| Age | Commit message (Collapse) | Author |
|---|
|
[ci skip]
|
|
[ci skip]
|
|
blob: Backport unseeded LFS tests to fix broken stable branch (15-7-stable)
See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5656
Merged-by: Justin Tobler <jtobler@gitlab.com>
Approved-by: Justin Tobler <jtobler@gitlab.com>
Co-authored-by: James Fargher <jfargher@gitlab.com>
|
|
We do not actually deploy to macos. So it shouldn't block release.
|
|
Now with the ability to generate test repositories with LFS pointers on
the fly, update the LFS tests to stop using seed repositories.
|
|
Currently tests in `lfs_pointers_test.go` rely on seeded repositories
for test data. This caused an issue when a seeded repository was updated
resulting in `TestListAllLFSPointers` consistently failing. This change
adds `setupWithLFS()` which configures a git repository with LFS
pointers for test data.
|
|
|
|
[ci skip]
|
|
[ci skip]
|
|
|
|
[ci skip]
|
|
[ci skip]
|
|
git: Upgrade to Git security release v2.38.4.gl1 and v2.37.6.gl1 (v15.7 backport)
See merge request https://gitlab.com/gitlab-org/security/gitaly/-/merge_requests/81
Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: Christian Couder <chriscool@tuxfamily.org>
Approved-by: karthik nayak <knayak@gitlab.com>
Co-authored-by: Patrick Steinhardt <psteinhardt@gitlab.com>
|
|
Upgrade our Git version to v2.38.4.gl1 and v2.37.6.gl1, which pull in
the security release Git v2.38.4 and v2.37.6.gl1 that address the
following CVEs:
- CVE-2023-22490:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link. These two may be
combined to include arbitrary files based on known paths on the
victim's filesystem within the malicious repository's working copy,
allowing for data exfiltration in a similar manner as CVE-2022-39253.
- CVE-2023-23946:
By feeding a crafted input to "git apply", a path outside the working
tree can be overwritten as the user who is running "git apply".
Changelog: security
|
|
Typically, we have up to three different Git versions in Gitaly:
- Two bundled Git versions that can be toggled with a feature flag.
- The distributed Git version.
The distributed Git version will always be matching one of the bundled
Git versions, namely the one that is the current default. So let's
deduplicate these versions and just reuse the bundled Git's version so
that we don't need to remember updating the version in multiple places
on minor version bumps.
|
|
|
|
[ci skip]
|
|
[ci skip]
|
|
|
|
[ci skip]
|
|
[ci skip]
|
|
[ci skip]
|
|
[ci skip]
|
|
ci: Run pipeline on merge commits to stable branches [15.7]
See merge request https://gitlab.com/gitlab-org/security/gitaly/-/merge_requests/74
Merged-by: Alessio Caiazza <acaiazza@gitlab.com>
Approved-by: Patrick Steinhardt <psteinhardt@gitlab.com>
Approved-by: Alessio Caiazza <acaiazza@gitlab.com>
Co-authored-by: James Fargher <proglottis@gmail.com>
|
|
ci: Run pipeline on merge commits to stable branches
See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5246
Merged-by: James Fargher <proglottis@gmail.com>
Approved-by: Justin Tobler <jtobler@gitlab.com>
Approved-by: James Fargher <proglottis@gmail.com>
Reviewed-by: Justin Tobler <jtobler@gitlab.com>
Co-authored-by: Steve Abrams <sabrams@gitlab.com>
(cherry picked from commit 4e47b5b3766375c6ac7a94cee742c9e9acca39b1)
|
|
Makefile: Upgrade Git to address out-of-bounds reads and writes (v15.7 backport)
See merge request https://gitlab.com/gitlab-org/security/gitaly/-/merge_requests/72
Merged-by: Reuben Pereira <2967854-rpereira2@users.noreply.gitlab.com>
Approved-by: Toon Claes <toon@gitlab.com>
Approved-by: Christian Couder <chriscool@tuxfamily.org>
Co-authored-by: Patrick Steinhardt <psteinhardt@gitlab.com>
|
|
[ci skip]
|
|
[ci skip]
|
|
|
|
[ci skip]
|
|
[ci skip]
|
|
The Git project has published security releases for two different CVEs:
* CVE-2022-41903:
git log has the ability to display commits using an arbitrary
format with its --format specifiers. This functionality is also
exposed to git archive via the export-subst gitattribute.
