From 3ec804490a265f4c418a321428c12f3f18b7eff5 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Sat, 29 Apr 2017 08:36:44 -0400 Subject: shell: disallow repo names beginning with dash When a remote server uses git-shell, the client side will connect to it like: ssh server "git-upload-pack 'foo.git'" and we literally exec ("git-upload-pack", "foo.git"). In early versions of upload-pack and receive-pack, we took a repository argument and nothing else. But over time they learned to accept dashed options. If the user passes a repository name that starts with a dash, the results are confusing at best (we complain of a bogus option instead of a non-existent repository) and malicious at worst (the user can start an interactive pager via "--help"). We could pass "--" to the sub-process to make sure the user's argument is interpreted as a branch name. I.e.: git-upload-pack -- -foo.git But adding "--" automatically would make us inconsistent with a normal shell (i.e., when git-shell is not in use), where "-foo.git" would still be an error. For that case, the client would have to specify the "--", but they can't do so reliably, as existing versions of git-shell do not allow more than a single argument. The simplest thing is to simply disallow "-" at the start of the repo name argument. This hasn't worked either with or without git-shell since version 1.0.0, and nobody has complained. Note that this patch just applies to do_generic_cmd(), which runs upload-pack, receive-pack, and upload-archive. There are two other types of commands that git-shell runs: - do_cvs_cmd(), but this already restricts the argument to be the literal string "server" - admin-provided commands in the git-shell-commands directory. We'll pass along arbitrary arguments there, so these commands could have similar problems. But these commands might actually understand dashed arguments, so we cannot just block them here. It's up to the writer of the commands to make sure they are safe. With great power comes great responsibility. Reported-by: Timo Schmid Signed-off-by: Jeff King Signed-off-by: Junio C Hamano diff --git a/shell.c b/shell.c index ace62e4..c3bf8ec 100644 --- a/shell.c +++ b/shell.c @@ -13,7 +13,7 @@ static int do_generic_cmd(const char *me, char *arg) const char *my_argv[4]; setup_path(); - if (!arg || !(arg = sq_dequote(arg))) + if (!arg || !(arg = sq_dequote(arg)) || *arg == '-') die("bad argument"); if (!starts_with(me, "git-")) die("bad command"); -- cgit v0.10.2-6-g49f6 From 4000b4020911512eea10667dd5c97a0b4890e098 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 12:25:09 +0900 Subject: Git 2.4.12 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.4.12.txt b/Documentation/RelNotes/2.4.12.txt new file mode 100644 index 0000000..7d15f94 --- /dev/null +++ b/Documentation/RelNotes/2.4.12.txt @@ -0,0 +1,12 @@ +Git v2.4.12 Release Notes +========================= + +Fixes since v2.4.11 +------------------- + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/git.txt b/Documentation/git.txt index 889fa51..7f3941e 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,10 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.4.11/git.html[documentation for release 2.4.11] +* link:v2.4.12/git.html[documentation for release 2.4.12] * release notes for + link:RelNotes/2.4.12.txt[2.4.12], link:RelNotes/2.4.11.txt[2.4.11], link:RelNotes/2.4.10.txt[2.4.10], link:RelNotes/2.4.9.txt[2.4.9], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 4b0af4d..cc57af9 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.4.11 +DEF_VER=v2.4.12 LF=' ' diff --git a/RelNotes b/RelNotes index be2419c..03c9d6c 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.4.11.txt \ No newline at end of file +Documentation/RelNotes/2.4.12.txt \ No newline at end of file -- cgit v0.10.2-6-g49f6 From ac33201285cce4b392c3cedfaf7f098fdb1dde87 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 12:49:00 +0900 Subject: Git 2.5.6 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.5.6.txt b/Documentation/RelNotes/2.5.6.txt new file mode 100644 index 0000000..9cd025b --- /dev/null +++ b/Documentation/RelNotes/2.5.6.txt @@ -0,0 +1,12 @@ +Git v2.5.6 Release Notes +======================== + +Fixes since v2.5.5 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/git.txt b/Documentation/git.txt index c64ffa8..55c314d 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,10 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.5.5/git.html[documentation for release 2.5.5] +* link:v2.5.6/git.html[documentation for release 2.5.6] * release notes for + link:RelNotes/2.5.6.txt[2.5.6], link:RelNotes/2.5.5.txt[2.5.5], link:RelNotes/2.5.4.txt[2.5.4], link:RelNotes/2.5.3.txt[2.5.3], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 