mbox series

[v2,0/2] Fix behavior of Git.pm in unsafe bare repositories

Message ID 20221022011931.43992-1-michael@mcclimon.org (mailing list archive)
Headers show
Series Fix behavior of Git.pm in unsafe bare repositories | expand

Message

Michael McClimon Oct. 22, 2022, 1:19 a.m. UTC 
This adds one commit on top of the last version, to avoid the security problem
mentioned by Peff at [1]. It's possible this isn't the best way to go about
this (and I would not really call myself a C programmer), but it's a minimal
patch that seems to fix the problem.

I'm not sure if I need to document the new environment variable somewhere or
not; it's really an internal-only thing, so I didn't do so this time around,
but happy to if needed. Thanks!

[1] https://lore.kernel.org/git/Y1ImS1Muvk1MAQeC@coredump.intra.peff.net/

Michael McClimon (2):
  Git.pm: add semicolon after catch statement
  setup: allow Git.pm to do unsafe repo checking

 perl/Git.pm         |  3 ++-
 setup.c             |  3 +++
 t/t9700-perl-git.sh |  4 ++++
 t/t9700/test.pl     | 18 ++++++++++++++++++
 4 files changed, 27 insertions(+), 1 deletion(-)

Range-diff against v1:
1:  1337c855 = 1:  1337c855 Git.pm: add semicolon after catch statement
-:  -------- > 2:  273f77d1 setup: allow Git.pm to do unsafe repo checking