* maint-2.47:
Git 2.47.3
Git 2.46.4
Git 2.45.4
Git 2.44.4
Git 2.43.7
wincred: avoid buffer overflow in wcsncat()
bundle-uri: fix arbitrary file writes via parameter injection
config: quote values containing CR character
git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls
git-gui: do not mistake command arguments as redirection operators
git-gui: introduce function git_redir for git calls with redirections
git-gui: pass redirections as separate argument to git_read
git-gui: pass redirections as separate argument to _open_stdout_stderr
git-gui: convert git_read*, git_write to be non-variadic
git-gui: override exec and open only on Windows
gitk: sanitize 'open' arguments: revisit recently updated 'open' calls
git-gui: use git_read in githook_read
git-gui: sanitize $PATH on all platforms
git-gui: break out a separate function git_read_nice
git-gui: assure PATH has only absolute elements.
git-gui: remove option --stderr from git_read
git-gui: cleanup git-bash menu item
git-gui: sanitize 'exec' arguments: background
git-gui: avoid auto_execok in do_windows_shortcut
git-gui: sanitize 'exec' arguments: simple cases
git-gui: avoid auto_execok for git-bash menu item
git-gui: treat file names beginning with "|" as relative paths
git-gui: remove unused proc is_shellscript
git-gui: remove git config --list handling for git < 1.5.3
git-gui: remove special treatment of Windows from open_cmd_pipe
git-gui: remove HEAD detachment implementation for git < 1.5.3
git-gui: use only the configured shell
git-gui: remove Tcl 8.4 workaround on 2>@1 redirection
git-gui: make _shellpath usable on startup
git-gui: use [is_Windows], not bad _shellpath
git-gui: _which, only add .exe suffix if not present
gitk: encode arguments correctly with "open"
gitk: sanitize 'open' arguments: command pipeline
gitk: collect construction of blameargs into a single conditional
gitk: sanitize 'open' arguments: simple commands, readable and writable
gitk: sanitize 'open' arguments: simple commands with redirections
gitk: sanitize 'open' arguments: simple commands
gitk: sanitize 'exec' arguments: redirect to process
gitk: sanitize 'exec' arguments: redirections and background
gitk: sanitize 'exec' arguments: redirections
gitk: sanitize 'exec' arguments: 'eval exec'
gitk: sanitize 'exec' arguments: simple cases
gitk: have callers of diffcmd supply pipe symbol when necessary
gitk: treat file names beginning with "|" as relative paths
This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:
When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
* https://github.com/prati0100/git-gui:
git-gui: Handle Ctrl + BS/Del in the commit msg
Subject: git-gui: fix syntax error because of missing semicolon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
iQCVAwUAUbzwiGB90JXwhOSJAQKxtAP/TYTpKWzKiDwzu/2P6ecIWcS/4vaKlj1M
WSyvp4t4stTXhRXntId7psQO7nYTb+Pb3VlY+WPr9J3xL39IjU2qHLsrQJEqtsWI
FcE7SNxB0BvNreAqkdYNaKqSfGqQJPdV8K5WKaySZMpMkq/ZOT7WiOQq6wynDLuR
sDopx39hLDI=
=Az9M
-----END PGP SIGNATURE-----
Merge tag 'gitgui-0.18.0' of git://repo.or.cz/git-gui
git-gui 0.18.0
* tag 'gitgui-0.18.0' of git://repo.or.cz/git-gui:
git-gui 0.18
git-gui: avoid an error message when removing the last remote
git-gui: fix file name handling with non-empty prefix
git-gui: bring wish process to front on Mac
git-gui: change dialog button positions for Windows to suit platform.
git-gui: allow "\ No newline at end of file" for linewise staging
git-gui: fix the mergetool launcher for the Beyond Compare tool.
Makefile: replace "echo 1>..." with "echo >..."
