diff --git a/Documentation/RelNotes/2.4.12.txt b/Documentation/RelNotes/2.4.12.txt new file mode 100644 index 0000000000..7d15f94725 --- /dev/null +++ b/Documentation/RelNotes/2.4.12.txt @@ -0,0 +1,12 @@ +Git v2.4.12 Release Notes +========================= + +Fixes since v2.4.11 +------------------- + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/RelNotes/2.5.6.txt b/Documentation/RelNotes/2.5.6.txt new file mode 100644 index 0000000000..9cd025bb1c --- /dev/null +++ b/Documentation/RelNotes/2.5.6.txt @@ -0,0 +1,12 @@ +Git v2.5.6 Release Notes +======================== + +Fixes since v2.5.5 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/RelNotes/2.6.7.txt b/Documentation/RelNotes/2.6.7.txt new file mode 100644 index 0000000000..1335de49a6 --- /dev/null +++ b/Documentation/RelNotes/2.6.7.txt @@ -0,0 +1,12 @@ +Git v2.6.7 Release Notes +======================== + +Fixes since v2.6.6 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/RelNotes/2.7.5.txt b/Documentation/RelNotes/2.7.5.txt new file mode 100644 index 0000000000..83559ce3b2 --- /dev/null +++ b/Documentation/RelNotes/2.7.5.txt @@ -0,0 +1,14 @@ +Git v2.7.5 Release Notes +======================== + +Fixes since v2.7.4 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). + +Also contains a few fixes backported from later development tracks. diff --git a/Documentation/RelNotes/2.8.5.txt b/Documentation/RelNotes/2.8.5.txt new file mode 100644 index 0000000000..7bd179fa12 --- /dev/null +++ b/Documentation/RelNotes/2.8.5.txt @@ -0,0 +1,12 @@ +Git v2.8.5 Release Notes +======================== + +Fixes since v2.8.4 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/RelNotes/2.9.4.txt b/Documentation/RelNotes/2.9.4.txt index 01e864278b..9768293831 100644 --- a/Documentation/RelNotes/2.9.4.txt +++ b/Documentation/RelNotes/2.9.4.txt @@ -80,4 +80,11 @@ Fixes since v2.9.3 the file descriptor still open. Open tempfile with O_CLOEXEC flag to avoid this (on Windows, this is mapped to O_NOINHERIT). + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). + Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/git.txt b/Documentation/git.txt index ed717e4336..3cb55cdd7b 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -50,34 +50,39 @@ Documentation for older releases are available here: link:RelNotes/2.10.1.txt[2.10.1], link:RelNotes/2.10.0.txt[2.10]. -* link:v2.9.3/git.html[documentation for release 2.9.3] +* link:v2.9.4/git.html[documentation for release 2.9.4] * release notes for + link:RelNotes/2.9.4.txt[2.9.4], link:RelNotes/2.9.3.txt[2.9.3], link:RelNotes/2.9.2.txt[2.9.2], link:RelNotes/2.9.1.txt[2.9.1], link:RelNotes/2.9.0.txt[2.9]. -* link:v2.8.4/git.html[documentation for release 2.8.4] +* link:v2.8.5/git.html[documentation for release 2.8.5] * release notes for + link:RelNotes/2.8.5.txt[2.8.5], link:RelNotes/2.8.4.txt[2.8.4], link:RelNotes/2.8.3.txt[2.8.3], link:RelNotes/2.8.2.txt[2.8.2], link:RelNotes/2.8.1.txt[2.8.1], link:RelNotes/2.8.0.txt[2.8]. -* link:v2.7.3/git.html[documentation for release 2.7.3] +* link:v2.7.5/git.html[documentation for release 2.7.5] * release notes for + link:RelNotes/2.7.5.txt[2.7.5], + link:RelNotes/2.7.4.txt[2.7.4], link:RelNotes/2.7.3.txt[2.7.3], link:RelNotes/2.7.2.txt[2.7.2], link:RelNotes/2.7.1.txt[2.7.1], link:RelNotes/2.7.0.txt[2.7]. -* link:v2.6.6/git.html[documentation for release 2.6.6] +* link:v2.6.7/git.html[documentation for release 2.6.7] * release notes for + link:RelNotes/2.6.7.txt[2.6.7], link:RelNotes/2.6.6.txt[2.6.6], link:RelNotes/2.6.5.txt[2.6.5], link:RelNotes/2.6.4.txt[2.6.4], @@ -86,9 +91,10 @@ Documentation for older releases are available here: link:RelNotes/2.6.1.txt[2.6.1], link:RelNotes/2.6.0.txt[2.6]. -* link:v2.5.5/git.html[documentation for release 2.5.5] +* link:v2.5.6/git.html[documentation for release 2.5.6] * release notes for + link:RelNotes/2.5.6.txt[2.5.6], link:RelNotes/2.5.5.txt[2.5.5], link:RelNotes/2.5.4.txt[2.5.4], link:RelNotes/2.5.3.txt[2.5.3], @@ -96,9 +102,10 @@ Documentation for older releases are available here: link:RelNotes/2.5.1.txt[2.5.1], link:RelNotes/2.5.0.txt[2.5]. -* link:v2.4.11/git.html[documentation for release 2.4.11] +* link:v2.4.12/git.html[documentation for release 2.4.12] * release notes for + link:RelNotes/2.4.12.txt[2.4.12], link:RelNotes/2.4.11.txt[2.4.11], link:RelNotes/2.4.10.txt[2.4.10], link:RelNotes/2.4.9.txt[2.4.9], diff --git a/shell.c b/shell.c index 464ee1a201..fe2d314593 100644 --- a/shell.c +++ b/shell.c @@ -13,7 +13,7 @@ static int do_generic_cmd(const char *me, char *arg) const char *my_argv[4]; setup_path(); - if (!arg || !(arg = sq_dequote(arg))) + if (!arg || !(arg = sq_dequote(arg)) || *arg == '-') die("bad argument"); if (!starts_with(me, "git-")) die("bad command");