diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2022-06-23 12:35:30 +0200 |
|---|---|---|
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2022-06-23 12:35:30 +0200 |
| commit | fc0c773028685cdbae35c6c71f3fd3b87ab70985 (patch) | |
| tree | 28e1948dec2d568d3591fa9f6b1b0e7b87d1a2f0 /Documentation | |
| parent | 15304344342b7c888f732d28f908890d874bcb0c (diff) | |
| parent | 5b1c746c352e85211770e5cbd26a433b3affd3b4 (diff) | |
| download | git-fc0c773028685cdbae35c6c71f3fd3b87ab70985.tar.xz | |
Sync with 2.31.4
* maint-2.31:
Git 2.31.4
Git 2.30.5
setup: tighten ownership checks post CVE-2022-24765
git-compat-util: allow root to access both SUDO_UID and root owned
t0034: add negative tests and allow git init to mostly work under sudo
git-compat-util: avoid failing dir ownership checks if running privileged
t: regression git needs safe.directory when using sudo
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/RelNotes/2.30.5.txt | 12 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.31.4.txt | 6 | ||||
| -rw-r--r-- | Documentation/config/safe.txt | 14 |
3 files changed, 32 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.30.5.txt b/Documentation/RelNotes/2.30.5.txt new file mode 100644 index 0000000000..5191cab3ae --- /dev/null +++ b/Documentation/RelNotes/2.30.5.txt @@ -0,0 +1,12 @@ +Git v2.30.5 Release Notes +========================= + +This release contains minor fix-ups for the changes that went into +Git 2.30.3 and 2.30.4, addressing CVE-2022-29187. + + * The safety check that verifies a safe ownership of the Git + worktree is now extended to also cover the ownership of the Git + directory (and the `.git` file, if there is any). + +Carlo Marcelo Arenas Belón (1): + setup: tighten ownership checks post CVE-2022-24765 diff --git a/Documentation/RelNotes/2.31.4.txt b/Documentation/RelNotes/2.31.4.txt new file mode 100644 index 0000000000..97a91fd07a --- /dev/null +++ b/Documentation/RelNotes/2.31.4.txt @@ -0,0 +1,6 @@ +Git v2.31.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5 to address +the security issue CVE-2022-29187; see the release notes for that +version for details. diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt index 6d764fe0cc..74627c5e7c 100644 --- a/Documentation/config/safe.txt +++ b/Documentation/config/safe.txt @@ -26,3 +26,17 @@ directory was listed in the `safe.directory` list. If `safe.directory=*` is set in system config and you want to re-enable this protection, then initialize your list with an empty value before listing the repositories that you deem safe. ++ +As explained, Git only allows you to access repositories owned by +yourself, i.e. the user who is running Git, by default. When Git +is running as 'root' in a non Windows platform that provides sudo, +however, git checks the SUDO_UID environment variable that sudo creates +and will allow access to the uid recorded as its value in addition to +the id from 'root'. +This is to make it easy to perform a common sequence during installation +"make && sudo make install". A git process running under 'sudo' runs as +'root' but the 'sudo' command exports the environment variable to record +which id the original user has. +If that is not what you would prefer and want git to only trust +repositories that are owned by root instead, then you can remove +the `SUDO_UID` variable from root's environment before invoking git. |