* [PATCH] git-gui: guitools: add the path in the confirmation dialog for tools which needs one
From: Bert Wesarg @ 2011-10-20 19:32 UTC (permalink / raw)
To: Pat Thoyts; +Cc: git, Bert Wesarg
Signed-off-by: Bert Wesarg <bert.wesarg@googlemail.com>
---
lib/tools.tcl | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/lib/tools.tcl b/lib/tools.tcl
index 95e6e55..39e08f0 100644
--- a/lib/tools.tcl
+++ b/lib/tools.tcl
@@ -87,8 +87,14 @@ proc tools_exec {fullname} {
return
}
} elseif {[is_config_true "guitool.$fullname.confirm"]} {
- if {[ask_popup [mc "Are you sure you want to run %s?" $fullname]] ne {yes}} {
- return
+ if {[is_config_true "guitool.$fullname.needsfile"]} {
+ if {[ask_popup [mc "Are you sure you want to run %s on file \"%s\"?" $fullname $current_diff_path]] ne {yes}} {
+ return
+ }
+ } else {
+ if {[ask_popup [mc "Are you sure you want to run %s?" $fullname]] ne {yes}} {
+ return
+ }
}
}
--
1.7.7.759.gfc8c6
^ permalink raw reply related
* [PATCH] git-gui: span widgets over the full file output area in the blame view
From: Bert Wesarg @ 2011-10-20 19:30 UTC (permalink / raw)
To: Pat Thoyts; +Cc: git, Bert Wesarg
Signed-off-by: Bert Wesarg <bert.wesarg@googlemail.com>
---
lib/blame.tcl | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/lib/blame.tcl b/lib/blame.tcl
index 49eae19..b031e66 100644
--- a/lib/blame.tcl
+++ b/lib/blame.tcl
@@ -219,7 +219,8 @@ constructor new {i_commit i_path i_jump} {
eval grid $w_columns $w.file_pane.out.sby -sticky nsew
grid conf \
$w.file_pane.out.sbx \
- -column [expr {[llength $w_columns] - 1}] \
+ -column 0 \
+ -columnspan [expr {[llength $w_columns] + 1}] \
-sticky we
grid columnconfigure \
$w.file_pane.out \
@@ -229,12 +230,14 @@ constructor new {i_commit i_path i_jump} {
set finder [::searchbar::new \
$w.file_pane.out.ff $w_file \
- -column [expr {[llength $w_columns] - 1}] \
+ -column 0 \
+ -columnspan [expr {[llength $w_columns] + 1}] \
]
set gotoline [::linebar::new \
$w.file_pane.out.lf $w_file \
- -column [expr {[llength $w_columns] - 1}] \
+ -column 0 \
+ -columnspan [expr {[llength $w_columns] + 1}] \
]
set w_cviewer $w.file_pane.cm.t
--
1.7.7.759.gfc8c6
^ permalink raw reply related
* [PATCH] git-gui: use a tristate to control the case mode in the searchbar
From: Bert Wesarg @ 2011-10-20 19:27 UTC (permalink / raw)
To: Pat Thoyts; +Cc: Andrew Ardill, git, Bert Wesarg
In-Reply-To: <CAKPyHN0KCwDu2-JXAEk4wAvfOqE3jHY63aG6R9YSOoLoKwWGgQ@mail.gmail.com>
The config is now called gui.search.case and can have the three values:
no/yes/smart. yes is the default.
It also resets the case detection in smart mode, when the entry field was
cleared by the use.
