- 07 Jul, 2022 15 commits
-
-
Mark Adler committed
-
slide_hash knowingly reads (possibly) uninitialised memory, see comment lower down about prev[n] potentially being garbage. In this case, the result is never used - so we don't care about MSAN complaining about this read. By adding the no_sanitize("memory") attribute, clients of zlib won't see this (unnecessary) error when building and running with MemorySanitizer. An alternative approach is for clients to build zlib with -fsanitize-ignorelist=... where the ignorelist contains something like 'fun:slide_hash'. But that's more work and needs to be redone for any and all CI systems running a given project with MSAN. Adding this annotation to zlib's sources is overall more convenient - but also won't affect non-MSAN builds. This specific issue was found while running git's test suite, but has also been reported by other clients, see e.g. #518.
Andrzej Hunt committed -
The `crc32_combine_gen64` missed a prototype in our define path. Add one.
Edward Thomson committed -
Edward Thomson committed
-
In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior.
Edward Thomson committed -
To match git's behavior with CVE 2022-29187, validate not only the working directory, but also the gitdir and gitlink (if it exists). This a follow up to CVE-2022-24765 that was fixed earlier.
Edward Thomson committed -
Allow users in the administrator group to use git configs that are owned by administrators.
Edward Thomson committed -
Allow the user ownership to match if the file is owned by the admin group and the user is in the admin group, even if the current process is not running as administrator directly.
Edward Thomson committed -
Refactor the file ownership checks so that callers can provide discrete information about the ownership expectations to a single function.
Edward Thomson committed -
The file ownership concepts can reflect the actual file ownership, they are not necessarily limited to mocking the interface. Rename them so that they can be more broadly applicable.
Edward Thomson committed -
Ensure that we test opening a bare repository with odd permissions.
Edward Thomson committed -
Update the new URL for mbedTLS.
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
Originally introduced in: 776a6a8e This test case has recently been fixed in bdab2238, but that fix will only last for a year. Next year the same problem will crop up and the test will need to be re-edited. This is not ideal as - This test case becomes an unnecessary burden for developers - Downstream distros or even just users who want to build older versions of libgit2 are guaranteed to have this test fail Furthermore, this test case is entirely unnecessary, as the functionality that was originally (see 776a6a8e) intended to be tested is well-covered by subsequent tests which specify a date instead of a "x ago" specification.
Carl Dong committed
-
- 12 Apr, 2022 13 commits
-
-
v1.3.1 release
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
Validate repository directory ownership (v1.3)
Edward Thomson committed -
Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can disable repository ownership validation.
Edward Thomson committed -
Obey the `safe.directory` configuration variable if it is set in the global or system configuration. (Do not try to load this from the repository configuration - to avoid malicious repositories that then mark themselves as safe.)
Edward Thomson committed -
Pull the global configuration loader out of the symlink check so that it can be re-used.
Edward Thomson committed -
Test that we prevent opening directories that are not owned by ourselves.
Edward Thomson committed -
Provide a mock for file ownership for testability.
Edward Thomson committed -
Ensure that the repository directory is owned by the current user; this prevents us from opening configuration files that may have been created by an attacker.
Edward Thomson committed -
Provide individual file ownership checks for both the current user and the system user, as well as a combined current user and system user check.
Edward Thomson committed -
Edward Thomson committed
-
GitHub is removing support for the unauthenticated git protocol; test with the https protocol.
Edward Thomson committed
-
- 26 Feb, 2022 1 commit
-
-
Edward Thomson committed
-
- 27 Sep, 2021 8 commits
-
-
Edward Thomson committed
-
examples: Free the git_config and git_config_entry after use
Edward Thomson committed -
Edward Thomson committed
-
oidarray: introduce `git_oidarray_dispose`
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
buf: common_prefix takes a string array
Edward Thomson committed -
`git_strarray` is a public-facing type. Change `git_buf_text_common_prefix` to not use it, and just take an array of strings instead.
Edward Thomson committed
-
- 26 Sep, 2021 3 commits
-
-
Since users are disposing the _contents_ of the oidarray, not freeing the oidarray itself, the proper cleanup function is `git_oidarray_dispose`. Deprecate `git_oidarray_free`.
Edward Thomson committed -
The `repo` argument is now unnecessary. Remove it.
Edward Thomson committed -
When looking up attributes for a file, we construct an absolute path to the queried file within the working directory so that we can accept both absolute paths and working directory relative paths. We then trim the leading working directory path to give us an in-repo path. Since we only want the in-repo path to look up attributes - and not to read it from disk - we don't need to validate its length.
Edward Thomson committed
-