From 898225ba0419f3a2fabdf11750a90031a838f3b3 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:35:52 +0100 Subject: [PATCH 1/9] GIT-VERSION-GEN: bump to v2.33.1 This was missed in af6d1d602a8f (Git 2.33.1, 2021-10-12). Signed-off-by: Johannes Schindelin --- GIT-VERSION-GEN | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index b1c0d4eb2e..11aac6e397 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.33.0 +DEF_VER=v2.33.1 LF=' ' From 6e7ad1e4c22e7038975ba37c7413374fe566b064 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= Date: Sat, 27 Nov 2021 10:15:32 +0000 Subject: [PATCH 2/9] mingw: avoid fallback for {local,gm}time_r() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mingw-w64's pthread_unistd.h had a bug that mistakenly (because there is no support for the *lockfile() functions required[1]) defined _POSIX_THREAD_SAFE_FUNCTIONS and that was being worked around since 3ecd153a3b (compat/mingw: support MSys2-based MinGW build, 2016-01-14). The bug was fixed in winphtreads, but as a side effect, leaves the reentrant functions from time.h no longer visible and therefore breaks the build. Since the intention all along was to avoid using the fallback functions, formalize the use of POSIX by setting the corresponding feature flag and compile out the implementation for the fallback functions. [1] https://unix.org/whitepapers/reentrant.html Signed-off-by: Carlo Marcelo Arenas Belón Acked-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 2 ++ git-compat-util.h | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/compat/mingw.c b/compat/mingw.c index a43599841c..abb4d26ce9 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -1060,6 +1060,7 @@ int pipe(int filedes[2]) return 0; } +#ifndef __MINGW64__ struct tm *gmtime_r(const time_t *timep, struct tm *result) { if (gmtime_s(result, timep) == 0) @@ -1073,6 +1074,7 @@ struct tm *localtime_r(const time_t *timep, struct tm *result) return result; return NULL; } +#endif char *mingw_getcwd(char *pointer, int len) { diff --git a/git-compat-util.h b/git-compat-util.h index 7d3db43f11..3da9f975e2 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -127,7 +127,9 @@ /* Approximation of the length of the decimal representation of this type. */ #define decimal_length(x) ((int)(sizeof(x) * 2.56 + 0.5) + 1) -#if defined(__sun__) +#ifdef __MINGW64__ +#define _POSIX_C_SOURCE 1 +#elif defined(__sun__) /* * On Solaris, when _XOPEN_EXTENDED is set, its header file * forces the programs to be XPG4v2, defeating any _XOPEN_SOURCE From bdc77d1d685be9c10b88abb281a42bc620548595 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 2 Mar 2022 11:06:24 +0100 Subject: [PATCH 3/9] Add a function to determine whether a path is owned by the current user This function will be used in the next commit to prevent `setup_git_directory()` from discovering a repository in a directory that is owned by someone other than the current user. Note: We cannot simply use `st.st_uid` on Windows just like we do on Linux and other Unix-like platforms: according to https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/stat-functions this field is always zero on Windows (because Windows' idea of a user ID does not fit into a single numerical value). Therefore, we have to do something a little involved to replicate the same functionality there. Also note: On Windows, a user's home directory is not actually owned by said user, but by the administrator. For all practical purposes, it is under the user's control, though, therefore we pretend that it is owned by the user. Signed-off-by: Johannes Schindelin --- compat/mingw.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++ compat/mingw.h | 7 ++++ git-compat-util.h | 12 +++++++ 3 files changed, 106 insertions(+) diff --git a/compat/mingw.c b/compat/mingw.c index abb4d26ce9..38ac35913d 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -1,5 +1,6 @@ #include "../git-compat-util.h" #include "win32.h" +#include #include #include #include "../strbuf.h" @@ -2601,6 +2602,92 @@ static void setup_windows_environment(void) } } +static PSID get_current_user_sid(void) +{ + HANDLE token; + DWORD len = 0; + PSID result = NULL; + + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) + return NULL; + + if (!GetTokenInformation(token, TokenUser, NULL, 0, &len)) { + TOKEN_USER *info = xmalloc((size_t)len); + if (GetTokenInformation(token, TokenUser, info, len, &len)) { + len = GetLengthSid(info->User.Sid); + result = xmalloc(len); + if (!CopySid(len, result, info->User.Sid)) { + error(_("failed to copy SID (%ld)"), + GetLastError()); + FREE_AND_NULL(result); + } + } + FREE_AND_NULL(info); + } + CloseHandle(token); + + return result; +} + +int is_path_owned_by_current_sid(const char *path) +{ + WCHAR wpath[MAX_PATH]; + PSID sid = NULL; + PSECURITY_DESCRIPTOR descriptor = NULL; + DWORD err; + + static wchar_t home[MAX_PATH]; + + int result = 0; + + if (xutftowcs_path(wpath, path) < 0) + return 0; + + /* + * On Windows, the home directory is owned by the administrator, but for + * all practical purposes, it belongs to the user. Do pretend that it is + * owned by the user. + */ + if (!