Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
git
提交
af0178ae
G
git
项目概览
李少辉-开发者
/
git
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
git
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
af0178ae
编写于
7月 30, 2017
作者:
J
Junio C Hamano
浏览文件
操作
浏览文件
下载
差异文件
Merge tag 'v2.8.6' into maint-2.9
Git 2.8.6
上级
d61226c1
8d7f72f1
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
104 addition
and
0 deletion
+104
-0
Documentation/RelNotes/2.7.6.txt
Documentation/RelNotes/2.7.6.txt
+25
-0
Documentation/RelNotes/2.8.6.txt
Documentation/RelNotes/2.8.6.txt
+4
-0
cache.h
cache.h
+8
-0
connect.c
connect.c
+11
-0
path.c
path.c
+5
-0
t/t5532-fetch-proxy.sh
t/t5532-fetch-proxy.sh
+5
-0
t/t5810-proto-disable-local.sh
t/t5810-proto-disable-local.sh
+23
-0
t/t5813-proto-disable-ssh.sh
t/t5813-proto-disable-ssh.sh
+23
-0
未找到文件。
Documentation/RelNotes/2.7.6.txt
0 → 100644
浏览文件 @
af0178ae
Git v2.7.6 Release Notes
========================
Fixes since v2.7.5
------------------
* A "ssh://..." URL can result in a "ssh" command line with a
hostname that begins with a dash "-", which would cause the "ssh"
command to instead (mis)treat it as an option. This is now
prevented by forbidding such a hostname (which will not be
necessary in the real world).
* Similarly, when GIT_PROXY_COMMAND is configured, the command is
run with host and port that are parsed out from "ssh://..." URL;
a poorly written GIT_PROXY_COMMAND could be tricked into treating
a string that begins with a dash "-". This is now prevented by
forbidding such a hostname and port number (again, which will not
be necessary in the real world).
* In the same spirit, a repository name that begins with a dash "-"
is also forbidden now.
Credits go to Brian Neel at GitLab, Joern Schneeweisz of Recurity
Labs and Jeff King at GitHub.
Documentation/RelNotes/2.8.6.txt
0 → 100644
浏览文件 @
af0178ae
Git v2.8.6 Release Notes
========================
This release forward-ports the fix for "ssh://..." URL from Git v2.7.6
cache.h
浏览文件 @
af0178ae
...
...
@@ -1035,6 +1035,14 @@ char *strip_path_suffix(const char *path, const char *suffix);
int
daemon_avoid_alias
(
const
char
*
path
);
extern
int
is_ntfs_dotgit
(
const
char
*
name
);
/*
* Returns true iff "str" could be confused as a command-line option when
* passed to a sub-program like "ssh". Note that this has nothing to do with
* shell-quoting, which should be handled separately; we're assuming here that
* the string makes it verbatim to the sub-program.
*/
int
looks_like_command_line_option
(
const
char
*
str
);
/**
* Return a newly allocated string with the evaluation of
* "$XDG_CONFIG_HOME/git/$filename" if $XDG_CONFIG_HOME is non-empty, otherwise
...
...
connect.c
浏览文件 @
af0178ae
...
...
@@ -557,6 +557,11 @@ static struct child_process *git_proxy_connect(int fd[2], char *host)
get_host_and_port
(
&
host
,
&
port
);
if
(
looks_like_command_line_option
(
host
))
die
(
"strange hostname '%s' blocked"
,
host
);
if
(
looks_like_command_line_option
(
port
))
die
(
"strange port '%s' blocked"
,
port
);
proxy
=
xmalloc
(
sizeof
(
*
proxy
));
child_process_init
(
proxy
);
argv_array_push
(
&
proxy
->
args
,
git_proxy_command
);
...
...
