|
| 1 | +Git v2.39.4 Release Notes |
| 2 | +========================= |
| 3 | + |
| 4 | +This addresses the security issues CVE-2024-32002, CVE-2024-32004, |
| 5 | +CVE-2024-32020 and CVE-2024-32021. |
| 6 | + |
| 7 | +This release also backports fixes necessary to let the CI builds pass |
| 8 | +successfully. |
| 9 | + |
| 10 | +Fixes since v2.39.3 |
| 11 | +------------------- |
| 12 | + |
| 13 | + * CVE-2024-32002: |
| 14 | + |
| 15 | + Recursive clones on case-insensitive filesystems that support symbolic |
| 16 | + links are susceptible to case confusion that can be exploited to |
| 17 | + execute just-cloned code during the clone operation. |
| 18 | + |
| 19 | + * CVE-2024-32004: |
| 20 | + |
| 21 | + Repositories can be configured to execute arbitrary code during local |
| 22 | + clones. To address this, the ownership checks introduced in v2.30.3 |
| 23 | + are now extended to cover cloning local repositories. |
| 24 | + |
| 25 | + * CVE-2024-32020: |
| 26 | + |
| 27 | + Local clones may end up hardlinking files into the target repository's |
| 28 | + object database when source and target repository reside on the same |
| 29 | + disk. If the source repository is owned by a different user, then |
| 30 | + those hardlinked files may be rewritten at any point in time by the |
| 31 | + untrusted user. |
| 32 | + |
| 33 | + * CVE-2024-32021: |
| 34 | + |
| 35 | + When cloning a local source repository that contains symlinks via the |
| 36 | + filesystem, Git may create hardlinks to arbitrary user-readable files |
| 37 | + on the same filesystem as the target repository in the objects/ |
| 38 | + directory. |
| 39 | + |
| 40 | + * CVE-2024-32465: |
| 41 | + |
| 42 | + It is supposed to be safe to clone untrusted repositories, even those |
| 43 | + unpacked from zip archives or tarballs originating from untrusted |
| 44 | + sources, but Git can be tricked to run arbitrary code as part of the |
| 45 | + clone. |
| 46 | + |
| 47 | + * Defense-in-depth: submodule: require the submodule path to contain |
| 48 | + directories only. |
| 49 | + |
| 50 | + * Defense-in-depth: clone: when symbolic links collide with directories, keep |
| 51 | + the latter. |
| 52 | + |
| 53 | + * Defense-in-depth: clone: prevent hooks from running during a clone. |
| 54 | + |
| 55 | + * Defense-in-depth: core.hooksPath: add some protection while cloning. |
| 56 | + |
| 57 | + * Defense-in-depth: fsck: warn about symlink pointing inside a gitdir. |
| 58 | + |
| 59 | + * Various fix-ups on HTTP tests. |
| 60 | + |
| 61 | + * Test update. |
| 62 | + |
| 63 | + * HTTP Header redaction code has been adjusted for a newer version of |
| 64 | + cURL library that shows its traces differently from earlier |
| 65 | + versions. |
| 66 | + |
| 67 | + * Fix was added to work around a regression in libcURL 8.7.0 (which has |
| 68 | + already been fixed in their tip of the tree). |
| 69 | + |
| 70 | + * Replace macos-12 used at GitHub CI with macos-13. |
| 71 | + |
| 72 | + * ci(linux-asan/linux-ubsan): let's save some time |
| 73 | + |
| 74 | + * Tests with LSan from time to time seem to emit harmless message that makes |
| 75 | + our tests unnecessarily flakey; we work it around by filtering the |
| 76 | + uninteresting output. |
| 77 | + |
| 78 | + * Update GitHub Actions jobs to avoid warnings against using deprecated |
| 79 | + version of Node.js. |
0 commit comments