chore(deps): update rust crate gix to 0.63.0 [security] #10
+400
−235
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.54.1
->0.63.0
GitHub Vulnerability Alerts
CVE-2024-32884
Summary
gix-transport
does not check the username part of a URL for text that the externalssh
program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs.Details
This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. Since https://github.com/Byron/gitoxide/pull/1032,
gix-transport
checks the host and path portions of a URL for text that has a-
in a position that will causessh
to interpret part of all of the URL as an option argument. But it does not check the non-mandatory username portion of the URL.As in Git, when an address is a URL of the form
ssh://username@hostname/path
, or when it takes the special formusername@hostname:dirs/repo
, this is treated as an SSH URL.gix-transport
will replace some characters inusername
with their%
-based URL encodings, but otherwise passesusername@hostname
as an argument to the externalssh
command. This happens even ifusername
begins with a hyphen. In that case,ssh
treats that argument as an option argument, and attempts to interpret and honor it as a sequence of one or more options possibly followed by an operand for the last option.This is harder to exploit than GHSA-rrjw-j4m2-mf34, because the possibilities are constrained by:
The difficulty of forming an option argument
ssh
accepts, given that characters such as=
,/
, and\
, are URL-encoded,:
is removed, and the argument passed tossh
contains the@
sign and subsequent host identifier, which in an effective attack must be parseable as a suffix of the operand passed to the last option.The inability to include a literal
=
prevents the use of-oNAME=VALUE
(e.g.,-oProxyCommand=payload
). The inability to include a literal/
or\
prevents smuggling in a path operand residing outside the current working directory, incuding on Windows. (Although a~
character may be smuggled in,ssh
does not perform its own tilde expansion, so it does not form an absolute path.)The difficulty, or perhaps impossibility, of completing a connection (other than when arbitrary code execution has been achieved). This complicates or altogether prevents the use of options such as
-A
and-X
together with a connection to a real but malicious server. The reason a connection cannot generally be completed when exploiting this vulnerability is that, because the argumentgix-transport
intends as a URL is treated as an option argument,ssh
treats the subsequent non-option argumentgit-upload-pack
as the host instead of the command, but it is not a valid host name.Although
ssh
supports aliases for hosts, even ifgit-upload-pack
could be made an alias, that is made difficult by the URL-encoding transformation.However, an attacker who is able to cause a specially named
ssh
configuration file to be placed in the current working directory can smuggle in an-F
option referencing the file, and this allows arbitrary command execution.This scenario is especially plausible because programs that operate on git repositories are often run in untrusted git repositories, sometimes even to operate on another repository. Situations where this is likely, such that an attacker could predict or arrange it, may for some applications include a malicious repository with a malicious submodule configuration.
Other avenues of exploitation exist, but appear to be less severe. For example, the
-E
option can be smuggled to create or append to a file in the current directory (or its target, if it is a symlink). There may also be other significant ways to exploit this that have not yet been discovered, or that would arise with new options in future versions ofssh
.PoC
To reproduce the known case that facilitates arbitrary code execution, first create a file in the current directory named
[email protected]
, of the formwhere
payload
is a command with an observable side effect. On Unix-like systems, this could bedate | tee vulnerable
or anxdg-open
,open
, or other command command to launch a graphical application. On Windows, this could be the name of a graphical application already in the search path, such ascalc.exe
.(Although the syntax permitted in the value of
ProxyCommand
may vary by platform, this is not limited to running commands in the current directory. That limitation only applies to paths directly smuggled in the username, not to the contents of a separate malicious configuration file. Arbitrary other settings may be specified in[email protected]
as well.)Then run:
gix clone 'ssh://[email protected]/abc'
Or:
gix clone -- '[email protected]:abc/def'
(The
--
is required to ensure thatgix
is really passing the argument as a URL for use ingix-transport
, rather than interpreting it as an option itself, which would not necessarily be a vulnerability.)In either case, the payload specified in
[email protected]
runs, and its side effect can be observed.Other cases may likewise be produced, in either of the above two forms of SSH addresses. For example, to create or append to the file
[email protected]
, or to create or append to its target if it is a symlink:gix clone 'ssh://[email protected]/abc'
gix clone -- '[email protected]:abc/def'
Impact
As in GHSA-rrjw-j4m2-mf34, this would typically require user interaction to trigger an attempt to clone or otherwise connect using the malicious URL. Furthermore, known means of exploiting this vulnerability to execute arbitrary commands require further preparatory steps to establish a specially named file in the current directory. The impact is therefore expected to be lesser, though it is difficult to predict it with certainty because it is not known exactly what scenarios will arise when using the
gix-transport
library.Users who use applications that make use of
gix-transport
are potentially vulnerable, especially:CVE-2024-35186
Summary
During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application.
