Update dependency dulwich to v1 [SECURITY]#29
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==0.22.1→==1.2.5Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
CVE-2026-42305 / GHSA-897w-fcg9-f6xj
More information
Details
Impact
Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows.
Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax:
executes that hook on the next git commit, giving the attacker arbitrary code execution in the victim's user context. The same primitive can be used with ..\outside.txt to escape the work tree.
1 was rejected; git2, git10, GIT1, etc. were all accepted.Contributing configuration bugs made matters worse. The core.protectNTFS and core.protectHFS settings were looked up under a wrong option name and so user-set values were silently ignored, and core.protectNTFS only defaulted to true on Windows (Git upstream has defaulted it to true everywhere since CVE-2019-1353). Both have been corrected.
Anyone who clones, fetches, or checks out an untrusted repository with Dulwich on Windows - either through the Dulwich CLI, porcelain.clone, or any downstream tool built on Dulwich - is impacted. POSIX clones are not directly exploitable (on POSIX \ is a literal filename byte), but a POSIX user can unknowingly propagate a malicious tree to Windows consumers via push or re-publication.
Patches
Fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later.
The fix lives in three commits:
Workarounds
There is no effective pre-patch workaround. On affected versions the core.protectNTFS configuration key was silently ignored, so setting it to true does not mitigate the issue. Users who cannot upgrade should avoid cloning, fetching, or checking out untrusted repositories with Dulwich on Windows. After upgrading the NTFS validator is on by default on every platform, so no additional configuration is required.
Resources
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
CVE-2026-47734 / GHSA-xrvj-v92f-53gj
More information
Details
Impact
An uncontrolled-resource-consumption (memory exhaustion) denial-of-service vulnerability (CWE-400 / CWE-789).
A client with push access could push a tiny crafted thin pack (~174 bytes) whose delta header declares a huge dest_size. When dulwich ingested it via add_thin_pack / apply_delta, it would allocate hundreds of MB of memory based on that attacker-controlled size, with no relationship to the actual bytes received.
Who is impacted: Operators running a Dulwich-based Git server that exposes git-receive-pack (i.e. accepts pushes) -
for example via dulwich.server functionality, the HTTP smart server, or anything built on ReceivePackHandler.
Patches
Patched in 1.2.5.
add_thin_pack now accepts a max_input_size keyword (bytes; 0/None = unlimited, matching git's semantics), and ReceivePackHandler reads receive.maxInputSize from the repository config and passes it through. Wire reads are counted and a PackInputTooLarge exception is raised once the cap is exceeded - equivalent to git index-pack --max-input-size.
Users should upgrade to Dulwich 1.2.5 or later and set receive.maxInputSize in their server's repository config to a sane bound for their environment.
Workarounds
On unpatched versions, receive.maxInputSize has no effect, so it cannot be used as a workaround. Until upgrading, operators should:
Resources
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
dulwich/dulwich (dulwich)
v1.2.5: dulwich 1.2.5Compare Source
This is a security release. All users are encouraged to upgrade.
Security fixes
GHSA-gfhv-vqv2-4544 -- Validate submodule paths in
porcelain.submodule_update(and thusporcelain.clone(recurse_submodules=True)). A crafted upstream repository could carry a submodule whose path was.git/hooks(or any other path inside.gitor above the work tree), causing the submodule's tree contents to be written there with their executable bits intact. The dulwich analogue of git's CVE-2024-32002 / CVE-2024-32004. (Reported by tonghuaroot)CVE-2026-42305 -- Harden tree path validation against entry names that are harmless on POSIX but dangerous when checked out on Windows.
validate_path_element_ntfsnow also rejects Windows path separators, the alternate data stream marker:, NTFS 8.3 short-name aliases of.git, and reserved Windows device names.core.protectNTFSnow defaults to true on every platform, and bothcore.protectNTFSandcore.protectHFSare now read under their correct option names. (Reported by Christopher Toth)CVE-2026-42563 -- Shell-quote values substituted into
ProcessMergeDrivercommands. A malicious branch could inject shell commands when a merge driver referencing%Pwas configured. (Reported by Ravishanker Kusuma (hayageek))CVE-2026-47712 -- Sanitize commit subjects used in
porcelain.format_patchfilenames so a malicious subject (e.g.x/../../x) cannot direct the generated patch outsideoutdir. (Reported by Christopher Toth)receive.maxInputSize -- Honour
receive.maxInputSizeinReceivePackHandler. Previously a remote unauthenticated client could send a tiny crafted pack that declared a hugedest_sizeand trigger hundreds of MB of allocation overgit-receive-pack. (Reported by Liyi, Ziyue, Strick, Maurice and Chenchen @ University of Sydney)v1.2.4Compare Source
Tolerate ref names with empty path components (e.g. `refs/tags//v1.0`) for now, emitting a `DeprecationWarning` rather than raising a `RefFormatError`. Such names are constructed by older Poetry releases (fixed in Poetry 2.4.0) and were silently accepted before Dulwich 1.2.3. `local_branch_name`, `local_tag_name` and `local_replace_name` likewise warn about, and strip, a leading slash instead of raising `ValueError`. Both will become errors again in a future release. (Jelmer Vernooij, #2192)
v1.2.3Compare Source
v1.2.2Compare Source
v1.2.1Compare Source
Changes since 1.2.0
Derive the LFS endpoint as the remote's on-disk LFS store
(
<remote>/.git/lfsfor worktrees,<remote>/lfsfor bare repos)when
remote.origin.urlpoints at a local filesystem path orfile://URL, matching git-lfs behaviour. Previously the built-insmudge filter constructed an HTTP-style
<remote>.git/info/lfspaththat did not exist on disk, leaving LFS-tracked files as pointers
when cloning from a local repo.