Signed-off-by: Bert Wesarg <bert.wesarg@googlemail.com>
---
lib/search.tcl | 24 +++++++++++++++++-------
1 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/lib/search.tcl b/lib/search.tcl
index 04a316b..ef1e555 100644
--- a/lib/search.tcl
+++ b/lib/search.tcl
@@ -26,11 +26,20 @@ constructor new {i_w i_text args} {
set ctext $i_text
set default_regexpsearch [is_config_true gui.search.regexp]
- set smartcase [is_config_true gui.search.smartcase]
- if {$smartcase} {
+ switch -- [get_config gui.search.case] {
+ no {
set default_casesensitive 0
- } else {
+ set smartcase 0
+ }
+ smart {
+ set default_casesensitive 0
+ set smartcase 1
+ }
+ yes -
+ default {
set default_casesensitive 1
+ set smartcase 0
+ }
}
set history [list]
@@ -157,12 +166,10 @@ method _incrsearch {} {
if {[catch {$ctext index anchor}]} {
$ctext mark set anchor [_get_new_anchor $this]
}
- if {$smartcase} {
- if {[regexp {[[:upper:]]} $searchstring]} {
+ if {$searchstring ne {}} {
+ if {$smartcase && [regexp {[[:upper:]]} $searchstring]} {
set casesensitive 1
}
- }
- if {$searchstring ne {}} {
set here [_do_search $this anchor mlen]
if {$here ne {}} {
$ctext see $here
@@ -175,6 +182,9 @@ method _incrsearch {} {
#$w.ent configure -background lightpink
$w.ent state pressed
}
+ } elseif {$smartcase} {
+ # clearing the field resets the smart case detection
+ set casesensitive 0
}
}
--
1.7.7.759.gfc8c6
^ permalink raw reply related
* Re: Re* [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
From: Jeff King @ 2011-10-20 19:00 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Ævar Arnfjörð Bjarmason, Git Mailing List
In-Reply-To: <7vehy7a4sf.fsf_-_@alter.siamese.dyndns.org>
On Thu, Oct 20, 2011 at 11:36:48AM -0700, Junio C Hamano wrote:
> It probably is not worth it for most applications, but this fix-up to a
> fairly recent one is worth doing, I would suspect.
>
> -- >8 --
> Subject: parse_signed_commit: really use the entire commit log message
>
> ... even beyond the first NUL in the buffer, when checking the commit
> against the detached signature in the header.
Yeah, that is worth fixing, I think. It's one thing to be a little lazy
in pretty-printing for "git log", but I think signature verification
should be more careful.
Patch itself looks sane to me. There's still some use of str-like
functions, but they would prevent us from even seeing the signature
headers in the first place, so anything with a NUL that high is just
broken and crappy.
I didn't check, but I wonder if fsck does/should check that there is a
proper end-of-header blank line before we hit any NUL.
-Peff
^ permalink raw reply
* Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser
From: Junio C Hamano @ 2011-10-20 18:55 UTC (permalink / raw)
To: Jonathan Nieder; +Cc: Ramkumar Ramachandra, Git List, Christian Couder
In-Reply-To: <20111020180533.GA5563@elie.hsd1.il.comcast.net>
Jonathan Nieder <jrnieder@gmail.com> writes:
> Incidentally, Ram might wonder why I fuss so much about commit
> messages. It's actually very simple --- I think of them as part of
> the code.
And another reason is because I do fuss about them too ;-)
It is easy to tell a good patch from a bad one by just reading the message
without actually reading the patch text itself.
When the log message justifies the cause and the approach in the right
way, the actual patch becomes self evident. Also I often find myself
coming up with a _better_ solution than the patch I originally prepared
while writing the commit log message to explain it, and redoing the patch
text to match the description.
^ permalink raw reply
* Re: [PATCH] builtin/pack-objects.c: Fix a printf format compiler warning
From: Dan McGee @ 2011-10-20 18:54 UTC (permalink / raw)
To: Ramsay Jones; +Cc: Junio C Hamano, GIT Mailing-list
In-Reply-To: <4E9F20AD.4020209@ramsay1.demon.co.uk>
On Wed, Oct 19, 2011 at 2:10 PM, Ramsay Jones
<ramsay@ramsay1.demon.co.uk> wrote:
>
> In particular, on systems that define uint32_t as an unsigned long,
> gcc complains as follows:
>
> CC builtin/pack-objects.o
> pack-objects.c: In function `compute_write_order':
> pack-objects.c:600: warning: unsigned int format, uint32_t arg (arg 3)
>
> In order to suppress the warning, we use the C99 format specifier
> macro PRIu32.
>
> Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk>
> ---
>
> Hi Dan,
>
> If you need to re-roll your pack-objects series (dm/pack-objects-update
> branch in pu), could you please squash this change into your final commit
> 0a8145bd (pack-objects: don't traverse objects unnecessarily, 18-10-2011).
>
> If you don't need to re-roll, then I'm hoping Junio will notice and squash
> this in before it hits next. ;-)
Sorry about that- fixed locally, and if I do need to resend them then
it will be fixed.
-Dan
^ permalink raw reply
* Re* [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
From: Junio C Hamano @ 2011-10-20 18:36 UTC (permalink / raw)
To: Jeff King; +Cc: Ævar Arnfjörð Bjarmason, Git Mailing List
In-Reply-To: <20111020071356.GA14945@sigill.intra.peff.net>
Jeff King <peff@peff.net> writes:
> It's not that the commit is bad or the source of problems. My point is
> that the assumption that commit messages are NUL-terminated has been
> there for a really long time, so there are lots of spots in the code
> that sloppily run string functions on them. Every one of those needs to
> be found and fixed (e.g., I remember seeing this in
> for-each-ref.c:find_subpos recently).