Details
Although
gix-worktree-state
checks for collisions with existing files, it does not itself check if a path is really in the working tree when performing a checkout, nor do the path checks ingix-fs
andgix-worktree
prevent this. Cloning an untrusted repository containing specially crafted tree or blob names will create new files outside the repository, or inside the repository or a submodule's.git
directory. The simplest cases are:..
to traverse upward. This facilitates arbitrary code execution because files can be placed in one or more locations where they are likely to be executed soon..git
to enter a.git
directory. This facilitates arbitrary code execution because hooks can be installed.A number of alternatives that achieve the same effect are also possible, some of which correspond to specific vulnerabilities that have affected Git in the past:
/
, to traverse upward or downward. For example, even without containing any tree named..
or.git
, a repository can represent a file named../outside
or.git/hooks/pre-commit
. This is distinct from the more intuitive case a repository containing trees that represent those paths.\
, to traverse upward or downward. (Unlike/
, these are valid on other systems.) See GHSA-xjx4-8694-q2fq..git
..git
or a case variant, with characters added that HFS+ ignores in collation. See git/git@6162a1d..git
(or a case variant) by the use of NTFS stream notation, such as.git::$INDEX_ALLOCATION
. See GHSA-5wph-8frv-58vj.git~1
(or a case variant). See GHSA-589j-mmg9-733v.When a checkout creates some files outside the repository directory but fails to complete, the repository directory is usually removed, but the outside files remain.
PoC
For simplicity, these examples stage a stand-in file with a valid name, modify the index, and commit. The instructions assume
sed
supports-i
, which is the case on most systems. If using Windows, a Git Bash shell should be used.Example: Downward traversal to install hooks
git init dangerous-repo-installs-hook
andcd
into the directory..git@hooks@pre-commit
, with the contents:git add --chmod=+x .git@hooks@pre-commit
env LC_ALL=C sed -i.orig 's|\.git@hooks@pre-commit|.git/hooks/pre-commit|' .git/index
git commit -m 'Initial commit'
Then, on another or the same machine:
gix clone …
command.ls -l .git/hooks
to observe that thepre-commit
hook is already present.git
. This causes the payload surreptitiously installed as apre-commit
hook to run, printing the messageVulnerable!
and creating a file in the current directory containing the current date and time.Note that the effect is not limited to modifying the current directory. The payload could be written to perform any action that the user who runs
git commit
is capable of.Example: Upward traversal to create a file above the working tree
git init dangerous-repo-reaches-up
, andcd
into the directory.echo 'A file outside the working tree, somehow.' >..@​outside
git add ..@​outside
env LC_ALL=C sed -i.orig 's|\.\.@​outside|../outside|' .git/index
git commit -m 'Initial commit'
Then, as above, on the same or another machine, clone the repository with a
gix clone …
command. Observe that a file namedoutside
is present alongside (not inside) the cloned directory.Impact
Any use of
gix
or another application that makes use ofgix-worktree-state
, or otherwise relies ongix-fs
andgix-worktree
for validation, is affected, if used to clone untrusted repositories. The above description focuses on code execution, as that leads to a complete loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well.In use cases where no untrusted repository is ever cloned, this vulnerability has no impact. Furthermore, the impact of this vulnerability may be lower when
gix
is used to clone a repository for CI/CD purposes, even if untrusted, since in such uses the environment is usually isolated and arbitrary code is usually run deliberately from the repository with necessary safeguards in place.CVE-2024-35197
Summary
On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that appear to have come from the application, and potentially other harmful effects under limited circumstances.