*home) { + DWORD size = ARRAY_SIZE(home); + DWORD len = GetEnvironmentVariableW(L"HOME", home, size); + if (!len || len > size) + wcscpy(home, L"::N/A::"); + } + if (!wcsicmp(wpath, home)) + return 1; + + /* Get the owner SID */ + err = GetNamedSecurityInfoW(wpath, SE_FILE_OBJECT, + OWNER_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION, + &sid, NULL, NULL, NULL, &descriptor); + + if (err != ERROR_SUCCESS) + error(_("failed to get owner for '%s' (%ld)"), path, err); + else if (sid && IsValidSid(sid)) { + /* Now, verify that the SID matches the current user's */ + static PSID current_user_sid; + + if (!current_user_sid) + current_user_sid = get_current_user_sid(); + + if (current_user_sid && + IsValidSid(current_user_sid) && + EqualSid(sid, current_user_sid)) + result = 1; + } + + /* + * We can release the security descriptor struct only now because `sid` + * actually points into this struct. + */ + if (descriptor) + LocalFree(descriptor); + + return result; +} + int is_valid_win32_path(const char *path, int allow_literal_nul) { const char *p = path; diff --git a/compat/mingw.h b/compat/mingw.h index af8eddd73e..f6bab548f4 100644 --- a/compat/mingw.h +++ b/compat/mingw.h @@ -452,6 +452,13 @@ char *mingw_query_user_email(void); #include #endif +/** + * Verifies that the specified path is owned by the user running the + * current process. + */ +int is_path_owned_by_current_sid(const char *path); +#define is_path_owned_by_current_user is_path_owned_by_current_sid + /** * Verifies that the given path is a valid one on Windows. * diff --git a/git-compat-util.h b/git-compat-util.h index 3da9f975e2..63ba89dd31 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -392,6 +392,18 @@ static inline int git_offset_1st_component(const char *path) #define is_valid_path(path) 1 #endif +#ifndef is_path_owned_by_current_user +static inline int is_path_owned_by_current_uid(const char *path) +{ + struct stat st; + if (lstat(path, &st)) + return 0; + return st.st_uid == geteuid(); +} + +#define is_path_owned_by_current_user is_path_owned_by_current_uid +#endif + #ifndef find_last_dir_sep static inline char *git_find_last_dir_sep(const char *path) { From 8959555cee7ec045958f9b6dd62e541affb7e7d9 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 2 Mar 2022 12:23:04 +0100 Subject: [PATCH 4/9] setup_git_directory(): add an owner check for the top-level directory It poses a security risk to search for a git directory outside of the directories owned by the current user. For example, it is common e.g. in computer pools of educational institutes to have a "scratch" space: a mounted disk with plenty of space that is regularly swiped where any authenticated user can create a directory to do their work. Merely navigating to such a space with a Git-enabled `PS1` when there is a maliciously-crafted `/scratch/.git/` can lead to a compromised account. The same holds true in multi-user setups running Windows, as `C:\` is writable to every authenticated user by default. To plug this vulnerability, we stop Git from accepting top-level directories owned by someone other than the current user. We avoid looking at the ownership of each and every directories between the current and the top-level one (if there are any between) to avoid introducing a performance bottleneck. This new default behavior is obviously incompatible with the concept of shared repositories, where we expect the top-level directory to be owned by only one of its legitimate users. To re-enable that use case, we add support for adding exceptions from the new default behavior via the config setting `safe.directory`. The `safe.directory` config setting is only respected in the system and global configs, not from repository configs or via the command-line, and can have multiple values to allow for multiple shared repositories. We are particularly careful to provide a helpful message to any user trying to use a shared repository. Signed-off-by: Johannes Schindelin --- Documentation/config.txt | 2 ++ Documentation/config/safe.txt | 21 +++++++++++++ setup.c | 57 ++++++++++++++++++++++++++++++++++- 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 Documentation/config/safe.txt diff --git a/Documentation/config.txt b/Documentation/config.txt index 6ba50b1104..34e6d477d6 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -438,6 +438,8 @@ include::config/rerere.txt[] include::config/reset.txt[] +include::config/safe.txt[] + include::config/sendemail.txt[] include::config/sequencer.txt[] diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt new file mode 100644 index 0000000000..63597b2df8 --- /dev/null +++ b/Documentation/config/safe.txt @@ -0,0 +1,21 @@ +safe.directory:: + These config entries specify Git-tracked directories that are + considered safe even if they are owned by someone other than the + current user. By default, Git will refuse to even parse a Git + config of a repository owned by someone else, let alone run its + hooks, and this config setting allows users to specify exceptions, + e.g. for intentionally shared repositories (see the `--shared` + option in linkgit:git-init[1]). ++ +This is a multi-valued setting, i.e. you can add more than one directory +via `git config --add`. To reset the list of safe directories (e.g. to +override any such directories specified in the system config), add a +`safe.directory` entry with an empty value. ++ +This config setting is only respected when specified in a system or global +config, not when it is specified in a repository config or via the command +line option `-c safe.directory=`. ++ +The value of this setting is interpolated, i.e. `~/` expands to a +path relative to the home directory and `%(prefix)/` expands to a +path relative to Git's (runtime) prefix. diff --git a/setup.c b/setup.c index c04cd25a30..95d5b00940 100644 --- a/setup.c +++ b/setup.c @@ -5,6 +5,7 @@ #include "string-list.h" #include "chdir-notify.h" #include "promisor-remote.h" +#include "quote.h" static int inside_git_dir = -1; static int inside_work_tree = -1; @@ -1024,6 +1025,42 @@ static int canonicalize_ceiling_entry(struct string_list_item *item, } } +struct safe_directory_data { + const char *path; + int is_safe; +}; + +static int safe_directory_cb(const char *key, const char *value, void *d) +{ + struct safe_directory_data *data = d; + + if (!value || !*value) + data->is_safe = 0; + else { + const char *interpolated = NULL; + + if (!git_config_pathname(&interpolated, key, value) && + !fspathcmp(data->path, interpolated ? interpolated : value)) + data->is_safe = 1; + + free((char *)interpolated); + } + + return 0; +} + +static int ensure_valid_ownership(const char *path) +{ + struct safe_directory_data data = { .path = path }; + + if (is_path_owned_by_current_user(path)) + return 1; + + read_very_early_config(safe_directory_cb, &data); + + return data.is_safe; +} + enum discovery_result { GIT_DIR_NONE = 0, GIT_DIR_EXPLICIT, @@ -1032,7 +1069,8 @@ enum discovery_result { /* these are errors */ GIT_DIR_HIT_CEILING = -1, GIT_DIR_HIT_MOUNT_POINT = -2, - GIT_DIR_INVALID_GITFILE = -3 + GIT_DIR_INVALID_GITFILE = -3, + GIT_DIR_INVALID_OWNERSHIP = -4 }; /* @@ -1122,11 +1160,15 @@ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir, } strbuf_setlen(dir, offset); if (gitdirenv) { + if (!ensure_valid_ownership(dir->buf)) + return GIT_DIR_INVALID_OWNERSHIP; strbuf_addstr(gitdir, gitdirenv); return GIT_DIR_DISCOVERED; } if (is_git_directory(dir->buf)) { + if (!ensure_valid_ownership(dir->buf)) + return GIT_DIR_INVALID_OWNERSHIP; strbuf_addstr(gitdir, "."); return GIT_DIR_BARE; } @@ -1253,6 +1295,19 @@ const char *setup_git_directory_gently(int *nongit_ok) dir.buf); *nongit_ok = 1; break; + case GIT_DIR_INVALID_OWNERSHIP: + if (!nongit_ok) { + struct strbuf quoted = STRBUF_INIT; + + sq_quote_buf_pretty("ed, dir.buf); + die(_("unsafe repository ('%s' is owned by someone else)\n" + "To add an exception for this directory, call:\n" + "\n" + "\tgit config --global --add safe.directory %s"), + dir.buf, quoted.buf); + } + *nongit_ok = 1; + break; case GIT_DIR_NONE: /* * As a safeguard against setup_git_directory_gently_1 returning From fdcad5a53e14bd397e4fa323e7fd0c3bf16dd373 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 23 Mar 2022 23:00:41 +0100 Subject: [PATCH 5/9] Fix `GIT_CEILING_DIRECTORIES` with `C:\` and the likes When determining the length of the longest ancestor of a given path with respect to to e.g. `GIT_CEILING_DIRECTORIES`, we special-case the root directory by returning 0 (i.e. we pretend that the path `/` does not end in a slash by virtually stripping it). That is the correct behavior because when normalizing paths, the root directory is special: all