From c23a457e72abe608715ac76f076f47dc42af07a5 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 30 May 2024 20:31:44 +0200 Subject: Merging upstream version 1.74.1+dfsg1. Signed-off-by: Daniel Baumann --- vendor/gix-url/.cargo-checksum.json | 2 +- vendor/gix-url/CHANGELOG.md | 230 +++++++++++++++++++++++++++++++++- vendor/gix-url/Cargo.toml | 20 ++- vendor/gix-url/src/lib.rs | 59 +++++++-- vendor/gix-url/tests/baseline/main.rs | 217 ++++++++++++++++++++++++++++++++ 5 files changed, 510 insertions(+), 18 deletions(-) create mode 100644 vendor/gix-url/tests/baseline/main.rs (limited to 'vendor/gix-url') diff --git a/vendor/gix-url/.cargo-checksum.json b/vendor/gix-url/.cargo-checksum.json index f0b09303d..c08420faf 100644 --- a/vendor/gix-url/.cargo-checksum.json +++ b/vendor/gix-url/.cargo-checksum.json @@ -1 +1 @@ -{"files":{"CHANGELOG.md":"5d9b8377ce6e6d41c00ddad06da5530e9c42f29c625dc598ed90b109a757288a","Cargo.toml":"f55ec09a9dbf19c990124d4a8232f13cf179943af5de337e31cf7565ecf80c47","LICENSE-APACHE":"cb4780590812826851ba250f90bed0ed19506ec98f6865a0e2e20bbf62391ff9","LICENSE-MIT":"49df47913ab2beafe8dc45607877ae64198bf0eee64aaad3e82ed9e4d27424e8","src/expand_path.rs":"b0d2fe688c170dfa1381b3cb7add373a618a8ac2520ebdeb2ea721318bb88566","src/impls.rs":"3e47180ec440b42bbd0ba2bdbcbfc247fbfd4020066ce5ca0f4c137b36807323","src/lib.rs":"fc219a768c3c96a5b649bdba11d03e8f168ed347391208bcf48c40eb49e91c5c","src/parse.rs":"0dd96b53e86df347388c9d05be66e49cc2aa4bdec439304c53d4e28664644a14","src/scheme.rs":"02a6a230eea7459b05959ff4e8ce30f4d45526e1f1a47ff88b260bb1943d2433"},"package":"f1663df25ac42047a2547618d2a6979a26f478073f6306997429235d2cd4c863"} \ No newline at end of file +{"files":{"CHANGELOG.md":"338023cb41d05fc178ad5e7df70a104269322894e1d46d61ebb277e2a4bcd353","Cargo.toml":"fa44109c10a7f056540bb2adef13defb6907ca69690def04ecb10ae254bd7496","LICENSE-APACHE":"cb4780590812826851ba250f90bed0ed19506ec98f6865a0e2e20bbf62391ff9","LICENSE-MIT":"49df47913ab2beafe8dc45607877ae64198bf0eee64aaad3e82ed9e4d27424e8","src/expand_path.rs":"b0d2fe688c170dfa1381b3cb7add373a618a8ac2520ebdeb2ea721318bb88566","src/impls.rs":"3e47180ec440b42bbd0ba2bdbcbfc247fbfd4020066ce5ca0f4c137b36807323","src/lib.rs":"62e4beec340b5ab0debd6e36207c50634207b33c94c07ff74b2db7ddd70bf22d","src/parse.rs":"0dd96b53e86df347388c9d05be66e49cc2aa4bdec439304c53d4e28664644a14","src/scheme.rs":"02a6a230eea7459b05959ff4e8ce30f4d45526e1f1a47ff88b260bb1943d2433","tests/baseline/main.rs":"2826825460579010a346fba32a875f28e35addb55c1ef7882e5c622943352ec0"},"package":"6125ecf46e8c68bf7202da6cad239831daebf0247ffbab30210d72f3856e420f"} \ No newline at end of file diff --git a/vendor/gix-url/CHANGELOG.md b/vendor/gix-url/CHANGELOG.md index bc0d4ca15..ce61c98c0 100644 --- a/vendor/gix-url/CHANGELOG.md +++ b/vendor/gix-url/CHANGELOG.md @@ -5,6 +5,233 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.24.0 (2023-09-24) + +### New Features + + - add `Url::host_argument_safe()` and `Url::path_argument_safe()` + This will not provide values if they could be confused for an argument + to to a commaneline application. + +### Bug Fixes + + - prevent hosts or paths that look like arguments to be passed to invoked commands. + See https://secure.phabricator.com/T12961 for more details. + +### Commit Statistics + + + + - 4 commits contributed to the release. + - 16 days passed between releases. + - 2 commits were understood as [conventional](https://www.conventionalcommits.org). + - 0 issues like '(#ID)' were seen in commit messages + +### Commit Details + + + +
