Re: [PATCH v2] config: reject invalid VAR in 'git -c VAR=VAL command'

On Thu, Feb 23, 2017 at 10:08:57PM -0800, Junio C Hamano wrote: > Anyway, here is an updated one (the part of the patch to t/ is not > shown as it is unchanged). > > -- >8 -- > Subject: [PATCH] config: use git_config_parse_key() in > git_config_parse_parameter() Looks good. Nice and simple.

Re: [PATCH v2] config: reject invalid VAR in 'git -c VAR=VAL command'

Jeff King writes: >> Backtracking will not fundamentally "fix" parsing of >> >> a.b=c=.d >> >> between twhse two >> >> [a "b="] c = ".d" >> [a] b = "c=.d" >> >> unfortunately, I think. I do not think it is worth doing the "best >> effort" with erroring out

Re: [PATCH v2] config: reject invalid VAR in 'git -c VAR=VAL command'

On Thu, Feb 23, 2017 at 08:17:44PM -0800, Junio C Hamano wrote: > > Hmm. I suspect one cannot do: > > > > git -c 'section.subsection with an = in it.key=foo' ... > > > > Definitely not a new problem, nor something that should block your > > patch. But if we want to fix it, I suspect the problem

Re: [PATCH v2] config: reject invalid VAR in 'git -c VAR=VAL command'

Jeff King writes: >> pair = strbuf_split_str(text, '=', 2); >> if (!pair[0]) > > Hmm. I suspect one cannot do: > > git -c 'section.subsection with an = in it.key=foo' ... > > Definitely not a new problem, nor something that should block your > patch. But if we want to

Re: [PATCH 4/4] ident: do not ignore empty config name/email

On Thu, Feb 23, 2017 at 08:11:11PM -0800, Junio C Hamano wrote: > > So I dunno. I could really go either way on it. Feel free to drop it, or > > even move it into a separate topic to be cooked longer. > > If it were 5 years ago, it would have been different, but I do not > think cooking it

Re: [PATCH 4/4] ident: do not ignore empty config name/email

Jeff King writes: > Keep in mind this _only_ affects Git's config variables. So a script > feeding git via GIT_AUTHOR_NAME, etc, shouldn't change at all with this > code. Ah, that changes the equation somewhat ;-) > So I dunno. I could really go either way on it. Feel free to

Re: [PATCH 15/15] builtin/checkout: add --recurse-submodules switch

On 23/02/17 22:57, Stefan Beller wrote: > Signed-off-by: Stefan Beller > --- > Documentation/git-checkout.txt | 7 +++ > builtin/checkout.c | 28 > t/lib-submodule-update.sh | 33 - >

Re: [PATCH 10/15] update submodules: add submodule_move_head

On 23/02/17 22:57, Stefan Beller wrote: > In later patches we introduce the options and flag for commands > that modify the working directory, e.g. git-checkout. > > This piece of code will be used universally for > all these working tree modifications as it > * supports dry run to answer the

Re: [PATCH 05/10] submodule--helper: add is_active command

On Thu, Feb 23, 2017 at 3:47 PM, Brandon Williams wrote: > There are a lot of places where an explicit check for > submodule."".url is done to see if a submodule exists. In order > to more easily facilitate the use of the submodule.active config option > to indicate active

Re: [PATCH 4/4] ident: do not ignore empty config name/email

On Thu, Feb 23, 2017 at 12:58:39PM -0800, Junio C Hamano wrote: > Jeff King writes: > > > This one is perhaps questionable. Maybe somebody is relying on setting a > > per-repo user.name to override a ~/.gitconfig value and enforce > > auto-detection? > > Thanks for splitting

Re: [PATCH 10/10] submodule--helper clone: check for configured submodules using helper

On Thu, Feb 23, 2017 at 3:47 PM, Brandon Williams wrote: > @@ -795,14 +794,11 @@ static int prepare_to_clone_next_submodule(const struct > cache_entry *ce, > } > > /* > -* Looking up the url in .git/config. > +* Check if the submodule has been

