1. 22 May, 2018 3 commits
  2. 18 May, 2018 5 commits
  3. 14 May, 2018 1 commit
  4. 09 May, 2018 1 commit
    • submodule: ignore submodules which include path traversal in their name · 6b15ceac
      If the we decide that the "name" of the submodule (i.e. its path inside
      `.git/modules/`) is trying to escape that directory or otherwise trick us, we
      ignore the configuration for that submodule.
      
      This leaves us with a half-configured submodule when looking it up by path, but
      it's the same result as if the configuration really were missing.
      
      The name check is potentially more strict than it needs to be, but it lets us
      re-use the check we're doing for the checkout. The function that encapsulates
      this logic is ready to be exported but we don't want to do that in a security
      release so it remains internal for now.
      Carlos Martín Nieto committed
  5. 30 Apr, 2018 1 commit
  6. 22 Apr, 2018 3 commits
  7. 20 Apr, 2018 9 commits
  8. 19 Apr, 2018 1 commit
  9. 17 Apr, 2018 10 commits
  10. 16 Apr, 2018 5 commits
  11. 12 Apr, 2018 1 commit
    • revwalk: fix uninteresting revs sometimes not limiting graphwalk · 54fd80e3
      When we want to limit our graphwalk, we use the heuristic of checking
      whether the newest limiting (uninteresting) revision is newer than the
      oldest interesting revision. We do so by inspecting whether the first
      item's commit time of the user-supplied list of revisions is newer than
      the last added interesting revision. This is wrong though, as the user
      supplied list is in no way guaranteed to be sorted by increasing commit
      dates. This could lead us to abort the revwalk early before applying all
      relevant limiting revisions, outputting revisions which should in fact
      have been hidden.
      
      Fix the heuristic by instead checking whether _any_ of the limiting
      commits was made earlier than the last interesting commit. Add a test.
      Patrick Steinhardt committed