Here are a few bug fixes related to zlib-inflating objects. One is an infinite loop, but triggering it requires writing to the local repo along with running some seldom-used commands, so I think is not a security risk. The other can be triggered by sending a specially crafted pack, but it triggers a BUG(), so you'd only be crashing out your own push. The fixes themselves are in patches 4 and 5. The rest are related cleanups or clarifications in nearby code. [01/10]: loose_object_info(): BUG() on inflating content with unknown type [02/10]: unpack_loose_header(): simplify next_out assignment [03/10]: unpack_loose_header(): report headers without NUL as "bad" [04/10]: unpack_loose_header(): fix infinite loop on broken zlib input [05/10]: git_inflate(): skip zlib_post_call() sanity check on Z_NEED_DICT [06/10]: unpack_loose_header(): avoid numeric comparison of zlib status [07/10]: unpack_loose_rest(): avoid numeric comparison of zlib status [08/10]: unpack_loose_rest(): never clean up zstream [09/10]: unpack_loose_rest(): simplify error handling [10/10]: unpack_loose_rest(): rewrite return handling for clarity git-zlib.c | 27 +++++++++++++---------- object-file.c | 48 ++++++++++++++++++++-------------------- t/t1006-cat-file.sh | 53 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+), 36 deletions(-) -Peff
