On Thu, Feb 23, 2017 at 10:08:57PM -0800, Junio C Hamano wrote:
> Anyway, here is an updated one (the part of the patch to t/ is not
> shown as it is unchanged).
>
> -- >8 --
> Subject: [PATCH] config: use git_config_parse_key() in
> git_config_parse_parameter()
Looks good. Nice and simple.
-P
Jeff King writes:
>> Backtracking will not fundamentally "fix" parsing of
>>
>> a.b=c=.d
>>
>> between twhse two
>>
>> [a "b="] c = ".d"
>> [a] b = "c=.d"
>>
>> unfortunately, I think. I do not think it is worth doing the "best
>> effort" with erroring out when ambiguous,
On Thu, Feb 23, 2017 at 08:17:44PM -0800, Junio C Hamano wrote:
> > Hmm. I suspect one cannot do:
> >
> > git -c 'section.subsection with an = in it.key=foo' ...
> >
> > Definitely not a new problem, nor something that should block your
> > patch. But if we want to fix it, I suspect the problem
On Thu, Feb 23, 2017 at 08:11:11PM -0800, Junio C Hamano wrote:
> > So I dunno. I could really go either way on it. Feel free to drop it, or
> > even move it into a separate topic to be cooked longer.
>
> If it were 5 years ago, it would have been different, but I do not
> think cooking it longer
Jeff King writes:
>> pair = strbuf_split_str(text, '=', 2);
>> if (!pair[0])
>
> Hmm. I suspect one cannot do:
>
> git -c 'section.subsection with an = in it.key=foo' ...
>
> Definitely not a new problem, nor something that should block your
> patch. But if we want to fix it, I suspec
Jeff King writes:
> Keep in mind this _only_ affects Git's config variables. So a script
> feeding git via GIT_AUTHOR_NAME, etc, shouldn't change at all with this
> code.
Ah, that changes the equation somewhat ;-)
> So I dunno. I could really go either way on it. Feel free to drop it, or
> even
On 23/02/17 22:57, Stefan Beller wrote:
> Signed-off-by: Stefan Beller
> ---
> Documentation/git-checkout.txt | 7 +++
> builtin/checkout.c | 28
> t/lib-submodule-update.sh | 33 -
> t/t2013-checkout-submodule.s
On 23/02/17 22:57, Stefan Beller wrote:
> In later patches we introduce the options and flag for commands
> that modify the working directory, e.g. git-checkout.
>
> This piece of code will be used universally for
> all these working tree modifications as it
> * supports dry run to answer the qu
On Thu, Feb 23, 2017 at 3:47 PM, Brandon Williams wrote:
> There are a lot of places where an explicit check for
> submodule."".url is done to see if a submodule exists. In order
> to more easily facilitate the use of the submodule.active config option
> to indicate active submodules, add a helpe
On Thu, Feb 23, 2017 at 12:58:39PM -0800, Junio C Hamano wrote:
> Jeff King writes:
>
> > This one is perhaps questionable. Maybe somebody is relying on setting a
> > per-repo user.name to override a ~/.gitconfig value and enforce
> > auto-detection?
>
> Thanks for splitting this step out. 1/4
On Thu, Feb 23, 2017 at 3:47 PM, Brandon Williams wrote:
> @@ -795,14 +794,11 @@ static int prepare_to_clone_next_submodule(const struct
> cache_entry *ce,
> }
>
> /*
> -* Looking up the url in .git/config.
> +* Check if the submodule has been initialized.
>
On Thu, Feb 23, 2017 at 03:19:58PM -0800, Junio C Hamano wrote:
> > But you are right. config-parse-key does have the simpler string
> > that can just be given to the canonicalize thing and we should be
> > able to reuse it.
>
> Actually, I think we can just use the existing config_parse_key()
>
On Thu, Feb 23, 2017 at 03:03:58PM -0800, Jonathan Tan wrote:
> If a server sets allowtipsha1inwant (or allowreachablesha1inwant), a
> client can call "git fetch " where SHA-1 is the hash of
> a blob (reachable or unreachable) to obtain it. The test below (which
> passes) demonstrates that.
