diff --git a/Documentation/RelNotes/2.30.4.txt b/Documentation/RelNotes/2.30.4.txt new file mode 100644 index 0000000000..4eedb74b16 --- /dev/null +++ b/Documentation/RelNotes/2.30.4.txt @@ -0,0 +1,21 @@ +Git v2.30.4 Release Notes +========================= + +This release contains minor fix-ups for the changes that went into +Git 2.30.3, which was made to address CVE-2022-24765. + + * The code that was meant to parse the new `safe.directory` + configuration variable was not checking what configuration + variable was being fed to it, which has been corrected. + + * '*' can be used as the value for the `safe.directory` variable to + signal that the user considers that any directory is safe. + + + +Derrick Stolee (2): + t0033: add tests for safe.directory + setup: opt-out of check with safe.directory=* + +Matheus Valadares (1): + setup: fix safe.directory key not being checked diff --git a/Documentation/RelNotes/2.31.3.txt b/Documentation/RelNotes/2.31.3.txt new file mode 100644 index 0000000000..ca143abad0 --- /dev/null +++ b/Documentation/RelNotes/2.31.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.31.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.31.3. diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt index 63597b2df8..6d764fe0cc 100644 --- a/Documentation/config/safe.txt +++ b/Documentation/config/safe.txt @@ -19,3 +19,10 @@ line option `-c safe.directory=`. The value of this setting is interpolated, i.e. `~/` expands to a path relative to the home directory and `%(prefix)/` expands to a path relative to Git's (runtime) prefix. ++ +To completely opt-out of this security check, set `safe.directory` to the +string `*`. This will allow all repositories to be treated as if their +directory was listed in the `safe.directory` list. If `safe.directory=*` +is set in system config and you want to re-enable this protection, then +initialize your list with an empty value before listing the repositories +that you deem safe. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 2498affd30..da853679b7 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.31.2 +DEF_VER=v2.31.3 LF=' ' diff --git a/RelNotes b/RelNotes index dff85391eb..c3d6893a92 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.31.2.txt \ No newline at end of file +Documentation/RelNotes/2.31.3.txt \ No newline at end of file diff --git a/setup.c b/setup.c index 95d5b00940..aad9ace0af 100644 --- a/setup.c +++ b/setup.c @@ -1034,9 +1034,14 @@ static int safe_directory_cb(const char *key, const char *value, void *d) { struct safe_directory_data *data = d; - if (!value || !*value) + if (strcmp(key, "safe.directory")) + return 0; + + if (!value || !*value) { data->is_safe = 0; - else { + } else if (!strcmp(value, "*")) { + data->is_safe = 1; + } else { const char *interpolated = NULL; if (!git_config_pathname(&interpolated, key, value) && @@ -1053,7 +1058,8 @@ static int ensure_valid_ownership(const char *path) { struct safe_directory_data data = { .path = path }; - if (is_path_owned_by_current_user(path)) + if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) && + is_path_owned_by_current_user(path)) return 1; read_very_early_config(safe_directory_cb, &data); diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh new file mode 100755 index 0000000000..239d93f4d2 --- /dev/null +++ b/t/t0033-safe-directory.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +test_description='verify safe.directory checks' + +. ./test-lib.sh + +GIT_TEST_ASSUME_DIFFERENT_OWNER=1 +export GIT_TEST_ASSUME_DIFFERENT_OWNER + +expect_rejected_dir () { + test_must_fail git status 2>err && + grep "safe.directory" err +} + +test_expect_success 'safe.directory is not set' ' + expect_rejected_dir +' + +test_expect_success 'safe.directory does not match' ' + git config --global safe.directory bogus && + expect_rejected_dir +' + +test_expect_success 'path exist as different key' ' + git config --global foo.bar "$(pwd)" && + expect_rejected_dir +' + +test_expect_success 'safe.directory matches' ' + git config --global --add safe.directory "$(pwd)" && + git status +' + +test_expect_success 'safe.directory matches, but is reset' ' + git config --global --add safe.directory "" && + expect_rejected_dir +' + +test_expect_success 'safe.directory=*' ' + git config --global --add safe.directory "*" && + git status +' + +test_expect_success 'safe.directory=*, but is reset' ' + git config --global --add safe.directory "" && + expect_rejected_dir +' + +test_done