Git 2.35.3

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE4fA2sf7nIh/HeOzvsLXohpav5ssFAmJXTO4ACgkQsLXohpav
 5ss62xAAzwmmKlJkcgdKRcVimfMF+hPNvBFsnKBZZRtAV+4vCOFa2EN2bgWJexZh
 SfuDzdJrFf+A4Emb0Z2nd9ZmSJJznybwYJCkHatfEnH+qy/H+5ju3NwgD84DOCad
 DauretQn2zhwosJDsF82MbogQrOTYQjfftalFZZwYyD5AoSbsiR/diIrjjP6q+Qo
 RlKXagPM8hxZLrdOjMir75Wr/OrFDXMlO2kE2+5IgR/EO8KmjltFZgeciLnFXllN
 qQ77Klu1B9xsUjypK0/Vxbg389pqSHRCR28MaKwHbPQsXz8+ZTeCfgv7u500BWa+
 Yl3Cye1GtZtD3zCu4Ik/D++Bu53P8NmHXzAst6hhMnyZZUQ8meeVoLdZH5eZscc6
 vlv+wyLiyqILWknWIEibATavqjBWeFAqRXC//RPdZbUjoeE7fAVA8u+LZvOBCKna
 altnI497uJAL15eWU8878X8y1rmZJfXpx0euwYZbmo6Hj/GHY/1w3RYanJ+shOkk
 f8Qu4AUWNYAyHUANbxczSVoV3VR9xLdKgqbuGZsNZDRPUMo6POBNSxnjExsAnr6b
 SRmpmQQsbZr2vO9i12dPQJbqRCo5++rrmM/qi+ozmM1xGCDyeSiHgsnDUQV7AGkZ
 0/hwg+mhykvLEnMIbDLZirI1uNecomO83Q/YhcWdBFlsDXb0IJw=
 =AeAR
 -----END PGP SIGNATURE-----

Sync with Git 2.35.3

Documentation/RelNotes/2.30.4.txt

@@ -0,0 +1,21 @@
+Git v2.30.4 Release Notes
+=========================
+
+This release contains minor fix-ups for the changes that went into
+Git 2.30.3, which was made to address CVE-2022-24765.
+
+ * The code that was meant to parse the new `safe.directory`
+   configuration variable was not checking what configuration
+   variable was being fed to it, which has been corrected.
+
+ * '*' can be used as the value for the `safe.directory` variable to
+   signal that the user considers that any directory is safe.
+
+
+
+Derrick Stolee (2):
+      t0033: add tests for safe.directory
+      setup: opt-out of check with safe.directory=*
+
+Matheus Valadares (1):
+      setup: fix safe.directory key not being checked

Documentation/RelNotes/2.31.3.txt

@@ -0,0 +1,4 @@
+Git Documentation/RelNotes/2.31.3.txt Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.31.3.

Documentation/RelNotes/2.32.2.txt

@@ -0,0 +1,4 @@
+Git Documentation/RelNotes/2.32.2.txt Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.32.2.

Documentation/RelNotes/2.33.3.txt

@@ -0,0 +1,4 @@
+Git Documentation/RelNotes/2.33.3.txt Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.33.3.

Documentation/RelNotes/2.34.3.txt

@@ -0,0 +1,4 @@
+Git Documentation/RelNotes/2.34.3.txt Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.34.3.

Documentation/RelNotes/2.35.3.txt

@@ -0,0 +1,4 @@
+Git Documentation/RelNotes/2.35.3.txt Release Notes
+=========================
+
+This release merges up the fixes that appear in v2.35.3.

Documentation/config/safe.txt

@@ -19,3 +19,10 @@ line option `-c safe.directory=<path>`.
 The value of this setting is interpolated, i.e. `~/<path>` expands to a
 path relative to the home directory and `%(prefix)/<path>` expands to a
 path relative to Git's (runtime) prefix.
++
+To completely opt-out of this security check, set `safe.directory` to the
+string `*`. This will allow all repositories to be treated as if their
+directory was listed in the `safe.directory` list. If `safe.directory=*`
+is set in system config and you want to re-enable this protection, then
+initialize your list with an empty value before listing the repositories
+that you deem safe.

setup.c

@@ -1100,9 +1100,14 @@ static int safe_directory_cb(const char *key, const char *value, void *d)
 {
 	struct safe_directory_data *data = d;
 
-	if (!value || !*value)
+	if (strcmp(key, "safe.directory"))
+		return 0;
+
+	if (!value || !*value) {
 		data->is_safe = 0;
-	else {
+	} else if (!strcmp(value, "*")) {
+		data->is_safe = 1;
+	} else {
 		const char *interpolated = NULL;
 
 		if (!git_config_pathname(&interpolated, key, value) &&
@@ -1119,7 +1124,8 @@ static int ensure_valid_ownership(const char *path)
 {
 	struct safe_directory_data data = { .path = path };
 
-	if (is_path_owned_by_current_user(path))
+	if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
+	    is_path_owned_by_current_user(path))
 		return 1;
 
 	read_very_early_config(safe_directory_cb, &data);

t/t0033-safe-directory.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+test_description='verify safe.directory checks'
+
+. ./test-lib.sh
+
+GIT_TEST_ASSUME_DIFFERENT_OWNER=1
+export GIT_TEST_ASSUME_DIFFERENT_OWNER
+
+expect_rejected_dir () {
+	test_must_fail git status 2>err &&
+	grep "safe.directory" err
+}
+
+test_expect_success 'safe.directory is not set' '
+	expect_rejected_dir
+'
+
+test_expect_success 'safe.directory does not match' '
+	git config --global safe.directory bogus &&
+	expect_rejected_dir
+'
+
+test_expect_success 'path exist as different key' '
+	git config --global foo.bar "$(pwd)" &&
+	expect_rejected_dir
+'
+
+test_expect_success 'safe.directory matches' '
+	git config --global --add safe.directory "$(pwd)" &&
+	git status
+'
+
+test_expect_success 'safe.directory matches, but is reset' '
+	git config --global --add safe.directory "" &&
+	expect_rejected_dir
+'
+
+test_expect_success 'safe.directory=*' '
+	git config --global --add safe.directory "*" &&
+	git status
+'
+
+test_expect_success 'safe.directory=*, but is reset' '
+	git config --global --add safe.directory "" &&
+	expect_rejected_dir
+'
+
+test_done