aboutsummaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2017-09-22 14:45:30 +0900
committerJunio C Hamano <gitster@pobox.com>2017-09-22 14:45:30 +0900
commit65c9d4bd7bcb3f087b56b659423c82a034ecacbd (patch)
tree53520d0d729f8bf79736e5b970f1012416f3197a /Documentation
parent3d9c5b5c4461957fbbc0479e037990db04ebb740 (diff)
parent39aaab109972d6bbc1d0ffe5d4de47bbd4b8bb07 (diff)
downloadgit-65c9d4bd7bcb3f087b56b659423c82a034ecacbd.tar.gz
git-65c9d4bd7bcb3f087b56b659423c82a034ecacbd.tar.xz
Sync with 2.11.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/RelNotes/2.10.5.txt17
-rw-r--r--Documentation/RelNotes/2.11.4.txt17
-rw-r--r--Documentation/git-shell.txt16
3 files changed, 50 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.10.5.txt b/Documentation/RelNotes/2.10.5.txt
new file mode 100644
index 000000000..a498fd6fd
--- /dev/null
+++ b/Documentation/RelNotes/2.10.5.txt
@@ -0,0 +1,17 @@
+Git v2.10.5 Release Notes
+=========================
+
+Fixes since v2.10.4
+-------------------
+
+ * "git cvsserver" no longer is invoked by "git daemon" by default,
+ as it is old and largely unmaintained.
+
+ * Various Perl scripts did not use safe_pipe_capture() instead of
+ backticks, leaving them susceptible to end-user input. They have
+ been corrected.
+
+Credits go to joernchen <joernchen@phenoelit.de> for finding the
+unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
+finding and fixing instances of the same issue in other scripts.
+
diff --git a/Documentation/RelNotes/2.11.4.txt b/Documentation/RelNotes/2.11.4.txt
new file mode 100644
index 000000000..ad4da8eb0
--- /dev/null
+++ b/Documentation/RelNotes/2.11.4.txt
@@ -0,0 +1,17 @@
+Git v2.11.4 Release Notes
+=========================
+
+Fixes since v2.11.3
+-------------------
+
+ * "git cvsserver" no longer is invoked by "git daemon" by default,
+ as it is old and largely unmaintained.
+
+ * Various Perl scripts did not use safe_pipe_capture() instead of
+ backticks, leaving them susceptible to end-user input. They have
+ been corrected.
+
+Credits go to joernchen <joernchen@phenoelit.de> for finding the
+unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
+finding and fixing instances of the same issue in other scripts.
+
diff --git a/Documentation/git-shell.txt b/Documentation/git-shell.txt
index 2e30a3e42..54cf2560b 100644
--- a/Documentation/git-shell.txt
+++ b/Documentation/git-shell.txt
@@ -79,6 +79,22 @@ EOF
$ chmod +x $HOME/git-shell-commands/no-interactive-login
----------------
+To enable git-cvsserver access (which should generally have the
+`no-interactive-login` example above as a prerequisite, as creating
+the git-shell-commands directory allows interactive logins):
+
+----------------
+$ cat >$HOME/git-shell-commands/cvs <<\EOF
+if ! test $# = 1 && test "$1" = "server"
+then
+ echo >&2 "git-cvsserver only handles \"server\""
+ exit 1
+fi
+exec git cvsserver server
+EOF
+$ chmod +x $HOME/git-shell-commands/cvs
+----------------
+
SEE ALSO
--------
ssh(1),