diff options
author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-03-03 15:14:48 +0900 |
---|---|---|
committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-03-03 15:14:48 +0900 |
commit | d7c5b0cd38a97a874f055ac72d163eb51a67c296 (patch) | |
tree | 4ba58c32960dcecc1fedede9c9362f5c10158f08 | |
parent | 3815afa233c3938e6f4b67d2f5551297f0c45509 (diff) | |
download | git-d7c5b0cd38a97a874f055ac72d163eb51a67c296.tar.gz git-d7c5b0cd38a97a874f055ac72d163eb51a67c296.tar.bz2 git-d7c5b0cd38a97a874f055ac72d163eb51a67c296.zip |
Imported Upstream version 2.2.1upstream/2.2.1
-rw-r--r-- | Documentation/RelNotes/1.8.5.6.txt | 34 | ||||
-rw-r--r-- | Documentation/RelNotes/1.9.5.txt | 34 | ||||
-rw-r--r-- | Documentation/RelNotes/2.0.5.txt | 34 | ||||
-rw-r--r-- | Documentation/RelNotes/2.1.4.txt | 34 | ||||
-rw-r--r-- | Documentation/RelNotes/2.2.1.txt | 34 | ||||
-rw-r--r-- | Documentation/config.txt | 11 | ||||
-rw-r--r-- | Documentation/git.txt | 15 | ||||
-rwxr-xr-x | GIT-VERSION-GEN | 2 | ||||
l--------- | RelNotes | 2 | ||||
-rw-r--r-- | cache.h | 3 | ||||
-rw-r--r-- | config.c | 10 | ||||
-rw-r--r-- | config.mak.uname | 3 | ||||
-rw-r--r-- | environment.c | 10 | ||||
-rw-r--r-- | fsck.c | 5 | ||||
-rw-r--r-- | path.c | 33 | ||||
-rw-r--r-- | po/de.po | 18 | ||||
-rw-r--r-- | read-cache.c | 10 | ||||
-rwxr-xr-x | t/t1014-read-tree-confusing.sh | 62 | ||||
-rwxr-xr-x | t/t1450-fsck.sh | 65 | ||||
-rw-r--r-- | t/test-lib.sh | 6 | ||||
-rw-r--r-- | unpack-trees.c | 10 | ||||
-rw-r--r-- | utf8.c | 64 | ||||
-rw-r--r-- | utf8.h | 8 |
23 files changed, 453 insertions, 54 deletions
diff --git a/Documentation/RelNotes/1.8.5.6.txt b/Documentation/RelNotes/1.8.5.6.txt new file mode 100644 index 00000000..92ff92b1 --- /dev/null +++ b/Documentation/RelNotes/1.8.5.6.txt @@ -0,0 +1,34 @@ +Git v1.8.5.6 Release Notes +========================== + +Fixes since v1.8.5.5 +-------------------- + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff --git a/Documentation/RelNotes/1.9.5.txt b/Documentation/RelNotes/1.9.5.txt new file mode 100644 index 00000000..8d6ac0cf --- /dev/null +++ b/Documentation/RelNotes/1.9.5.txt @@ -0,0 +1,34 @@ +Git v1.9.5 Release Notes +======================== + +Fixes since v1.9.4 +------------------ + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff --git a/Documentation/RelNotes/2.0.5.txt b/Documentation/RelNotes/2.0.5.txt new file mode 100644 index 00000000..3a16f697 --- /dev/null +++ b/Documentation/RelNotes/2.0.5.txt @@ -0,0 +1,34 @@ +Git v2.0.5 Release Notes +======================== + +Fixes since v2.0.4 +------------------ + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff --git a/Documentation/RelNotes/2.1.4.txt b/Documentation/RelNotes/2.1.4.txt new file mode 100644 index 00000000..d16e5f04 --- /dev/null +++ b/Documentation/RelNotes/2.1.4.txt @@ -0,0 +1,34 @@ +Git v2.1.4 Release Notes +======================== + +Fixes since v2.1.3 +------------------ + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff --git a/Documentation/RelNotes/2.2.1.txt b/Documentation/RelNotes/2.2.1.txt new file mode 100644 index 00000000..d5a3cd9e --- /dev/null +++ b/Documentation/RelNotes/2.2.1.txt @@ -0,0 +1,34 @@ +Git v2.2.1 Release Notes +======================== + +Fixes since v2.2 +---------------- + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff --git a/Documentation/config.txt b/Documentation/config.txt index 92207259..302d61e7 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -246,6 +246,17 @@ core.precomposeunicode:: When