<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/read-cache.c, branch v2.42.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.42.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.42.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2024-04-19T10:38:46Z</updated>
<entry>
<title>Sync with 2.41.1</title>
<updated>2024-04-19T10:38:46Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2024-04-17T09:39:09Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=be348e9815285636789dccd4aef85b5bab5f8557'/>
<id>urn:sha1:be348e9815285636789dccd4aef85b5bab5f8557</id>
<content type='text'>
* maint-2.41: (38 commits)
  Git 2.41.1
  Git 2.40.2
  Git 2.39.4
  fsck: warn about symlink pointing inside a gitdir
  core.hooksPath: add some protection while cloning
  init.templateDir: consider this config setting protected
  clone: prevent hooks from running during a clone
  Add a helper function to compare file contents
  init: refactor the template directory discovery into its own function
  find_hook(): refactor the `STRIP_EXTENSION` logic
  clone: when symbolic links collide with directories, keep the latter
  entry: report more colliding paths
  t5510: verify that D/F confusion cannot lead to an RCE
  submodule: require the submodule path to contain directories only
  clone_submodule: avoid using `access()` on directories
  submodules: submodule paths must not contain symlinks
  clone: prevent clashing git dirs when cloning submodule in parallel
  t7423: add tests for symlinked submodule directories
  has_dir_name(): do not get confused by characters &lt; '/'
  docs: document security issues around untrusted .git dirs
  ...
</content>
</entry>
<entry>
<title>Sync with 2.40.2</title>
<updated>2024-04-19T10:38:42Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2024-04-17T09:38:18Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=f5b2af06f55c0f21ae0199be5fe120f2cccd698b'/>
<id>urn:sha1:f5b2af06f55c0f21ae0199be5fe120f2cccd698b</id>
<content type='text'>
* maint-2.40: (39 commits)
  Git 2.40.2
  Git 2.39.4
  fsck: warn about symlink pointing inside a gitdir
  core.hooksPath: add some protection while cloning
  init.templateDir: consider this config setting protected
  clone: prevent hooks from running during a clone
  Add a helper function to compare file contents
  init: refactor the template directory discovery into its own function
  find_hook(): refactor the `STRIP_EXTENSION` logic
  clone: when symbolic links collide with directories, keep the latter
  entry: report more colliding paths
  t5510: verify that D/F confusion cannot lead to an RCE
  submodule: require the submodule path to contain directories only
  clone_submodule: avoid using `access()` on directories
  submodules: submodule paths must not contain symlinks
  clone: prevent clashing git dirs when cloning submodule in parallel
  t7423: add tests for symlinked submodule directories
  has_dir_name(): do not get confused by characters &lt; '/'
  docs: document security issues around untrusted .git dirs
  upload-pack: disable lazy-fetching by default
  ...
</content>
</entry>
<entry>
<title>Sync with 2.39.4</title>
<updated>2024-04-19T10:38:37Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2024-04-12T07:45:28Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=93a88f42db7ed9a975768df0e5f4516317c50dda'/>
<id>urn:sha1:93a88f42db7ed9a975768df0e5f4516317c50dda</id>
<content type='text'>
* maint-2.39: (38 commits)
  Git 2.39.4
  fsck: warn about symlink pointing inside a gitdir
  core.hooksPath: add some protection while cloning
  init.templateDir: consider this config setting protected
  clone: prevent hooks from running during a clone
  Add a helper function to compare file contents
  init: refactor the template directory discovery into its own function
  find_hook(): refactor the `STRIP_EXTENSION` logic
  clone: when symbolic links collide with directories, keep the latter
  entry: report more colliding paths
  t5510: verify that D/F confusion cannot lead to an RCE
  submodule: require the submodule path to contain directories only
  clone_submodule: avoid using `access()` on directories
  submodules: submodule paths must not contain symlinks
  clone: prevent clashing git dirs when cloning submodule in parallel
  t7423: add tests for symlinked submodule directories
  has_dir_name(): do not get confused by characters &lt; '/'
  docs: document security issues around untrusted .git dirs
  upload-pack: disable lazy-fetching by default
  fetch/clone: detect dubious ownership of local repositories
  ...
</content>
</entry>
<entry>
<title>has_dir_name(): do not get confused by characters &lt; '/'</title>
<updated>2024-04-17T20:29:58Z</updated>
<author>
<name>Filip Hejsek</name>
<email>filip.hejsek@gmail.com</email>
</author>
<published>2024-01-28T03:30:25Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=c30a574a0b50e64f26885f740dd49d2420b9bed7'/>
<id>urn:sha1:c30a574a0b50e64f26885f740dd49d2420b9bed7</id>
<content type='text'>
There is a bug in directory/file ("D/F") conflict checking optimization:
It assumes that such a conflict cannot happen if a newly added entry's
path is lexicgraphically "greater than" the last already-existing index
entry _and_ contains a directory separator that comes strictly after the
common prefix (`len &gt; len_eq_offset`).

This assumption is incorrect, though: `a-` sorts _between_ `a` and
`a/b`, their common prefix is `a`, the slash comes after the common
prefix, and there is still a file/directory conflict.

Let's re-design this logic, taking these facts into consideration:

- It is impossible for a file to sort after another file with whose
  directory it conflicts because the trailing NUL byte is always smaller
  than any other character.

- Since there are quite a number of ASCII characters that sort before
  the slash (e.g. `-`, `.`, the space character), looking at the last
  already-existing index entry is not enough to determine whether there
  is a D/F conflict when the first character different from the
  existing last index entry's path is a slash.

  If it is not a slash, there cannot be a file/directory conflict.

  And if the existing index entry's first different character is a
  slash, it also cannot be a file/directory conflict because the
  optimization requires the newly-added entry's path to sort _after_ the
  existing entry's, and the conflicting file's path would not.

