Mirror of https://git.kernel.org/pub/scm/git/git.git/ https://git.shady.money/git/atom?h=v2.46.2 2024-08-26T18:10:17Z 2024-08-26T18:10:17Z Junio C Hamano gitster@pobox.com 2024-08-26T18:10:17Z urn:sha1:87f8426bf7f88d3a5424c486ff4e5fc4b1aa40ab The credential helper to talk to OSX keychain sometimes sent garbage bytes after the username, which has been corrected. * jk/osxkeychain-username-is-nul-terminated: credential/osxkeychain: respect NUL terminator in username 2024-08-01T15:54:47Z Jeff King peff@peff.net 2024-08-01T08:25:56Z urn:sha1:b201316835bbf2c49c2780f23cfd6146f6b8d1a2 This patch fixes a case where git-credential-osxkeychain might output uninitialized bytes to stdout. We need to get the username string from a system API using CFStringGetCString(). To do that, we get the max size for the string from CFStringGetMaximumSizeForEncoding(), allocate a buffer based on that, and then read into it. But then we print the entire buffer to stdout, including the trailing NUL and any extra bytes which were not needed. Instead, we should stop at the NUL. This code comes from 9abe31f5f1 (osxkeychain: replace deprecated SecKeychain API, 2024-02-17). The bug was probably overlooked back then because this code is only used as a fallback when we can't get the string via CFStringGetCStringPtr(). According to Apple's documentation: Whether or not this function returns a valid pointer or NULL depends on many factors, all of which depend on how the string was created and its properties. So it's not clear how we could make a test for this, and we'll have to rely on manually testing on a system that triggered the bug in the first place. Reported-by: Hong Jiang <ilford@gmail.com> Signed-off-by: Jeff King <peff@peff.net> Tested-by: Hong Jiang <ilford@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-07-12T21:32:52Z Johannes Schindelin johannes.schindelin@gmx.de 2024-07-12T20:34:10Z urn:sha1:872721538c2612bd330f09423e465035882c4168 When the `oidtree` test helper was turned into a unit test, a new `lib-oid` source file was added as dependency. This was only done in the Makefile so far, but also needs to be done in the CMake definition. This is a companion of ed548408723d (t/: migrate helper/test-oidtree.c to unit-tests/t-oidtree.c, 2024-06-08). Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-05-28T18:17:11Z Junio C Hamano gitster@pobox.com 2024-05-28T18:17:11Z urn:sha1:2a1a882890a3336f6f44d33793eedb70ff75d37a The credential helper that talks with osx keychain learned to avoid storing back the authentication material it just got received from the keychain. * kn/osxkeychain-skip-idempotent-store: osxkeychain: state to skip unnecessary store operations osxkeychain: exclusive lock to serialize execution of operations 2024-05-28T18:17:08Z Junio C Hamano gitster@pobox.com 2024-05-28T18:17:08Z urn:sha1:7a40196328b5dc94da846cb8354e605508180faf The command line completion script (in contrib/) has been adjusted to the recent update to "git config" that adopted subcommand based UI. * ps/complete-config-w-subcommands: completion: adapt git-config(1) to complete subcommands 2024-05-17T16:26:19Z Patrick Steinhardt ps@pks.im 2024-05-17T06:13:36Z urn:sha1:5dd5007f8936f8d37cf95119e83039bd9237a3c5 With fe3ccc7aab (Merge branch 'ps/config-subcommands', 2024-05-15), git-config(1) has gained support for subcommands. These subcommands live next to the old, action-based mode, so that both the old and new way continue to work. The manpage for this command has been updated to prominently show the subcommands, and the action-based modes are marked as deprecated. Update Bash completion scripts accordingly to advertise subcommands instead of actions. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-05-16T17:10:14Z Junio C Hamano gitster@pobox.com 2024-05-16T17:10:13Z urn:sha1:bca900904d854babf2493d57c0fee3ab421fe750 The refs API lost functions that implicitly assumes to work on the primary ref_store by forcing the callers to pass a ref_store as an argument. * ps/refs-without-the-repository: refs: remove functions without ref store cocci: apply rules to rewrite callers of "refs" interfaces cocci: introduce rules to transform "refs" to pass ref store refs: add `exclude_patterns` parameter to `for_each_fullref_in()` refs: introduce missing functions that accept a `struct ref_store` 2024-05-15T21:02:45Z Koji Nakamaru koji.nakamaru@gree.net 2024-05-15T19:21:07Z urn:sha1:e1ab45b2dab51f94db9548666dfd7af626d2aa7e git passes a credential that has been used successfully to the helpers to record. If a credential is already stored, "git-credential-osxkeychain store" just records the credential returned by "git-credential-osxkeychain get", and unnecessary (sometimes problematic) SecItemAdd() and/or SecItemUpdate() are performed. We can skip such unnecessary operations by marking a credential returned by "git-credential-osxkeychain get". This marking can be done by utilizing the "state[]" feature: - The "get" command sets the field "state[]=osxkeychain:seen=1". - The "store" command skips its actual operation if the field "state[]=osxkeychain:seen=1" exists. Introduce a new state "state[]=osxkeychain:seen=1". Suggested-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Koji Nakamaru <koji.nakamaru@gree.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-05-15T21:02:44Z Koji Nakamaru koji.nakamaru@gree.net 2024-05-15T19:21:06Z urn:sha1:fcf5b74e59c1c0d18a8e8e939475007b3b5f83ad git passes a credential that has been used successfully to the helpers to record. If "git-credential-osxkeychain store" commands run in parallel (with fetch.parallel configuration and/or by running multiple git commands simultaneously), some of them may exit with the error "failed to store: -25299". This is because SecItemUpdate() in add_internet_password() may return errSecDuplicateItem (-25299) in this situation. Apple's documentation [1] also states as below: In macOS, some of the functions of this API block while waiting for input from the user (for example, when the user is asked to unlock a keychain or give permission to change trust settings). In general, it is safe to use this API in threads other than your main thread, but avoid calling the functions from multiple operations, work queues, or threads concurrently. Instead, serialize function calls or confine them to a single thread. The error has not been noticed before, because the former implementation ignored the error. Introduce an exclusive lock to serialize execution of operations. [1] https://developer.apple.com/documentation/security/certificate_key_and_trust_services/working_with_concurrency Signed-off-by: Koji Nakamaru <koji.nakamaru@gree.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-05-15T16:52:52Z Junio C Hamano gitster@pobox.com 2024-05-15T16:52:52Z urn:sha1:b7a1d47ba5dd0df476104a63c6ddffe2d52fccf8 The "test-tool" has been taught to run testsuite tests in parallel, bypassing the need to use the "prove" tool. * js/unit-test-suite-runner: cmake: let `test-tool` run the unit tests, too ci: use test-tool as unit test runner on Windows t/Makefile: run unit tests alongside shell tests unit tests: add rule for running with test-tool test-tool run-command testsuite: support unit tests test-tool run-command testsuite: remove hardcoded filter test-tool run-command testsuite: get shell from env t0080: turn t-basic unit test into a helper