Skip to content

Commit 79dce79

Browse files
ByronByron
authored
Merge pull request from GHSA-7w47-3wg8-547c
fix for CVE-2024-35186 and CVE-2024-35197
2 parents 3c21741 + 1242151 commit 79dce79

File tree

97 files changed

+2268
-347
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

97 files changed

+2268
-347
lines changed

Cargo.lock

+272-14
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

gitoxide-core/src/lib.rs

+8
Original file line numberDiff line numberDiff line change
@@ -84,3 +84,11 @@ pub use discover::discover;
8484

8585
#[cfg(all(feature = "async-client", feature = "blocking-client"))]
8686
compile_error!("Cannot set both 'blocking-client' and 'async-client' features as they are mutually exclusive");
87+
88+
fn is_dir_to_mode(is_dir: bool) -> gix::index::entry::Mode {
89+
if is_dir {
90+
gix::index::entry::Mode::DIR
91+
} else {
92+
gix::index::entry::Mode::FILE
93+
}
94+
}

gitoxide-core/src/repository/attributes/query.rs

+8-7
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ pub(crate) mod function {
1414
use gix::bstr::BStr;
1515

1616
use crate::{
17+
is_dir_to_mode,
1718
repository::{
1819
attributes::query::{attributes_cache, Options},
1920
PathsOrPatterns,
@@ -38,12 +39,12 @@ pub(crate) mod function {
3839
match input {
3940
PathsOrPatterns::Paths(paths) => {
4041
for path in paths {
41-
let is_dir = gix::path::from_bstr(Cow::Borrowed(path.as_ref()))
42+
let mode = gix::path::from_bstr(Cow::Borrowed(path.as_ref()))
4243
.metadata()
4344
.ok()
44-
.map(|m| m.is_dir());
45+
.map(|m| is_dir_to_mode(m.is_dir()));
4546

46-
let entry = cache.at_entry(path.as_slice(), is_dir)?;
47+
let entry = cache.at_entry(path.as_slice(), mode)?;
4748
if !entry.matching_attributes(&mut matches) {
4849
continue;
4950
}
@@ -61,9 +62,9 @@ pub(crate) mod function {
6162
)?;
6263
let mut pathspec_matched_entry = false;
6364
if let Some(it) = pathspec.index_entries_with_paths(&index) {
64-
for (path, _entry) in it {
65+
for (path, entry) in it {
6566
pathspec_matched_entry = true;
66-
let entry = cache.at_entry(path, Some(false))?;
67+
let entry = cache.at_entry(path, entry.mode.into())?;
6768
if !entry.matching_attributes(&mut matches) {
6869
continue;
6970
}
@@ -87,10 +88,10 @@ pub(crate) mod function {
8788
let path = pattern.path();
8889
let entry = cache.at_entry(
8990
path,
90-
Some(
91+
Some(is_dir_to_mode(
9192
workdir.map_or(false, |wd| wd.join(gix::path::from_bstr(path)).is_dir())
9293
|| pattern.signature.contains(gix::pathspec::MagicSignature::MUST_BE_DIR),
93-
),
94+
)),
9495
)?;
9596
if !entry.matching_attributes(&mut matches) {
9697
continue;

gitoxide-core/src/repository/attributes/validate_baseline.rs

+1-1
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,7 @@ pub(crate) mod function {
192192
);
193193

194194
for (rela_path, baseline) in rx_base {
195-
let entry = cache.at_entry(rela_path.as_str(), Some(false))?;
195+
let entry = cache.at_entry(rela_path.as_str(), None)?;
196196
match baseline {
197197
Baseline::Attribute { assignments: expected } => {
198198
entry.matching_attributes(&mut matches);

gitoxide-core/src/repository/exclude.rs

+8-8
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ use std::{borrow::Cow, io};
33
use anyhow::bail;
44
use gix::bstr::BStr;
55

6-
use crate::{repository::PathsOrPatterns, OutputFormat};
6+
use crate::{is_dir_to_mode, repository::PathsOrPatterns, OutputFormat};
77

