git, branch v2.11.4 Fork of git SCM with my patches. http://git.kilabit.info/git/atom?h=v2.11.4 2017-09-22T05:44:45Z Git 2.11.4 2017-09-22T05:44:45Z Junio C Hamano gitster@pobox.com 2017-09-22T05:44:45Z urn:sha1:39aaab109972d6bbc1d0ffe5d4de47bbd4b8bb07 Signed-off-by: Junio C Hamano <gitster@pobox.com> Sync with 2.10.5 2017-09-22T05:43:17Z Junio C Hamano gitster@pobox.com 2017-09-22T05:43:13Z urn:sha1:0a4986d95111da89a416e2a28f5bb5d534c07271 Signed-off-by: Junio C Hamano <gitster@pobox.com> Git 2.10.5 2017-09-22T05:42:22Z Junio C Hamano gitster@pobox.com 2017-09-22T05:42:22Z urn:sha1:27dea4683b608c5c0487dee74cbda13b62803b73 Signed-off-by: Junio C Hamano <gitster@pobox.com> Merge branch 'jk/safe-pipe-capture' into maint-2.10 2017-09-22T05:34:34Z Junio C Hamano gitster@pobox.com 2017-09-22T05:34:34Z urn:sha1:dca89d4e56dde4b9b48d6f2ec093886a6fa46575 Merge branch 'jk/cvsimport-quoting' into maint-2.10 2017-09-22T05:34:34Z Junio C Hamano gitster@pobox.com 2017-09-22T05:34:34Z urn:sha1:6d6e2f812d366789fb6f4f9ea8decb4777f6f862 Merge branch 'jc/cvsserver' into maint-2.10 2017-09-22T05:34:34Z Junio C Hamano gitster@pobox.com 2017-09-22T05:34:34Z urn:sha1:31add46823fe926e85efbfeab865e366018b33b4 Merge branch 'jk/git-shell-drop-cvsserver' into maint-2.10 2017-09-22T05:34:34Z Junio C Hamano gitster@pobox.com 2017-09-22T05:34:34Z urn:sha1:985f59c042320ddf0a506e553d5eef9689ef4c32 cvsimport: shell-quote variable used in backticks 2017-09-12T02:10:22Z Jeff King peff@peff.net 2017-09-11T14:24:26Z urn:sha1:5b4efea666951efe0770f8d5a301f8917015315f We run `git rev-parse` though the shell, and quote its argument only with single-quotes. This prevents most metacharacters from being a problem, but misses the obvious case when $name itself has single-quotes in it. We can fix this by applying the usual shell-quoting formula. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> archimport: use safe_pipe_capture for user input 2017-09-12T02:08:15Z Jeff King peff@peff.net 2017-09-11T14:24:11Z urn:sha1:8d0fad0a7a6ba34fd706c148fa7ed1f8eb2b8b26 Refnames can contain shell metacharacters which need to be passed verbatim to sub-processes. Using safe_pipe_capture skips the shell entirely. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> shell: drop git-cvsserver support by default 2017-09-12T02:05:58Z Jeff King peff@peff.net 2017-09-11T15:27:51Z urn:sha1:9a42c03cb71eaa9d41ba67275de38c997a791c32 The git-cvsserver script is old and largely unmaintained these days. But git-shell allows untrusted users to run it out of the box, significantly increasing its attack surface. Let's drop it from git-shell's list of internal handlers so that it cannot be run by default. This is not backwards compatible. But given the age and development activity on CVS-related parts of Git, this is likely to impact very few users, while helping many more (i.e., anybody who runs git-shell and had no intention of supporting CVS). There's no configuration mechanism in git-shell for us to add a boolean and flip it to "off". But there is a mechanism for adding custom commands, and adding CVS support here is fairly trivial. Let's document it to give guidance to anybody who really is still running cvsserver. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>