When processing the padding operators (e.g., %<(, %<|(, %>(,
%>>(, or %><( ), an integer overflow can occur in
pretty.c::format_and_pad_commit() where a size_t is improperly
stored as an int, and then added as an offset to a subsequent
memcpy() call.
This overflow can be triggered directly by a user running a
command which invokes the commit formatting machinery (e.g., git
log --format=...). It may also be triggered indirectly through
git archive via the export-subst mechanism, which expands format
specifiers inside of files within the repository during a git
archive.
This integer overflow can result in arbitrary heap writes, which
may result in remote code execution.
* CVE-2022-23521:
gitattributes are a mechanism to allow defining attributes for
paths. These attributes can be defined by adding a `.gitattributes`
file to the repository, which contains a set of file patterns and
the attributes that should be set for paths matching this pattern.
When parsing gitattributes, multiple integer overflows can occur
when there is a huge number of path patterns, a huge number of
attributes for a single pattern, or when the declared attribute
names are huge.
These overflows can be triggered via a crafted `.gitattributes` file
that may be part of the commit history. Git silently splits lines
longer than 2KB when parsing gitattributes from a file, but not when
parsing them from the index. Consequentially, the failure mode
depends on whether the file exists in the working tree, the index or
both.
This integer overflow can result in arbitrary heap reads and writes,
which may result in remote code execution.
Upgrade Git to v2.37.5 and v2.38.3 to address these CVEs.
Changelog: security
|
|
[ci skip]
|
|
[ci skip]
|
|
Fix 64-bit alignment errors with request queue counters
See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5224
Merged-by: Quang-Minh Nguyen <qmnguyen@gitlab.com>
Approved-by: Quang-Minh Nguyen <qmnguyen@gitlab.com>
Co-authored-by: Stan Hu <stanhu@gmail.com>
|
|
https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5223 fixed one
64-bit alignment error on Raspberry Pi for `TestCache_ObjectReader`,
but `TestCache_ObjectInfoReader` also failed due to an alignment
error.
We need to reorder the fields to ensure the atomic values are 64-bit
aligned.
We also need to move `queueCounters` to the top since this appears to
be necessary for GetTreeEntries as well.
Once we switch to Go 1.19, we can use the new atomic types
to avoid this issue entirely:
https://gitlab.com/gitlab-org/gitaly/-/issues/4702
Changelog: fixed
|
|
In 7c5bbf61, the addition of the `ProtoFormat` field to `ObjectHash`
increased the number of bytes in the structure from 64 to 72. As a
result, `requestQueue` now looks like:
```go
type requestQueue struct {
objectHash git.ObjectHash // 72 bytes
outstandingRequests int64 // 8 bytes
closed int32 // 4 bytes
isReadingObject int32 // 4 bytes
isObjectQueue bool // 1 byte
stdout *bufio.Reader // 8 bytes
stdin *bufio.Writer // 8 bytes
trace *trace // 8 bytes
}
```
Previously `requestQueue` totaled 112 bytes, which is 64-bit
aligned. However, the addition of this new field in `objectHash`
pushes the structure to 113 raw bytes. On a Raspberry Pi system, the
Go compiler only guarantees 32-bit alignment, so we end up with a
structure that is 116 bytes, which isn't 64-bit aligned.
Moving `outstandingRequests` to be first in the struct isn't
enough. As https://github.com/golang/go/issues/11891#issue-97544684
says, in an array of structs, only the first element of a structure
may be automatically 64-bit aligned. It depends if the size of each
element, plus padding, is a multiple of 8.
To fix this mess, we now split these atomic counters in its own
structure and add a test to ensure that it is 64-bit aligned.