Re: [PATCH v2] config: reject invalid VAR in 'git -c VAR=VAL command'

On Thu, Feb 23, 2017 at 03:19:58PM -0800, Junio C Hamano wrote: > > But you are right. config-parse-key does have the simpler string > > that can just be given to the canonicalize thing and we should be > > able to reuse it. > > Actually, I think we can just use the existing config_parse_key()

Re: [BUG] allowtipsha1inwant serves unreachable blobs if you know its hash

On Thu, Feb 23, 2017 at 03:03:58PM -0800, Jonathan Tan wrote: > If a server sets allowtipsha1inwant (or allowreachablesha1inwant), a > client can call "git fetch " where SHA-1 is the hash of > a blob (reachable or unreachable) to obtain it. The test below (which > passes) demonstrates that.

Re: [BUG] allowtipsha1inwant serves unreachable blobs if you know its hash

Junio C Hamano writes: > Jonathan Tan writes: > >> Adding "--objects" works, and all existing tests pass, except for the >> potential performance issue and the side effect that even fetching a >> reachable blob no longer works. This is due to a

Re: [PATCH 1/3] add collision-detecting sha1 implementation

On Thu, Feb 23, 2017 at 04:12:01PM -0800, Linus Torvalds wrote: > On Thu, Feb 23, 2017 at 4:01 PM, Jeff King wrote: > > > > You know, I didn't even look at the LICENSE file, since it said MIT and > > had a link here. It would be trivial to copy it over, too, of course. > > You

[PATCH] submodule init: warn about falling back to a local path

When a submodule is initialized, the config variable 'submodule..url' is set depending on the value of the same variable in the .gitmodules file. When the URL indicates to be relative, then the url is computed relative to its default remote. The default remote cannot be determined accurately in

Re: [PATCH 1/3] add collision-detecting sha1 implementation

On Thu, Feb 23, 2017 at 4:01 PM, Jeff King wrote: > > You know, I didn't even look at the LICENSE file, since it said MIT and > had a link here. It would be trivial to copy it over, too, of course. You should do it. It's just good to be careful and clear with licenses, and the

Re: [BUG] allowtipsha1inwant serves unreachable blobs if you know its hash

On Thu, Feb 23, 2017 at 03:50:00PM -0800, Junio C Hamano wrote: > Jonathan Tan writes: > > > Adding "--objects" works, and all existing tests pass, except for the > > potential performance issue and the side effect that even fetching a > > reachable blob no longer

Re: [PATCH 1/3] add collision-detecting sha1 implementation

On Thu, Feb 23, 2017 at 03:15:11PM -0800, Stefan Beller wrote: > On Thu, Feb 23, 2017 at 3:05 PM, Jeff King wrote: > > > +* Copyright 2017 Marc Stevens , Dan Shumow > > (dan...@microsoft.com) > > +* Distributed under the MIT Software License. > > +* See

Re: [PATCH 00/10] decoupling a submodule's existence and its url

On Thu, Feb 23, 2017 at 3:47 PM, Brandon Williams wrote: > There are two motivations for decoupling a submodule's existence from the url > that is stored in .git/config. > > 1. Worktrees can't really be used with submodules since the existence is >checked based on the

[PATCH 05/10] submodule--helper: add is_active command

There are a lot of places where an explicit check for submodule."".url is done to see if a submodule exists. In order to more easily facilitate the use of the submodule.active config option to indicate active submodules, add a helper which can be used to query if a submodule is active or not.

Re: [BUG] allowtipsha1inwant serves unreachable blobs if you know its hash

Jonathan Tan writes: > Adding "--objects" works, and all existing tests pass, except for the > potential performance issue and the side effect that even fetching a > reachable blob no longer works. This is due to a possible bug where a > call like "git rev-list

[PATCH 02/10] submodule update: add `--init-active` switch

The new switch `--init-active` initializes the submodules which are configured in `submodule.active` instead of those given as command line arguments before updating. In the first implementation this is made incompatible with further command line arguments as it is unclear what the user means by

[PATCH 10/10] submodule--helper clone: check for configured submodules using helper

Use the 'is_submodule_initialized()' helper to check for configured submodules instead of manually checking for the submodule's URL in the config. Signed-off-by: Brandon Williams --- builtin/submodule--helper.c | 11 +++ 1 file changed, 3 insertions(+), 8 deletions(-)

[PATCH 01/10] submodule: decouple url and submodule existence

Currently the submodule..url config option is used to determine if a given submodule exists and is interesting to the user. This however doesn't work very well because the URL is a config option for the scope of a repository, whereas the existence of a submodule is an option scoped to the working

[PATCH 07/10] submodule status: use submodule--helper is-active

Signed-off-by: Brandon Williams --- git-submodule.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/git-submodule.sh b/git-submodule.sh index 4633a4336..f8adfb179 100755 --- a/git-submodule.sh +++ b/git-submodule.sh @@ -1026,14 +1026,13 @@ cmd_status()

[PATCH 06/10] submodule add: respect submodule.active

When submodule.active is configured, in addition to adding submodule."".url to the config, add the path of the added submodule if it isn't already covered by the current config values. Signed-off-by: Brandon Williams --- git-submodule.sh | 11 +++

[PATCH 03/10] clone: add --submodule-spec= switch

The new switch passes the pathspec to `git submodule update --init-active` which is called after the actual clone is done. Additionally this configures the submodule.active option to be the given pathspec, such that any future invocation of `git submodule update --init-active` will keep up with

[PATCH 09/10] submodule sync: use submodule--helper is-active

Signed-off-by: Brandon Williams --- git-submodule.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git-submodule.sh b/git-submodule.sh index 02b85dceb..f35345775 100755 --- a/git-submodule.sh +++ b/git-submodule.sh @@ -1127,7 +1127,7 @@ cmd_sync()

[PATCH 00/10] decoupling a submodule's existence and its url

There are two motivations for decoupling a submodule's existence from the url that is stored in .git/config. 1. Worktrees can't really be used with submodules since the existence is checked based on the shared .git/config. This means that two different worktress have to have the same

[PATCH 04/10] completion: clone can initialize specific submodules

Signed-off-by: Brandon Williams --- contrib/completion/git-completion.bash | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/git-completion.bash b/contrib/completion/git-completion.bash index 6721ff80f..4e473aa90 100644 ---

[PATCH 08/10] submodule deinit: use most reliable url

The user could have configured the submodule to have a different URL from the one in the superproject's config. To account for this read what the submodule has configured for remote.origin.url and use that instead. Signed-off-by: Brandon Williams --- git-submodule.sh | 2 +-

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 3:05 PM, Jeff King wrote: > > (By the way, I don't see your version on the list, Linus, which probably > means it was eaten by the 100K filter). Ahh. I didn't even think about a size filter. Doesn't matter, your version looks fine. Linus

Re: [PATCH v2] config: reject invalid VAR in 'git -c VAR=VAL command'

Junio C Hamano writes: > Jeff King writes: > >> FWIW, the code looks OK here. It is a shame to duplicate the policy >> found in git_config_parse_key(), though. >> >> I wonder if we could make a master version of that which canonicalizes >> in-place, and then

Re: [PATCH 1/3] add collision-detecting sha1 implementation

On Thu, Feb 23, 2017 at 3:05 PM, Jeff King wrote: > +* Copyright 2017 Marc Stevens , Dan Shumow > (dan...@microsoft.com) > +* Distributed under the MIT Software License. > +* See accompanying file LICENSE.txt or copy at The accompanying LICENSE file did not

[PATCH 15/15] builtin/checkout: add --recurse-submodules switch

Signed-off-by: Stefan Beller --- Documentation/git-checkout.txt | 7 +++ builtin/checkout.c | 28 t/lib-submodule-update.sh | 33 - t/t2013-checkout-submodule.sh | 5 + 4 files changed,

[PATCH 13/15] read-cache, remove_marked_cache_entries: wipe selected submodules.