view details + + * **Uncategorized** + - Prepare changelogs prior to release ([`8a60d5b`](https://github.com/Byron/gitoxide/commit/8a60d5b80877c213c3b646d3061e8a33e0e433ec)) + - Merge branch 'fix-exploit' ([`c53bbd2`](https://github.com/Byron/gitoxide/commit/c53bbd265005c7eedc316205b217e137e2b9896e)) + - Prevent hosts or paths that look like arguments to be passed to invoked commands. ([`b06a0dd`](https://github.com/Byron/gitoxide/commit/b06a0dd781accad317fdec5f86f069df4c21875c)) + - Add `Url::host_argument_safe()` and `Url::path_argument_safe()` ([`d80b5f6`](https://github.com/Byron/gitoxide/commit/d80b5f69772a6e36b0131d3a538e896a8a6a29b1)) +
+ +## 0.23.0 (2023-09-08) + +### Bug Fixes (BREAKING) + + - use `dyn` trait where possible. + This reduces compile time due to avoiding duplication. + +### Commit Statistics + + + + - 5 commits contributed to the release over the course of 17 calendar days. + - 17 days passed between releases. + - 1 commit was understood as [conventional](https://www.conventionalcommits.org). + - 0 issues like '(#ID)' were seen in commit messages + +### Commit Details + + + +
view details + + * **Uncategorized** + - Release gix-date v0.8.0, gix-hash v0.13.0, gix-features v0.34.0, gix-actor v0.26.0, gix-object v0.36.0, gix-path v0.10.0, gix-glob v0.12.0, gix-attributes v0.18.0, gix-packetline-blocking v0.16.6, gix-filter v0.4.0, gix-fs v0.6.0, gix-commitgraph v0.20.0, gix-hashtable v0.4.0, gix-revwalk v0.7.0, gix-traverse v0.32.0, gix-worktree-stream v0.4.0, gix-archive v0.4.0, gix-config-value v0.14.0, gix-tempfile v9.0.0, gix-lock v9.0.0, gix-ref v0.36.0, gix-sec v0.10.0, gix-config v0.29.0, gix-prompt v0.7.0, gix-url v0.23.0, gix-credentials v0.19.0, gix-diff v0.35.0, gix-discover v0.24.0, gix-ignore v0.7.0, gix-index v0.24.0, gix-macros v0.1.0, gix-mailmap v0.18.0, gix-negotiate v0.7.0, gix-pack v0.42.0, gix-odb v0.52.0, gix-pathspec v0.2.0, gix-packetline v0.16.6, gix-transport v0.36.0, gix-protocol v0.39.0, gix-revision v0.21.0, gix-refspec v0.17.0, gix-submodule v0.3.0, gix-worktree v0.25.0, gix-worktree-state v0.2.0, gix v0.53.0, safety bump 39 crates ([`8bd0456`](https://github.com/Byron/gitoxide/commit/8bd045676bb2cdc02624ab93e73ff8518064ca38)) + - Prepare changelogs for release ([`375db06`](https://github.com/Byron/gitoxide/commit/375db06a8442378c3f7a922fae38e2a6694d9d04)) + - Merge branch `dyn`ification ([`f658fcc`](https://github.com/Byron/gitoxide/commit/f658fcc52dc2200ae34ca53dc10be97fb9012057)) + - Use `dyn` trait where possible. ([`072ee32`](https://github.com/Byron/gitoxide/commit/072ee32f693a31161cd6a843da6582d13efbb20b)) + - Merge branch 'gix-submodule' ([`363ee77`](https://github.com/Byron/gitoxide/commit/363ee77400805f473c9ad66eadad9214e7ab66f4)) +
+ +## 0.22.0 (2023-08-22) + + + +### Chore + + - don't call crate 'WIP' in manifest anymore. + +### Bug Fixes (BREAKING) + + - let `Url::canonicalize(d)()` take the current working dir as argument. + That way it's free of side-effects and can be used properly from `gix::Repository` + +### Commit Statistics + + + + - 21 commits contributed to the release over the course of 17 calendar days. + - 30 days passed between releases. + - 2 commits were understood as [conventional](https://www.conventionalcommits.org). + - 0 issues like '(#ID)' were seen in commit messages + +### Commit Details + + + +
