Mirror of https://git.kernel.org/pub/scm/git/git.git/ https://git.shady.money/git/atom?h=v2.7.2 2015-11-20T13:02:05Z 2015-11-20T13:02:05Z brian m. carlson sandals@crustytoothpaste.net 2015-11-10T02:22:23Z urn:sha1:e96b16cc2a1920ab8349a58e2501a3d30818f9e9 Replace an unsigned char array with struct object_id and express several hard-coded constants in terms of GIT_SHA1_HEXSZ. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Jeff King <peff@peff.net> 2015-11-20T13:02:05Z brian m. carlson sandals@crustytoothpaste.net 2015-11-10T02:22:20Z urn:sha1:f4e54d02b894064d370e461385b48701485672bd Use struct object_id in three fields in struct ref and convert all the necessary places that use it. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Jeff King <peff@peff.net> 2015-10-20T22:24:01Z Junio C Hamano gitster@pobox.com 2015-10-20T22:24:00Z urn:sha1:78891795df91a313fac590dd6cff9d8aace0dc9a Many allocations that is manually counted (correctly) that are followed by strcpy/sprintf have been replaced with a less error prone constructs such as xstrfmt. Macintosh-specific breakage was noticed and corrected in this reroll. * jk/war-on-sprintf: (70 commits) name-rev: use strip_suffix to avoid magic numbers use strbuf_complete to conditionally append slash fsck: use for_each_loose_file_in_objdir Makefile: drop D_INO_IN_DIRENT build knob fsck: drop inode-sorting code convert strncpy to memcpy notes: document length of fanout path with a constant color: add color_set helper for copying raw colors prefer memcpy to strcpy help: clean up kfmclient munging receive-pack: simplify keep_arg computation avoid sprintf and strcpy with flex arrays use alloc_ref rather than hand-allocating "struct ref" color: add overflow checks for parsing colors drop strcpy in favor of raw sha1_to_hex use sha1_to_hex_r() instead of strcpy daemon: use cld->env_array when re-spawning stat_tracking_info: convert to argv_array http-push: use an argv_array for setup_revisions fetch-pack: use argv_array for index-pack / unpack-objects ... 2015-10-14T21:30:17Z Junio C Hamano gitster@pobox.com 2015-10-14T21:30:16Z urn:sha1:d10a7f75355ad0d4699695bb74778c8adee78903 * tk/typofix-connect-unknown-proto-error: connect: fix typo in result string of prot_name() 2015-10-05T20:20:08Z Junio C Hamano gitster@pobox.com 2015-10-05T19:46:27Z urn:sha1:590f6e4235a7d44ad39511186ca8bbac02ae8c2e 2015-09-28T22:28:31Z Junio C Hamano gitster@pobox.com 2015-09-28T22:28:26Z urn:sha1:6343e2f6f271cf344ea8e7384342502faecaf37c 2015-09-25T17:18:18Z Jeff King peff@peff.net 2015-09-24T21:06:08Z urn:sha1:5096d4909f9b13c7a650d9dbb7c9702ea7413566 We sometimes sprintf into fixed-size buffers when we know that the buffer is large enough to fit the input (either because it's a constant, or because it's numeric input that is bounded in size). Likewise with strcpy of constant strings. However, these sites make it hard to audit sprintf and strcpy calls for buffer overflows, as a reader has to cross-reference the size of the array with the input. Let's use xsnprintf instead, which communicates to a reader that we don't expect this to overflow (and catches the mistake in case we do). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-09-25T17:01:07Z Tobias Klauser tklauser@distanz.ch 2015-09-24T12:44:49Z urn:sha1:83e6bda3fa564fe6b1946712a17efce1d10ed2c0 Replace 'unkown' with 'unknown'. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-09-23T18:35:48Z Jeff King peff@peff.net 2015-09-16T17:12:52Z urn:sha1:a5adaced2e13c135d5d9cc65be9eb95aa3bacedf If we are cloning an untrusted remote repository into a sandbox, we may also want to fetch remote submodules in order to get the complete view as intended by the other side. However, that opens us up to attacks where a malicious user gets us to clone something they would not otherwise have access to (this is not necessarily a problem by itself, but we may then act on the cloned contents in a way that exposes them to the attacker). Ideally such a setup would sandbox git entirely away from high-value items, but this is not always practical or easy to set up (e.g., OS network controls may block multiple protocols, and we would want to enable some but not others). We can help this case by providing a way to restrict particular protocols. We use a whitelist in the environment. This is more annoying to set up than a blacklist, but defaults to safety if the set of protocols git supports grows). If no whitelist is specified, we continue to default to allowing all protocols (this is an "unsafe" default, but since the minority of users will want this sandboxing effect, it is the only sensible one). A note on the tests: ideally these would all be in a single test file, but the git-daemon and httpd test infrastructure is an all-or-nothing proposition rather than a test-by-test prerequisite. By putting them all together, we would be unable to test the file-local code on machines without apache. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-09-08T22:33:21Z Jeff King peff@peff.net 2015-09-08T08:33:14Z urn:sha1:a48b409f9ccd4e1957286ba064fd3a25a9ea2b56 When executing user-specified programs, we generally always want to use a shell, for flexibility and consistency. One big exception is executing $GIT_SSH, which for historical reasons must not use a shell. Once upon a time the logic in git_connect looked like: if (protocol == PROTO_SSH) { ... setup ssh ... } else { ... setup local connection ... conn->use_shell = 1; } But over time the PROTO_SSH block has grown, and the "local" block has shrunk so that it contains only conn->use_shell; it's easy to miss at the end of the large block. Moreover, PROTO_SSH now also sometimes sets use_shell, when the new GIT_SSH_COMMAND is used. Let's just set conn->use_shell when we're setting up the "conn" struct, and unset it (with a comment) in the historical GIT_SSH case. This will make the flow easier to follow. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>