So let's fall back to the regular binary search whenever the newly-added
item's path differs in a slash character. If it does not, and it sorts
after the last index entry, there is no D/F conflict and the new index
entry can be safely appended.

This fix also nicely simplifies the logic and makes it much easier to
reason about, while the impact on performance should be negligible:
After this fix, the optimization will be skipped only when index
entry's paths differ in a slash and a space, `!`,  `"`,  `#`,  `$`,
`%`, `&amp;`,  `'`,  | (  `)`,  `*`,  `+`,  `,`,  `-`, or  `.`, which should
be a rare situation.

Signed-off-by: Filip Hejsek &lt;filip.hejsek@gmail.com&gt;
Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
</content>
</entry>
<entry>
<title>Merge branch 'cw/compat-util-header-cleanup'</title>
<updated>2023-07-17T18:30:42Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2023-07-17T18:30:42Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=ce481ac8b31c9061eeecd1ba0d7174b621f96632'/>
<id>urn:sha1:ce481ac8b31c9061eeecd1ba0d7174b621f96632</id>
<content type='text'>
Further shuffling of declarations across header files to streamline
file dependencies.

* cw/compat-util-header-cleanup:
  git-compat-util: move alloc macros to git-compat-util.h
  treewide: remove unnecessary includes for wrapper.h
  kwset: move translation table from ctype
  sane-ctype.h: create header for sane-ctype macros
  git-compat-util: move wrapper.c funcs to its header
  git-compat-util: move strbuf.c funcs to its header
</content>
</entry>
<entry>
<title>Merge branch 'js/empty-index-fixes'</title>
<updated>2023-07-08T18:23:07Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2023-07-08T18:23:07Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=7f5ad0ca8d1d7db7a21755af34251714d86b2ec1'/>
<id>urn:sha1:7f5ad0ca8d1d7db7a21755af34251714d86b2ec1</id>
<content type='text'>
A few places failed to differenciate the case where the index is
truly empty (nothing added) and we haven't yet read from the
on-disk index file, which have been corrected.

* js/empty-index-fixes:
  commit -a -m: allow the top-level tree to become empty again
  split-index: accept that a base index can be empty
  do_read_index(): always mark index as initialized unless erroring out
</content>
</entry>
<entry>
<title>git-compat-util: move alloc macros to git-compat-util.h</title>
<updated>2023-07-05T18:42:31Z</updated>
<author>
<name>Calvin Wan</name>
<email>calvinwan@google.com</email>
</author>
<published>2023-07-05T17:09:24Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=91c080dff511b7a81f91d1cc79589b49e16a2b7a'/>
<id>urn:sha1:91c080dff511b7a81f91d1cc79589b49e16a2b7a</id>
<content type='text'>
alloc_nr, ALLOC_GROW, and ALLOC_GROW_BY are commonly used macros for
dynamic array allocation. Moving these macros to git-compat-util.h with
the other alloc macros focuses alloc.[ch] to allocation for Git objects
and additionally allows us to remove inclusions to alloc.h from files
that solely used the above macros.

Signed-off-by: Calvin Wan &lt;calvinwan@google.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>treewide: remove unnecessary includes for wrapper.h</title>
<updated>2023-07-05T18:41:59Z</updated>
<author>
<name>Calvin Wan</name>
<email>calvinwan@google.com</email>
</author>
<published>2023-07-05T17:09:23Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=da9502ff4dc495471a1a080dc297cd6e4628c10c'/>
<id>urn:sha1:da9502ff4dc495471a1a080dc297cd6e4628c10c</id>
<content type='text'>
Signed-off-by: Calvin Wan &lt;calvinwan@google.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>split-index: accept that a base index can be empty</title>
<updated>2023-06-29T19:20:04Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2023-06-29T13:23:09Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=7667f4f0a3c2002940c0b03930597fddc8599277'/>
<id>urn:sha1:7667f4f0a3c2002940c0b03930597fddc8599277</id>
<content type='text'>
We are about to fix an ancient bug where `do_read_index()` pretended
that the index was not initialized when there are no index entries.

Before the `index_state` structure gained the `initialized` flag in
913e0e99b6a (unpack_trees(): protect the handcrafted in-core index from
read_cache(), 2008-08-23), that was the best we could do (even if it was
incorrect: it is totally possible to read a Git index file that contains
no index entries).

This pattern was repeated also in 998330ac2e7 (read-cache: look for
shared index files next to the index, too, 2021-08-26), which we fix
here by _not_ mistaking an empty base index for a missing
`sharedindex.*` file.

Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>do_read_index(): always mark index as initialized unless erroring out</title>
<updated>2023-06-29T19:20:04Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2023-06-29T13:23:08Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=866b43e6442f16d0073ae9ce8d79b6cb1161b1a9'/>
<id>urn:sha1:866b43e6442f16d0073ae9ce8d79b6cb1161b1a9</id>
<content type='text'>
In 913e0e99b6a (unpack_trees(): protect the handcrafted in-core index
from read_cache(), 2008-08-23) a flag was introduced into the
`index_state` structure to indicate whether it had been initialized (or
more correctly: read and parsed).

There was one code path that was not handled, though: when the index
file does not yet exist (but the `must_exist` parameter is set to 0 to
indicate that that's okay). In this instance, Git wants to go forward
with a new, pristine Git index, almost as if the file had existed and
contained no index entries or extensions.

Since Git wants to handle this situation the same as if an "empty" Git
index file existed, let's set the `initialized` flag also in that case.

This is necessary to prepare for fixing the bug where the condition
`cache_nr == 0` is incorrectly used as an indicator that the index was
already read, and the condition `initialized != 0` needs to be used
instead.

Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
