diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-07-13 08:36:13 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-07-13 08:36:13 +0300 |
commit | be8b2457721e1ec154ecb6e037e797b37578ea62 (patch) | |
tree | dfdcf996cc0db44ad8f8480db937d3bbc4472694 /_support | |
parent | 8e3eafce11e3b48177872c28c58614226ae18602 (diff) |
Makefile: Update Git to v2.37.1pks-git-v2.37.1
Update our bundled Git version to v2.37.1. This both updates our major
version to include the latest changes from v2.37, but also updates our
minor version to include fixes for CVE-2022-29187, which is another
variant of opening repositories owned by a different user leading to
privilege escalation.
To the best of my knowledge, Gitaly is not impacted by this specific
vulnerability. It does not perform repository discovery by walking up
the filesystem hierarchy and thus wouldn't pick up repositories in any
of the parent directories of the storage root. And if an adversary is in
a posititon to change the owner of repositories contained in Gitaly's
storage root, they would already have other ways to attack the host.
Also note that we're upgrading the bundled Git version v2.36.1 in-place.
This can be done because its feature flag is not yet default-enabled and
hasn't been rolled out anywhere due to a set of incompatibilities.
Changelog: changed
Diffstat (limited to '_support')
-rw-r--r-- | _support/git-patches/v2.37.1.gl1/0001-refs-extract-packed_refs_delete_refs-to-allow-contro.patch (renamed from _support/git-patches/v2.36.0.gl1/0001-refs-extract-packed_refs_delete_refs-to-allow-contro.patch) | 0 | ||||
-rw-r--r-- | _support/git-patches/v2.37.1.gl1/0002-refs-allow-passing-flags-when-beginning-transactions.patch (renamed from _support/git-patches/v2.36.0.gl1/0002-refs-allow-passing-flags-when-beginning-transactions.patch) | 0 | ||||
-rw-r--r-- | _support/git-patches/v2.37.1.gl1/0003-refs-allow-skipping-the-reference-transaction-hook.patch (renamed from _support/git-patches/v2.36.0.gl1/0003-refs-allow-skipping-the-reference-transaction-hook.patch) | 0 | ||||
-rw-r--r-- | _support/git-patches/v2.37.1.gl1/0004-refs-demonstrate-excessive-execution-of-the-referenc.patch (renamed from _support/git-patches/v2.36.0.gl1/0004-refs-demonstrate-excessive-execution-of-the-referenc.patch) | 0 | ||||
-rw-r--r-- | _support/git-patches/v2.37.1.gl1/0005-refs-do-not-execute-reference-transaction-hook-on-pa.patch (renamed from _support/git-patches/v2.36.0.gl1/0005-refs-do-not-execute-reference-transaction-hook-on-pa.patch) | 0 | ||||
-rw-r--r-- | _support/git-patches/v2.37.1.gl1/0006-refs-skip-hooks-when-deleting-uncovered-packed-refs.patch (renamed from _support/git-patches/v2.36.0.gl1/0006-refs-skip-hooks-when-deleting-uncovered-packed-refs.patch) | 0 |
6 files changed, 0 insertions, 0 deletions
diff --git a/_support/git-patches/v2.36.0.gl1/0001-refs-extract-packed_refs_delete_refs-to-allow-contro.patch b/_support/git-patches/v2.37.1.gl1/0001-refs-extract-packed_refs_delete_refs-to-allow-contro.patch index 47dd3e41c..47dd3e41c 100644 --- a/_support/git-patches/v2.36.0.gl1/0001-refs-extract-packed_refs_delete_refs-to-allow-contro.patch +++ b/_support/git-patches/v2.37.1.gl1/0001-refs-extract-packed_refs_delete_refs-to-allow-contro.patch diff --git a/_support/git-patches/v2.36.0.gl1/0002-refs-allow-passing-flags-when-beginning-transactions.patch b/_support/git-patches/v2.37.1.gl1/0002-refs-allow-passing-flags-when-beginning-transactions.patch index 8038daca2..8038daca2 100644 --- a/_support/git-patches/v2.36.0.gl1/0002-refs-allow-passing-flags-when-beginning-transactions.patch +++ b/_support/git-patches/v2.37.1.gl1/0002-refs-allow-passing-flags-when-beginning-transactions.patch diff --git a/_support/git-patches/v2.36.0.gl1/0003-refs-allow-skipping-the-reference-transaction-hook.patch b/_support/git-patches/v2.37.1.gl1/0003-refs-allow-skipping-the-reference-transaction-hook.patch index cd194f8aa..cd194f8aa 100644 --- a/_support/git-patches/v2.36.0.gl1/0003-refs-allow-skipping-the-reference-transaction-hook.patch +++ b/_support/git-patches/v2.37.1.gl1/0003-refs-allow-skipping-the-reference-transaction-hook.patch diff --git a/_support/git-patches/v2.36.0.gl1/0004-refs-demonstrate-excessive-execution-of-the-referenc.patch b/_support/git-patches/v2.37.1.gl1/0004-refs-demonstrate-excessive-execution-of-the-referenc.patch index aa6d96a3e..aa6d96a3e 100644 --- a/_support/git-patches/v2.36.0.gl1/0004-refs-demonstrate-excessive-execution-of-the-referenc.patch +++ b/_support/git-patches/v2.37.1.gl1/0004-refs-demonstrate-excessive-execution-of-the-referenc.patch diff --git a/_support/git-patches/v2.36.0.gl1/0005-refs-do-not-execute-reference-transaction-hook-on-pa.patch b/_support/git-patches/v2.37.1.gl1/0005-refs-do-not-execute-reference-transaction-hook-on-pa.patch index f2e7c06ed..f2e7c06ed 100644 --- a/_support/git-patches/v2.36.0.gl1/0005-refs-do-not-execute-reference-transaction-hook-on-pa.patch +++ b/_support/git-patches/v2.37.1.gl1/0005-refs-do-not-execute-reference-transaction-hook-on-pa.patch diff --git a/_support/git-patches/v2.36.0.gl1/0006-refs-skip-hooks-when-deleting-uncovered-packed-refs.patch b/_support/git-patches/v2.37.1.gl1/0006-refs-skip-hooks-when-deleting-uncovered-packed-refs.patch index 3b21bf489..3b21bf489 100644 --- a/_support/git-patches/v2.36.0.gl1/0006-refs-skip-hooks-when-deleting-uncovered-packed-refs.patch +++ b/_support/git-patches/v2.37.1.gl1/0006-refs-skip-hooks-when-deleting-uncovered-packed-refs.patch |