[PATCH v2 00/12] Fix various overly aggressive protections in 2.45.1 and friends

[Junio C Hamano <gitster@pobox.com>]

As people have seen, the latest "security fix" release turned out to
be a mixed bag of good vulnerability fixes with a bit over-eager
"layered defence" that broke real uses cases like git-lfs.  Let's
quickly get them in working order back first, with the vision that
we will then rebuild layered defence more carefully in the open on
top as necessary.

What we have here are the first "revert" part.

These patches are designed to apply to 2.39.4; the series may have
to grow as we discover more things to revert, but for now here are
the patches to

 - revert the over-eager "refusal to work" went into 2.39.4

 - adjust 2.39.4 codebase to cleanly build and test (at CI and
   locally) by backported fixes

It would have been better if we did not have to have the latter
class, but such is life.

Relative to the previous iteration, there are two differences, which
are:

 * Old [12/12] that reverted the repository ownership check for
   local case is gone.  A well known escape hatch is available that
   is easy to use when the repositories are trusted (most notably,
   in a hosting set-up, the repositories are trusted not to attack
   the 'nobody' user that is running 'git').

 * New [12/12] reverts a dubious checks for targets of symbolic
   links done in "git fsck" (and transfer).

Today's integration cycle is pretty much committed to have these in
'next' for the weekend, merge them down to 'master' by the end of
month, hoping that we can do 2.45.2 and friends sometime early next
month.


Jeff King (5):
  send-email: drop FakeTerm hack
  send-email: avoid creating more than one Term::ReadLine object
  ci: drop mention of BREW_INSTALL_PACKAGES variable
  ci: avoid bare "gcc" for osx-gcc job
  ci: stop installing "gcc-13" for osx-gcc

Johannes Schindelin (6):
  hook: plug a new memory leak
  init: use the correct path of the templates directory again
  Revert "core.hooksPath: add some protection while cloning"
  tests: verify that `clone -c core.hooksPath=/dev/null` works again
  clone: drop the protections where hooks aren't run
  Revert "Add a helper function to compare file contents"

Junio C Hamano (1):
  Revert "fsck: warn about symlink pointing inside a gitdir"

 .github/workflows/main.yml    |  3 +-
 Documentation/fsck-msgids.txt | 12 --------
 Makefile                      |  2 +-
 builtin/clone.c               | 12 +-------
 cache.h                       | 14 ---------
 ci/install-dependencies.sh    |  2 --
 config.c                      | 13 +-------
 copy.c                        | 58 -----------------------------------
 fsck.c                        | 56 ---------------------------------
 fsck.h                        | 12 --------
 git-send-email.perl           | 32 +++++++------------
 hook.c                        | 32 -------------------
 t/helper/test-path-utils.c    | 10 ------
 t/t0060-path-utils.sh         | 41 -------------------------
 t/t1350-config-hooks-path.sh  |  7 +++++
 t/t1450-fsck.sh               | 37 ----------------------
 t/t1800-hook.sh               | 15 ---------
 t/t5601-clone.sh              | 51 ------------------------------
 t/t9001-send-email.sh         |  5 +--
 19 files changed, 25 insertions(+), 389 deletions(-)

-- 
2.45.1-246-gb9cfe4845c