other directory paths have their trailing slash stripped, but not the root directory's path (because it would become the empty string, which is not a legal path). However, this special-casing of the root directory in `longest_ancestor_length()` completely forgets about Windows-style root directories, e.g. `C:\`. These _also_ get normalized with a trailing slash (because `C:` would actually refer to the current directory on that drive, not necessarily to its root directory). In fc56c7b34b (mingw: accomodate t0060-path-utils for MSYS2, 2016-01-27), we almost got it right. We noticed that `longest_ancestor_length()` expects a slash _after_ the matched prefix, and if the prefix already ends in a slash, the normalized path won't ever match and -1 is returned. But then that commit went astray: The correct fix is not to adjust the _tests_ to expect an incorrect -1 when that function is fed a prefix that ends in a slash, but instead to treat such a prefix as if the trailing slash had been removed. Likewise, that function needs to handle the case where it is fed a path that ends in a slash (not only a prefix that ends in a slash): if it matches the prefix (plus trailing slash), we still need to verify that the path does not end there, otherwise the prefix is not actually an ancestor of the path but identical to it (and we need to return -1 in that case). With these two adjustments, we no longer need to play games in t0060 where we only add `$rootoff` if the passed prefix is different from the MSYS2 pseudo root, instead we also add it for the MSYS2 pseudo root itself. We do have to be careful to skip that logic entirely for Windows paths, though, because they do are not subject to that MSYS2 pseudo root treatment. This patch fixes the scenario where a user has set `GIT_CEILING_DIRECTORIES=C:\`, which would be ignored otherwise. Signed-off-by: Johannes Schindelin --- path.c | 14 +++++++++----- t/t0060-path-utils.sh | 20 ++++++++++++++------ 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/path.c b/path.c index 7b385e5eb2..853e7165c8 100644 --- a/path.c +++ b/path.c @@ -1218,11 +1218,15 @@ int longest_ancestor_length(const char *path, struct string_list *prefixes) const char *ceil = prefixes->items[i].string; int len = strlen(ceil); - if (len == 1 && ceil[0] == '/') - len = 0; /* root matches anything, with length 0 */ - else if (!strncmp(path, ceil, len) && path[len] == '/') - ; /* match of length len */ - else + /* + * For root directories (`/`, `C:/`, `//server/share/`) + * adjust the length to exclude the trailing slash. + */ + if (len > 0 && ceil[len - 1] == '/') + len--; + + if (strncmp(path, ceil, len) || + path[len] != '/' || !path[len + 1]) continue; /* no match */ if (len > max_len) diff --git a/t/t0060-path-utils.sh b/t/t0060-path-utils.sh index 56db5c8aba..f538264cdd 100755 --- a/t/t0060-path-utils.sh +++ b/t/t0060-path-utils.sh @@ -55,12 +55,15 @@ fi ancestor() { # We do some math with the expected ancestor length. expected=$3 - if test -n "$rootoff" && test "x$expected" != x-1; then - expected=$(($expected-$rootslash)) - test $expected -lt 0 || - expected=$(($expected+$rootoff)) - fi - test_expect_success "longest ancestor: $1 $2 => $expected" \ + case "$rootoff,$expected,$2" in + *,*,//*) ;; # leave UNC paths alone + [0-9]*,[0-9]*,/*) + # On Windows, expect MSYS2 pseudo root translation for + # Unix-style absolute paths + expected=$(($expected-$rootslash+$rootoff)) + ;; + esac + test_expect_success $4 "longest ancestor: $1 $2 => $expected" \ "actual=\$(test-tool path-utils longest_ancestor_length '$1' '$2') && test \"\$actual\" = '$expected'" } @@ -156,6 +159,11 @@ ancestor /foo/bar /foo 4 ancestor /foo/bar /foo:/bar 4 ancestor /foo/bar /bar -1 +# Windows-specific: DOS drives, network shares +ancestor C:/Users/me C:/ 2 MINGW +ancestor D:/Users/me C:/ -1 MINGW +ancestor //server/share/my-directory //server/share/ 14 MINGW + test_expect_success 'strip_path_suffix' ' test c:/msysgit = $(test-tool path-utils strip_path_suffix \ c:/msysgit/libexec//git-core libexec/git-core) From cb95038137e9e66fc6a6b4a0e8db62bcc521b709 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:15:15 +0100 Subject: [PATCH 6/9] Git 2.30.3 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.30.3.txt | 24 ++++++++++++++++++++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.30.3.txt diff --git a/Documentation/RelNotes/2.30.3.txt b/Documentation/RelNotes/2.30.3.txt new file mode 100644 index 0000000000..31b2a4daa6 --- /dev/null +++ b/Documentation/RelNotes/2.30.3.txt @@ -0,0 +1,24 @@ +Git v2.30.2 Release Notes +========================= + +This