Details
It is possible to create a Git repository that contains references or filenames that Windows treats as legacy DOS-style aliases for system devices. When such a repository is cloned:
gix-ref
does not include a check for such names before attempting to access them on disk, which reads from the devices, though the ability to exfiltrate data appears limited.gix-worktree-state
does not treat such names as collisions and instead writes to them, which writes arbitrary attacker-controlled data to the devices.Some such device names refer to devices that are often absent or inaccessible. But a few are guaranteed to be available, allowing some attacks to be carried out with low complexity. For both reading refs and writing paths, one important case is the console:
CON
orCONIN$
reads data from the console, thereby blocking on console input, including in most situations where a console is not readily available. This may facilitate denial of service attacks.CON
orCONOUT$
writes its contents to the console. This allows an untrusted repository to produce arbitrary text that appears to be a message from the application. Such text may facilitate social engineering if it is selected to instruct the user to perform a particular action.Another potentially important case is serial ports. For example,
COM1
refers to the first serial port, if present. A malicious repository may be able to disrupt intended use of serial ports or attempt to interact with a device. In some configurations, it may be possible to interfere with the operation of a physical or virtual serial console. On Windows, local access to serial ports is often permitted even for limited user accounts without elevation.Naming Files, Paths, and Namespaces covers most reserved names.
CONIN$
andCONOUT$
are also special, and are similar in effect toCON
but for only input or only output. These names are case-insensitive and can also be accessed with file extensions (e.g,CON.txt
is equivalent toCON
) and with some variations involving added spaces or colons.PoC
Ref example
Create a repository on a non-Windows system (or in WSL) with at least one commit. Use
git tag CON
to create a lightweight tag namedCON
. Place the repository somewhere it can be cloned on Windows. Afile://
URL is sufficient for testing if a private remote is unavailable. If usinggit push
, pass--tags
so the remote has the tag.On a Windows system, clone the repository with
gix clone
. This command will block immediately, reading input from the console. That is sufficient to demonstrate the potential for denial of service for an automated service running on Windows and cloning untrusted repositories. The experiment can be stopped with Ctrl+C.However, if desired, input can be provided. Ending input with Ctrl+Z followed by Enter will cause it to be passed to the application. This will lead to an error message, the specific details of which vary by whether the input is empty or nonempty, and whether it matches or does not match the hexadecimal hash of the tagged commit.
Path example
Create a repository on a non-Windows system (or in WSL) and commit a file named
CON
with the contents:While that example text serves to illustrate the risk, any distinctive text is sufficient to observe the vulnerability. Place the repository somewhere it can be cloned on Windows. As above, a
file://
URL is sufficient.On a Windows system, clone the repository with
gix clone
. The output usually looks like this, with the deceptive message appearing to come fromgix
:The exact placement of the message is nondeterministic. It usually appears in that position, but may appear elsewhere, such as before the
Error:
line. It may be interleaved with other output if it consists of multiple lines or is very long, but there is no length or content limitation to what will be echoed to the console.Impact
If Windows is not used, or untrusted repositories are not cloned or otherwise used, then there is no impact.
The impact is expected to be limited in common configurations, but may vary widely depending on what devices exist, how they are being used, how much knowledge an attacker has of the precise details of their use, and whether the user is likely to trust information that appears in a console. Accessing devices through refs is expected to be less dangerous than accessing them through filenames, since it is trivial to attempt to write arbitrary data using filenames.
