Fork of git SCM with my patches. http://git.kilabit.info/git/atom?h=v2.24.3 2020-04-19T23:30:34Z 2020-04-19T23:30:34Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T23:30:34Z urn:sha1:b86a4be245d0ba077c97c6ab6b1cdbeb9dcc1342 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> 2020-04-19T23:30:27Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T23:30:27Z urn:sha1:f2771efd07b51edae023db95fcca39c72a0397fe This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> 2020-04-19T23:30:19Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T23:30:19Z urn:sha1:c9808fa014aa88cc306705d308d1d9065d567ddc This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> 2020-04-19T23:30:08Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T23:30:08Z urn:sha1:9206d27eb5e76bbb3a4e59e3c53f92eaa0caa97b This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> 2020-04-19T23:28:57Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T23:28:57Z urn:sha1:041bc65923e13313ca1b77681c3b2950b5e0a163 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> 2020-04-19T23:26:41Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T23:26:41Z urn:sha1:76b54ee9b9944ee70422ac24884f78769cf264f1 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> 2020-04-19T23:24:14Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T23:24:14Z urn:sha1:ba6f0905fdb9e65c1ac5fbc79c9a4ef0b59b3e68 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> 2020-04-19T23:10:58Z Jeff King peff@peff.net 2020-04-19T06:34:55Z urn:sha1:df5be6dc3fd18c294ec93a9af0321334e3f92c9c Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> 2020-04-19T23:10:58Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T03:57:22Z urn:sha1:1a3609e402a062ef7b11f197fe96c28cabca132c Git's URL parser interprets https:///example.com/repo.git to have no host and a path of "example.com/repo.git". Curl, on the other hand, internally redirects it to https://example.com/repo.git. As a result, until "credential: parse URL without host as empty host, not unset", tricking a user into fetching from such a URL would cause Git to send credentials for another host to example.com. Teach fsck to block and detect .gitmodules files using such a URL to prevent sharing them with Git versions that are not yet protected. A relative URL in a .gitmodules file could also be used to trigger this. The relative URL resolver used for .gitmodules does not normalize sequences of slashes and can follow ".." components out of the path part and to the host part of a URL, meaning that such a relative URL can be used to traverse from a https://foo.example.com/innocent superproject to a https:///attacker.example.com/exploit submodule. Fortunately, redundant extra slashes in .gitmodules are rare, so we can catch this by detecting one after a leading sequence of "./" and "../" components. Helped-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Reviewed-by: Jeff King <peff@peff.net> 2020-04-19T23:10:58Z Jonathan Nieder jrnieder@gmail.com 2020-04-19T03:54:57Z urn:sha1:e7fab62b736cca3416660636e46f0be8386a5030 Until "credential: refuse to operate when missing host or protocol", Git's credential handling code interpreted URLs with empty scheme to mean "give me credentials matching this host for any protocol". Luckily libcurl does not recognize such URLs (it tries to look for a protocol named "" and fails). Just in case that changes, let's reject them within Git as well. This way, credential_from_url is guaranteed to always produce a "struct credential" with protocol and host set. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>