diff options
| author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-03-03 15:14:59 +0900 |
|---|---|---|
| committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-03-03 15:14:59 +0900 |
| commit | 4f2ce038374e43e25df7a0cc79dd205cf9541814 (patch) | |
| tree | a7ace95a298dcea304455fc03a1bd05316658c37 | |
| parent | 82784a5370b0993948b35ce3a699f8bb95422af2 (diff) | |
| download | git-4f2ce038374e43e25df7a0cc79dd205cf9541814.tar.gz git-4f2ce038374e43e25df7a0cc79dd205cf9541814.tar.bz2 git-4f2ce038374e43e25df7a0cc79dd205cf9541814.zip | |
Imported Upstream version 2.3.7upstream/2.3.7
| -rw-r--r-- | Documentation/RelNotes/2.3.7.txt | 21 | ||||
| -rw-r--r-- | Documentation/git.txt | 3 | ||||
| -rwxr-xr-x | GIT-VERSION-GEN | 2 | ||||
| l--------- | RelNotes | 2 | ||||
| -rw-r--r-- | connect.c | 2 | ||||
| -rw-r--r-- | contrib/completion/git-completion.bash | 2 | ||||
| -rw-r--r-- | send-pack.c | 23 | ||||
| -rwxr-xr-x | t/t5500-fetch-pack.sh | 17 | ||||
| -rwxr-xr-x | t/t5601-clone.sh | 21 |
9 files changed, 73 insertions, 20 deletions
diff --git a/Documentation/RelNotes/2.3.7.txt b/Documentation/RelNotes/2.3.7.txt new file mode 100644 index 00000000..fc95812c --- /dev/null +++ b/Documentation/RelNotes/2.3.7.txt @@ -0,0 +1,21 @@ +Git v2.3.7 Release Notes +======================== + +Fixes since v2.3.6 +------------------ + + * An earlier update to the parser that disects a URL broke an + address, followed by a colon, followed by an empty string (instead + of the port number), e.g. ssh://example.com:/path/to/repo. + + * The completion script (in contrib/) contaminated global namespace + and clobbered on a shell variable $x. + + * The "git push --signed" protocol extension did not limit what the + "nonce" that is a server-chosen string can contain or how long it + can be, which was unnecessarily lax. Limit both the length and the + alphabet to a reasonably small space that can still have enough + entropy. + +Also contains typofixes, documentation updates and trivial code +clean-ups. diff --git a/Documentation/git.txt b/Documentation/git.txt index 085bc34e..8704ffd2 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,10 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.3.6/git.html[documentation for release 2.3.6] +* link:v2.3.7/git.html[documentation for release 2.3.7] * release notes for + link:RelNotes/2.3.7.txt[2.3.7], link:RelNotes/2.3.6.txt[2.3.6], link:RelNotes/2.3.5.txt[2.3.5], link:RelNotes/2.3.4.txt[2.3.4], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 3baaa9dc..0c1ee67b 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.3.6 +DEF_VER=v2.3.7 LF=' ' @@ -1 +1 @@ -Documentation/RelNotes/2.3.6.txt
\ No newline at end of file +Documentation/RelNotes/2.3.7.txt
\ No newline at end of file @@ -310,6 +310,8 @@ static void get_host_and_port(char **host, const char **port) if (end != colon + 1 && *end == '\0' && 0 <= portnr && portnr < 65536) { *colon = 0; *port = colon + 1; + } else if (!colon[1]) { + *colon = 0; } } } diff --git a/contrib/completion/git-completion.bash b/contrib/completion/git-completion.bash index 661a8294..16205467 100644 --- a/contrib/completion/git-completion.bash +++ b/contrib/completion/git-completion.bash @@ -186,7 +186,7 @@ fi __gitcompappend () { - local i=${#COMPREPLY[@]} + local x i=${#COMPREPLY[@]} for x in $1; do if [[ "$x" == "$3"* ]]; then COMPREPLY[i++]="$2$x$4" diff --git a/send-pack.c b/send-pack.c index 25947d7d..677bac31 100644 --- a/send-pack.c +++ b/send-pack.c @@ -281,6 +281,28 @@ free_return: return update_seen; } +#define NONCE_LEN_LIMIT 256 + +static void reject_invalid_nonce(const char *nonce, int len) +{ + int i = 0; + + if (NONCE_LEN_LIMIT <= len) + die("the receiving end asked to sign an invalid nonce <%.