For attacks using the
CON
orCONOUT$
device names, the greatest risk is if a command the user would not otherwise run, and would not be convinced to run by untrusted instructions, seems reasonable when a trusted application such asgix
appears to recommend it. The user may then be misled into running an attacker's command.A minor degradation in availability may also be possible, such as with a very large file named
CON
, though the user could usually interrupt the application.Release Notes
GitoxideLabs/gitoxide (gix)
v0.63.0
: gix v0.63.0Compare Source
New Features
checkout respects options for
core.protectHFS
andcore.protectNTFS
.This also adds
gitoxide.core.protectWindows
as a way to enforceadditional restrictions that are usually only available on Windows.
Note that
core.protectNFS
is always enabled by default, just likeit is in Git.
Bug Fixes
empty paths as configured will not be an error with lenient configuration enabled.
When using
gix::open_opts(path, options.strict_config(false))
, emptycore.excludesFile
valueswill not cause an error anymore.
Note that in strict mode, the behaviour is unchanged so invalid configuration can rather be fixed
than ignored.
don't unwrap when reading possibly left-over bytes from pack-stream
Commit Statistics
Commit Details
view details
88a6a4e
)3c7b7b3
)9511416
)d6cd449
)cd4de83
)6f55f2a
)79dce79
)gix-ref
(d2ae9d5
)gix-index
(5f86e6b
)f961687
)fcc3b69
)bad9a79
)core.protectHFS
andcore.protectNTFS
. (886d6b5
)gix-worktree
(1ca6a3c
)3c21741
)d3588ca
)04ef31e
)git2
(5197b5a
)e791bc5
)977346e
)54ac559
)fe24c89
)41bf65a
)v0.62.0
: gix v0.62Compare Source
Please note that this release contains a security fix originally implemented in
gix-transport
via this PR which preventsssh
options to be smuggled into thessh
command-line invocation with a username provided to a clone or fetch URL.Details can be found in the advisory.
Bug Fixes
into_index_worktree_iter()
now takes an iterator, instead of a Vec.This makes the API more consistent, and one can pass
None
as well.
show submodules in status independently of their active state.
Even inactive submodules are shown in the status by
git status
,so
gix
should do the same.First observed in https://github.com/helix-editor/helix/pull/5645#issuecomment-2016798212
forward
curl
rustls feature fromgix-transport
to avoidcurl
ingix
.This removes the
curl
dependency just for configuring it, and removesa hazard which became evident with reqwest.
Bug Fixes (BREAKING)
topo
more similar toAncestors
, but also renameAncestors
toSimple
Commit Statistics
Thanks Clippy
Clippy helped 1 time to make code idiomatic.
Commit Details
curl
rustls feature fromgix-transport
to avoidcurl
ingix
. (GitoxideLabs/gitoxide@98cfbec)gix-traverse
(GitoxideLabs/gitoxide@1cfeb11)topo
more similar toAncestors
, but also renameAncestors
toSimple
(GitoxideLabs/gitoxide@2a9c178)gix-traverse
(GitoxideLabs/gitoxide@6154bf3)into_index_worktree_iter()
now takes an iterator, instead of a Vec. (GitoxideLabs/gitoxide@18b2921)is_path_excluded()
in documentation (GitoxideLabs/gitoxide@c136329)gix-index
(GitoxideLabs/gitoxide@1e1fce1)v0.61.1
: gix v0.61.1Compare Source
This release also updates
reqwest
to v0.12, bringing hyper 1.0 and a more recentrustls
version.Bug Fixes
Commit Statistics
Commit Details
view details
7018a92
)8fde62b
)curl
into a workspace package (adee500
)369cf1b
)3b34699
)f1bc4cd
)e1fec3c
)v0.61.0
: gix v0.61.0Compare Source
Documentation
New Features (BREAKING)
Repository::dirwalk_iter()
.That way, more copying happens but the usability increases tremendously as well.
