Commit Graph

59545 Commits

Author SHA1 Message Date
Johannes Schindelin
6ff7f46039 Git 2.27.1
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:50:05 +01:00
Johannes Schindelin
2d1142a3e8 Sync with 2.26.3
* maint-2.26:
  Git 2.26.3
  Git 2.25.5
  Git 2.24.4
  Git 2.23.4
  Git 2.22.5
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:50:04 +01:00
Johannes Schindelin
a79fd20c71 Git 2.26.3
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:50:00 +01:00
Johannes Schindelin
8f80393c14 Sync with 2.25.5
* maint-2.25:
  Git 2.25.5
  Git 2.24.4
  Git 2.23.4
  Git 2.22.5
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:49:59 +01:00
Johannes Schindelin
42ce4c7930 Git 2.25.5
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:49:55 +01:00
Johannes Schindelin
97d1dcb1ef Sync with 2.24.4
* maint-2.24:
  Git 2.24.4
  Git 2.23.4
  Git 2.22.5
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:49:55 +01:00
Johannes Schindelin
06214d171b Git 2.24.4
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:49:50 +01:00
Johannes Schindelin
92ac04b8ee Sync with 2.23.4
* maint-2.23:
  Git 2.23.4
  Git 2.22.5
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:49:50 +01:00
Johannes Schindelin
d60b6a96f0 Git 2.23.4
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:49:46 +01:00
Johannes Schindelin
4bd06fd490 Sync with 2.22.5
* maint-2.22:
  Git 2.22.5
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:49:45 +01:00
Johannes Schindelin
c753e2a7a8 Git 2.22.5
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:49:41 +01:00
Johannes Schindelin
bcf08f33d8 Sync with 2.21.4
* maint-2.21:
  Git 2.21.4
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:49:41 +01:00
Johannes Schindelin
c735d7470e Git 2.21.4
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:49:36 +01:00
Johannes Schindelin
b1726b1a38 Sync with 2.20.5
* maint-2.20:
  Git 2.20.5
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:49:35 +01:00
Johannes Schindelin
8b1a5f33d3 Git 2.20.5
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:49:17 +01:00
Johannes Schindelin
804963848e Sync with 2.19.6
* maint-2.19:
  Git 2.19.6
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:49:17 +01:00
Johannes Schindelin
9fb2a1fb08 Git 2.19.6
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:47:48 +01:00
Johannes Schindelin
fb049fd85b Sync with 2.18.5
* maint-2.18:
  Git 2.18.5
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:47:47 +01:00
Johannes Schindelin
6eed462c8f Git 2.18.5
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:47:43 +01:00
Johannes Schindelin
9b77cec89b Sync with 2.17.6
* maint-2.17:
  Git 2.17.6
  unpack_trees(): start with a fresh lstat cache
  run-command: invalidate lstat cache after a command finished
  checkout: fix bug that makes checkout follow symlinks in leading path
2021-02-12 15:47:42 +01:00
Johannes Schindelin
6b82d3eea6 Git 2.17.6
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:47:02 +01:00
Matheus Tavares
22539ec3b5 unpack_trees(): start with a fresh lstat cache
We really want to avoid relying on stale information.

Signed-off-by: Matheus Tavares <matheus.bernardino@usp.br>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:47:02 +01:00
Johannes Schindelin
0d58fef58a run-command: invalidate lstat cache after a command finished
In the previous commit, we intercepted calls to `rmdir()` to invalidate
the lstat cache in the successful case, so that the lstat cache could
not have the idea that a directory exists where there is none.

The same situation can arise, of course, when a separate process is
spawned (most notably, this is the case in `submodule_move_head()`).
Obviously, we cannot know whether a directory was removed in that
process, therefore we must invalidate the lstat cache afterwards.

Note: in contrast to `lstat_cache_aware_rmdir()`, we invalidate the
lstat cache even in case of an error: the process might have removed a
directory and still have failed afterwards.