88
pub mod query {
99
use std::ffi::OsString;
@@ -44,11 +44,11 @@ pub fn query(
4444
match input {
4545
PathsOrPatterns::Paths(paths) => {
4646
for path in paths {
47-
let is_dir = gix::path::from_bstr(Cow::Borrowed(path.as_ref()))
47+
let mode = gix::path::from_bstr(Cow::Borrowed(path.as_ref()))
4848
.metadata()
4949
.ok()
50-
.map(|m| m.is_dir());
51-
let entry = cache.at_entry(path.as_slice(), is_dir)?;
50+
.map(|m| is_dir_to_mode(m.is_dir()));
51+
let entry = cache.at_entry(path.as_slice(), mode)?;
5252
let match_ = entry
5353
.matching_exclude_pattern()
5454
.and_then(|m| (show_ignore_patterns || !m.pattern.is_negative()).then_some(m));
@@ -66,9 +66,9 @@ pub fn query(
6666
)?;
6767

6868
if let Some(it) = pathspec.index_entries_with_paths(&index) {
69-
for (path, _entry) in it {
69+
for (path, entry) in it {
7070
pathspec_matched_something = true;
71-
let entry = cache.at_entry(path, Some(false))?;
71+
let entry = cache.at_entry(path, entry.mode.into())?;
7272
let match_ = entry
7373
.matching_exclude_pattern()
7474
.and_then(|m| (show_ignore_patterns || !m.pattern.is_negative()).then_some(m));
@@ -92,10 +92,10 @@ pub fn query(
9292
let path = pattern.path();
9393
let entry = cache.at_entry(
9494
path,
95-
Some(
95+
Some(is_dir_to_mode(
9696
workdir.map_or(false, |wd| wd.join(gix::path::from_bstr(path)).is_dir())
9797
|| pattern.signature.contains(gix::pathspec::MagicSignature::MUST_BE_DIR),
98-
),
98+
)),
9999
)?;
100100
let match_ = entry
101101
.matching_exclude_pattern()

gitoxide-core/src/repository/index/entries.rs

+2-1
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ pub(crate) mod function {
3131
};
3232

3333
use crate::{
34+
is_dir_to_mode,
3435
repository::index::entries::{Attributes, Options},
3536
OutputFormat,
3637
};
@@ -174,7 +175,7 @@ pub(crate) mod function {
174175
}
175176
// The user doesn't want attributes, so we set the cache position on demand only
176177
None => cache
177-
.at_entry(rela_path, Some(is_dir))
178+
.at_entry(rela_path, Some(is_dir_to_mode(is_dir)))
178179
.ok()
179180
.map(|platform| platform.matching_attributes(out))
180181
.unwrap_or_default(),

gitoxide-core/src/repository/revision/resolve.rs

+1-2
Original file line numberDiff line numberDiff line change
@@ -127,11 +127,10 @@ pub(crate) mod function {
127127
}
128128
gix::object::Kind::Blob if cache.is_some() && spec.path_and_mode().is_some() => {
129129
let (path, mode) = spec.path_and_mode().expect("is present");
130-
let is_dir = Some(mode.is_tree());
131130
match cache.expect("is some") {
132131
(BlobFormat::Git, _) => unreachable!("no need for a cache when querying object db"),
133132
(BlobFormat::Worktree, cache) => {
134-
let platform = cache.attr_stack.at_entry(path, is_dir, &repo.objects)?;
133+
let platform = cache.attr_stack.at_entry(path, Some(mode.into()), &repo.objects)?;
135134
let object = id.object()?;
136135
let mut converted = cache.filter.worktree_filter.convert_to_worktree(
137136
&object.data,

gix-archive/tests/archive.rs

+1-1
Original file line numberDiff line numberDiff line change
@@ -233,7 +233,7 @@ mod from_tree {
233233
noop_pipeline(),
234234
move |rela_path, mode, attrs| {
235235
cache
236-
.at_entry(rela_path, mode.is_tree().into(), &odb)
236+
.at_entry(rela_path, Some(mode.into()), &odb)
237237
.map(|entry| entry.matching_attributes(attrs))
238238
.map(|_| ())
239239
},