It's breaking as public types moved from
repository::dirwalk
todirwalk
,dissolving
repository::dirwalk
entirely.Commit Statistics
Commit Details
view details
129ba3d
)41cd53e
)Repository::dirwalk_iter()
. (ba3f2db
)gix-dir
(b90ab3d
)4ccf39b
)c18734b
)e51b6b6
)v0.60.0
: gix v0.60.0Compare Source
New Features
gix status --index-worktree-renames
This enables rename-tracking between worktree and index, something
that Git also doesn't do or doesn't do by default.
It is, however, available in
git2
.commit::describe::Resolution::format_with_dirty_suffix()
Repository::is_dirty()
The simplest way to learn if the repository is dirty or not.
Submodule::status()
method.That way it's possible to obtain submodule status information,
with enough information to implement
git status
-like commands.Status
iterator.We also move the
IndexPersistedOrInMemory
type to theworktree
moduleas its more widely useful.
New Features (BREAKING)
diff::resource_cache()
now takes the attribute stack directly.That way, the constructor becaomes more versatile as the user can chose
to pass attribute stacks that have more functionality, and thus can be
used in more places.
Commit Statistics
Commit Details
view details
52c3bbd
)3e5c974
)3753592
)summary
available forItem
. (da45d92
)gix status --index-worktree-renames
(66e87cd
)status.showUntrackedFiles
to config-tree and use it instatus()
(22abf60
)f8ce3d0
)f1ba7bd
)17bef30
)commit::describe::Resolution::format_with_dirty_suffix()
(c7ddd30
)Repository::is_dirty()
(c20ad28
)4a4989d
)Submodule::status()
method. (a29fa00
)Status
iterator. (0330ad7
)diff::resource_cache()
now takes the attribute stack directly. (57cf83b
)v0.59.0
: gix v0.59.0Compare Source
New Features
Repository::dirwalk_with_delegate()
.That way it's possible to perform arbitrary directory walks,
useful for status, clean, and add.
open::Options::current_dir()
.That way it's possible to obtain the current working directory
with which the repository was opened.
New Features (BREAKING)
Otherwise it's not possible to have the 'no pattern matches everything' case
which is important in conjunction with prefixes and the requirement to
still see everything outside of the prefix.
Bug Fixes (BREAKING)
Commit Statistics
Commit Details
view details
f2e111f
)bb48c4c
)0b1b44f
)1e85396
)gix-dir
(ab0f63a
)e186199
)gix::clone::PrepareFetch::new
, crate_opts -> create_opts (adbf8e8
)gix-status
(366dfb3
)gix-dir
(e91accc
)a86a5c0
)b81d8ae
)face359
)Repository::dirwalk_with_delegate()
. (6914d1a
)open::Options::current_dir()
. (d8bd45e
)7b44c7f
)8430442
)8a62fb5
)b8cba96
)v0.58.0
: gix v0.58.0Compare Source
New Features
add
max-control
feature for fine-grained performance control.This also adds the following performance features:
zlib-ng
zlib-ng-compat
zlib-stock
parallel-walkdir
Bug Fixes
object::tree::diff::Platform::for_each_to_obtain_tree(callback)
errors are more convenient to use.Due to a change in how the generic error type is declared it should now be possible to
use
anyhow
with it as well.Commit Statistics
Commit Details
view details
object::tree::diff::Platform::for_each_to_obtain_tree(callback)
errors are more convenient to use. (e3c5a0f
)6a2e0be
)d8570d0
)max-control
feature for fine-grained performance control. (8847676
)5d176fc
)gix_fs::current_dir(precompose_unicode)
. (7d8d167
)gix-features
(eacb5a4
)env::args_os_opt()
which takes an argument to determine input unicode-decomposition (a7e606b
)b6c04c8
)39f35da
)3ef3bc2
)max-performance-zlib-ng-compat
flag (1ba9488
)cfb06ec
)v0.57.1
: gix v0.57.1Compare Source
Chore
change
rust-version
manifest field back to 1.65.They didn't actually need to be higher to work, and changing them
unecessarily can break downstream CI.
Let's keep this value as low as possible, and only increase it when
more recent features are actually used.
