Page MenuHomePhabricator

Members (1)

  • This project does not have any members.
  • View All

Watchers (2)

  • This project does not have any watchers.
  • View All

Details

Description

Git git

Recent Activity

May 23 2019

asherkin closed T13293: `arc land` using git-svn fails in certain configurations as Resolved by committing rARC7329bc7c32b9: Fix arc land on odd/modern git-svn checkouts.
May 23 2019, 9:58 AM · Subversion, Git, Arcanist

May 22 2019

epriestley triaged T13293: `arc land` using git-svn fails in certain configurations as Low priority.
May 22 2019, 4:30 PM · Subversion, Git, Arcanist
epriestley added projects to T13293: `arc land` using git-svn fails in certain configurations: Arcanist, Git, Subversion.
May 22 2019, 4:30 PM · Subversion, Git, Arcanist

Apr 15 2019

epriestley added a revision to T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull: D20420: Accept pushes with arbitrary Git refs.
Apr 15 2019, 7:55 PM · Diffusion, Git
epriestley closed T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull as Resolved.

This is a duplicate of T8936 and resolved by D20420.

Apr 15 2019, 7:55 PM · Diffusion, Git
epriestley added a parent task for T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull: T13277: In repositories, realign "Track Only", "Autoclose", and "Publish/Notify" toward "Permanent Refs".
Apr 15 2019, 7:55 PM · Diffusion, Git
epriestley edited projects for T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull, added: Diffusion; removed Customer Impact, Bug Report.
Apr 15 2019, 7:52 PM · Diffusion, Git
epriestley closed T9383: Support `git notes` as Resolved.

D20420 accepts these refs. We don't show notes in the UI, but we have no outstanding customer requests for this.

Apr 15 2019, 5:14 PM · KDE, Git, Diffusion
epriestley added a parent task for T9383: Support `git notes`: T13277: In repositories, realign "Track Only", "Autoclose", and "Publish/Notify" toward "Permanent Refs".
Apr 15 2019, 4:10 PM · KDE, Git, Diffusion
epriestley added a revision to T9383: Support `git notes`: D20420: Accept pushes with arbitrary Git refs.
Apr 15 2019, 4:10 PM · KDE, Git, Diffusion
epriestley moved T9383: Support `git notes` from Backlog to "Track Only" on the Diffusion board.
Apr 15 2019, 3:40 PM · KDE, Git, Diffusion

Sep 24 2018

epriestley moved T13165: Copy detection in Git is very eager about empty files from Backlog to Far Future on the Arcanist board.
Sep 24 2018, 4:44 PM · Differential, Arcanist, Git

Jul 16 2018

epriestley added a comment to T13165: Copy detection in Git is very eager about empty files.

T1022 is possibly somewhat-vaguely-adjacent on symlink stuff.

Jul 16 2018, 11:22 PM · Differential, Arcanist, Git
yelirekim updated subscribers of T13165: Copy detection in Git is very eager about empty files.

@jcox do you know how to reproduce arc diff dying when you try to create certain types of diffs that move or remove symlinks? I think that's adjacent, if not identical to what's being talked about here.

Jul 16 2018, 10:39 PM · Differential, Arcanist, Git

Jul 13 2018

epriestley added a comment to T13165: Copy detection in Git is very eager about empty files.

As a special case of this, if you commit an empty a.py file, then add content to it and also add a new empty b.py file in a commit on top of it, the new empty b.py will be detected as a copy of a.py based on the previous (empty) content of the file. I think Git is being pretty reasonable/consistent here, but this is potentially also expectation-defying:

Jul 13 2018, 6:29 PM · Differential, Arcanist, Git
epriestley added a parent task for T13165: Copy detection in Git is very eager about empty files: T13164: Plans: 2018 Week 31 - 33 Bonus Content.
Jul 13 2018, 4:14 PM · Differential, Arcanist, Git
epriestley triaged T13165: Copy detection in Git is very eager about empty files as Wishlist priority.
Jul 13 2018, 4:12 PM · Differential, Arcanist, Git

Apr 3 2018

tekacs added a comment to T12300: git push --mirror --force does not work on Phacility with repo that has refs/pull.

Duplicate of T8936?

Apr 3 2018, 1:05 PM · Diffusion, Git

Jan 26 2018

epriestley closed T13032: Upgrading: Git LFS as Resolved.
Jan 26 2018, 5:57 PM · Diffusion, Git, Installing & Upgrading

Jan 16 2018

epriestley updated the task description for T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .
Jan 16 2018, 10:20 PM · Git, Mercurial, Arcanist
epriestley added a comment to T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .

I'm not totally sure all variants of this are fixed, but I don't know how to reproduce any remaining issues.

Jan 16 2018, 10:15 PM · Git, Mercurial, Arcanist
epriestley closed T8768: Under Mercurial, `arc patch` mishandles files with spaces in them as Resolved by committing rARC2e02332216c6: Add trailing tabs when generating synthetic Git diffs for files with spaces.
Jan 16 2018, 9:57 PM · Git, Mercurial, Arcanist
epriestley added a comment to T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .

