From: Patrick Steinhardt <ps@pks.im>
To: git@vger.kernel.org
Subject: [PATCH 0/2] Fix use of uninitialized hash algos
Date: Mon, 13 May 2024 09:15:04 +0200 [thread overview]
Message-ID: <cover.1715582857.git.ps@pks.im> (raw)
[-- Attachment #1: Type: text/plain, Size: 2068 bytes --]
Hi,
with c8aed5e8da (repository: stop setting SHA1 as the default object
hash, 2024-05-07), we have stopped setting up the default hash function
for `the_repository`. This change was done so that we stop implicitly
using SHA1 in places where we don't really intend to. Instead, code
where we try to access `the_hash_algo` without having `the_repository`
properly initialized will now crash hard.
I have found two more cases where this can now be triggered:
- git-patch-id(1) can read diffs from stdin.
- git-hash-object(1) can hash data from stdin.
Both cases can work without a repository, and if they don't have one
they will now crash.
I still consider it a good thing that we did the change regardless of
those crashes. In the case of git-patch-id(1) I would claim that using
`the_hash_algo` is wrong in the first place, as patch IDs should be
stable and are documented to always use SHA1. Thus, patch IDs in SHA256
repos are essentially broken. And in the case of git-hash-object(1), we
should expose a command line option to let the user specify the object
hash. So both cases demonstrate that there is room for improvement.
If these cases keep on popping up and we don't feel comfortable with it,
then we can still decide to drop c8aed5e8da. The remainder of the topic
that this commit was part of should in that case stay though, as those
are real bug fixes. We could then re-try in a subsequent release cycle.
But for now I don't think this would be warranted yet.
This topic depends on js/ps/undecided-is-not-necessarily-sha1 at
c8aed5e8da (repository: stop setting SHA1 as the default object hash,
2024-05-07).
Thanks!
Patrick
Patrick Steinhardt (2):
builtin/patch-id: fix uninitialized hash function
builtin/hash-object: fix uninitialized hash function
builtin/hash-object.c | 7 +++++++
builtin/patch-id.c | 13 +++++++++++++
t/t1007-hash-object.sh | 6 ++++++
t/t4204-patch-id.sh | 34 ++++++++++++++++++++++++++++++++++
4 files changed, 60 insertions(+)
--
2.45.GIT
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2024-05-13 7:15 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-13 7:15 Patrick Steinhardt [this message]
2024-05-13 7:15 ` [PATCH 1/2] builtin/patch-id: fix uninitialized hash function Patrick Steinhardt
2024-05-13 7:15 ` [PATCH 2/2] builtin/hash-object: " Patrick Steinhardt
2024-05-14 0:16 ` Junio C Hamano
2024-05-13 16:01 ` [PATCH 0/2] Fix use of uninitialized hash algos Junio C Hamano
2024-05-13 18:36 ` Junio C Hamano
2024-05-13 19:21 ` [PATCH v2 0/4] Fix use of uninitialized hash algorithms Junio C Hamano
2024-05-13 19:21 ` [PATCH v2 1/4] setup: add an escape hatch for "no more default hash algorithm" change Junio C Hamano
2024-05-13 19:48 ` Kyle Lippincott
2024-05-13 19:21 ` [PATCH v2 2/4] t1517: test commands that are designed to be run outside repository Junio C Hamano
2024-05-13 19:57 ` Kyle Lippincott
