Sync with 2.34.5

Signed-off-by: Taylor Blau <me@ttaylorr.com>
This commit is contained in:
Taylor Blau 2022-10-06 17:43:37 -04:00
commit ac8a1db867
63 changed files with 295 additions and 59 deletions

View File

@ -0,0 +1,60 @@
Git v2.30.6 Release Notes
=========================
This release addresses the security issues CVE-2022-39253 and
CVE-2022-39260.
Fixes since v2.30.5
-------------------
* CVE-2022-39253:
When relying on the `--local` clone optimization, Git dereferences
symbolic links in the source repository before creating hardlinks
(or copies) of the dereferenced link in the destination repository.
This can lead to surprising behavior where arbitrary files are
present in a repository's `$GIT_DIR` when cloning from a malicious
repository.
Git will no longer dereference symbolic links via the `--local`
clone mechanism, and will instead refuse to clone repositories that
have symbolic links present in the `$GIT_DIR/objects` directory.
Additionally, the value of `protocol.file.allow` is changed to be
"user" by default.
* CVE-2022-39260:
An overly-long command string given to `git shell` can result in
overflow in `split_cmdline()`, leading to arbitrary heap writes and
remote code execution when `git shell` is exposed and the directory
`$HOME/git-shell-commands` exists.
`git shell` is taught to refuse interactive commands that are
longer than 4MiB in size. `split_cmdline()` is hardened to reject
inputs larger than 2GiB.
Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The
fix was authored by Taylor Blau, with help from Johannes Schindelin.
Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub.
The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau.
Jeff King (2):
shell: add basic tests
shell: limit size of interactive commands
Kevin Backhouse (1):
alias.c: reject too-long cmdline strings in split_cmdline()
Taylor Blau (11):
builtin/clone.c: disallow `--local` clones with symlinks
t/lib-submodule-update.sh: allow local submodules
t/t1NNN: allow local submodules
t/2NNNN: allow local submodules
t/t3NNN: allow local submodules
t/t4NNN: allow local submodules
t/t5NNN: allow local submodules
t/t6NNN: allow local submodules
t/t7NNN: allow local submodules
t/t9NNN: allow local submodules
transport: make `protocol.file.allow` be "user" by default

View File

@ -0,0 +1,5 @@
Git v2.31.5 Release Notes
=========================
This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.

View File

@ -0,0 +1,5 @@
Git v2.32.4 Release Notes
=========================
This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.

View File

@ -0,0 +1,5 @@
Git v2.33.5 Release Notes
=========================
This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.

View File

@ -0,0 +1,5 @@
Git v2.34.5 Release Notes
=========================
This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.

View File

@ -1,10 +1,10 @@
protocol.allow:: protocol.allow::
If set, provide a user defined default policy for all protocols which If set, provide a user defined default policy for all protocols which
don't explicitly have a policy (`protocol.<name>.allow`). By default, don't explicitly have a policy (`protocol.<name>.allow`). By default,
if unset, known-safe protocols (http, https, git, ssh, file) have a if unset, known-safe protocols (http, https, git, ssh) have a
default policy of `always`, known-dangerous protocols (ext) have a default policy of `always`, known-dangerous protocols (ext) have a
default policy of `never`, and all other protocols have a default default policy of `never`, and all other protocols (including file)
policy of `user`. Supported policies: have a default policy of `user`. Supported policies:
+ +
-- --

11
alias.c
View File

@ -46,14 +46,16 @@ void list_aliases(struct string_list *list)
#define SPLIT_CMDLINE_BAD_ENDING 1 #define SPLIT_CMDLINE_BAD_ENDING 1
#define SPLIT_CMDLINE_UNCLOSED_QUOTE 2 #define SPLIT_CMDLINE_UNCLOSED_QUOTE 2
#define SPLIT_CMDLINE_ARGC_OVERFLOW 3
static const char *split_cmdline_errors[] = { static const char *split_cmdline_errors[] = {
N_("cmdline ends with \\"), N_("cmdline ends with \\"),
N_("unclosed quote") N_("unclosed quote"),
N_("too many arguments"),
}; };
int split_cmdline(char *cmdline, const char ***argv) int split_cmdline(char *cmdline, const char ***argv)
{ {
int src, dst, count = 0, size = 16; size_t src, dst, count = 0, size = 16;
char quoted = 0; char quoted = 0;
ALLOC_ARRAY(*argv, size); ALLOC_ARRAY(*argv, size);
@ -96,6 +98,11 @@ int split_cmdline(char *cmdline, const char ***argv)
return -SPLIT_CMDLINE_UNCLOSED_QUOTE; return -SPLIT_CMDLINE_UNCLOSED_QUOTE;
} }
if (count >= INT_MAX) {
FREE_AND_NULL(*argv);
return -SPLIT_CMDLINE_ARGC_OVERFLOW;
}
ALLOC_GROW(*argv, count + 1, size); ALLOC_GROW(*argv, count + 1, size);
(*argv)[count] = NULL; (*argv)[count] = NULL;

