--- /dev/null
+Git v2.14.5 Release Notes
+=========================
+
+This release is to address the recently reported CVE-2018-17456.
+
+Fixes since v2.14.4
+-------------------
+
+ * Submodules' "URL"s come from the untrusted .gitmodules file, but
+ we blindly gave it to "git clone" to clone submodules when "git
+ clone --recurse-submodules" was used to clone a project that has
+ such a submodule. The code has been hardened to reject such
+ malformed URLs (e.g. one that begins with a dash).
+
+Credit for finding and fixing this vulnerability goes to joernchen
+and Jeff King, respectively.
#!/bin/sh
GVF=GIT-VERSION-FILE
-DEF_VER=v2.14.4
+DEF_VER=v2.14.5
LF='
'
-Documentation/RelNotes/2.14.4.txt
\ No newline at end of file
+Documentation/RelNotes/2.14.5.txt
\ No newline at end of file
if (gitdir && *gitdir)
argv_array_pushl(&cp.args, "--separate-git-dir", gitdir, NULL);
+ argv_array_push(&cp.args, "--");
argv_array_push(&cp.args, url);
argv_array_push(&cp.args, path);
commit_string, name, option);
}
+static void warn_command_line_option(const char *var, const char *value)
+{
+ warning(_("ignoring '%s' which may be interpreted as"
+ " a command-line option: %s"), var, value);
+}
+
struct parse_config_parameter {
struct submodule_cache *cache;
const unsigned char *treeish_name;
if (!strcmp(item.buf, "path")) {
if (!value)
ret = config_error_nonbool(var);
+ else if (looks_like_command_line_option(value))
+ warn_command_line_option(var, value);
else if (!me->overwrite && submodule->path)
warn_multiple_config(me->treeish_name, submodule->name,
"path");
} else if (!strcmp(item.buf, "url")) {
if (!value) {
ret = config_error_nonbool(var);
+ } else if (looks_like_command_line_option(value)) {
+ warn_command_line_option(var, value);
} else if (!me->overwrite && submodule->url) {
warn_multiple_config(me->treeish_name, submodule->name,
"url");
--- /dev/null
+#!/bin/sh
+
+test_description='check handling of .gitmodule url with dash'
+. ./test-lib.sh
+
+test_expect_success 'create submodule with protected dash in url' '
+ git init upstream &&
+ git -C upstream commit --allow-empty -m base &&
+ mv upstream ./-upstream &&
+ git submodule add ./-upstream sub &&
+ git add sub .gitmodules &&
+ git commit -m submodule
+'
+
+test_expect_success 'clone can recurse submodule' '
+ test_when_finished "rm -rf dst" &&
+ git clone --recurse-submodules . dst &&
+ echo base >expect &&
+ git -C dst/sub log -1 --format=%s >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success 'remove ./ protection from .gitmodules url' '
+ perl -i -pe "s{\./}{}" .gitmodules &&
+ git commit -am "drop protection"
+'
+
+test_expect_success 'clone rejects unprotected dash' '
+ test_when_finished "rm -rf dst" &&
+ test_must_fail git clone --recurse-submodules . dst 2>err &&
+ test_i18ngrep ignoring err
+'
+
+test_done
--- /dev/null
+#!/bin/sh
+
+test_description='check handling of .gitmodule path with dash'
+. ./test-lib.sh
+
+test_expect_success 'create submodule with dash in path' '
+ git init upstream &&
+ git -C upstream commit --allow-empty -m base &&
+ git submodule add ./upstream sub &&
+ git mv sub ./-sub &&
+ git commit -m submodule
+'
+
+test_expect_success 'clone rejects unprotected dash' '
+ test_when_finished "rm -rf dst" &&
+ git clone --recurse-submodules . dst 2>err &&
+ test_i18ngrep ignoring err
+'
+
+test_done