*s>", + len, nonce); + + for (i = 0; i < len; i++) { + int ch = nonce[i] & 0xFF; + if (isalnum(ch) || + ch == '-' || ch == '.' || + ch == '/' || ch == '+' || + ch == '=' || ch == '_') + continue; + die("the receiving end asked to sign an invalid nonce <%.*s>", + len, nonce); + } +} + int send_pack(struct send_pack_args *args, int fd[], struct child_process *conn, struct ref *remote_refs, @@ -323,6 +345,7 @@ int send_pack(struct send_pack_args *args, push_cert_nonce = server_feature_value("push-cert", &len); if (!push_cert_nonce) die(_("the receiving end does not support --signed push")); + reject_invalid_nonce(push_cert_nonce, len); push_cert_nonce = xmemdupz(push_cert_nonce, len); } diff --git a/t/t5500-fetch-pack.sh b/t/t5500-fetch-pack.sh index bd37f040..ed404073 100755 --- a/t/t5500-fetch-pack.sh +++ b/t/t5500-fetch-pack.sh @@ -576,13 +576,16 @@ do do for h in host user@host user@[::1] user@::1 do - test_expect_success "fetch-pack --diag-url $p://$h/$r" ' - check_prot_host_port_path $p://$h/$r $p "$h" NONE "/$r" - ' - # "/~" -> "~" conversion - test_expect_success "fetch-pack --diag-url $p://$h/~$r" ' - check_prot_host_port_path $p://$h/~$r $p "$h" NONE "~$r" - ' + for c in "" : + do + test_expect_success "fetch-pack --diag-url $p://$h$c/$r" ' + check_prot_host_port_path $p://$h/$r $p "$h" NONE "/$r" + ' + # "/~" -> "~" conversion + test_expect_success "fetch-pack --diag-url $p://$h$c/~$r" ' + check_prot_host_port_path $p://$h/~$r $p "$h" NONE "~$r" + ' + done done for h in host User@host User@[::1] do diff --git a/t/t5601-clone.sh b/t/t5601-clone.sh index 02b40b11..1befc453 100755 --- a/t/t5601-clone.sh +++ b/t/t5601-clone.sh @@ -387,14 +387,17 @@ do done #with ssh:// scheme -test_expect_success 'clone ssh://host.xz/home/user/repo' ' - test_clone_url "ssh://host.xz/home/user/repo" host.xz "/home/user/repo" -' - -# from home directory -test_expect_success 'clone ssh://host.xz/~repo' ' - test_clone_url "ssh://host.xz/~repo" host.xz "~repo" +#ignore trailing colon +for tcol in "" : +do + test_expect_success "clone ssh://host.xz$tcol/home/user/repo" ' + test_clone_url "ssh://host.xz$tcol/home/user/repo" host.xz /home/user/repo + ' + # from home directory + test_expect_success "clone ssh://host.xz$tcol/~repo" ' + test_clone_url "ssh://host.xz$tcol/~repo" host.xz "~repo" ' +done # with port number test_expect_success 'clone ssh://host.xz:22/home/user/repo' ' @@ -407,9 +410,9 @@ test_expect_success 'clone ssh://host.xz:22/~repo' ' ' #IPv6 -for tuah in ::1 [::1] user@::1 user@[::1] [user@::1] +for tuah in ::1 [::1] [::1]: user@::1 user@[::1] user@[::1]: [user@::1] [user@::1]: do - ehost=$(echo $tuah | tr -d "[]") + ehost=$(echo $tuah | sed -e "s/1]:/1]/ "| tr -d "[]") test_expect_success "clone ssh://$tuah/home/user/repo" " test_clone_url ssh://$tuah/home/user/repo $ehost /home/user/repo " |