View File

@ -310,13 +310,11 @@ static void copy_or_link_directory(struct strbuf *src, struct strbuf *dest,
int src_len, dest_len; int src_len, dest_len;
struct dir_iterator *iter; struct dir_iterator *iter;
int iter_status; int iter_status;
unsigned int flags;
struct strbuf realpath = STRBUF_INIT; struct strbuf realpath = STRBUF_INIT;
mkdir_if_missing(dest->buf, 0777); mkdir_if_missing(dest->buf, 0777);
flags = DIR_ITERATOR_PEDANTIC | DIR_ITERATOR_FOLLOW_SYMLINKS; iter = dir_iterator_begin(src->buf, DIR_ITERATOR_PEDANTIC);
iter = dir_iterator_begin(src->buf, flags);
if (!iter) if (!iter)
die_errno(_("failed to start iterator over '%s'"), src->buf); die_errno(_("failed to start iterator over '%s'"), src->buf);
@ -332,6 +330,10 @@ static void copy_or_link_directory(struct strbuf *src, struct strbuf *dest,
strbuf_setlen(dest, dest_len); strbuf_setlen(dest, dest_len);
strbuf_addstr(dest, iter->relative_path); strbuf_addstr(dest, iter->relative_path);
if (S_ISLNK(iter->st.st_mode))
die(_("symlink '%s' exists, refusing to clone with --local"),
iter->relative_path);
if (S_ISDIR(iter->st.st_mode)) { if (S_ISDIR(iter->st.st_mode)) {
mkdir_if_missing(dest->buf, 0777); mkdir_if_missing(dest->buf, 0777);
continue; continue;

34
shell.c
View File

@ -47,6 +47,8 @@ static void cd_to_homedir(void)
die("could not chdir to user's home directory"); die("could not chdir to user's home directory");
} }
#define MAX_INTERACTIVE_COMMAND (4*1024*1024)
static void run_shell(void) static void run_shell(void)
{ {
int done = 0; int done = 0;
@ -67,22 +69,46 @@ static void run_shell(void)
run_command_v_opt(help_argv, RUN_SILENT_EXEC_FAILURE); run_command_v_opt(help_argv, RUN_SILENT_EXEC_FAILURE);
do { do {
struct strbuf line = STRBUF_INIT;
const char *prog; const char *prog;
char *full_cmd; char *full_cmd;
char *rawargs; char *rawargs;
size_t len;
char *split_args; char *split_args;
const char **argv; const char **argv;
int code; int code;
int count; int count;
fprintf(stderr, "git> "); fprintf(stderr, "git> ");
if (git_read_line_interactively(&line) == EOF) {
/*
* Avoid using a strbuf or git_read_line_interactively() here.
* We don't want to allocate arbitrary amounts of memory on
* behalf of a possibly untrusted client, and we're subject to
* OS limits on command length anyway.
*/
fflush(stdout);
rawargs = xmalloc(MAX_INTERACTIVE_COMMAND);
if (!fgets(rawargs, MAX_INTERACTIVE_COMMAND, stdin)) {
fprintf(stderr, "\n"); fprintf(stderr, "\n");
strbuf_release(&line); free(rawargs);
break; break;
} }
rawargs = strbuf_detach(&line, NULL); len = strlen(rawargs);
/*
* If we truncated due to our input buffer size, reject the
* command. That's better than running bogus input, and
* there's a good chance it's just malicious garbage anyway.
*/
if (len >= MAX_INTERACTIVE_COMMAND - 1)
die("invalid command format: input too long");
if (len > 0 && rawargs[len - 1] == '\n') {
if (--len > 0 && rawargs[len - 1] == '\r')
--len;
rawargs[len] = '\0';
}
split_args = xstrdup(rawargs); split_args = xstrdup(rawargs);
count = split_cmdline(split_args, &argv); count = split_cmdline(split_args, &argv);
if (count < 0) { if (count < 0) {

View File

@ -197,6 +197,7 @@ test_git_directory_exists () {
# the submodule repo if it doesn't exist and configures the most problematic # the submodule repo if it doesn't exist and configures the most problematic
# settings for diff.ignoreSubmodules. # settings for diff.ignoreSubmodules.
prolog () { prolog () {
test_config_global protocol.file.allow always &&
(test -d submodule_update_repo || create_lib_submodule_repo) && (test -d submodule_update_repo || create_lib_submodule_repo) &&
test_config_global diff.ignoreSubmodules all && test_config_global diff.ignoreSubmodules all &&
test_config diff.ignoreSubmodules all test_config diff.ignoreSubmodules all

View File

@ -509,7 +509,8 @@ test_expect_success 'interaction with submodules' '
( (
cd super && cd super &&
mkdir modules && mkdir modules &&
git submodule add ../repo modules/child && git -c protocol.file.allow=always \
submodule add ../repo modules/child &&
git add . && git add . &&
git commit -m "add submodule" && git commit -m "add submodule" &&
git sparse-checkout init --cone && git sparse-checkout init --cone &&

View File

@ -225,7 +225,8 @@ test_expect_success 'showing the superproject correctly' '
test_commit -C super test_commit && test_commit -C super test_commit &&
test_create_repo sub && test_create_repo sub &&
test_commit -C sub test_commit && test_commit -C sub test_commit &&
git -C super submodule add ../sub dir/sub && git -c protocol.file.allow=always \
-C super submodule add ../sub dir/sub &&
echo $(pwd)/super >expect && echo $(pwd)/super >expect &&
git -C super/dir/sub rev-parse --show-superproject-working-tree >out && git -C super/dir/sub rev-parse --show-superproject-working-tree >out &&
test_cmp expect out && test_cmp expect out &&

View File

@ -614,6 +614,7 @@ test_expect_success '"add" should not fail because of another bad worktree' '
' '
test_expect_success '"add" with uninitialized submodule, with submodule.recurse unset' ' test_expect_success '"add" with uninitialized submodule, with submodule.recurse unset' '
test_config_global protocol.file.allow always &&
test_create_repo submodule && test_create_repo submodule &&
test_commit -C submodule first && test_commit -C submodule first &&
test_create_repo project && test_create_repo project &&
@ -629,6 +630,7 @@ test_expect_success '"add" with uninitialized submodule, with submodule.recurse
' '
test_expect_success '"add" with initialized submodule, with submodule.recurse unset' ' test_expect_success '"add" with initialized submodule, with submodule.recurse unset' '
test_config_global protocol.file.allow always &&
git -C project-clone submodule update --init && git -C project-clone submodule update --init &&
git -C project-clone worktree add ../project-4 git -C project-clone worktree add ../project-4
' '