false, file names are handled fully transparent by Git, which is backward compatible with older versions of Git. +core.protectHFS:: + If set to true, do not allow checkout of paths that would + be considered equivalent to `.git` on an HFS+ filesystem. + Defaults to `true` on Mac OS, and `false` elsewhere. + +core.protectNTFS:: + If set to true, do not allow checkout of paths that would + cause problems with the NTFS filesystem, e.g. conflict with + 8.3 "short" names. + Defaults to `true` on Windows, and `false` elsewhere. + core.trustctime:: If false, the ctime differences between the index and the working tree are ignored; useful when the inode change time diff --git a/Documentation/git.txt b/Documentation/git.txt index afb48d39..db4e407b 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,40 +43,45 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.2.0/git.html[documentation for release 2.2] +* link:v2.2.1/git.html[documentation for release 2.2.1] * release notes for + link:RelNotes/2.2.1.txt[2.2.1], link:RelNotes/2.2.0.txt[2.2]. -* link:v2.1.3/git.html[documentation for release 2.1.3] +* link:v2.1.4/git.html[documentation for release 2.1.4] * release notes for + link:RelNotes/2.1.4.txt[2.1.4], link:RelNotes/2.1.3.txt[2.1.3], link:RelNotes/2.1.2.txt[2.1.2], link:RelNotes/2.1.1.txt[2.1.1], link:RelNotes/2.1.0.txt[2.1]. -* link:v2.0.4/git.html[documentation for release 2.0.4] +* link:v2.0.5/git.html[documentation for release 2.0.5] * release notes for + link:RelNotes/2.0.5.txt[2.0.5], link:RelNotes/2.0.4.txt[2.0.4], link:RelNotes/2.0.3.txt[2.0.3], link:RelNotes/2.0.2.txt[2.0.2], link:RelNotes/2.0.1.txt[2.0.1], link:RelNotes/2.0.0.txt[2.0.0]. -* link:v1.9.4/git.html[documentation for release 1.9.4] +* link:v1.9.5/git.html[documentation for release 1.9.5] * release notes for + link:RelNotes/1.9.5.txt[1.9.5], link:RelNotes/1.9.4.txt[1.9.4], link:RelNotes/1.9.3.txt[1.9.3], link:RelNotes/1.9.2.txt[1.9.2], link:RelNotes/1.9.1.txt[1.9.1], link:RelNotes/1.9.0.txt[1.9.0]. -* link:v1.8.5.5/git.html[documentation for release 1.8.5.5] +* link:v1.8.5.6/git.html[documentation for release 1.8.5.6] * release notes for + link:RelNotes/1.8.5.6.txt[1.8.5.6], link:RelNotes/1.8.5.5.txt[1.8.5.5], link:RelNotes/1.8.5.4.txt[1.8.5.4], link:RelNotes/1.8.5.3.txt[1.8.5.3], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index aa9dab2d..495ddb7d 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.2.0 +DEF_VER=v2.2.1 LF=' ' @@ -1 +1 @@ -Documentation/RelNotes/2.2.0.txt
\ No newline at end of file +Documentation/RelNotes/2.2.1.txt
\ No newline at end of file @@ -617,6 +617,8 @@ extern int fsync_object_files; extern int core_preload_index; extern int core_apply_sparse_checkout; extern int precomposed_unicode; +extern int protect_hfs; +extern int protect_ntfs; /* * The character that begins a commented line in user-editable file @@ -831,6 +833,7 @@ int normalize_path_copy(char *dst, const char *src); int longest_ancestor_length(const char *path, struct string_list *prefixes); char *strip_path_suffix(const char *path, const char *suffix); int daemon_avoid_alias(const char *path); +extern int is_ntfs_dotgit(const char *name); /* object replacement */ #define LOOKUP_REPLACE_OBJECT 1 @@ -896,6 +896,16 @@ static int git_default_core_config(const char *var, const char *value) return 0; } + if (!strcmp(var, "core.protecthfs")) { + protect_hfs = git_config_bool(var, value); + return 0; + } + + if (!strcmp(var, "core.protectntfs")) { + protect_ntfs = git_config_bool(var, value); + return 