Mirror of https://git.kernel.org/pub/scm/git/git.git/ https://git.shady.money/git/atom?h=v2.50.0 2024-12-23T17:32:11Z 2024-12-23T17:32:11Z Junio C Hamano gitster@pobox.com 2024-12-23T17:32:10Z urn:sha1:4156b6a741c7fb15a4eccb320612fb6e453f439c Start working to make the codebase buildable with -Wsign-compare. * ps/build-sign-compare: t/helper: don't depend on implicit wraparound scalar: address -Wsign-compare warnings builtin/patch-id: fix type of `get_one_patchid()` builtin/blame: fix type of `length` variable when emitting object ID gpg-interface: address -Wsign-comparison warnings daemon: fix type of `max_connections` daemon: fix loops that have mismatching integer types global: trivial conversions to fix `-Wsign-compare` warnings pkt-line: fix -Wsign-compare warning on 32 bit platform csum-file: fix -Wsign-compare warning on 32-bit platform diff.h: fix index used to loop through unsigned integer config.mak.dev: drop `-Wno-sign-compare` global: mark code units that generate warnings with `-Wsign-compare` compat/win32: fix -Wsign-compare warning in "wWinMain()" compat/regex: explicitly ignore "-Wsign-compare" warnings git-compat-util: introduce macros to disable "-Wsign-compare" warnings 2024-12-10T01:04:55Z Junio C Hamano gitster@pobox.com 2024-12-10T01:04:55Z urn:sha1:35f40385e441d5aa885f5aa813539d5ed9dc2d26 Loosen overly strict ownership check introduced in the recent past, to keep the promise "cloning a suspicious repository is a safe first step to inspect it". * bc/allow-upload-pack-from-other-people: Allow cloning from repositories owned by another user 2024-12-06T11:20:04Z Patrick Steinhardt ps@pks.im 2024-12-06T10:27:26Z urn:sha1:7d200af27f41b8732dcb1a6c01ff73b7b7b0ecc1 The `max_connections` type tracks how many children git-daemon(1) would spawn at the same time. This value can be controlled via a command line switch: if given a positive value we'll set that up as the limit. But when given either zero or a negative value we don't enforce any limit at all. But even when being passed a negative value we won't actually store it, but normalize it to 0. Still, the variable used to store the config is using a signed integer, which causes warnings when comparing the number of accepted connections (`max_connections`) with the number of current connections being handled (`live_children`). Adapt the type of `max_connections` such that the types of both variables match. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-12-06T11:20:04Z Patrick Steinhardt ps@pks.im 2024-12-06T10:27:25Z urn:sha1:8108d1ac948c1029b29d8180dd5dbfdc5f2efb38 We have several loops in "daemon.c" that use a signed integer to loop through a `size_t`. Adapt them to instead use a `size_t` as counter value. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-12-06T11:20:02Z Patrick Steinhardt ps@pks.im 2024-12-06T10:27:19Z urn:sha1:41f43b8243f42b9df2e98be8460646d4c0100ad3 Mark code units that generate warnings with `-Wsign-compare`. This allows for a structured approach to get rid of all such warnings over time in a way that can be easily measured. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-11-15T02:05:06Z brian m. carlson sandals@crustytoothpaste.net 2024-11-15T00:54:04Z urn:sha1:0ffb5a6bf1b0fd9ce0c0b1fd9ce9fd30b89a2563 Historically, Git has allowed users to clone from an untrusted repository, and we have documented that this is safe to do so: `upload-pack` tries to avoid any dangerous configuration options or hooks from the repository it's serving, making it safe to clone an untrusted directory and run commands on the resulting clone. However, this was broken by f4aa8c8bb1 ("fetch/clone: detect dubious ownership of local repositories", 2024-04-10) in an attempt to make things more secure. That change resulted in a variety of problems when cloning locally and over SSH, but it did not change the stated security boundary. Because the security boundary has not changed, it is safe to adjust part of the code that patch introduced. To do that and restore the previous functionality, adjust enter_repo to take two flags instead of one. The two bits are - ENTER_REPO_STRICT: callers that require exact paths (as opposed to allowing known suffixes like ".git", ".git/.git" to be omitted) can set this bit. Corresponds to the "strict" parameter that the flags word replaces. - ENTER_REPO_ANY_OWNER_OK: callers that are willing to run without ownership check can set this bit. The former is --strict-paths option of "git daemon". The latter is set only by upload-pack, which honors the claimed security boundary. Note that local clones across ownership boundaries require --no-local so that upload-pack is used. Document this fact in the manual page and provide an example. This patch was based on one written by Junio C Hamano. Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-10-24T18:03:43Z Usman Akinyemi usmanakinyemi202@gmail.com 2024-10-24T00:24:56Z urn:sha1:cc4023477f3c958b77c64b7f36f91b4f9d7c5a58 Replace atoi() with strtoul_ui() for --timeout and --init-timeout (non-negative integers) and with strtol_i() for --max-connections (signed integers). This improves error handling and input validation by detecting invalid values and providing clear error messages. Update tests to ensure these arguments are properly validated. Signed-off-by: Usman Akinyemi <usmanakinyemi202@gmail.com> Signed-off-by: Taylor Blau <me@ttaylorr.com> 2024-08-26T18:32:23Z Junio C Hamano gitster@pobox.com 2024-08-26T18:32:22Z urn:sha1:2b30d66c437b156762a0552d01e3825881080c23 Mark unused parameters as UNUSED to squelch -Wunused warnings. * jk/mark-unused-parameters: t-hashmap: stop calling setup() for t_intern() test scalar: mark unused parameters in dummy function daemon: mark unused parameters in non-posix fallbacks setup: mark unused parameter in config callback test-mergesort: mark unused parameters in trivial callback t-hashmap: mark unused parameters in callback function reftable: mark unused parameters in virtual functions reftable: drop obsolete test function declarations reftable: ignore unused argc/argv in test functions unit-tests: ignore unused argc/argv t/helper: mark more unused argv/argc arguments oss-fuzz: mark unused argv/argc argument refs: mark unused parameters in do_for_each_reflog_helper() refs: mark unused parameters in ref_store fsck callbacks update-ref: mark more unused parameters in parser callbacks imap-send: mark unused parameter in ssl_socket_connect() fallback 2024-08-17T16:46:24Z Jeff King peff@peff.net 2024-08-17T08:25:32Z urn:sha1:0b1376d44866e6eae25523d8f1188495dab42ee8 If NO_POSIX_GOODIES is set, we compile fallback versions of a few functions. These don't do anything, so their parameters are unused, but we must keep them to match the ones on the other side of the #ifdef. Mark them to quiet -Wunused-parameter. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2024-08-13T17:01:05Z Patrick Steinhardt ps@pks.im 2024-08-13T09:14:21Z urn:sha1:219de841d9436d759fa52ea60625b60cda8476fd We're about to hide config functions that implicitly depend on `the_repository` behind the `USE_THE_REPOSITORY_VARIABLE` macro. This will uncover a bunch of dependents that transitively relied on the global variable, but didn't define the macro yet. Adapt them such that we define the macro to prepare for this change. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com>