Co-authored-by: Matheus Tavares <matheus.bernardino@usp.br>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2021-02-12 15:47:02 +01:00
Matheus Tavares
684dd4c2b4 checkout: fix bug that makes checkout follow symlinks in leading path
Before checking out a file, we have to confirm that all of its leading
components are real existing directories. And to reduce the number of
lstat() calls in this process, we cache the last leading path known to
contain only directories. However, when a path collision occurs (e.g.
when checking out case-sensitive files in case-insensitive file
systems), a cached path might have its file type changed on disk,
leaving the cache on an invalid state. Normally, this doesn't bring
any bad consequences as we usually check out files in index order, and
therefore, by the time the cached path becomes outdated, we no longer
need it anyway (because all files in that directory would have already
been written).

But, there are some users of the checkout machinery that do not always
follow the index order. In particular: checkout-index writes the paths
in the same order that they appear on the CLI (or stdin); and the
delayed checkout feature -- used when a long-running filter process
replies with "status=delayed" -- postpones the checkout of some entries,
thus modifying the checkout order.

When we have to check out an out-of-order entry and the lstat() cache is
invalid (due to a previous path collision), checkout_entry() may end up
using the invalid data and thrusting that the leading components are
real directories when, in reality, they are not. In the best case
scenario, where the directory was replaced by a regular file, the user
will get an error: "fatal: unable to create file 'foo/bar': Not a
directory". But if the directory was replaced by a symlink, checkout
could actually end up following the symlink and writing the file at a
wrong place, even outside the repository. Since delayed checkout is
affected by this bug, it could be used by an attacker to write
arbitrary files during the clone of a maliciously crafted repository.

Some candidate solutions considered were to disable the lstat() cache
during unordered checkouts or sort the entries before passing them to
the checkout machinery. But both ideas include some performance penalty
and they don't future-proof the code against new unordered use cases.

Instead, we now manually reset the lstat cache whenever we successfully
remove a directory. Note: We are not even checking whether the directory
was the same as the lstat cache points to because we might face a
scenario where the paths refer to the same location but differ due to
case folding, precomposed UTF-8 issues, or the presence of `..`
components in the path. Two regression tests, with case-collisions and
utf8-collisions, are also added for both checkout-index and delayed
checkout.

Note: to make the previously mentioned clone attack unfeasible, it would
be sufficient to reset the lstat cache only after the remove_subtree()
call inside checkout_entry(). This is the place where we would remove a
directory whose path collides with the path of another entry that we are
currently trying to check out (possibly a symlink). However, in the
interest of a thorough fix that does not leave Git open to
similar-but-not-identical attack vectors, we decided to intercept
all `rmdir()` calls in one fell swoop.

This addresses CVE-2021-21300.

Co-authored-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Matheus Tavares <matheus.bernardino@usp.br>
2021-02-12 15:47:02 +01:00
Junio C Hamano
b3d7a52fac Git 2.27
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-05-31 23:03:57 -07:00
Junio C Hamano
56219baf1e Merge branch 'cb/test-use-ere-for-alternation'
Portability fix for tests added recently.

* cb/test-use-ere-for-alternation:
  t: avoid alternation (not POSIX) in grep's BRE
2020-05-31 11:38:44 -07:00
Junio C Hamano
68f30e280d l10n-2.27.0-rnd2
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE37vMEzKDqYvVxs51k24VDd1FMtUFAl7TOwUACgkQk24VDd1F
 MtUkrQ//dwvbooCrjf0WIyMV5+1xunsKsR6inlrIlnTkl7urOknloakePcB1OR3b
 GegLs49dY6qwRjmLTw6iybSiOoHuMh4oxID7qoakJymylgCjLTPFdz8kksq9yP/T
 BsFY9G0IwdHqYz485sXqDbzCC2p0jA/8DsLW9QMrMlEVW0GnqpS8andYVSNVb4mH
 7YgekP2gh7qreAFejOxIGVnRPuJi2TM1zAx95YjOr6/qJP+73z1f2oR/mX3K8qM+
 BtJGhlIY2NaQtGYeZ36LA1MO22qThamWbvS/sFCxkopOZEXF5pWt27SAZ17yhlQs
 csV9l0z3qxtaDAcq2tS+8zvCJTBG4OG8A85yCnkOVX/S+89OjTqxmDCdHQk1iAs4
 27YWNsCo+TjLHK8e4arTTDRRAT+SrDS3qs+ZzGBuHULYVfB6KmO+InAQUlnstXe/
 34rAMH5f0mN3g6a+xcK9C129CyEgY1sJYohdg7vPzd2dENkcJqAJ/l7QyxluKW8b
 bhWBbzgGCROQkVpgbm+TKa8DSiSquYcnR7pk2QwqnTmNEH3sh+CJnu9lDNpdpcFb
 PhojRsV22GHwmBM/TC6PkaPiYgl4hRrfcjjYZz4kHdywXO6UQatSVNpwZjSeeg4N
 TL4vL2M0yzV6yhH5LsV4ffvNqEz18+4fl+34U/M+jOu3xbYb9ng=
 =6fW9
 -----END PGP SIGNATURE-----

