<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/http.c, branch v1.8.2.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v1.8.2.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v1.8.2.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2013-02-06T15:50:56Z</updated>
<entry>
<title>http_request: reset "type" strbuf before adding</title>
<updated>2013-02-06T15:50:56Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2013-02-06T10:39:52Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=3443db51a0f2a43061d4badc6a0065672386eae5'/>
<id>urn:sha1:3443db51a0f2a43061d4badc6a0065672386eae5</id>
<content type='text'>
Callers may pass us a strbuf which we use to record the
content-type of the response. However, we simply appended to
it rather than overwriting its contents, meaning that cruft
in the strbuf gave us a bogus type. E.g., the multiple
requests triggered by http_request could yield a type like
"text/plainapplication/x-git-receive-pack-advertisement".

Reported-by: Michael Schubert &lt;mschub@elegosoft.com&gt;
Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Verify Content-Type from smart HTTP servers</title>
<updated>2013-02-04T18:22:36Z</updated>
<author>
<name>Shawn Pearce</name>
<email>spearce@spearce.org</email>
</author>
<published>2013-01-31T21:02:07Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=4656bf47fca857df51b5d6f4b7b052192b3b2317'/>
<id>urn:sha1:4656bf47fca857df51b5d6f4b7b052192b3b2317</id>
<content type='text'>
Before parsing a suspected smart-HTTP response verify the returned
Content-Type matches the standard. This protects a client from
attempting to process a payload that smells like a smart-HTTP
server response.

JGit has been doing this check on all responses since the dawn of
time. I mistakenly failed to include it in git-core when smart HTTP
was introduced. At the time I didn't know how to get the Content-Type
from libcurl. I punted, meant to circle back and fix this, and just
plain forgot about it.

Signed-off-by: Shawn Pearce &lt;spearce@spearce.org&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'rb/http-cert-cred-no-username-prompt' into maint</title>
<updated>2013-01-10T22:03:54Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2013-01-10T22:03:54Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=8bc714b4088d162ac4a7327d672139a0c2907917'/>
<id>urn:sha1:8bc714b4088d162ac4a7327d672139a0c2907917</id>
<content type='text'>
* rb/http-cert-cred-no-username-prompt:
  http.c: Avoid username prompt for certifcate credentials
</content>
</entry>
<entry>
<title>http.c: Avoid username prompt for certifcate credentials</title>
<updated>2012-12-21T18:19:40Z</updated>
<author>
<name>Rene Bredlau</name>
<email>git@unrelated.de</email>
</author>
<published>2012-12-21T16:31:19Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=75e9a405d4a3fdf9d84282c5fac065257887fd96'/>
<id>urn:sha1:75e9a405d4a3fdf9d84282c5fac065257887fd96</id>
<content type='text'>
If sslCertPasswordProtected is set to true do not ask for username to decrypt rsa key. This question is pointless, the key is only protected by a password. Internaly the username is simply set to "".

Signed-off-by: Rene Bredlau &lt;git@unrelated.de&gt;
Acked-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'sz/maint-curl-multi-timeout'</title>
<updated>2012-11-09T17:50:56Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-11-09T17:50:56Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=23a50a1fb113b702012935ee8c6e945cf58edbd7'/>
<id>urn:sha1:23a50a1fb113b702012935ee8c6e945cf58edbd7</id>
<content type='text'>
Sometimes curl_multi_timeout() function suggested a wrong timeout
value when there is no file descriptors to wait on and the http
transport ended up sleeping for minutes in select(2) system call.
Detect this and reduce the wait timeout in such a case.

* sz/maint-curl-multi-timeout:
  Fix potential hang in https handshake
</content>
</entry>
<entry>
<title>Merge branch 'jk/maint-http-init-not-in-result-handler'</title>
<updated>2012-10-29T08:13:09Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-10-29T08:13:09Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=58f3f9893dc287bd5b7ec4bbd3fc56b77e126e6c'/>
<id>urn:sha1:58f3f9893dc287bd5b7ec4bbd3fc56b77e126e6c</id>
<content type='text'>
Further clean-up to the http codepath that picks up results after
cURL library is done with one request slot.