View File

@ -138,7 +138,8 @@ test_expect_success 'move a repo with uninitialized submodule' '
( (
cd withsub && cd withsub &&
test_commit initial && test_commit initial &&
git submodule add "$PWD"/.git sub && git -c protocol.file.allow=always \
submodule add "$PWD"/.git sub &&
git commit -m withsub && git commit -m withsub &&
git worktree add second HEAD && git worktree add second HEAD &&
git worktree move second third git worktree move second third
@ -148,7 +149,7 @@ test_expect_success 'move a repo with uninitialized submodule' '
test_expect_success 'not move a repo with initialized submodule' ' test_expect_success 'not move a repo with initialized submodule' '
( (
cd withsub && cd withsub &&
git -C third submodule update && git -c protocol.file.allow=always -C third submodule update &&
test_must_fail git worktree move third forth test_must_fail git worktree move third forth
) )
' '
@ -227,6 +228,7 @@ test_expect_success 'remove cleans up .git/worktrees when empty' '
' '
test_expect_success 'remove a repo with uninitialized submodule' ' test_expect_success 'remove a repo with uninitialized submodule' '
test_config_global protocol.file.allow always &&
( (
cd withsub && cd withsub &&
git worktree add to-remove HEAD && git worktree add to-remove HEAD &&
@ -235,6 +237,7 @@ test_expect_success 'remove a repo with uninitialized submodule' '
' '
test_expect_success 'not remove a repo with initialized submodule' ' test_expect_success 'not remove a repo with initialized submodule' '
test_config_global protocol.file.allow always &&
( (
cd withsub && cd withsub &&
git worktree add to-remove HEAD && git worktree add to-remove HEAD &&

View File

@ -10,6 +10,7 @@ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
base_path=$(pwd -P) base_path=$(pwd -P)
test_expect_success 'setup: create origin repos' ' test_expect_success 'setup: create origin repos' '
git config --global protocol.file.allow always &&
git init origin/sub && git init origin/sub &&
test_commit -C origin/sub file1 && test_commit -C origin/sub file1 &&
git init origin/main && git init origin/main &&

View File

@ -289,6 +289,7 @@ test_expect_success 'deleting checked-out branch from repo that is a submodule'
git init repo1 && git init repo1 &&
git init repo1/sub && git init repo1/sub &&
test_commit -C repo1/sub x && test_commit -C repo1/sub x &&
test_config_global protocol.file.allow always &&
git -C repo1 submodule add ./sub && git -C repo1 submodule add ./sub &&
git -C repo1 commit -m "adding sub" && git -C repo1 commit -m "adding sub" &&

View File

@ -310,7 +310,7 @@ test_expect_success 'autostash is saved on editor failure with conflict' '
test_expect_success 'autostash with dirty submodules' ' test_expect_success 'autostash with dirty submodules' '
test_when_finished "git reset --hard && git checkout main" && test_when_finished "git reset --hard && git checkout main" &&
git checkout -b with-submodule && git checkout -b with-submodule &&
git submodule add ./ sub && git -c protocol.file.allow=always submodule add ./ sub &&
test_tick && test_tick &&
git commit -m add-submodule && git commit -m add-submodule &&
echo changed >sub/file0 && echo changed >sub/file0 &&

View File

@ -47,7 +47,8 @@ test_expect_success 'rebase interactive ignores modified submodules' '
git init sub && git init sub &&
git -C sub commit --allow-empty -m "Initial commit" && git -C sub commit --allow-empty -m "Initial commit" &&
git init super && git init super &&
git -C super submodule add ../sub && git -c protocol.file.allow=always \
-C super submodule add ../sub &&
git -C super config submodule.sub.ignore dirty && git -C super config submodule.sub.ignore dirty &&
>super/foo && >super/foo &&
git -C super add foo && git -C super add foo &&

View File

@ -16,6 +16,8 @@ fi
test_submodule_switch "cherry-pick" test_submodule_switch "cherry-pick"
test_expect_success 'unrelated submodule/file conflict is ignored' ' test_expect_success 'unrelated submodule/file conflict is ignored' '
test_config_global protocol.file.allow always &&
test_create_repo sub && test_create_repo sub &&
touch sub/file && touch sub/file &&

View File

@ -333,7 +333,7 @@ test_expect_success 'rm removes empty submodules from work tree' '
test_expect_success 'rm removes removed submodule from index and .gitmodules' ' test_expect_success 'rm removes removed submodule from index and .gitmodules' '
git reset --hard && git reset --hard &&
git submodule update && git -c protocol.file.allow=always submodule update &&
rm -rf submod && rm -rf submod &&
git rm submod && git rm submod &&
git status -s -uno --ignore-submodules=none >actual && git status -s -uno --ignore-submodules=none >actual &&
@ -639,6 +639,7 @@ cat >expect.deepmodified <<EOF
EOF EOF
test_expect_success 'setup subsubmodule' ' test_expect_success 'setup subsubmodule' '
test_config_global protocol.file.allow always &&
git reset --hard && git reset --hard &&
git submodule update && git submodule update &&
( (

View File

@ -36,7 +36,7 @@ setup_basic () {
git init main && git init main &&
( (
cd main && cd main &&
git submodule add ../sub && git -c protocol.file.allow=always submodule add ../sub &&
test_commit main_file test_commit main_file
) )
} }

