Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-08-18 | Merge remote-tracking branch 'dev/13-0-stable' into 13-0-stable13-0-stable | GitLab Release Tools Bot | |
2020-08-18 | Update VERSION to 13.0.14v13.0.14 | GitLab Release Tools Bot | |
2020-08-18 | Update CHANGELOG.md for 13.0.14 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-08-18 | Merge remote-tracking branch 'dev/13-0-stable' into 13-0-stable | GitLab Release Tools Bot | |
2020-08-17 | Update VERSION to 13.0.13v13.0.13 | GitLab Release Tools Bot | |
2020-08-17 | Update CHANGELOG.md for 13.0.13 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-08-05 | Merge remote-tracking branch 'dev/13-0-stable' into 13-0-stable | GitLab Release Tools Bot | |
2020-08-05 | Fix changelog for 13.0.11 | Yorick Peterse | |
This version has been skipped in favour of 13.0.12, due to packaging problems with 13.0.11 | |||
2020-08-05 | Update VERSION to 13.0.12v13.0.12 | GitLab Release Tools Bot | |
2020-08-05 | Update CHANGELOG.md for 13.0.12 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-08-05 | Update VERSION to 13.0.11 | GitLab Release Tools Bot | |
2020-08-05 | Update CHANGELOG.md for 13.0.11 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-08-04 | Merge branch 'security-pks-create-from-url-creds-13.0' into '13-0-stable' | GitLab Release Tools Bot | |
Injection of `http.<url>.*` git config settings leading to SSRF See merge request gitlab-org/security/gitaly!6 | |||
2020-08-04 | repository: do not persist config when creating from URL | Patrick Steinhardt | |
When creating a new repository from URL, we currently execute the equivalent of `git clone -c $CFG1`. There's a slight gotcha here in that `git clone -c` will persist the configuration into the new repo's gitconfig file, while `git -c $CFG1 clone` does not persist the configuration to disk. There's two parts we're thus currently persisting to disk with one being "http.followRedirects" and the other one being "http.$URL.extraHeader". While the former one doesn't hurt much (but is not required to be persisted), the extra header is used to pass along credentials to the remote. As a result, we accidentally persist user credentials to disk in an unexpected way. Fix the issue by instead passing all configuration options as global configuration parameters to `git` instead of passing them to `git clone`. | |||
2020-07-09 | Update VERSION to 13.0.10v13.0.10 | GitLab Release Tools Bot | |
2020-07-09 | Update CHANGELOG.md for 13.0.10 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-07-07 | Merge remote-tracking branch 'dev/13-0-stable' into 13-0-stable | GitLab Release Tools Bot | |
2020-07-06 | Update VERSION to 13.0.9v13.0.9 | GitLab Release Tools Bot | |
2020-07-06 | Update CHANGELOG.md for 13.0.9 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-07-01 | Merge remote-tracking branch 'dev/13-0-stable' into 13-0-stable | GitLab Release Tools Bot | |
2020-07-01 | Update VERSION to 13.0.8v13.0.8 | GitLab Release Tools Bot | |
2020-07-01 | Update CHANGELOG.md for 13.0.8 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-06-29 | Merge branch 'security-pks-worktree-race-13.0' into '13-0-stable' | Mayra Cabrera | |
worktree: Add random suffix to worktree paths to obstruct path traversal See merge request gitlab-org/security/gitaly!3 | |||
2020-06-29 | worktree: Add random suffix to worktree paths to obstruct path traversal | Patrick Steinhardt | |
Currently, worktree paths used for operations like rebase or squash that require access to checked-out files are generated deterministically by using an operation-specific prefix as well as the ID of the given operation. If given a path-traversal vulnerability, this makes it easy to use those worktree paths as an attack vector to read arbitrary files and directories. To improve our defense-in-depth mechanisms, this commit adds a random 16-digit hex suffix so that the resulting path is not deterministic. As we use blocks to manage worktrees, we know that the paths are not used outside of a given block anyway and can thus safely be changed. | |||
2020-06-25 | Update VERSION to 13.0.7v13.0.7 | GitLab Release Tools Bot | |
2020-06-25 | Update CHANGELOG.md for 13.0.7 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-06-11 | Merge branch 'jc-fix-custom-hooks-in-13-0' into '13-0-stable' | Pavlo Strokov | |
Do not set default values for custom_hook_dir in 13-0-stable See merge request gitlab-org/gitaly!2275 | |||
2020-06-10 | Merge remote-tracking branch 'dev/13-0-stable' into 13-0-stable | GitLab Release Tools Bot | |
2020-06-10 | Revert "Merge branch 'jc-set-default-custom-hooks-dir' into 'master'" | John Cai | |
This reverts commit 4cd8d0c5614cafc3ca41f3473004adaeabc77e24, reversing changes made to 382ead9c7ef38e7dde4de7a9d2eba37a739060be. | |||
2020-06-10 | Update VERSION to 13.0.6v13.0.6 | GitLab Release Tools Bot | |
2020-06-10 | Update CHANGELOG.md for 13.0.6 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-06-04 | Update VERSION to 13.0.5v13.0.5 | GitLab Release Tools Bot | |
2020-06-04 | Update CHANGELOG.md for 13.0.5 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-06-03 | Merge remote-tracking branch 'dev/13-0-stable' into 13-0-stable | GitLab Release Tools Bot | |
2020-06-03 | Update VERSION to 13.0.4v13.0.4 | GitLab Release Tools Bot | |
2020-06-03 | Update CHANGELOG.md for 13.0.4 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-06-02 | Merge branch 'smh-backport-clean-storage-paths' into '13-0-stable' | Zeger-Jan van de Weg | |
Backport storage path cleaning See merge request gitlab-org/gitaly!2239 | |||
2020-06-02 | clean configured storage paths | Sami Hiltunen | |
Cleans configured storage paths to ensure the paths are well- formed. | |||
2020-05-29 | Update VERSION to 13.0.3v13.0.3 | GitLab Release Tools Bot | |
2020-05-29 | Update CHANGELOG.md for 13.0.3 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-05-29 | Update VERSION to 13.0.2v13.0.2 | GitLab Release Tools Bot | |
2020-05-29 | Update CHANGELOG.md for 13.0.2 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-05-27 | Merge remote-tracking branch 'dev/13-0-stable' into 13-0-stable | GitLab Release Tools Bot | |
2020-05-27 | Update VERSION to 13.0.1v13.0.1 | GitLab Release Tools Bot | |
2020-05-27 | Update CHANGELOG.md for 13.0.1 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-05-21 | Update VERSION to 13.0.0v13.0.0 | GitLab Release Tools Bot | |
2020-05-21 | Update CHANGELOG.md for 13.0.0 | GitLab Release Tools Bot | |
[ci skip] | |||
2020-05-20 | Merge branch 'jc-set-default-custom-hooks-dir' into 'master' | Paul Okstad | |
Set default value for custom hooks directory See merge request gitlab-org/gitaly!2184 | |||
2020-05-20 | Merge branch 'pks-2pc-cleanups' into 'master' | John Cai | |
Follow-ups for transactions See merge request gitlab-org/gitaly!2188 | |||
2020-05-20 | metadata: avoid re-using `os.ErrNotFound` | Patrick Steinhardt | |
When either transaction or Praefect sevrer metadata cannot be extracted from the gRPC stream or environment, we currently return an `os.ErrNotFound` error. Its error message is quite misleading in this context, as it says "file does not exist" and there are no files in play at all. Let's improve this by using our own custom data types instead of `os.ErrNotFound`. |