Than
Junio C Hamano writes:
> Jonathan Tan writes:
>
>> Adding "--objects" works, and all existing tests pass, except for the
>> potential performance issue and the side effect that even fetching a
>> reachable blob no longer works. This is due to a possible bug where a
>> call like "git rev-list --o
On Thu, Feb 23, 2017 at 04:12:01PM -0800, Linus Torvalds wrote:
> On Thu, Feb 23, 2017 at 4:01 PM, Jeff King wrote:
> >
> > You know, I didn't even look at the LICENSE file, since it said MIT and
> > had a link here. It would be trivial to copy it over, too, of course.
>
> You should do it. It's
When a submodule is initialized, the config variable 'submodule..url'
is set depending on the value of the same variable in the .gitmodules
file. When the URL indicates to be relative, then the url is computed
relative to its default remote. The default remote cannot be determined
accurately in all
On Thu, Feb 23, 2017 at 4:01 PM, Jeff King wrote:
>
> You know, I didn't even look at the LICENSE file, since it said MIT and
> had a link here. It would be trivial to copy it over, too, of course.
You should do it. It's just good to be careful and clear with
licenses, and the license text does r
On Thu, Feb 23, 2017 at 03:50:00PM -0800, Junio C Hamano wrote:
> Jonathan Tan writes:
>
> > Adding "--objects" works, and all existing tests pass, except for the
> > potential performance issue and the side effect that even fetching a
> > reachable blob no longer works. This is due to a possibl
On Thu, Feb 23, 2017 at 03:15:11PM -0800, Stefan Beller wrote:
> On Thu, Feb 23, 2017 at 3:05 PM, Jeff King wrote:
>
> > +* Copyright 2017 Marc Stevens , Dan Shumow
> > (dan...@microsoft.com)
> > +* Distributed under the MIT Software License.
> > +* See accompanying file LICENSE.txt or copy at
On Thu, Feb 23, 2017 at 3:47 PM, Brandon Williams wrote:
> There are two motivations for decoupling a submodule's existence from the url
> that is stored in .git/config.
>
> 1. Worktrees can't really be used with submodules since the existence is
>checked based on the shared .git/config. This
There are a lot of places where an explicit check for
submodule."".url is done to see if a submodule exists. In order
to more easily facilitate the use of the submodule.active config option
to indicate active submodules, add a helper which can be used to query
if a submodule is active or not.
Sig
Jonathan Tan writes:
> Adding "--objects" works, and all existing tests pass, except for the
> potential performance issue and the side effect that even fetching a
> reachable blob no longer works. This is due to a possible bug where a
> call like "git rev-list --objects $tree ^master" (where $tr
The new switch `--init-active` initializes the submodules which are
configured in `submodule.active` instead of those given as
command line arguments before updating. In the first implementation this
is made incompatible with further command line arguments as it is
unclear what the user means by
Use the 'is_submodule_initialized()' helper to check for configured
submodules instead of manually checking for the submodule's URL in the
config.
Signed-off-by: Brandon Williams
---
builtin/submodule--helper.c | 11 +++
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/built
Currently the submodule..url config option is used to determine
if a given submodule exists and is interesting to the user. This
however doesn't work very well because the URL is a config option for
the scope of a repository, whereas the existence of a submodule is an
option scoped to the working
Signed-off-by: Brandon Williams
---
git-submodule.sh | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/git-submodule.sh b/git-submodule.sh
index 4633a4336..f8adfb179 100755
--- a/git-submodule.sh
+++ b/git-submodule.sh
@@ -1026,14 +1026,13 @@ cmd_status()
do
When submodule.active is configured, in addition to adding
submodule."".url to the config, add the path of the added
submodule if it isn't already covered by the current config values.
Signed-off-by: Brandon Williams
---
git-submodule.sh | 11 +++
t/t7413-submodule-is-activ
There are two motivations for decoupling a submodule's existence from the url
that is stored in .git/config.
