From 1456b043fc0f0a395c35d6b5e55b0dad1b6e7acc Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Thu, 10 Dec 2009 12:17:11 -0800 Subject: Remove post-upload-hook This hook runs after "git fetch" in the repository the objects are fetched from as the user who fetched, and has security implications. Signed-off-by: Junio C Hamano --- Documentation/git-upload-pack.txt | 2 -- Documentation/githooks.txt | 29 --------------- t/t5501-post-upload-pack.sh | 69 ------------------------------------ upload-pack.c | 74 ++------------------------------------- 4 files changed, 2 insertions(+), 172 deletions(-) delete mode 100755 t/t5501-post-upload-pack.sh diff --git a/Documentation/git-upload-pack.txt b/Documentation/git-upload-pack.txt index 63f3b5c74..b8e49dce4 100644 --- a/Documentation/git-upload-pack.txt +++ b/Documentation/git-upload-pack.txt @@ -20,8 +20,6 @@ The UI for the protocol is on the 'git-fetch-pack' side, and the program pair is meant to be used to pull updates from a remote repository. For push operations, see 'git-send-pack'. -After finishing the operation successfully, `post-upload-pack` -hook is called (see linkgit:githooks[5]). OPTIONS ------- diff --git a/Documentation/githooks.txt b/Documentation/githooks.txt index 06e0f315c..3ab4f4d42 100644 --- a/Documentation/githooks.txt +++ b/Documentation/githooks.txt @@ -310,35 +310,6 @@ Both standard output and standard error output are forwarded to 'git-send-pack' on the other end, so you can simply `echo` messages for the user. -post-upload-pack ----------------- - -After upload-pack successfully finishes its operation, this hook is called -for logging purposes. - -The hook is passed various pieces of information, one per line, from its -standard input. Currently the following items can be fed to the hook, but -more types of information may be added in the future: - -want SHA-1:: - 40-byte hexadecimal object name the client asked to include in the - resulting pack. Can occur one or more times in the input. - -have SHA-1:: - 40-byte hexadecimal object name the client asked to exclude from - the resulting pack, claiming to have them already. Can occur zero - or more times in the input. - -time float:: - Number of seconds spent for creating the packfile. - -size decimal:: - Size of the resulting packfile in bytes. - -kind string: - Either "clone" (when the client did not give us any "have", and asked - for all our refs with "want"), or "fetch" (otherwise). - pre-auto-gc ~~~~~~~~~~~ diff --git a/t/t5501-post-upload-pack.sh b/t/t5501-post-upload-pack.sh deleted file mode 100755 index d89fb51ba..000000000 --- a/t/t5501-post-upload-pack.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh - -test_description='post upload-hook' - -. ./test-lib.sh - -LOGFILE=".git/post-upload-pack-log" - -test_expect_success setup ' - test_commit A && - test_commit B && - git reset --hard A && - test_commit C && - git branch prev B && - mkdir -p .git/hooks && - { - echo "#!$SHELL_PATH" && - echo "cat >post-upload-pack-log" - } >".git/hooks/post-upload-pack" && - chmod +x .git/hooks/post-upload-pack -' - -test_expect_success initial ' - rm -fr sub && - git init sub && - ( - cd sub && - git fetch --no-tags .. prev - ) && - want=$(sed -n "s/^want //p" "$LOGFILE") && - test "$want" = "$(git rev-parse --verify B)" && - ! grep "^have " "$LOGFILE" && - kind=$(sed -n "s/^kind //p" "$LOGFILE") && - test "$kind" = fetch -' - -test_expect_success second ' - rm -fr sub && - git init sub && - ( - cd sub && - git fetch --no-tags .. prev:refs/remotes/prev && - git fetch --no-tags .. master - ) && - want=$(sed -n "s/^want //p" "$LOGFILE") && - test "$want" = "$(git rev-parse --verify C)" && - have=$(sed -n "s/^have //p" "$LOGFILE") && - test "$have" = "$(git rev-parse --verify B)" && - kind=$(sed -n "s/^kind //p" "$LOGFILE") && - test "$kind" = fetch -' - -test_expect_success all ' - rm -fr sub && - HERE=$(pwd) && - git init sub && - ( - cd sub && - git clone "file://$HERE/.git" new - ) && - sed -n "s/^want //p" "$LOGFILE" | sort >actual && - git rev-parse A B C | sort >expect && - test_cmp expect actual && - ! grep "^have " "$LOGFILE" && - kind=$(sed -n "s/^kind //p" "$LOGFILE") && - test "$kind" = clone -' - -test_done diff --git a/upload-pack.c b/upload-pack.c index 953ebe1a6..0ea8516eb 100644 --- a/upload-pack.c +++ b/upload-pack.c @@ -146,66 +146,8 @@ static int do_rev_list(int fd, void *create_full_pack) return 0; } -static int feed_msg_to_hook(int fd, const char *fmt, ...) -{ - int cnt; - char buf[1024]; - va_list params; - - va_start(params, fmt); - cnt = vsprintf(buf, fmt, params); - va_end(params); - return write_in_full(fd, buf, cnt) != cnt; -} - -static int feed_obj_to_hook(const char *label, struct object_array *oa, int i, int fd) -{ - return feed_msg_to_hook(fd, "%s %s\n", label, - sha1_to_hex(oa->objects[i].item->sha1)); -} - -static int run_post_upload_pack_hook(size_t total, struct timeval *tv) -{ - const char *argv[2]; - struct child_process proc; - int err, i; - - argv[0] = "hooks/post-upload-pack"; - argv[1] = NULL; - - if (access(argv[0], X_OK) < 0) - return 0; - - memset(&proc, 0, sizeof(proc)); - proc.argv = argv; - proc.in = -1; - proc.stdout_to_stderr = 1; - err = start_command(&proc); - if (err) - return err; - for (i = 0; !err && i < want_obj.nr; i++) - err |= feed_obj_to_hook("want", &want_obj, i, proc.in); - for (i = 0; !err && i < have_obj.nr; i++) - err |= feed_obj_to_hook("have", &have_obj, i, proc.in); - if (!err) - err |= feed_msg_to_hook(proc.in, "time %ld.%06ld\n", - (long)tv->tv_sec, (long)tv->tv_usec); - if (!err) - err |= feed_msg_to_hook(proc.in, "size %ld\n", (long)total); - if (!err) - err |= feed_msg_to_hook(proc.in, "kind %s\n", - (nr_our_refs == want_obj.nr && !have_obj.nr) - ? "clone" : "fetch"); - if (close(proc.in)) - err = 1; - if (finish_command(&proc)) - err = 1; - return err; -} - static void create_pack_file(void) { - struct timeval start_tv, tv; struct async rev_list; struct child_process pack_objects; int create_full_pack = (nr_our_refs == want_obj.nr && !have_obj.nr); @@ -213,12 +155,10 @@ static void create_pack_file(void) char abort_msg[] = "aborting due to possible repository " "corruption on the remote side."; int buffered = -1; - ssize_t sz, total_sz; + ssize_t sz; const char *argv[10]; int arg = 0; - gettimeofday(&start_tv, NULL); - total_sz = 0; if (shallow_nr) { rev_list.proc = do_rev_list; rev_list.data = 0; @@ -344,7 +284,7 @@ static void create_pack_file(void) sz = xread(pack_objects.out, cp, sizeof(data) - outsz); if (0 < sz) - total_sz += sz; + ; else if (sz == 0) { close(pack_objects.out); pack_objects.out = -1; @@ -381,16 +321,6 @@ static void create_pack_file(void) } if (use_sideband) packet_flush(1); - - gettimeofday(&tv, NULL); - tv.tv_sec -= start_tv.tv_sec; - if (tv.tv_usec < start_tv.tv_usec) { - tv.tv_sec--; - tv.tv_usec += 1000000; - } - tv.tv_usec -= start_tv.tv_usec; - if (run_post_upload_pack_hook(total_sz, &tv)) - warning("post-upload-hook failed"); return; fail: -- cgit v1.2.1 From 782a0005fcb26bb7ef27f720fd139ae40a6f434b Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Thu, 10 Dec 2009 15:27:51 -0800 Subject: Fix archive format with -- on the command line Giving --format from the command line, or using output file extention to DWIM the output format, with a pathspec that is disambiguated with an explicit double-dash on the command line, e.g. git archive -o file --format=zip HEAD -- path git archive -o file.zip HEAD -- path didn't work correctly. This was because the code reordered (when one was given) or added (when the format was inferred) a --format argument at the end, effectively making it to "archive HEAD -- path --format=zip", i.e. an extra pathspec that is unlikely to match anything. The command line argument list should always be "options, revs and then paths", and we should set a good example by inserting the --format at the beginning instead. Reported-by: Ilari Liusvaara Signed-off-by: Junio C Hamano --- builtin-archive.