Eclipse EGit: Git Integration for Eclipse 3.4.2

3.4.2

Description

This is a security-fix for CVE-2014-9390, which affects users on Windows and Mac OS X but not typical UNIX users.

 

* We used to allow committing a path ".Git/config" with JGit & EGit that is

   running on a case sensitive filesystem, but an attempt to check out

   such a path with Git that runs on a case insensitive filesystem

   would have clobbered ".git/config", which is definitely not what

   the user would have expected.  JGit now prevents you from tracking

   a path with ".Git" (in any case combination) as a path component.

 

 * On Windows, certain path components that are different from ".git"

   are mapped to ".git", e.g. "git~1/config" is treated as if it were

   ".git/config".  HFS+ has a similar issue, where certain unicode

   codepoints are ignored, e.g. ".g\u200cit/config" is treated as if

   it were ".git/config".  Pathnames with these potential issues are

   rejected on the affected systems.

 

A big "thanks!" for bringing this issue to us goes to our friends in

the Mercurial land, namely, Matt Mackall and Augie Fackler.