<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/builtin, branch v2.17.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.17.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.17.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2018-09-27T18:41:02Z</updated>
<entry>
<title>Sync with 2.16.5</title>
<updated>2018-09-27T18:41:02Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2018-09-27T18:41:02Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e43aab778c72250e11eb00e31dc6be90072a1637'/>
<id>urn:sha1:e43aab778c72250e11eb00e31dc6be90072a1637</id>
<content type='text'>
* maint-2.16:
  Git 2.16.5
  Git 2.15.3
  Git 2.14.5
  submodule-config: ban submodule paths that start with a dash
  submodule-config: ban submodule urls that start with dash
  submodule--helper: use "--" to signal end of clone options
</content>
</entry>
<entry>
<title>Sync with 2.15.3</title>
<updated>2018-09-27T18:35:43Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2018-09-27T18:35:43Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=424aac653acce98f1bfb7f8b7bf36361f558472d'/>
<id>urn:sha1:424aac653acce98f1bfb7f8b7bf36361f558472d</id>
<content type='text'>
* maint-2.15:
  Git 2.15.3
  Git 2.14.5
  submodule-config: ban submodule paths that start with a dash
  submodule-config: ban submodule urls that start with dash
  submodule--helper: use "--" to signal end of clone options
</content>
</entry>
<entry>
<title>Sync with Git 2.14.4</title>
<updated>2018-09-27T18:20:22Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2018-09-27T18:20:22Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=902df9f5c45cd99720d4ca0a38d0538eb0126ad7'/>
<id>urn:sha1:902df9f5c45cd99720d4ca0a38d0538eb0126ad7</id>
<content type='text'>
* maint-2.14:
  Git 2.14.5
  submodule-config: ban submodule paths that start with a dash
  submodule-config: ban submodule urls that start with dash
  submodule--helper: use "--" to signal end of clone options
</content>
</entry>
<entry>
<title>submodule--helper: use "--" to signal end of clone options</title>
<updated>2018-09-27T16:34:55Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2018-09-24T08:32:15Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=98afac7a7cefdca0d2c4917dd8066a59f7088265'/>
<id>urn:sha1:98afac7a7cefdca0d2c4917dd8066a59f7088265</id>
<content type='text'>
When we clone a submodule, we call "git clone $url $path".
But there's nothing to say that those components can't begin
with a dash themselves, confusing git-clone into thinking
they're options. Let's pass "--" to make it clear what we
expect.

There's no test here, because it's actually quite hard to
make these names work, even with "git clone" parsing them
correctly. And we're going to restrict these cases even
further in future commits. So we'll leave off testing until
then; this is just the minimal fix to prevent us from doing
something stupid with a badly formed entry.

Reported-by: joernchen &lt;joernchen@phenoelit.de&gt;
Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Sync with Git 2.15.2</title>
<updated>2018-05-22T05:18:06Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2018-05-22T05:18:06Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=023020401d21c8c48d7f0a123c7ff50888e101c7'/>
<id>urn:sha1:023020401d21c8c48d7f0a123c7ff50888e101c7</id>
<content type='text'>
* maint-2.15:
  Git 2.15.2
  Git 2.14.4
  Git 2.13.7
  verify_path: disallow symlinks in .gitmodules
  update-index: stat updated files earlier
  verify_dotfile: mention case-insensitivity in comment
  verify_path: drop clever fallthrough
  skip_prefix: add case-insensitive variant
  is_{hfs,ntfs}_dotgitmodules: add tests
  is_ntfs_dotgit: match other .git files
  is_hfs_dotgit: match other .git files
  is_ntfs_dotgit: use a size_t for traversing string
  submodule-config: verify submodule names as paths
</content>
</entry>
<entry>
<title>Sync with Git 2.14.4</title>
<updated>2018-05-22T05:15:14Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2018-05-22T05:15:14Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=9e0f06d55df5855178ff41342937943604f6e97c'/>
<id>urn:sha1:9e0f06d55df5855178ff41342937943604f6e97c</id>
<content type='text'>
* maint-2.14:
  Git 2.14.4
  Git 2.13.7
  verify_path: disallow symlinks in .gitmodules
  update-index: stat updated files earlier
  verify_dotfile: mention case-insensitivity in comment
  verify_path: drop clever fallthrough
  skip_prefix: add case-insensitive variant
  is_{hfs,ntfs}_dotgitmodules: add tests
  is_ntfs_dotgit: match other .git files
  is_hfs_dotgit: match other .git files
  is_ntfs_dotgit: use a size_t for traversing string
  submodule-config: verify submodule names as paths
</content>
</entry>
<entry>
<title>Sync with Git 2.13.7</title>
<updated>2018-05-22T05:10:49Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2018-05-22T05:10:49Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=7b01c71b64d25202d80b73cbd46104ebfddbdab3'/>
<id>urn:sha1:7b01c71b64d25202d80b73cbd46104ebfddbdab3</id>
<content type='text'>
* maint-2.13:
  Git 2.13.7
  verify_path: disallow symlinks in .gitmodules
  update-index: stat updated files earlier
  verify_dotfile: mention case-insensitivity in comment
  verify_path: drop clever fallthrough
  skip_prefix: add case-insensitive variant
  is_{hfs,ntfs}_dotgitmodules: add tests
  is_ntfs_dotgit: match other .git files
  is_hfs_dotgit: match other .git files
  is_ntfs_dotgit: use a size_t for traversing string
  submodule-config: verify submodule names as paths
</content>
</entry>
<entry>
<title>index-pack: check .gitmodules files with --strict</title>
<updated>2018-05-22T03:55:12Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2018-05-04T23:45:01Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=73c3f0f704a91b6792e0199a3f3ab6e3a1971675'/>
<id>urn:sha1:73c3f0f704a91b6792e0199a3f3ab6e3a1971675</id>
<content type='text'>
Now that the internal fsck code has all of the plumbing we
need, we can start checking incoming .gitmodules files.
Naively, it seems like we would just need to add a call to
fsck_finish() after we've processed all of the objects. And
that would be enough to cover the initial test included
here. But there are two extra bits:

