From 93ba78d6f4632ef1c5228965e3edc8c0faf88c1e Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Tue, 26 May 2020 00:06:52 +0100 Subject: revert(3p/git): Revert merge of git upstream at v2.26.2 This causes cgit to serve error pages, which is undesirable. This reverts commit 5229c9b232de5bfa959ad6ebbb4c8192ac513352, reversing changes made to f2b211131f2347342dde63975b09cf603149f1a3. --- third_party/git/Documentation/RelNotes/2.14.6.txt | 54 ----------------------- 1 file changed, 54 deletions(-) delete mode 100644 third_party/git/Documentation/RelNotes/2.14.6.txt (limited to 'third_party/git/Documentation/RelNotes/2.14.6.txt') diff --git a/third_party/git/Documentation/RelNotes/2.14.6.txt b/third_party/git/Documentation/RelNotes/2.14.6.txt deleted file mode 100644 index 72b7af679917..000000000000 --- a/third_party/git/Documentation/RelNotes/2.14.6.txt +++ /dev/null @@ -1,54 +0,0 @@ -Git v2.14.6 Release Notes -========================= - -This release addresses the security issues CVE-2019-1348, -CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, -CVE-2019-1353, CVE-2019-1354, and CVE-2019-1387. - -Fixes since v2.14.5 -------------------- - - * CVE-2019-1348: - The --export-marks option of git fast-import is exposed also via - the in-stream command feature export-marks=... and it allows - overwriting arbitrary paths. - - * CVE-2019-1349: - When submodules are cloned recursively, under certain circumstances - Git could be fooled into using the same Git directory twice. We now - require the directory to be empty. - - * CVE-2019-1350: - Incorrect quoting of command-line arguments allowed remote code - execution during a recursive clone in conjunction with SSH URLs. - - * CVE-2019-1351: - While the only permitted drive letters for physical drives on - Windows are letters of the US-English alphabet, this restriction - does not apply to virtual drives assigned via subst : - . Git mistook such paths for relative paths, allowing writing - outside of the worktree while cloning. - - * CVE-2019-1352: - Git was unaware of NTFS Alternate Data Streams, allowing files - inside the .git/ directory to be overwritten during a clone. - - * CVE-2019-1353: - When running Git in the Windows Subsystem for Linux (also known as - "WSL") while accessing a working directory on a regular Windows - drive, none of the NTFS protections were active. - - * CVE-2019-1354: - Filenames on Linux/Unix can contain backslashes. On Windows, - backslashes are directory separators. Git did not use to refuse to - write out tracked files with such filenames. - - * CVE-2019-1387: - Recursive clones are currently affected by a vulnerability that is - caused by too-lax validation of submodule names, allowing very - targeted attacks via remote code execution in recursive clones. - -Credit for finding these vulnerabilities goes to Microsoft Security -Response Center, in particular to Nicolas Joly. The `fast-import` -fixes were provided by Jeff King, the other fixes by Johannes -Schindelin with help from Garima Singh. -- cgit 1.4.1