Hello community, here is the log from the commit of package git for openSUSE:Factory checked in at 2014-12-23 11:50:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/git (Old) and /work/SRC/openSUSE:Factory/.git.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "git" Changes: -------- --- /work/SRC/openSUSE:Factory/git/git.changes 2014-12-05 21:07:38.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.git.new/git.changes 2014-12-23 11:48:32.000000000 +0100 @@ -1,0 +2,10 @@ +Fri Dec 19 14:01:18 UTC 2014 - [email protected] + +- git 2.2.1 + Fixes arbitrary command execution vulnerability on case- + insensitive file systems. [boo#910756] [CVE-2014-9390] + This is not a usual case on GNU/Linux, but this update prevents + such commits to propagate to third parties (Windows, OS X) that + may be vulnerable. + +------------------------------------------------------------------- Old: ---- git-2.2.0.tar.xz New: ---- git-2.2.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ git.spec ++++++ --- /var/tmp/diff_new_pack.1jRHDy/_old 2014-12-23 11:48:34.000000000 +0100 +++ /var/tmp/diff_new_pack.1jRHDy/_new 2014-12-23 11:48:34.000000000 +0100 @@ -26,7 +26,7 @@ %endif Name: git -Version: 2.2.0 +Version: 2.2.1 Release: 0 Summary: Fast, scalable, distributed revision control system License: GPL-2.0 ++++++ git-2.2.0.tar.xz -> git-2.2.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/Documentation/RelNotes/1.8.5.6.txt new/git-2.2.1/Documentation/RelNotes/1.8.5.6.txt --- old/git-2.2.0/Documentation/RelNotes/1.8.5.6.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.2.1/Documentation/RelNotes/1.8.5.6.txt 2014-12-18 19:45:50.000000000 +0100 @@ -0,0 +1,34 @@ +Git v1.8.5.6 Release Notes +========================== + +Fixes since v1.8.5.5 +-------------------- + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/Documentation/RelNotes/1.9.5.txt new/git-2.2.1/Documentation/RelNotes/1.9.5.txt --- old/git-2.2.0/Documentation/RelNotes/1.9.5.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.2.1/Documentation/RelNotes/1.9.5.txt 2014-12-18 19:45:50.000000000 +0100 @@ -0,0 +1,34 @@ +Git v1.9.5 Release Notes +======================== + +Fixes since v1.9.4 +------------------ + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/Documentation/RelNotes/2.0.5.txt new/git-2.2.1/Documentation/RelNotes/2.0.5.txt --- old/git-2.2.0/Documentation/RelNotes/2.0.5.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.2.1/Documentation/RelNotes/2.0.5.txt 2014-12-18 19:45:50.000000000 +0100 @@ -0,0 +1,34 @@ +Git v2.0.5 Release Notes +======================== + +Fixes since v2.0.4 +------------------ + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/Documentation/RelNotes/2.1.4.txt new/git-2.2.1/Documentation/RelNotes/2.1.4.txt --- old/git-2.2.0/Documentation/RelNotes/2.1.4.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.2.1/Documentation/RelNotes/2.1.4.txt 2014-12-18 19:45:50.000000000 +0100 @@ -0,0 +1,34 @@ +Git v2.1.4 Release Notes +======================== + +Fixes since v2.1.3 +------------------ + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/Documentation/RelNotes/2.2.1.txt new/git-2.2.1/Documentation/RelNotes/2.2.1.txt --- old/git-2.2.0/Documentation/RelNotes/2.2.1.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.2.1/Documentation/RelNotes/2.2.1.txt 2014-12-18 19:45:50.000000000 +0100 @@ -0,0 +1,34 @@ +Git v2.2.1 Release Notes +======================== + +Fixes since v2.2 +---------------- + + * We used to allow committing a path ".Git/config" with Git that is + running on a case sensitive filesystem, but an attempt to check out + such a path with Git that runs on a case insensitive filesystem + would have clobbered ".git/config", which is definitely not what + the user would have expected. Git now prevents you from