diff options
author | Junio C Hamano <gitster@pobox.com> | 2017-09-22 14:45:30 +0900 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2017-09-22 14:45:30 +0900 |
commit | 65c9d4bd7bcb3f087b56b659423c82a034ecacbd (patch) | |
tree | 53520d0d729f8bf79736e5b970f1012416f3197a /Documentation | |
parent | 3d9c5b5c4461957fbbc0479e037990db04ebb740 (diff) | |
parent | 39aaab109972d6bbc1d0ffe5d4de47bbd4b8bb07 (diff) | |
download | git-65c9d4bd7bcb3f087b56b659423c82a034ecacbd.tar.gz git-65c9d4bd7bcb3f087b56b659423c82a034ecacbd.tar.xz |
Sync with 2.11.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/RelNotes/2.10.5.txt | 17 | ||||
-rw-r--r-- | Documentation/RelNotes/2.11.4.txt | 17 | ||||
-rw-r--r-- | Documentation/git-shell.txt | 16 |
3 files changed, 50 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.10.5.txt b/Documentation/RelNotes/2.10.5.txt new file mode 100644 index 000000000..a498fd6fd --- /dev/null +++ b/Documentation/RelNotes/2.10.5.txt @@ -0,0 +1,17 @@ +Git v2.10.5 Release Notes +========================= + +Fixes since v2.10.4 +------------------- + + * "git cvsserver" no longer is invoked by "git daemon" by default, + as it is old and largely unmaintained. + + * Various Perl scripts did not use safe_pipe_capture() instead of + backticks, leaving them susceptible to end-user input. They have + been corrected. + +Credits go to joernchen <joernchen@phenoelit.de> for finding the +unsafe constructs in "git cvsserver", and to Jeff King at GitHub for +finding and fixing instances of the same issue in other scripts. + diff --git a/Documentation/RelNotes/2.11.4.txt b/Documentation/RelNotes/2.11.4.txt new file mode 100644 index 000000000..ad4da8eb0 --- /dev/null +++ b/Documentation/RelNotes/2.11.4.txt @@ -0,0 +1,17 @@ +Git v2.11.4 Release Notes +========================= + +Fixes since v2.11.3 +------------------- + + * "git cvsserver" no longer is invoked by "git daemon" by default, + as it is old and largely unmaintained. + + * Various Perl scripts did not use safe_pipe_capture() instead of + backticks, leaving them susceptible to end-user input. They have + been corrected. + +Credits go to joernchen <joernchen@phenoelit.de> for finding the +unsafe constructs in "git cvsserver", and to Jeff King at GitHub for +finding and fixing instances of the same issue in other scripts. + diff --git a/Documentation/git-shell.txt b/Documentation/git-shell.txt index 2e30a3e42..54cf2560b 100644 --- a/Documentation/git-shell.txt +++ b/Documentation/git-shell.txt @@ -79,6 +79,22 @@ EOF $ chmod +x $HOME/git-shell-commands/no-interactive-login ---------------- +To enable git-cvsserver access (which should generally have the +`no-interactive-login` example above as a prerequisite, as creating +the git-shell-commands directory allows interactive logins): + +---------------- +$ cat >$HOME/git-shell-commands/cvs <<\EOF +if ! test $# = 1 && test "$1" = "server" +then + echo >&2 "git-cvsserver only handles \"server\"" + exit 1 +fi +exec git cvsserver server +EOF +$ chmod +x $HOME/git-shell-commands/cvs +---------------- + SEE ALSO -------- ssh(1), |