View File

@ -49,7 +49,7 @@ test_expect_success 'setup - submodules' '
' '
test_expect_success 'setup - git submodule add' ' test_expect_success 'setup - git submodule add' '
git submodule add ./sm2 sm1 && git -c protocol.file.allow=always submodule add ./sm2 sm1 &&
commit_file sm1 .gitmodules && commit_file sm1 .gitmodules &&
git diff-tree -p --no-commit-id --submodule=log HEAD -- sm1 >actual && git diff-tree -p --no-commit-id --submodule=log HEAD -- sm1 >actual &&
cat >expected <<-EOF && cat >expected <<-EOF &&

View File

@ -840,7 +840,7 @@ rm sm2
mv sm2-bak sm2 mv sm2-bak sm2
test_expect_success 'setup nested submodule' ' test_expect_success 'setup nested submodule' '
git -C sm2 submodule add ../sm2 nested && git -c protocol.file.allow=always -C sm2 submodule add ../sm2 nested &&
git -C sm2 commit -a -m "nested sub" && git -C sm2 commit -a -m "nested sub" &&
head10=$(git -C sm2 rev-parse --short --verify HEAD) head10=$(git -C sm2 rev-parse --short --verify HEAD)
' '

View File

@ -77,6 +77,7 @@ test_expect_success 'diff skips same-OID blobs' '
test_expect_success 'when fetching missing objects, diff skips GITLINKs' ' test_expect_success 'when fetching missing objects, diff skips GITLINKs' '
test_when_finished "rm -rf sub server client trace" && test_when_finished "rm -rf sub server client trace" &&
test_config_global protocol.file.allow always &&
test_create_repo sub && test_create_repo sub &&
test_commit -C sub first && test_commit -C sub first &&

View File

@ -124,6 +124,7 @@ test_expect_success 'command line pathspec parsing for "git log"' '
test_expect_success 'tree_entry_interesting does not match past submodule boundaries' ' test_expect_success 'tree_entry_interesting does not match past submodule boundaries' '
test_when_finished "rm -rf repo submodule" && test_when_finished "rm -rf repo submodule" &&
test_config_global protocol.file.allow always &&
git init submodule && git init submodule &&
test_commit -C submodule initial && test_commit -C submodule initial &&
git init repo && git init repo &&

View File

@ -779,6 +779,7 @@ test_expect_success 'fetch.writeCommitGraph' '
' '
test_expect_success 'fetch.writeCommitGraph with submodules' ' test_expect_success 'fetch.writeCommitGraph with submodules' '
test_config_global protocol.file.allow always &&
git clone dups super && git clone dups super &&
( (
cd super && cd super &&

View File

@ -38,6 +38,7 @@ add_upstream_commit() {
} }
test_expect_success setup ' test_expect_success setup '
git config --global protocol.file.allow always &&
mkdir deepsubmodule && mkdir deepsubmodule &&
( (
cd deepsubmodule && cd deepsubmodule &&

View File

@ -119,6 +119,7 @@ test_expect_success 'push options and submodules' '
test_commit -C parent one && test_commit -C parent one &&
git -C parent push --mirror up && git -C parent push --mirror up &&
test_config_global protocol.file.allow always &&
git -C parent submodule add ../upstream workbench && git -C parent submodule add ../upstream workbench &&
git -C parent/workbench remote add up ../../upstream && git -C parent/workbench remote add up ../../upstream &&
git -C parent commit -m "add submodule" && git -C parent commit -m "add submodule" &&

View File

@ -52,6 +52,10 @@ then
fi fi
test_submodule_switch_func "git_pull_noff" test_submodule_switch_func "git_pull_noff"
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'pull --recurse-submodule setup' ' test_expect_success 'pull --recurse-submodule setup' '
test_create_repo child && test_create_repo child &&
test_commit -C child bar && test_commit -C child bar &&

View File

@ -742,6 +742,7 @@ test_expect_success 'batch missing blob request does not inadvertently try to fe
echo aa >server/a && echo aa >server/a &&
echo bb >server/b && echo bb >server/b &&
# Also add a gitlink pointing to an arbitrary repository # Also add a gitlink pointing to an arbitrary repository
test_config_global protocol.file.allow always &&
git -C server submodule add "$(pwd)/repo_for_submodule" c && git -C server submodule add "$(pwd)/repo_for_submodule" c &&
git -C server add a b c && git -C server add a b c &&
git -C server commit -m x && git -C server commit -m x &&