tracking + a path with ".Git" (in any case combination) as a path component. + + * On Windows, certain path components that are different from ".git" + are mapped to ".git", e.g. "git~1/config" is treated as if it were + ".git/config". HFS+ has a similar issue, where certain unicode + codepoints are ignored, e.g. ".g\u200cit/config" is treated as if + it were ".git/config". Pathnames with these potential issues are + rejected on the affected systems. Git on systems that are not + affected by this issue (e.g. Linux) can also be configured to + reject them to ensure cross platform interoperability of the hosted + projects. + + * "git fsck" notices a tree object that records such a path that can + be confused with ".git", and with receive.fsckObjects configuration + set to true, an attempt to "git push" such a tree object will be + rejected. Such a path may not be a problem on a well behaving + filesystem but in order to protect those on HFS+ and on case + insensitive filesystems, this check is enabled on all platforms. + +A big "thanks!" for bringing this issue to us goes to our friends in +the Mercurial land, namely, Matt Mackall and Augie Fackler. + +Also contains typofixes, documentation updates and trivial code clean-ups. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/Documentation/config.txt new/git-2.2.1/Documentation/config.txt --- old/git-2.2.0/Documentation/config.txt 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/Documentation/config.txt 2014-12-18 19:45:50.000000000 +0100 @@ -246,6 +246,17 @@ When false, file names are handled fully transparent by Git, which is backward compatible with older versions of Git. +core.protectHFS:: + If set to true, do not allow checkout of paths that would + be considered equivalent to `.git` on an HFS+ filesystem. + Defaults to `true` on Mac OS, and `false` elsewhere. + +core.protectNTFS:: + If set to true, do not allow checkout of paths that would + cause problems with the NTFS filesystem, e.g. conflict with + 8.3 "short" names. + Defaults to `true` on Windows, and `false` elsewhere. + core.trustctime:: If false, the ctime differences between the index and the working tree are ignored; useful when the inode change time diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/Documentation/git.txt new/git-2.2.1/Documentation/git.txt --- old/git-2.2.0/Documentation/git.txt 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/Documentation/git.txt 2014-12-18 19:45:50.000000000 +0100 @@ -43,40 +43,45 @@ branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.2.0/git.html[documentation for release 2.2] +* link:v2.2.1/git.html[documentation for release 2.2.1] * release notes for + link:RelNotes/2.2.1.txt[2.2.1], link:RelNotes/2.2.0.txt[2.2]. -* link:v2.1.3/git.html[documentation for release 2.1.3] +* link:v2.1.4/git.html[documentation for release 2.1.4] * release notes for + link:RelNotes/2.1.4.txt[2.1.4], link:RelNotes/2.1.3.txt[2.1.3], link:RelNotes/2.1.2.txt[2.1.2], link:RelNotes/2.1.1.txt[2.1.1], link:RelNotes/2.1.0.txt[2.1]. -* link:v2.0.4/git.html[documentation for release 2.0.4] +* link:v2.0.5/git.html[documentation for release 2.0.5] * release notes for + link:RelNotes/2.0.5.txt[2.0.5], link:RelNotes/2.0.4.txt[2.0.4], link:RelNotes/2.0.3.txt[2.0.3], link:RelNotes/2.0.2.txt[2.0.2], link:RelNotes/2.0.1.txt[2.0.1], link:RelNotes/2.0.0.txt[2.0.0]. -* link:v1.9.4/git.html[documentation for release 1.9.4] +* link:v1.9.5/git.html[documentation for release 1.9.5] * release notes for + link:RelNotes/1.9.5.txt[1.9.5], link:RelNotes/1.9.4.txt[1.9.4], link:RelNotes/1.9.3.txt[1.9.3], link:RelNotes/1.9.2.txt[1.9.2], link:RelNotes/1.9.1.txt[1.9.1], link:RelNotes/1.9.0.txt[1.9.0]. -* link:v1.8.5.5/git.html[documentation for release 1.8.5.5] +* link:v1.8.5.6/git.html[documentation for