Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch for v2.36.1 #2720

Open
wants to merge 42 commits into
base: origin-v2.36.1-1733763362
Choose a base branch
from
Open
Changes from all commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
5a37e49
commit patch 23233548
Dec 9, 2024
c5c6904
commit patch 24586273
Dec 9, 2024
91252ec
commit patch 26742548
Dec 9, 2024
8216fac
commit patch 21798058
Dec 9, 2024
ca74186
commit patch 19452746
Dec 9, 2024
63aafea
commit patch 27483263
Dec 9, 2024
f2a9d15
commit patch 17530832
Dec 9, 2024
6c4a65b
commit patch 25368037
Dec 9, 2024
287d487
commit patch 26870035
Dec 9, 2024
1631ddd
commit patch 23634890
Dec 9, 2024
57f6c57
commit patch 22874818
Dec 9, 2024
ca8d9ce
commit patch 25220034
Dec 9, 2024
87f581f
commit patch 19579491
Dec 9, 2024
144a058
commit patch 19135963
Dec 9, 2024
d189f4c
commit patch 27758386
Dec 9, 2024
4a295c2
commit patch 25177790
Dec 9, 2024
7fba865
commit patch 27377090
Dec 9, 2024
37a37d5
commit patch 25516325
Dec 9, 2024
86a9542
commit patch 24141758
Dec 9, 2024
a7e1241
commit patch 26827773
Dec 9, 2024
16b45d6
commit patch 17383781
Dec 9, 2024
de08362
commit patch 26341201
Dec 9, 2024
4044462
commit patch 22305521
Dec 9, 2024
1b048ba
commit patch 26594643
Dec 9, 2024
85dd4a3
commit patch 27758387
Dec 9, 2024
c94d82f
commit patch 18861617
Dec 9, 2024
a444138
commit patch 25389291
Dec 9, 2024
24acce2
commit patch 26509861
Dec 9, 2024
07bcb9c
commit patch 17720290
Dec 9, 2024
7380302
commit patch 23845516
Dec 9, 2024
85b6c59
commit patch 26045007
Dec 9, 2024
8e4c844
commit patch 25495321
Dec 9, 2024
4ac383a
commit patch 26806224
Dec 9, 2024
7561a85
commit patch 20063888
Dec 9, 2024
b99517a
commit patch 25410429
Dec 9, 2024
be71777
commit patch 27440647
Dec 9, 2024
ac45d50
commit patch 21924849
Dec 9, 2024
a2bd07b
commit patch 19072343
Dec 9, 2024
40d1185
commit patch 23296896
Dec 9, 2024
393957f
commit patch 25495319
Dec 9, 2024
1e2666d
commit patch 25854846
Dec 9, 2024
e2d92bf
commit patch 26721505
Dec 9, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Documentation/config/protocol.txt
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
protocol.allow::
If set, provide a user defined default policy for all protocols which
don't explicitly have a policy (`protocol.<name>.allow`). By default,
if unset, known-safe protocols (http, https, git, ssh, file) have a
if unset, known-safe protocols (http, https, git, ssh) have a
default policy of `always`, known-dangerous protocols (ext) have a
default policy of `never`, and all other protocols have a default
policy of `user`. Supported policies:
default policy of `never`, and all other protocols (including file)
have a default policy of `user`. Supported policies:
+
--

14 changes: 14 additions & 0 deletions Documentation/config/safe.txt
Original file line number Diff line number Diff line change
@@ -26,3 +26,17 @@ directory was listed in the `safe.directory` list. If `safe.directory=*`
is set in system config and you want to re-enable this protection, then
initialize your list with an empty value before listing the repositories
that you deem safe.
+
As explained, Git only allows you to access repositories owned by
yourself, i.e. the user who is running Git, by default. When Git
is running as 'root' in a non Windows platform that provides sudo,
however, git checks the SUDO_UID environment variable that sudo creates
and will allow access to the uid recorded as its value in addition to
the id from 'root'.
This is to make it easy to perform a common sequence during installation
"make && sudo make install". A git process running under 'sudo' runs as
'root' but the 'sudo' command exports the environment variable to record
which id the original user has.
If that is not what you would prefer and want git to only trust
repositories that are owned by root instead, then you can remove
the `SUDO_UID` variable from root's environment before invoking git.
11 changes: 9 additions & 2 deletions alias.c
Original file line number Diff line number Diff line change
@@ -46,14 +46,16 @@ void list_aliases(struct string_list *list)

#define SPLIT_CMDLINE_BAD_ENDING 1
#define SPLIT_CMDLINE_UNCLOSED_QUOTE 2
#define SPLIT_CMDLINE_ARGC_OVERFLOW 3
static const char *split_cmdline_errors[] = {
N_("cmdline ends with \\"),
N_("unclosed quote")
N_("unclosed quote"),
N_("too many arguments"),
};

int split_cmdline(char *cmdline, const char ***argv)
{
int src, dst, count = 0, size = 16;
size_t src, dst, count = 0, size = 16;
char quoted = 0;

ALLOC_ARRAY(*argv, size);
@@ -96,6 +98,11 @@ int split_cmdline(char *cmdline, const char ***argv)
return -SPLIT_CMDLINE_UNCLOSED_QUOTE;
}

if (count >= INT_MAX) {
FREE_AND_NULL(*argv);
return -SPLIT_CMDLINE_ARGC_OVERFLOW;
}

ALLOC_GROW(*argv, count + 1, size);
(*argv)[count] = NULL;

41 changes: 39 additions & 2 deletions apply.c
Original file line number Diff line number Diff line change
@@ -4408,6 +4408,33 @@ static int create_one_file(struct apply_state *state,
if (state->cached)
return 0;

/*
* We already try to detect whether files are beyond a symlink in our
* up-front checks. But in the case where symlinks are created by any
* of the intermediate hunks it can happen that our up-front checks
* didn't yet see the symlink, but at the point of arriving here there
* in fact is one. We thus repeat the check for symlinks here.
*
* Note that this does not make the up-front check obsolete as the
* failure mode is different:
*
* - The up-front checks cause us to abort before we have written
* anything into the working directory. So when we exit this way the
* working directory remains clean.
*
* - The checks here happen in the middle of the action where we have
* already started to apply the patch. The end result will be a dirty
* working directory.
*
* Ideally, we should update the up-front checks to catch what would
* happen when we apply the patch before we damage the working tree.
* We have all the information necessary to do so. But for now, as a
* part of embargoed security work, having this check would serve as a
* reasonable first step.
*/
if (path_is_beyond_symlink(state, path))
return error(_("affected file '%s' is beyond a symbolic link"), path);

res = try_create_file(state, path, mode, buf, size);
if (res < 0)
return -1;
@@ -4539,7 +4566,7 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
FILE *rej;
char namebuf[PATH_MAX];
struct fragment *frag;
int cnt = 0;
int fd, cnt = 0;
struct strbuf sb = STRBUF_INIT;

for (cnt = 0, frag = patch->fragments; frag; frag = frag->next) {
@@ -4579,7 +4606,17 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
memcpy(namebuf, patch->new_name, cnt);
memcpy(namebuf + cnt, ".rej", 5);

rej = fopen(namebuf, "w");
fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
if (fd < 0) {
if (errno != EEXIST)
return error_errno(_("cannot open %s"), namebuf);
if (unlink(namebuf))
return error_errno(_("cannot unlink '%s'"), namebuf);
fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
if (fd < 0)
return error_errno(_("cannot open %s"), namebuf);
}
rej = fdopen(fd, "w");
if (!rej)
return error_errno(_("cannot open %s"), namebuf);

Loading