View File

@ -303,8 +303,6 @@ test_expect_success SYMLINKS 'setup repo with manually symlinked or unknown file
ln -s ../an-object $obj && ln -s ../an-object $obj &&
cd ../ && cd ../ &&
find . -type f | sort >../../../T.objects-files.raw &&
find . -type l | sort >../../../T.objects-symlinks.raw &&
echo unknown_content >unknown_file echo unknown_content >unknown_file
) && ) &&
git -C T fsck && git -C T fsck &&
@ -313,19 +311,27 @@ test_expect_success SYMLINKS 'setup repo with manually symlinked or unknown file
test_expect_success SYMLINKS 'clone repo with symlinked or unknown files at objects/' ' test_expect_success SYMLINKS 'clone repo with symlinked or unknown files at objects/' '
for option in --local --no-hardlinks --shared --dissociate # None of these options work when cloning locally, since T has
# symlinks in its `$GIT_DIR/objects` directory
for option in --local --no-hardlinks --dissociate
do do
git clone $option T T$option || return 1 && test_must_fail git clone $option T T$option 2>err || return 1 &&
git -C T$option fsck || return 1 && test_i18ngrep "symlink.*exists" err || return 1
git -C T$option rev-list --all --objects >T$option.objects &&
test_cmp T.objects T$option.objects &&
(
cd T$option/.git/objects &&
find . -type f | sort >../../../T$option.objects-files.raw &&
find . -type l | sort >../../../T$option.objects-symlinks.raw
)
done && done &&
# But `--shared` clones should still work, even when specifying
# a local path *and* that repository has symlinks present in its
# `$GIT_DIR/objects` directory.
git clone --shared T T--shared &&
git -C T--shared fsck &&
git -C T--shared rev-list --all --objects >T--shared.objects &&
test_cmp T.objects T--shared.objects &&
(
cd T--shared/.git/objects &&
find . -type f | sort >../../../T--shared.objects-files.raw &&
find . -type l | sort >../../../T--shared.objects-symlinks.raw
) &&
for raw in $(ls T*.raw) for raw in $(ls T*.raw)
do do
sed -e "s!/../!/Y/!; s![0-9a-f]\{38,\}!Z!" -e "/commit-graph/d" \ sed -e "s!/../!/Y/!; s![0-9a-f]\{38,\}!Z!" -e "/commit-graph/d" \
@ -333,26 +339,6 @@ test_expect_success SYMLINKS 'clone repo with symlinked or unknown files at obje
sort $raw.de-sha-1 >$raw.de-sha || return 1 sort $raw.de-sha-1 >$raw.de-sha || return 1
done && done &&
cat >expected-files <<-EOF &&
./Y/Z
./Y/Z
./Y/Z
./a-loose-dir/Z
./an-object
./info/packs
./pack/pack-Z.idx
./pack/pack-Z.pack
./packs/pack-Z.idx
./packs/pack-Z.pack
./unknown_file
EOF
for option in --local --no-hardlinks --dissociate
do
test_cmp expected-files T$option.objects-files.raw.de-sha || return 1 &&
test_must_be_empty T$option.objects-symlinks.raw.de-sha || return 1
done &&
echo ./info/alternates >expected-files && echo ./info/alternates >expected-files &&
test_cmp expected-files T--shared.objects-files.raw && test_cmp expected-files T--shared.objects-files.raw &&
test_must_be_empty T--shared.objects-symlinks.raw test_must_be_empty T--shared.objects-symlinks.raw

View File

@ -24,6 +24,7 @@ test_expect_success 'setup' '
test_expect_success 'nonshallow clone implies nonshallow submodule' ' test_expect_success 'nonshallow clone implies nonshallow submodule' '
test_when_finished "rm -rf super_clone" && test_when_finished "rm -rf super_clone" &&
test_config_global protocol.file.allow always &&
git clone --recurse-submodules "file://$pwd/." super_clone && git clone --recurse-submodules "file://$pwd/." super_clone &&
git -C super_clone log --oneline >lines && git -C super_clone log --oneline >lines &&
test_line_count = 3 lines && test_line_count = 3 lines &&
@ -33,6 +34,7 @@ test_expect_success 'nonshallow clone implies nonshallow submodule' '
test_expect_success 'shallow clone with shallow submodule' ' test_expect_success 'shallow clone with shallow submodule' '
test_when_finished "rm -rf super_clone" && test_when_finished "rm -rf super_clone" &&
test_config_global protocol.file.allow always &&
git clone --recurse-submodules --depth 2 --shallow-submodules "file://$pwd/." super_clone && git clone --recurse-submodules --depth 2 --shallow-submodules "file://$pwd/." super_clone &&
git -C super_clone log --oneline >lines && git -C super_clone log --oneline >lines &&
test_line_count = 2 lines && test_line_count = 2 lines &&
@ -42,6 +44,7 @@ test_expect_success 'shallow clone with shallow submodule' '
test_expect_success 'shallow clone does not imply shallow submodule' ' test_expect_success 'shallow clone does not imply shallow submodule' '
test_when_finished "rm -rf super_clone" && test_when_finished "rm -rf super_clone" &&
test_config_global protocol.file.allow always &&
git clone --recurse-submodules --depth 2 "file://$pwd/." super_clone && git clone --recurse-submodules --depth 2 "file://$pwd/." super_clone &&
git -C super_clone log --oneline >lines && git -C super_clone log --oneline >lines &&
test_line_count = 2 lines && test_line_count = 2 lines &&
@ -51,6 +54,7 @@ test_expect_success 'shallow clone does not imply shallow submodule' '
test_expect_success 'shallow clone with non shallow submodule' ' test_expect_success 'shallow clone with non shallow submodule' '
test_when_finished "rm -rf super_clone" && test_when_finished "rm -rf super_clone" &&
test_config_global protocol.file.allow always &&
git clone --recurse-submodules --depth 2 --no-shallow-submodules "file://$pwd/." super_clone && git clone --recurse-submodules --depth 2 --no-shallow-submodules "file://$pwd/." super_clone &&
git -C super_clone log --oneline >lines && git -C super_clone log --oneline >lines &&
test_line_count = 2 lines && test_line_count = 2 lines &&
@ -60,6 +64,7 @@ test_expect_success 'shallow clone with non shallow submodule' '
test_expect_success 'non shallow clone with shallow submodule' ' test_expect_success 'non shallow clone with shallow submodule' '
test_when_finished "rm -rf super_clone" && test_when_finished "rm -rf super_clone" &&
test_config_global protocol.file.allow always &&
git clone --recurse-submodules --no-local --shallow-submodules "file://$pwd/." super_clone && git clone --recurse-submodules --no-local --shallow-submodules "file://$pwd/." super_clone &&
git -C super_clone log --oneline >lines && git -C super_clone log --oneline >lines &&
test_line_count = 3 lines && test_line_count = 3 lines &&
@ -69,6 +74,7 @@ test_expect_success 'non shallow clone with shallow submodule' '
test_expect_success 'clone follows shallow recommendation' ' test_expect_success 'clone follows shallow recommendation' '
test_when_finished "rm -rf super_clone" && test_when_finished "rm -rf super_clone" &&
test_config_global protocol.file.allow always &&
git config -f .gitmodules submodule.sub.shallow true && git config -f .gitmodules submodule.sub.shallow true &&
git add .gitmodules && git add .gitmodules &&
git commit -m "recommend shallow for sub" && git commit -m "recommend shallow for sub" &&
@ -87,6 +93,7 @@ test_expect_success 'clone follows shallow recommendation' '
test_expect_success 'get unshallow recommended shallow submodule' ' test_expect_success 'get unshallow recommended shallow submodule' '
test_when_finished "rm -rf super_clone" && test_when_finished "rm -rf super_clone" &&
test_config_global protocol.file.allow always &&
git clone --no-local "file://$pwd/." super_clone && git clone --no-local "file://$pwd/." super_clone &&
( (
cd super_clone && cd super_clone &&
@ -103,6 +110,7 @@ test_expect_success 'get unshallow recommended shallow submodule' '
test_expect_success 'clone follows non shallow recommendation' ' test_expect_success 'clone follows non shallow recommendation' '
test_when_finished "rm -rf super_clone" && test_when_finished "rm -rf super_clone" &&
test_config_global protocol.file.allow always &&
git config -f .gitmodules submodule.sub.shallow false && git config -f .gitmodules submodule.sub.shallow false &&
git add .gitmodules && git add .gitmodules &&
git commit -m "recommend non shallow for sub" && git commit -m "recommend non shallow for sub" &&

