- 12 Jul, 2022 3 commits
-
-
In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior.
Edward Thomson committed -
To match git's behavior with CVE 2022-29187, validate not only the working directory, but also the gitdir and gitlink (if it exists). This a follow up to CVE-2022-24765 that was fixed earlier.
Edward Thomson committed -
Fix erroneously lax configuration ownership checks
Edward Thomson committed
-
- 07 Jul, 2022 12 commits
-
-
Allow users in the administrator group to use git configs that are owned by administrators.
Edward Thomson committed -
Allow the user ownership to match if the file is owned by the admin group and the user is in the admin group, even if the current process is not running as administrator directly.
Edward Thomson committed -
Refactor the file ownership checks so that callers can provide discrete information about the ownership expectations to a single function.
Edward Thomson committed -
The file ownership concepts can reflect the actual file ownership, they are not necessarily limited to mocking the interface. Rename them so that they can be more broadly applicable.
Edward Thomson committed -
Ensure that we test opening a bare repository with odd permissions.
Edward Thomson committed -
This reverts commit cdff2f02. This change erroneously allowed system users to own a worktree; this should only be allowed when the current user is in the Administrator group on Windows as well.
Edward Thomson committed -
cmake: drop posix dependency from pcre* detection
Edward Thomson committed -
fix interactive rebase detect.
Edward Thomson committed -
Fix internal git_sysdir_find* function usage within public git_config_find* functions
Edward Thomson committed -
Edward Thomson committed
-
ntlmclient: LibreSSL 3.5 removed HMAC_CTX_cleanup
Edward Thomson committed
-
- 06 Jul, 2022 6 commits
-
-
ci: update dockerfiles for mbedTLS new url
Edward Thomson committed -
Update the new URL for mbedTLS.
Edward Thomson committed -
Edward Thomson committed
-
CI: limits actions scheduled workflows to the main repo
Edward Thomson committed -
Edward Thomson committed
-
Only run scheduled workflows on the main repository; prevents people from using build minutes on their forks.
Edward Thomson committed
-
- 04 Jul, 2022 1 commit
-
-
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt Modify guard to declare dummy function.
Charlie Li committed
-
- 28 Jun, 2022 1 commit
-
-
Kevin Saul committed
-
- 27 Jun, 2022 1 commit
-
-
Tengfei committed
-
- 23 Jun, 2022 1 commit
-
-
filter: Fix Segfault
Edward Thomson committed
-
- 22 Jun, 2022 1 commit
-
-
John Alden committed
-
- 16 Jun, 2022 1 commit
-
-
John Alden committed
-
- 14 Jun, 2022 7 commits
-
-
Co-authored-by: Edward Thomson <ethomson@github.com>
John Alden committed -
repo: allow administrator to own the configuration
Edward Thomson committed -
status: update documentation for default options
Edward Thomson committed -
Edward Thomson committed
-
config: update config entry iteration lifecycle
Edward Thomson committed -
Update our ownership checks that were introduced in libgit2 v1.4.3 (to combat CVE 2022-24765). These were not compatible with git's; git itself allows administrators to own the path. Our checks now match this behavior.
Edward Thomson committed -
Edward Thomson committed
-
- 13 Jun, 2022 3 commits
-
-
Edward Thomson committed
-
Edward Thomson committed
-
Look for `getentropy` and flag its existence.
Edward Thomson committed
-
- 12 Jun, 2022 3 commits
-
-
transport: introduce `git_transport_smart_remote_connect_options`
Edward Thomson committed -
Snuck in during refactoring; let's get rid of it.
Edward Thomson committed -
A couple of simplications around mwindow
Edward Thomson committed
-