gix-diff/src/blob/platform.rs

+8-8
Original file line numberDiff line numberDiff line change
@@ -583,14 +583,14 @@ impl Platform {
583583
if self.diff_cache.contains_key(storage) {
584584
return Ok(());
585585
}
586-
let entry = self
587-
.attr_stack
588-
.at_entry(rela_path, Some(false), objects)
589-
.map_err(|err| set_resource::Error::Attributes {
590-
source: err,
591-
kind,
592-
rela_path: rela_path.to_owned(),
593-
})?;
586+
let entry =
587+
self.attr_stack
588+
.at_entry(rela_path, None, objects)
589+
.map_err(|err| set_resource::Error::Attributes {
590+
source: err,
591+
kind,
592+
rela_path: rela_path.to_owned(),
593+
})?;
594594
let mut buf = Vec::new();
595595
let out = self.filter.convert_to_diffable(
596596
&id,

gix-diff/tests/blob/pipeline.rs

+8-8
Original file line numberDiff line numberDiff line change
@@ -507,7 +507,7 @@ pub(crate) mod convert_to_diffable {
507507
assert_eq!(out.data, Some(pipeline::Data::Binary { size: 11 }));
508508
assert_eq!(buf.len(), 0, "buffers are cleared even if we read them");
509509

510-
let platform = attributes.at_entry("c", Some(false), &gix_object::find::Never)?;
510+
let platform = attributes.at_entry("c", None, &gix_object::find::Never)?;
511511

512512
let id = db.insert("b");
513513
let out = filter.convert_to_diffable(
@@ -589,7 +589,7 @@ pub(crate) mod convert_to_diffable {
589589
let mut db = ObjectDb::default();
590590
let null = gix_hash::Kind::Sha1.null();
591591
let mut buf = Vec::new();
592-
let platform = attributes.at_entry("a", Some(false), &gix_object::find::Never)?;
592+
let platform = attributes.at_entry("a", None, &gix_object::find::Never)?;
593593
let worktree_modes = [
594594
pipeline::Mode::ToWorktreeAndBinaryToText,
595595
pipeline::Mode::ToGitUnlessBinaryToTextIsPresent,
@@ -672,7 +672,7 @@ pub(crate) mod convert_to_diffable {
672672
"no filter was applied in this mode, also when using the ODB"
673673
);
674674

675-
let platform = attributes.at_entry("missing", Some(false), &gix_object::find::Never)?;
675+
let platform = attributes.at_entry("missing", None, &gix_object::find::Never)?;
676676
for mode in all_modes {
677677
buf.push(1);
678678
let out = filter.convert_to_diffable(
@@ -731,7 +731,7 @@ pub(crate) mod convert_to_diffable {
731731
);
732732
}
733733

734-
let platform = attributes.at_entry("b", Some(false), &gix_object::find::Never)?;
734+
let platform = attributes.at_entry("b", None, &gix_object::find::Never)?;
735735
for mode in all_modes {
736736
buf.push(1);
737737
let out = filter.convert_to_diffable(
@@ -781,7 +781,7 @@ pub(crate) mod convert_to_diffable {
781781
assert_eq!(buf.len(), 0, "it's always cleared before any potential use");
782782
}
783783

784-
let platform = attributes.at_entry("c", Some(false), &gix_object::find::Never)?;
784+
let platform = attributes.at_entry("c", None, &gix_object::find::Never)?;
785785
for mode in worktree_modes {
786786
let out = filter.convert_to_diffable(
787787
&null,
@@ -827,7 +827,7 @@ pub(crate) mod convert_to_diffable {
827827
);
828828
}
829829

830-
let platform = attributes.at_entry("unset", Some(false), &gix_object::find::Never)?;
830+
let platform = attributes.at_entry("unset", None, &gix_object::find::Never)?;
831831
for mode in all_modes {
832832
let out = filter.convert_to_diffable(
833833
&null,
@@ -879,7 +879,7 @@ pub(crate) mod convert_to_diffable {
879879
assert_eq!(buf.len(), 0);
880880
}
881881

882-
let platform = attributes.at_entry("d", Some(false), &gix_object::find::Never)?;
882+
let platform = attributes.at_entry("d", None, &gix_object::find::Never)?;
883883
let id = db.insert("d-in-db");
884884
for mode in worktree_modes {
885885
let out = filter.convert_to_diffable(
@@ -923,7 +923,7 @@ pub(crate) mod convert_to_diffable {
923923
);
924924
}
925925