release addresses the security issue CVE-2022-24765. + +Fixes since v2.30.2 +------------------- + + * Build fix on Windows. + + * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories. + + * CVE-2022-24765: + On multi-user machines, Git users might find themselves + unexpectedly in a Git worktree, e.g. when another user created a + repository in `C:\.git`, in a mounted network drive or in a + scratch space. Merely having a Git-aware prompt that runs `git + status` (or `git diff`) and navigating to a directory which is + supposedly not a Git worktree, or opening such a directory in an + editor or IDE such as VS Code or Atom, will potentially run + commands defined by that other user. + +Credit for finding this vulnerability goes to 俞晨东; The fix was +authored by Johannes Schindelin. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 9d789e0efc..7cf68be76f 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.30.2 +DEF_VER=v2.30.3 LF=' ' diff --git a/RelNotes b/RelNotes index d73be92065..187351ccd9 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.30.2.txt \ No newline at end of file +Documentation/RelNotes/2.30.3.txt \ No newline at end of file From 44de39c45c65134f4a6e02e7702a5db70a71041d Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:57:32 +0100 Subject: [PATCH 7/9] Git 2.31.2 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.31.2.txt | 6 ++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.31.2.txt diff --git a/Documentation/RelNotes/2.31.2.txt b/Documentation/RelNotes/2.31.2.txt new file mode 100644 index 0000000000..aa13a5b022 --- /dev/null +++ b/Documentation/RelNotes/2.31.2.txt @@ -0,0 +1,6 @@ +Git v2.31.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3 to address +the security issue CVE-2022-24765; see the release notes for that +version for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 36ab53e153..2498affd30 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.31.1 +DEF_VER=v2.31.2 LF=' ' diff --git a/RelNotes b/RelNotes index 07f22a5d65..dff85391eb 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.31.1.txt \ No newline at end of file +Documentation/RelNotes/2.31.2.txt \ No newline at end of file From 9bcd7a8ecac1c9196bc927647bd06c38ec1feabe Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:57:38 +0100 Subject: [PATCH 8/9] Git 2.32.1 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.32.1.txt | 6 ++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.32.1.txt diff --git a/Documentation/RelNotes/2.32.1.txt b/Documentation/RelNotes/2.32.1.txt new file mode 100644 index 0000000000..7dcca13b92 --- /dev/null +++ b/Documentation/RelNotes/2.32.1.txt @@ -0,0 +1,6 @@ +Git v2.32.1 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3 and +v2.31.2 to address the security issue CVE-2022-24765; see the +release notes for these versions for details. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 9c125f298a..c462040198 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.32.0 +DEF_VER=v2.32.1 LF=' ' diff --git a/RelNotes b/RelNotes index aece21e8a4..da84ed1cd7 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.32.0.txt \ No newline at end of file +Documentation/RelNotes/2.32.1.txt \ No newline at end of file From 87ed4fc046840706138d46e0033a009e74c3887a Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 17 Mar 2022 10:57:44 +0100 Subject: [PATCH 9/9] Git 2.33.2 Signed-off-by: Johannes Schindelin --- Documentation/RelNotes/2.33.2.txt | 15 +++++++++++++++ GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 Documentation/RelNotes/2.33.2.txt diff --git a/Documentation/RelNotes/2.33.2.txt b/Documentation/RelNotes/2.33.2.txt new file mode 100644 index 0000000000..e504489d61 --- /dev/null +++ b/Documentation/RelNotes/2.33.2.txt @@ -0,0 +1,15 @@ +Git v2.33.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3, v2.31.2 +and v2.32.1 to address the security issue CVE-2022-24765; see +the release notes for these versions for details. + +In addition, it contains the following fixes: + + * Squelch over-eager warning message added during this cycle. + + * A bug in "git rebase -r" has been fixed. + + * One CI task based on Fedora image noticed a not-quite-kosher + construct recently, which has been corrected. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 11aac6e397..d81eab5f00 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.33.1 +DEF_VER=v2.33.2 LF=' ' diff --git a/RelNotes b/RelNotes index 567659e5a3..8e79de2efe 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.33.1.txt \ No newline at end of file +Documentation/RelNotes/2.33.2.txt \ No newline at end of file