>
> It's not impossible, of course, or even really that hard. It's just a
> giant pain, and I wonder if the effort is worth it.
True.
It probably is not worth it for most applications, but this fix-up to a
fairly recent one is worth doing, I would suspect.
-- >8 --
Subject: parse_signed_commit: really use the entire commit log message
... even beyond the first NUL in the buffer, when checking the commit
against the detached signature in the header.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
commit.c | 11 +++++------
t/t7510-signed-commit.sh | 21 ++++++++++++++++-----
2 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/commit.c b/commit.c
index 93045a2..6ec49fa 100644
--- a/commit.c
+++ b/commit.c
@@ -854,28 +854,27 @@ int parse_signed_commit(const unsigned char *sha1,
unsigned long size;
enum object_type type;
char *buffer = read_sha1_file(sha1, &type, &size);
- int in_header, saw_signature = -1;
+ int saw_signature = -1;
char *line;
if (!buffer || type != OBJ_COMMIT)
goto cleanup;
line = buffer;
- in_header = 1;
saw_signature = 0;
- while (*line) {
+ while (line < buffer + size) {
char *next = strchrnul(line, '\n');
if (*next)
next++;
- if (in_header && !prefixcmp(line, gpg_sig_header)) {
+ if (!prefixcmp(line, gpg_sig_header)) {
const char *sig = line + gpg_sig_header_len;
strbuf_add(signature, sig, next - sig);
saw_signature = 1;
} else {
+ if (*line == '\n')
+ next = buffer + size; /* dump the whole remainder */
strbuf_add(payload, line, next - line);
}
- if (*line == '\n')
- in_header = 0;
line = next;
}
cleanup:
diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
index 5c7475d..30401ce 100755
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@ -50,11 +50,22 @@ test_expect_success GPG 'show signatures' '
test_expect_success GPG 'detect fudged signature' '
git cat-file commit master >raw &&
- sed -e "s/fourth signed/4th forged/" raw >forged &&
- git hash-object -w -t commit forged >forged.commit &&
- git show --pretty=short --show-signature $(cat forged.commit) >actual &&
- grep "BAD signature from" actual &&
- ! grep "Good signature from" actual
+
+ sed -e "s/fourth signed/4th forged/" raw >forged1 &&
+ git hash-object -w -t commit forged1 >forged1.commit &&
+ git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
+ grep "BAD signature from" actual1 &&
+ ! grep "Good signature from" actual1
+'
+
+test_expect_success GPG 'detect fudged signature with NUL' '
+ git cat-file commit master >raw &&
+ cat raw >forged2 &&
+ echo Qwik | tr "Q" "\000" >>forged2 &&
+ git hash-object -w -t commit forged2 >forged2.commit &&
+ git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
+ grep "BAD signature from" actual2 &&
+ ! grep "Good signature from" actual2
'
test_done
^ permalink raw reply related
* Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser
From: Jonathan Nieder @ 2011-10-20 18:05 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Ramkumar Ramachandra, Git List, Christian Couder
In-Reply-To: <7vmxcva8k1.fsf@alter.siamese.dyndns.org>
Junio C Hamano wrote:
[...]
> Then the additional test can become part of the patch that corrects the
> parsing logic, no?
Yes, that works, too. All I was trying to say was that the
description in the patch I quoted didn't make sense to me, since it
included a mention of a buffer overflow without giving any explanation
of what it was talking about. I don't actually care in this case
whether it is fixed by mentioning which patch this is testing the fix
from or by squashing the two patches (though the latter certainly
seems reasonable).
Incidentally, Ram might wonder why I fuss so much about commit
messages. It's actually very simple --- I think of them as part of
the code. Suppose someone discovers a regression was introduced by
such-and-such part of the patch 1.7.7 -> 1.7.8, but at first glance it
is not clear whether that code change was supposed to have any effect
on the behavior of the code at all. Such a person is likely to make
mistakes in fixing it, right? So after getting the right behavior,
patch authors spend a few extra minutes to make sure the code is
intuitive to humans, too, and this includes making sure the rationale
description is clear.
Just like the code for the computer, this is very much something that
isn't always going to be right the first time and sometimes takes some
debugging. So, sorry for the fuss, but I hope it helps.