release 1.8.5.6] * release notes for + link:RelNotes/1.8.5.6.txt[1.8.5.6], link:RelNotes/1.8.5.5.txt[1.8.5.5], link:RelNotes/1.8.5.4.txt[1.8.5.4], link:RelNotes/1.8.5.3.txt[1.8.5.3], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/GIT-VERSION-GEN new/git-2.2.1/GIT-VERSION-GEN --- old/git-2.2.0/GIT-VERSION-GEN 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/GIT-VERSION-GEN 2014-12-18 19:45:50.000000000 +0100 @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.2.0 +DEF_VER=v2.2.1 LF=' ' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/RelNotes new/git-2.2.1/RelNotes --- old/git-2.2.0/RelNotes 2014-12-23 11:48:35.000000000 +0100 +++ new/git-2.2.1/RelNotes 2014-12-23 11:48:35.000000000 +0100 @@ -1 +1 @@ -symbolic link to Documentation/RelNotes/2.2.0.txt +symbolic link to Documentation/RelNotes/2.2.1.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/cache.h new/git-2.2.1/cache.h --- old/git-2.2.0/cache.h 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/cache.h 2014-12-18 19:45:50.000000000 +0100 @@ -617,6 +617,8 @@ extern int core_preload_index; extern int core_apply_sparse_checkout; extern int precomposed_unicode; +extern int protect_hfs; +extern int protect_ntfs; /* * The character that begins a commented line in user-editable file @@ -831,6 +833,7 @@ int longest_ancestor_length(const char *path, struct string_list *prefixes); char *strip_path_suffix(const char *path, const char *suffix); int daemon_avoid_alias(const char *path); +extern int is_ntfs_dotgit(const char *name); /* object replacement */ #define LOOKUP_REPLACE_OBJECT 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/config.c new/git-2.2.1/config.c --- old/git-2.2.0/config.c 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/config.c 2014-12-18 19:45:50.000000000 +0100 @@ -896,6 +896,16 @@ return 0; } + if (!strcmp(var, "core.protecthfs")) { + protect_hfs = git_config_bool(var, value); + return 0; + } + + if (!strcmp(var, "core.protectntfs")) { + protect_ntfs = git_config_bool(var, value); + return 0; + } + /* Add other config variables here and to Documentation/config.txt. */ return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/config.mak.uname new/git-2.2.1/config.mak.uname --- old/git-2.2.0/config.mak.uname 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/config.mak.uname 2014-12-18 19:45:50.000000000 +0100 @@ -105,6 +105,7 @@ HAVE_DEV_TTY = YesPlease COMPAT_OBJS += compat/precompose_utf8.o BASIC_CFLAGS += -DPRECOMPOSE_UNICODE + BASIC_CFLAGS += -DPROTECT_HFS_DEFAULT=1 endif ifeq ($(uname_S),SunOS) NEEDS_SOCKET = YesPlease @@ -373,6 +374,7 @@ EXTLIBS = user32.lib advapi32.lib shell32.lib wininet.lib ws2_32.lib invalidcontinue.obj PTHREAD_LIBS = lib = + BASIC_CFLAGS += -DPROTECT_NTFS_DEFAULT=1 ifndef DEBUG BASIC_CFLAGS += -GL -Os -MD BASIC_LDFLAGS += -LTCG @@ -514,6 +516,7 @@ COMPAT_OBJS += compat/mingw.o compat/winansi.o \ compat/win32/pthread.o compat/win32/syslog.o \ compat/win32/dirent.o + BASIC_CFLAGS += -DPROTECT_NTFS_DEFAULT=1 BASIC_LDFLAGS += -Wl,--large-address-aware EXTLIBS += -lws2_32 GITLIBS += git.res diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/configure new/git-2.2.1/configure --- old/git-2.2.0/configure 2014-11-26 23:39:04.000000000 +0100 +++ new/git-2.2.1/configure 2014-12-18 19:45:50.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for git 2.2.0. +# Generated by GNU Autoconf 2.69 for git 2.2.1. # # Report bugs to <[email protected]>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='git' PACKAGE_TARNAME='git' -PACKAGE_VERSION='2.2.0' -PACKAGE_STRING='git 2.2.0' +PACKAGE_VERSION='2.2.1' +PACKAGE_STRING='git 2.2.1' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1251,7 +1251,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures git 2.2.0 to adapt to many kinds of systems. +\`configure' configures git 2.2.