- 18 Jan, 2023 1 commit
-
-
It turns out this has been available in libssh2 for a long time and we should have been verifying this the whole time.
Carlos Martín Nieto committed
-
- 14 Jul, 2022 1 commit
-
-
v1.5.0
Edward Thomson committed
-
- 13 Jul, 2022 7 commits
-
-
Edward Thomson committed
-
Edward Thomson committed
-
Edward Thomson committed
-
Fix creation of branches and tags with invalid names
Edward Thomson committed -
Edward Thomson committed
-
pack: don't pretend we support pack files v3
Edward Thomson committed -
Edward Thomson committed
-
- 12 Jul, 2022 10 commits
-
-
zlib: update bundled zlib to v1.2.12
Edward Thomson committed -
Fixes for CVE 2022-29187
Edward Thomson committed -
Mark Adler committed
-
slide_hash knowingly reads (possibly) uninitialised memory, see comment lower down about prev[n] potentially being garbage. In this case, the result is never used - so we don't care about MSAN complaining about this read. By adding the no_sanitize("memory") attribute, clients of zlib won't see this (unnecessary) error when building and running with MemorySanitizer. An alternative approach is for clients to build zlib with -fsanitize-ignorelist=... where the ignorelist contains something like 'fun:slide_hash'. But that's more work and needs to be redone for any and all CI systems running a given project with MSAN. Adding this annotation to zlib's sources is overall more convenient - but also won't affect non-MSAN builds. This specific issue was found while running git's test suite, but has also been reported by other clients, see e.g. #518.
Andrzej Hunt committed -
The `crc32_combine_gen64` missed a prototype in our define path. Add one.
Edward Thomson committed -
Edward Thomson committed
-
In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior.
Edward Thomson committed -
To match git's behavior with CVE 2022-29187, validate not only the working directory, but also the gitdir and gitlink (if it exists). This a follow up to CVE-2022-24765 that was fixed earlier.
Edward Thomson committed -
Fix erroneously lax configuration ownership checks
Edward Thomson committed -
yuangli committed
-
- 11 Jul, 2022 9 commits
- 09 Jul, 2022 1 commit
-
-
Pack files v3 are introduced in the SHA256 hash transition document https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt Obviously we do not support these yet. Stop pretending that we do.
Edward Thomson committed
-
- 07 Jul, 2022 11 commits
-
-
Allow users in the administrator group to use git configs that are owned by administrators.
Edward Thomson committed -
Allow the user ownership to match if the file is owned by the admin group and the user is in the admin group, even if the current process is not running as administrator directly.
Edward Thomson committed -
Refactor the file ownership checks so that callers can provide discrete information about the ownership expectations to a single function.
Edward Thomson committed -
The file ownership concepts can reflect the actual file ownership, they are not necessarily limited to mocking the interface. Rename them so that they can be more broadly applicable.
Edward Thomson committed -
Ensure that we test opening a bare repository with odd permissions.
Edward Thomson committed -
This reverts commit cdff2f02. This change erroneously allowed system users to own a worktree; this should only be allowed when the current user is in the Administrator group on Windows as well.
Edward Thomson committed -
cmake: drop posix dependency from pcre* detection
Edward Thomson committed -
fix interactive rebase detect.
Edward Thomson committed -
Fix internal git_sysdir_find* function usage within public git_config_find* functions
Edward Thomson committed -
Edward Thomson committed
-