Relates to https://gitlab.com/gitlab-org/gitaly/-/issues/4701
Changelog: fixed
|
|
[ci skip]
|
|
[ci skip]
|
|
[ci skip]
|
|
helper: Replace `helper.ErrInternalf()` with `structerr` package
See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5195
Merged-by: Patrick Steinhardt <psteinhardt@gitlab.com>
Approved-by: Quang-Minh Nguyen <qmnguyen@gitlab.com>
|
|
cgroups: Fix layering violations
See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5181
Merged-by: Will Chandler <wchandler@gitlab.com>
Approved-by: Will Chandler <wchandler@gitlab.com>
Reviewed-by: Patrick Steinhardt <psteinhardt@gitlab.com>
Reviewed-by: Will Chandler <wchandler@gitlab.com>
Co-authored-by: Patrick Steinhardt <psteinhardt@gitlab.com>
|
|
Replace calls to `helper.ErrInternalf()` with `structerr.NewInternal()`
and remove the former function.
|
|
The cgroups manager accepts a `repository.GitRepo` as argument, which is
used to compute a cgroup key that will always be the same for multiple
different Git commands as long as they're executed in the same repo. As
a result we will always put them into the same cgroup bucket.
Having this knowledge in the cgroups manager is a layering violation
though: the manager really shouldn't know about repositories at all, but
only care about commands and the bucket they're put into.
Introduce a new option `WithCgroupKey()` that allows callers to override
the cgroup key used to derive the bucket. Like this, we can pass through
the per-repository cgroup key from the Git command factory through the
command package into the cgroups manager without anybody but the Git
command factory actually knowing about repositories.
|
|
The command package and the cgroups package have a cyclic dependency:
- The `AddCommand()` function of the `cgroups.Manager` receives a
`command.Command` as input.
- The `command` package needs to have a `cgroups.Manager` so that it
can add the command to it.
The cylic dependency is currently solved by using an interface in the
`command` package that only has the `AddCommand()` function. But it
would be preferable to just not have this cyclic dependency at all.
Refactor the code to instead accept an `exec.Cmd` in `AddCommand()` to
break the cyclic dependency.
|
|
One of the cgroups tests that verifies whether metrics are exposed as
expected also verifies that we get a log message. This log message is
not generated by the cgroups package though, but it's generated by the
command package. So it really is not the business of the cgroups tests
to verify that we see this log message.
Stop asserting the log message. This change also prepares us for a fix
to a cyclic dependency between the command and cgroups package.
|
|
helper: Convert more error-formatting functions to use `structerr` package
See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5185
Merged-by: Quang-Minh Nguyen <qmnguyen@gitlab.com>
Approved-by: Quang-Minh Nguyen <qmnguyen@gitlab.com>
Approved-by: James Fargher <proglottis@gmail.com>
Reviewed-by: Quang-Minh Nguyen <qmnguyen@gitlab.com>
Co-authored-by: Patrick Steinhardt <psteinhardt@gitlab.com>
|
|
golancilint: add paralleltest linter
Closes #4673
See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/5184
Merged-by: karthik nayak <knayak@gitlab.com>
Approved-by: Sami Hiltunen <shiltunen@gitlab.com>
Reviewed-by: Patrick Steinhardt <psteinhardt@gitlab.com>
Reviewed-by: Sami Hiltunen <shiltunen@gitlab.com>
Reviewed-by: karthik nayak <knayak@gitlab.com>
|
|
In the last few commits we reinitialized the test variable wherever
needed and also fixed tests. This is due to a bug/feature around how Go
treats looped
variables (https://gist.github.com/posener/92a55c4cd441fc5e5e85f27bca008721).
To avoid this mistake in the future, let's add a linter check around
this issue. This is done by adding the `paralleltest` linter. We also
enable `ignore-missing` because we don't want to complain about missing
usage of `t.Parallel()` (for now...).
|
|
In the tests TestFindAllTags_sorted and TestServer_ListRefs, we don't
reinitialize the test variable, this can cause problems to go
undetected (https://gist.github.com/posener/92a55c4cd441fc5e5e85f27bca008721).
Reinitialize the test variable.
|