51ae63d..b5c7724 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.5.5 +DEF_VER=v2.5.6 LF=' ' diff --git a/RelNotes b/RelNotes index 3f734d9..0528978 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.5.5.txt \ No newline at end of file +Documentation/RelNotes/2.5.6.txt \ No newline at end of file -- cgit v0.10.2-6-g49f6 From 70fcaef90bad282cf141a7c2e7ae87b13fe0700e Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 12:56:19 +0900 Subject: Git 2.6.7 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.6.7.txt b/Documentation/RelNotes/2.6.7.txt new file mode 100644 index 0000000..1335de4 --- /dev/null +++ b/Documentation/RelNotes/2.6.7.txt @@ -0,0 +1,12 @@ +Git v2.6.7 Release Notes +======================== + +Fixes since v2.6.6 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/git.txt b/Documentation/git.txt index 9b75c50..64ac7b2 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,10 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.6.6/git.html[documentation for release 2.6.6] +* link:v2.6.7/git.html[documentation for release 2.6.7] * release notes for + link:RelNotes/2.6.7.txt[2.6.7], link:RelNotes/2.6.6.txt[2.6.6], link:RelNotes/2.6.5.txt[2.6.5], link:RelNotes/2.6.4.txt[2.6.4], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index d2508fd..9b279fd 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.6.6 +DEF_VER=v2.6.7 LF=' ' diff --git a/RelNotes b/RelNotes index fdbb467..9158b66 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.6.6.txt \ No newline at end of file +Documentation/RelNotes/2.6.7.txt \ No newline at end of file -- cgit v0.10.2-6-g49f6 From c8dd1e3bb1152844983558802a52c9e4c17652b4 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 13:03:40 +0900 Subject: Git 2.7.5 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.7.5.txt b/Documentation/RelNotes/2.7.5.txt new file mode 100644 index 0000000..83559ce --- /dev/null +++ b/Documentation/RelNotes/2.7.5.txt @@ -0,0 +1,14 @@ +Git v2.7.5 Release Notes +======================== + +Fixes since v2.7.4 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). + +Also contains a few fixes backported from later development tracks. diff --git a/Documentation/git.txt b/Documentation/git.txt index 4b324c8..bf9b6c8 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,11 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.7.3/git.html[documentation for release 2.7.3] +* link:v2.7.5/git.html[documentation for release 2.7.5] * release notes for + link:RelNotes/2.7.5.txt[2.7.5], + link:RelNotes/2.7.4.txt[2.7.4], link:RelNotes/2.7.3.txt[2.7.3], link:RelNotes/2.7.2.txt[2.7.2], link:RelNotes/2.7.1.txt[2.7.1], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 0305065..c80681e 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.7.4 +DEF_VER=v2.7.5 LF=' ' diff --git a/RelNotes b/RelNotes index c66ca68..1609b5a 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.7.4.txt \ No newline at end of file +Documentation/RelNotes/2.7.5.txt \ No newline at end of file -- cgit v0.10.2-6-g49f6 From cd0887327544ecdc8778e16219aec3f43b0dd682 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 13:08:54 +0900 Subject: Git 2.8.5 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.8.5.txt b/Documentation/RelNotes/2.8.5.txt new file mode 100644 index 0000000..7bd179f --- /dev/null +++ b/Documentation/RelNotes/2.8.5.txt @@ -0,0 +1,12 @@ +Git v2.8.5 Release Notes +======================== + +Fixes since v2.8.4 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/git.txt b/Documentation/git.txt index 2cfad87..8fdb0c8 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,10 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.8.4/git.html[documentation for release 2.8.4] +* link:v2.8.5/git.html[documentation for release 2.8.5] * release notes for + link:RelNotes/2.8.5.txt[2.8.5], link:RelNotes/2.8.4.txt[2.8.4], link:RelNotes/2.8.3.txt[2.8.3], link:RelNotes/2.8.2.txt[2.8.2], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index ba8b8cf..253c632 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.8.4 +DEF_VER=v2.8.5 LF=' ' diff --git a/RelNotes b/RelNotes index 58fee1e..c395dd8 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.8.4.txt \ No newline at end of file +Documentation/RelNotes/2.8.5.txt \ No newline at end of file -- cgit v0.10.2-6-g49f6 From d61226c1118f749280c050555d83560ca0f3bf71 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 13:18:23 +0900 Subject: Git 2.9.4 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.9.4.txt b/Documentation/RelNotes/2.9.4.txt index 01e8642..9768293 100644 --- a/Documentation/RelNotes/2.9.4.txt +++ b/Documentation/RelNotes/2.9.4.txt @@ -80,4 +80,11 @@ Fixes since v2.9.3 the