Signed-off-by: Stefan Beller --- read-cache.c | 27 +-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/read-cache.c b/read-cache.c index 9054369dd0..9a2abacf7a 100644 --- a/read-cache.c +++ b/read-cache.c @@ -18,6 +18,8 @@ #include

[PATCH 10/15] update submodules: add submodule_move_head

In later patches we introduce the options and flag for commands that modify the working directory, e.g. git-checkout. This piece of code will be used universally for all these working tree modifications as it * supports dry run to answer the question: "Is it safe to change the submodule to this

[PATCH 05/15] connect_work_tree_and_git_dir: safely create leading directories

In a later patch we'll use connect_work_tree_and_git_dir when the directory for the gitlink file doesn't exist yet. This patch makes connect_work_tree_and_git_dir safe to use for both cases of either the git dir or the working dir missing. To do so, we need to call

[PATCH 07/15] update submodules: add a config option to determine if submodules are updated

In later patches we introduce the options and flag for commands that modify the working directory, e.g. git-checkout. Have a central place to store such settings whether we want to update a submodule. Signed-off-by: Stefan Beller --- submodule.c | 6 ++ submodule.h | 1

[PATCH 3/3] Makefile: add USE_SHA1DC knob

This knob lets you use the sha1dc implementation from: https://github.com/cr-marcstevens/sha1collisiondetection which can detect certain types of collision attacks (even when we only see half of the colliding pair). The big downside is that it's slower than either the openssl or

[PATCH 2/3] sha1dc: adjust header includes for git

We can replace system includes with git-compat-util.h (and should make sure it is included in all .c files). We can drop includes from headers entirely, as every .c file is supposed to include git-compat-util itself first. We also use the full "sha1dc/" path for including related files. This

[PATCH 12/15] unpack-trees: check if we can perform the operation for submodules

Signed-off-by: Stefan Beller --- unpack-trees.c | 131 + unpack-trees.h | 1 + 2 files changed, 123 insertions(+), 9 deletions(-) diff --git a/unpack-trees.c b/unpack-trees.c index 616a0ae4b2..8333da2cc9 100644 ---

[PATCH 1/3] add collision-detecting sha1 implementation

This is pulled straight from: https://github.com/cr-marcstevens/sha1collisiondetection with no modifications yet (though I've pulled in only the subset of files necessary for Git to use). Signed-off-by: Jeff King --- sha1dc/sha1.c | 1146

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 05:43:02PM -0500, Jeff King wrote: > On Thu, Feb 23, 2017 at 02:38:29PM -0800, Linus Torvalds wrote: > > > > Thanks, I hadn't seen that yet. That doesn't look like it should be hard > > > to integrate into Git. > > > > Here's a *very* ugly patch that is absolutely

[PATCH 14/15] entry.c: update submodules when interesting

Signed-off-by: Stefan Beller --- entry.c | 30 ++ 1 file changed, 30 insertions(+) diff --git a/entry.c b/entry.c index c6eea240b6..d2b512da90 100644 --- a/entry.c +++ b/entry.c @@ -2,6 +2,7 @@ #include "blob.h" #include "dir.h" #include

[PATCH 06/15] update submodules: add submodule config parsing

Similar to b33a15b08 (push: add recurseSubmodules config option, 2015-11-17) and 027771fcb1 (submodule: allow erroneous values for the fetchRecurseSubmodules option, 2015-08-17), we add submodule-config code that is later used to parse whether we are interested in updating submodules. We need the

[PATCH 11/15] unpack-trees: pass old oid to verify_clean_submodule

The check (which uses the old oid) is yet to be implemented, but this part is just a refactor, so it can go separately first. Signed-off-by: Stefan Beller --- unpack-trees.c | 17 ++--- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/unpack-trees.c