* jk/maint-http-init-not-in-result-handler:
  http: do not set up curl auth after a 401
  remote-curl: do not call run_slot repeatedly
</content>
</entry>
<entry>
<title>Fix potential hang in https handshake</title>
<updated>2012-10-19T21:15:17Z</updated>
<author>
<name>Stefan Zager</name>
<email>szager@google.com</email>
</author>
<published>2012-10-19T21:04:20Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=7202b81ffccf89605ce2726ff9d63202b5f1da7f'/>
<id>urn:sha1:7202b81ffccf89605ce2726ff9d63202b5f1da7f</id>
<content type='text'>
It has been observed that curl_multi_timeout may return a very long
timeout value (e.g., 294 seconds and some usec) just before
curl_multi_fdset returns no file descriptors for reading.  The
upshot is that select() will hang for a long time -- long enough for
an https handshake to be dropped.  The observed behavior is that
the git command will hang at the terminal and never transfer any
data.

This patch is a workaround for a probable bug in libcurl.  The bug
only seems to manifest around a very specific set of circumstances:

- curl version (from curl/curlver.h):

 #define LIBCURL_VERSION_NUM 0x071307

- git-remote-https running on an ubuntu-lucid VM.
- Connecting through squid proxy running on another VM.

Interestingly, the problem doesn't manifest if a host connects
through squid proxy running on localhost; only if the proxy is on
a separate VM (not sure if the squid host needs to be on a separate
physical machine).  That would seem to suggest that this issue
is timing-sensitive.

This patch is more or less in line with a recommendation in the
curl docs about how to behave when curl_multi_fdset doesn't return
and file descriptors:

http://curl.haxx.se/libcurl/c/curl_multi_fdset.html

Signed-off-by: Stefan Zager &lt;szager@google.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'jk/maint-http-half-auth-push' into maint</title>
<updated>2012-10-17T17:29:24Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2012-10-17T17:29:24Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e98fa647aa5673cc95b6e9be1fdc13c0afa2cb37'/>
<id>urn:sha1:e98fa647aa5673cc95b6e9be1fdc13c0afa2cb37</id>
<content type='text'>
* jk/maint-http-half-auth-push:
  http: fix segfault in handle_curl_result
</content>
</entry>
<entry>
<title>Merge branch 'jk/maint-http-half-auth-push'</title>
<updated>2012-10-16T18:44:37Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2012-10-16T18:44:37Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=053a08f5bba3444d40516baf30a5d61e42e4fb93'/>
<id>urn:sha1:053a08f5bba3444d40516baf30a5d61e42e4fb93</id>
<content type='text'>
Fixes a regression in maint-1.7.11 (v1.7.11.7), maint (v1.7.12.1)
and master (v1.8.0-rc0).

* jk/maint-http-half-auth-push:
  http: fix segfault in handle_curl_result
</content>
</entry>
<entry>
<title>http: do not set up curl auth after a 401</title>
<updated>2012-10-12T16:45:15Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-10-12T07:35:59Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=1960897ebc5a899a8e4ec3c2afc1d2325574fe41'/>
<id>urn:sha1:1960897ebc5a899a8e4ec3c2afc1d2325574fe41</id>
<content type='text'>
When we get an http 401, we prompt for credentials and put
them in our global credential struct. We also feed them to
the curl handle that produced the 401, with the intent that
they will be used on a retry.

When the code was originally introduced in commit 42653c0,
this was a necessary step. However, since dfa1725, we always
feed our global credential into every curl handle when we
initialize the slot with get_active_slot. So every further
request already feeds the credential to curl.

Moreover, accessing the slot here is somewhat dubious. After
the slot has produced a response, we don't actually control
it any more.  If we are using curl_multi, it may even have
been re-initialized to handle a different request.

It just so happens that we will reuse the curl handle within
the slot in such a case, and that because we only keep one
global credential, it will be the one we want.  So the
current code is not buggy, but it is misleading.

By cleaning it up, we can remove the slot argument entirely
from handle_curl_result, making it much more obvious that
slots should not be accessed after they are marked as
finished.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