Jonathan
^ permalink raw reply
* Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser
From: Junio C Hamano @ 2011-10-20 17:15 UTC (permalink / raw)
To: Jonathan Nieder; +Cc: Ramkumar Ramachandra, Git List, Christian Couder
In-Reply-To: <20111020090912.GA21471@elie.hsd1.il.comcast.net>
Jonathan Nieder <jrnieder@gmail.com> writes:
> Looks good, except I would explain it differently, to avoid referring
> to hypothetical implementation details ("What buffer overflow?"):
>
> test: git cherry-pick --continue should cope with long object names
>
> A naive implementation that uses a commit-id-shaped buffer
> to store the word after "pick" in .git/sequencer/todo lines
> would crash often. Our implementation is not so naive, but
> add a test anyway to futureproof it.
>
> Or:
>
> test: make sure the "cherry-pick --continue" buffer overflow doesn't come back
>
> Before commit ..., "git cherry-pick --continue" would overflow
> under ... circumstance. Add a test to make sure it doesn't
> happen again.
I doubt you would need any of that.
You can just explain the commit that stops copying the lines into a
private, fixed buffer a bit better (e.g. "such copying is not just
wasteful but is wrong by unnecessary placing an artificial limit on the
line length"), and say "Incidentally, this fixes a bug in the earlier
round of this series that failed to read lines that are too long to fit on
the buffer, demonstrated by the test added by this patch", or something.
Then the additional test can become part of the patch that corrects the
parsing logic, no?
^ permalink raw reply
* [PATCH] builtin/pack-objects.c: Fix a printf format compiler warning
From: Ramsay Jones @ 2011-10-19 19:10 UTC (permalink / raw)
To: dpmcgee; +Cc: Junio C Hamano, GIT Mailing-list
In particular, on systems that define uint32_t as an unsigned long,
gcc complains as follows:
CC builtin/pack-objects.o
pack-objects.c: In function `compute_write_order':
pack-objects.c:600: warning: unsigned int format, uint32_t arg (arg 3)
In order to suppress the warning, we use the C99 format specifier
macro PRIu32.
Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk>
---
Hi Dan,
If you need to re-roll your pack-objects series (dm/pack-objects-update
branch in pu), could you please squash this change into your final commit
0a8145bd (pack-objects: don't traverse objects unnecessarily, 18-10-2011).
If you don't need to re-roll, then I'm hoping Junio will notice and squash
this in before it hits next. ;-)
ATB,
Ramsay Jones
builtin/pack-objects.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c
index 6db45fa..4bbd815 100644
--- a/builtin/pack-objects.c
+++ b/builtin/pack-objects.c
@@ -597,7 +597,7 @@ static struct object_entry **compute_write_order(void)
}
if (wo_end != nr_objects)
- die("ordered %u objects, expected %u", wo_end, nr_objects);
+ die("ordered %u objects, expected %"PRIu32, wo_end, nr_objects);
return wo;
}
--
1.7.7
^ permalink raw reply related
* [PATCH] git-remote-mediawiki: don't include HTTP login/password in author
From: Matthieu Moy @ 2011-10-20 17:04 UTC (permalink / raw)
To: git, gitster; +Cc: Matthieu Moy
On the MediaWiki side, the author information is just the MediaWiki login
of the contributor. The import turns it into login@$wiki_name to create
the author's email address on the wiki side. But we don't want this to
include the HTTP password if it's present in the URL ...
Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
---
contrib/mw-to-git/git-remote-mediawiki | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/contrib/mw-to-git/git-remote-mediawiki b/contrib/mw-to-git/git-remote-mediawiki
index 0b32d18..c18bfa1 100755
--- a/contrib/mw-to-git/git-remote-mediawiki
+++ b/contrib/mw-to-git/git-remote-mediawiki
@@ -109,6 +109,10 @@ $dumb_push = ($dumb_push eq "true");
my $wiki_name = $url;
$wiki_name =~ s/[^\/]*:\/\///;
+# If URL is like http://user:password@example.com/, we clearly don't
+# want the password in $wiki_name. While we're there, also remove user
+# and '@' sign, to avoid author like MWUser@HTTPUser@host.com
+$wiki_name =~ s/^.*@//;
# Commands parser
my $entry;
--
1.7.7.140.ge3099
^ permalink raw reply related
* Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
From: Jeff King @ 2011-10-20 15:56 UTC (permalink / raw)
To: Ted Ts'o
Cc: Junio C Hamano, Ævar Arnfjörð Bjarmason,
Git Mailing List
In-Reply-To: <20111020131454.GB7464@thunk.org>
On Thu, Oct 20, 2011 at 09:14:55AM -0400, Ted Ts'o wrote:
> Another possibility is to warn if the commit messages are not NULL
> terminated.
A minor nit, but it's not whether they are terminated with NUL, but
rather whether they have embedded NUL. But yeah, this could maybe just
be something fsck looks for.