Deduplicate objects when writing a multi-pack-index. Objects present
in multiple packs (e.g. after
git gccreates a cruft pack) wouldotherwise produce an OIDL chunk with repeated SHAs, causing
git multi-pack-index verifyto fail with "oid lookup out of order".(#2152)
Extend ignorecase and precomposeunicode support to index lookups.
(#1807)
v1.2.0: 1.2.0Compare Source
Notable changes since 1.1.0
New features
amcommand andporcelain.am()for applying mailbox-style email patches (git am), with state persistence for--continue,--skip,--abort, and--quitrecovery (#1692).applycommand andporcelain.apply_patch()for applying unified diffs, including rename/copy detection, binary patches with Git's base85 encoding, and--3waymerge fallback (#1784).logcommand options:--oneline,--abbrev-commit,--author,--committer,--grep,--since/--after,--until/--before,-n/--max-count,--no-merges,--merges,--stat,-p/--patch,--name-only, and--follow(#1779).-o/--push-option) inpush, enabling AGit flow and other server-side push option workflows.--all,--tags,--delete,--dry-run,--prune,--set-upstream,--follow-tags, and--mirror(#1844).--atomic): either all ref updates succeed or none are applied (#1781).extensions.relativeworktreesrepository extension, allowing worktrees to use relative paths (#2112).Configuration support
gc.pruneExpire— grace period before unreachable objects are pruned (#1859).core.precomposeunicode— normalize NFD Unicode paths from macOS filesystems to NFC (#1804).core.gitProxy— proxy command forgit://protocol connections (#1850).core.maxStat— limit stat operations when checking for unstaged changes (#1853).core.packedGitLimit— cap memory used for mmapped pack files, closing LRU packs when exceeded (#1848).core.deltaBaseCacheLimit— cap memory used for caching delta base objects; defaults to 96 MiB (#1849).http.userAgent— customize the User-Agent header (global and URL-specific); default isgit/dulwich/{version}.Fixes
BadSignaturefor all GPG errors, not justBadSignatures; also detect when GPG returns no signatures.unbornargument in Git protocol v2ls-refsrequests to servers that don't advertisels-refs=unborn, preventing clones from older servers like Gerrit 3.12.2 (#2104).read_info_refs()to show the actual line content when parsing fails (#2103)..gitignoreparent re-include handling so a later!dir/re-include allows a subsequent file-level negation to take effect (#2141, N0zoM1z0).contrib/paramiko_vendor.pyby loading known hosts and rejecting unknown SSH host keys by default (#2123, quart27219).Packaging
contrib/as part of the distribution. Thecontrib/directory has always been documented as unsupported and is now excluded from the installed package (#2122).v1.1.0: 1.1.0Compare Source
What's Changed
New Contributors
Full Changelog: jelmer/dulwich@dulwich-1.0.0...dulwich-1.1.0
v1.0.0: 1.0.0Compare Source
What's Changed
Full Changelog: jelmer/dulwich@dulwich-0.25.2...dulwich-1.0.0
v0.25.2: dulwich-0.25.1Compare Source
What's Changed
Full Changelog: jelmer/dulwich@dulwich-0.25.1...dulwich-0.25.2
v0.25.1Compare Source
Full Changelog: jelmer/dulwich@dulwich-0.25.0...dulwich-0.25.1
v0.25.0: v0.25.0Compare Source
What's Changed
porcelain.addcheck explicit forNoneby @ejfine in jelmer#2027New Contributors
Full Changelog: jelmer/dulwich@dulwich-0.24.10...dulwich-0.25.0
v0.24.10: 0.24.10Compare Source
Full Changelog: jelmer/dulwich@dulwich-0.24.9...dulwich-0.24.10
v0.24.9Compare Source
Fix passing key_filename and ssh_command parameters to SSHGitClient by @skshetry
Relax check to support subclasses of Urllib3HttpGitClient. Fixes
regression from 0.24.2 where subclasses of Urllib3HttpGitClient would
not receive the config object. by @skshetry
Fix test_concurrent_ref_operations_compatibility test flakiness by @jelmer
Fix warnings in test suite by @jelmer
Full Changelog: jelmer/dulwich@dulwich-0.24.8...dulwich-0.24.9
v0.24.8Compare Source
What's Changed
Full Changelog: jelmer/dulwich@dulwich-0.24.7...dulwich-0.24.8
v0.24.7: 0.24.7Compare Source
What's Changed
Full Changelog: jelmer/dulwich@dulwich-0.24.6...dulwich-0.24.7
v0.24.6: 0.24.6Compare Source
What's Changed
Full Changelog: jelmer/dulwich@dulwich-0.24.5...dulwich-0.24.6
v0.24.5: 0.24.5Compare Source
What's Changed
Full Changelog: jelmer/dulwich@dulwich-0.24.4...dulwich-0.24.5
v0.24.4: 0.24.4Compare Source
What's Changed
New Contributors
Full Changelog: jelmer/dulwich@dulwich-0.24.2...dulwich-0.24.4
v0.24.3: 0.24.3Compare Source
What's Changed
Full Changelog: jelmer/dulwich@dulwich-0.24.2...dulwich-0.24.3
v0.24.2: 0.24.2Compare Source
What's Changed
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.