Hello community,
here is the log from the commit of package git for openSUSE:Factory checked in at 2015-05-02 17:24:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/git (Old)
and /work/SRC/openSUSE:Factory/.git.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "git"
Changes:
--------
--- /work/SRC/openSUSE:Factory/git/git.changes 2015-04-28 20:47:57.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.git.new/git.changes 2015-05-02 17:24:46.000000000 +0200
@@ -1,0 +2,15 @@
+Tue Apr 28 15:56:38 UTC 2015 - astieger@suse.com
+
+- git 2.3.7:
+ * An earlier update to the parser that disects a URL broke an
+ address, followed by a colon, followed by an empty string (instead
+ of the port number), e.g. ssh://example.com:/path/to/repo.
+ * The completion script (in contrib/) contaminated global namespace
+ and clobbered on a shell variable $x.
+ * The "git push --signed" protocol extension did not limit what the
+ "nonce" that is a server-chosen string can contain or how long it
+ can be, which was unnecessarily lax. Limit both the length and the
+ alphabet to a reasonably small space that can still have enough
+ entropy.
+
+-------------------------------------------------------------------
Old:
----
git-2.3.6.tar.xz
New:
----
git-2.3.7.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ git.spec ++++++
--- /var/tmp/diff_new_pack.uaujAe/_old 2015-05-02 17:24:47.000000000 +0200
+++ /var/tmp/diff_new_pack.uaujAe/_new 2015-05-02 17:24:47.000000000 +0200
@@ -26,7 +26,7 @@
%endif
Name: git
-Version: 2.3.6
+Version: 2.3.7
Release: 0
Summary: Fast, scalable, distributed revision control system
License: GPL-2.0
++++++ git-2.3.6.tar.xz -> git-2.3.7.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/Documentation/RelNotes/2.3.7.txt new/git-2.3.7/Documentation/RelNotes/2.3.7.txt
--- old/git-2.3.6/Documentation/RelNotes/2.3.7.txt 1970-01-01 01:00:00.000000000 +0100
+++ new/git-2.3.7/Documentation/RelNotes/2.3.7.txt 2015-04-27 21:29:33.000000000 +0200
@@ -0,0 +1,21 @@
+Git v2.3.7 Release Notes
+========================
+
+Fixes since v2.3.6
+------------------
+
+ * An earlier update to the parser that disects a URL broke an
+ address, followed by a colon, followed by an empty string (instead
+ of the port number), e.g. ssh://example.com:/path/to/repo.
+
+ * The completion script (in contrib/) contaminated global namespace
+ and clobbered on a shell variable $x.
+
+ * The "git push --signed" protocol extension did not limit what the
+ "nonce" that is a server-chosen string can contain or how long it
+ can be, which was unnecessarily lax. Limit both the length and the
+ alphabet to a reasonably small space that can still have enough
+ entropy.
+
+Also contains typofixes, documentation updates and trivial code
+clean-ups.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/Documentation/git.txt new/git-2.3.7/Documentation/git.txt
--- old/git-2.3.6/Documentation/git.txt 2015-04-21 23:09:37.000000000 +0200
+++ new/git-2.3.7/Documentation/git.txt 2015-04-27 21:29:33.000000000 +0200
@@ -43,9 +43,10 @@
branch of the `git.git` repository.
Documentation for older releases are available here:
-* link:v2.3.6/git.html[documentation for release 2.3.6]
+* link:v2.3.7/git.html[documentation for release 2.3.7]
* release notes for
+ link:RelNotes/2.3.7.txt[2.3.7],
link:RelNotes/2.3.6.txt[2.3.6],
link:RelNotes/2.3.5.txt[2.3.5],
link:RelNotes/2.3.4.txt[2.3.4],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/GIT-VERSION-GEN new/git-2.3.7/GIT-VERSION-GEN
--- old/git-2.3.6/GIT-VERSION-GEN 2015-04-21 23:09:37.000000000 +0200
+++ new/git-2.3.7/GIT-VERSION-GEN 2015-04-27 21:29:33.000000000 +0200
@@ -1,7 +1,7 @@
#!/bin/sh
GVF=GIT-VERSION-FILE
-DEF_VER=v2.3.6
+DEF_VER=v2.3.7
LF='
'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/RelNotes new/git-2.3.7/RelNotes
--- old/git-2.3.6/RelNotes 2015-05-02 17:24:49.000000000 +0200
+++ new/git-2.3.7/RelNotes 2015-05-02 17:24:49.000000000 +0200
@@ -1 +1 @@
-symbolic link to Documentation/RelNotes/2.3.6.txt
+symbolic link to Documentation/RelNotes/2.3.7.txt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/configure new/git-2.3.7/configure
--- old/git-2.3.6/configure 2015-04-21 23:09:38.000000000 +0200
+++ new/git-2.3.7/configure 2015-04-27 21:29:33.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for git 2.3.6.