view details + + * **Uncategorized** + - Release gix-url v0.22.0, gix-credentials v0.18.0, gix-diff v0.34.0, gix-discover v0.23.0, gix-ignore v0.6.0, gix-bitmap v0.2.7, gix-index v0.22.0, gix-mailmap v0.17.0, gix-negotiate v0.6.0, gix-pack v0.41.0, gix-odb v0.51.0, gix-pathspec v0.1.0, gix-packetline v0.16.5, gix-transport v0.35.0, gix-protocol v0.38.0, gix-revision v0.20.0, gix-refspec v0.16.0, gix-submodule v0.2.0, gix-worktree v0.24.0, gix-worktree-state v0.1.0, gix v0.52.0, gitoxide-core v0.31.0, gitoxide v0.29.0 ([`6c62e74`](https://github.com/Byron/gitoxide/commit/6c62e748240ac0980fc23fdf30f8477dea8b9bc3)) + - Make `gix-url` publishable by adding baseline test ([`d3746df`](https://github.com/Byron/gitoxide/commit/d3746df5dd402d8a461c2b07eaa0f8d8803fadf8)) + - Release gix-date v0.7.3, gix-hash v0.12.0, gix-features v0.33.0, gix-actor v0.25.0, gix-object v0.35.0, gix-path v0.9.0, gix-glob v0.11.0, gix-quote v0.4.7, gix-attributes v0.17.0, gix-command v0.2.9, gix-packetline-blocking v0.16.5, gix-filter v0.3.0, gix-fs v0.5.0, gix-commitgraph v0.19.0, gix-hashtable v0.3.0, gix-revwalk v0.6.0, gix-traverse v0.31.0, gix-worktree-stream v0.3.0, gix-archive v0.3.0, gix-config-value v0.13.0, gix-tempfile v8.0.0, gix-lock v8.0.0, gix-ref v0.35.0, gix-sec v0.9.0, gix-config v0.28.0, gix-prompt v0.6.0, gix-url v0.22.0, gix-credentials v0.18.0, gix-diff v0.34.0, gix-discover v0.23.0, gix-ignore v0.6.0, gix-bitmap v0.2.7, gix-index v0.22.0, gix-mailmap v0.17.0, gix-negotiate v0.6.0, gix-pack v0.41.0, gix-odb v0.51.0, gix-pathspec v0.1.0, gix-packetline v0.16.5, gix-transport v0.35.0, gix-protocol v0.38.0, gix-revision v0.20.0, gix-refspec v0.16.0, gix-submodule v0.2.0, gix-worktree v0.24.0, gix-worktree-state v0.1.0, gix v0.52.0, gitoxide-core v0.31.0, gitoxide v0.29.0, safety bump 41 crates ([`30b2761`](https://github.com/Byron/gitoxide/commit/30b27615047692d3ced1b2d9c2ac15a80f79fbee)) + - Update changelogs prior to release ([`f23ea88`](https://github.com/Byron/gitoxide/commit/f23ea8828f2d9ba7559973daca388c9591bcc5fc)) + - Merge branch 'gix-url-fixture-tests' ([`1b957c5`](https://github.com/Byron/gitoxide/commit/1b957c524cae288ac2063f6ba7e4d10d523eb8f3)) + - For now, ignore baseline tests as most of them fail. ([`c0be6ab`](https://github.com/Byron/gitoxide/commit/c0be6aba49d734d166f279933220b02989c584de)) + - Don't call crate 'WIP' in manifest anymore. ([`229bd48`](https://github.com/Byron/gitoxide/commit/229bd4899213f749a7cc124aa2b82a1368fba40f)) + - Merge branch 'submodule-active' ([`a3afaa4`](https://github.com/Byron/gitoxide/commit/a3afaa42741616a0f1abeef9b54557e7c2b800cb)) + - Let `Url::canonicalize(d)()` take the current working dir as argument. ([`8857580`](https://github.com/Byron/gitoxide/commit/8857580cb270b737bf04437a6f5e65307df1c99b)) + - Fix prints of panics in gix-url baseline test ([`938baee`](https://github.com/Byron/gitoxide/commit/938baee58383fd995d39c5528e2a104d33de8826)) + - Add assert output to failures in gix-url baseline test ([`163e139`](https://github.com/Byron/gitoxide/commit/163e1391526dad528e0bca0cc876e50e48381e74)) + - Thanks clippy ([`fe5dbe1`](https://github.com/Byron/gitoxide/commit/fe5dbe16b5a8cfefa31a561506218ede73f3ec7e)) + - Use libtest_mimic to run gix-url fixture tests ([`f128742`](https://github.com/Byron/gitoxide/commit/f128742df039cf23529a5e1ee9268a64d904d9e0)) + - Refactor ([`cbaf339`](https://github.com/Byron/gitoxide/commit/cbaf3395a702b8f43aa3eac61c1a2b782bf63e05)) + - Fix assertion in gix-url fixture test ([`ca421b7`](https://github.com/Byron/gitoxide/commit/ca421b77aeebb8204da1a090fdd59ef5021e177d)) + - Thanks clippy ([`252dbb6`](https://github.com/Byron/gitoxide/commit/252dbb65e33188b1b803fbe05ead27aaae6fe5d9)) + - Add parsing and asserting to gix-url fixture test ([`23e2982`](https://github.com/Byron/gitoxide/commit/23e2982b731b30a6aa9c55fdde5b8f00e71afc56)) + - Fix bash styling in gix-url fixture ([`c77cd31`](https://github.com/Byron/gitoxide/commit/c77cd31834a8ac1540ad54bea59157609466c9eb)) + - Adjust gix-url fixture loop for our test suite ([`f4214a6`](https://github.com/Byron/gitoxide/commit/f4214a6163533811a42a3aa104d5ba32c05321f7)) + - Make gix-url fixture more readable ([`1ab3b07`](https://github.com/Byron/gitoxide/commit/1ab3b07cdf6543515b9b9be5690e2bb27ec63b7b)) + - Add copy of gits t5500 test in preparation for fixture ([`d0de915`](https://github.com/Byron/gitoxide/commit/d0de9153131cbd30cec694cfdfb54e4dde7e8d45)) +
+ +## 0.21.1 (2023-07-22) + +A maintenance release without user-facing changes. + +### Commit Statistics + + + + - 6 commits contributed to the release over the course of 1 calendar day. + - 3 days passed between releases. + - 0 commits were understood as [conventional](https://www.conventionalcommits.org). + - 0 issues like '(#ID)' were seen in commit messages + +### Commit Details + + + +
view details + + * **Uncategorized** + - Release gix-tempfile v7.0.2, gix-utils v0.1.5, gix-lock v7.0.2, gix-ref v0.33.1, gix-sec v0.8.4, gix-prompt v0.5.4, gix-url v0.21.1, gix-credentials v0.17.1, gix-diff v0.33.1, gix-discover v0.22.1, gix-ignore v0.5.1, gix-bitmap v0.2.6, gix-index v0.21.1, gix-mailmap v0.16.1, gix-negotiate v0.5.1, gix-pack v0.40.1, gix-odb v0.50.1, gix-packetline v0.16.4, gix-transport v0.34.1, gix-protocol v0.36.1, gix-revision v0.18.1, gix-refspec v0.14.1, gix-worktree v0.23.0, gix v0.50.0 ([`107a64e`](https://github.com/Byron/gitoxide/commit/107a64e734580ad9e2c4142db96394529d8072df)) + - Release gix-features v0.32.1, gix-actor v0.24.1, gix-validate v0.7.7, gix-object v0.33.1, gix-path v0.8.4, gix-glob v0.10.1, gix-quote v0.4.6, gix-attributes v0.16.0, gix-command v0.2.8, gix-packetline-blocking v0.16.4, gix-filter v0.2.0, gix-fs v0.4.1, gix-chunk v0.4.4, gix-commitgraph v0.18.1, gix-hashtable v0.2.4, gix-revwalk v0.4.1, gix-traverse v0.30.1, gix-worktree-stream v0.2.0, gix-archive v0.2.0, gix-config-value v0.12.5, gix-tempfile v7.0.1, gix-utils v0.1.5, gix-lock v7.0.2, gix-ref v0.33.1, gix-sec v0.8.4, gix-prompt v0.5.4, gix-url v0.21.1, gix-credentials v0.17.1, gix-diff v0.33.1, gix-discover v0.22.1, gix-ignore v0.5.1, gix-bitmap v0.2.6, gix-index v0.21.1, gix-mailmap v0.16.1, gix-negotiate v0.5.1, gix-pack v0.40.1, gix-odb v0.50.1, gix-packetline v0.16.4, gix-transport v0.34.1, gix-protocol v0.36.1, gix-revision v0.18.1, gix-refspec v0.14.1, gix-worktree v0.23.0, gix v0.50.0, safety bump 5 crates ([`16295b5`](https://github.com/Byron/gitoxide/commit/16295b58e2581d2e8b8b762816f52baabe871c75)) + - Prepare