1. Worktrees can't really be used with submodules since the existence is
checked based on the shared .git/config. This means that two different
worktress have to have the same initia
Signed-off-by: Brandon Williams
---
contrib/completion/git-completion.bash | 1 +
1 file changed, 1 insertion(+)
diff --git a/contrib/completion/git-completion.bash
b/contrib/completion/git-completion.bash
index 6721ff80f..4e473aa90 100644
--- a/contrib/completion/git-completion.bash
+++ b/cont
The user could have configured the submodule to have a different URL
from the one in the superproject's config. To account for this read
what the submodule has configured for remote.origin.url and use that
instead.
Signed-off-by: Brandon Williams
---
git-submodule.sh | 2 +-
1 file changed, 1 i
The new switch passes the pathspec to `git submodule update
--init-active` which is called after the actual clone is done.
Additionally this configures the submodule.active option to
be the given pathspec, such that any future invocation of
`git submodule update --init-active` will keep up
with th
Signed-off-by: Brandon Williams
---
git-submodule.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/git-submodule.sh b/git-submodule.sh
index 02b85dceb..f35345775 100755
--- a/git-submodule.sh
+++ b/git-submodule.sh
@@ -1127,7 +1127,7 @@ cmd_sync()
;;
On Thu, Feb 23, 2017 at 3:05 PM, Jeff King wrote:
>
> (By the way, I don't see your version on the list, Linus, which probably
> means it was eaten by the 100K filter).
Ahh. I didn't even think about a size filter.
Doesn't matter, your version looks fine.
Linus
Junio C Hamano writes:
> Jeff King writes:
>
>> FWIW, the code looks OK here. It is a shame to duplicate the policy
>> found in git_config_parse_key(), though.
>>
>> I wonder if we could make a master version of that which canonicalizes
>> in-place, and then just wrap it for the git_config_parse
On Thu, Feb 23, 2017 at 3:05 PM, Jeff King wrote:
> +* Copyright 2017 Marc Stevens , Dan Shumow
> (dan...@microsoft.com)
> +* Distributed under the MIT Software License.
> +* See accompanying file LICENSE.txt or copy at
The accompanying LICENSE file did not make it into this patch,
that is more
Signed-off-by: Stefan Beller
---
Documentation/git-checkout.txt | 7 +++
builtin/checkout.c | 28
t/lib-submodule-update.sh | 33 -
t/t2013-checkout-submodule.sh | 5 +
4 files changed, 64 insertions(+), 9 de
Signed-off-by: Stefan Beller
---
read-cache.c | 27 +--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/read-cache.c b/read-cache.c
index 9054369dd0..9a2abacf7a 100644
--- a/read-cache.c
+++ b/read-cache.c
@@ -18,6 +18,8 @@
#include "varint.h"
#include "sp
In later patches we introduce the options and flag for commands
that modify the working directory, e.g. git-checkout.
This piece of code will be used universally for
all these working tree modifications as it
* supports dry run to answer the question:
"Is it safe to change the submodule to this
In a later patch we'll use connect_work_tree_and_git_dir when the
directory for the gitlink file doesn't exist yet. This patch makes
connect_work_tree_and_git_dir safe to use for both cases of
either the git dir or the working dir missing.
To do so, we need to call safe_create_leading_directories[
In later patches we introduce the options and flag for commands
that modify the working directory, e.g. git-checkout.
Have a central place to store such settings whether we want to update
a submodule.
Signed-off-by: Stefan Beller
---
submodule.c | 6 ++
submodule.h | 1 +
2 files changed, 7
This knob lets you use the sha1dc implementation from:
https://github.com/cr-marcstevens/sha1collisiondetection
which can detect certain types of collision attacks (even
when we only see half of the colliding pair).
The big downside is that it's slower than either the openssl
or block-sha1
We can replace system includes with git-compat-util.h (and
should make sure it is included in all .c files). We can
drop includes from headers entirely, as every .c file is
supposed to include git-compat-util itself first.
We also use the full "sha1dc/" path for including related
files. This isn't
Signed-off-by: Stefan Beller
---
unpack-trees.c | 131 +
unpack-trees.h | 1 +
2 files changed, 123 insertions(+), 9 deletions(-)
diff --git a/unpack-trees.c b/unpack-trees.c
index 616a0ae4b2..8333da2cc9 100644
--- a/unpack-trees.c
+++ b/
This is pulled straight from:
https://github.com/cr-marcstevens/sha1collisiondetection
with no modifications yet (though I've pulled in only the
subset of files necessary for Git to use).
