kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
git/lib
History
Johannes Sixt 3f07230844 Merge branch 'js/fix-open-exec-git' 
This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:

When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.

* js/fix-open-exec-git:
  git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls
  git-gui: do not mistake command arguments as redirection operators
  git-gui: introduce function git_redir for git calls with redirections
  git-gui: pass redirections as separate argument to git_read
  git-gui: pass redirections as separate argument to _open_stdout_stderr
  git-gui: convert git_read*, git_write to be non-variadic
  git-gui: use git_read in githook_read
  git-gui: break out a separate function git_read_nice
  git-gui: remove option --stderr from git_read
  git-gui: sanitize 'exec' arguments: background
  git-gui: sanitize 'exec' arguments: simple cases
  git-gui: treat file names beginning with "|" as relative paths
  git-gui: remove git config --list handling for git < 1.5.3
  git-gui: remove HEAD detachment implementation for git < 1.5.3
  git-gui: remove Tcl 8.4 workaround on 2>@1 redirection

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
 		2025-07-08 21:22:48 +02:00
..
about.tcl git-gui: use themed tk widgets with Tk 8.5 2010-01-27 17:13:52 -08:00
blame.tcl git-gui: convert git_read*, git_write to be non-variadic 2025-05-23 17:04:24 -04:00
branch.tcl git-gui: convert git_read*, git_write to be non-variadic 2025-05-23 17:04:24 -04:00
branch_checkout.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
branch_create.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
branch_delete.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
branch_rename.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
browser.tcl git-gui: convert git_read*, git_write to be non-variadic 2025-05-23 17:04:24 -04:00
checkout_op.tcl git-gui: pass redirections as separate argument to git_read 2025-05-23 17:04:24 -04:00
choose_font.tcl git-gui: use themed tk widgets with Tk 8.5 2010-01-27 17:13:52 -08:00
choose_repository.tcl git-gui: pass redirections as separate argument to git_read 2025-05-23 17:04:24 -04:00
choose_rev.tcl git-gui: convert git_read*, git_write to be non-variadic 2025-05-23 17:04:24 -04:00
chord.tcl git-gui: create a new namespace for chord script evaluation 2020-03-17 18:48:54 +05:30
class.tcl git-gui: set suitable extended window manager hints. 2011-10-19 14:26:29 +01:00
commit.tcl Merge branch 'js/fix-open-exec-git' 2025-07-08 21:22:48 +02:00
console.tcl Merge branch 'js/fix-open-exec-git' 2025-07-08 21:22:48 +02:00
database.tcl git-gui: convert git_read*, git_write to be non-variadic 2025-05-23 17:04:24 -04:00
date.tcl git-gui: Localize commit/author dates when displaying them 2007-09-10 01:54:16 -04:00
diff.tcl Merge branch 'js/fix-open-exec-git' 2025-07-08 21:22:48 +02:00
encoding.tcl doc: switch links to https 2024-05-05 16:49:00 +02:00
error.tcl git-gui i18n: mark string in lib/error.tcl for translation 2016-10-03 23:40:23 +01:00
git-gui.ico git-gui: Improve the application icon on Windows. 2007-12-02 23:05:10 -05:00
index.tcl git-gui: convert git_read*, git_write to be non-variadic 2025-05-23 17:04:24 -04:00
line.tcl git-gui: theme the search and line-number entry fields on blame screen 2011-10-19 12:44:39 +01:00
logo.tcl git-gui: Refactor Henrik Nyh's logo into its own procedure 2007-10-10 01:12:15 -04:00
merge.tcl git-gui: introduce function git_redir for git calls with redirections 2025-05-23 17:04:24 -04:00
mergetool.tcl Merge branch 'js/fix-open-exec-git' 2025-07-08 21:22:48 +02:00
meson.build git-gui: wire up support for the Meson build system 2025-05-13 08:48:09 +02:00
option.tcl git-gui i18n: internationalize use of colon punctuation 2016-10-03 23:39:56 +01:00
remote.tcl git-gui: convert git_read*, git_write to be non-variadic 2025-05-23 17:04:24 -04:00
remote_add.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
remote_branch_delete.tcl git-gui: convert git_read*, git_write to be non-variadic 2025-05-23 17:04:24 -04:00
search.tcl git-gui: use a tristate to control the case mode in the searchbar 2011-10-21 22:28:23 +01:00
shortcut.tcl Merge branch 'ml/replace-auto-execok' into js/fix-open-exec 2025-05-23 17:04:27 -04:00
spellcheck.tcl git-gui: correct spelling errors in comments 2013-11-15 20:44:08 +00:00
sshkey.tcl Merge branch 'ml/replace-auto-execok' into js/fix-open-exec 2025-05-23 17:04:27 -04:00
status_bar.tcl git-gui: update status bar to track operations 2019-12-06 00:12:15 +05:30
themed.tcl git-gui: use gray background for inactive text widgets 2020-12-19 01:00:17 +05:30
tools.tcl Merge branch 'ml/replace-auto-execok' into js/fix-open-exec 2025-05-23 17:04:27 -04:00
tools_dlg.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
transport.tcl git-gui: fix incorrect use of Tcl append command 2016-10-03 23:40:10 +01:00
win32.tcl git-gui: sanitize 'exec' arguments: simple cases 2025-05-23 17:04:23 -04:00
win32_shortcut.js git-gui: Use proper Windows shortcuts instead of bat files 2007-10-12 23:07:58 -04:00