Justin Tobler wrote:
> On 25/07/08 05:05PM, Todd Zullinger wrote:
>> In a recent security release, 05e9cd64ee (config: quote values
>> containing CR character, 2025-05-19) added calls to `git config get`,
>> `git config set`, and `git config unset` which are not present on the
>> maint-2.43 branch.
>>
>> These subcommands were added in the following commits, released in
>> git-2.46.0:
>>
>> 4e51389000 (builtin/config: introduce "get" subcommand, 2024-05-06),
>> 00bbdde141 (builtin/config: introduce "set" subcommand, 2024-05-06),
>> 95ea69c67b (builtin/config: introduce "unset" subcommand, 2024-05-06)
>>
>> Revert to the previous `git config` syntax for older maintenance
>> branches.
>
> Thanks for raising this fix! Apologies, it slipped my mind that the
> config subsommands wouldn't be available on older versions.
No worries. Thanks for working on these CVE fixes!
I thought that the CI might catch those failures, but I
imagine they slipped past others as easily as some other
failures slipped past me last night.
There are unrelated test failures on those older maint
branches which make noticing any new test failures less
likely. Even more so when you're working on a security
issue and there is less time and fewer eyes on some of the
less important details. :)
I looked at a couple of the failed jobs at the time and they
were unrelated to the tests I'd changed. I incorrectly
presumed that was the reason for all of the failures.
A few (linux-leaks (ubuntu-latest), linux-reftable-leaks
(ubuntu-latest) failed t7450.50 (submodule must not checkout
into different directory) with:
+ printf sub\r
+ git -C repo mv sub sub
Aborted (core dumped)
error: last command exited with $?=134
+ rm -rf sub repo bad-clone
+ exit 134
+ eval_ret=134
+ :
not ok 50 - submodule must not checkout into different directory
I don't know if that is worth looking at, given the age of
these maint branches.
While I was poking though, here are the other failures from
the maint-2.45 branch runs at GitHub:
Several jobs (linux-musl (alpine), osx-gcc (macos-13))
failed in imap-send.c and http.c, with:
call to '_curl_easy_setopt_err_long' declared with
attribute warning: curl_easy_setopt expects a long
argument [-Werror=attribute-warning]
I think this has been fixed in later releases. It rings a
tiny bell, anyway.
The 'pedantic (fedora)' and 'win build' jobs both failed
with:
Error: object-file.c:58:9: initializer-string for array of
'unsigned char' truncates NUL terminator but destination
lacks 'nonstring' attribute (33 chars into 32 available)
[-Werror=unterminated-string-initialization]
58 | "\x47\x3a\x0f\x4c\x3b\xe8\xa9\x36\x81\xa2" \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
object-file.c:80:17: note: in expansion of macro 'EMPTY_BLOB_SHA256_BIN_LITERAL'
80 | .hash = EMPTY_BLOB_SHA256_BIN_LITERAL,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
which I presume is also fixed in later releases and may not
be worth fixing on these old maintenance branches.
> The changes here look good to me. :)
Thanks for the extra eyes.
--
Todd