Signed-off-by: Jeff King
---
sha1dc/sha1.c | 1146 +
On Thu, Feb 23, 2017 at 05:43:02PM -0500, Jeff King wrote:
> On Thu, Feb 23, 2017 at 02:38:29PM -0800, Linus Torvalds wrote:
>
> > > Thanks, I hadn't seen that yet. That doesn't look like it should be hard
> > > to integrate into Git.
> >
> > Here's a *very* ugly patch that is absolutely disgust
Signed-off-by: Stefan Beller
---
entry.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/entry.c b/entry.c
index c6eea240b6..d2b512da90 100644
--- a/entry.c
+++ b/entry.c
@@ -2,6 +2,7 @@
#include "blob.h"
#include "dir.h"
#include "streaming.h"
+#include "su
Similar to b33a15b08 (push: add recurseSubmodules config option,
2015-11-17) and 027771fcb1 (submodule: allow erroneous values for the
fetchRecurseSubmodules option, 2015-08-17), we add submodule-config code
that is later used to parse whether we are interested in updating
submodules.
We need the
The check (which uses the old oid) is yet to be implemented, but this part
is just a refactor, so it can go separately first.
Signed-off-by: Stefan Beller
---
unpack-trees.c | 17 ++---
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/unpack-trees.c b/unpack-trees.c
ind
Adding the repository itself as a submodule does not make sense in the
real world. In our test suite we used to do that out of convenience in
some tests as the current repository has easiest access for setting up
'just a submodule'.
However this doesn't quite test the real world, so let's do not f
previous work:
https://public-inbox.org/git/20161203003022.29797-1-sbel...@google.com/
v5:
* as v4 was the first version queued by Junio, we do have an interdiff below!
* renamed functions
* changed the API, now the caller has to take care of the submodule strategy
themselves. (Note this can
We need the gentle version in a later patch. As we have just one caller,
migrate the caller.
Signed-off-by: Stefan Beller
---
builtin/grep.c | 2 +-
submodule.c| 7 ++-
submodule.h| 8 +++-
3 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/builtin/grep.c b/builtin/g
Currently lib-submodule-update.sh provides 2 functions
test_submodule_switch and test_submodule_forced_switch that are used by a
variety of tests to ensure that submodules behave as expected. The current
expected behavior is that submodules are not touched at all (see
42639d2317a for the exact setu
If a server sets allowtipsha1inwant (or allowreachablesha1inwant), a
client can call "git fetch " where SHA-1 is the hash of
a blob (reachable or unreachable) to obtain it. The test below (which
passes) demonstrates that.
I have bisected this, and this bug occurs at least as early as the
introduc
Redraw the ASCII art describing the setup using more space, such that
it is easier to understand. The leaf commits are now ordered the same
way the actual code is ordered.
Add empty lines to the setup code separating each of the leaf commits,
each starting with a "checkout -b".
Signed-off-by: St
In later patches we introduce the --recurse-submodule flag for commands
that modify the working directory, e.g. git-checkout.
It is potentially expensive to check if a submodule needs an update,
because a common theme to interact with submodules is to spawn a child
process for each interaction.
S
In a later patch we need to prepare the submodule environment with
another git directory, so split up the function.
Also move it up in the file such that we do not need to declare the
function later before using it.
Signed-off-by: Stefan Beller
---
submodule.c | 29 +
On Thu, Feb 23, 2017 at 2:43 PM, Jeff King wrote:
>
> Yeah. I started looking at that, but the ubc check happens after the
> initial expansion.
Yes. That's the point where I gave up and just included their ugly sha1.c file.
I suspect it can be done, but it would need somebody to really know
what
On Thu, Feb 23, 2017 at 02:38:29PM -0800, Linus Torvalds wrote:
> > Thanks, I hadn't seen that yet. That doesn't look like it should be hard
> > to integrate into Git.
