Page MenuHomePhabricator
Projects Git

GitTag
ActivePublic
Watch Project

Members (1)

  • This project does not have any members.
  • View All

Watchers (2)

  • This project does not have any watchers.
  • View All

Details

Description

Git git

Recent Activity
View All

Apr 29 2022

mormegil added a comment to T13673: CVE-2022-24765 - Multi-user Git Privilege Escalation.

Just for visibility, this is I believe the change that broke Diffusion (which was fixed in rP52df4ff515b7), where the error message is something like

Apr 29 2022, 8:19 AM · Git, Security

Apr 20 2022

epriestley closed T13589: Git may interpret refnames as flags in some commands which accept both refs and paths as Resolved.

I believe these were all hunted down.

Apr 20 2022, 7:15 PM · Security, Git
epriestley added a revision to T13673: CVE-2022-24765 - Multi-user Git Privilege Escalation: D21759: Fix an issue where "git" may be unable to read a temporary file in Diffusion.
Apr 20 2022, 4:31 PM · Git, Security

Apr 14 2022

epriestley closed T13673: CVE-2022-24765 - Multi-user Git Privilege Escalation as Resolved.

I deployed this everywhere in the Phacility cluster yesterday and things have been quiet, so I'm assuming it worked until evidence arises to the contrary.

Apr 14 2022, 1:49 PM · Git, Security
epriestley updated the task description for T13673: CVE-2022-24765 - Multi-user Git Privilege Escalation.
Apr 14 2022, 1:47 PM · Git, Security

Apr 13 2022

epriestley added a comment to T13673: CVE-2022-24765 - Multi-user Git Privilege Escalation.

D21756 effectively makes all Git pathways call setSudoAsDaemon(true).

Apr 13 2022, 6:31 PM · Git, Security
epriestley added a comment to T13673: CVE-2022-24765 - Multi-user Git Privilege Escalation.

Just for visibility, the error messages you'll see if you're affected by this issue look something like this:

Apr 13 2022, 6:06 PM · Git, Security
epriestley added a comment to T13673: CVE-2022-24765 - Multi-user Git Privilege Escalation.

...maybe this is an actual bug in Phabricator where some pathways are just missing the "sudo" wrapper?

Apr 13 2022, 6:06 PM · Git, Security
epriestley triaged T13673: CVE-2022-24765 - Multi-user Git Privilege Escalation as Normal priority.
Apr 13 2022, 5:48 PM · Git, Security

Apr 8 2021

epriestley added a comment to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.

Yes. I closed down registration on this install (secure.phabricator.com) several years ago because the overwhelming majority of users who registered accounts here didn't read or follow the rules. Access to secure.phabricator.com is now invite-only.

Apr 8 2021, 12:53 PM · Security, Git
holmboe added a comment to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.
In T13589#254320, @epriestley wrote:

Please use Discourse to report bugs.

Apr 8 2021, 9:47 AM · Security, Git

Jan 28 2021

epriestley added a revision to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths: D21528: Correct Diffusion browse behavior when visiting a path URI with no trailing slash.
Jan 28 2021, 12:34 AM · Security, Git

Jan 25 2021

epriestley added a revision to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths: D21519: Correct Git repository browse behavior for differences in "ls-tree" output.
Jan 25 2021, 5:10 PM · Security, Git

Jan 20 2021

epriestley added a revision to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths: D21512: Correct a straggling CLI format string after ref selector changes.
Jan 20 2021, 11:04 PM · Security, Git
epriestley added a revision to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths: D21511: Further correct and disambigutate ref selectors passed to Git on the CLI.
Jan 20 2021, 7:44 PM · Security, Git
epriestley updated the task description for T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.
Jan 20 2021, 6:47 PM · Security, Git

Jan 19 2021

epriestley added a comment to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.

Please use Discourse to report bugs. See https://discourse.phabricator-community.org/t/repository-view-git-command-failed-error/4510/.

Jan 19 2021, 3:34 PM · Security, Git
Abbe added a comment to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.

It works with Git 2.1.4 (shipped with Debian Wheezy), but not with Git 2.20.1 (shipped with Debian Buster), or Git 2.30.0 (latest version).

Jan 19 2021, 12:00 PM · Security, Git
Abbe added a comment to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.

My apologies if this is not the right place to post about this, but seems like due to ea9cb0b625fb6922c45aecbfdebacc60788ed92d we now get following error message when visiting diffusion repository page, i.e. URL /diffusion/$REPOID/:

Jan 19 2021, 11:44 AM · Security, Git

Jan 15 2021

epriestley changed the visibility for T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.
Jan 15 2021, 6:45 PM · Security, Git
epriestley changed the visibility for T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.
Jan 15 2021, 6:44 PM · Security, Git
epriestley removed a project from T13589: Git may interpret refnames as flags in some commands which accept both refs and paths: Security.
Jan 15 2021, 6:44 PM · Security, Git

Jan 12 2021

epriestley added a revision to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths: D21510: Disambiguate Git ref selectors in some Git command line invocations.
Jan 12 2021, 8:11 PM · Security, Git
epriestley updated the task description for T13589: Git may interpret refnames as flags in some commands which accept both refs and paths.
Jan 12 2021, 8:10 PM · Security, Git
epriestley added a revision to T13589: Git may interpret refnames as flags in some commands which accept both refs and paths: D21509: Provide "gitsprintf(...)" and disambiguate Git ref selectors.
Jan 12 2021, 8:09 PM · Security, Git
epriestley triaged T13589: Git may interpret refnames as flags in some commands which accept both refs and paths as Normal priority.
Jan 12 2021, 6:26 PM · Security, Git