more changelogs ([`c4cc5f2`](https://github.com/Byron/gitoxide/commit/c4cc5f261d29f712a101033a18293a97a9d4ae85)) + - Release gix-date v0.7.1, gix-hash v0.11.4, gix-trace v0.1.3, gix-features v0.32.0, gix-actor v0.24.0, gix-validate v0.7.7, gix-object v0.33.0, gix-path v0.8.4, gix-glob v0.10.0, gix-quote v0.4.6, gix-attributes v0.15.0, gix-command v0.2.7, gix-packetline-blocking v0.16.3, gix-filter v0.1.0, gix-fs v0.4.0, gix-chunk v0.4.4, gix-commitgraph v0.18.0, gix-hashtable v0.2.4, gix-revwalk v0.4.0, gix-traverse v0.30.0, gix-worktree-stream v0.2.0, gix-archive v0.2.0, gix-config-value v0.12.4, gix-tempfile v7.0.1, gix-utils v0.1.5, gix-lock v7.0.2, gix-ref v0.33.0, gix-sec v0.8.4, gix-prompt v0.5.3, gix-url v0.21.0, gix-credentials v0.17.0, gix-diff v0.33.0, gix-discover v0.22.0, gix-ignore v0.5.0, gix-bitmap v0.2.6, gix-index v0.21.0, gix-mailmap v0.16.0, gix-negotiate v0.5.0, gix-pack v0.40.0, gix-odb v0.50.0, gix-packetline v0.16.4, gix-transport v0.34.0, gix-protocol v0.36.0, gix-revision v0.18.0, gix-refspec v0.14.0, gix-worktree v0.22.0, gix v0.49.1 ([`5cb3589`](https://github.com/Byron/gitoxide/commit/5cb3589b74fc5376e02cbfe151e71344e1c417fe)) + - Update changelogs prior to release ([`2fc66b5`](https://github.com/Byron/gitoxide/commit/2fc66b55097ed494b72d1af939ba5561f71fde97)) + - Update license field following SPDX 2.1 license expression standard ([`9064ea3`](https://github.com/Byron/gitoxide/commit/9064ea31fae4dc59a56bdd3a06c0ddc990ee689e)) +
+ +## 0.21.0 (2023-07-19) + +A maintenance release without user-facing changes. + +### Commit Statistics + + + + - 3 commits contributed to the release. + - 19 days passed between releases. + - 0 commits were understood as [conventional](https://www.conventionalcommits.org). + - 0 issues like '(#ID)' were seen in commit messages + +### Commit Details + + + +
view details + + * **Uncategorized** + - Release gix-features v0.32.0, gix-actor v0.24.0, gix-glob v0.10.0, gix-attributes v0.15.0, gix-commitgraph v0.18.0, gix-config-value v0.12.4, gix-fs v0.4.0, gix-object v0.33.0, gix-ref v0.33.0, gix-config v0.26.0, gix-command v0.2.7, gix-url v0.21.0, gix-credentials v0.17.0, gix-diff v0.33.0, gix-discover v0.22.0, gix-filter v0.1.0, gix-ignore v0.5.0, gix-revwalk v0.4.0, gix-traverse v0.30.0, gix-index v0.21.0, gix-mailmap v0.16.0, gix-negotiate v0.5.0, gix-pack v0.40.0, gix-odb v0.50.0, gix-transport v0.34.0, gix-protocol v0.36.0, gix-revision v0.18.0, gix-refspec v0.14.0, gix-worktree v0.22.0, gix v0.49.0 ([`68ae3ff`](https://github.com/Byron/gitoxide/commit/68ae3ff9d642ec56f088a6a682a073dc16f4e8ca)) + - Adjust package versions (by cargo-smart-release) ([`c70e54f`](https://github.com/Byron/gitoxide/commit/c70e54f163c312c87753a506eeaad462e8579bfb)) + - Prepare changelogs prior to release ([`e4dded0`](https://github.com/Byron/gitoxide/commit/e4dded05138562f9737a7dcfb60570c55769486d)) +
+ +## 0.20.1 (2023-06-29) + +A maintenance release without user-facing changes. + +### Commit Statistics + + + + - 3 commits contributed to the release. + - 6 days passed between releases. + - 0 commits were understood as [conventional](https://www.conventionalcommits.org). + - 0 issues like '(#ID)' were seen in commit messages + +### Commit Details + + + +
