[PATCH v2 0/8] Various fixes for v2.45.1 and friends

["Johannes Schindelin via GitGitGadget" <gitgitgadget@gmail.com>]

There have been a couple of issues that were reported about v2.45.1, and in
addition I have noticed some myself:

 * a memory leak in the clone protection logic
 * a missed adjustment in the Makefile that leads to an incorrect templates
   path in v2.39.4, v2.40.2 and v2.41.1 (but not in v2.42.2, ..., v2.45.1)
 * an overzealous core.hooksPath check
 * that Git LFS clone problem where it exits with an error (even if the
   clone often succeeded...)

This patch series is based on maint-2.39 to allow for (relatively) easy
follow-up versions v2.39.5, ..., v2.45.2.

Changes since v1:

 * simplified adding the SHA-256s corresponding to Git LFS' hooks
 * the core.hooksPath test case now verifies that the config setting was
   configured correctly

Johannes Schindelin (8):
  hook: plug a new memory leak
  init: use the correct path of the templates directory again
  Revert "core.hooksPath: add some protection while cloning"
  tests: verify that `clone -c core.hooksPath=/dev/null` works again
  hook(clone protections): add escape hatch
  hooks(clone protections): special-case current Git LFS hooks
  hooks(clone protections): simplify templates hooks validation
  Revert "Add a helper function to compare file contents"

 Documentation/config/safe.txt |   6 ++
 Makefile                      |   2 +-
 builtin/init-db.c             |   7 +++
 cache.h                       |  14 -----
 config.c                      |  13 +----
 copy.c                        |  58 --------------------
 hook.c                        | 100 +++++++++++++++++++++++++++-------
 hook.h                        |  10 ++++
 setup.c                       |   1 +
 t/helper/test-path-utils.c    |  10 ----
 t/t0060-path-utils.sh         |  41 --------------
 t/t1350-config-hooks-path.sh  |   7 +++
 t/t1800-hook.sh               |  40 ++++++++++----
 t/t5601-clone.sh              |  19 +++++++
 14 files changed, 161 insertions(+), 167 deletions(-)


base-commit: 47b6d90e91835082010da926f6a844d4441c57a6
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1732%2Fdscho%2Fvarious-fixes-for-v2.45.1-and-friends-v2
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1732/dscho/various-fixes-for-v2.45.1-and-friends-v2
Pull-Request: https://github.com/gitgitgadget/git/pull/1732

Range-diff vs v1:

 1:  d4a003bf2ce = 1:  d4a003bf2ce hook: plug a new memory leak
 2:  961dfc35f42 = 2:  961dfc35f42 init: use the correct path of the templates directory again
 3:  57db89a1497 = 3:  57db89a1497 Revert "core.hooksPath: add some protection while cloning"
 4:  7d5ef6db2a9 ! 4:  cd14042b065 tests: verify that `clone -c core.hooksPath=/dev/null` works again
     @@ t/t1350-config-hooks-path.sh: test_expect_success 'git rev-parse --git-path hook
       '
       
      +test_expect_success 'core.hooksPath=/dev/null' '
     -+	git clone -c core.hooksPath=/dev/null . no-templates
     ++	git clone -c core.hooksPath=/dev/null . no-templates &&
     ++	value="$(git -C no-templates config --local core.hooksPath)" &&
     ++	# The Bash used by Git for Windows rewrites `/dev/null` to `nul`
     ++	{ test /dev/null = "$value" || test nul = "$value"; }
      +'
      +
       test_done
 5:  a4f5eeef667 = 5:  b841db8392e hook(clone protections): add escape hatch
 6:  98465797e72 ! 6:  5e5128bc232 hooks(clone protections): special-case current Git LFS hooks
     @@ Commit message
      
       ## hook.c ##
      @@ hook.c: static int is_hook_safe_during_clone(const char *name, const char *path, char *s
     - 	if (get_sha256_of_file_contents(path, sha256) < 0)
     - 		return 0;
       
     -+	/* Hard-code known-safe values for Git LFS v3.4.0..v3.5.1 */
     -+	if ((!strcmp("pre-push", name) &&
     -+	     !strcmp(sha256, "df5417b2daa3aa144c19681d1e997df7ebfe144fb7e3e05138bd80ae998008e4")) ||
     -+	    (!strcmp("post-checkout", name) &&
     -+	     !strcmp(sha256, "791471b4ff472aab844a4fceaa48bbb0a12193616f971e8e940625498b4938a6")) ||
     -+	    (!strcmp("post-commit", name) &&
     -+	     !strcmp(sha256, "21e961572bb3f43a5f2fbafc1cc764d86046cc2e5f0bbecebfe9684a0b73b664")) ||
     -+	    (!strcmp("post-merge", name) &&
     -+	     !strcmp(sha256, "75da0da66a803b4b030ad50801ba57062c6196105eb1d2251590d100edb9390b")))
     -+		return 1;
     -+
       	if (!safe_hook_sha256s_initialized) {
       		safe_hook_sha256s_initialized = 1;
     ++
     ++		/* Hard-code known-safe values for Git LFS v3.4.0..v3.5.1 */
     ++		/* pre-push */
     ++		strset_add(&safe_hook_sha256s, "df5417b2daa3aa144c19681d1e997df7ebfe144fb7e3e05138bd80ae998008e4");
     ++		/* post-checkout */
     ++		strset_add(&safe_hook_sha256s, "791471b4ff472aab844a4fceaa48bbb0a12193616f971e8e940625498b4938a6");
     ++		/* post-commit */
     ++		strset_add(&safe_hook_sha256s, "21e961572bb3f43a5f2fbafc1cc764d86046cc2e5f0bbecebfe9684a0b73b664");
     ++		/* post-merge */
     ++		strset_add(&safe_hook_sha256s, "75da0da66a803b4b030ad50801ba57062c6196105eb1d2251590d100edb9390b");
     ++
       		git_protected_config(safe_hook_cb, &safe_hook_sha256s);
     + 	}
     + 
      
       ## t/t1800-hook.sh ##
      @@ t/t1800-hook.sh: test_expect_success '`safe.hook.sha256` and clone protections' '
 7:  c487bd06be8 = 7:  bd6d72625f5 hooks(clone protections): simplify templates hooks validation
 8:  c45c33d8e3f = 8:  4b0a636d41a Revert "Add a helper function to compare file contents"

-- 
gitgitgadget