--- /dev/null
+Git v2.3.7 Release Notes
+========================
+
+Fixes since v2.3.6
+------------------
+
+ * An earlier update to the parser that disects a URL broke an
+ address, followed by a colon, followed by an empty string (instead
+ of the port number), e.g. ssh://example.com:/path/to/repo.
+
+ * The completion script (in contrib/) contaminated global namespace
+ and clobbered on a shell variable $x.
+
+ * The "git push --signed" protocol extension did not limit what the
+ "nonce" that is a server-chosen string can contain or how long it
+ can be, which was unnecessarily lax. Limit both the length and the
+ alphabet to a reasonably small space that can still have enough
+ entropy.
+
+Also contains typofixes, documentation updates and trivial code
+clean-ups.
branch of the `git.git` repository.
Documentation for older releases are available here:
-* link:v2.3.6/git.html[documentation for release 2.3.6]
+* link:v2.3.7/git.html[documentation for release 2.3.7]
* release notes for
+ link:RelNotes/2.3.7.txt[2.3.7],
link:RelNotes/2.3.6.txt[2.3.6],
link:RelNotes/2.3.5.txt[2.3.5],
link:RelNotes/2.3.4.txt[2.3.4],
#!/bin/sh
GVF=GIT-VERSION-FILE
-DEF_VER=v2.3.6
+DEF_VER=v2.3.7
LF='
'
-Documentation/RelNotes/2.3.6.txt
\ No newline at end of file
+Documentation/RelNotes/2.3.7.txt
\ No newline at end of file
if (end != colon + 1 && *end == '\0' && 0 <= portnr && portnr < 65536) {
*colon = 0;
*port = colon + 1;
+ } else if (!colon[1]) {
+ *colon = 0;
}
}
}
__gitcompappend ()
{
- local i=${#COMPREPLY[@]}
+ local x i=${#COMPREPLY[@]}
for x in $1; do
if [[ "$x" == "$3"* ]]; then
COMPREPLY[i++]="$2$x$4"
return update_seen;
}
+#define NONCE_LEN_LIMIT 256
+
+static void reject_invalid_nonce(const char *nonce, int len)
+{
+ int i = 0;
+
+ if (NONCE_LEN_LIMIT <= len)
+ die("the receiving end asked to sign an invalid nonce <%.*s>",
+ len, nonce);
+
+ for (i = 0; i < len; i++) {
+ int ch = nonce[i] & 0xFF;
+ if (isalnum(ch) ||
+ ch == '-' || ch == '.' ||
+ ch == '/' || ch == '+' ||
+ ch == '=' || ch == '_')
+ continue;
+ die("the receiving end asked to sign an invalid nonce <%.*s>",
+ len, nonce);
+ }
+}
+
int send_pack(struct send_pack_args *args,
int fd[], struct child_process *conn,
struct ref *remote_refs,
push_cert_nonce = server_feature_value("push-cert", &len);
if (!push_cert_nonce)
die(_("the receiving end does not support --signed push"));
+ reject_invalid_nonce(push_cert_nonce, len);
push_cert_nonce = xmemdupz(push_cert_nonce, len);
}
do
for h in host user@host user@[::1] user@::1
do
- test_expect_success "fetch-pack --diag-url $p://$h/$r" '
- check_prot_host_port_path $p://$h/$r $p "$h" NONE "/$r"
- '
- # "/~" -> "~" conversion
- test_expect_success "fetch-pack --diag-url $p://$h/~$r" '
- check_prot_host_port_path $p://$h/~$r $p "$h" NONE "~$r"
- '
+ for c in "" :
+ do
+ test_expect_success "fetch-pack --diag-url $p://$h$c/$r" '
+ check_prot_host_port_path $p://$h/$r $p "$h" NONE "/$r"
+ '
+ # "/~" -> "~" conversion
+ test_expect_success "fetch-pack --diag-url $p://$h$c/~$r" '
+ check_prot_host_port_path $p://$h/~$r $p "$h" NONE "~$r"
+ '
+ done
done
for h in host User@host User@[::1]
do
done
#with ssh:// scheme
-test_expect_success 'clone ssh://host.xz/home/user/repo' '
- test_clone_url "ssh://host.xz/home/user/repo" host.xz "/home/user/repo"
-'
-
-# from home directory
-test_expect_success 'clone ssh://host.xz/~repo' '
- test_clone_url "ssh://host.xz/~repo" host.xz "~repo"
+#ignore trailing colon
+for tcol in "" :
+do
+ test_expect_success "clone ssh://host.xz$tcol/home/user/repo" '
+ test_clone_url "ssh://host.xz$tcol/home/user/repo" host.xz /home/user/repo
+ '
+ # from home directory
+ test_expect_success "clone ssh://host.xz$tcol/~repo" '
+ test_clone_url "ssh://host.xz$tcol/~repo" host.xz "~repo"
'
+done
# with port number
test_expect_success 'clone ssh://host.xz:22/home/user/repo' '
'
#IPv6
-for tuah in ::1 [::1] user@::1 user@[::1] [user@::1]
+for tuah in ::1 [::1] [::1]: user@::1 user@[::1] user@[::1]: [user@::1] [user@::1]:
do
- ehost=$(echo $tuah | tr -d "[]")
+ ehost=$(echo $tuah | sed -e "s/1]:/1]/ "| tr -d "[]")
test_expect_success "clone ssh://$tuah/home/user/repo" "
test_clone_url ssh://$tuah/home/user/repo $ehost /home/user/repo
"
projects / platform / upstream / git.git / commitdiff