Commit Statistics
Commit Details
view details
8c492d7
)rust-version
manifest field back to 1.65. (3bd09ef
)v0.57.0
: gix v0.57.0Compare Source
Chore
Our MSRV follows the one of
helix
, which in turn follows Firefox.New Features
Repository::rev_parse*()
now supportsbranch@{upstream|push|u|p}
.Previously it would be parsed, but always error as the implementation didn't exist.
Now it will return the fetch and push tracking branches respectively.
Add
Reference::remote_tracking_ref_name()
and*::remote_ref_name()
.These methods mirror their respective
Repository::branch_*
prefixed versions.add
Repository::branch_remote_tracking_ref_name()
.add
push.default
config keyadd
config::Snapshot::trusted_program()
.That way it's possible to obtain an executable, program or script
from a key in the configuration that is in a trusted section of the
configuration.
This goes along with a new
command
feature that brings in thecommand
module at the top level to be able to execute such commands.
add
clone::PrepareFetch::with_in_memory_config_overrides()
.With it one can affect the repository configuration right before fetching.
New Features (BREAKING)
Repository::remote_names|remote_default_name()
now returnsCow<'_, BStr>
instead ofCow<'_, str>
.That way information won't degenerate due to enforcement of UTF-8.
Bug Fixes (BREAKING)
rename
Repository::branch_remote_ref()
toRepository::branch_remote_ref_name()
, adddirection
argument (also toRepository::branch_remote_name()
andRepository::branch_remote()
).This better differentiates the return value from the corresponding ref objects,
which would require the named ref to exist in the repository.
The
direction
argument allows to get the reference to push to as well.Further, it now takes a full ref name to support deriving the name of branches
to push to.
Regarding
Repository::branch_remote()
, previously, this functionalitywas only available from a
Reference
,but now it's more generally available with just a branch name.
The method was also adjusted to permit looking up non-symbolic remote
names, like remotes that are specified by their URL.
mark
gix::interrupt::init_handler()
as unsafeThe passed
interrupt()
argument will be called from a signalhandler, so that needs to be documented and the call sites need to
state that they fulfill the contract.
Thanks to @Manishearth for pointing this out.
Commit Statistics
Thanks Clippy
Clippy helped 1 time to make code idiomatic.
Commit Details
view details
11c9f66
)8ef0538
)config::Snapshot::trusted_program()
. (3f84213
)2e04403
)e78a92b
)4454c9d
)aea89c3
)d38d1cc
)0fe20e8
)530c15d
)Repository::rev_parse*()
now supportsbranch@{upstream|push|u|p}
. (3fba5b8
)Reference::remote_tracking_ref_name()
and*::remote_ref_name()
. (270322e
)Repository::branch_remote_tracking_ref_name()
. (4aa4b05
)Repository::branch_remote_ref()
toRepository::branch_remote_ref_name()
, adddirection
argument (also toRepository::branch_remote_name()
andRepository::branch_remote()
). (404fde5
)Repository::remote_names|remote_default_name()
now returnsCow<'_, BStr>
instead ofCow<'_, str>
. (5c07c76
)push.default
config key (8ac2dcc
)cda5b51
)1691ba6
)c1cfe6e
)20dce42
)Executable
andProgram
(56d1d09
)core.editor
key (ff71e07
)7549559
)35439de
)b6f2b81
)98b08f4
)8dda069
)mailmap
keys and make a few improvements. (7f65ffd
)mailmap
keys (1bf3e88
)86c7fa1
)281fda0
)clone::PrepareFetch::with_in_memory_config_overrides()
. (b5c36b8
)9833b45
)4917beb
)c23bb87
)gix::interrupt::init_handler()
as unsafe (59b8104
)d77bc0e
)cd26fd8
)56588a9
)ec0211a
)v0.56.0
: gix v0.56.0Compare Source
New Features
gitoxide.core.externalCommandStderr
to allow enablingstderr
to the enclosing terminal.Previously, this was enabled by default, now it can additionally be disabled by
the caller.