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1312,7 +1312,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of git 2.2.0:";; + short | recursive ) echo "Configuration of git 2.2.1:";; esac cat <<\_ACEOF @@ -1451,7 +1451,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -git configure 2.2.0 +git configure 2.2.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1931,7 +1931,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by git $as_me 2.2.0, which was +It was created by git $as_me 2.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -7822,7 +7822,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by git $as_me 2.2.0, which was +This file was extended by git $as_me 2.2.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7879,7 +7879,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -git config.status 2.2.0 +git config.status 2.2.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/environment.c new/git-2.2.1/environment.c --- old/git-2.2.0/environment.c 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/environment.c 2014-12-18 19:45:50.000000000 +0100 @@ -64,6 +64,16 @@ struct startup_info *startup_info; unsigned long pack_size_limit_cfg; +#ifndef PROTECT_HFS_DEFAULT +#define PROTECT_HFS_DEFAULT 0 +#endif +int protect_hfs = PROTECT_HFS_DEFAULT; + +#ifndef PROTECT_NTFS_DEFAULT +#define PROTECT_NTFS_DEFAULT 0 +#endif +int protect_ntfs = PROTECT_NTFS_DEFAULT; + /* * The character that begins a commented line in user-editable file * that is subject to stripspace. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/fsck.c new/git-2.2.1/fsck.c --- old/git-2.2.0/fsck.c 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/fsck.c 2014-12-18 19:45:50.000000000 +0100 @@ -7,6 +7,7 @@ #include "tag.h" #include "fsck.h" #include "refs.h" +#include "utf8.h" static int fsck_walk_tree(struct tree *tree, fsck_walk_func walk, void *data) { @@ -171,7 +172,9 @@ has_empty_name |= !*name; has_dot |= !strcmp(name, "."); has_dotdot |= !strcmp(name, ".."); - has_dotgit |= !strcmp(name, ".git"); + has_dotgit |= (!strcmp(name, ".git") || + is_hfs_dotgit(name) || + is_ntfs_dotgit(name)); has_zero_pad |= *(char *)desc.buffer == '0'; update_tree_entry(&desc); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/git.spec new/git-2.2.1/git.spec --- old/git-2.2.0/git.spec 2014-11-26 23:39:04.000000000 +0100 +++ new/git-2.2.1/git.spec 2014-12-18 19:45:50.000000000 +0100 @@ -1,7 +1,7 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 2.2.0 +Version: 2.2.1 Release: 1%{?dist} Summary: Core git tools License: GPL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/path.c new/git-2.2.1/path.c --- old/git-2.2.0/path.c 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/path.c 2014-12-18 19:45:50.000000000 +0100 @@ -823,3 +823,36 @@ } } } + +static int only_spaces_and_periods(const char *path, size_t len, size_t skip) +{ + if (len < skip) + return 0; + len -= skip; + path += skip; + while (len-- > 0) { + char c = *(path++); + if (c != ' ' && c != '.') + return 0; + } + return 1; +} + +int is_ntfs_dotgit(const char *name) +{ + int len; + + for (len = 0; ; len++) + if (!name[len] || name[len] == '\\' || is_dir_sep(name[len])) { + if (only_spaces_and_periods(name, len, 4) && + !strncasecmp(name, ".git", 4)) + return 1; + if (only_spaces_and_periods(name, len, 5) && + !strncasecmp(name, "git~1", 5)) + return 1; + if (name[len] != '\\') + return 0; + name += len + 1; + len = -1; + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/po/de.po new/git-2.2.1/po/de.po --- old/git-2.2.0/po/de.po 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/po/de.po 2014-12-18 19:45:50.000000000 +0100 @@ -644,11 +644,11 @@ #: lockfile.c:275 msgid "BUG: reopen a lockfile that is still open" -msgstr "FEHLER: Wiedereröffnen