View File

@ -174,6 +174,8 @@ test_expect_success 'partial clone with transfer.fsckobjects=1 works with submod
test_config -C src_with_sub uploadpack.allowfilter 1 && test_config -C src_with_sub uploadpack.allowfilter 1 &&
test_config -C src_with_sub uploadpack.allowanysha1inwant 1 && test_config -C src_with_sub uploadpack.allowanysha1inwant 1 &&
test_config_global protocol.file.allow always &&
git -C src_with_sub submodule add "file://$(pwd)/submodule" mysub && git -C src_with_sub submodule add "file://$(pwd)/submodule" mysub &&
git -C src_with_sub commit -m "commit with submodule" && git -C src_with_sub commit -m "commit with submodule" &&

View File

@ -10,6 +10,7 @@ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
pwd=$(pwd) pwd=$(pwd)
test_expect_success 'setup' ' test_expect_success 'setup' '
git config --global protocol.file.allow always &&
git checkout -b main && git checkout -b main &&
test_commit commit1 && test_commit commit1 &&
mkdir sub && mkdir sub &&

View File

@ -26,7 +26,7 @@ test_expect_success 'setup' '
: > super-file && : > super-file &&
git add super-file && git add super-file &&
git submodule add "$(pwd)" sub && git -c protocol.file.allow=always submodule add "$(pwd)" sub &&
git symbolic-ref HEAD refs/heads/super && git symbolic-ref HEAD refs/heads/super &&
test_tick && test_tick &&
git commit -m super-initial && git commit -m super-initial &&

View File

@ -9,7 +9,7 @@ test_expect_success 'setup a submodule' '
: >pretzel/a && : >pretzel/a &&
git -C pretzel add a && git -C pretzel add a &&
git -C pretzel commit -m "add a file" -- a && git -C pretzel commit -m "add a file" -- a &&
git submodule add ./pretzel sub && git -c protocol.file.allow=always submodule add ./pretzel sub &&
git commit -a -m "add submodule" && git commit -a -m "add submodule" &&
git submodule deinit --all git submodule deinit --all
' '

View File

@ -305,6 +305,7 @@ test_expect_success SYMLINKS 'check moved symlink' '
rm -f moved symlink rm -f moved symlink
test_expect_success 'setup submodule' ' test_expect_success 'setup submodule' '
test_config_global protocol.file.allow always &&
git commit -m initial && git commit -m initial &&
git reset --hard && git reset --hard &&
git submodule add ./. sub && git submodule add ./. sub &&
@ -490,6 +491,7 @@ test_expect_success 'moving a submodule in nested directories' '
' '
test_expect_success 'moving nested submodules' ' test_expect_success 'moving nested submodules' '
test_config_global protocol.file.allow always &&
git commit -am "cleanup commit" && git commit -am "cleanup commit" &&
mkdir sub_nested_nested && mkdir sub_nested_nested &&
( (

View File

@ -473,6 +473,7 @@ test_expect_success 'create and add submodule, submodule appears clean (A. S...)
git checkout initial-branch && git checkout initial-branch &&
git clone . sub_repo && git clone . sub_repo &&
git clone . super_repo && git clone . super_repo &&
test_config_global protocol.file.allow always &&
( cd super_repo && ( cd super_repo &&
git submodule add ../sub_repo sub1 && git submodule add ../sub_repo sub1 &&

View File

@ -480,6 +480,7 @@ test_expect_success 'should not clean submodules' '
git init && git init &&
test_commit msg hello.world test_commit msg hello.world
) && ) &&
test_config_global protocol.file.allow always &&
git submodule add ./repo/.git sub1 && git submodule add ./repo/.git sub1 &&
git commit -m "sub1" && git commit -m "sub1" &&
git branch before_sub2 && git branch before_sub2 &&

View File

@ -14,6 +14,10 @@ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup - enable local submodules' '
git config --global protocol.file.allow always
'
test_expect_success 'submodule deinit works on empty repository' ' test_expect_success 'submodule deinit works on empty repository' '
git submodule deinit --all git submodule deinit --all
' '

View File

@ -14,6 +14,8 @@ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
. ./test-lib.sh . ./test-lib.sh
test_expect_success setup ' test_expect_success setup '
git config --global protocol.file.allow always &&
echo file >file && echo file >file &&
git add file && git add file &&
test_tick && test_tick &&

View File

@ -25,6 +25,7 @@ compare_head()
test_expect_success 'setup a submodule tree' ' test_expect_success 'setup a submodule tree' '
git config --global protocol.file.allow always &&
echo file > file && echo file > file &&
git add file && git add file &&
test_tick && test_tick &&

