Merge branch 'js/fix-open-exec' - git - Mirror of https://git.kernel.org/pub/scm/git/git.git/

about summary refs log tree commit diff stats

path: root/t/t9164-git-svn-dcommit-concurrent.sh

diff options

author	Johannes Sixt <j6t@kdbg.org>	2025-05-14 19:56:27 +0200
committer	Taylor Blau <me@ttaylorr.com>	2025-05-23 17:04:30 -0400
commit	27fbab4898620183e608865beffd960139c04d58 (patch)
tree	67fdd8ea73db990411b1e2709e8e5e49f9262da9 /t/t9164-git-svn-dcommit-concurrent.sh
parent	Merge branch 'ah/fix-open-with-stdin' (diff)
parent	gitk: sanitize 'open' arguments: revisit recently updated 'open' calls (diff)
download	git-27fbab4898620183e608865beffd960139c04d58.tar.gz git-27fbab4898620183e608865beffd960139c04d58.zip

Merge branch 'js/fix-open-exec'

This addresses CVE-2025-27613, Gitk can create and truncate a user's files: When a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option "Support per-file encoding" must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when "Show origin of this line" is used in the main window (regardless of whether "Support per-file encoding" is enabled or not). Signed-off-by: Johannes Sixt <j6t@kdbg.org>

Diffstat (limited to 't/t9164-git-svn-dcommit-concurrent.sh')

0 files changed, 0 insertions, 0 deletions

03-21 15:02:57 -0700'>2014-03-21t4018: convert custom pattern test to the new infrastructureJohannes Sixt4-24/+58 2014-03-21t4018: convert java pattern test to the new infrastructureJohannes Sixt2-4/+8 2014-03-21t4018: convert perl pattern tests to the new infrastructureJohannes Sixt6-88/+44 2014-03-21t4018: an infrastructure to test hunk headersJohannes Sixt2-6/+72 2014-03-21userdiff: support unsigned and long long suffixes of integer constantsJohannes Sixt1-1/+1 2014-03-21userdiff: support C++ ->* and .* operators in the word regexpJohannes Sixt1-1/+1 2014-03-21Update draft release notes to 2.0Junio C Hamano1-2/+26 2014-03-21config.txt: third-party tools may and do use their own variablesChris Angelico1-2/+7 2014-03-21doc: status, remove leftover statement about '#' prefixDirk Wallenstein1-1/+1 2014-03-20fsck: use bitwise-or assignment operator to set flagHiroyuki Sano1-12/+6 2014-03-20Documentation/gitk: document the location of the configulation fileAstril Hayato1-2/+8 2014-03-19fsck.c:fsck_commit(): use skip_prefix() to verify and skip constantYuxuan Shui1-11/+13 2014-03-19t5510: Do not use $(pwd) when fetching / pushing / pulling via rsyncSebastian Schuberth1-3/+3 2014-03-19tests: use "env" to run commands with temporary env-var settingsDavid Tran12-152/+42 2014-03-19diff-no-index: replace manual "."/".." check with is_dot_or_dotdot()Brian Bourn1-1/+2 2014-03-19diff-no-index: rename read_directory()Brian Bourn1-3/+3 2014-03-19rebase: allow "-" short-hand for the previous branchBrian Gesiak2-0/+21 2014-03-18Update draft release notes to Git 2.0Junio C Hamano1-0/+11 2014-03-18Git 1.9.1v1.9.1Junio C Hamano4-3/+63 2014-03-18add: use struct argv_array in run_add_interactive()Fabian Ruch1-11/+10 2014-03-18test-lib.sh: do not "echo" caller-supplied stringsUwe Storbeck1-2/+2 2014-03-18run-command: mark run_hook_with_custom_index as deprecatedBenoit Pierre1-0/+1 2014-03-18merge hook tests: fix and update testsBenoit Pierre1-6/+21 2014-03-18merge: fix GIT_EDITOR override for commit hookBenoit Pierre1-1/+1 2014-03-18commit: fix patch hunk editing with "commit -p -m"Benoit Pierre9-32/+80