>
> Here's a *very* ugly patch that is absolutely disgusting and should not be
> used. But it does kind of work (I tested it wit
Duy Nguyen writes:
> On Tue, Feb 21, 2017 at 8:10 AM, Kyle Meyer wrote:
>> diff --git a/refs.h b/refs.h
>> index 9fbff90e7..5880886a7 100644
>> --- a/refs.h
>> +++ b/refs.h
>> @@ -276,8 +276,8 @@ int reflog_exists(const char *refname);
>> * exists, regardless of its old value. It is an error f
Here are the topics that have been cooking. Commits prefixed with
'-' are only in 'pu' (proposed updates) while commits prefixed with
'+' are in 'next'. The ones marked with '.' do not appear in any of
the integration branches, but I am still holding onto them.
You can find the changes described
On Thu, Feb 23, 2017 at 01:17:49PM -0800, Junio C Hamano wrote:
> "Devin J. Pohly" writes:
>
> > Previously, the git_commit_non_empty_tree function would always pass any
> > commit with no parents to git-commit-tree, regardless of whether the
> > tree was nonempty. The new commit would then be r
W dniu 23.02.2017 o 16:50, Santiago Torres pisze:
> Hello all,
>
> I ran into this website presenting the "first practical attack on
> sha1"[1]. I don't recall seeing this on the ML, so I'm sharing this just
> in case. I know there are proposals to move out of sha1 already. I
> wonder if this affe
"Devin J. Pohly" writes:
> Previously, the git_commit_non_empty_tree function would always pass any
> commit with no parents to git-commit-tree, regardless of whether the
> tree was nonempty. The new commit would then be recorded in the
> filter-branch revision map, and subsequent commits which
Jeff King writes:
> This one is perhaps questionable. Maybe somebody is relying on setting a
> per-repo user.name to override a ~/.gitconfig value and enforce
> auto-detection?
Thanks for splitting this step out. 1/4 and 2/4 are obvious
improvements, and 3/4 is a very sensible fix. Compared to
On Thu, Feb 23, 2017 at 09:49:09PM +0100, Jakub Narębski wrote:
> > How is GIT affected? GIT strongly relies on SHA-1 for the
> > identification and integrity checking of all file objects and
> > commits. It is essentially possible to create two GIT repositories
> > with the same head commit hash
Jeff King wrote:
> It's not an identical prefix, but I think collision attacks generally
> are along the lines of selecting two prefixes followed by garbage, and
> then mutating the garbage on both sides. That would "work" in this case
> (modulo the fact that git would complain about the NUL).
>
>
Hiroshi Shirosaki wrote:
> I have the following authentication failure while svn rebase and
> svn dcommit works fine without authentication failures.
>
> $ git svn branch v7_3
> Copying https://xxx at r27519
> to https:///v7_
W dniu 23.02.2017 o 18:12, David Lang pisze:
> On Thu, 23 Feb 2017, Junio C Hamano wrote:
>
>> On Thu, Feb 23, 2017 at 8:43 AM, Joey Hess wrote:
>>>
>>> Since we now have collisions in valid PDF files, collisions in
>>> valid git commit and tree objects are probably able to be
>>> constructed.
>
On Thu, Feb 23, 2017 at 12:37:25PM -0800, Junio C Hamano wrote:
> Jeff King writes:
>
> > I suspect it isn't enough to help without 2/2. This will tell curl that
> > the server does not do Negotiate, so it will skip the probe request. But
> > Git will still feed curl the bogus empty credential.
On 2017-02-23 11:09:32, Linus Torvalds wrote:
> I'm aware of the fsck checks, but I have to admit I wasn't aware of
> 'transfer.fsckobjects'. I should turn that on myself.
>
> Or maybe git should just turn it on by default?
The problem with this is that there are many repos with errors out
there
Jeff King writes:
> I suspect it isn't enough to help without 2/2. This will tell curl that
> the server does not do Negotiate, so it will skip the probe request. But
> Git will still feed curl the bogus empty credential.
>
> That's what 2/2 tries to fix: only kick in the emptyAuth hack when ther
There are a few bugs I git I noticed when using mingw, mingw64,
cygwin, and cygwin64. These bugs are the following:
if I do git ``rebase -i --root`` and tell it to edit every commit to
gpg sign all my commits it bugs out and merges all of the commits into
1 commit instead of only appending the ``-
Thanks.
