Security
- GHSA-8w8g-wq8h-fq33: Write files through
build_file_from_blobin path-restrictedporcelain.checkout(paths=...)instead of a rawos.open. The old path followed a symlink left at the target, so a crafted repository could write attacker content outside the work tree (e.g. into.git/hooks) oncheckout. - GHSA-5fqc-mrg8-w798: Build the temporary index for
filter-branch --index-filterin memory instead of materializing tree entries into CWD. Persisted entries between commits let a symlink from an ancestor commit redirect a descendant's writes outside the work tree. - Refuse to write a stash entry through an intermediate symlink on
stash.pop. The oldos.path.existscheck followed symlinks, so a crafted stash whose parent path was a symlink already present in the worktree (e.g.link->.git/hooks) let the subsequent write land outside the work tree. - Refuse path-restricted
porcelain.checkout,restoreandreset_filewrites whose leading directory is an existing symlink, so a crafted repository can no longer landsubas a link to.git/hooksand have a write tosub/anythingtraverse it. - Canonicalize file modes to
0o644/0o755beforechmodon checkout and patch apply, matching git. An untrusted tree entry or patch `new file mode` could otherwise set setuid/setgid/sticky or world-writable bits on a materialized file. - Reject non-hex pkt-line length prefixes in the protocol parser.
int(sizestr, 16)accepted a leading-, whose negative length made the following `read(size - 4)` slurp the rest of the stream and caused `PktLineParser` to loop without consuming its buffer. (#2267) - Escape the repository path passed to the remote in the SSH client, so a path containing a single quote can no longer close the quoting and have the remainder interpreted by the remote shell. (#2254)
- Reject an option-like host in
TCPGitClientbefore invoking thecore.gitProxycommand, matching theSubprocessSSHVendorguard, so a URL like `git://-oProxyCommand=...` can no longer be interpreted as a flag by the proxy program. (#2240) - Validate object ids in the object store and refs container. An id containing path separators would previously be joined into a filename by `DiskObjectStore._get_shafile_path` (escaping the objects directory) or stored as a ref value. (#2256)
- Validate the object id in LFS server request handlers before it reaches the store, so a request path containing
..cannot escape the LFS directory. (#2255) - Don't expand config
include/includeIfdirectives when parsing bundle lists served by an untrusted bundle-uri host, matching the handling of `.gitmodules`. (#2243) - Read the signing key from gpg's
--status-fd(VALIDSIG) in `GPGCliSignatureVendor.verify` instead of the human-readable stderr text, which could be spoofed by embedding a matching line in the signed payload. (#2245) - Raise
UntrustedSignaturefromverify_commit/verify_tagwhenkeyidsis set and the object carries no signature, instead of silently accepting it. (#2238) - Fix quadratic backtracking in
_find_scissors_lineso a crafted patch can no longer stallmailinfo/git am --scissors. (#2239) - Collapse consecutive
*wildcards to at most**in.gitattributes,.gitignoreand config glob translation to avoid catastrophic backtracking (ReDoS). (#2237) - Fix quadratic buffering in
web.ChunkReader.read. (#2262) - Skip invalid tree paths (containing
..,.git, etc.) in `diff_working_tree_to_tree` instead of joining them onto the work tree; a working-tree diff against an untrusted commit could otherwise read a file outside the work tree and disclose its contents. (#2261) - Fix quadratic header accumulation in
ShaFile._parse_message. (#2273)
Fixes
- Enumerate the objects to push before the HTTP
git-receive-packrequest body starts streaming. `generate_pack_data` previously ran lazily inside the body generator, after the header pkt-lines were already on the wire, so on large repositories the request stalled mid-body while objects were counted and servers such as GitHub aborted the push with a timeout / broken pipe. (#2248) - Replace a symlink left at the target path with a fresh regular file in
build_file_from_blobinstead of writing through it, matching git on checkout. (#2259) - Raise
GitProtocolErrorcarrying the server's message when the fetch/send-pack tail loop sees a fatal side-band channel (\x03), instead of crashing with `AssertionError: Invalid sideband channel 3` and swallowing the server's error text. - Use
ThreadingHTTPServerand advertise HTTP/1.1 inlfs_serverso urllib3's keep-alive pool doesn't race a torn-down connection intoRemoteDisconnected.
Other
- Support
http.postBuffer. (#2248) - Support pyo3 0.29.
- Deprecate
dulwich.objects.filename_to_hex, which is unused.