user/sven/git.git, branch v1.6.4.5Git
https://git.stealer.net/cgit.cgi/user/sven/git.git/atom?h=v1.6.4.52010-12-15T19:19:11ZGit 1.6.4.52010-12-15T19:19:11ZJunio C Hamanogitster@pobox.com2010-12-15T19:19:11Zurn:sha1:88fcc52e4468d5dfef4f50d2bdee4b168a855368
Signed-off-by: Junio C Hamano <gitster@pobox.com>
gitweb: Introduce esc_attr to escape attributes of HTML elements2010-12-15T19:16:31ZJakub Narebskijnareb@gmail.com2010-12-14T23:34:01Zurn:sha1:3017ed62f47ce14a959e2d315c434d4980cf4243
It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it>
Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Helped-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Check size of path buffer before writing into it2010-07-25T17:33:47ZGreg Brockmangdb@MIT.EDU2010-07-20T04:46:21Zurn:sha1:1b0b962d771fb734cbf273f216b487bb58dec7b9
This prevents a buffer overrun that could otherwise be triggered by
creating a file called '.git' with contents
gitdir: (something really long)
Signed-off-by: Greg Brockman <gdb@mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
rev-parse: fix --parse-opt --keep-dashdash --stop-at-non-option2010-07-07T18:11:50ZUwe Kleine-Königu.kleine-koenig@pengutronix.de2010-07-06T14:46:05Zurn:sha1:29981380d03ffa63765dbeaea53a7ac9e8d6bc4f
The ?: operator has a lower priority than |, so the implicit associativity
made the 6th argument of parse_options be PARSE_OPT_KEEP_DASHDASH if
keep_dashdash was true discarding PARSE_OPT_STOP_AT_NON_OPTION and
PARSE_OPT_SHELL_EVAL.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'maint-1.6.3' into maint-1.6.42010-01-19T05:37:06ZJunio C Hamanogitster@pobox.com2010-01-19T05:37:06Zurn:sha1:814035c12a07927ea03350184a14f869cdce7276
* maint-1.6.3:
base85: Make the code more obvious instead of explaining the non-obvious
base85: encode_85() does not use the decode table
base85 debug code: Fix length byte calculation
checkout -m: do not try to fall back to --merge from an unborn branch
branch: die explicitly why when calling "git branch [-a|-r] branchname".
textconv: stop leaking file descriptors
commit: --cleanup is a message option
git count-objects: handle packs bigger than 4G
t7102: make the test fail if one of its check fails
Conflicts:
builtin-commit.c
Merge branch 'maint-1.6.2' into maint-1.6.32010-01-19T05:29:47ZJunio C Hamanogitster@pobox.com2010-01-19T05:29:47Zurn:sha1:011c181cc656c8b3e48882729d1b6238e8c5c537
* maint-1.6.2:
base85: Make the code more obvious instead of explaining the non-obvious
base85: encode_85() does not use the decode table
base85 debug code: Fix length byte calculation
checkout -m: do not try to fall back to --merge from an unborn branch
branch: die explicitly why when calling "git branch [-a|-r] branchname".
textconv: stop leaking file descriptors
commit: --cleanup is a message option
git count-objects: handle packs bigger than 4G
t7102: make the test fail if one of its check fails
Conflicts:
diff.c
Merge commit 'v1.6.4.4-8-g8de6518' into maint-1.6.42010-01-19T05:18:41ZJunio C Hamanogitster@pobox.com2010-01-19T05:18:41Zurn:sha1:18d97f5fedc4e464fa9b5d8096b5a9f7e42364fa
* commit 'v1.6.4.4-8-g8de6518':
Fix mis-backport of t7002
Fix mis-backport of t70022010-01-19T05:14:49ZJunio C Hamanogitster@pobox.com2010-01-19T05:14:41Zurn:sha1:8de65185e873d361ede4d6994ef257e4ac55f37d
The original patch that became cfe370c (grep: do not segfault when -f is
used, 2009-10-16), was made against "maint" or newer branch back then, but
the fix addressed the issue that was present as far as in 1.6.4 series.
The maintainer backported the patch to the 1.6.4 maintenance branch, but
failed to notice that the new tests assumed the setup done by the script
in "maint", which did quite a lot more than the same test script in 1.6.4
series, and the output didn't match the expected result.
This should fix it.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'maint-1.6.1' into maint-1.6.22010-01-10T08:49:47ZJunio C Hamanogitster@pobox.com2010-01-10T08:49:47Zurn:sha1:c5034673fd92b6278e6c9d55683770ec01fafc89
* maint-1.6.1:
base85: Make the code more obvious instead of explaining the non-obvious
base85: encode_85() does not use the decode table
base85 debug code: Fix length byte calculation
checkout -m: do not try to fall back to --merge from an unborn branch
branch: die explicitly why when calling "git branch [-a|-r] branchname".
textconv: stop leaking file descriptors
commit: --cleanup is a message option
git count-objects: handle packs bigger than 4G
t7102: make the test fail if one of its check fails
Conflicts:
diff.c
Merge branch 'maint-1.6.0' into maint-1.6.12010-01-10T08:48:47ZJunio C Hamanogitster@pobox.com2010-01-10T08:48:47Zurn:sha1:96aa7adda3b0254e4b9904f53bb38cd76bfea7bb
* maint-1.6.0:
base85: Make the code more obvious instead of explaining the non-obvious
base85: encode_85() does not use the decode table
base85 debug code: Fix length byte calculation
checkout -m: do not try to fall back to --merge from an unborn branch
branch: die explicitly why when calling "git branch [-a|-r] branchname".