> -Original Message-
> From: Jeff King [mailto:p...@peff.net]
> Sent: Thursday, February 23, 2017 2:44 PM
> To: David Turner
> Cc: Junio C Hamano ; git@vger.kernel.org;
> sand...@crustytoothpaste.net; Johannes Schindelin
> ; Eric Sunshine
> Subject: Re: [PATCH 2/2] http: add an "auto" mod
On Thu, Feb 23, 2017 at 11:09:32AM -0800, Linus Torvalds wrote:
> On Thu, Feb 23, 2017 at 10:46 AM, Jeff King wrote:
> >>
> >> So I agree with you that we need to make git check for the opaque
> >> data. I think I was the one who brought that whole argument up.
> >
> > We do already.
>
> I'm awa
Nguyễn Thái Ngọc Duy writes:
>> There was some discussion after v4. I think the open issues are:
>>
>> - the commit message is rather terse (it should describe motivation,
>> and can refer to the docs for the "how")
> This allows some more flexibility in managing configuration across
> re
On Thu, Feb 23, 2017 at 11:47:16AM -0800, Linus Torvalds wrote:
> On Thu, Feb 23, 2017 at 11:32 AM, Jeff King wrote:
> >
> > Yeah, they're not expensive. We've discussed enabling them by default.
> > The sticking point is that there is old history with minor bugs which
> > triggers some warnings
On Thu, Feb 23, 2017 at 11:32 AM, Jeff King wrote:
>
> Yeah, they're not expensive. We've discussed enabling them by default.
> The sticking point is that there is old history with minor bugs which
> triggers some warnings (e.g., malformed committer names), and it would
> be annoying to start reje
On Thu, Feb 23, 2017 at 04:31:13PM +, David Turner wrote:
> > As somebody who is using non-Basic auth, can you apply these patches and
> > show us the output of:
> >
> >GIT_TRACE_CURL=1 \
> >git ls-remote https://your-server 2>&1 >/dev/null |
> >egrep '(Send|Recv) header: (GET|HTT
On Thu, Feb 23, 2017 at 06:08:49PM +0100, Johannes Schindelin wrote:
> > I suspect the patch above could probably be generalized as:
> >
> > /* cut out methods we know the server doesn't support */
> > http_auth_methods &= results.auth_avail;
> >
> > and let curl figure it out from there.
>
On Thu, Feb 23, 2017 at 11:11:05AM -0800, Junio C Hamano wrote:
> >> As far as Kerberos, this is a desirable feature to have enabled, with
> >> little downside. I just don't know about the security of the NTLM part,
> >> and I don't think we should take this patch unless we're sure we know
> >> t
Forwarding a message that ended on my end only, probably by accident.
Forwarded Message
Subject: Re: feature request: user email config per domain
Date: Thu, 23 Feb 2017 13:32:56 +0530
From: Tushar Kapila
To: Igor Djordjevic BugA
Hello All,
> I'd much rather see something base
Ctrl+T/Ctrl+U add/remove only one file, not the whole selection - used
to work. Neither are access keys for menu underlined (Ease of access
center > underline keyboard shortcuts is on), so there is no way to
effectively work with keyb only.
git-gui verison 0.21 GITGUI
git version 2.11.1.windows.
pointers to a little more info
https://shattered.it/static/
the two files are:
https://shattered.it/static/shattered-1.pdf
https://shattered.it/static/shattered-2.pdf
422435 shattered-2.pdf
422435 shattered-1.pdf
identical length and a lot smaller than I expected (~162K of the 413K file is
The attack seems to generate two 64-bytes blocks, one quarter of which
is repeated data. (Table-1 in the paper.)
Assuming the result of that is evenly distributed and that bytes are
independent, we can estimate the chances that the result is NUL-free
as (255/256)^192 = 47% and the probability tha
Jeff King writes:
> On Wed, Feb 22, 2017 at 11:34:19PM +, brian m. carlson wrote:
>
>> Browsers usually disable this feature by default, as it basically will
>> attempt to authenticate to any site that sends a 401. For Kerberos
>> against a malicious site, the user will either not have a val
On Thu, Feb 23, 2017 at 10:46 AM, Jeff King wrote:
>>
>> So I agree with you that we need to make git check for the opaque
>> data. I think I was the one who brought that whole argument up.
