build: git: prevent commit from being treated as a flag.

Git's option parsing is more flexible than its command synopses would lead one
to believe: they can apparently be passed even after positional arguments.
Some of these options can be quite nasty if an attacker is able to choose
them.

Additionally, some commands offer no way of disambiguating the meaning of an
argument.  For example, "git checkout" has no way of specifying that an
argument should be unconditionally treated as a commit specifier instead of,
say, an option or a filespec.

* guix/build/git.scm (git-fetch): pass "--" to every git invocation that
  includes non-constant strings.  Explicitly reject commits that start with
  "-".

Change-Id: I3b1707ff8f8544925d1549472f0bda7954249f89
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

0 files changed, 0 insertions, 0 deletions