summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #6477 from libgit2/ethomson/v1.5.2v1.5.2maint/v1.5Edward Thomson2023-02-154-4/+17
|\ | | | | v1.5.2
| * meta: add changelog for v1.5.2Edward Thomson2023-02-141-0/+13
| |
| * meta: update version numbers to 1.5.2Edward Thomson2023-02-143-4/+4
|/
* Merge pull request #6474 from libgit2/ethomson/v1.5.2Edward Thomson2023-02-1418-431/+676
|\ | | | | v1.5: support SSH known hosts on Windows
| * test: isolate home directory separately from global configEdward Thomson2023-02-146-23/+66
| |
| * Set all SSH hostkey preferences that are availableEric Huss2023-02-141-43/+42
| |
| * ci: convert PATH correctly to Cygwin format on WindowsEdward Thomson2023-02-142-4/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We provide `BUILD_PATH` to our build script; provide it and mutate `PATH` when running our tests as well. We were previously using `cygpath` to try to convert a _list_ of Windows paths into cygwin / Unix style `PATH` format. This does not work -- it treats the path list as a single path (with semicolons -- understandably as those are allowed characters in a Windows path). For example, `C:\One;C:\Two;C:\Three` is converted to `/c/one;c:/two;c:/three`. Add a new function to convert path lists, so that paths are split by semicolon and fed to `cygpath` independently, then re-joined with a colon. This means that our example `C:\One;C:\Two;C:\Three` is correctly converted to `/c/one:/c/two:/c/three`.
| * ci: limit test runner to build pathEdward Thomson2023-02-141-2/+20
| | | | | | | | | | We provide `BUILD_PATH` to our build script; provide it and mutate `PATH` when running our tests as well.
| * ci: run clone tests in onlineEdward Thomson2023-02-141-1/+1
| |
| * tests: known_hosts manipulating ssh clone testsEdward Thomson2023-02-142-22/+145
| | | | | | | | | | | | | | Teach the clone tests how to clone from github.com, when given a keypair with a passphrase and known_hosts data. This allows us to better exercise our known_hosts checking and ensure that the lifecycle of the certificate callback matches our expectations.
| * ci: compile against libssh2 on windowsEdward Thomson2023-02-142-2/+35
| |
| * ssh: give a realistic error messageEdward Thomson2023-02-141-2/+2
| | | | | | | | | | I spent an hour banging my head against this, when it was because the remote didn't trust my key.
| * ssh: support windows `known_hosts` filesEdward Thomson2023-02-141-8/+8
| | | | | | | | | | | | | | Use `git_sysdir_find_homedir_file` to identify the path to the home directory's `.ssh/known_hosts`; this takes Windows paths into account by preferring `HOME`, then falling back to `HOMEPATH` and `USERPROFILE` directories.
| * sysdir: provide actual home directoryEdward Thomson2023-02-142-10/+58
| | | | | | | | | | | | | | | | | | | | Provide a mechanism to look up the user's home directory, using the same mechanism that we use for locating the global configuration path (a fancy name for saying "the home directory"). SSH known hosts lookups now use this, instead of simply looking at the HOME environment variable, to support Windows-style home directory lookups in `HOME`, `HOMEPATH`, or `USERPROFILE`.
| * sysdir: move windows sysdir functions out of shared utilEdward Thomson2023-02-146-318/+275
|/ | | | | | The windows sysdir functions are libgit2-specific and for git compatibility only; remove them from the shared util directory and bring them into the libgit2 source tree.
* Merge pull request #6450 from libgit2/1.5_sshv1.5.1Edward Thomson2023-01-207-97/+348
|\ | | | | ssh: perform host key checking by default
| * meta: add changelog for v1.5.1Edward Thomson2023-01-181-0/+11
| |
| * meta: update version numbers to 1.5.1Edward Thomson2023-01-183-4/+4
| |
| * ssh: look for a key in known_hosts to set the key type for the handshakeCarlos Martín Nieto2023-01-181-53/+153
| | | | | | | | | | | | | | | | | | | | The server and client negotiate a single hostkey, but the "best" cipher may not be the one for which we have an entry in `known_hosts`. This can lead to us not finding the key in known_hosts even though we should be connecting. Instead here we look up the hostname with a nonsense key to perform a lookup in the known hosts and set that. This is roughly what the OpenSSH client does as well.
| * tests: move online::clone::ssh_auth_methods into the ssh test suiteCarlos Martín Nieto2023-01-181-2/+2
| | | | | | | | | | | | | | | | | | We're currently running it as part of the online suite but that doesn't have any setup for ssh so we won't find the GitHub keys we set up during the test. It doesn't need the private key setup as we just want to make sure we see some auth request from the server, but with the addition of hostkey checking we're now seeing it fail when we skip these tests.
| * tests: append the github.com ssh keys so we have access during testsCarlos Martín Nieto2023-01-181-0/+5
| | | | | | | | | | | | | | Currently just the one test needs it. The ssh-rsa makes sure we're asking for the cipher we find in `known_hosts` as that won't be the one selected by default. This will be relevant in later changes.
| * ssh: verify the remote's host key against known_hosts if it existsCarlos Martín Nieto2023-01-181-87/+222
|/ | | | | It turns out this has been available in libssh2 for a long time and we should have been verifying this the whole time.