I filed a summary of this in the Mercurial upstream to waste someone else's time so I feel better:

Jan 16 2018, 5:21 PM · Git, Mercurial, Arcanist
epriestley added a comment to T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .

This is an explicit behavior in Mercurial and dates from 2007:

Jan 16 2018, 4:49 PM · Git, Mercurial, Arcanist
epriestley added a revision to T8768: Under Mercurial, `arc patch` mishandles files with spaces in them : D18869: Add trailing tabs when generating synthetic Git diffs for files with spaces.
Jan 16 2018, 4:26 PM · Git, Mercurial, Arcanist
epriestley added a comment to T8768: Under Mercurial, `arc patch` mishandles files with spaces in them .

The rule Git uses appears to literally be "does the filename include a space":

Jan 16 2018, 4:01 PM · Git, Mercurial, Arcanist
epriestley renamed T8768: Under Mercurial, `arc patch` mishandles files with spaces in them from `arc patch` fails to add two files starting by the same word, then a space on hg to Under Mercurial, `arc patch` mishandles files with spaces in them .
Jan 16 2018, 3:42 PM · Git, Mercurial, Arcanist

Dec 18 2017

isfs updated the task description for T13032: Upgrading: Git LFS.
Dec 18 2017, 8:19 PM · Diffusion, Git, Installing & Upgrading
epriestley triaged T13032: Upgrading: Git LFS as Normal priority.
Dec 18 2017, 5:36 PM · Diffusion, Git, Installing & Upgrading

Dec 13 2017

epriestley renamed T13030: Accessing a submodule path directly in Diffusion has less than optimal UX from `git cat-file -t <commit>:<submodule>` fails to Accessing a submodule path directly in Diffusion has less than optimal UX.
Dec 13 2017, 3:10 PM · Git, Diffusion
epriestley lowered the priority of T13030: Accessing a submodule path directly in Diffusion has less than optimal UX from Normal to Wishlist.

D18831 should upgrade this from "horrible fatal" to "reasonable-but-not-ideal normal page". This could still be improved (providing the user more information and taking them into the submodule redirect workflow) but it's normally difficult to end up here without trying.

Dec 13 2017, 3:09 PM · Git, Diffusion
epriestley added a revision to T13030: Accessing a submodule path directly in Diffusion has less than optimal UX: D18831: When users browse to a submodule path in Diffusion explicitly, don't fatal.
Dec 13 2017, 3:08 PM · Git, Diffusion
epriestley added projects to T13030: Accessing a submodule path directly in Diffusion has less than optimal UX: Diffusion, Git.
Dec 13 2017, 1:13 PM · Git, Diffusion

Aug 14 2017

epriestley closed T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`) as Resolved.

There doesn't seem to be anything actionable remaining on our end.

Aug 14 2017, 8:07 PM · Subversion, Mercurial, Git, Security

Aug 11 2017

epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

This cropped up in the HN thread -- works in my browsers (although Phabricator does not recognize it as a valid link):

Aug 11 2017, 8:07 PM · Subversion, Mercurial, Git, Security
avivey added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Thanks for the writeup :)

Aug 11 2017, 7:04 PM · Subversion, Mercurial, Git, Security
indygreg added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The reason the upstream projects aren't using -- is that it isn't portable. For example, Putty's ssh doesn't support it.

Aug 11 2017, 3:45 PM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:41 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The full set of mitigations is now available in stable, and I've promoted 2017 Week 32 (Mid August).

Aug 11 2017, 1:36 PM · Subversion, Mercurial, Git, Security
epriestley renamed T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`) from Assess Impact of CVE-2017-1000117 et al (`ssh://-...` executing code) to [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:31 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

See also this enormously valuable contribution I made to the Git LFS upstream in connection with T7789 some time ago:

Aug 11 2017, 1:19 PM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:14 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

So, all three major VCS had the exact same CVE, which was "we invoke ssh command line, don't sanitize input, and don't specify -- anywhere"?

Aug 11 2017, 12:50 PM · Subversion, Mercurial, Git, Security
quark.zju added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Thanks for the detailed explanations! I should have thought more carefully. Note old Mercurial also fails to do correct shell quoting on Windows (It uses ' where Windows needs "). But Phabricator does not run on Windows, it shouldn't be an issue.

Aug 11 2017, 3:22 AM · Subversion, Mercurial, Git, Security
avivey added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

So, all three major VCS had the exact same CVE, which was "we invoke ssh command line, don't sanitize input, and don't specify -- anywhere"?

Aug 11 2017, 2:53 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

@indygreg Thanks for the heads up about subrepos -- I would not have otherwise guessed that hg pull might run git.

Aug 11 2017, 2:40 AM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 2:24 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

From this writeup:

Aug 11 2017, 2:21 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The magic incantation I arrived at was slightly modified from one of the hg test cases:

Aug 11 2017, 2:14 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Never mind, I was able to get hg pull -u to interact. I'm going to land, cherry-pick, and hotfix D18390.

Aug 11 2017, 2:12 AM · Subversion, Mercurial, Git, Security