0; + } + /* Add other config variables here and to Documentation/config.txt. */ return 0; } diff --git a/config.mak.uname b/config.mak.uname index a2f380fd..f3c93f27 100644 --- a/config.mak.uname +++ b/config.mak.uname @@ -105,6 +105,7 @@ ifeq ($(uname_S),Darwin) HAVE_DEV_TTY = YesPlease COMPAT_OBJS += compat/precompose_utf8.o BASIC_CFLAGS += -DPRECOMPOSE_UNICODE + BASIC_CFLAGS += -DPROTECT_HFS_DEFAULT=1 endif ifeq ($(uname_S),SunOS) NEEDS_SOCKET = YesPlease @@ -373,6 +374,7 @@ ifeq ($(uname_S),Windows) EXTLIBS = user32.lib advapi32.lib shell32.lib wininet.lib ws2_32.lib invalidcontinue.obj PTHREAD_LIBS = lib = + BASIC_CFLAGS += -DPROTECT_NTFS_DEFAULT=1 ifndef DEBUG BASIC_CFLAGS += -GL -Os -MD BASIC_LDFLAGS += -LTCG @@ -514,6 +516,7 @@ ifneq (,$(findstring MINGW,$(uname_S))) COMPAT_OBJS += compat/mingw.o compat/winansi.o \ compat/win32/pthread.o compat/win32/syslog.o \ compat/win32/dirent.o + BASIC_CFLAGS += -DPROTECT_NTFS_DEFAULT=1 BASIC_LDFLAGS += -Wl,--large-address-aware EXTLIBS += -lws2_32 GITLIBS += git.res diff --git a/environment.c b/environment.c index 565f6529..1ade5c96 100644 --- a/environment.c +++ b/environment.c @@ -64,6 +64,16 @@ int precomposed_unicode = -1; /* see probe_utf8_pathname_composition() */ struct startup_info *startup_info; unsigned long pack_size_limit_cfg; +#ifndef PROTECT_HFS_DEFAULT +#define PROTECT_HFS_DEFAULT 0 +#endif +int protect_hfs = PROTECT_HFS_DEFAULT; + +#ifndef PROTECT_NTFS_DEFAULT +#define PROTECT_NTFS_DEFAULT 0 +#endif +int protect_ntfs = PROTECT_NTFS_DEFAULT; + /* * The character that begins a commented line in user-editable file * that is subject to stripspace. @@ -7,6 +7,7 @@ #include "tag.h" #include "fsck.h" #include "refs.h" +#include "utf8.h" static int fsck_walk_tree(struct tree *tree, fsck_walk_func walk, void *data) { @@ -171,7 +172,9 @@ static int fsck_tree(struct tree *item, int strict, fsck_error error_func) has_empty_name |= !*name; has_dot |= !strcmp(name, "."); has_dotdot |= !strcmp(name, ".."); - has_dotgit |= !strcmp(name, ".git"); + has_dotgit |= (!strcmp(name, ".git") || + is_hfs_dotgit(name) || + is_ntfs_dotgit(name)); has_zero_pad |= *(char *)desc.buffer == '0'; update_tree_entry(&desc); @@ -823,3 +823,36 @@ int daemon_avoid_alias(const char *p) } } } + +static int only_spaces_and_periods(const char *path, size_t len, size_t skip) +{ + if (len < skip) + return 0; + len -= skip; + path += skip; + while (len-- > 0) { + char c = *(path++); + if (c != ' ' && c != '.') + return 0; + } + return 1; +} + +int is_ntfs_dotgit(const char *name) +{ + int len; + + for (len = 0; ; len++) + if (!name[len] || name[len] == '\\' || is_dir_sep(name[len])) { + if (only_spaces_and_periods(name, len, 4) && + !strncasecmp(name, ".git", 4)) + return 1; + if (only_spaces_and_periods(name, len, 5) && + !strncasecmp(name, "git~1", 5)) + return 1; + if (name[len] != '\\') + return 0; + name += len + 1; + len = -1; + } +} @@ -644,11 +644,11 @@ msgstr "%s: %s - %s" #: lockfile.c:275 msgid "BUG: reopen a lockfile that is still open" -msgstr "FEHLER: Wiedereröffnen einer bereits geöffneten Lock-Datei" +msgstr "FEHLER: Wiederöffnen einer bereits geöffneten Lock-Datei" #: lockfile.c:277 msgid "BUG: reopen a lockfile that has been committed" -msgstr "FEHLER: Wiedereröffnen einer bereits committeten Lock-Datei" +msgstr "FEHLER: Wiederöffnen einer bereits committeten Lock-Datei" #: merge.c:41 msgid "failed to read the cache" @@ -1956,7 +1956,7 @@ msgstr "Unbeobachtete Dateien nicht aufgelistet%s" #: wt-status.c:1370 