einer bereits geöffneten Lock-Datei" +msgstr "FEHLER: Wiederöffnen einer bereits geöffneten Lock-Datei" #: lockfile.c:277 msgid "BUG: reopen a lockfile that has been committed" -msgstr "FEHLER: Wiedereröffnen einer bereits committeten Lock-Datei" +msgstr "FEHLER: Wiederöffnen einer bereits committeten Lock-Datei" #: merge.c:41 msgid "failed to read the cache" @@ -1956,7 +1956,7 @@ #: wt-status.c:1370 msgid " (use -u option to show untracked files)" -msgstr " (benutzen Sie die Option -u, um unbeobachteten Dateien anzuzeigen)" +msgstr " (benutzen Sie die Option -u, um unbeobachtete Dateien anzuzeigen)" #: wt-status.c:1376 msgid "No changes" @@ -2810,7 +2810,7 @@ #: builtin/blame.c:2518 msgid "Use <file>'s contents as the final image" -msgstr "Inhalte der <Datei>en als entgültiges Abbild benutzen" +msgstr "Inhalte der <Datei>en als endgültiges Abbild benutzen" #: builtin/blame.c:2519 builtin/blame.c:2520 msgid "score" @@ -3078,7 +3078,7 @@ #: builtin/branch.c:823 msgid "use colored output" -msgstr "farbliche Ausgaben verwenden" +msgstr "farbige Ausgaben verwenden" #: builtin/branch.c:824 msgid "act on remote-tracking branches" @@ -5585,7 +5585,7 @@ #: builtin/for-each-ref.c:1078 msgid "quote placeholders suitably for tcl" -msgstr "Platzhalter als TCL-String formatieren" +msgstr "Platzhalter als Tcl-String formatieren" #: builtin/for-each-ref.c:1081 msgid "show only <n> matched refs" @@ -6892,7 +6892,7 @@ #: builtin/ls-files.c:462 msgid "show cached files in the output (default)" -msgstr "zwischengespeicherten Dateien in der Ausgabe anzeigen (Standard)" +msgstr "zwischengespeicherte Dateien in der Ausgabe anzeigen (Standard)" #: builtin/ls-files.c:464 msgid "show deleted files in the output" @@ -8119,7 +8119,7 @@ #: builtin/pack-objects.c:2685 msgid "do not hide commits by grafts" -msgstr "keine künstlichen Vorgänger-Commit (\"grafts\") verbergen" +msgstr "keine künstlichen Vorgänger-Commits (\"grafts\") verbergen" #: builtin/pack-objects.c:2687 msgid "use a bitmap index if available to speed up counting objects" @@ -9695,7 +9695,7 @@ #: builtin/show-branch.c:653 msgid "color '*!+-' corresponding to the branch" -msgstr "'*!+-' entsprechend des Branches einfärgen" +msgstr "'*!+-' entsprechend des Branches einfärben" #: builtin/show-branch.c:655 msgid "show <n> more commits after the common ancestor" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/read-cache.c new/git-2.2.1/read-cache.c --- old/git-2.2.0/read-cache.c 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/read-cache.c 2014-12-18 19:45:50.000000000 +0100 @@ -17,6 +17,7 @@ #include "varint.h" #include "split-index.h" #include "sigchain.h" +#include "utf8.h" static struct cache_entry *refresh_cache_entry(struct cache_entry *ce, unsigned int options); @@ -776,9 +777,10 @@ * shares the path end test with the ".." case. */ case 'g': - if (rest[1] != 'i') + case 'G': + if (rest[1] != 'i' && rest[1] != 'I') break; - if (rest[2] != 't') + if (rest[2] != 't' && rest[2] != 'T') break; rest += 2; /* fallthrough */ @@ -802,6 +804,10 @@ return 1; if (is_dir_sep(c)) { inside: + if (protect_hfs && is_hfs_dotgit(path)) + return 0; + if (protect_ntfs && is_ntfs_dotgit(path)) + return 0; c = *path++; if ((c == '.' && !verify_dotfile(path)) || is_dir_sep(c) || c == '\0') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/t/t1014-read-tree-confusing.sh new/git-2.2.1/t/t1014-read-tree-confusing.sh --- old/git-2.2.0/t/t1014-read-tree-confusing.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.2.1/t/t1014-read-tree-confusing.sh 2014-12-18 19:45:50.000000000 +0100 @@ -0,0 +1,62 @@ +#!