| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
| |
CVE-2023-37788 is patched in goproxy v0.0.0-20230731152917-f99041a5c027
Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- dario.cat/mergo v1.0.0
- github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95
- github.com/skeema/knownhosts v1.2.0
- golang.org/x/crypto v0.11.0
- golang.org/x/net v0.12.0
- golang.org/x/sys v0.10.0
- golang.org/x/text v0.11.0
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
|
|
|
|
| |
- github.com/ProtonMail/go-crypto to 0.0.0-20230518184743-7afd39499903.
- github.com/skeema/knownhosts to 1.1.1.
- golang.org/x/crypto to 0.9.0.
- golang.org/x/net to 0.10.0.
- golang.org/x/sys to 0.8.0.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3)
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
| |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for custom HTTP and HTTPS proxies for each session.
The tests require server certificate and a matching private key to be
able to run a TLS server and test HTTPS proxy functionality. The cert
and the key are stored in `plumbing/transport/http/testdata/certs` and
were generated using the following command:
`openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt`
Note: All details were left empty, except for the FQDN for which
example.com was used.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
objects
Refactor the in-built http transport to cache the underlying http
transport objects mapped to its specific options for each Git transport
object. This lets us reuse the transport for a specific set of configurations
as recommended. (ref: https://pkg.go.dev/net/http#Transport)
If there are no transport specific options provided, the default
transport is used.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- github.com/ProtonMail/go-crypto to version 0.0.0-20230417170513-8ee5748c52b5.
- github.com/imdario/mergo to version 0.3.15.
- golang.org/x/crypto to version 0.8.0.
- golang.org/x/net to version 0.9.0.
- golang.org/x/sys to version 0.7.0.
- golang.org/x/text to version 0.9.0.
- github.com/go-git/gcfg to version v1.5.1-0.20230307220236-3a3c6141e376
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In a self-contained pack file delta references might point to base
objects stored later in the file.
In this case we need to replace placeholders for external refs with the
actual base object and update the children references.
Fixes: #484
Co-authored-by: Markus Wolf <mail@markus-wolf.de>
|
|
|
|
|
|
|
|
|
| |
- github.com/ProtonMail/go-crypto to version 0.0.0-20230217124315-7d5c6f04bbb8.
- github.com/acomagu/bufpipe to version 1.0.4.
- github.com/go-git/go-billy/v5 to version 5.4.1.
- golang.org/x/crypto to version 0.6.0.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.2.0...v0.7.0)
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow-up from #618, at the time the Pure Go sha1cd implementation
was not performant enough to be the default. This has now changed
and the cgo and generic implementations yields similar results.
Users are able to override the default implementation, however this
seems to be a better default as it does not require the use of CGO
during build time.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |
|
|\
| |
| | |
plumbing: transport/ssh: fix panic on Windows 10 with paegent as ssh-agent
|
| | |
|
|/
|
|
|
|
|
|
| |
Fixes regression in which applications that depend on
go-git could no longer build with CGO_ENABLED=0
or when vendoring dependencies.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mitigates known supply chain CVEs:
golang.org/x/crypto:
- GO-2021-0356
- GO-2022-0968
golang.org/x/net:
- GO-2021-0238
- GO-2022-0236
- GO-2022-0288
- GO-2022-0969
golang.org/x/sys:
- GO-2022-0493
golang.org/x/text:
- GO-2021-0113
- GO-2022-1059
Updates other dependencies that have no backwards compatibility
issues.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the same SHA1 collision resistent algorithm used by both the
Git CLI and libgit2.
Only commits with input that match the unavoidable bit conditions will be further
processed, which will result in different hashes.
Which is the same behaviour experienced in the Git CLI and Libgit2.
Users can override the hash algorithm used with:
hash.RegisterHash(crypto.SHA1, sha1.New)
xref links:
https://github.com/libgit2/libgit2/pull/4136/commits/2dfd1294f7a694bfa9e864a9489ae3cb318a5ed0
https://github.com/git/git/commit/28dc98e343ca4eb370a29ceec4c19beac9b5c01e
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#411
This commit adjusts the transport/ssh logic in command.connect(), so that it
now auto-populates ssh.ClientConfig.HostKeyAlgorithms. The algorithms are
chosen based on the known host keys for the target host, as obtained from the
known_hosts file.
In order to look-up the algorithms from the known_hosts file, external module
github.com/skeema/knownhosts is used. This package is just a thin wrapper
around golang.org/x/crypto/ssh/knownhosts, adding an extra mechanism to query
the known_hosts keys, implemented in a way which avoids duplication of any
golang.org/x/crypto/ssh/knownhosts logic.
Because HostKeyAlgorithms vary by target host, some related logic for setting
HostKeyCallback has been moved out of the various AuthMethod implementations.
This was necessary because the old HostKeyCallbackHelper is not host-specific.
Since known_hosts handling isn't really tied to AuthMethod anyway, it seems
reasonable to separate these. Previously-exported types/methods remain in
place for backwards compat, but some of them are now unused.
For testing approach, see pull request. Issue #411 can only be reproduced
via end-to-end / integration testing, since it requires actually launching
an SSH connection, in order to see the key mismatch error triggered from
https://github.com/golang/go/issues/29286 as the root cause.
|
|
|
|
| |
Added in Go 1.12, this means we need one less dependency.
|
| |
|
|
|
|
|
|
|
| |
Commands used:
go get github.com/xanzy/ssh-agent@latest
go mod tidy
|
| |
|
| |
|
|
|
|
| |
improve path security
|
|
|
|
| |
github.com/ProtonMail/go-crypto/openpgp (#283)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Git creates `.git/commondir` when there are custom worktrees (see "git worktree add" related commands).
`.git/commondir` in such case contains a link to another dot-git repository tree, which could contain some folders like:
- objects;
- config;
- refs;
- etc.
In this PR a new dotgit.RepositoryFilesystem struct is defined, which is billy.Filesystem interface compatible object-wrapper, that can handle commondir and dispatch all operations to the correct file path.
`git.PlainOpen` remain unchanged, but `git.PlainOpenWithOptions` has a new option: `PlainOpenOptions.EnableDotGitCommonDir=true|false` (which is false by default). When `EnableDotGitCommonDir=true` repository-open procedure will read `.git/commondir` (if it exists) and then create dotgit.RepositoryFilesystem object initialized with 2 filesystems. This object then passed into storage and then into dotgit.DotGit as `billy.Filesystem` interface. This object will catch all filesystem operations and dispatch to the correct repository-filesystem (dot-git or common-dot-git) according to the rules described in the doc: https://git-scm.com/docs/gitrepository-layout#Documentation/gitrepository-layout.txt. EnableDotGitCommonDir option will only work with the filesystem-backed storage.
Also worktree_test.go has been adopted from an older, already existing existing PR: https://github.com/src-d/go-git/pull/1098. This PR needs new fixtures added in the following PR: https://github.com/go-git/go-git-fixtures/pull/1.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Not all the tests pass yet but this makes go-git usable on Plan 9.
Please merge this after https://github.com/src-d/go-billy/pull/78.
Fixes #756
Signed-off-by: Fazlul Shahriar <fshahriar@gmail.com>
|
|
|
|
| |
Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>
|
|
|
|
|
|
|
| |
This enables interacting with git remotes over SSH when behind a SOCKSv5
firewall.
Signed-off-by: Jacob Blain Christen <dweomer5@gmail.com>
|
|
|
|
| |
Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>
|
|
|
|
| |
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
|
|
Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>
|