Merge tag 'l10n-2.27.0-rnd2' of git://github.com/git-l10n/git-po

l10n-2.27.0-rnd2

* tag 'l10n-2.27.0-rnd2' of git://github.com/git-l10n/git-po: (23 commits)
  l10n: zh_TW.po: v2.27.0 round 2 (0 untranslated)
  l10n: zh_TW.po: v2.27.0 round 1 (0 untranslated)
  l10n: de.po: Fix typo in the German translation of octopus
  l10n: de.po: Update German translation for Git 2.27.0
  l10n: it.po: update for Git 2.27.0 round #2
  l10n: tr: v2.27.0 round 2
  l10n: fr.po v2.27.0 rnd 2
  l10n: bg.po: Updated Bulgarian translation (4875t)
  l10n: Update Catalan translation
  l10n: sv.po: Update Swedish translation (4875t0f0u)
  l10n: vi(4875t): Updated Vietnamses translation for 2.27.0rd2
  l10n: zh_CN: for git v2.27.0 l10n round 1~2
  l10n: git.pot: v2.27.0 round 2 (+1)
  l10n: Update Catalan translation
  l10n: vi(4874t): Updated Vietnamses translation for 2.27.0
  l10n: es: 2.27.0 round 1
  l10n: bg.po: Updated Bulgarian translation (4868t)
  l10n: fr v2.27.0 rnd 1
  l10n: sv.po: Update Swedish translation (4839t0f0u)
  l10n: tr: v2.27.0 round 1
  ...
2020-05-31 11:14:07 -07:00
Jiang Xin
cb26198ec6 Merge branch 'master' of github.com:ruester/git-po-de
* 'master' of github.com:ruester/git-po-de:
  l10n: de.po: Fix typo in the German translation of octopus
  l10n: de.po: Update German translation for Git 2.27.0
2020-05-30 11:26:53 +08:00
Jiang Xin
e228b2c9a8 Merge branch of github.com:AlessandroMenti/git-po
* 'update-italian-translation' of github.com:AlessandroMenti/git-po:
  l10n: it.po: update for Git 2.27.0 round #2
2020-05-30 11:25:17 +08:00
Junio C Hamano
1aa69c7357 Merge branch 'bc/sha-256-part-1-of-4'
Docfix.

* bc/sha-256-part-1-of-4:
  Documentation: correct hash environment variable
2020-05-29 15:12:20 -07:00
Junio C Hamano
2dfa5a16b0 Merge branch 'ma/rev-list-options-docfix'
Docfix.

* ma/rev-list-options-docfix:
  rev-list-options.txt: start a list for `show-pulls`
2020-05-29 15:12:20 -07:00
Junio C Hamano
24109910fe Merge branch 'jk/ci-only-on-selected-branches'
Dev support.

* jk/ci-only-on-selected-branches:
  ci/config: correct instruction for CI preferences
2020-05-29 15:12:19 -07:00
Carlo Marcelo Arenas Belón
46022ca34f t: avoid alternation (not POSIX) in grep's BRE
f1e3df3169 (t: increase test coverage of signature verification output,
2020-03-04) adds GPG dependent tests to t4202 and t6200 that were found
problematic with at least OpenBSD 6.7.

Using an escaped '|' for alternations works only in some implementations
of grep (e.g. GNU and busybox).

It is not part of POSIX[1] and not supported by some BSD, macOS, and
possibly other POSIX compatible implementations.

Use `grep -E`, and write it using extended regular expression.