* Merge pull request #6351 from libgit2/ethomson/v1.5.0v1.5.0Edward Thomson2022-07-133-3/+80
|\ | | | | v1.5.0
| * v1.5: update version numbersEdward Thomson2022-07-132-3/+3
| |
| * v1.5: update the changelogEdward Thomson2022-07-131-0/+77
|/
* meta: update release.yml for security informationEdward Thomson2022-07-131-1/+4
|
* Merge pull request #6348 from lya001/fix-invalid-branch-nameEdward Thomson2022-07-134-14/+56
|\ | | | | Fix creation of branches and tags with invalid names
| * Update src/libgit2/tag.cEdward Thomson2022-07-121-0/+2
| |
| * Apply suggestions from code reviewEdward Thomson2022-07-122-6/+6
| |
| * Merge branch 'main' into fix-invalid-branch-nameyuangli2022-07-121570-197319/+209051
| |\
| * | tests: free resources in invalid tag name testyuangli2022-07-111-0/+3
| | |
| * | tests: error when create tag with invalid nameyuangli2022-07-111-0/+16
| | |
| * | tag: refactor tag name validity checksyuangli2022-07-111-5/+15
| | |
| * | branches: fix error message for invalid nameyuangli2022-07-111-7/+7
| | |
| * | tests: rename to follow clar naming conventionyuangli2022-07-111-1/+1
| | |
| * | tests: rename test for consistencyyuangli2022-07-111-1/+1
| | |
| * | branch: refactor branch name validity checksyuangli2022-07-111-2/+7
| | |
| * | tests: error when create branch with invalid nameyuangli2022-07-111-0/+8
| | |
| * | tests: follow clar naming conventionyuangli2022-07-111-1/+1
| | |
* | | Merge pull request #6347 from libgit2/ethomson/no_pack_v3Edward Thomson2022-07-122-3/+3
|\ \ \ | | | | | | | | pack: don't pretend we support pack files v3
| * | | pack: don't pretend we support pack files v3Edward Thomson2022-07-082-3/+3
| | |/ | |/| | | | | | | | | | | | | | | | Pack files v3 are introduced in the SHA256 hash transition document https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt Obviously we do not support these yet. Stop pretending that we do.
* | | Merge pull request #6350 from libgit2/ethomson/zlibEdward Thomson2022-07-1215-959/+10749
|\ \ \ | | | | | | | | zlib: update bundled zlib to v1.2.12
| * | | zlib: Silence some warnings from Visual Studio C.Mark Adler2022-07-122-5/+5
| | | |
| * | | zlib: slide_hash: add MSAN annotation to suppress known read from ↵Andrzej Hunt2022-07-121-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | uninitialised memory slide_hash knowingly reads (possibly) uninitialised memory, see comment lower down about prev[n] potentially being garbage. In this case, the result is never used - so we don't care about MSAN complaining about this read. By adding the no_sanitize("memory") attribute, clients of zlib won't see this (unnecessary) error when building and running with MemorySanitizer. An alternative approach is for clients to build zlib with -fsanitize-ignorelist=... where the ignorelist contains something like 'fun:slide_hash'. But that's more work and needs to be redone for any and all CI systems running a given project with MSAN. Adding this annotation to zlib's sources is overall more convenient - but also won't affect non-MSAN builds. This specific issue was found while running git's test suite, but has also been reported by other clients, see e.g. #518.
| * | | zlib: declare prototypes for new functionsEdward Thomson2022-07-122-1/+10
| | | | | | | | | | | | | | | | | | | | The `crc32_combine_gen64` missed a prototype in our define path. Add one.
| * | | zlib: updated bundled zlib to v1.2.12Edward Thomson2022-07-1215-959/+10735
| | | |
* | | | Merge pull request #6349 from libgit2/ethomson/cve-2022-29187Edward Thomson2022-07-123-46/+122
|\ \ \ \ | |/ / / |/| | | Fixes for CVE 2022-29187
| * | | repo: allow users running with sudo to access their repositoriesEdward Thomson2022-07-123-16/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior.
| * | | repo: validate gitdir and gitlink ownershipEdward Thomson2022-07-121-30/+77
|/ / / | | | | | | | | | | | | | | | To match git's behavior with CVE 2022-29187, validate not only the working directory, but also the gitdir and gitlink (if it exists). This a follow up to CVE-2022-24765 that was fixed earlier.
* | | Merge pull request #6341 from libgit2/ethomson/ownership2Edward Thomson2022-07-125-109/+174
|\ \ \ | |/ / |/| | Fix erroneously lax configuration ownership checks
View Lorry Controller Status