gitoxide.credentials.helperStderr
key to control how stderr is handled with helpers.That way users can configure each repository instance according to their needs,
with which includes disabling the
stderr
of credential helpers.revision::Spec::path_and_mode()
Provide additional information about revspecs for use with
worktree filters.
diff.external
.That way it's conceivable that applications correctly run either
a configured external diff tool, or one that is configured on a
per diff-driver basis, while being allowed to fall back to
a built-in implementation as needed.
diff::resource_cache()
low-level utility for rapid in-memory diffing of combinations of resources.We also add the
object::tree::diff::Platform::for_each_to_obtain_tree_with_cache()
to pass a resource-cachefor re-use between multiple invocation for significant savings.
This value can by overriden by GIT_SSL_NO_VERIFY env variable. We use
the value to override http.sslVerify when specifying ssl_verify in
transport Options.
gitoxide.core.refsNamespace
key and respect theGIT_NAMESPACE
environment variable.It's also provided as context value.
verbose-object-parsing-errors
available ingix
.That way, it's easy to create programs that are geared towards
debugging repositories and finding invalid objects with detailed
errors.
gitoxide.credentials.terminalPrompt
key to represent the GIT_TERMINAL_PROMPTThat way, it's easy to control the usage of terminals without using and environment.
http-client-curl-rustls
(CLI) andblocking-http-transport-curl-rustls
(lib) features to avoid openssl.That way, we should be able to avoid crashes on certain CI configurations.
Head::try_into_peeled_object()
andHead::peel_to_object_in_place()
This makes it easier to peel to a specific object type, after
all tags have been followed, without having to assume an intermediate
commit.
Bug Fixes
assure the correct repository is used for checkouts after clone.
If this is not the case, it's possible for filters to run in the context of
potential parent repositories, which then can have all kinds of issues.
In case of
git-lfs
, for instance, it would try to download objectsfrom the wrong repository.
Allow multiple packs to be received one after another.
Previously it would be difficult to perform another fetch operation on the
same connection as the final flush packet after a pack wouldn't be consumed.
This has now been mitigated by consuming it in the one place where knoweldge
about this specialty exists.
don't use
trust-dns
by default when using request.It's reported to have issues under certain condition, please https://github.com/seanmonstar/reqwest/pull/437pull/437 for more.
The
blocking-http-transport-reqwest-rust-tls-trust-dns
feature was addedto provide the same feature-set as before for those who want
trust-dns
.V1 negotiation won't hang anymore
The logic previously tried to estimate when a pack can be expected,
and when a NAK is the end of a block, or the beginning of a pack.
This can be known because a pack (with our settings) needs two things:
done
sent by the clientNew Features (BREAKING)
object::blob::diff::Platform
now performs all necessary conversions.Previously it would just offer the git-ODB version of a blob for diffing,
while it will now make it possible to apply all necessary conversion steps
for you.
This also moves
Event::diff()
toChange::diff()
, addsRepository::diff_resource_cache()
and refactors nearly everythingabout the
objects::blob::diff::Platform
.generalize rename-tracking engine for later use with status.
Previously the rename tracking engine was integrated with tree-diffs,
but already operates in a stand-alone fashion.
Now it's officially generalized which allows it to be tested separately
and used when tracking renames for diffs between index and tree, index
and index, and index and worktree.
make it possible to trace incoming and outgoing packetlines.
Due to the way this is (and has to be) setup, unfortunately one
has to integrate that with two crates, instead of just one.
This changes touches multiple crates, most of which receive a single
boolean as last argument to indicate whether the tracing should
happen in the first place.
improve
head()
peeling APIPreviously it was partially untested and it was hard to obtain an object of choice.
Further breaking changes:
Head::peeled()
tointo_peeled_id()
Head::into_fully_peeled_id()
totry_peel_into_id()
Head::peel_to_id_in_place()
toHead::try_peel_to_id_in_place()
Bug Fixes (BREAKING)
GITOXIDE_*
environment variables toGIX_#
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.