On Tue, Jan 2, 2018 at 4:18 PM, Brandon Williams <bmwill@xxxxxxxxxx> wrote:
> In order to allow for code sharing with the server-side of fetch in
> protocol-v2 convert upload-pack to be a builtin.
What is the security aspect of this patch?
By making upload-pack builtin, it gains additional abilities,
such as answers to '-h' or '--help' (which would start a pager).
Is there an easy way to sooth my concerns? (best put into the
commit message)
Thanks,
Stefan
>
> Signed-off-by: Brandon Williams <bmwill@xxxxxxxxxx>
> ---
> Makefile | 3 ++-
> builtin.h | 1 +
> git.c | 1 +
> upload-pack.c | 2 +-
> 4 files changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index 2a81ae22e..e0740b452 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -636,7 +636,6 @@ PROGRAM_OBJS += imap-send.o
> PROGRAM_OBJS += sh-i18n--envsubst.o
> PROGRAM_OBJS += shell.o
> PROGRAM_OBJS += show-index.o
> -PROGRAM_OBJS += upload-pack.o
> PROGRAM_OBJS += remote-testsvn.o
>
> # Binary suffix, set to .exe for Windows builds
> @@ -701,6 +700,7 @@ BUILT_INS += git-merge-subtree$X
> BUILT_INS += git-show$X
> BUILT_INS += git-stage$X
> BUILT_INS += git-status$X
> +BUILT_INS += git-upload-pack$X
> BUILT_INS += git-whatchanged$X
>
> # what 'all' will build and 'install' will install in gitexecdir,
> @@ -904,6 +904,7 @@ LIB_OBJS += tree-diff.o
> LIB_OBJS += tree.o
> LIB_OBJS += tree-walk.o
> LIB_OBJS += unpack-trees.o
> +LIB_OBJS += upload-pack.o
> LIB_OBJS += url.o
> LIB_OBJS += urlmatch.o
> LIB_OBJS += usage.o
> diff --git a/builtin.h b/builtin.h
> index 42378f3aa..f332a1257 100644
> --- a/builtin.h
> +++ b/builtin.h
> @@ -231,6 +231,7 @@ extern int cmd_update_ref(int argc, const char **argv, const char *prefix);
> extern int cmd_update_server_info(int argc, const char **argv, const char *prefix);
> extern int cmd_upload_archive(int argc, const char **argv, const char *prefix);
> extern int cmd_upload_archive_writer(int argc, const char **argv, const char *prefix);
> +extern int cmd_upload_pack(int argc, const char **argv, const char *prefix);
> extern int cmd_var(int argc, const char **argv, const char *prefix);
> extern int cmd_verify_commit(int argc, const char **argv, const char *prefix);
> extern int cmd_verify_tag(int argc, const char **argv, const char *prefix);
> diff --git a/git.c b/git.c
> index c870b9719..f71073dc8 100644
> --- a/git.c
> +++ b/git.c
> @@ -478,6 +478,7 @@ static struct cmd_struct commands[] = {
> { "update-server-info", cmd_update_server_info, RUN_SETUP },
> { "upload-archive", cmd_upload_archive },
> { "upload-archive--writer", cmd_upload_archive_writer },
> + { "upload-pack", cmd_upload_pack },
> { "var", cmd_var, RUN_SETUP_GENTLY },
> { "verify-commit", cmd_verify_commit, RUN_SETUP },
> { "verify-pack", cmd_verify_pack },
> diff --git a/upload-pack.c b/upload-pack.c
> index d5de18127..20acaa49d 100644
> --- a/upload-pack.c
> +++ b/upload-pack.c
> @@ -1032,7 +1032,7 @@ static int upload_pack_config(const char *var, const char *value, void *unused)
> return parse_hide_refs_config(var, value, "uploadpack");
> }
>
> -int cmd_main(int argc, const char **argv)
> +int cmd_upload_pack(int argc, const char **argv, const char *prefix)
> {
> const char *dir;
> int strict = 0;
> --
> 2.15.1.620.gb9897f4670-goog
>
