<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/git-compat-util.h, branch v2.32.7</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.32.7</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.32.7'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2022-12-13T12:09:40Z</updated>
<entry>
<title>Sync with Git 2.31.6</title>
<updated>2022-12-13T12:09:40Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2022-12-13T12:09:40Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=8a755eddf5bf256613bc584f32cd44401a25897c'/>
<id>urn:sha1:8a755eddf5bf256613bc584f32cd44401a25897c</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Sync with Git 2.30.7</title>
<updated>2022-12-13T12:02:20Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2022-12-13T12:02:20Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=16128765d70f1375bcde3f27f51f85492b176a59'/>
<id>urn:sha1:16128765d70f1375bcde3f27f51f85492b176a59</id>
<content type='text'>
</content>
</entry>
<entry>
<title>pretty: fix integer overflow in wrapping format</title>
<updated>2022-12-09T05:26:21Z</updated>
<author>
<name>Patrick Steinhardt</name>
<email>ps@pks.im</email>
</author>
<published>2022-12-01T14:46:49Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=48050c42c73c28b0c001d63d11dffac7e116847b'/>
<id>urn:sha1:48050c42c73c28b0c001d63d11dffac7e116847b</id>
<content type='text'>
The `%w(width,indent1,indent2)` formatting directive can be used to
rewrap text to a specific width and is designed after git-shortlog(1)'s
`-w` parameter. While the three parameters are all stored as `size_t`
internally, `strbuf_add_wrapped_text()` accepts integers as input. As a
result, the casted integers may overflow. As these now-negative integers
are later on passed to `strbuf_addchars()`, we will ultimately run into
implementation-defined behaviour due to casting a negative number back
to `size_t` again. On my platform, this results in trying to allocate
9000 petabyte of memory.

Fix this overflow by using `cast_size_t_to_int()` so that we reject
inputs that cannot be represented as an integer.

Signed-off-by: Patrick Steinhardt &lt;ps@pks.im&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Sync with 2.31.4</title>
<updated>2022-06-23T10:35:30Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-06-23T10:35:30Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=fc0c773028685cdbae35c6c71f3fd3b87ab70985'/>
<id>urn:sha1:fc0c773028685cdbae35c6c71f3fd3b87ab70985</id>
<content type='text'>
* maint-2.31:
  Git 2.31.4
  Git 2.30.5
  setup: tighten ownership checks post CVE-2022-24765
  git-compat-util: allow root to access both SUDO_UID and root owned
  t0034: add negative tests and allow git init to mostly work under sudo
  git-compat-util: avoid failing dir ownership checks if running privileged
  t: regression git needs safe.directory when using sudo
</content>
</entry>
<entry>
<title>Sync with 2.30.5</title>
<updated>2022-06-23T10:35:23Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-06-23T10:35:23Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=2f8809f9a1838eb607f14097dcd63071f2eb00fe'/>
<id>urn:sha1:2f8809f9a1838eb607f14097dcd63071f2eb00fe</id>
<content type='text'>
* maint-2.30:
  Git 2.30.5
  setup: tighten ownership checks post CVE-2022-24765
  git-compat-util: allow root to access both SUDO_UID and root owned
  t0034: add negative tests and allow git init to mostly work under sudo
  git-compat-util: avoid failing dir ownership checks if running privileged
  t: regression git needs safe.directory when using sudo
</content>
</entry>
<entry>
<title>git-compat-util: allow root to access both SUDO_UID and root owned</title>
<updated>2022-06-17T21:03:08Z</updated>
<author>
<name>Carlo Marcelo Arenas Belón</name>
<email>carenas@gmail.com</email>
</author>
<published>2022-06-17T20:23:38Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=6b11e3d52e919cce91011f4f9025e6f4b61375f2'/>
<id>urn:sha1:6b11e3d52e919cce91011f4f9025e6f4b61375f2</id>
<content type='text'>
Previous changes introduced a regression which will prevent root for
accessing repositories owned by thyself if using sudo because SUDO_UID
takes precedence.

Loosen that restriction by allowing root to access repositories owned
by both uid by default and without having to add a safe.directory
exception.

A previous workaround that was documented in the tests is no longer
needed so it has been removed together with its specially crafted
prerequisite.

