The git rpms
d90a306a79
Per the upstream release notes from 2.30.3¹:
This release addresses the security issue CVE-2022-24765.
* CVE-2022-24765:
On multi-user machines, Git users might find themselves
unexpectedly in a Git worktree, e.g. when another user created a
repository in `C:\.git`, in a mounted network drive or in a
scratch space. Merely having a Git-aware prompt that runs `git
status` (or `git diff`) and navigating to a directory which is
supposedly not a Git worktree, or opening such a directory in an
editor or IDE such as VS Code or Atom, will potentially run
commands defined by that other user.
and 2.30.4²:
This release contains minor fix-ups for the changes that went into
Git 2.30.3, which was made to address CVE-2022-24765.
* The code that was meant to parse the new `safe.directory`
configuration variable was not checking what configuration
variable was being fed to it, which has been corrected.
* '*' can be used as the value for the `safe.directory` variable to
signal that the user considers that any directory is safe.
¹ https://github.com/git/git/raw/v2.30.3/Documentation/RelNotes/2.30.3.txt
² https://github.com/git/git/raw/v2.30.4/Documentation/RelNotes/2.30.4.txt
|
||
|---|---|---|
| .gitignore | ||
| .mailmap | ||
| 0001-t-lib-gpg-use-with-colons-when-parsing-gpgsm-output.patch | ||
| 0002-t-lib-gpg-reload-gpg-components-after-updating-trust.patch | ||
| 0003-t-lib-gpg-kill-all-gpg-components-not-just-gpg-agent.patch | ||
| 0004-t4202-match-gpgsm-output-from-GnuPG-2.3.patch | ||
| 0005-gpg-interface-match-SIG_CREATED-if-it-s-the-first-li.patch | ||
| git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch | ||
| git-gui.desktop | ||
| git.rpmlintrc | ||
| git.skip-test-patterns | ||
| git.socket | ||
| git.spec | ||
| git.xinetd.in | ||
| git@.service.in | ||
| gitweb-httpd.conf | ||
| gitweb.conf.in | ||
| gpgkey-junio.asc | ||
| print-failed-test-output | ||
| sources | ||