[PATCH 02/15] lib-submodule-update.sh: do not use ./. as submodule remote

Adding the repository itself as a submodule does not make sense in the real world. In our test suite we used to do that out of convenience in some tests as the current repository has easiest access for setting up 'just a submodule'. However this doesn't quite test the real world, so let's do not

[RFCv5 PATCH 00/14] Checkout aware of Submodules!

previous work: https://public-inbox.org/git/20161203003022.29797-1-sbel...@google.com/ v5: * as v4 was the first version queued by Junio, we do have an interdiff below! * renamed functions * changed the API, now the caller has to take care of the submodule strategy themselves. (Note this

[PATCH 04/15] make is_submodule_populated gently

We need the gentle version in a later patch. As we have just one caller, migrate the caller. Signed-off-by: Stefan Beller --- builtin/grep.c | 2 +- submodule.c| 7 ++- submodule.h| 8 +++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git

[PATCH 03/15] lib-submodule-update.sh: define tests for recursing into submodules

Currently lib-submodule-update.sh provides 2 functions test_submodule_switch and test_submodule_forced_switch that are used by a variety of tests to ensure that submodules behave as expected. The current expected behavior is that submodules are not touched at all (see 42639d2317a for the exact

[BUG] allowtipsha1inwant serves unreachable blobs if you know its hash

If a server sets allowtipsha1inwant (or allowreachablesha1inwant), a client can call "git fetch " where SHA-1 is the hash of a blob (reachable or unreachable) to obtain it. The test below (which passes) demonstrates that. I have bisected this, and this bug occurs at least as early as the

[PATCH 01/15] lib-submodule-update.sh: reorder create_lib_submodule_repo

Redraw the ASCII art describing the setup using more space, such that it is easier to understand. The leaf commits are now ordered the same way the actual code is ordered. Add empty lines to the setup code separating each of the leaf commits, each starting with a "checkout -b". Signed-off-by:

[PATCH 08/15] submodules: introduce check to see whether to touch a submodule

In later patches we introduce the --recurse-submodule flag for commands that modify the working directory, e.g. git-checkout. It is potentially expensive to check if a submodule needs an update, because a common theme to interact with submodules is to spawn a child process for each interaction.

[PATCH 09/15] update submodules: move up prepare_submodule_repo_env

In a later patch we need to prepare the submodule environment with another git directory, so split up the function. Also move it up in the file such that we do not need to declare the function later before using it. Signed-off-by: Stefan Beller --- submodule.c | 29

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 2:43 PM, Jeff King wrote: > > Yeah. I started looking at that, but the ubc check happens after the > initial expansion. Yes. That's the point where I gave up and just included their ugly sha1.c file. I suspect it can be done, but it would need somebody to

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 02:38:29PM -0800, Linus Torvalds wrote: > > Thanks, I hadn't seen that yet. That doesn't look like it should be hard > > to integrate into Git. > > Here's a *very* ugly patch that is absolutely disgusting and should not be > used. But it does kind of work (I tested it

Re: [PATCH v2 1/4] delete_ref: accept a reflog message argument

Duy Nguyen writes: > On Tue, Feb 21, 2017 at 8:10 AM, Kyle Meyer wrote: >> diff --git a/refs.h b/refs.h >> index 9fbff90e7..5880886a7 100644 >> --- a/refs.h >> +++ b/refs.h >> @@ -276,8 +276,8 @@ int reflog_exists(const char *refname); >> * exists,

What's cooking in git.git (Feb 2017, #07; Thu, 23)

Here are the topics that have been cooking. Commits prefixed with '-' are only in 'pu' (proposed updates) while commits prefixed with '+' are in 'next'. The ones marked with '.' do not appear in any of the integration branches, but I am still holding onto them. You can find the changes