French translation: copy -> copie.
git-gui: Fix parsing of <rev> <path-which-not-present-in-worktree>
* git://repo.or.cz/git-gui:
git-gui: Fixes for Mac OS X TkAqua
git-gui: Update Russian translation
git-gui: run post-checkout hook after clone
git-gui: Ensure consistent usage of mergetool.keepBackup
git-gui: fix use of undeclared variable diff_empty_count
git-gui (Win): make starting via "Git GUI Here" on .git/ possible
git-gui (Win): make "Explore Working Copy" more robust
git-gui: run post-checkout hook on checkout
git-gui: When calling post-commit hook wrong variable was cleared.
git-gui: use `git --html-path` to get the location of installed HTML docs
git-gui: fix deleting from the context menu with empty selection
git-gui: minor spelling fix and string factorisation.
git-gui: various French translation fixes
git-gui: Fix merge conflict display error when filename contains spaces
git-gui: don't hide the Browse button when resizing the repo chooser
Append ampersand to "Target" of lnk files created by do_cygwin_shortcut
git-gui: Support more git version notations.
git-gui: Avoid an infinite rescan loop in handle_empty_diff.
git-gui: Fix post-commit status with subject in non-locale encoding
* git://repo.or.cz/git-gui: (27 commits)
git-gui: Update German translation.
git-gui: Do not munge conflict marker lines in a normal diff
git-gui: Add a simple implementation of SSH_ASKPASS.
git-gui: Add a dialog that shows the OpenSSH public key.
git-gui: Mark-up strings in show_{other,unmerged}_diff() for localization
git-gui: Show a round number of bytes of large untracked text files
git-gui: Fix the blame viewer destroy handler.
git-gui: Add a search command to the blame viewer.
git-gui: Fix the blame window shape.
git-gui: Fix switch statement in lib/merge.tcl
git-gui: Fix fetching from remotes when adding them
git-gui: Fix removing non-pushable remotes
git-gui: Make input boxes in init/clone/open dialogs consistent
git-gui: Avoid using the term URL when specifying repositories
git-gui: gui.autoexplore makes explorer to pop up automatically after picking
git-gui: Add Explore Working Copy to the Repository menu
git-gui: Use git web--browser for web browsing
git-gui: mkdir -p when initializing new remote repository
git-gui: Add support for removing remotes
git-gui: Add support for adding remotes
...
* git://repo.or.cz/git-gui:
git-gui: Reenable staging unmerged files by clicking the icon.
git-gui: Support the encoding menu in gui blame.
git-gui: Optimize encoding name resolution using a lookup table.
git-gui: Allow forcing display encoding for diffs using a submenu.
git-gui: Add a menu of available encodings.
git-gui: Cleanup handling of the default encoding.
git-gui: Assume `blame --incremental` output is in UTF-8
git-gui: Use gitattribute "encoding" for file content display
git-gui: Add support for calling out to the prepare-commit-msg hook
git-gui: Hide commit related UI during citool --nocommit
git-gui: Add more integration options to citool.
git-gui: Updated German translation.
git-gui: I18n fix sentence parts into full sentences for translation again.
git-gui: Restore ability to Stage Working Copy for conflicts.
git-gui: Fix Blame Parent & Context for working copy lines.
Merge git://repo.or.cz/git-gui and git://git.kernel.org/pub/scm/gitk/gitk
* git://repo.or.cz/git-gui:
git-gui: Show special diffs for complex conflict cases.
git-gui: Make F5 reselect a diff, if an untracked file is selected.
git-gui: Reimplement and enhance auto-selection of diffs.
git-gui: Support conflict states _U & UT.
git-gui: Support more merge tools.
git-gui: Don't allow staging files with conflicts.
git-gui: Support calling merge tools.
git-gui: Support resolving conflicts via the diff context menu.
git-gui: Mark forgotten strings for translation.
git-gui: Allow specifying an initial line for git gui blame.
git-gui: Better positioning in Blame Parent Commit
git-gui: Support passing blame to a parent commit.
git-gui: Support starting gitk from Gui Blame
git-gui: Teach git gui about file type changes
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Add menu item for calling git gui blame
gitk: Add option to specify the default commit on command line
Taylor Blau