> Note though that if we're really worried about a bad guy trying to
> attack us with a hash collision, he/she could always use "invisible"
> non-printing characters in the commit message, and/or just mess with
> one or both of the timestamps. The more bits and more degrees of
> flexibility the attacker has, the easier it would be, of course. In
> the grand scheme of things it's not clear to me how big of a deal this
> would be.
Good point. Append-only attacks are cheaper, because you can avoid doing
most of the hash computation on each iteration (like my patch does). But
that's not a big-O speedup, it just makes the constant smaller. So you
could assume that any feasible appending attack would probably become
feasible for recomputing the full hash eventually.
> If people were really concerned it would probably be easier to use
> backup crypto checksum using something stronger (say, SHA-2 or the
> eventual SHA-3). Just store the backup checksums of the parent
> commitments in some backwardly compatible place that old git
> implementations wouldn't look (say, after the NULL in the commit
> message if there isn't a better place :-), and new implementations
> would know to generate the checksums, and old implementations would
> ignore it.
Yeah, if birthday attacks against sha1 become possible, the sensible
thing is probably not to worry too much about the file format, but to
use a better hash.
Commits can hide extra hashes in a header pretty easily. But what about
trees and blobs? I don't think there's any "ignored" space in either
one.
-Peff
^ permalink raw reply
* Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
From: Jeff King @ 2011-10-20 15:44 UTC (permalink / raw)
To: Nguyen Thai Ngoc Duy
Cc: Junio C Hamano, Ævar Arnfjörð, Git Mailing List
In-Reply-To: <CACsJy8B7CJ3VO-UKCym2kgfOOPadL25gt2sxApk95nKoWVk2yQ@mail.gmail.com>
On Thu, Oct 20, 2011 at 08:14:56PM +1100, Nguyen Thai Ngoc Duy wrote:
> > But you cannot hide from "cat-file commit" ;-)
> >
> > With the recent push to more (perceived) security, it may probably make
> > sense to teach "log" family commands to quote-show ^@ and what is behind
> > in their output by default, perhaps with an option to turn it off.
>
> What about NUL in file name in tree objects? Suppose the original tree
> has an entry named "goodthing". With luck, they might be able to
> create a new tree object with the entry renamed to "evil\x001234" that
> has the same SHA-1. Could that possibly cause any problems?
NUL is already meaningful in a tree object; it is the end of the
filename. So after the NUL, we will consider the next 20 bytes to be
sha1, and then after that, the mode of the next file entry.
-Peff
^ permalink raw reply
* Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser
From: Ramkumar Ramachandra @ 2011-10-20 15:36 UTC (permalink / raw)
To: Jonathan Nieder; +Cc: Junio C Hamano, Git List, Christian Couder
In-Reply-To: <20111020090912.GA21471@elie.hsd1.il.comcast.net>
Hi Jonathan,
Jonathan Nieder writes:
> [...]
> Looks good, except I would explain it differently, to avoid referring
> to hypothetical implementation details ("What buffer overflow?"):
>
> test: git cherry-pick --continue should cope with long object names
>
> A naive implementation that uses a commit-id-shaped buffer
> to store the word after "pick" in .git/sequencer/todo lines
> would crash often. Our implementation is not so naive, but
> add a test anyway to futureproof it.
> [...]
I picked this one.
> Though the implementation is actually better than that --- it can even
> cope with a valid object name (e.g., a long name of a branch, or
> something like "HEAD^{/refs.c: ensure struct whose member}") that is
> that long, without truncating it. So if you have time for it, I think
> it would be worth a test where the "git cherry-pick --continue"
> succeeds, too.
Good idea. Will re-roll shortly.
Thanks.
-- Ram
^ permalink raw reply
* Re: Tracking cherry picks
From: Ramkumar Ramachandra @ 2011-10-20 15:34 UTC (permalink / raw)
To: Kirill Likhodedov; +Cc: Phillip Susi, git
In-Reply-To: <37162B20-4758-433E-B11E-CE4B7FF27FBA@gmail.com>
Hi,
Kirill Likhodedov writes:
> 20.10.2011, в 18:21, Phillip Susi:
>> Why doesn't git-cherrypick record the original SHA1 it was picked from in the commit?
>
> It does if you specify "-x" option to cherry-pick
> See the man for git-cherry-pick:
> [...]
Right. As an interesting historical note, git has been omitting the
original object name by default when cherry-picking/ reverting since
abd6970a (cherry-pick: make -r the default, 2006-10-05).
