recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Remove the warning about the Git 2GB pathname issue

Summary:
Ref T10832. In practice, `git --version` is not a useful test for this issue:

- Vendors like Debian have backported the patch into custom versions like `0.0.0.1-debian-lots-of-patches.3232`.
- Vendors like Ubuntu distribute multiple different versions which report the same string from `git --version`, some of which are patched and some of which are not.

In other cases, we can perform an empirical test for the vulnerability. Here, we can not, because we can't write a 2GB path in a reasonable amount of time.

Since vendors (other than Apple) //generally// seem to be on top of this and any warning we try to raise based on `git --version` will frequently be incorrect, don't raise this warning.

I'll note this in the changelog instead.

Test Plan: Looked at setup issues, no more warning for vulnerable git version.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10832

Differential Revision: https://secure.phabricator.com/D15756

epriestley c30fe65e 575c0137

+1 -8
+1 -8
src/applications/config/check/PhabricatorBinariesSetupCheck.php
··· 102 102 $version = null; 103 103 switch ($vcs['versionControlSystem']) { 104 104 case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT: 105 - $bad_versions = array( 106 - '< 2.7.4' => pht( 107 - 'Prior to 2.7.4, Git contains two remote code execution '. 108 - 'vulnerabilities which allow an attacker to take control of a '. 109 - 'system by crafting a commit which affects very long paths, '. 110 - 'then pushing it or tricking a victim into fetching it. This '. 111 - 'is a severe security vulnerability.'), 112 - ); 105 + $bad_versions = array(); 113 106 list($err, $stdout, $stderr) = exec_manual('git --version'); 114 107 $version = trim(substr($stdout, strlen('git version '))); 115 108 break;