Merge branch 'js/fix-open-exec-git' - user/sven/git.git

diff options

author	Johannes Sixt <j6t@kdbg.org>	2025-07-08 21:22:00 +0200
committer	Johannes Sixt <j6t@kdbg.org>	2025-07-08 21:22:48 +0200
commit	3f072308447ed2aab0228d21a7ce334beeeca7e8 (patch)
tree	c793ec4ca2df45d93e85f63f91537bf3d7243abf /git-gui/lib/commit.tcl
parent	88125ffe702fcc3aaf5dbcd8b87f74752291f294 (diff)
parent	a437f5bc93330a70b42a230e52f3bd036ca1b1da (diff)

Merge branch 'js/fix-open-exec-git'

This addresses CVE-2025-46835, Git GUI can create and overwrite a user's files: When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. * js/fix-open-exec-git: git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls git-gui: do not mistake command arguments as redirection operators git-gui: introduce function git_redir for git calls with redirections git-gui: pass redirections as separate argument to git_read git-gui: pass redirections as separate argument to _open_stdout_stderr git-gui: convert git_read*, git_write to be non-variadic git-gui: use git_read in githook_read git-gui: break out a separate function git_read_nice git-gui: remove option --stderr from git_read git-gui: sanitize 'exec' arguments: background git-gui: sanitize 'exec' arguments: simple cases git-gui: treat file names beginning with "|" as relative paths git-gui: remove git config --list handling for git < 1.5.3 git-gui: remove HEAD detachment implementation for git < 1.5.3 git-gui: remove Tcl 8.4 workaround on 2>@1 redirection Signed-off-by: Johannes Sixt <j6t@kdbg.org>

Diffstat (limited to 'git-gui/lib/commit.tcl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: