Fork of git SCM with my patches. http://git.kilabit.info/git/atom?h=v2.14.4 2018-05-22T05:12:02Z 2018-05-22T05:12:02Z Junio C Hamano gitster@pobox.com 2018-05-22T05:12:02Z urn:sha1:4dde7b8799dec0e7aecb04fdc55c656e674cff6f Signed-off-by: Junio C Hamano <gitster@pobox.com> 2018-05-22T05:10:49Z Junio C Hamano gitster@pobox.com 2018-05-22T05:10:49Z urn:sha1:7b01c71b64d25202d80b73cbd46104ebfddbdab3 * maint-2.13: Git 2.13.7 verify_path: disallow symlinks in .gitmodules update-index: stat updated files earlier verify_dotfile: mention case-insensitivity in comment verify_path: drop clever fallthrough skip_prefix: add case-insensitive variant is_{hfs,ntfs}_dotgitmodules: add tests is_ntfs_dotgit: match other .git files is_hfs_dotgit: match other .git files is_ntfs_dotgit: use a size_t for traversing string submodule-config: verify submodule names as paths 2018-05-22T04:50:36Z Junio C Hamano gitster@pobox.com 2018-05-22T04:50:36Z urn:sha1:0114f71344844be9e5add321cffea34bac077d75 Signed-off-by: Junio C Hamano <gitster@pobox.com> 2018-05-22T04:48:26Z Junio C Hamano gitster@pobox.com 2018-05-22T04:48:26Z urn:sha1:8528c31d98c358cd27f45e203745bcdef03ca589 * jk/submodule-fix-loose: verify_path: disallow symlinks in .gitmodules update-index: stat updated files earlier verify_dotfile: mention case-insensitivity in comment verify_path: drop clever fallthrough skip_prefix: add case-insensitive variant is_{hfs,ntfs}_dotgitmodules: add tests is_ntfs_dotgit: match other .git files is_hfs_dotgit: match other .git files is_ntfs_dotgit: use a size_t for traversing string submodule-config: verify submodule names as paths 2018-05-22T03:50:11Z Jeff King peff@peff.net 2018-05-05T00:03:35Z urn:sha1:10ecfa76491e4923988337b2e2243b05376b40de There are a few reasons it's not a good idea to make .gitmodules a symlink, including: 1. It won't be portable to systems without symlinks. 2. It may behave inconsistently, since Git may look at this file in the index or a tree without bothering to resolve any symbolic links. We don't do this _yet_, but the config infrastructure is there and it's planned for the future. With some clever code, we could make (2) work. And some people may not care about (1) if they only work on one platform. But there are a few security reasons to simply disallow it: a. A symlinked .gitmodules file may circumvent any fsck checks of the content. b. Git may read and write from the on-disk file without sanity checking the symlink target. So for example, if you link ".gitmodules" to "../oops" and run "git submodule add", we'll write to the file "oops" outside the repository. Again, both of those are problems that _could_ be solved with sufficient code, but given the complications in (1) and (2), we're better off just outlawing it explicitly. Note the slightly tricky call to verify_path() in update-index's update_one(). There we may not have a mode if we're not updating from the filesystem (e.g., we might just be removing the file). Passing "0" as the mode there works fine; since it's not a symlink, we'll just skip the extra checks. Signed-off-by: Jeff King <peff@peff.net> 2018-05-22T03:50:11Z Jeff King peff@peff.net 2018-05-14T15:00:56Z urn:sha1:eb12dd0c764d2b71bebd5ffffb7379a3835253ae In the update_one(), we check verify_path() on the proposed path before doing anything else. In preparation for having verify_path() look at the file mode, let's stat the file earlier, so we can check the mode accurately. This is made a bit trickier by the fact that this function only does an lstat in a few code paths (the ones that flow down through process_path()). So we can speculatively do the lstat() here and pass the results down, and just use a dummy mode for cases where we won't actually be updating the index from the filesystem. Signed-off-by: Jeff King <peff@peff.net> 2018-05-22T03:50:11Z Jeff King peff@peff.net 2018-05-15T13:56:50Z urn:sha1:641084b618ddbe099f0992161988c3e479ae848b We're more restrictive than we need to be in matching ".GIT" on case-sensitive filesystems; let's make a note that this is intentional. Signed-off-by: Jeff King <peff@peff.net> 2018-05-22T03:50:11Z Jeff King peff@peff.net 2018-05-13T17:00:23Z urn:sha1:e19e5e66d691bdeeeb5e0ed2ffcecdd7666b0d7b We check ".git" and ".." in the same switch statement, and fall through the cases to share the end-of-component check. While this saves us a line or two, it makes modifying the function much harder. Let's just write it out. Signed-off-by: Jeff King <peff@peff.net> 2018-05-22T03:50:11Z Jeff King peff@peff.net 2018-05-13T16:57:14Z urn:sha1:41a80924aec0e94309786837b6f954a3b3f19b71 We have the convenient skip_prefix() helper, but if you want to do case-insensitive matching, you're stuck doing it by hand. We could add an extra parameter to the function to let callers ask for this, but the function is small and somewhat performance-critical. Let's just re-implement it for the case-insensitive version. Signed-off-by: Jeff King <peff@peff.net> 2018-05-22T03:50:11Z Johannes Schindelin johannes.schindelin@gmx.de 2018-05-12T20:16:51Z urn:sha1:dc2d9ba3187fcd0ca8eeab9aa9ddef70cf8627a6 This tests primarily for NTFS issues, but also adds one example of an HFS+ issue. Thanks go to Congyi Wu for coming up with the list of examples where NTFS would possibly equate the filename with `.gitmodules`. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Jeff King <peff@peff.net>