kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
git/lib
History
Johannes Sixt 88125ffe70 Merge branch 'ml/replace-auto-execok' 
This addresses CVE-2025-46334, Git GUI malicious command injection on
Windows.

A malicious repository can ship versions of sh.exe or typical textconv
filter programs such as astextplain.  Due to the unfortunate design of
Tcl on Windows, the search path when looking for an executable always
includes the current directory.  The mentioned programs are invoked when
the user selects "Git Bash" or "Browse Files" from the menu.

* ml/replace-auto-execok:
  git-gui: override exec and open only on Windows
  git-gui: sanitize $PATH on all platforms
  git-gui: assure PATH has only absolute elements.
  git-gui: cleanup git-bash menu item
  git-gui: avoid auto_execok in do_windows_shortcut
  git-gui: avoid auto_execok for git-bash menu item
  git-gui: remove unused proc is_shellscript
  git-gui: remove special treatment of Windows from open_cmd_pipe
  git-gui: use only the configured shell
  git-gui: make _shellpath usable on startup
  git-gui: use [is_Windows], not bad _shellpath
  git-gui: _which, only add .exe suffix if not present

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
 		2025-07-08 21:20:21 +02:00
..
about.tcl git-gui: use themed tk widgets with Tk 8.5 2010-01-27 17:13:52 -08:00
blame.tcl git-gui: blame: prevent tool tips from sticking around after Command-Tab 2020-10-17 15:04:35 +05:30
branch.tcl git gui: fix branch name encoding error 2019-12-10 02:43:55 +05:30
branch_checkout.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
branch_create.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
branch_delete.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
branch_rename.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
browser.tcl git-gui: unicode file name support on windows 2016-10-06 09:21:50 +01:00
checkout_op.tcl git-gui: update status bar to track operations 2019-12-06 00:12:15 +05:30
choose_font.tcl git-gui: use themed tk widgets with Tk 8.5 2010-01-27 17:13:52 -08:00
choose_repository.tcl git-gui - remove obsolete Cygwin specific code 2023-08-24 16:19:57 +02:00
choose_rev.tcl git-gui: set suitable extended window manager hints. 2011-10-19 14:26:29 +01:00
chord.tcl git-gui: create a new namespace for chord script evaluation 2020-03-17 18:48:54 +05:30
class.tcl git-gui: set suitable extended window manager hints. 2011-10-19 14:26:29 +01:00
commit.tcl git-gui: do not end the commit message with an empty line 2025-05-15 19:44:45 +02:00
console.tcl git-gui: use system encoding to show console output 2024-12-08 22:14:45 +04:00
database.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
date.tcl git-gui: Localize commit/author dates when displaying them 2007-09-10 01:54:16 -04:00
diff.tcl git-gui: Remove forced rescan of stat-dirty files. 2024-08-03 18:56:35 +02:00
encoding.tcl doc: switch links to https 2024-05-05 16:49:00 +02:00
error.tcl git-gui i18n: mark string in lib/error.tcl for translation 2016-10-03 23:40:23 +01:00
git-gui.ico git-gui: Improve the application icon on Windows. 2007-12-02 23:05:10 -05:00
index.tcl Subject: git-gui: fix syntax error because of missing semicolon 2020-04-22 18:32:44 +05:30
line.tcl git-gui: theme the search and line-number entry fields on blame screen 2011-10-19 12:44:39 +01:00
logo.tcl git-gui: Refactor Henrik Nyh's logo into its own procedure 2007-10-10 01:12:15 -04:00
merge.tcl git-gui: add missing close bracket 2020-02-17 21:34:45 +05:30
mergetool.tcl git gui: add directly calling merge tool from configuration 2024-09-14 15:20:16 +02:00
meson.build git-gui: wire up support for the Meson build system 2025-05-13 08:48:09 +02:00
option.tcl git-gui i18n: internationalize use of colon punctuation 2016-10-03 23:39:56 +01:00
remote.tcl git-gui: Mark 'All' in remote.tcl for translation 2016-10-20 11:13:03 +01:00
remote_add.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
remote_branch_delete.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
search.tcl git-gui: use a tristate to control the case mode in the searchbar 2011-10-21 22:28:23 +01:00
shortcut.tcl git-gui: avoid auto_execok in do_windows_shortcut 2025-05-23 17:04:23 -04:00
spellcheck.tcl git-gui: correct spelling errors in comments 2013-11-15 20:44:08 +00:00
sshkey.tcl git-gui: use only the configured shell 2025-05-23 17:04:23 -04:00
status_bar.tcl git-gui: update status bar to track operations 2019-12-06 00:12:15 +05:30
themed.tcl git-gui: use gray background for inactive text widgets 2020-12-19 01:00:17 +05:30
tools.tcl git-gui: use only the configured shell 2025-05-23 17:04:23 -04:00
tools_dlg.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
transport.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
win32.tcl git-gui: fix shortcut creation on cygwin 2010-07-30 10:05:26 +01:00
win32_shortcut.js git-gui: Use proper Windows shortcuts instead of bat files 2007-10-12 23:07:58 -04:00