2024-05-13 20:33 ` Junio C Hamano
2024-05-13 21:00 ` Junio C Hamano
2024-05-13 21:07 ` Kyle Lippincott
2024-05-13 19:21 ` [PATCH v2 3/4] builtin/patch-id: fix uninitialized hash function Junio C Hamano
2024-05-13 19:21 ` [PATCH v2 4/4] builtin/hash-object: " Junio C Hamano
2024-05-13 21:28 ` [PATCH 5/4] apply: " Junio C Hamano
2024-05-13 22:41 ` [PATCH v3 0/5] Fix use of uninitialized hash algorithms Junio C Hamano
2024-05-13 22:41 ` [PATCH v3 1/5] setup: add an escape hatch for "no more default hash algorithm" change Junio C Hamano
2024-05-13 22:41 ` [PATCH v3 2/5] t1517: test commands that are designed to be run outside repository Junio C Hamano
2024-05-13 22:41 ` [PATCH v3 3/5] builtin/patch-id: fix uninitialized hash function Junio C Hamano
2024-05-13 23:11 ` Junio C Hamano
2024-05-14 4:31 ` Patrick Steinhardt
2024-05-14 15:52 ` Junio C Hamano
2024-05-13 22:41 ` [PATCH v3 4/5] builtin/hash-object: " Junio C Hamano
2024-05-13 23:13 ` Junio C Hamano
2024-05-14 4:32 ` Patrick Steinhardt
2024-05-14 15:55 ` Junio C Hamano
2024-05-13 22:41 ` [PATCH v3 5/5] apply: " Junio C Hamano
2024-05-14 1:14 ` [PATCH v4 0/5] Fix use of uninitialized hash algorithms Junio C Hamano
2024-05-14 1:14 ` [PATCH v4 1/5] setup: add an escape hatch for "no more default hash algorithm" change Junio C Hamano
2024-05-14 4:32 ` Patrick Steinhardt
2024-05-14 15:05 ` Junio C Hamano
2024-05-14 17:19 ` Junio C Hamano
2024-05-15 12:23 ` Patrick Steinhardt
2024-05-16 15:31 ` Junio C Hamano
2024-05-14 1:14 ` [PATCH v4 2/5] t1517: test commands that are designed to be run outside repository Junio C Hamano
2024-05-14 4:32 ` Patrick Steinhardt
2024-05-14 15:08 ` Junio C Hamano
2024-05-15 12:24 ` Patrick Steinhardt
2024-05-15 14:15 ` Junio C Hamano
2024-05-15 14:25 ` Patrick Steinhardt
2024-05-15 15:40 ` Junio C Hamano
2024-05-14 1:14 ` [PATCH v4 3/5] builtin/patch-id: fix uninitialized hash function Junio C Hamano
2024-05-14 1:14 ` [PATCH v4 4/5] builtin/hash-object: " Junio C Hamano
2024-05-17 23:49 ` Junio C Hamano
2024-05-20 21:19 ` Junio C Hamano
2024-05-20 22:45 ` Junio C Hamano
2024-05-14 1:14 ` [PATCH v4 5/5] apply: " Junio C Hamano
2024-05-20 23:14 ` [PATCH v5 0/5] Fix use of uninitialized hash algorithms Junio C Hamano
2024-05-20 23:14 ` [PATCH v5 1/5] setup: add an escape hatch for "no more default hash algorithm" change Junio C Hamano
2024-05-21 7:57 ` Patrick Steinhardt
2024-05-21 15:59 ` Junio C Hamano
2024-05-20 23:14 ` [PATCH v5 2/5] t1517: test commands that are designed to be run outside repository Junio C Hamano
2024-05-20 23:14 ` [PATCH v5 3/5] builtin/patch-id: fix uninitialized hash function Junio C Hamano
2024-05-20 23:14 ` [PATCH v5 4/5] builtin/hash-object: " Junio C Hamano
2024-05-20 23:14 ` [PATCH v5 5/5] apply: " Junio C Hamano
2024-05-21 7:58 ` Patrick Steinhardt
2024-05-21 13:36 ` Junio C Hamano
2024-05-21 7:58 ` [PATCH v5 0/5] Fix use of uninitialized hash algorithms Patrick Steinhardt
2024-05-21 18:07 ` Junio C Hamano
2024-05-22 4:51 ` Patrick Steinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1715582857.git.ps@pks.im \
--to=ps@pks.im \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).