mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
26153 commits 13 branches 442 tags 103 MiB
Commit graph

26153 commits

This branch
This branch
All branches
Author SHA1 Message Date
SamuelTardieu
7b73f343ae Added a comment 2015-12-17 11:15:55 +00:00
jhannwong@c9c7a67b5632a4bbc0c959cfeb3d340e02f28565
a604f7cd93 2015-12-17 02:25:02 +00:00
pete.ward@26c41318616c4cf9601d0431557c1df734ccdb77
ffefc488f4 2015-12-16 22:15:17 +00:00
Joey Hess
0914d33b21
Merge branch 'master' of ssh://git-annex.branchable.com 2015-12-16 17:05:12 -04:00
Joey Hess
ca9b84754d
devblog 2015-12-16 17:04:48 -04:00
wsha.code+ga@b38779424f41c5701bbe5937340be43ff1474b2d
4a02a243f3 Added a comment 2015-12-16 11:21:48 +00:00
14.203.223.70
ff5de4ff57 poll vote (My phone (or MP3 player)) 2015-12-16 07:09:17 +00:00
Joey Hess
1c3b644345
Merge branch 'master' of ssh://git-annex.branchable.com 2015-12-15 20:50:52 -04:00
Joey Hess
25bc6ea6d8
bring back some deleted functions that git-repair uses 2015-12-15 20:42:35 -04:00
Joey Hess
96dd0f4ebe
improve temp dir security 
http://bugs.debian.org/807341

* Fix insecure temporary permissions when git-annex repair is used in
  in a corrupted git repository.

  Other calls to withTmpDir didn't leak any potentially private data,
  but repair clones the git repository to a temp directory which is made
  using the user's umask. Thus, it might expose a git repo that is
  otherwise locked down.

* Fix potential denial of service attack when creating temp dirs.

  Since withTmpDir used easily predictable temporary directory names,
  an attacker could create foo.0, foo.1, etc and as long as it managed to
  keep ahead of it, could prevent it from ever returning.

  I'd rate this as a low utility DOS attack. Most attackers in a position
  to do this could just fill up the disk /tmp is on to prevent anything
  from writing temp files. And few parts of git-annex use withTmpDir
  anyway, so DOS potential is quite low.

Examined all callers of withTmpDir and satisfied myself that
switching to mkdtmp and so getting a mode 700 temp dir wouldn't break any
of them.

Note that withTmpDirIn continues to not force temp dir to 700.
But it's only used for temp directories inside .git/annex/wherever/
so that is not a problem.

