summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2015-09-28 15:28:26 -0700
committerJunio C Hamano <gitster@pobox.com>2015-09-28 15:28:31 -0700
commit6343e2f6f271cf344ea8e7384342502faecaf37c (patch)
tree50abed20e4b930022a24b64389915f7c774acef9 /Documentation
parent74b67638166ca2e66497ede559dbf393e7af8b40 (diff)
parent18b58f707fdb3ad7d3d4931bd40693834c9ec8a0 (diff)
downloadgit-6343e2f6f271cf344ea8e7384342502faecaf37c.tar.gz
Sync with 2.3.10
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/RelNotes/2.3.10.txt18
-rw-r--r--Documentation/git.txt30
2 files changed, 47 insertions, 1 deletions
diff --git a/Documentation/RelNotes/2.3.10.txt b/Documentation/RelNotes/2.3.10.txt
new file mode 100644
index 0000000000..9d425d814d
--- /dev/null
+++ b/Documentation/RelNotes/2.3.10.txt
@@ -0,0 +1,18 @@
+Git v2.3.10 Release Notes
+=========================
+
+Fixes since v2.3.9
+------------------
+
+ * xdiff code we use to generate diffs is not prepared to handle
+ extremely large files. It uses "int" in many places, which can
+ overflow if we have a very large number of lines or even bytes in
+ our input files, for example. Cap the input size to soemwhere
+ around 1GB for now.
+
+ * Some protocols (like git-remote-ext) can execute arbitrary code
+ found in the URL. The URLs that submodules use may come from
+ arbitrary sources (e.g., .gitmodules files in a remote
+ repository), and can hurt those who blindly enable recursive
+ fetch. Restrict the allowed protocols to well known and safe
+ ones.
diff --git a/Documentation/git.txt b/Documentation/git.txt
index 97d9fb41b2..5826bd9771 100644
--- a/Documentation/git.txt
+++ b/Documentation/git.txt
@@ -57,9 +57,10 @@ Documentation for older releases are available here:
link:RelNotes/2.4.1.txt[2.4.1],
link:RelNotes/2.4.0.txt[2.4].
-* link:v2.3.9/git.html[documentation for release 2.3.9]
+* link:v2.3.10/git.html[documentation for release 2.3.10]
* release notes for
+ link:RelNotes/2.3.10.txt[2.3.10],
link:RelNotes/2.3.9.txt[2.3.9],
link:RelNotes/2.3.8.txt[2.3.8],
link:RelNotes/2.3.7.txt[2.3.7],
@@ -1059,6 +1060,33 @@ GIT_ICASE_PATHSPECS::
an operation has touched every ref (e.g., because you are
cloning a repository to make a backup).
+`GIT_ALLOW_PROTOCOL`::
+ If set, provide a colon-separated list of protocols which are
+ allowed to be used with fetch/push/clone. This is useful to
+ restrict recursive submodule initialization from an untrusted
+ repository. Any protocol not mentioned will be disallowed (i.e.,
+ this is a whitelist, not a blacklist). If the variable is not
+ set at all, all protocols are enabled. The protocol names
+ currently used by git are:
+
+ - `file`: any local file-based path (including `file://` URLs,
+ or local paths)
+
+ - `git`: the anonymous git protocol over a direct TCP
+ connection (or proxy, if configured)
+
+ - `ssh`: git over ssh (including `host:path` syntax,
+ `git+ssh://`, etc).
+
+ - `rsync`: git over rsync
+
+ - `http`: git over http, both "smart http" and "dumb http".
+ Note that this does _not_ include `https`; if you want both,
+ you should specify both as `http:https`.
+
+ - any external helpers are named by their protocol (e.g., use
+ `hg` to allow the `git-remote-hg` helper)
+
Discussion[[Discussion]]
------------------------