View File

@ -16,6 +16,7 @@ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
test_expect_success 'setup a submodule tree' ' test_expect_success 'setup a submodule tree' '
git config --global protocol.file.allow always &&
echo file > file && echo file > file &&
git add file && git add file &&
test_tick && test_tick &&

View File

@ -17,6 +17,10 @@ test_alternate_is_used () {
test_cmp expect actual test_cmp expect actual
} }
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'preparing first repository' ' test_expect_success 'preparing first repository' '
test_create_repo A && test_create_repo A &&
( (

View File

@ -15,6 +15,10 @@ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'submodule on detached working tree' ' test_expect_success 'submodule on detached working tree' '
git init --bare remote && git init --bare remote &&
test_create_repo bundle1 && test_create_repo bundle1 &&

View File

@ -12,6 +12,9 @@ from the database and from the worktree works.
TEST_NO_CREATE_REPO=1 TEST_NO_CREATE_REPO=1
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'submodule config cache setup' ' test_expect_success 'submodule config cache setup' '
mkdir submodule && mkdir submodule &&
(cd submodule && (cd submodule &&

View File

@ -9,6 +9,7 @@ submodules which are "active" and interesting to the user.
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' ' test_expect_success 'setup' '
git config --global protocol.file.allow always &&
git init sub && git init sub &&
test_commit -C sub initial && test_commit -C sub initial &&
git init super && git init super &&

View File

@ -30,7 +30,8 @@ test_expect_success 'no warning when updating entry' '
test_expect_success 'submodule add does not warn' ' test_expect_success 'submodule add does not warn' '
test_when_finished "git rm -rf submodule .gitmodules" && test_when_finished "git rm -rf submodule .gitmodules" &&
git submodule add ./embed submodule 2>stderr && git -c protocol.file.allow=always \
submodule add ./embed submodule 2>stderr &&
test_i18ngrep ! warning stderr test_i18ngrep ! warning stderr
' '

View File

@ -3,6 +3,10 @@
test_description='check handling of disallowed .gitmodule urls' test_description='check handling of disallowed .gitmodule urls'
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'create submodule with protected dash in url' ' test_expect_success 'create submodule with protected dash in url' '
git init upstream && git init upstream &&
git -C upstream commit --allow-empty -m base && git -C upstream commit --allow-empty -m base &&

View File

@ -6,6 +6,10 @@ export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'create submodule with dash in path' ' test_expect_success 'create submodule with dash in path' '
git init upstream && git init upstream &&
git -C upstream commit --allow-empty -m base && git -C upstream commit --allow-empty -m base &&

View File

@ -17,6 +17,10 @@ export GIT_TEST_FATAL_REGISTER_SUBMODULE_ODB
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'sparse checkout setup which hides .gitmodules' ' test_expect_success 'sparse checkout setup which hides .gitmodules' '
git init upstream && git init upstream &&
git init submodule && git init submodule &&

View File

@ -12,6 +12,10 @@ as expected.
TEST_NO_CREATE_REPO=1 TEST_NO_CREATE_REPO=1
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'submodule config cache setup' ' test_expect_success 'submodule config cache setup' '
mkdir submodule && mkdir submodule &&
(cd submodule && (cd submodule &&

View File

@ -12,6 +12,10 @@ as expected.
TEST_NO_CREATE_REPO=1 TEST_NO_CREATE_REPO=1
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'submodule config cache setup' ' test_expect_success 'submodule config cache setup' '
mkdir submodule && mkdir submodule &&
( (

View File

@ -12,6 +12,10 @@ while making sure to add submodules using `git submodule add` instead of
. ./test-lib.sh . ./test-lib.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'summary test environment setup' ' test_expect_success 'summary test environment setup' '
git init sm && git init sm &&
test_commit -C sm "add file" file file-content file-tag && test_commit -C sm "add file" file file-content file-tag &&

View File

@ -15,6 +15,10 @@ Such as:
. ./test-lib.sh . ./test-lib.sh
. "$TEST_DIRECTORY"/lib-pack.sh . "$TEST_DIRECTORY"/lib-pack.sh
test_expect_success 'setup' '
git config --global protocol.file.allow always
'
test_expect_success 'check names' ' test_expect_success 'check names' '
cat >expect <<-\EOF && cat >expect <<-\EOF &&
valid valid

View File

@ -251,6 +251,7 @@ test_expect_success 'status with merge conflict in .gitmodules' '
test_create_repo_with_commit sub1 && test_create_repo_with_commit sub1 &&
test_tick && test_tick &&
test_create_repo_with_commit sub2 && test_create_repo_with_commit sub2 &&
test_config_global protocol.file.allow always &&
( (
cd super && cd super &&
prev=$(git rev-parse HEAD) && prev=$(git rev-parse HEAD) &&
@ -326,6 +327,7 @@ test_expect_success 'diff --submodule with merge conflict in .gitmodules' '
# sub2 will have an untracked file # sub2 will have an untracked file
# sub3 will have an untracked repository # sub3 will have an untracked repository
test_expect_success 'setup superproject with untracked file in nested submodule' ' test_expect_success 'setup superproject with untracked file in nested submodule' '
test_config_global protocol.file.allow always &&
( (
cd super && cd super &&
git clean -dfx && git clean -dfx &&

View File

@ -74,6 +74,7 @@ test_expect_success 'diff in message is retained with -v' '
test_expect_success 'submodule log is stripped out too with -v' ' test_expect_success 'submodule log is stripped out too with -v' '
git config diff.submodule log && git config diff.submodule log &&
test_config_global protocol.file.allow always &&
git submodule add ./. sub && git submodule add ./. sub &&
git commit -m "sub added" && git commit -m "sub added" &&
( (

