summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Documentation/RelNotes/2.4.12.txt12
-rw-r--r--Documentation/RelNotes/2.5.6.txt12
-rw-r--r--Documentation/RelNotes/2.6.7.txt12
-rw-r--r--Documentation/RelNotes/2.7.5.txt14
-rw-r--r--Documentation/RelNotes/2.8.5.txt12
-rw-r--r--Documentation/RelNotes/2.9.4.txt7
-rw-r--r--Documentation/git.txt19
-rw-r--r--shell.c2
8 files changed, 83 insertions, 7 deletions
diff --git a/Documentation/RelNotes/2.4.12.txt b/Documentation/RelNotes/2.4.12.txt
new file mode 100644
index 0000000..7d15f94
--- /dev/null
+++ b/Documentation/RelNotes/2.4.12.txt
@@ -0,0 +1,12 @@
+Git v2.4.12 Release Notes
+=========================
+
+Fixes since v2.4.11
+-------------------
+
+ * "git-shell" rejects a request to serve a repository whose name
+ begins with a dash, which makes it no longer possible to get it
+ confused into spawning service programs like "git-upload-pack" with
+ an option like "--help", which in turn would spawn an interactive
+ pager, instead of working with the repository user asked to access
+ (i.e. the one whose name is "--help").
diff --git a/Documentation/RelNotes/2.5.6.txt b/Documentation/RelNotes/2.5.6.txt
new file mode 100644
index 0000000..9cd025b
--- /dev/null
+++ b/Documentation/RelNotes/2.5.6.txt
@@ -0,0 +1,12 @@
+Git v2.5.6 Release Notes
+========================
+
+Fixes since v2.5.5
+------------------
+
+ * "git-shell" rejects a request to serve a repository whose name
+ begins with a dash, which makes it no longer possible to get it
+ confused into spawning service programs like "git-upload-pack" with
+ an option like "--help", which in turn would spawn an interactive
+ pager, instead of working with the repository user asked to access
+ (i.e. the one whose name is "--help").
diff --git a/Documentation/RelNotes/2.6.7.txt b/Documentation/RelNotes/2.6.7.txt
new file mode 100644
index 0000000..1335de4
--- /dev/null
+++ b/Documentation/RelNotes/2.6.7.txt
@@ -0,0 +1,12 @@
+Git v2.6.7 Release Notes
+========================
+
+Fixes since v2.6.6
+------------------
+
+ * "git-shell" rejects a request to serve a repository whose name
+ begins with a dash, which makes it no longer possible to get it
+ confused into spawning service programs like "git-upload-pack" with
+ an option like "--help", which in turn would spawn an interactive
+ pager, instead of working with the repository user asked to access
+ (i.e. the one whose name is "--help").
diff --git a/Documentation/RelNotes/2.7.5.txt b/Documentation/RelNotes/2.7.5.txt
new file mode 100644
index 0000000..83559ce
--- /dev/null
+++ b/Documentation/RelNotes/2.7.5.txt
@@ -0,0 +1,14 @@
+Git v2.7.5 Release Notes
+========================
+
+Fixes since v2.7.4
+------------------
+
+ * "git-shell" rejects a request to serve a repository whose name
+ begins with a dash, which makes it no longer possible to get it
+ confused into spawning service programs like "git-upload-pack" with
+ an option like "--help", which in turn would spawn an interactive
+ pager, instead of working with the repository user asked to access
+ (i.e. the one whose name is "--help").
+
+Also contains a few fixes backported from later development tracks.
diff --git a/Documentation/RelNotes/2.8.5.txt b/Documentation/RelNotes/2.8.5.txt
new file mode 100644
index 0000000..7bd179f
--- /dev/null
+++ b/Documentation/RelNotes/2.8.5.txt
@@ -0,0 +1,12 @@
+Git v2.8.5 Release Notes
+========================
+
+Fixes since v2.8.4
+------------------
+
+ * "git-shell" rejects a request to serve a repository whose name
+ begins with a dash, which makes it no longer possible to get it
+ confused into spawning service programs like "git-upload-pack" with
+ an option like "--help", which in turn would spawn an interactive
+ pager, instead of working with the repository user asked to access
+ (i.e. the one whose name is "--help").
diff --git a/Documentation/RelNotes/2.9.4.txt b/Documentation/RelNotes/2.9.4.txt
index 01e8642..9768293 100644
--- a/Documentation/RelNotes/2.9.4.txt
+++ b/Documentation/RelNotes/2.9.4.txt
@@ -80,4 +80,11 @@ Fixes since v2.9.3
the file descriptor still open. Open tempfile with O_CLOEXEC flag
to avoid this (on Windows, this is mapped to O_NOINHERIT).
