git-for-windows/git
1
0
Fork 0
mirror of https://github.com/git-for-windows/git.git synced 2026-05-26 19:02:49 -05:00
Code Issues Packages Projects Releases 335 Wiki Activity

Sync with 2.14.2

Browse Source 
* maint:
  Git 2.14.2
  Git 2.13.6
  Git 2.12.5
  Git 2.11.4
  Git 2.10.5
  cvsimport: shell-quote variable used in backticks
  archimport: use safe_pipe_capture for user input
  shell: drop git-cvsserver support by default
  cvsserver: use safe_pipe_capture for `constant commands` as well
  cvsserver: use safe_pipe_capture instead of backticks
  cvsserver: move safe_pipe_capture() to the main package
This commit is contained in:
Junio C Hamano
2017-09-26 14:15:55 +09:00
parent 28996cec80 4010f1d1b7
commit 7451fcdc0d
11 changed files with 183 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Documentation/RelNotes/2.10.5.txt Normal file
View File

@@ -0,0 +1,17 @@
Git v2.10.5 Release Notes
=========================
Fixes since v2.10.4
-------------------
* "git cvsserver" no longer is invoked by "git daemon" by default,
as it is old and largely unmaintained.
* Various Perl scripts did not use safe_pipe_capture() instead of
backticks, leaving them susceptible to end-user input. They have
been corrected.
Credits go to joernchen <joernchen@phenoelit.de> for finding the
unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
finding and fixing instances of the same issue in other scripts.

17
Documentation/RelNotes/2.11.4.txt Normal file
View File

@@ -0,0 +1,17 @@
Git v2.11.4 Release Notes
=========================
Fixes since v2.11.3
-------------------
* "git cvsserver" no longer is invoked by "git daemon" by default,
as it is old and largely unmaintained.
* Various Perl scripts did not use safe_pipe_capture() instead of
backticks, leaving them susceptible to end-user input. They have
been corrected.
Credits go to joernchen <joernchen@phenoelit.de> for finding the
unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
finding and fixing instances of the same issue in other scripts.

17
Documentation/RelNotes/2.12.5.txt Normal file
View File

@@ -0,0 +1,17 @@
Git v2.12.5 Release Notes
=========================
Fixes since v2.12.4
-------------------
* "git cvsserver" no longer is invoked by "git daemon" by default,
as it is old and largely unmaintained.
* Various Perl scripts did not use safe_pipe_capture() instead of
backticks, leaving them susceptible to end-user input. They have
been corrected.
Credits go to joernchen <joernchen@phenoelit.de> for finding the
unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
finding and fixing instances of the same issue in other scripts.

17
Documentation/RelNotes/2.13.6.txt Normal file
View File

@@ -0,0 +1,17 @@
Git v2.13.6 Release Notes
=========================
Fixes since v2.13.5
-------------------
* "git cvsserver" no longer is invoked by "git daemon" by default,
as it is old and largely unmaintained.
* Various Perl scripts did not use safe_pipe_capture() instead of
backticks, leaving them susceptible to end-user input. They have
been corrected.
Credits go to joernchen <joernchen@phenoelit.de> for finding the
unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
finding and fixing instances of the same issue in other scripts.

11
Documentation/RelNotes/2.14.2.txt
View File

@@ -91,4 +91,15 @@ Fixes since v2.14.1
* "git archive" did not work well with pathspecs and the
export-ignore attribute.
* "git cvsserver" no longer is invoked by "git daemon" by default,
as it is old and largely unmaintained.
* Various Perl scripts did not use safe_pipe_capture() instead of
backticks, leaving them susceptible to end-user input. They have
been corrected.
Also contains various documentation updates and code clean-ups.
Credits go to joernchen <joernchen@phenoelit.de> for finding the
unsafe constructs in "git cvsserver", and to Jeff King at GitHub for
finding and fixing instances of the same issue in other scripts.

16
Documentation/git-shell.txt
View File

@@ -79,6 +79,22 @@ EOF
$ chmod +x $HOME/git-shell-commands/no-interactive-login
----------------
To enable git-cvsserver access (which should generally have the
`no-interactive-login` example above as a prerequisite, as creating
the git-shell-commands directory allows interactive logins):
----------------
$ cat >$HOME/git-shell-commands/cvs <<\EOF
if ! test $# = 1 && test "$1" = "server"
then
echo >&2 "git-cvsserver only handles \"server\""
exit 1
fi
exec git cvsserver server
EOF
$ chmod +x $HOME/git-shell-commands/cvs
----------------
SEE ALSO
--------
ssh(1),