View File

@ -636,6 +636,7 @@ test_expect_success 'difftool --no-symlinks detects conflict ' '
test_expect_success 'difftool properly honors gitlink and core.worktree' ' test_expect_success 'difftool properly honors gitlink and core.worktree' '
test_when_finished rm -rf submod/ule && test_when_finished rm -rf submod/ule &&
test_config_global protocol.file.allow always &&
git submodule add ./. submod/ule && git submodule add ./. submod/ule &&
test_config -C submod/ule diff.tool checktrees && test_config -C submod/ule diff.tool checktrees &&
test_config -C submod/ule difftool.checktrees.cmd '\'' test_config -C submod/ule difftool.checktrees.cmd '\''

View File

@ -196,6 +196,7 @@ test_expect_success !MINGW 'grep recurse submodule colon in name' '
git -C "su:b" commit -m "add fi:le" && git -C "su:b" commit -m "add fi:le" &&
test_tick && test_tick &&
test_config_global protocol.file.allow always &&
git -C parent submodule add "../su:b" "su:b" && git -C parent submodule add "../su:b" "su:b" &&
git -C parent commit -m "add submodule" && git -C parent commit -m "add submodule" &&
test_tick && test_tick &&
@ -230,6 +231,7 @@ test_expect_success 'grep history with moved submoules' '
git -C sub commit -m "add file" && git -C sub commit -m "add file" &&
test_tick && test_tick &&
test_config_global protocol.file.allow always &&
git -C parent submodule add ../sub dir/sub && git -C parent submodule add ../sub dir/sub &&
git -C parent commit -m "add submodule" && git -C parent commit -m "add submodule" &&
test_tick && test_tick &&
@ -274,6 +276,7 @@ test_expect_success 'grep using relative path' '
mkdir parent/src && mkdir parent/src &&
echo "(1|2)d(3|4)" >parent/src/file2 && echo "(1|2)d(3|4)" >parent/src/file2 &&
git -C parent add src/file2 && git -C parent add src/file2 &&
test_config_global protocol.file.allow always &&
git -C parent submodule add ../sub && git -C parent submodule add ../sub &&
git -C parent commit -m "add files and submodule" && git -C parent commit -m "add files and submodule" &&
test_tick && test_tick &&
@ -316,6 +319,7 @@ test_expect_success 'grep from a subdir' '
mkdir parent/src && mkdir parent/src &&
echo "(1|2)d(3|4)" >parent/src/file && echo "(1|2)d(3|4)" >parent/src/file &&
git -C parent add src/file && git -C parent add src/file &&
test_config_global protocol.file.allow always &&
git -C parent submodule add ../sub src/sub && git -C parent submodule add ../sub src/sub &&
git -C parent submodule add ../sub sub && git -C parent submodule add ../sub sub &&
git -C parent commit -m "add files and submodules" && git -C parent commit -m "add files and submodules" &&

View File

@ -25,6 +25,7 @@ test_expect_success 'import with large marks file' '
' '
test_expect_success 'setup dump with submodule' ' test_expect_success 'setup dump with submodule' '
test_config_global protocol.file.allow always &&
git submodule add "$PWD" sub && git submodule add "$PWD" sub &&
git commit -m "add submodule" && git commit -m "add submodule" &&
git fast-export HEAD >dump git fast-export HEAD >dump

View File

@ -268,6 +268,7 @@ test_expect_success 'signed-tags=warn-strip' '
test_expect_success 'setup submodule' ' test_expect_success 'setup submodule' '
test_config_global protocol.file.allow always &&
git checkout -f main && git checkout -f main &&
mkdir sub && mkdir sub &&
( (
@ -293,6 +294,7 @@ test_expect_success 'setup submodule' '
test_expect_success 'submodule fast-export | fast-import' ' test_expect_success 'submodule fast-export | fast-import' '
test_config_global protocol.file.allow always &&
SUBENT1=$(git ls-tree main^ sub) && SUBENT1=$(git ls-tree main^ sub) &&
SUBENT2=$(git ls-tree main sub) && SUBENT2=$(git ls-tree main sub) &&
rm -rf new && rm -rf new &&

37
t/t9850-shell.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/sh
test_description='git shell tests'
. ./test-lib.sh
test_expect_success 'shell allows upload-pack' '
printf 0000 >input &&
git upload-pack . <input >expect &&
git shell -c "git-upload-pack $SQ.$SQ" <input >actual &&
test_cmp expect actual
'
test_expect_success 'shell forbids other commands' '
test_must_fail git shell -c "git config foo.bar baz"
'
test_expect_success 'shell forbids interactive use by default' '
test_must_fail git shell
'
test_expect_success 'shell allows interactive command' '
mkdir git-shell-commands &&
write_script git-shell-commands/ping <<-\EOF &&
echo pong
EOF
echo pong >expect &&
echo ping | git shell >actual &&
test_cmp expect actual
'
test_expect_success 'shell complains of overlong commands' '
perl -e "print \"a\" x 2**12 for (0..2**19)" |
test_must_fail git shell 2>err &&
grep "too long" err
'
test_done

View File

@ -995,8 +995,7 @@ static enum protocol_allow_config get_protocol_config(const char *type)
if (!strcmp(type, "http") || if (!strcmp(type, "http") ||
!strcmp(type, "https") || !strcmp(type, "https") ||
!strcmp(type, "git") || !strcmp(type, "git") ||
!strcmp(type, "ssh") || !strcmp(type, "ssh"))
!strcmp(type, "file"))
return PROTOCOL_ALLOW_ALWAYS; return PROTOCOL_ALLOW_ALWAYS;
/* known scary; err on the side of caution */ /* known scary; err on the side of caution */