@@ -726,6 +731,9 @@ struct child_process *git_connect(int fd[2], const char *url,
conn
=
xmalloc
(
sizeof
(
*
conn
));
child_process_init
(
conn
);
if
(
looks_like_command_line_option
(
path
))
die
(
"strange pathname '%s' blocked"
,
path
);
strbuf_addstr
(
&
cmd
,
prog
);
strbuf_addch
(
&
cmd
,
' '
);
sq_quote_buf
(
&
cmd
,
path
);
...
...
@@ -758,6 +766,9 @@ struct child_process *git_connect(int fd[2], const char *url,
return
NULL
;
}
if
(
looks_like_command_line_option
(
ssh_host
))
die
(
"strange hostname '%s' blocked"
,
ssh_host
);
ssh
=
getenv
(
"GIT_SSH_COMMAND"
);
if
(
!
ssh
)
{
const
char
*
base
;
...
...
path.c
浏览文件 @
af0178ae
...
...
@@ -1222,6 +1222,11 @@ int is_ntfs_dotgit(const char *name)
}
}
int
looks_like_command_line_option
(
const
char
*
str
)
{
return
str
&&
str
[
0
]
==
'-'
;
}
char
*
xdg_config_home
(
const
char
*
filename
)
{
const
char
*
home
,
*
config_home
;
...
...
t/t5532-fetch-proxy.sh
浏览文件 @
af0178ae
...
...
@@ -43,4 +43,9 @@ test_expect_success 'fetch through proxy works' '
test_cmp expect actual
'
test_expect_success
'funny hostnames are rejected before running proxy'
'
test_must_fail git fetch git://-remote/repo.git 2>stderr &&
! grep "proxying for" stderr
'
test_done
t/t5810-proto-disable-local.sh
浏览文件 @
af0178ae
...
...
@@ -11,4 +11,27 @@ test_expect_success 'setup repository to clone' '
test_proto
"file://"
file
"file://
$PWD
"
test_proto
"path"
file
.
test_expect_success
'setup repo with dash'
'
git init --bare repo.git &&
git push repo.git HEAD &&
mv repo.git "$PWD/-repo.git"
'
# This will fail even without our rejection because upload-pack will
# complain about the bogus option. So let's make sure that GIT_TRACE
# doesn't show us even running upload-pack.
#
# We must also be sure to use "fetch" and not "clone" here, as the latter
# actually canonicalizes our input into an absolute path (which is fine
# to allow).
test_expect_success
'repo names starting with dash are rejected'
'
rm -f trace.out &&
test_must_fail env GIT_TRACE="$PWD/trace.out" git fetch -- -repo.git &&
! grep upload-pack trace.out
'
test_expect_success
'full paths still work'
'
git fetch "$PWD/-repo.git"
'
test_done
t/t5813-proto-disable-ssh.sh
浏览文件 @
af0178ae
...
...
@@ -17,4 +17,27 @@ test_proto "host:path" ssh "remote:repo.git"
test_proto
"ssh://"
ssh
"ssh://remote
$PWD
/remote/repo.git"
test_proto
"git+ssh://"
ssh
"git+ssh://remote
$PWD
/remote/repo.git"
# Don't even bother setting up a "-remote" directory, as ssh would generally
# complain about the bogus option rather than completing our request. Our
# fake wrapper actually _can_ handle this case, but it's more robust to
# simply confirm from its output that it did not run at all.
test_expect_success
'hostnames starting with dash are rejected'
'
test_must_fail git clone ssh://-remote/repo.git dash-host 2>stderr &&
! grep ^ssh: stderr
'
test_expect_success
'setup repo with dash'
'
git init --bare remote/-repo.git &&
git push remote/-repo.git HEAD
'
test_expect_success
'repo names starting with dash are rejected'
'
test_must_fail git clone remote:-repo.git dash-path 2>stderr &&
! grep ^ssh: stderr
'
test_expect_success
'full paths still work'
'
git clone "remote:$PWD/remote/-repo.git" dash-path
'
test_done
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录