/bin/sh + +test_description='check that read-tree rejects confusing paths' +. ./test-lib.sh + +test_expect_success 'create base tree' ' + echo content >file && + git add file && + git commit -m base && + blob=$(git rev-parse HEAD:file) && + tree=$(git rev-parse HEAD^{tree}) +' + +test_expect_success 'enable core.protectHFS for rejection tests' ' + git config core.protectHFS true +' + +test_expect_success 'enable core.protectNTFS for rejection tests' ' + git config core.protectNTFS true +' + +while read path pretty; do + : ${pretty:=$path} + case "$path" in + *SPACE) + path="${path%SPACE} " + ;; + esac + test_expect_success "reject $pretty at end of path" ' + printf "100644 blob %s\t%s" "$blob" "$path" >tree && + bogus=$(git mktree <tree) && + test_must_fail git read-tree $bogus + ' + + test_expect_success "reject $pretty as subtree" ' + printf "040000 tree %s\t%s" "$tree" "$path" >tree && + bogus=$(git mktree <tree) && + test_must_fail git read-tree $bogus + ' +done <<-EOF +. +.. +.git +.GIT +${u200c}.Git {u200c}.Git +.gI${u200c}T .gI{u200c}T +.GiT${u200c} .GiT{u200c} +git~1 +.git.SPACE .git.{space} +.\\\\.GIT\\\\foobar backslashes +.git\\\\foobar backslashes2 +EOF + +test_expect_success 'utf-8 paths allowed with core.protectHFS off' ' + test_when_finished "git read-tree HEAD" && + test_config core.protectHFS false && + printf "100644 blob %s\t%s" "$blob" ".gi${u200c}t" >tree && + ok=$(git mktree <tree) && + git read-tree $ok +' + +test_done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/t/t1450-fsck.sh new/git-2.2.1/t/t1450-fsck.sh --- old/git-2.2.0/t/t1450-fsck.sh 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/t/t1450-fsck.sh 2014-12-18 19:45:50.000000000 +0100 @@ -309,36 +309,41 @@ ) ' -test_expect_success 'fsck notices "." and ".." in trees' ' - ( - git init dots && - cd dots && - blob=$(echo foo | git hash-object -w --stdin) && - tab=$(printf "\\t") && - git mktree <<-EOF && - 100644 blob $blob$tab. - 100644 blob $blob$tab.. - EOF - git fsck 2>out && - cat out && - grep "warning.*\\." out - ) -' - -test_expect_success 'fsck notices ".git" in trees' ' - ( - git init dotgit && - cd dotgit && - blob=$(echo foo | git hash-object -w --stdin) && - tab=$(printf "\\t") && - git mktree <<-EOF && - 100644 blob $blob$tab.git - EOF - git fsck 2>out && - cat out && - grep "warning.*\\.git" out - ) -' +while read name path pretty; do + while read mode type; do + : ${pretty:=$path} + test_expect_success "fsck notices $pretty as $type" ' + ( + git init $name-$type && + cd $name-$type && + echo content >file && + git add file && + git commit -m base && + blob=$(git rev-parse :file) && + tree=$(git rev-parse HEAD^{tree}) && + value=$(eval "echo \$$type") && + printf "$mode $type %s\t%s" "$value" "$path" >bad && + bad_tree=$(git mktree <bad) && + git fsck 2>out && + cat out && + grep "warning.*tree $bad_tree" out + )' + done <<-\EOF + 100644 blob + 040000 tree + EOF +done <<-EOF +dot . +dotdot .. +dotgit .git +dotgit-case .GIT +dotgit-unicode .gI${u200c}T .gI{u200c}T +dotgit-case2 .Git +git-tilde1 git~1 +dotgitdot .git. +dot-backslash-case .\\\\.GIT\\\\foobar +dotgit-case-backslash .git\\\\foobar +EOF # create a static test repo which is broken by omitting # one particular object ($1, which is looked up via rev-parse diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/t/test-lib.sh new/git-2.2.1/t/test-lib.sh --- old/git-2.2.0/t/test-lib.sh 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/t/test-lib.sh 2014-12-18 19:45:50.000000000 +0100 @@ -169,7 +169,11 @@ LF=' ' -export _x05 _x40 _z40 LF +# UTF-8 ZERO WIDTH NON-JOINER, which HFS+ ignores +# when case-folding filenames +u200c=$(printf '\342\200\214') + +export _x05 _x40 _z40 LF u200c # Each test should start with something like this, after copyright notices: # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/unpack-trees.c new/git-2.2.1/unpack-trees.c --- old/git-2.2.0/unpack-trees.c 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/unpack-trees.c 2014-12-18 