+ * "git-shell" rejects a request to serve a repository whose name
+ begins with a dash, which makes it no longer possible to get it
+ confused into spawning service programs like "git-upload-pack" with
+ an option like "--help", which in turn would spawn an interactive
+ pager, instead of working with the repository user asked to access
+ (i.e. the one whose name is "--help").
+
Also contains minor documentation updates and code clean-ups.
diff --git a/Documentation/git.txt b/Documentation/git.txt
index ed717e4..3cb55cd 100644
--- a/Documentation/git.txt
+++ b/Documentation/git.txt
@@ -50,34 +50,39 @@ Documentation for older releases are available here:
link:RelNotes/2.10.1.txt[2.10.1],
link:RelNotes/2.10.0.txt[2.10].
-* link:v2.9.3/git.html[documentation for release 2.9.3]
+* link:v2.9.4/git.html[documentation for release 2.9.4]
* release notes for
+ link:RelNotes/2.9.4.txt[2.9.4],
link:RelNotes/2.9.3.txt[2.9.3],
link:RelNotes/2.9.2.txt[2.9.2],
link:RelNotes/2.9.1.txt[2.9.1],
link:RelNotes/2.9.0.txt[2.9].
-* link:v2.8.4/git.html[documentation for release 2.8.4]
+* link:v2.8.5/git.html[documentation for release 2.8.5]
* release notes for
+ link:RelNotes/2.8.5.txt[2.8.5],
link:RelNotes/2.8.4.txt[2.8.4],
link:RelNotes/2.8.3.txt[2.8.3],
link:RelNotes/2.8.2.txt[2.8.2],
link:RelNotes/2.8.1.txt[2.8.1],
link:RelNotes/2.8.0.txt[2.8].
-* link:v2.7.3/git.html[documentation for release 2.7.3]
+* link:v2.7.5/git.html[documentation for release 2.7.5]
* release notes for
+ link:RelNotes/2.7.5.txt[2.7.5],
+ link:RelNotes/2.7.4.txt[2.7.4],
link:RelNotes/2.7.3.txt[2.7.3],
link:RelNotes/2.7.2.txt[2.7.2],
link:RelNotes/2.7.1.txt[2.7.1],
link:RelNotes/2.7.0.txt[2.7].
-* link:v2.6.6/git.html[documentation for release 2.6.6]
+* link:v2.6.7/git.html[documentation for release 2.6.7]
* release notes for
+ link:RelNotes/2.6.7.txt[2.6.7],
link:RelNotes/2.6.6.txt[2.6.6],
link:RelNotes/2.6.5.txt[2.6.5],
link:RelNotes/2.6.4.txt[2.6.4],
@@ -86,9 +91,10 @@ Documentation for older releases are available here:
link:RelNotes/2.6.1.txt[2.6.1],
link:RelNotes/2.6.0.txt[2.6].
-* link:v2.5.5/git.html[documentation for release 2.5.5]
+* link:v2.5.6/git.html[documentation for release 2.5.6]
* release notes for
+ link:RelNotes/2.5.6.txt[2.5.6],
link:RelNotes/2.5.5.txt[2.5.5],
link:RelNotes/2.5.4.txt[2.5.4],
link:RelNotes/2.5.3.txt[2.5.3],
@@ -96,9 +102,10 @@ Documentation for older releases are available here:
link:RelNotes/2.5.1.txt[2.5.1],
link:RelNotes/2.5.0.txt[2.5].
-* link:v2.4.11/git.html[documentation for release 2.4.11]
+* link:v2.4.12/git.html[documentation for release 2.4.12]
* release notes for
+ link:RelNotes/2.4.12.txt[2.4.12],
link:RelNotes/2.4.11.txt[2.4.11],
link:RelNotes/2.4.10.txt[2.4.10],
link:RelNotes/2.4.9.txt[2.4.9],
diff --git a/shell.c b/shell.c
index 464ee1a..fe2d314 100644
--- a/shell.c
+++ b/shell.c
@@ -13,7 +13,7 @@ static int do_generic_cmd(const char *me, char *arg)
const char *my_argv[4];
setup_path();
- if (!arg || !(arg = sq_dequote(arg)))
+ if (!arg || !(arg = sq_dequote(arg)) || *arg == '-')
die("bad argument");
if (!starts_with(me, "git-"))
die("bad command");
generated by cgit v0.10.2-6-g49f6 at 2024-04-26 08:31:36 (GMT)