926-
let platform = attributes.at_entry("e-no-attr", Some(false), &gix_object::find::Never)?;
926+
let platform = attributes.at_entry("e-no-attr", None, &gix_object::find::Never)?;
927927
let out = filter.convert_to_diffable(
928928
&null,
929929
EntryKind::Blob,

gix-dir/src/walk/classify.rs

+15-3
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,11 @@ pub fn path(
161161
.as_mut()
162162
.map_or(Ok(None), |stack| {
163163
stack
164-
.at_entry(rela_path.as_bstr(), disk_kind.map(|ft| ft.is_dir()), ctx.objects)
164+
.at_entry(
165+
rela_path.as_bstr(),
166+
disk_kind.map(|ft| is_dir_to_mode(ft.is_dir())),
167+
ctx.objects,
168+
)
165169
.map(|platform| platform.excluded_kind())
166170
})
167171
.map_err(Error::ExcludesAccess)?
@@ -203,9 +207,9 @@ pub fn path(
203207
&& ctx.excludes.is_some()
204208
&& kind.map_or(false, |ft| ft == entry::Kind::Symlink)
205209
{
206-
path.metadata().ok().map(|md| md.is_dir()).or(Some(false))
210+
path.metadata().ok().map(|md| is_dir_to_mode(md.is_dir()))
207211
} else {
208-
kind.map(|ft| ft.is_dir())
212+
kind.map(|ft| is_dir_to_mode(ft.is_dir()))
209213
};
210214

211215
let mut maybe_upgrade_to_repository = |current_kind, find_harder: bool| {
@@ -408,3 +412,11 @@ fn is_eq(lhs: &BStr, rhs: impl AsRef<BStr>, ignore_case: bool) -> bool {
408412
lhs == rhs.as_ref()
409413
}
410414
}
415+
416+
fn is_dir_to_mode(is_dir: bool) -> gix_index::entry::Mode {
417+
if is_dir {
418+
gix_index::entry::Mode::DIR
419+
} else {
420+
gix_index::entry::Mode::FILE
421+
}
422+
}

gix-discover/src/is.rs

+1-7
Original file line numberDiff line numberDiff line change
@@ -172,13 +172,7 @@ pub(crate) fn git_with_metadata(
172172
// We expect to be able to parse any ref-hash, so we shouldn't have to know the repos hash here.
173173
// With ref-table, the has is probably stored as part of the ref-db itself, so we can handle it from there.
174174
// In other words, it's important not to fail on detached heads here because we guessed the hash kind wrongly.
175-
let object_hash_should_not_matter_here = gix_hash::Kind::Sha1;
176-
let refs = gix_ref::file::Store::at(
177-
dot_git.as_ref().into(),
178-
gix_ref::store::WriteReflog::Normal,
179-
object_hash_should_not_matter_here,
180-
false,
181-
);
175+
let refs = gix_ref::file::Store::at(dot_git.as_ref().into(), Default::default());
182176
let head = refs.find_loose("HEAD")?;
183177
if head.name.as_bstr() != "HEAD" {
184178
return Err(crate::is_git::Error::MisplacedHead {

gix-features/Cargo.toml

+5-5
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ progress-unit-human-numbers = ["prodash?/unit-human"]
2525
progress-unit-bytes = ["dep:bytesize", "prodash?/unit-bytes"]
2626

2727
## If set, walkdir iterators will be multi-threaded.
28-
fs-walkdir-parallel = [ "dep:jwalk", "dep:gix-utils" ]
28+
fs-walkdir-parallel = ["dep:jwalk", "dep:gix-utils"]
2929

3030
## Provide utilities suitable for working with the `std::fs::read_dir()`.
3131
fs-read-dir = ["dep:gix-utils"]
@@ -34,18 +34,18 @@ fs-read-dir = ["dep:gix-utils"]
3434
##
3535
## Note that this may have overhead as well, thus instrumentations should be used stategically, only providing coarse tracing by default and adding details
3636
## only where needed while marking them with the appropriate level.
37-
tracing = [ "gix-trace/tracing" ]
37+
tracing = ["gix-trace/tracing"]
3838