19:45:50.000000000 +0100 @@ -98,7 +98,7 @@ opts->unpack_rejects[i].strdup_strings = 1; } -static void do_add_entry(struct unpack_trees_options *o, struct cache_entry *ce, +static int do_add_entry(struct unpack_trees_options *o, struct cache_entry *ce, unsigned int set, unsigned int clear) { clear |= CE_HASHED; @@ -107,8 +107,8 @@ set |= CE_WT_REMOVE; ce->ce_flags = (ce->ce_flags & ~clear) | set; - add_index_entry(&o->result, ce, - ADD_CACHE_OK_TO_ADD | ADD_CACHE_OK_TO_REPLACE); + return add_index_entry(&o->result, ce, + ADD_CACHE_OK_TO_ADD | ADD_CACHE_OK_TO_REPLACE); } static struct cache_entry *dup_entry(const struct cache_entry *ce) @@ -609,7 +609,9 @@ for (i = 0; i < n; i++) if (src[i] && src[i] != o->df_conflict_entry) - do_add_entry(o, src[i], 0, 0); + if (do_add_entry(o, src[i], 0, 0)) + return -1; + return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/utf8.c new/git-2.2.1/utf8.c --- old/git-2.2.0/utf8.c 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/utf8.c 2014-12-18 19:45:50.000000000 +0100 @@ -561,3 +561,67 @@ return chrlen; } + +/* + * Pick the next char from the stream, folding as an HFS+ filename comparison + * would. Note that this is _not_ complete by any means. It's just enough + * to make is_hfs_dotgit() work, and should not be used otherwise. + */ +static ucs_char_t next_hfs_char(const char **in) +{ + while (1) { + ucs_char_t out = pick_one_utf8_char(in, NULL); + /* + * check for malformed utf8. Technically this + * gets converted to a percent-sequence, but + * returning 0 is good enough for is_hfs_dotgit + * to realize it cannot be .git + */ + if (!*in) + return 0; + + /* these code points are ignored completely */ + switch (out) { + case 0x200c: /* ZERO WIDTH NON-JOINER */ + case 0x200d: /* ZERO WIDTH JOINER */ + case 0x200e: /* LEFT-TO-RIGHT MARK */ + case 0x200f: /* RIGHT-TO-LEFT MARK */ + case 0x202a: /* LEFT-TO-RIGHT EMBEDDING */ + case 0x202b: /* RIGHT-TO-LEFT EMBEDDING */ + case 0x202c: /* POP DIRECTIONAL FORMATTING */ + case 0x202d: /* LEFT-TO-RIGHT OVERRIDE */ + case 0x202e: /* RIGHT-TO-LEFT OVERRIDE */ + case 0x206a: /* INHIBIT SYMMETRIC SWAPPING */ + case 0x206b: /* ACTIVATE SYMMETRIC SWAPPING */ + case 0x206c: /* INHIBIT ARABIC FORM SHAPING */ + case 0x206d: /* ACTIVATE ARABIC FORM SHAPING */ + case 0x206e: /* NATIONAL DIGIT SHAPES */ + case 0x206f: /* NOMINAL DIGIT SHAPES */ + case 0xfeff: /* ZERO WIDTH NO-BREAK SPACE */ + continue; + } + + /* + * there's a great deal of other case-folding that occurs, + * but this is enough to catch anything that will convert + * to ".git" + */ + return tolower(out); + } +} + +int is_hfs_dotgit(const char *path) +{ + ucs_char_t c; + + if (next_hfs_char(&path) != '.' || + next_hfs_char(&path) != 'g' || + next_hfs_char(&path) != 'i' || + next_hfs_char(&path) != 't') + return 0; + c = next_hfs_char(&path); + if (c && !is_dir_sep(c)) + return 0; + + return 1; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/utf8.h new/git-2.2.1/utf8.h --- old/git-2.2.0/utf8.h 2014-11-26 23:39:03.000000000 +0100 +++ new/git-2.2.1/utf8.h 2014-12-18 19:45:50.000000000 +0100 @@ -42,4 +42,12 @@ int mbs_chrlen(const char **text, size_t *remainder_p, const char *encoding); +/* + * Returns true if the the path would match ".git" after HFS case-folding. + * The path should be NUL-terminated, but we will match variants of both ".git\0" + * and ".git/..." (but _not_ ".../.git"). This makes it suitable for both fsck + * and verify_path(). + */ +int is_hfs_dotgit(const char *path); + #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.2.0/version new/git-2.2.1/version --- old/git-2.2.0/version 2014-11-26 23:39:04.000000000 +0100 +++ new/git-2.2.1/version 2014-12-18 19:45:50.000000000 +0100 @@ -1 +1 @@ -2.2.0 +2.2.1 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