>
> We do already.
I'm aware of the fsck checks, but I have to admit I wasn't aware of
'transfer.fsckobject
On Thu, Feb 23, 2017 at 02:21:47PM -0400, Joey Hess wrote:
> Linus Torvalds wrote:
> > What you describe pretty much already requires a pre-image attack,
> > which the new attack is _not_.
> >
> > It's not clear that the "good" object can be anything sane.
>
> Generate a regular commit object; u
Johannes Schindelin writes:
> On Wed, 22 Feb 2017, Jeff King wrote:
>> This patch drops the useless probe request:
> ...
>> but setting http.emptyauth adds back in the useless request. I think
>> that could be fixed by skipping the empty-auth thing when
>> http_auth_methods does not have CURLAUTH
Joey Hess wrote:
> Linus Torvalds wrote:
> > What you describe pretty much already requires a pre-image attack,
> > which the new attack is _not_.
> >
> > It's not clear that the "good" object can be anything sane.
>
> Generate a regular commit object; use the entire commit object + NUL as the
>
Matthieu Moy writes:
> Johan Hovold writes:
>
>> --- a/git-send-email.perl
>> +++ b/git-send-email.perl
>> @@ -1563,7 +1563,7 @@ foreach my $t (@files) {
>> # Now parse the message body
>> while(<$fh>) {
>> $message .= $_;
>> -if (/^(Signed-off-by|Cc): (.*)$/i
Make upload-pack report "not our ref" errors to the client as an "ERR" line.
(If not, the client would be left waiting for a response when the server is
already dead.)
Signed-off-by: Jonathan Tan
---
Thanks, here is the independent patch.
upload-pack.c | 6 +-
1 file changed, 5 insertions(
On Thu, Feb 23, 2017 at 10:40:48AM -0800, Linus Torvalds wrote:
> > Generate a regular commit object; use the entire commit object + NUL as the
> > chosen prefix, and use the identical-prefix collision attack to generate
> > the colliding good/bad objects.
>
> So I agree with you that we need to
On Thu, Feb 23, 2017 at 10:21 AM, Joey Hess wrote:
> Linus Torvalds wrote:
>> What you describe pretty much already requires a pre-image attack,
>> which the new attack is _not_.
>>
>> It's not clear that the "good" object can be anything sane.
>
> Generate a regular commit object; use the entire
Joey Hess writes:
> For example, git fsck does warn about a commit message with opaque
> data hidden after a NUL. But, git show/merge/pull give no indication
> that something funky is going on when working with such commits.
Would
$ git config transfer.fsckobjects true
help?
On Thu, Feb 23, 2017 at 10:10 AM, Joey Hess wrote:
>
> It would cost 6500 CPU years + 100 GPU years to generate valid colliding
> git objects using the methods of the paper's authors. That might be cost
> effective if it helped get a backdoor into eg, the kernel.
I still think it also needs to be
Linus Torvalds wrote:
> What you describe pretty much already requires a pre-image attack,
> which the new attack is _not_.
>
> It's not clear that the "good" object can be anything sane.
Generate a regular commit object; use the entire commit object + NUL as the
chosen prefix, and use the identi
On Thu, 23 Feb 2017, Joey Hess wrote:
Junio C Hamano wrote:
On Thu, Feb 23, 2017 at 8:43 AM, Joey Hess wrote:
Since we now have collisions in valid PDF files, collisions in valid git
commit and tree objects are probably able to be constructed.
That may be true, but
https://public-inbox.org
Linus Torvalds wrote:
> I haven't seen the attack yet, but git doesn't actually just hash the
> data, it does prepend a type/length field to it. That usually tends to
> make collision attacks much harder, because you either have to make
> the resulting size the same too, or you have to be able to a
On Thu, Feb 23, 2017 at 9:35 AM, Joey Hess wrote:
>
> Attacks using this SHA1 break will look something more like:
We don't actually know what the break is, but it's likely that you
can't actually do what you think you can do:
> * I push a "bad" object to a repo on github I set up under a
> ps
1 - 100 of 129 matches
Mail list logo