3939
## If enabled, detailed tracing is also emitted, which can greatly increase insights but at a cost.
40-
tracing-detail = [ "gix-trace/tracing-detail" ]
40+
tracing-detail = ["gix-trace/tracing-detail"]
4141

4242
## Use scoped threads and channels to parallelize common workloads on multiple objects. If enabled, it is used everywhere
4343
## where it makes sense.
4444
## As caches are likely to be used and instantiated per thread, more memory will be used on top of the costs for threads.
4545
## The `threading` module will contain thread-safe primitives for shared ownership and mutation, otherwise these will be their single threaded counterparts.
4646
## This way, single-threaded applications don't have to pay for threaded primitives.
4747
parallel = ["dep:crossbeam-channel",
48-
"dep:parking_lot"]
48+
"dep:parking_lot"]
4949
## If enabled, OnceCell will be made available for interior mutability either in sync or unsync forms.
5050
once_cell = ["dep:once_cell"]
5151
## Makes facilities of the `walkdir` crate partially available.
@@ -159,7 +159,7 @@ bstr = { version = "1.3.0", default-features = false }
159159

160160
# Assembly doesn't yet compile on MSVC on windows, but does on GNU, see https://github.com/RustCrypto/asm-hashes/issues/17
161161
# At this time, only aarch64, x86 and x86_64 are supported.
162-
[target.'cfg(all(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"), not(target_env = "msvc")))'.dependencies]
162+
[target.'cfg(all(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"), not(target_os = "windows")))'.dependencies]
163163
sha1 = { version = "0.10.0", optional = true, features = ["asm"] }
164164

165165
[package.metadata.docs.rs]

gix-filter/tests/pipeline/convert_to_git.rs

+3-3
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ fn all_stages_mean_streaming_is_impossible() -> gix_testtools::Result {
5353
Path::new("any.txt"),
5454
&mut |path, attrs| {
5555
cache
56-
.at_entry(path, Some(false), &gix_object::find::Never)
56+
.at_entry(path, None, &gix_object::find::Never)
5757
.expect("cannot fail")
5858
.matching_attributes(attrs);
5959
},
@@ -82,7 +82,7 @@ fn only_driver_means_streaming_is_possible() -> gix_testtools::Result {
8282
Path::new("subdir/doesnot/matter/any.txt"),
8383
&mut |path, attrs| {
8484
cache
85-
.at_entry(path, Some(false), &gix_object::find::Never)
85+
.at_entry(path, None, &gix_object::find::Never)
8686
.expect("cannot fail")
8787
.matching_attributes(attrs);
8888
},
@@ -112,7 +112,7 @@ fn no_filter_means_reader_is_returned_unchanged() -> gix_testtools::Result {
112112
Path::new("other.txt"),
113113
&mut |path, attrs| {
114114
cache
115-
.at_entry(path, Some(false), &gix_object::find::Never)
115+
.at_entry(path, None, &gix_object::find::Never)
116116
.expect("cannot fail")
117117
.matching_attributes(attrs);
118118
},

gix-filter/tests/pipeline/convert_to_worktree.rs

+3-3
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ fn all_stages() -> gix_testtools::Result {
2121
"any.txt".into(),
2222
&mut |path, attrs| {
2323
cache
24-
.at_entry(path, Some(false), &gix_object::find::Never)
24+
.at_entry(path, None, &gix_object::find::Never)
2525
.expect("cannot fail")
2626
.matching_attributes(attrs);
2727
},
@@ -54,7 +54,7 @@ fn all_stages_no_filter() -> gix_testtools::Result {
5454
"other.txt".into(),
5555
&mut |path, attrs| {
5656
cache
57-
.at_entry(path, Some(false), &gix_object::find::Never)
57+
.at_entry(path, None, &gix_object::find::Never)
5858
.expect("cannot fail")
5959
.matching_attributes(attrs);
6060
},
@@ -86,7 +86,7 @@ fn no_filter() -> gix_testtools::Result {
8686
"other.txt".into(),
8787
&mut |path, attrs| {
8888
cache
89-
.at_entry(path, Some(false), &gix_object::find::Never)
89+
.at_entry(path, None, &gix_object::find::Never)
9090
.expect("cannot fail")
9191
.matching_attributes(attrs);
9292
},

0 commit comments

Comments
 (0)