-- Ram
^ permalink raw reply
* Re: Tracking cherry picks
From: Kirill Likhodedov @ 2011-10-20 15:00 UTC (permalink / raw)
To: Phillip Susi; +Cc: git
In-Reply-To: <4EA02E6C.2040608@cfl.rr.com>
20.10.2011, в 18:21, Phillip Susi:
> Why doesn't git-cherrypick record the original SHA1 it was picked from in the commit?
It does if you specify "-x" option to cherry-pick
See the man for git-cherry-pick:
-x
When recording the commit, append a line that says "(cherry picked from commit ...)" to the
original commit message in order to indicate which commit this change was cherry-picked from.
This is done only for cherry picks without conflicts. Do not use this option if you are
cherry-picking from your private branch because the information is useless to the recipient. If
on the other hand you are cherry-picking between two publicly visible branches (e.g. backporting
a fix to a maintenance branch for an older release from a development branch), adding this
information can be useful.
^ permalink raw reply
* Tracking cherry picks
From: Phillip Susi @ 2011-10-20 14:21 UTC (permalink / raw)
To: git
I need to maintain a few stable release branches in addition to the
master branch. Sometimes a bug is found and the fix needs applied to
multiple branches. I would like to be able to list what branches the
fix has been applied to to validate that it went in everywhere it was
needed, but after cherry-picking the fix from master to the stable
branches, the SHA1 of the commit is different, and so git branch
--contains does not think the commit was applied to each of the stable
branches.
Is there a way around this? Why doesn't git-cherrypick record the
original SHA1 it was picked from in the commit?
^ permalink raw reply
* Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
From: Elijah Newren @ 2011-10-20 13:44 UTC (permalink / raw)
To: Mikael Magnusson
Cc: Jeff King, Ævar Arnfjörð, Git Mailing List
In-Reply-To: <CAHYJk3QV8QckbOM76QfqQfTsyOtk+nvfhCped+W3t60JfCfouA@mail.gmail.com>
On Thu, Oct 20, 2011 at 3:38 AM, Mikael Magnusson <mikachu@gmail.com> wrote:
>> On Wed, Oct 19, 2011 at 08:03:24PM +0200, Ævar Arnfjörð Bjarmason wrote:
>>
>>> This is quick hack I wrote just before leaving work to show that I
>>> could indeed push patches to our main repository starting with
>>> 31337. Names hidden to protect the innocent.
>>
> If you don't mind waiting, you could just increase the timestamps
> until you get the desired collision. (If you still want them to be
> correct, trying 4000000 times would about 6 weeks though :).
But the nice thing is that we have both author and committer dates to
twiddle with, meaning that if we need 4000000 different values to try
then it's only 2000 for each of those two dates, i.e. we only need to
be willing to let those dates float by about half an hour.
^ permalink raw reply
* Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
From: Ted Ts'o @ 2011-10-20 13:14 UTC (permalink / raw)
To: Jeff King
Cc: Junio C Hamano, Ævar Arnfjörð Bjarmason,
Git Mailing List
In-Reply-To: <20111020071356.GA14945@sigill.intra.peff.net>
On Thu, Oct 20, 2011 at 03:13:56AM -0400, Jeff King wrote:
> It's not that the commit is bad or the source of problems. My point is
> that the assumption that commit messages are NUL-terminated has been
> there for a really long time, so there are lots of spots in the code
> that sloppily run string functions on them. Every one of those needs to
> be found and fixed (e.g., I remember seeing this in
> for-each-ref.c:find_subpos recently).
Another possibility is to warn if the commit messages are not NULL
terminated. Note though that if we're really worried about a bad guy
trying to attack us with a hash collision, he/she could always use
"invisible" non-printing characters in the commit message, and/or just
mess with one or both of the timestamps. The more bits and more
degrees of flexibility the attacker has, the easier it would be, of
course. In the grand scheme of things it's not clear to me how big of
a deal this would be.
If people were really concerned it would probably be easier to use
backup crypto checksum using something stronger (say, SHA-2 or the
eventual SHA-3). Just store the backup checksums of the parent
commitments in some backwardly compatible place that old git
implementations wouldn't look (say, after the NULL in the commit
message if there isn't a better place :-), and new implementations
would know to generate the checksums, and old implementations would
ignore it.
That way, if anyone *does* figure out a way to generate real hash
collisions with SHA1 of objects that look almost completely identical
to the original objects, new implementations that would gradually make
their way out to the field could verify the SHA-2 (or SHA-3, when it
is announced, assuming that we the tag the checksums with a type
identifier) checksums and notice that they are not correct.