file descriptor still open. Open tempfile with O_CLOEXEC flag to avoid this (on Windows, this is mapped to O_NOINHERIT). + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). + Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/git.txt b/Documentation/git.txt index cfe4570..80da7b7 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,11 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.9.3/git.html[documentation for release 2.9.3] + +* link:v2.9.4/git.html[documentation for release 2.9.4] * release notes for + link:RelNotes/2.9.4.txt[2.9.4], link:RelNotes/2.9.3.txt[2.9.3], link:RelNotes/2.9.2.txt[2.9.2], link:RelNotes/2.9.1.txt[2.9.1], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 0011c3f..f0c6bb0 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.9.3 +DEF_VER=v2.9.4 LF=' ' -- cgit v0.10.2-6-g49f6 From 840ed141983718e0c5518a325534a5656797132a Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 13:24:10 +0900 Subject: Git 2.10.3 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.10.3.txt b/Documentation/RelNotes/2.10.3.txt index 277a2a1..ad6a01b 100644 --- a/Documentation/RelNotes/2.10.3.txt +++ b/Documentation/RelNotes/2.10.3.txt @@ -45,4 +45,11 @@ Fixes since v2.10.2 * Improve the rule to convert "unsigned char [20]" into "struct object_id *" in contrib/coccinelle/ + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). + Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/git.txt b/Documentation/git.txt index 3cb55cd..89157e2 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,10 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.10.2/git.html[documentation for release 2.10.2] +* link:v2.10.3/git.html[documentation for release 2.10.3] * release notes for + link:RelNotes/2.10.3.txt[2.10.3], link:RelNotes/2.10.2.txt[2.10.2], link:RelNotes/2.10.1.txt[2.10.1], link:RelNotes/2.10.0.txt[2.10]. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 153c17c..40700d5 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.10.2 +DEF_VER=v2.10.3 LF=' ' -- cgit v0.10.2-6-g49f6 From 773e3a2e0226cffac6c813c2d3bea5ba480675d8 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 13:29:43 +0900 Subject: Git 2.11.2 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.11.2.txt b/Documentation/RelNotes/2.11.2.txt new file mode 100644 index 0000000..7428851 --- /dev/null +++ b/Documentation/RelNotes/2.11.2.txt @@ -0,0 +1,12 @@ +Git v2.11.2 Release Notes +========================= + +Fixes since v2.11.1 +------------------- + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/git.txt b/Documentation/git.txt index 2a663e5..cc21536 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -44,9 +44,10 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.11.1/git.html[documentation for release 2.11.1] +* link:v2.11.2/git.html[documentation for release 2.11.2] * release notes for + link:RelNotes/2.11.2.txt[2.11.2], link:RelNotes/2.11.1.txt[2.11.1], link:RelNotes/2.11.0.txt[2.11]. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 706946c..d207f15 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.11.1 +DEF_VER=v2.11.2 LF=' ' diff --git a/RelNotes b/RelNotes index 7f250dd..9f01cfb 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes/2.11.1.txt \ No newline at end of file +Documentation/RelNotes/2.11.2.txt \ No newline at end of file -- cgit v0.10.2-6-g49f6 From 95d67879735cfecfdd85f89e59d993c5b4de8835 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 5 May 2017 13:33:22 +0900 Subject: Git 2.12.3 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes/2.12.3.txt b/Documentation/RelNotes/2.12.3.txt index 73ce7da..ebca846 100644 --- a/Documentation/RelNotes/2.12.3.txt +++ b/Documentation/RelNotes/2.12.3.txt @@ -54,4 +54,11 @@ Fixes since v2.12.2 turn revealed incorrect expectations the tests make. These tests have been updated. + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). + Also contains various documentation updates and code clean-ups. diff --git a/Documentation/git.txt b/Documentation/git.txt index f40d6c4..a52b155 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -44,11 +44,12 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.12.2/git.html[documentation for release 2.12.2] +* link:v2.12.3/git.html[documentation for release 2.12.3] * release notes for - link:RelNotes/2.12.2.txt[2.12.2]. - link:RelNotes/2.12.1.txt[2.12.1]. + link:RelNotes/2.12.3.txt[2.12.3], + link:RelNotes/2.12.2.txt[2.12.2], + link:RelNotes/2.12.1.txt[2.12.1], link:RelNotes/2.12.0.txt[2.12]. * link:v2.11.1/git.html[documentation for release 2.11.1] diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index e83f591..6cf4ab6 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.12.2 +DEF_VER=v2.12.3 LF=' ' -- cgit v0.10.2-6-g49f6