- 12 Apr, 2022 7 commits
-
-
Validate repository directory ownership
Edward Thomson committed -
Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can disable repository ownership validation.
Edward Thomson committed -
Obey the `safe.directory` configuration variable if it is set in the global or system configuration. (Do not try to load this from the repository configuration - to avoid malicious repositories that then mark themselves as safe.)
Edward Thomson committed -
Pull the global configuration loader out of the symlink check so that it can be re-used.
Edward Thomson committed -
Test that we prevent opening directories that are not owned by ourselves.
Edward Thomson committed -
Provide a mock for file ownership for testability.
Edward Thomson committed -
Ensure that the repository directory is owned by the current user; this prevents us from opening configuration files that may have been created by an attacker.
Edward Thomson committed
-
- 11 Apr, 2022 1 commit
-
-
Provide individual file ownership checks for both the current user and the system user, as well as a combined current user and system user check.
Edward Thomson committed
-
- 10 Apr, 2022 3 commits
-
-
midx: Fix an undefined behavior (left-shift signed overflow)
Edward Thomson committed -
Fix crash when regenerating a patch with unquoted spaces in filename
Edward Thomson committed -
Edward Thomson committed
-
- 06 Apr, 2022 4 commits
-
-
tests: support flaky stat
Edward Thomson committed -
The 32-bit ARM QEMU builds are flaky when running `lstat`. Disable those testing `lstat`'s `st_size` temporarily.
Edward Thomson committed -
diff: don't stat empty file on arm32 (flaky test)
Edward Thomson committed -
sha256: support dynamically loaded openssl
Edward Thomson committed
-
- 05 Apr, 2022 1 commit
-
-
There was a missing check to ensure that the `off64_t` (which is a signed value) didn't overflow when parsing it from the midx file. This shouldn't have huge repercusions since the parsed value is immediately validated afterwards, but then again, there is no such thing as "benign" undefined behavior. This change makes all the bitwise arithmetic happen with unsigned types and is only casted to `off64_t` until the very end. Thanks to Taotao Gu for finding and reporting this!
lhchavez committed
-
- 04 Apr, 2022 3 commits
-
-
fetch: support OID refspec without dst
Edward Thomson committed -
Edward Thomson committed
-
Our CI test infrastructure virtualizes arm32 in docker, which is a sometimes imperfect situation. In `diff::workdir::can_diff_empty_file`, avoid the stat to ensure that the file is zero bytes; there is an odd issue running in qemu when emulating arm32 that we should skip.
Edward Thomson committed
-
- 23 Mar, 2022 17 commits
-
-
SHA256: add a SHA256 implementation backend
Edward Thomson committed -
gcc (mingw) warns when you cast the result of `GetProcAddress`; cast the results to `void *` before casting them to the actual result.
Edward Thomson committed -
When GIT_SHA1_WIN32 or GIT_SHA256_WIN32 is used, ensure that we test both CryptoNG ("cng") and CryptoAPI.
Edward Thomson committed -
Adding SHA256 support prompted an overdue refactoring of some of the unnecessary complexity around the CNG/CryptoAPI abstraction.
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
Edward Thomson committed
-
Add support for a SHA256 hash algorithm, and add the "builtin" SHA256 hash engine (from RFC 6234).
Edward Thomson committed -
The more generic GIT_ERROR_SHA allows for SHA256 errors as well as SHA1.
Edward Thomson committed -
Eliminate the `sha1` folder, move it down into `hash` so that future impelmentations can share common code.
Edward Thomson committed -
Remove the "generic" implementation; it should never be used; it only existed for a no-dependencies configuration, and our bundled sha1dc satisfies that requirement _and_ is correct.
Edward Thomson committed -
Edward Thomson committed
-
Benchmarking suite
Edward Thomson committed -
Support the ability to create a refspec that is a single object ID without a destination.
Edward Thomson committed -
clone: update bitbucket tests
Edward Thomson committed -
Edward Thomson committed
-
Fix a string concatenation bug when validating extensions
Edward Thomson committed
-
- 16 Mar, 2022 1 commit
-
-
As builtin extensions are evaluated in the latter half of `check_valid_extension`, a string `cfg` is concatenated with the static string 'extension.' and the value from `builtin_extension`, before being compared with the configured value. This string is not being cleared while iterating through the names of the extensions. Because there is currently only one extension ('noop'), the bug was never noticible. This patch corrects the behavior by clearing the string on each iteration, as is done in the first block.
Wilhelm Bierbaum committed
-
- 13 Mar, 2022 2 commits
-
-
This fixes a crash in test cases test_diff_parse__new_file_with_space_and_regenerate_patch and test_diff_parse__delete_file_with_space_and_regenerate_patch
Iliyas Jorio committed -
This currently crashes, proposed fix in subsequent commit.
Iliyas Jorio committed
-
- 03 Mar, 2022 1 commit
-
-
Some minor fixes for issues discovered by coverity
Edward Thomson committed
-