+# Generated by GNU Autoconf 2.69 for git 2.3.7.
#
# Report bugs to .
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='git'
PACKAGE_TARNAME='git'
-PACKAGE_VERSION='2.3.6'
-PACKAGE_STRING='git 2.3.6'
+PACKAGE_VERSION='2.3.7'
+PACKAGE_STRING='git 2.3.7'
PACKAGE_BUGREPORT='git@vger.kernel.org'
PACKAGE_URL=''
@@ -1251,7 +1251,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures git 2.3.6 to adapt to many kinds of systems.
+\`configure' configures git 2.3.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1312,7 +1312,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of git 2.3.6:";;
+ short | recursive ) echo "Configuration of git 2.3.7:";;
esac
cat <<\_ACEOF
@@ -1451,7 +1451,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-git configure 2.3.6
+git configure 2.3.7
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1931,7 +1931,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by git $as_me 2.3.6, which was
+It was created by git $as_me 2.3.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -8044,7 +8044,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by git $as_me 2.3.6, which was
+This file was extended by git $as_me 2.3.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -8101,7 +8101,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-git config.status 2.3.6
+git config.status 2.3.7
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/connect.c new/git-2.3.7/connect.c
--- old/git-2.3.6/connect.c 2015-04-21 23:09:37.000000000 +0200
+++ new/git-2.3.7/connect.c 2015-04-27 21:29:33.000000000 +0200
@@ -310,6 +310,8 @@
if (end != colon + 1 && *end == '\0' && 0 <= portnr && portnr < 65536) {
*colon = 0;
*port = colon + 1;
+ } else if (!colon[1]) {
+ *colon = 0;
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/contrib/completion/git-completion.bash new/git-2.3.7/contrib/completion/git-completion.bash
--- old/git-2.3.6/contrib/completion/git-completion.bash 2015-04-21 23:09:37.000000000 +0200
+++ new/git-2.3.7/contrib/completion/git-completion.bash 2015-04-27 21:29:33.000000000 +0200
@@ -186,7 +186,7 @@
__gitcompappend ()
{
- local i=${#COMPREPLY[@]}
+ local x i=${#COMPREPLY[@]}
for x in $1; do
if [[ "$x" == "$3"* ]]; then
COMPREPLY[i++]="$2$x$4"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/git.spec new/git-2.3.7/git.spec
--- old/git-2.3.6/git.spec 2015-04-21 23:09:38.000000000 +0200
+++ new/git-2.3.7/git.spec 2015-04-27 21:29:33.000000000 +0200
@@ -1,7 +1,7 @@
# Pass --without docs to rpmbuild if you don't want the documentation
Name: git
-Version: 2.3.6
+Version: 2.3.7
Release: 1%{?dist}
Summary: Core git tools
License: GPL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/send-pack.c new/git-2.3.7/send-pack.c
--- old/git-2.3.6/send-pack.c 2015-04-21 23:09:37.000000000 +0200
+++ new/git-2.3.7/send-pack.c 2015-04-27 21:29:33.000000000 +0200
@@ -281,6 +281,28 @@
return update_seen;
}
+#define NONCE_LEN_LIMIT 256
+
+static void reject_invalid_nonce(const char *nonce, int len)
+{
+ int i = 0;
+
+ if (NONCE_LEN_LIMIT <= len)
+ die("the receiving end asked to sign an invalid nonce <%.*s>",
+ len, nonce);
+
+ for (i = 0; i < len; i++) {