msgid " (use -u option to show untracked files)" -msgstr " (benutzen Sie die Option -u, um unbeobachteten Dateien anzuzeigen)" +msgstr " (benutzen Sie die Option -u, um unbeobachtete Dateien anzuzeigen)" #: wt-status.c:1376 msgid "No changes" @@ -2810,7 +2810,7 @@ msgstr "Commits von <Datei> benutzen, anstatt \"git-rev-list\" aufzurufen" #: builtin/blame.c:2518 msgid "Use <file>'s contents as the final image" -msgstr "Inhalte der <Datei>en als entgültiges Abbild benutzen" +msgstr "Inhalte der <Datei>en als endgültiges Abbild benutzen" #: builtin/blame.c:2519 builtin/blame.c:2520 msgid "score" @@ -3078,7 +3078,7 @@ msgstr "Informationen zum Upstream-Branch ändern" #: builtin/branch.c:823 msgid "use colored output" -msgstr "farbliche Ausgaben verwenden" +msgstr "farbige Ausgaben verwenden" #: builtin/branch.c:824 msgid "act on remote-tracking branches" @@ -5585,7 +5585,7 @@ msgstr "Platzhalter als Python-String formatieren" #: builtin/for-each-ref.c:1078 msgid "quote placeholders suitably for tcl" -msgstr "Platzhalter als TCL-String formatieren" +msgstr "Platzhalter als Tcl-String formatieren" #: builtin/for-each-ref.c:1081 msgid "show only <n> matched refs" @@ -6892,7 +6892,7 @@ msgstr "" #: builtin/ls-files.c:462 msgid "show cached files in the output (default)" -msgstr "zwischengespeicherten Dateien in der Ausgabe anzeigen (Standard)" +msgstr "zwischengespeicherte Dateien in der Ausgabe anzeigen (Standard)" #: builtin/ls-files.c:464 msgid "show deleted files in the output" @@ -8119,7 +8119,7 @@ msgstr "Komprimierungsgrad für Paketierung" #: builtin/pack-objects.c:2685 msgid "do not hide commits by grafts" -msgstr "keine künstlichen Vorgänger-Commit (\"grafts\") verbergen" +msgstr "keine künstlichen Vorgänger-Commits (\"grafts\") verbergen" #: builtin/pack-objects.c:2687 msgid "use a bitmap index if available to speed up counting objects" @@ -9695,7 +9695,7 @@ msgstr "Remote-Tracking-Branches anzeigen" #: builtin/show-branch.c:653 msgid "color '*!+-' corresponding to the branch" -msgstr "'*!+-' entsprechend des Branches einfärgen" +msgstr "'*!+-' entsprechend des Branches einfärben" #: builtin/show-branch.c:655 msgid "show <n> more commits after the common ancestor" diff --git a/read-cache.c b/read-cache.c index 8f3e9eb3..9cff715d 100644 --- a/read-cache.c +++ b/read-cache.c @@ -17,6 +17,7 @@ #include "varint.h" #include "split-index.h" #include "sigchain.h" +#include "utf8.h" static struct cache_entry *refresh_cache_entry(struct cache_entry *ce, unsigned int options); @@ -776,9 +777,10 @@ static int verify_dotfile(const char *rest) * shares the path end test with the ".." case. */ case 'g': - if (rest[1] != 'i') + case 'G': + if (rest[1] != 'i' && rest[1] != 'I') break; - if (rest[2] != 't') + if (rest[2] != 't' && rest[2] != 'T') break; rest += 2; /* fallthrough */ @@ -802,6 +804,10 @@ int verify_path(const char *path) return 1; if (is_dir_sep(c)) { inside: + if (protect_hfs && is_hfs_dotgit(path)) + return 0; + if (protect_ntfs && is_ntfs_dotgit(path)) + return 0; c = *path++; if ((c == '.' && !verify_dotfile(path)) || is_dir_sep(c) || c == '\0') diff --git a/t/t1014-read-tree-confusing.sh b/t/t1014-read-tree-confusing.sh new file mode 100755 index 00000000..2f5a25d5 --- /dev/null +++ b/t/t1014-read-tree-confusing.