github jelmer/dulwich dulwich-1.2.8

3 hours ago

Security

  • GHSA-8w8g-wq8h-fq33: Write files through build_file_from_blob in path-restricted porcelain.checkout(paths=...) instead of a raw os.open. The old path followed a symlink left at the target, so a crafted repository could write attacker content outside the work tree (e.g. into .git/hooks) on checkout.
  • GHSA-5fqc-mrg8-w798: Build the temporary index for filter-branch --index-filter in memory instead of materializing tree entries into CWD. Persisted entries between commits let a symlink from an ancestor commit redirect a descendant's writes outside the work tree.
  • Refuse to write a stash entry through an intermediate symlink on stash.pop. The old os.path.exists check followed symlinks, so a crafted stash whose parent path was a symlink already present in the worktree (e.g. link -> .git/hooks) let the subsequent write land outside the work tree.
  • Refuse path-restricted porcelain.checkout, restore and reset_file writes whose leading directory is an existing symlink, so a crafted repository can no longer land sub as a link to .git/hooks and have a write to sub/anything traverse it.
  • Canonicalize file modes to 0o644/0o755 before chmod on checkout and patch apply, matching git. An untrusted tree entry or patch `new file mode` could otherwise set setuid/setgid/sticky or world-writable bits on a materialized file.
  • Reject non-hex pkt-line length prefixes in the protocol parser. int(sizestr, 16) accepted a leading -, whose negative length made the following `read(size - 4)` slurp the rest of the stream and caused `PktLineParser` to loop without consuming its buffer. (#2267)
  • Escape the repository path passed to the remote in the SSH client, so a path containing a single quote can no longer close the quoting and have the remainder interpreted by the remote shell. (#2254)
  • Reject an option-like host in TCPGitClient before invoking the core.gitProxy command, matching the SubprocessSSHVendor guard, so a URL like `git://-oProxyCommand=...` can no longer be interpreted as a flag by the proxy program. (#2240)
  • Validate object ids in the object store and refs container. An id containing path separators would previously be joined into a filename by `DiskObjectStore._get_shafile_path` (escaping the objects directory) or stored as a ref value. (#2256)
  • Validate the object id in LFS server request handlers before it reaches the store, so a request path containing .. cannot escape the LFS directory. (#2255)
  • Don't expand config include/includeIf directives when parsing bundle lists served by an untrusted bundle-uri host, matching the handling of `.gitmodules`. (#2243)
  • Read the signing key from gpg's --status-fd (VALIDSIG) in `GPGCliSignatureVendor.verify` instead of the human-readable stderr text, which could be spoofed by embedding a matching line in the signed payload. (#2245)
  • Raise UntrustedSignature from verify_commit/verify_tag when keyids is set and the object carries no signature, instead of silently accepting it. (#2238)
  • Fix quadratic backtracking in _find_scissors_line so a crafted patch can no longer stall mailinfo/git am --scissors. (#2239)
  • Collapse consecutive * wildcards to at most ** in .gitattributes, .gitignore and config glob translation to avoid catastrophic backtracking (ReDoS). (#2237)
  • Fix quadratic buffering in web.ChunkReader.read. (#2262)
  • Skip invalid tree paths (containing .., .git, etc.) in `diff_working_tree_to_tree` instead of joining them onto the work tree; a working-tree diff against an untrusted commit could otherwise read a file outside the work tree and disclose its contents. (#2261)
  • Fix quadratic header accumulation in ShaFile._parse_message. (#2273)

Fixes

  • Enumerate the objects to push before the HTTP git-receive-pack request body starts streaming. `generate_pack_data` previously ran lazily inside the body generator, after the header pkt-lines were already on the wire, so on large repositories the request stalled mid-body while objects were counted and servers such as GitHub aborted the push with a timeout / broken pipe. (#2248)
  • Replace a symlink left at the target path with a fresh regular file in build_file_from_blob instead of writing through it, matching git on checkout. (#2259)
  • Raise GitProtocolError carrying the server's message when the fetch/send-pack tail loop sees a fatal side-band channel (\x03), instead of crashing with `AssertionError: Invalid sideband channel 3` and swallowing the server's error text.
  • Use ThreadingHTTPServer and advertise HTTP/1.1 in lfs_server so urllib3's keep-alive pool doesn't race a torn-down connection into RemoteDisconnected.

Other

  • Support http.postBuffer. (#2248)
  • Support pyo3 0.29.
  • Deprecate dulwich.objects.filename_to_hex, which is unused.

Don't miss a new dulwich release

NewReleases is sending notifications on new releases.