采用机器翻译,敬请谅解。
Machine translation is used, please understand.
Git 安全漏洞问题需升级所有 Git.exe。此工具用于查找本地硬盘上所有的 Git 并获取版本信息,批量更新(复制、创建软链接)。
This tool is used to find all Git on the local hard disk and obtain version information, and then update in batches (copy, create soft links).
本项目是带孩子学习 Windows GUI 编程的练手项目,有不完善请多包涵。
This project is a practice project for teaching children Windows GUI programming, please forgive any imperfections.
2024年5月 CVE 安全通告:Git 远程代码执行漏洞 (CVE-2024-32002)
漏洞编号:QVD-2024-18126, CVE-2024-32002
- 漏洞描述 Vulnerability Description
Git 在支持符号链接的不区分大小写的文件系统上的递归克隆容易受到大小写混淆的影响,未经身份验证的攻击者可以利用漏洞使受害者克隆操作期间执行克隆的代码,导致远程代码执行。
Git is vulnerable to case confusion on case-insensitive filesystems that support symbolic links when performing recursive clones. Unauthenticated attackers can exploit this vulnerability to execute cloned code during the victim's clone operation, leading to remote code execution.
- CVE 编号 Number CVE-2024-32002
漏洞详情 Vulnerability Details
POC:[https://github.com/amalmurali47/git_rce](GitHub - amalmurali47/git_rce: Exploit PoC for CVE-2024-32002)
Git 2.45.1 之后版本修复了相关漏洞,抓紧升级即可。
The related vulnerability has been fixed in Git version 2.45.1, please upgrade promptly.
然而,非常麻烦的事情来了——系统中有多个 git.exe:
-
采用标准安装程序安装的
Git for Windows -
采用
scoop等工具安装的Git, -
某些软件、项目自带的
git
——分散在各个位置,非常混乱。
当然,也可以不予理会,不升级它们。
However, a very troublesome issue has arisen - there are multiple git.exe in the system:
-
Git for Windowsinstalled with the standard installer -
Gitinstalled with tools likescoop -
gitthat comes with certain software or projects
——They are scattered in various locations, which is very chaotic.
Of course, you can also ignore them and not upgrade them.
周末,带小朋友写了这个小工具,其中一些稍微复杂的部分是我帮助写的,也采用了两个开源项目的代码(MIT 协议),非常感谢!
Over the weekend, I wrote this small tool with my kid. I helped with some of the slightly more complex parts, and we also used code from two open-source projects (under the MIT license). Many thanks!
-
EverythingSharp: GitHub - Riboe/EverythingSharp: A simple C# wrapper around the Everything SDK from Voidtools.
—— A simple C# wrapper around the Everything SDK from Voidtools.
-
Dark-Mode-Forms: GitHub - BlueMystical/Dark-Mode-Forms: Apply Dark Mode to all Controls in a Form [WinForms]
—— Apply Dark Mode to all Controls in a Form [WinForms]
-
.NET 8 运行环境 Runtime
-
Everything 安装并运行
-
V1.0 仅提供查找功能,基于 Everything
- 基本功能:查找系统中所有
git.exe,并显示其版本号;
- 复制功能:选中一个版本(比如最新版),并设为默认,并用复选框选中至少一个目标,以默认版本的文件覆盖目标位置的文件;
- 提供深色模式风格,跟随系统设置、用户自行选择(浅色模式反而有点儿小问题);
-
自动检查
Git最新版本:从 git-gsm 和 gitforwindows.org; -
自动获得下载地址、打开浏览器:可以采用 Huawei 官方镜像站下载;
——我主要用
scoop所以这个方法算额外的。 -
[实验] 从Git Bash升级——成功,但实际上是自动下载安装包,然后静默安装。同上。 -
关于对话框
- 没有安装
Everything时,采用文件搜索的方式;
- 加入多语言支持,英语;
- 基本功能:查找系统中所有
-
V2.0 提供恢复功能-
备份指定版本 -
用最新版本覆盖指定版本 -
恢复备份
-
-
V2.x 提供软链接映射功能
-
备份指定版本
-
用软链接映射到最新版本
-
-
V3.x 采用 WPF、MAUI,学习、练手(实在不习惯用 Python 做 GUI,后续考虑试试看 PyQt/Qt 和 Rust/Go)
这是一个学习、练习项目,但基类可用于解决其它类似问题,例如:
查找系统里的 python.exe,并确定版本、升级、合并(软链接)
查找系统里的各种 AI 模型,并确定版本、升级、合并(软链接)——例如 SDWebUI、ComfyUI、Fooocus、SD Forge 等等,OLlama、LMStudio 等等的模型等。
-
V1.0 Only provides search function, based on Everything
-
Basic function: Search for all git.exe in the system and display their version numbers;
-
Copy function: Select a version (such as the latest version), set it as the default, and select at least one target with the checkbox to overwrite the file at the target location with the default version file;
-
Provides dark mode style, follows system settings, user's own choice (light mode has some minor problems).
-
Automatically checks for the latest version of Git: from git-gsm and gitforwindows.org.
-
Automatically obtains download address, opens browser: can use Huawei official mirror site for download.
—— I mainly use
scoopso this method is not very meaningful. -
[Experiment] Upgrade from
Git Bash—— successful, but it actually automatically downloads the installation package, then installs silently. The same as above. -
When Everything is not installed, use file search method;
-
Add multilingual support, English;
-
-
V2.0 Provides recovery function-
Backup specified version -
Overwrite specified version with the latest version -
Restore backup
-
-
V2.x Provides soft link mapping function
-
Backup specified version
-
Map to the latest version with soft links
-
-
V3.x Uses WPF, MAUI, learning, practice (really not used to using Python to do GUI, consider trying PyQt/Qt and Rust/Go later)
This is a learning and practicing project, but the base class can be used to solve other similar problems, such as:
Search for python.exe in the system, and determine the version, upgrade, merge (soft link)
Search for various AI models in the system, and determine the version, upgrade, merge (soft link) - for example, SDWebUI, ComfyUI, Fooocus, SD Forge, etc., OLlama, LMStudio models, etc.