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/builtin-archive.c b/builtin-archive.c index 12351e9dd..446d6bff3 100644 --- a/builtin-archive.c +++ b/builtin-archive.c @@ -106,13 +106,17 @@ int cmd_archive(int argc, const char **argv, const char *prefix) if (format) { sprintf(fmt_opt, "--format=%s", format); /* - * This is safe because either --format and/or --output must - * have been given on the original command line if we get to - * this point, and parse_options() must have eaten at least - * one argument, i.e. we have enough room to append to argv[]. + * We have enough room in argv[] to muck it in place, + * because either --format and/or --output must have + * been given on the original command line if we get + * to this point, and parse_options() must have eaten + * it, i.e. we can add back one element to the array. + * But argv[] may contain "--"; we should make it the + * first option. */ - argv[argc++] = fmt_opt; - argv[argc] = NULL; + memmove(argv + 2, argv + 1, sizeof(*argv) * argc); + argv[1] = fmt_opt; + argv[++argc] = NULL; } if (remote) -- cgit v1.2.1 From 9861b644e045b5ee0e16dea65b44419205090960 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Thu, 10 Dec 2009 15:42:30 -0800 Subject: Git 1.6.5.6 Signed-off-by: Junio C Hamano --- Documentation/RelNotes-1.6.5.6.txt | 23 +++++++++++++++++++++++ Documentation/git.txt | 3 ++- GIT-VERSION-GEN | 2 +- RelNotes | 2 +- 4 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 Documentation/RelNotes-1.6.5.6.txt diff --git a/Documentation/RelNotes-1.6.5.6.txt b/Documentation/RelNotes-1.6.5.6.txt new file mode 100644 index 000000000..a9eaf76f6 --- /dev/null +++ b/Documentation/RelNotes-1.6.5.6.txt @@ -0,0 +1,23 @@ +Git v1.6.5.6 Release Notes +========================== + +Fixes since v1.6.5.5 +-------------------- + + * "git add -p" had a regression since v1.6.5.3 that broke deletion of + non-empty files. + + * "git archive -o o.zip -- Makefile" produced an archive in o.zip + but in POSIX tar format. + + * Error message given to "git pull --rebase" when the user didn't give + enough clue as to what branch to integrate with still talked about + "merging with" the branch. + + * Error messages given by "git merge" when the merge resulted in a + fast-forward still were in plumbing lingo, even though in v1.6.5 + we reworded messages in other cases. + + * The post-upload-hook run by upload-pack in response to "git fetch" has + been removed, due to security concerns (the hook first appeared in + 1.6.5). diff --git a/Documentation/git.txt b/Documentation/git.txt index 8e93d35e4..c1fcfffeb 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,10 @@ unreleased) version of git, that is available from 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v1.6.5.5/git.html[documentation for release 1.6.5.5] +* link:v1.6.5.6/git.html[documentation for release 1.6.5.6] * release notes for + link:RelNotes-1.6.5.6.txt[1.6.5.6], link:RelNotes-1.6.5.5.txt[1.6.5.5], link:RelNotes-1.6.5.4.txt[1.6.5.4], link:RelNotes-1.6.5.3.txt[1.6.5.3], diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 0c9be2080..9c945d91c 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v1.6.5.5 +DEF_VER=v1.6.5.6 LF=' ' diff --git a/RelNotes b/RelNotes index 5b19dba03..115c33553 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes-1.6.5.5.txt \ No newline at end of file +Documentation/RelNotes-1.6.5.6.txt \ No newline at end of file -- cgit v1.2.1