| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
The tarball on hackage will include only the files needed for cabal install;
it is NOT the full git-repair source tree.
debian/changelog: Converted to symlinks to CHANGELOG.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://bugs.debian.org/807341
* Fix insecure temporary permissions.
Repair clones the git repository to a temp directory which is made
using the user's umask. Thus, it might expose a git repo that is
otherwise locked down.
* Fix potential denial of service attack when creating temp dirs.
Since withTmpDir used easily predictable temporary directory names,
an attacker could create foo.0, foo.1, etc and as long as it managed to
keep ahead of it, could prevent it from ever returning.
I'd rate this as a low utility DOS attack. Most attackers in a position
to do this could just fill up the disk /tmp is on to prevent anything
from writing temp files. And few parts of git-annex use withTmpDir
anyway, so DOS potential is quite low.
Examined all callers of withTmpDir and satisfied myself that
switching to mkdtmp and so getting a mode 700 temp dir wouldn't break any
of them.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Includes changing to new exceptions library, and some whitespace fixes.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
but some branches no longer accessible. Fix this, including support for fixing up repositories that were incompletely repaired before.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
From 1.7 gb to 900 mb on 300 thousand unique reported shas.
When shas are not unique, this streams much better than before, so won't
buffer the full list before putting them into the Set and throwing away
dups. And when fsck output includes ignorable lines, especially
dangling object lines, they won't be buffered in memory at all.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
directory to be created instead of .git/refs
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
git cat-file -p cannot be relied on to tell when an object is corrupt.
If it fails, the fsck may not find all bad objects -- but as long as fsck
exits nonzero, it will return a failing fsckresult, and so recovery will
run.
In recovery, the objects get unpacked. This allows the improved findMissing
to find all corrupt loose objects when fsck is run again as part of the
recovery.
Removed the repack / prune-packed workaround that I added earlier to find
corrupt loose objects that fsck wasn't finding. That was slow, and we want
to keep all loose objects, so that findMissing will work. And, it's
unncessary, now that findMissing is fixed.
Also, fixed some places where unreadable files would crash recovery.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
It turned out to be broken, and led to failures.
6d67245728bbbc07ad1eeaf5b3c49f64c6bbcd11 was a better fix for the problem
that code tried to fix.
|
| | |
|
| |
|
|
|
|
|
| |
Sometimes git fsck outputs no shas even with --verbose, but fails, due to
badly corrupt objects. The best thing to do in this situation is to try to
pull and rsync from remotes, hoping that the bad objects will be
overwritten.
|
| |
|
|
| |
treat the repository as a git repo.
|
| | |
|
| | |
|
| |
|
