<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/Documentation, branch v2.30.4</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.30.4</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.30.4'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2022-04-13T20:31:29Z</updated>
<entry>
<title>Git 2.30.4</title>
<updated>2022-04-13T20:31:29Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2022-04-13T20:31:29Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=17083c79ae842b51d82518e2efe5281346acea0e'/>
<id>urn:sha1:17083c79ae842b51d82518e2efe5281346acea0e</id>
<content type='text'>
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>setup: opt-out of check with safe.directory=*</title>
<updated>2022-04-13T19:42:51Z</updated>
<author>
<name>Derrick Stolee</name>
<email>derrickstolee@github.com</email>
</author>
<published>2022-04-13T15:32:31Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8'/>
<id>urn:sha1:0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8</id>
<content type='text'>
With the addition of the safe.directory in 8959555ce
(setup_git_directory(): add an owner check for the top-level directory,
2022-03-02) released in v2.35.2, we are receiving feedback from a
variety of users about the feature.

Some users have a very large list of shared repositories and find it
cumbersome to add this config for every one of them.

In a more difficult case, certain workflows involve running Git commands
within containers. The container boundary prevents any global or system
config from communicating `safe.directory` values from the host into the
container. Further, the container almost always runs as a different user
than the owner of the directory in the host.

To simplify the reactions necessary for these users, extend the
definition of the safe.directory config value to include a possible '*'
value. This value implies that all directories are safe, providing a
single setting to opt-out of this protection.

Note that an empty assignment of safe.directory clears all previous
values, and this is already the case with the "if (!value || !*value)"
condition.

Signed-off-by: Derrick Stolee &lt;derrickstolee@github.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Git 2.30.3</title>
<updated>2022-03-23T23:22:17Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-03-17T09:15:15Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=cb95038137e9e66fc6a6b4a0e8db62bcc521b709'/>
<id>urn:sha1:cb95038137e9e66fc6a6b4a0e8db62bcc521b709</id>
<content type='text'>
Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
</content>
</entry>
<entry>
<title>setup_git_directory(): add an owner check for the top-level directory</title>
<updated>2022-03-21T12:16:26Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-03-02T11:23:04Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=8959555cee7ec045958f9b6dd62e541affb7e7d9'/>
<id>urn:sha1:8959555cee7ec045958f9b6dd62e541affb7e7d9</id>
<content type='text'>
It poses a security risk to search for a git directory outside of the
directories owned by the current user.

For example, it is common e.g. in computer pools of educational
institutes to have a "scratch" space: a mounted disk with plenty of
space that is regularly swiped where any authenticated user can create
a directory to do their work. Merely navigating to such a space with a
Git-enabled `PS1` when there is a maliciously-crafted `/scratch/.git/`
can lead to a compromised account.

The same holds true in multi-user setups running Windows, as `C:\` is
writable to every authenticated user by default.

To plug this vulnerability, we stop Git from accepting top-level
directories owned by someone other than the current user. We avoid
looking at the ownership of each and every directories between the
current and the top-level one (if there are any between) to avoid
introducing a performance bottleneck.

This new default behavior is obviously incompatible with the concept of
shared repositories, where we expect the top-level directory to be owned
by only one of its legitimate users. To re-enable that use case, we add
support for adding exceptions from the new default behavior via the
config setting `safe.directory`.

The `safe.directory` config setting is only respected in the system and
global configs, not from repository configs or via the command-line, and
can have multiple values to allow for multiple shared repositories.

We are particularly careful to provide a helpful message to any user
trying to use a shared repository.

Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
</content>
</entry>
<entry>
<title>Git 2.30.2</title>
<updated>2021-02-12T14:51:13Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2021-02-12T14:51:13Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=94f6e3e283f2adfc518b39cfc39291f1c2832ad0'/>
<id>urn:sha1:94f6e3e283f2adfc518b39cfc39291f1c2832ad0</id>
<content type='text'>
Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
</content>
</entry>
<entry>
<title>Sync with 2.29.3</title>
<updated>2021-02-12T14:51:12Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2021-02-12T14:51:12Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e4e68081bb811672b069eb1d6c97e57dd0764d51'/>
<id>urn:sha1:e4e68081bb811672b069eb1d6c97e57dd0764d51</id>
<content type='text'>
* maint-2.29:
  Git 2.29.3
  Git 2.28.1
  Git 2.27.1
  Git 2.26.3
  Git 2.25.5
  Git 2.24.4
  Git 2.23.4
  Git 2.22.5
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
</content>
</entry>
<entry>
<title>Git 2.29.3</title>
<updated>2021-02-12T14:50:15Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2021-02-12T14:50:15Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=0628636d0c21324ae0f11be591611c6b1e55705f'/>
<id>urn:sha1:0628636d0c21324ae0f11be591611c6b1e55705f</id>
<content type='text'>
Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
</content>
</entry>
<entry>
<title>Sync with 2.28.1</title>
<updated>2021-02-12T14:50:14Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2021-02-12T14:50:14Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=d7bdabe52fbbde2ec1cbabdc8bdc737a8ead26aa'/>
<id>urn:sha1:d7bdabe52fbbde2ec1cbabdc8bdc737a8ead26aa</id>
<content type='text'>
* maint-2.28:
  Git 2.28.1
  Git 2.27.1
  Git 2.26.3
  Git 2.25.5
  Git 2.24.4
  Git 2.23.4
  Git 2.22.5
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
</content>
</entry>
<entry>
<title>Git 2.28.1</title>
<updated>2021-02-12T14:50:10Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2021-02-12T14:50:10Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e4f4299859610638e45ec1a36266973b9a4eb47a'/>
<id>urn:sha1:e4f4299859610638e45ec1a36266973b9a4eb47a</id>
<content type='text'>
Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
</content>
</entry>
<entry>
<title>Sync with 2.27.1</title>
<updated>2021-02-12T14:50:09Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2021-02-12T14:50:09Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=3f01e56686b2fd08d919306717764391409ac81e'/>
<id>urn:sha1:3f01e56686b2fd08d919306717764391409ac81e</id>
<content type='text'>
* maint-2.27:
  Git 2.27.1
  Git 2.26.3
  Git 2.25.5
  Git 2.24.4
  Git 2.23.4
  Git 2.22.5
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
</content>
</entry>
</feed>