  1. We currently don't bother calling fsck_object() at all
     for blobs, since it has traditionally been a noop. We'd
     actually catch these blobs in fsck_finish() at the end,
     but it's more efficient to check them when we already
     have the object loaded in memory.

  2. The second pass done by fsck_finish() needs to access
     the objects, but we're actually indexing the pack in
     this process. In theory we could give the fsck code a
     special callback for accessing the in-pack data, but
     it's actually quite tricky:

       a. We don't have an internal efficient index mapping
	  oids to packfile offsets. We only generate it on
	  the fly as part of writing out the .idx file.

       b. We'd still have to reconstruct deltas, which means
          we'd basically have to replicate all of the
	  reading logic in packfile.c.

     Instead, let's avoid running fsck_finish() until after
     we've written out the .idx file, and then just add it
     to our internal packed_git list.

     This does mean that the objects are "in the repository"
     before we finish our fsck checks. But unpack-objects
     already exhibits this same behavior, and it's an
     acceptable tradeoff here for the same reason: the
     quarantine mechanism means that pushes will be
     fully protected.

In addition to a basic push test in t7415, we add a sneaky
pack that reverses the usual object order in the pack,
requiring that index-pack access the tree and blob during
the "finish" step.

This already works for unpack-objects (since it will have
written out loose objects), but we'll check it with this
sneaky pack for good measure.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
</content>
</entry>
<entry>
<title>unpack-objects: call fsck_finish() after fscking objects</title>
<updated>2018-05-22T03:55:12Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2018-05-04T23:40:08Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=6e328d6caef218db320978e3e251009135d87d0e'/>
<id>urn:sha1:6e328d6caef218db320978e3e251009135d87d0e</id>
<content type='text'>
As with the previous commit, we must call fsck's "finish"
function in order to catch any queued objects for
.gitmodules checks.

This second pass will be able to access any incoming
objects, because we will have exploded them to loose objects
by now.

This isn't quite ideal, because it means that bad objects
may have been written to the object database (and a
subsequent operation could then reference them, even if the
other side doesn't send the objects again). However, this is
sufficient when used with receive.fsckObjects, since those
loose objects will all be placed in a temporary quarantine
area that will get wiped if we find any problems.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
</content>
</entry>
<entry>
<title>fsck: call fsck_finish() after fscking objects</title>
<updated>2018-05-22T03:55:12Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2018-05-02T21:20:35Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=1995b5e03e1cc97116be58cdc0502d4a23547856'/>
<id>urn:sha1:1995b5e03e1cc97116be58cdc0502d4a23547856</id>
<content type='text'>
Now that the internal fsck code is capable of checking
.gitmodules files, we just need to teach its callers to use
the "finish" function to check any queued objects.

With this, we can now catch the malicious case in t7415 with
git-fsck.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
</content>
</entry>
</feed>