Also re-audited all other uses of temp files and dirs in git-annex.
 2015-12-15 20:21:48 -04:00
wsha.code+ga@b38779424f41c5701bbe5937340be43ff1474b2d
555f5ae302 removed 2015-12-14 12:04:46 +00:00
wsha.code+ga@b38779424f41c5701bbe5937340be43ff1474b2d
eb822fbd1c Added a comment 2015-12-14 12:03:58 +00:00
wsha.code+ga@b38779424f41c5701bbe5937340be43ff1474b2d
9051166774 Added a comment 2015-12-14 12:03:23 +00:00
https://me.yahoo.com/a/ZF7p46cPmpWtb9zvA8iTitPmiQ--#eb014
9690904b45 Added a comment: It worked 2015-12-14 04:46:46 +00:00
https://me.yahoo.com/a/ZF7p46cPmpWtb9zvA8iTitPmiQ--#eb014
367791c827 Added a comment: I'm also having this issue 2015-12-14 03:17:58 +00:00
yminus
97bb479165 Added a comment 2015-12-13 22:55:16 +00:00
scorchgeek
d998d20364 Added a comment: Indeed 2015-12-13 22:30:47 +00:00
basak
4c8fdaa008 Added a comment 2015-12-13 21:35:59 +00:00
joakim.hovlandsvag@ad788ffa13d1ccbf03f2c485653900f8baa33950
ea01310d98 Added a comment: Repairing ignores disk space issues too 2015-12-13 09:13:25 +00:00
joakim.hovlandsvag@ad788ffa13d1ccbf03f2c485653900f8baa33950
7bca9bc5b1 2015-12-13 07:42:22 +00:00
scorchgeek
928de5e3ad create page 2015-12-12 22:44:00 +00:00
Joey Hess
04e00146ed
Debian: Build depend on concurrent-output. 
In unstable now.
 2015-12-12 12:19:31 -04:00
wsha.code+ga@b38779424f41c5701bbe5937340be43ff1474b2d
4183f0e1dc Added a comment 2015-12-12 10:42:47 +00:00
wsha.code+ga@b38779424f41c5701bbe5937340be43ff1474b2d
68e05915ed Added a comment 2015-12-12 05:28:51 +00:00
https://openid.stackexchange.com/user/27ceb3c5-0762-42b8-8f8a-ed21c284748f
c475d71f9e Added a comment 2015-12-11 22:58:22 +00:00
http://www.ryantm.com/
5e01b40151 2 more data -> 2 more days 2015-12-11 21:04:54 +00:00
Joey Hess
3e54d95aa3
devblog 2015-12-11 16:24:21 -04:00
Joey Hess
abd66c7089
fsck: Failed to honor annex.diskreserve when checking a remote. 2015-12-11 13:50:27 -04:00
Joey Hess
4407df6314
Merge branch 'master' of ssh://git-annex.branchable.com 2015-12-11 12:15:29 -04:00
Joey Hess
0f126440ca
webdav: When testing the WebDAV server, send a file with content. The empty file it was sending tickled bugs in some php WebDAV server. 2015-12-11 12:13:20 -04:00
Joey Hess
48bc7a9057
comment 2015-12-11 11:27:33 -04:00
Joey Hess
4ea479f776
comment 2015-12-11 11:23:57 -04:00
Joey Hess
9e34ed66f7
comment 2015-12-11 11:20:35 -04:00
Joey Hess
b12fc8cf1b
add Blackblaze B2 extranal special remote to the list 2015-12-11 11:06:02 -04:00
Joey Hess
bbfd454edc
comment 2015-12-11 11:04:48 -04:00
Joey Hess
eee5bede24
clean up 2015-12-11 11:03:22 -04:00
yminus
3e59d498c4 Added a comment 2015-12-10 22:25:26 +00:00
http://joeyh.name/
a6dec1c9db Added a comment 2015-12-10 18:58:46 +00:00
Joey Hess
b376047cc3
comment 2015-12-10 12:31:26 -04:00
fbicknel@01ede624a1a56b3998b823e9b60da0ff81cccb16
4b31d9c404 Added a comment: Complete removal 2015-12-10 16:16:43 +00:00
Joey Hess
a0528db092
Add S3 features to git-annex version output. 2015-12-10 11:42:49 -04:00
Joey Hess
d283fa4fe9
comment 2015-12-10 11:22:28 -04:00
Joey Hess
79dd48546a
response 2015-12-10 11:20:01 -04:00
Joey Hess
2f25b8360f
response 2015-12-10 11:15:06 -04:00
https://openid.stackexchange.com/user/27ceb3c5-0762-42b8-8f8a-ed21c284748f
7a03f55aa0 Added a comment: The downside 2015-12-10 03:45:09 +00:00
https://openid.stackexchange.com/user/3ee5cf54-f022-4a71-8666-3c2b5ee231dd
b9312e3554 2015-12-09 23:01:21 +00:00
Joey Hess
d0449ac1e4
Merge branch 'master' of ssh://git-annex.branchable.com 2015-12-09 18:14:19 -04:00
Joey Hess
3964d3388b
devblog 2015-12-09 18:13:31 -04:00
openmedi
ef664f089f Added a comment 2015-12-09 20:18:48 +00:00
https://me.yahoo.com/a/EbvxpTI_xP9Aod7Mg4cwGhgjrCrdM5s-#7c0f4
5ef6ed8b9a Added a comment: anyone saw/worked on backend for watchdox service? (not free one but needed :-/) 2015-12-08 19:45:03 +00:00