view details + + * **Uncategorized** + - Release gix-glob v0.9.1, gix-attributes v0.14.1, gix-config-value v0.12.3, gix-ref v0.32.1, gix-sec v0.8.3, gix-config v0.25.1, gix-url v0.20.1, gix-credentials v0.16.1, gix-discover v0.21.1, gix-ignore v0.4.1, gix-pack v0.39.1, gix-odb v0.49.1, gix-worktree v0.21.1, gix v0.48.0 ([`69c6a36`](https://github.com/Byron/gitoxide/commit/69c6a36ba14cbef129deebda9fd8870005fefa17)) + - Prepare changelogs prior to release ([`c143cf4`](https://github.com/Byron/gitoxide/commit/c143cf48ee1885467e3e9262a3f8823a1247bfe0)) + - Align usage of `gix-path` across all crates ([`73c1292`](https://github.com/Byron/gitoxide/commit/73c1292be393986c4a1adde1400abf551e850da0)) +
+ +## 0.20.0 (2023-06-22) + + + +### Chore + + - Add `clippy::redundant-closure-for-method-calls` lint + +### Commit Statistics + + + + - 6 commits contributed to the release over the course of 10 calendar days. + - 15 days passed between releases. + - 1 commit was understood as [conventional](https://www.conventionalcommits.org). + - 0 issues like '(#ID)' were seen in commit messages + +### Commit Details + + + +
view details + + * **Uncategorized** + - Release gix-date v0.6.0, gix-hash v0.11.3, gix-trace v0.1.1, gix-features v0.31.0, gix-actor v0.22.0, gix-path v0.8.2, gix-glob v0.9.0, gix-quote v0.4.5, gix-attributes v0.14.0, gix-chunk v0.4.3, gix-commitgraph v0.17.0, gix-config-value v0.12.2, gix-fs v0.3.0, gix-tempfile v7.0.0, gix-utils v0.1.3, gix-lock v7.0.0, gix-validate v0.7.6, gix-object v0.31.0, gix-ref v0.31.0, gix-sec v0.8.2, gix-config v0.24.0, gix-command v0.2.6, gix-prompt v0.5.2, gix-url v0.20.0, gix-credentials v0.16.0, gix-diff v0.31.0, gix-discover v0.20.0, gix-hashtable v0.2.2, gix-ignore v0.4.0, gix-bitmap v0.2.5, gix-revwalk v0.2.0, gix-traverse v0.28.0, gix-index v0.19.0, gix-mailmap v0.14.0, gix-negotiate v0.3.0, gix-pack v0.38.0, gix-odb v0.48.0, gix-packetline v0.16.3, gix-transport v0.33.0, gix-protocol v0.34.0, gix-revision v0.16.0, gix-refspec v0.12.0, gix-worktree v0.20.0, gix v0.47.0, gitoxide-core v0.29.0, gitoxide v0.27.0, safety bump 30 crates ([`ea9f942`](https://github.com/Byron/gitoxide/commit/ea9f9424e777f10da0e33bb9ffbbefd01c4c5a74)) + - Prepare changelogs prior to release ([`18b0a37`](https://github.com/Byron/gitoxide/commit/18b0a371941aa2d4d62512437d5daa351ba99ffd)) + - Merge branch 'corpus' ([`aa16c8c`](https://github.com/Byron/gitoxide/commit/aa16c8ce91452a3e3063cf1cf0240b6014c4743f)) + - Change MSRV to 1.65 ([`4f635fc`](https://github.com/Byron/gitoxide/commit/4f635fc4429350bae2582d25de86429969d28f30)) + - Merge branch 'help-874-redundant-closures' ([`fe59956`](https://github.com/Byron/gitoxide/commit/fe59956ad667303a923d7cfd9ffd72283df41d78)) + - Add `clippy::redundant-closure-for-method-calls` lint ([`bcad5c2`](https://github.com/Byron/gitoxide/commit/bcad5c22049d56a25ef69d6c7a3344e78f9a1d4d)) +
+ ## 0.19.0 (2023-06-06) A maintenance release without user-facing changes. @@ -13,7 +240,7 @@ A maintenance release without user-facing changes. - - 6 commits contributed to the release over the course of 12 calendar days. + - 7 commits contributed to the release over the course of 12 calendar days. - 40 days passed between releases. - 0 commits were understood as [conventional](https://www.conventionalcommits.org). - 0 issues like '(#ID)' were seen in commit messages @@ -25,6 +252,7 @@ A maintenance release without user-facing changes.