Re: [PATCH 3/4] filter-branch: fix --prune-empty on parentless commits

On Thu, Feb 23, 2017 at 01:17:49PM -0800, Junio C Hamano wrote: > "Devin J. Pohly" writes: > > > Previously, the git_commit_non_empty_tree function would always pass any > > commit with no parents to git-commit-tree, regardless of whether the > > tree was nonempty. The new

Re: SHAttered (the first practical SHA1 attack)

W dniu 23.02.2017 o 16:50, Santiago Torres pisze: > Hello all, > > I ran into this website presenting the "first practical attack on > sha1"[1]. I don't recall seeing this on the ML, so I'm sharing this just > in case. I know there are proposals to move out of sha1 already. I > wonder if this

Re: [PATCH 3/4] filter-branch: fix --prune-empty on parentless commits

"Devin J. Pohly" writes: > Previously, the git_commit_non_empty_tree function would always pass any > commit with no parents to git-commit-tree, regardless of whether the > tree was nonempty. The new commit would then be recorded in the > filter-branch revision map, and

Re: [PATCH 4/4] ident: do not ignore empty config name/email

Jeff King writes: > This one is perhaps questionable. Maybe somebody is relying on setting a > per-repo user.name to override a ~/.gitconfig value and enforce > auto-detection? Thanks for splitting this step out. 1/4 and 2/4 are obvious improvements, and 3/4 is a very sensible

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 09:49:09PM +0100, Jakub Narębski wrote: > > How is GIT affected? GIT strongly relies on SHA-1 for the > > identification and integrity checking of all file objects and > > commits. It is essentially possible to create two GIT repositories > > with the same head commit hash

Re: SHA1 collisions found

Jeff King wrote: > It's not an identical prefix, but I think collision attacks generally > are along the lines of selecting two prefixes followed by garbage, and > then mutating the garbage on both sides. That would "work" in this case > (modulo the fact that git would complain about the NUL). >

Re: [PATCH] git svn branch fails with authenticaton failures

Hiroshi Shirosaki wrote: > I have the following authentication failure while svn rebase and > svn dcommit works fine without authentication failures. > > $ git svn branch v7_3 > Copying https://xxx at r27519 > to

Re: SHA1 collisions found

W dniu 23.02.2017 o 18:12, David Lang pisze: > On Thu, 23 Feb 2017, Junio C Hamano wrote: > >> On Thu, Feb 23, 2017 at 8:43 AM, Joey Hess wrote: >>> >>> Since we now have collisions in valid PDF files, collisions in >>> valid git commit and tree objects are probably able to be

Re: [PATCH] http(s): automatically try NTLM authentication first

On Thu, Feb 23, 2017 at 12:37:25PM -0800, Junio C Hamano wrote: > Jeff King writes: > > > I suspect it isn't enough to help without 2/2. This will tell curl that > > the server does not do Negotiate, so it will skip the probe request. But > > Git will still feed curl the bogus

Re: SHA1 collisions found

On 2017-02-23 11:09:32, Linus Torvalds wrote: > I'm aware of the fsck checks, but I have to admit I wasn't aware of > 'transfer.fsckobjects'. I should turn that on myself. > > Or maybe git should just turn it on by default? The problem with this is that there are many repos with errors out

Re: [PATCH] http(s): automatically try NTLM authentication first

Jeff King writes: > I suspect it isn't enough to help without 2/2. This will tell curl that > the server does not do Negotiate, so it will skip the probe request. But > Git will still feed curl the bogus empty credential. > > That's what 2/2 tries to fix: only kick in the

git bugs

There are a few bugs I git I noticed when using mingw, mingw64, cygwin, and cygwin64. These bugs are the following: if I do git ``rebase -i --root`` and tell it to edit every commit to gpg sign all my commits it bugs out and merges all of the commits into 1 commit instead of only appending the

Re: [PATCH] upload-pack: report "not our ref" to client

Thanks.