Helped-by: Johanness Schindelin &lt;Johannes.Schindelin@gmx.de&gt;
Signed-off-by: Carlo Marcelo Arenas Belón &lt;carenas@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>git-compat-util: avoid failing dir ownership checks if running privileged</title>
<updated>2022-05-13T01:12:23Z</updated>
<author>
<name>Carlo Marcelo Arenas Belón</name>
<email>carenas@gmail.com</email>
</author>
<published>2022-05-13T01:00:18Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=ae9abbb63eea74441e3e8b153dc6ec1f94c373b4'/>
<id>urn:sha1:ae9abbb63eea74441e3e8b153dc6ec1f94c373b4</id>
<content type='text'>
bdc77d1d685 (Add a function to determine whether a path is owned by the
current user, 2022-03-02) checks for the effective uid of the running
process using geteuid() but didn't account for cases where that user was
root (because git was invoked through sudo or a compatible tool) and the
original uid that repository trusted for its config was no longer known,
therefore failing the following otherwise safe call:

  guy@renard ~/Software/uncrustify $ sudo git describe --always --dirty
  [sudo] password for guy:
  fatal: unsafe repository ('/home/guy/Software/uncrustify' is owned by someone else)

Attempt to detect those cases by using the environment variables that
those tools create to keep track of the original user id, and do the
ownership check using that instead.

This assumes the environment the user is running on after going
privileged can't be tampered with, and also adds code to restrict that
the new behavior only applies if running as root, therefore keeping the
most common case, which runs unprivileged, from changing, but because of
that, it will miss cases where sudo (or an equivalent) was used to change
to another unprivileged user or where the equivalent tool used to raise
privileges didn't track the original id in a sudo compatible way.

Because of compatibility with sudo, the code assumes that uid_t is an
unsigned integer type (which is not required by the standard) but is used
that way in their codebase to generate SUDO_UID.  In systems where uid_t
is signed, sudo might be also patched to NOT be unsigned and that might
be able to trigger an edge case and a bug (as described in the code), but
it is considered unlikely to happen and even if it does, the code would
just mostly fail safely, so there was no attempt either to detect it or
prevent it by the code, which is something that might change in the future,
based on expected user feedback.

Reported-by: Guy Maurel &lt;guy.j@maurel.de&gt;
Helped-by: SZEDER Gábor &lt;szeder.dev@gmail.com&gt;
Helped-by: Randall Becker &lt;rsbecker@nexbridge.com&gt;
Helped-by: Phillip Wood &lt;phillip.wood123@gmail.com&gt;
Suggested-by: Johannes Schindelin &lt;Johannes.Schindelin@gmx.de&gt;
Signed-off-by: Carlo Marcelo Arenas Belón &lt;carenas@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Sync with 2.31.2</title>
<updated>2022-03-23T23:31:28Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-03-17T09:57:37Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=201b0c7af6cad52cf6f0cfc46bd48201a23f6224'/>
<id>urn:sha1:201b0c7af6cad52cf6f0cfc46bd48201a23f6224</id>
<content type='text'>
* maint-2.31:
  Git 2.31.2
  Git 2.30.3
  setup_git_directory(): add an owner check for the top-level directory
  Add a function to determine whether a path is owned by the current user
</content>
</entry>
<entry>
<title>Sync with 2.30.3</title>
<updated>2022-03-23T23:24:29Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-03-17T09:57:31Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=6a2381a3e5176b8deb69c799ed2b600366d36d39'/>
<id>urn:sha1:6a2381a3e5176b8deb69c799ed2b600366d36d39</id>
<content type='text'>
* maint-2.30:
  Git 2.30.3
  setup_git_directory(): add an owner check for the top-level directory
  Add a function to determine whether a path is owned by the current user
</content>
</entry>
<entry>
<title>Add a function to determine whether a path is owned by the current user</title>
<updated>2022-03-21T12:16:26Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-03-02T10:06:24Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=bdc77d1d685be9c10b88abb281a42bc620548595'/>
<id>urn:sha1:bdc77d1d685be9c10b88abb281a42bc620548595</id>
<content type='text'>
This function will be used in the next commit to prevent
`setup_git_directory()` from discovering a repository in a directory
that is owned by someone other than the current user.

Note: We cannot simply use `st.st_uid` on Windows just like we do on
Linux and other Unix-like platforms: according to
https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/stat-functions
this field is always zero on Windows (because Windows' idea of a user ID
does not fit into a single numerical value). Therefore, we have to do
something a little involved to replicate the same functionality there.

Also note: On Windows, a user's home directory is not actually owned by
said user, but by the administrator. For all practical purposes, it is
under the user's control, though, therefore we pretend that it is owned
by the user.

Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
</content>
</entry>
</feed>