Maybe someone's already thought of this, but the cool thing about this
idea is it's a way that we can upgrade to a stronger hash algorithm
without needing a flag day due to some kind of incompatible format
change; we keep using SHA1 for the user-visible hash, since it's fine
modulo intentional attacks, and then use a hidden, backup checksum
which can be checked either all the time, or if that turns out to be a
computational burden, at some configurable random percent of the time.
Anyway, just a thought....
- Ted
^ permalink raw reply
* Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
From: Mikael Magnusson @ 2011-10-20 9:38 UTC (permalink / raw)
To: Jeff King; +Cc: Ævar Arnfjörð, Git Mailing List
In-Reply-To: <20111019190114.GA4670@sigill.intra.peff.net>
On 19 October 2011 21:01, Jeff King <peff@peff.net> wrote:
> On Wed, Oct 19, 2011 at 08:03:24PM +0200, Ævar Arnfjörð Bjarmason wrote:
>
>> This is quick hack I wrote just before leaving work to show that I
>> could indeed push patches to our main repository starting with
>> 31337. Names hidden to protect the innocent.
>
> Clever and amusing.
>
>> Which in just over a minute will generate, in my case:
>>
>> $ git show --pretty=raw 313375d995e6f8b7773c6ed1ee165e5a9e15690b | head -n 7
>> commit 313375d995e6f8b7773c6ed1ee165e5a9e15690b
>> tree c9bebc99c05dfe61cccf02ebdf442945c8ff8b3c
>> parent 0dce2d45a79d26a593f0e12301cdfeb7eb23c17a
>> author Ævar Arnfjörð Bjarmason <avar@example.com> <censored> <censored>
>> committer Ævar Arnfjörð Bjarmason <avar@example.com> <censored> <censored>
>> lulz 697889
>
> Nice header name.
If you don't mind waiting, you could just increase the timestamps
until you get the desired collision. (If you still want them to be
correct, trying 4000000 times would about 6 weeks though :).
--
Mikael Magnusson
^ permalink raw reply
* Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
From: Nguyen Thai Ngoc Duy @ 2011-10-20 9:14 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Jeff King, Ævar Arnfjörð, Git Mailing List
In-Reply-To: <7vvcrk9td7.fsf@alter.siamese.dyndns.org>
On Thu, Oct 20, 2011 at 3:31 PM, Junio C Hamano <gitster@pobox.com> wrote:
> Jeff King <peff@peff.net> writes:
>
>> And nothing shows up in the body, because git truncates at the NUL we
>> added:
>>
>> $ git show
>> commit 31337a1093af2d97eb2e6c08b261c2946395fdd3
>> Author: Jeff King <peff@peff.net>
>> Date: Wed Oct 19 15:34:00 2011 -0400
>>
>> 10
>>
>> diff --git a/file b/file
>
> But you cannot hide from "cat-file commit" ;-)
>
> With the recent push to more (perceived) security, it may probably make
> sense to teach "log" family commands to quote-show ^@ and what is behind
> in their output by default, perhaps with an option to turn it off.
What about NUL in file name in tree objects? Suppose the original tree
has an entry named "goodthing". With luck, they might be able to
create a new tree object with the entry renamed to "evil\x001234" that
has the same SHA-1. Could that possibly cause any problems?
--
Duy
^ permalink raw reply
* Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser
From: Jonathan Nieder @ 2011-10-20 9:09 UTC (permalink / raw)
To: Ramkumar Ramachandra; +Cc: Junio C Hamano, Git List, Christian Couder
In-Reply-To: <4E9FE061.3080601@gmail.com>
Ramkumar Ramachandra wrote:
> Okay. How about putting this after 5/6?
>
> -- 8< --
> Subject: [PATCH] t3510: guard against buffer overflows in parser
>
> To guard against a buffer overflow in the parser, verify that
> instruction sheets with overly long object names are parsed.
Looks good, except I would explain it differently, to avoid referring
to hypothetical implementation details ("What buffer overflow?"):
test: git cherry-pick --continue should cope with long object names
A naive implementation that uses a commit-id-shaped buffer
to store the word after "pick" in .git/sequencer/todo lines
would crash often. Our implementation is not so naive, but
add a test anyway to futureproof it.
Or:
test: make sure the "cherry-pick --continue" buffer overflow doesn't come back
Before commit ..., "git cherry-pick --continue" would overflow
under ... circumstance. Add a test to make sure it doesn't
happen again.
Though the implementation is actually better than that --- it can even
cope with a valid object name (e.g., a long name of a branch, or
something like "HEAD^{/refs.c: ensure struct whose member}") that is
that long, without truncating it. So if you have time for it, I think
it would be worth a test where the "git cherry-pick --continue"
succeeds, too.
