As people have seen, the latest "security fix" release turned out to be a mixed bag of good vulnerability fixes with a bit over-eager "layered defence" that broke real uses cases like git-lfs. Let's quickly get them in working order back first, with the vision that we will then rebuild layered defence more carefully in the open on top as necessary. What we have here are the first "revert" part. These patches are designed to apply to 2.39.4; the series may have to grow as we discover more things to revert, but for now here are the patches to - revert the over-eager "refusal to work" went into 2.39.4 - adjust 2.39.4 codebase to cleanly build and test (at CI and locally) by backported fixes It would have been better if we did not have to have the latter class, but such is life. Relative to the previous iteration, there are two differences, which are: * Old [12/12] that reverted the repository ownership check for local case is gone. A well known escape hatch is available that is easy to use when the repositories are trusted (most notably, in a hosting set-up, the repositories are trusted not to attack the 'nobody' user that is running 'git'). * New [12/12] reverts a dubious checks for targets of symbolic links done in "git fsck" (and transfer). Today's integration cycle is pretty much committed to have these in 'next' for the weekend, merge them down to 'master' by the end of month, hoping that we can do 2.45.2 and friends sometime early next month. Jeff King (5): send-email: drop FakeTerm hack send-email: avoid creating more than one Term::ReadLine object ci: drop mention of BREW_INSTALL_PACKAGES variable ci: avoid bare "gcc" for osx-gcc job ci: stop installing "gcc-13" for osx-gcc Johannes Schindelin (6): hook: plug a new memory leak init: use the correct path of the templates directory again Revert "core.hooksPath: add some protection while cloning" tests: verify that `clone -c core.hooksPath=/dev/null` works again clone: drop the protections where hooks aren't run Revert "Add a helper function to compare file contents" Junio C Hamano (1): Revert "fsck: warn about symlink pointing inside a gitdir" .github/workflows/main.yml | 3 +- Documentation/fsck-msgids.txt | 12 -------- Makefile | 2 +- builtin/clone.c | 12 +------- cache.h | 14 --------- ci/install-dependencies.sh | 2 -- config.c | 13 +------- copy.c | 58 ----------------------------------- fsck.c | 56 --------------------------------- fsck.h | 12 -------- git-send-email.perl | 32 +++++++------------ hook.c | 32 ------------------- t/helper/test-path-utils.c | 10 ------ t/t0060-path-utils.sh | 41 ------------------------- t/t1350-config-hooks-path.sh | 7 +++++ t/t1450-fsck.sh | 37 ---------------------- t/t1800-hook.sh | 15 --------- t/t5601-clone.sh | 51 ------------------------------ t/t9001-send-email.sh | 5 +-- 19 files changed, 25 insertions(+), 389 deletions(-) -- 2.45.1-246-gb9cfe4845c