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +test_description='check that read-tree rejects confusing paths' +. ./test-lib.sh + +test_expect_success 'create base tree' ' + echo content >file && + git add file && + git commit -m base && + blob=$(git rev-parse HEAD:file) && + tree=$(git rev-parse HEAD^{tree}) +' + +test_expect_success 'enable core.protectHFS for rejection tests' ' + git config core.protectHFS true +' + +test_expect_success 'enable core.protectNTFS for rejection tests' ' + git config core.protectNTFS true +' + +while read path pretty; do + : ${pretty:=$path} + case "$path" in + *SPACE) + path="${path%SPACE} " + ;; + esac + test_expect_success "reject $pretty at end of path" ' + printf "100644 blob %s\t%s" "$blob" "$path" >tree && + bogus=$(git mktree <tree) && + test_must_fail git read-tree $bogus + ' + + test_expect_success "reject $pretty as subtree" ' + printf "040000 tree %s\t%s" "$tree" "$path" >tree && + bogus=$(git mktree <tree) && + test_must_fail git read-tree $bogus + ' +done <<-EOF +. +.. +.git +.GIT +${u200c}.Git {u200c}.Git +.gI${u200c}T .gI{u200c}T +.GiT${u200c} .GiT{u200c} +git~1 +.git.SPACE .git.{space} +.\\\\.GIT\\\\foobar backslashes +.git\\\\foobar backslashes2 +EOF + +test_expect_success 'utf-8 paths allowed with core.protectHFS off' ' + test_when_finished "git read-tree HEAD" && + test_config core.protectHFS false && + printf "100644 blob %s\t%s" "$blob" ".gi${u200c}t" >tree && + ok=$(git mktree <tree) && + git read-tree $ok +' + +test_done diff --git a/t/t1450-fsck.sh b/t/t1450-fsck.sh index 019fddd4..d00b70f9 100755 --- a/t/t1450-fsck.sh +++ b/t/t1450-fsck.sh @@ -309,36 +309,41 @@ test_expect_success 'fsck notices submodule entry pointing to null sha1' ' ) ' -test_expect_success 'fsck notices "." and ".." in trees' ' - ( - git init dots && - cd dots && - blob=$(echo foo | git hash-object -w --stdin) && - tab=$(printf "\\t") && - git mktree <<-EOF && - 100644 blob $blob$tab. - 100644 blob $blob$tab.. - EOF - git fsck 2>out && - cat out && - grep "warning.*\\." out - ) -' - -test_expect_success 'fsck notices ".git" in trees' ' - ( - git init dotgit && - cd dotgit && - blob=$(echo foo | git hash-object -w --stdin) && - tab=$(printf "\\t") && - git mktree <<-EOF && - 100644 blob $blob$tab.git - EOF - git fsck 2>out && - cat out && - grep "warning.*\\.git" out - ) -' +while read name path pretty; do + while read mode type; do + : ${pretty:=$path} + test_expect_success "fsck notices $pretty as $type" ' + ( + git init $name-$type && + cd $name-$type && + echo content >file && + git add file && + git commit -m base && + blob=$(git rev-parse :file) && + tree=$(git rev-parse HEAD^{tree}) && + value=$(eval "echo \$$type") && + printf "$mode $type %s\t%s" "$value" "$path" >bad && + bad_tree=$(git mktree <bad) && + git fsck 2>out && + cat out && + grep "warning.*tree $bad_tree" out + )' + done <<-\EOF + 100644 blob + 040000 tree + EOF +done <<-EOF +dot . +dotdot .. +dotgit .git +dotgit-case .GIT +dotgit-unicode .gI${u200c}T .gI{u200c}T +dotgit-case2 .Git +git-tilde1 git~1 +dotgitdot .git. +dot-backslash-case .\\\\.GIT\\\\foobar +dotgit-case-backslash .git\\\\foobar +EOF # create a static test repo which is broken by omitting # one particular object ($1, which is looked up via rev-parse diff --git a/t/test-lib.sh b/t/test-lib.sh index cf19339c..79e8a33d 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -169,7 +169,11 @@ _z40=0000000000000000000000000000000000000000 LF=' ' -export _x05 _x40 _z40 LF +# UTF-8 ZERO WIDTH NON-JOINER, which HFS+ ignores +# when case-folding filenames +u200c=$(printf '\342\200\214') + +export _x05 _x40 _z40 LF u200c # Each test should start with something like this, after copyright notices: # diff --git a/unpack-trees.c