Thanks,
Jonathan
^ permalink raw reply
* Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser
From: Ramkumar Ramachandra @ 2011-10-20 8:48 UTC (permalink / raw)
To: Jonathan Nieder, Junio C Hamano; +Cc: Git List, Christian Couder
In-Reply-To: <20111020080328.GA12337@elie.hsd1.il.comcast.net>
Hi Jonathan and Junio,
Jonathan Nieder writes:
> Junio C Hamano wrote:
>> Ramkumar Ramachandra <artagnon@gmail.com> writes:
>
>>> Check that the commit name argument to a "pick" or "revert" action in
>>> '.git/sequencer/todo' is not too long
> [...]
>> Given that this function is going to be fixed properly so that it does not
>> even need to use the "on-stack buffer", is this really necessary?
>
> Right, I don't think it is. Keeping a testcase sounds worthwhile,
> though.
Okay. How about putting this after 5/6?
-- 8< --
Subject: [PATCH] t3510: guard against buffer overflows in parser
To guard against a buffer overflow in the parser, verify that
instruction sheets with overly long object names are parsed.
Suggested-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Ramkumar Ramachandra <artagnon@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
t/t3510-cherry-pick-sequence.sh | 14 ++++++++++++++
1 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/t/t3510-cherry-pick-sequence.sh b/t/t3510-cherry-pick-sequence.sh
index 0e29e03..39b55c1 100755
--- a/t/t3510-cherry-pick-sequence.sh
+++ b/t/t3510-cherry-pick-sequence.sh
@@ -12,6 +12,9 @@ test_description='Test cherry-pick continuation features
. ./test-lib.sh
+# Repeat first match 10 times
+_r10='\1\1\1\1\1\1\1\1\1\1'
+
pristine_detach () {
git cherry-pick --reset &&
git checkout -f "$1^0" &&
@@ -211,6 +214,17 @@ test_expect_success 'malformed instruction sheet 2' '
test_must_fail git cherry-pick --continue
'
+test_expect_success 'malformed instruction sheet 3' '
+ pristine_detach initial &&
+ test_must_fail git cherry-pick base..anotherpick &&
+ echo "resolved" >foo &&
+ git add foo &&
+ git commit &&
+ sed "s/pick \([0-9a-f]*\)/pick $_r10/" .git/sequencer/todo >new_sheet &&
+ cp new_sheet .git/sequencer/todo &&
+ test_must_fail git cherry-pick --continue
+'
+
test_expect_success 'commit descriptions in insn sheet are optional' '
pristine_detach initial &&
test_must_fail git cherry-pick base..anotherpick &&
--
1.7.6.351.gb35ac.dirty
^ permalink raw reply related
* Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser
From: Jonathan Nieder @ 2011-10-20 8:03 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Ramkumar Ramachandra, Git List, Christian Couder
In-Reply-To: <7v8vogbgai.fsf@alter.siamese.dyndns.org>
Junio C Hamano wrote:
> Ramkumar Ramachandra <artagnon@gmail.com> writes:
>> Check that the commit name argument to a "pick" or "revert" action in
>> '.git/sequencer/todo' is not too long
[...]
> Given that this function is going to be fixed properly so that it does not
> even need to use the "on-stack buffer", is this really necessary?
Right, I don't think it is. Keeping a testcase sounds worthwhile,
though.
^ permalink raw reply
* Re: [PATCH 12/12] is_refname_available(): reimplement using do_for_each_ref_in_array()
From: Michael Haggerty @ 2011-10-20 7:46 UTC (permalink / raw)
To: Junio C Hamano
Cc: git, Jeff King, Drew Northup, Jakub Narebski, Heiko Voigt,
Johan Herland, Julian Phillips
In-Reply-To: <7v4nz4bftk.fsf@alter.siamese.dyndns.org>
On 10/20/2011 03:40 AM, Junio C Hamano wrote:
> Hmm, why is this patch and only this one in the series full of whitespace
> violations? Did you use a different settings or something?
This happens rarely; I don't know why. Maybe I copy-pasted snippets
from a view in an application that expanded the tabs. Maybe emacs's
eliza program has achieved self-awareness and is punishing me for never
having properly learned elisp.
The incorrect lines are indented with 7, not 8, spaces so "tabify"
didn't help either.
I'll fix in reroll after I've received any other feedback.
Michael
--
Michael Haggerty
mhagger@alum.mit.edu
http://softwareswirl.blogspot.com/
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox