admin/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3f072308447ed2aab0228d21a7ce334beeeca7e8
git/lib
History
Johannes Sixt 3f07230844 Merge branch 'js/fix-open-exec-git' 
This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:

When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.

* js/fix-open-exec-git:
  git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls
  git-gui: do not mistake command arguments as redirection operators
  git-gui: introduce function git_redir for git calls with redirections
  git-gui: pass redirections as separate argument to git_read
  git-gui: pass redirections as separate argument to _open_stdout_stderr
  git-gui: convert git_read*, git_write to be non-variadic
  git-gui: use git_read in githook_read
  git-gui: break out a separate function git_read_nice
  git-gui: remove option --stderr from git_read
  git-gui: sanitize 'exec' arguments: background
  git-gui: sanitize 'exec' arguments: simple cases
  git-gui: treat file names beginning with "|" as relative paths
  git-gui: remove git config --list handling for git < 1.5.3
  git-gui: remove HEAD detachment implementation for git < 1.5.3
  git-gui: remove Tcl 8.4 workaround on 2>@1 redirection

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
2025-07-08 21:22:48 +02:00
..
about.tcl
git-gui: use themed tk widgets with Tk 8.5
2010-01-27 17:13:52 -08:00
blame.tcl
git-gui: convert git_read*, git_write to be non-variadic
2025-05-23 17:04:24 -04:00
branch_checkout.tcl
git-gui: fix incorrect use of Tcl append command
2016-10-03 23:40:10 +01:00
branch_create.tcl
git-gui: fix incorrect use of Tcl append command
2016-10-03 23:40:10 +01:00
branch_delete.tcl
git-gui: fix incorrect use of Tcl append command
2016-10-03 23:40:10 +01:00
branch_rename.tcl
git-gui: fix incorrect use of Tcl append command
2016-10-03 23:40:10 +01:00
branch.tcl
git-gui: convert git_read*, git_write to be non-variadic
2025-05-23 17:04:24 -04:00
browser.tcl
git-gui: convert git_read*, git_write to be non-variadic
2025-05-23 17:04:24 -04:00
checkout_op.tcl
git-gui: pass redirections as separate argument to git_read
2025-05-23 17:04:24 -04:00
choose_font.tcl
git-gui: use themed tk widgets with Tk 8.5
2010-01-27 17:13:52 -08:00
choose_repository.tcl
git-gui: pass redirections as separate argument to git_read
2025-05-23 17:04:24 -04:00
choose_rev.tcl
git-gui: convert git_read*, git_write to be non-variadic
2025-05-23 17:04:24 -04:00
chord.tcl
git-gui: create a new namespace for chord script evaluation
2020-03-17 18:48:54 +05:30
class.tcl
git-gui: set suitable extended window manager hints.
2011-10-19 14:26:29 +01:00
commit.tcl
Merge branch 'js/fix-open-exec-git'
2025-07-08 21:22:48 +02:00
console.tcl
Merge branch 'js/fix-open-exec-git'
2025-07-08 21:22:48 +02:00
database.tcl
git-gui: convert git_read*, git_write to be non-variadic
2025-05-23 17:04:24 -04:00
date.tcl
git-gui: Localize commit/author dates when displaying them
2007-09-10 01:54:16 -04:00
diff.tcl
Merge branch 'js/fix-open-exec-git'
2025-07-08 21:22:48 +02:00
encoding.tcl
doc: switch links to https
2024-05-05 16:49:00 +02:00
error.tcl
git-gui i18n: mark string in lib/error.tcl for translation
2016-10-03 23:40:23 +01:00
git-gui.ico
git-gui: Improve the application icon on Windows.
2007-12-02 23:05:10 -05:00
index.tcl
git-gui: convert git_read*, git_write to be non-variadic
2025-05-23 17:04:24 -04:00
line.tcl
git-gui: theme the search and line-number entry fields on blame screen
2011-10-19 12:44:39 +01:00
logo.tcl
git-gui: Refactor Henrik Nyh's logo into its own procedure
2007-10-10 01:12:15 -04:00
merge.tcl
git-gui: introduce function git_redir for git calls with redirections
2025-05-23 17:04:24 -04:00
mergetool.tcl
Merge branch 'js/fix-open-exec-git'
2025-07-08 21:22:48 +02:00
meson.build
git-gui: wire up support for the Meson build system
2025-05-13 08:48:09 +02:00
option.tcl
git-gui i18n: internationalize use of colon punctuation
2016-10-03 23:39:56 +01:00
remote_add.tcl
git-gui: fix incorrect use of Tcl append command
2016-10-03 23:40:10 +01:00
remote_branch_delete.tcl
git-gui: convert git_read*, git_write to be non-variadic
2025-05-23 17:04:24 -04:00
remote.tcl
git-gui: convert git_read*, git_write to be non-variadic
2025-05-23 17:04:24 -04:00
search.tcl
git-gui: use a tristate to control the case mode in the searchbar
2011-10-21 22:28:23 +01:00
shortcut.tcl
Merge branch 'ml/replace-auto-execok' into js/fix-open-exec
2025-05-23 17:04:27 -04:00
spellcheck.tcl
git-gui: correct spelling errors in comments
2013-11-15 20:44:08 +00:00
sshkey.tcl
Merge branch 'ml/replace-auto-execok' into js/fix-open-exec
2025-05-23 17:04:27 -04:00
status_bar.tcl
git-gui: update status bar to track operations
2019-12-06 00:12:15 +05:30
themed.tcl
git-gui: use gray background for inactive text widgets
2020-12-19 01:00:17 +05:30
tools_dlg.tcl
git-gui: fix incorrect use of Tcl append command
2016-10-03 23:40:10 +01:00
tools.tcl
Merge branch 'ml/replace-auto-execok' into js/fix-open-exec
2025-05-23 17:04:27 -04:00
transport.tcl
git-gui: fix incorrect use of Tcl append command
2016-10-03 23:40:10 +01:00
win32_shortcut.js
git-gui: Use proper Windows shortcuts instead of bat files
2007-10-12 23:07:58 -04:00
win32.tcl
git-gui: sanitize 'exec' arguments: simple cases
2025-05-23 17:04:23 -04:00