||||
Windows are letters of the US-English alphabet, this restriction
|
||||
does not apply to virtual drives assigned via subst <letter>:
|
||||
<path>. Git mistook such paths for relative paths, allowing writing
|
||||
outside of the worktree while cloning.
|
||||
|
||||
* CVE-2019-1352:
|
||||
Git was unaware of NTFS Alternate Data Streams, allowing files
|
||||
inside the .git/ directory to be overwritten during a clone.
|
||||
|
||||
* CVE-2019-1353:
|
||||
When running Git in the Windows Subsystem for Linux (also known as
|
||||
"WSL") while accessing a working directory on a regular Windows
|
||||
drive, none of the NTFS protections were active.
|
||||
|
||||
* CVE-2019-1354:
|
||||
Filenames on Linux/Unix can contain backslashes. On Windows,
|
||||
backslashes are directory separators. Git did not use to refuse to
|
||||
write out tracked files with such filenames.
|
||||
|
||||
* CVE-2019-1387:
|
||||
Recursive clones are currently affected by a vulnerability that is
|
||||
caused by too-lax validation of submodule names, allowing very
|
||||
targeted attacks via remote code execution in recursive clones.
|
||||
|
||||
Credit for finding these vulnerabilities goes to Microsoft Security
|
||||
Response Center, in particular to Nicolas Joly. The `fast-import`
|
||||
fixes were provided by Jeff King, the other fixes by Johannes
|
||||
Schindelin with help from Garima Singh.
|
||||
Reference in New Issue
Block a user