+ int ch = nonce[i] & 0xFF;
+ if (isalnum(ch) ||
+ ch == '-' || ch == '.' ||
+ ch == '/' || ch == '+' ||
+ ch == '=' || ch == '_')
+ continue;
+ die("the receiving end asked to sign an invalid nonce <%.*s>",
+ len, nonce);
+ }
+}
+
int send_pack(struct send_pack_args *args,
int fd[], struct child_process *conn,
struct ref *remote_refs,
@@ -323,6 +345,7 @@
push_cert_nonce = server_feature_value("push-cert", &len);
if (!push_cert_nonce)
die(_("the receiving end does not support --signed push"));
+ reject_invalid_nonce(push_cert_nonce, len);
push_cert_nonce = xmemdupz(push_cert_nonce, len);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/t/t5500-fetch-pack.sh new/git-2.3.7/t/t5500-fetch-pack.sh
--- old/git-2.3.6/t/t5500-fetch-pack.sh 2015-04-21 23:09:37.000000000 +0200
+++ new/git-2.3.7/t/t5500-fetch-pack.sh 2015-04-27 21:29:33.000000000 +0200
@@ -576,13 +576,16 @@
do
for h in host user@host user@[::1] user@::1
do
- test_expect_success "fetch-pack --diag-url $p://$h/$r" '
- check_prot_host_port_path $p://$h/$r $p "$h" NONE "/$r"
- '
- # "/~" -> "~" conversion
- test_expect_success "fetch-pack --diag-url $p://$h/~$r" '
- check_prot_host_port_path $p://$h/~$r $p "$h" NONE "~$r"
- '
+ for c in "" :
+ do
+ test_expect_success "fetch-pack --diag-url $p://$h$c/$r" '
+ check_prot_host_port_path $p://$h/$r $p "$h" NONE "/$r"
+ '
+ # "/~" -> "~" conversion
+ test_expect_success "fetch-pack --diag-url $p://$h$c/~$r" '
+ check_prot_host_port_path $p://$h/~$r $p "$h" NONE "~$r"
+ '
+ done
done
for h in host User@host User@[::1]
do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/t/t5601-clone.sh new/git-2.3.7/t/t5601-clone.sh
--- old/git-2.3.6/t/t5601-clone.sh 2015-04-21 23:09:37.000000000 +0200
+++ new/git-2.3.7/t/t5601-clone.sh 2015-04-27 21:29:33.000000000 +0200
@@ -387,14 +387,17 @@
done
#with ssh:// scheme
-test_expect_success 'clone ssh://host.xz/home/user/repo' '
- test_clone_url "ssh://host.xz/home/user/repo" host.xz "/home/user/repo"
-'
-
-# from home directory
-test_expect_success 'clone ssh://host.xz/~repo' '
- test_clone_url "ssh://host.xz/~repo" host.xz "~repo"
+#ignore trailing colon
+for tcol in "" :
+do
+ test_expect_success "clone ssh://host.xz$tcol/home/user/repo" '
+ test_clone_url "ssh://host.xz$tcol/home/user/repo" host.xz /home/user/repo
+ '
+ # from home directory
+ test_expect_success "clone ssh://host.xz$tcol/~repo" '
+ test_clone_url "ssh://host.xz$tcol/~repo" host.xz "~repo"
'
+done
# with port number
test_expect_success 'clone ssh://host.xz:22/home/user/repo' '
@@ -407,9 +410,9 @@
'
#IPv6
-for tuah in ::1 [::1] user@::1 user@[::1] [user@::1]
+for tuah in ::1 [::1] [::1]: user@::1 user@[::1] user@[::1]: [user@::1] [user@::1]:
do
- ehost=$(echo $tuah | tr -d "[]")
+ ehost=$(echo $tuah | sed -e "s/1]:/1]/ "| tr -d "[]")
test_expect_success "clone ssh://$tuah/home/user/repo" "
test_clone_url ssh://$tuah/home/user/repo $ehost /home/user/repo
"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.3.6/version new/git-2.3.7/version
--- old/git-2.3.6/version 2015-04-21 23:09:38.000000000 +0200
+++ new/git-2.3.7/version 2015-04-27 21:29:33.000000000 +0200
@@ -1 +1 @@
-2.3.6
+2.3.7