RE: [PATCH 2/2] http: add an "auto" mode for http.emptyauth

> -Original Message- > From: Jeff King [mailto:p...@peff.net] > Sent: Thursday, February 23, 2017 2:44 PM > To: David Turner > Cc: Junio C Hamano ; git@vger.kernel.org; > sand...@crustytoothpaste.net; Johannes Schindelin >

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 11:09:32AM -0800, Linus Torvalds wrote: > On Thu, Feb 23, 2017 at 10:46 AM, Jeff King wrote: > >> > >> So I agree with you that we need to make git check for the opaque > >> data. I think I was the one who brought that whole argument up. > > > > We do

Re: [PATCH v5 1/1] config: add conditional include

Nguyễn Thái Ngọc Duy writes: >> There was some discussion after v4. I think the open issues are: >> >> - the commit message is rather terse (it should describe motivation, >> and can refer to the docs for the "how") > This allows some more flexibility in managing

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 11:47:16AM -0800, Linus Torvalds wrote: > On Thu, Feb 23, 2017 at 11:32 AM, Jeff King wrote: > > > > Yeah, they're not expensive. We've discussed enabling them by default. > > The sticking point is that there is old history with minor bugs which > >

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 11:32 AM, Jeff King wrote: > > Yeah, they're not expensive. We've discussed enabling them by default. > The sticking point is that there is old history with minor bugs which > triggers some warnings (e.g., malformed committer names), and it would > be

Re: [PATCH 2/2] http: add an "auto" mode for http.emptyauth

On Thu, Feb 23, 2017 at 04:31:13PM +, David Turner wrote: > > As somebody who is using non-Basic auth, can you apply these patches and > > show us the output of: > > > >GIT_TRACE_CURL=1 \ > >git ls-remote https://your-server 2>&1 >/dev/null | > >egrep '(Send|Recv) header:

Re: [PATCH] http(s): automatically try NTLM authentication first

On Thu, Feb 23, 2017 at 06:08:49PM +0100, Johannes Schindelin wrote: > > I suspect the patch above could probably be generalized as: > > > > /* cut out methods we know the server doesn't support */ > > http_auth_methods &= results.auth_avail; > > > > and let curl figure it out from there. >

Re: [PATCH] http(s): automatically try NTLM authentication first

On Thu, Feb 23, 2017 at 11:11:05AM -0800, Junio C Hamano wrote: > >> As far as Kerberos, this is a desirable feature to have enabled, with > >> little downside. I just don't know about the security of the NTLM part, > >> and I don't think we should take this patch unless we're sure we know > >>

Fwd: Re: feature request: user email config per domain

Forwarding a message that ended on my end only, probably by accident. Forwarded Message Subject: Re: feature request: user email config per domain Date: Thu, 23 Feb 2017 13:32:56 +0530 From: Tushar Kapila To: Igor Djordjevic BugA

usability bug: git-gui: keyboard shortcuts don't operate correctly on multi-file selections

Ctrl+T/Ctrl+U add/remove only one file, not the whole selection - used to work. Neither are access keys for menu underlined (Ease of access center > underline keyboard shortcuts is on), so there is no way to effectively work with keyb only. git-gui verison 0.21 GITGUI git version

Re: SHA1 collisions found

pointers to a little more info https://shattered.it/static/ the two files are: https://shattered.it/static/shattered-1.pdf https://shattered.it/static/shattered-2.pdf 422435 shattered-2.pdf 422435 shattered-1.pdf identical length and a lot smaller than I expected (~162K of the 413K file is

Re: SHA1 collisions found

The attack seems to generate two 64-bytes blocks, one quarter of which is repeated data. (Table-1 in the paper.) Assuming the result of that is evenly distributed and that bytes are independent, we can estimate the chances that the result is NUL-free as (255/256)^192 = 47% and the probability

Re: [PATCH] http(s): automatically try NTLM authentication first

Jeff King writes: > On Wed, Feb 22, 2017 at 11:34:19PM +, brian m. carlson wrote: > >> Browsers usually disable this feature by default, as it basically will >> attempt to authenticate to any site that sends a 401. For Kerberos >> against a malicious site, the user will