b/unpack-trees.c index 629c658c..256df47b 100644 --- a/unpack-trees.c +++ b/unpack-trees.c @@ -98,7 +98,7 @@ void setup_unpack_trees_porcelain(struct unpack_trees_options *opts, opts->unpack_rejects[i].strdup_strings = 1; } -static void do_add_entry(struct unpack_trees_options *o, struct cache_entry *ce, +static int do_add_entry(struct unpack_trees_options *o, struct cache_entry *ce, unsigned int set, unsigned int clear) { clear |= CE_HASHED; @@ -107,8 +107,8 @@ static void do_add_entry(struct unpack_trees_options *o, struct cache_entry *ce, set |= CE_WT_REMOVE; ce->ce_flags = (ce->ce_flags & ~clear) | set; - add_index_entry(&o->result, ce, - ADD_CACHE_OK_TO_ADD | ADD_CACHE_OK_TO_REPLACE); + return add_index_entry(&o->result, ce, + ADD_CACHE_OK_TO_ADD | ADD_CACHE_OK_TO_REPLACE); } static struct cache_entry *dup_entry(const struct cache_entry *ce) @@ -609,7 +609,9 @@ static int unpack_nondirectories(int n, unsigned long mask, for (i = 0; i < n; i++) if (src[i] && src[i] != o->df_conflict_entry) - do_add_entry(o, src[i], 0, 0); + if (do_add_entry(o, src[i], 0, 0)) + return -1; + return 0; } @@ -561,3 +561,67 @@ int mbs_chrlen(const char **text, size_t *remainder_p, const char *encoding) return chrlen; } + +/* + * Pick the next char from the stream, folding as an HFS+ filename comparison + * would. Note that this is _not_ complete by any means. It's just enough + * to make is_hfs_dotgit() work, and should not be used otherwise. + */ +static ucs_char_t next_hfs_char(const char **in) +{ + while (1) { + ucs_char_t out = pick_one_utf8_char(in, NULL); + /* + * check for malformed utf8. Technically this + * gets converted to a percent-sequence, but + * returning 0 is good enough for is_hfs_dotgit + * to realize it cannot be .git + */ + if (!*in) + return 0; + + /* these code points are ignored completely */ + switch (out) { + case 0x200c: /* ZERO WIDTH NON-JOINER */ + case 0x200d: /* ZERO WIDTH JOINER */ + case 0x200e: /* LEFT-TO-RIGHT MARK */ + case 0x200f: /* RIGHT-TO-LEFT MARK */ + case 0x202a: /* LEFT-TO-RIGHT EMBEDDING */ + case 0x202b: /* RIGHT-TO-LEFT EMBEDDING */ + case 0x202c: /* POP DIRECTIONAL FORMATTING */ + case 0x202d: /* LEFT-TO-RIGHT OVERRIDE */ + case 0x202e: /* RIGHT-TO-LEFT OVERRIDE */ + case 0x206a: /* INHIBIT SYMMETRIC SWAPPING */ + case 0x206b: /* ACTIVATE SYMMETRIC SWAPPING */ + case 0x206c: /* INHIBIT ARABIC FORM SHAPING */ + case 0x206d: /* ACTIVATE ARABIC FORM SHAPING */ + case 0x206e: /* NATIONAL DIGIT SHAPES */ + case 0x206f: /* NOMINAL DIGIT SHAPES */ + case 0xfeff: /* ZERO WIDTH NO-BREAK SPACE */ + continue; + } + + /* + * there's a great deal of other case-folding that occurs, + * but this is enough to catch anything that will convert + * to ".git" + */ + return tolower(out); + } +} + +int is_hfs_dotgit(const char *path) +{ + ucs_char_t c; + + if (next_hfs_char(&path) != '.' || + next_hfs_char(&path) != 'g' || + next_hfs_char(&path) != 'i' || + next_hfs_char(&path) != 't') + return 0; + c = next_hfs_char(&path); + if (c && !is_dir_sep(c)) + return 0; + + return 1; +} @@ -42,4 +42,12 @@ static inline char *reencode_string(const char *in, int mbs_chrlen(const char **text, size_t *remainder_p, const char *encoding); +/* + * Returns true if the the path would match ".git" after HFS case-folding. + * The path should be NUL-terminated, but we will match variants of both ".git\0" + * and ".git/..." (but _not_ ".../.git"). This makes it suitable for both fsck + * and verify_path(). + */ +int is_hfs_dotgit(const char *path); + #endif |