May 23 2019

asherkin closed T13293: `arc land` using git-svn fails in certain configurations as Resolved by committing rARC7329bc7c32b9: Fix arc land on odd/modern git-svn checkouts.
May 23 2019, 9:58 AM · Subversion, Git, Arcanist

May 22 2019

epriestley triaged T13293: `arc land` using git-svn fails in certain configurations as Low priority.
May 22 2019, 4:30 PM · Subversion, Git, Arcanist
epriestley added projects to T13293: `arc land` using git-svn fails in certain configurations: Arcanist, Git, Subversion.
May 22 2019, 4:30 PM · Subversion, Git, Arcanist

Apr 15 2019

epriestley added a revision to T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull: D20420: Accept pushes with arbitrary Git refs.
Apr 15 2019, 7:55 PM · Diffusion, Git
epriestley closed T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull as Resolved.

This is a duplicate of T8936 and resolved by D20420.

Apr 15 2019, 7:55 PM · Diffusion, Git
epriestley added a parent task for T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull: T13277: In repositories, realign "Track Only", "Autoclose", and "Publish/Notify" toward "Permanent Refs".
Apr 15 2019, 7:55 PM · Diffusion, Git
epriestley edited projects for T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull, added: Diffusion; removed Customer Impact, Bug Report.
Apr 15 2019, 7:52 PM · Diffusion, Git
epriestley closed T9383: Support `git notes` as Resolved.

D20420 accepts these refs. We don't show notes in the UI, but we have no outstanding customer requests for this.

Apr 15 2019, 5:14 PM · KDE, Git, Diffusion
epriestley added a parent task for T9383: Support `git notes`: T13277: In repositories, realign "Track Only", "Autoclose", and "Publish/Notify" toward "Permanent Refs".
Apr 15 2019, 4:10 PM · KDE, Git, Diffusion
epriestley added a revision to T9383: Support `git notes`: D20420: Accept pushes with arbitrary Git refs.
Apr 15 2019, 4:10 PM · KDE, Git, Diffusion
epriestley moved T9383: Support `git notes` from Backlog to "Track Only" on the Diffusion board.
Apr 15 2019, 3:40 PM · KDE, Git, Diffusion

Sep 24 2018

epriestley moved T13165: Copy detection in Git is very eager about empty files from Backlog to Far Future on the Arcanist board.
Sep 24 2018, 4:44 PM · Differential, Arcanist, Git

Jul 16 2018

epriestley added a comment to T13165: Copy detection in Git is very eager about empty files.

T1022 is possibly somewhat-vaguely-adjacent on symlink stuff.

Jul 16 2018, 11:22 PM · Differential, Arcanist, Git
yelirekim updated subscribers of T13165: Copy detection in Git is very eager about empty files.

@jcox do you know how to reproduce arc diff dying when you try to create certain types of diffs that move or remove symlinks? I think that's adjacent, if not identical to what's being talked about here.

Jul 16 2018, 10:39 PM · Differential, Arcanist, Git

Jul 13 2018

epriestley added a comment to T13165: Copy detection in Git is very eager about empty files.

As a special case of this, if you commit an empty a.py file, then add content to it and also add a new empty b.py file in a commit on top of it, the new empty b.py will be detected as a copy of a.py based on the previous (empty) content of the file. I think Git is being pretty reasonable/consistent here, but this is potentially also expectation-defying:

Jul 13 2018, 6:29 PM · Differential, Arcanist, Git
epriestley added a parent task for T13165: Copy detection in Git is very eager about empty files: T13164: Plans: 2018 Week 31 - 33 Bonus Content.
Jul 13 2018, 4:14 PM · Differential, Arcanist, Git
epriestley triaged T13165: Copy detection in Git is very eager about empty files as Wishlist priority.
Jul 13 2018, 4:12 PM · Differential, Arcanist, Git

Apr 3 2018

tekacs added a comment to T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull.

Duplicate of T8936?

Apr 3 2018, 1:05 PM · Diffusion, Git

Jan 26 2018

epriestley closed T13032: Upgrading: Git LFS as Resolved.
Jan 26 2018, 5:57 PM · Diffusion, Git, Installing & Upgrading

Jan 16 2018

epriestley updated the task description for T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .
Jan 16 2018, 10:20 PM · Git, Mercurial, Arcanist
epriestley added a comment to T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .

I'm not totally sure all variants of this are fixed, but I don't know how to reproduce any remaining issues.

Jan 16 2018, 10:15 PM · Git, Mercurial, Arcanist
epriestley closed T8768: Under Mercurial, `arc patch` mishandles files with spaces in them as Resolved by committing rARC2e02332216c6: Add trailing tabs when generating synthetic Git diffs for files with spaces.
Jan 16 2018, 9:57 PM · Git, Mercurial, Arcanist
epriestley added a comment to T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .

I filed a summary of this in the Mercurial upstream to waste someone else's time so I feel better:

Jan 16 2018, 5:21 PM · Git, Mercurial, Arcanist
epriestley added a comment to T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .

This is an explicit behavior in Mercurial and dates from 2007:

Jan 16 2018, 4:49 PM · Git, Mercurial, Arcanist
Phabricator · Built by Phacility