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 10:46 AM, Jeff King wrote: >> >> So I agree with you that we need to make git check for the opaque >> data. I think I was the one who brought that whole argument up. > > We do already. I'm aware of the fsck checks, but I have to admit I wasn't aware of

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 02:21:47PM -0400, Joey Hess wrote: > Linus Torvalds wrote: > > What you describe pretty much already requires a pre-image attack, > > which the new attack is _not_. > > > > It's not clear that the "good" object can be anything sane. > > Generate a regular commit object;

Re: [PATCH] http(s): automatically try NTLM authentication first

Johannes Schindelin writes: > On Wed, 22 Feb 2017, Jeff King wrote: >> This patch drops the useless probe request: > ... >> but setting http.emptyauth adds back in the useless request. I think >> that could be fixed by skipping the empty-auth thing when >>

Re: SHA1 collisions found

Joey Hess wrote: > Linus Torvalds wrote: > > What you describe pretty much already requires a pre-image attack, > > which the new attack is _not_. > > > > It's not clear that the "good" object can be anything sane. > > Generate a regular commit object; use the entire commit object + NUL as the >

Re: [PATCH v2] send-email: only allow one address per body tag

Matthieu Moy writes: > Johan Hovold writes: > >> --- a/git-send-email.perl >> +++ b/git-send-email.perl >> @@ -1563,7 +1563,7 @@ foreach my $t (@files) { >> # Now parse the message body >> while(<$fh>) { >> $message .= $_;

[PATCH] upload-pack: report "not our ref" to client

Make upload-pack report "not our ref" errors to the client as an "ERR" line. (If not, the client would be left waiting for a response when the server is already dead.) Signed-off-by: Jonathan Tan --- Thanks, here is the independent patch. upload-pack.c | 6 +- 1

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 10:40:48AM -0800, Linus Torvalds wrote: > > Generate a regular commit object; use the entire commit object + NUL as the > > chosen prefix, and use the identical-prefix collision attack to generate > > the colliding good/bad objects. > > So I agree with you that we need to

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 10:21 AM, Joey Hess wrote: > Linus Torvalds wrote: >> What you describe pretty much already requires a pre-image attack, >> which the new attack is _not_. >> >> It's not clear that the "good" object can be anything sane. > > Generate a regular commit

Re: SHA1 collisions found

Joey Hess writes: > For example, git fsck does warn about a commit message with opaque > data hidden after a NUL. But, git show/merge/pull give no indication > that something funky is going on when working with such commits. Would $ git config transfer.fsckobjects true

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 10:10 AM, Joey Hess wrote: > > It would cost 6500 CPU years + 100 GPU years to generate valid colliding > git objects using the methods of the paper's authors. That might be cost > effective if it helped get a backdoor into eg, the kernel. I still think

Re: SHA1 collisions found

Linus Torvalds wrote: > What you describe pretty much already requires a pre-image attack, > which the new attack is _not_. > > It's not clear that the "good" object can be anything sane. Generate a regular commit object; use the entire commit object + NUL as the chosen prefix, and use the

Re: SHA1 collisions found

On Thu, 23 Feb 2017, Joey Hess wrote: Junio C Hamano wrote: On Thu, Feb 23, 2017 at 8:43 AM, Joey Hess wrote: Since we now have collisions in valid PDF files, collisions in valid git commit and tree objects are probably able to be constructed. That may be true, but

Re: SHA1 collisions found

Linus Torvalds wrote: > I haven't seen the attack yet, but git doesn't actually just hash the > data, it does prepend a type/length field to it. That usually tends to > make collision attacks much harder, because you either have to make > the resulting size the same too, or you have to be able to

Re: SHA1 collisions found

On Thu, Feb 23, 2017 at 9:35 AM, Joey Hess wrote: > > Attacks using this SHA1 break will look something more like: We don't actually know what the break is, but it's likely that you can't actually do what you think you can do: > * I push a "bad" object to a repo on github I set

  1   2   >