[1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap09.html#tag_09_03

Helped-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-05-29 15:04:03 -07:00
Yi-Jyun Pan
1064a30054 l10n: zh_TW.po: v2.27.0 round 2 (0 untranslated)
Signed-off-by: Yi-Jyun Pan <pan93412@gmail.com>
2020-05-30 00:37:53 +08:00
Yi-Jyun Pan
710636a908 l10n: zh_TW.po: v2.27.0 round 1 (0 untranslated)
Signed-off-by: Yi-Jyun Pan <pan93412@gmail.com>
2020-05-30 00:34:15 +08:00
Jan Engelhardt
9d18eae6b2 l10n: de.po: Fix typo in the German translation of octopus
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Matthias Rüster <matthias.ruester@gmail.com>
2020-05-29 16:47:34 +02:00
Matthias Rüster
7045aa9c84 l10n: de.po: Update German translation for Git 2.27.0
Reviewed-by: Ralf Thielow <ralf.thielow@gmail.com>
Signed-off-by: Matthias Rüster <matthias.ruester@gmail.com>
2020-05-29 16:46:53 +02:00
Alessandro Menti
a09c79f5c8
l10n: it.po: update for Git 2.27.0 round #2
Signed-off-by: Alessandro Menti <alessandro.menti@alessandromenti.it>
2020-05-28 07:53:00 +02:00
Jiang Xin
7af3e5bcf7 Merge branch 'fr_2.27.0rnd2' of github.com:jnavila/git
* 'fr_2.27.0rnd2' of github.com:jnavila/git:
  l10n: fr.po v2.27.0 rnd 2
2020-05-28 10:46:04 +08:00
Jiang Xin
2c0f79caf0 Merge branch 'master' of github.com:bitigchi/git-po
* 'master' of github.com:bitigchi/git-po:
  l10n: tr: v2.27.0 round 2
2020-05-28 10:45:33 +08:00
Jiang Xin
ba6f6f6bd2 Merge branch 'master' of github.com:alshopov/git-po
* 'master' of github.com:alshopov/git-po:
  l10n: bg.po: Updated Bulgarian translation (4875t)
2020-05-28 10:45:11 +08:00
Jiang Xin
b3183376be Merge branch 'master' of github.com:Softcatala/git-po
* 'master' of github.com:Softcatala/git-po:
  l10n: Update Catalan translation
2020-05-28 10:44:21 +08:00
Toon Claes
ed11a5a7de Documentation: correct hash environment variable
To set the default hash algorithm you can set the `GIT_DEFAULT_HASH`
environment variable. In the documentation this variable is named
`GIT_DEFAULT_HASH_ALGORITHM`, which is incorrect.

Signed-off-by: Toon Claes <toon@iotcl.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-05-27 10:00:05 -07:00
Emir Sarı
61c7f0466e l10n: tr: v2.27.0 round 2
Signed-off-by: Emir Sarı <bitigchi@me.com>
2020-05-27 12:48:41 +03:00
Jean-Noël Avila
f0882a0b4f l10n: fr.po v2.27.0 rnd 2
Signed-off-by: Jean-Noël Avila <jn.avila@free.fr>
2020-05-27 11:18:48 +02:00
Alexander Shopov
22563117de l10n: bg.po: Updated Bulgarian translation (4875t)
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
2020-05-27 09:44:34 +02:00
Jordi Mas
b6d7940422 l10n: Update Catalan translation
Signed-off-by: Jordi Mas <jmas@softcatala.org>
2020-05-27 08:59:48 +02:00
Peter Krefting
3eff1ed3a3 l10n: sv.po: Update Swedish translation (4875t0f0u)
Signed-off-by: Peter Krefting <peter@softwolves.pp.se>
2020-05-27 07:41:28 +01:00
Tran Ngoc Quan
4b4cf76771 l10n: vi(4875t): Updated Vietnamses translation for 2.27.0rd2
Signed-off-by: Tran Ngoc Quan <vnwildman@gmail.com>
2020-05-27 08:08:20 +07:00
Jiang Xin
349ede6ae7 l10n: zh_CN: for git v2.27.0 l10n round 1~2
Translate 73 new messages (4875t0f0u) for git 2.27.0.

Reviewed-by: 依云 <lilydjwg@gmail.com>
Reviewed-by: Fangyi Zhou <me@fangyi.io>
Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
2020-05-27 07:39:48 +08:00