view details * **Uncategorized** + - Release gix-date v0.5.1, gix-hash v0.11.2, gix-features v0.30.0, gix-actor v0.21.0, gix-path v0.8.1, gix-glob v0.8.0, gix-quote v0.4.4, gix-attributes v0.13.0, gix-chunk v0.4.2, gix-commitgraph v0.16.0, gix-config-value v0.12.1, gix-fs v0.2.0, gix-tempfile v6.0.0, gix-utils v0.1.2, gix-lock v6.0.0, gix-validate v0.7.5, gix-object v0.30.0, gix-ref v0.30.0, gix-sec v0.8.1, gix-config v0.23.0, gix-command v0.2.5, gix-prompt v0.5.1, gix-url v0.19.0, gix-credentials v0.15.0, gix-diff v0.30.0, gix-discover v0.19.0, gix-hashtable v0.2.1, gix-ignore v0.3.0, gix-bitmap v0.2.4, gix-traverse v0.26.0, gix-index v0.17.0, gix-mailmap v0.13.0, gix-revision v0.15.0, gix-negotiate v0.2.0, gix-pack v0.36.0, gix-odb v0.46.0, gix-packetline v0.16.2, gix-transport v0.32.0, gix-protocol v0.33.0, gix-refspec v0.11.0, gix-worktree v0.18.0, gix v0.45.0, safety bump 29 crates ([`9a9fa96`](https://github.com/Byron/gitoxide/commit/9a9fa96fa8a722bddc5c3b2270b0edf8f6615141)) - Prepare changelogs prior to release ([`8f15cec`](https://github.com/Byron/gitoxide/commit/8f15cec1ec7d5a9d56bb158f155011ef2bb3539b)) - Merge branch 'auto-clippy' ([`dbf8aa1`](https://github.com/Byron/gitoxide/commit/dbf8aa19d19109195d0274928eae4b94f248cd88)) - Autofix map-or-unwrap clippy lint (and manual fix what was left) ([`2087032`](https://github.com/Byron/gitoxide/commit/2087032b5956dcd82bce6ac57e530e8724b57f17)) diff --git a/vendor/gix-url/Cargo.toml b/vendor/gix-url/Cargo.toml index f66435bed..e3a109e8c 100644 --- a/vendor/gix-url/Cargo.toml +++ b/vendor/gix-url/Cargo.toml @@ -11,17 +11,18 @@ [package] edition = "2021" -rust-version = "1.64" +rust-version = "1.65" name = "gix-url" -version = "0.19.0" +version = "0.24.0" authors = ["Sebastian Thiel "] include = [ "src/**/*", "LICENSE-*", "CHANGELOG.md", + "tests/baseline/**/*", ] -description = "A WIP crate of the gitoxide project implementing parsing and serialization of gix-url" -license = "MIT/Apache-2.0" +description = "A crate of the gitoxide project implementing parsing and serialization of gix-url" +license = "MIT OR Apache-2.0" repository = "https://github.com/Byron/gitoxide" [package.metadata.docs.rs] @@ -35,6 +36,10 @@ rustdoc-args = [ [lib] doctest = false +[[test]] +name = "baseline" +harness = false + [dependencies.bstr] version = "1.3.0" features = ["std"] @@ -45,10 +50,10 @@ version = "0.2.0" optional = true [dependencies.gix-features] -version = "^0.30.0" +version = "^0.35.0" [dependencies.gix-path] -version = "^0.8.1" +version = "^0.10.0" [dependencies.home] version = "0.5.3" @@ -68,6 +73,9 @@ version = "1.0.32" [dependencies.url] version = "2.1.1" +[dev-dependencies.libtest-mimic] +version = "0.6.1" + [features] serde = [ "dep:serde", diff --git a/vendor/gix-url/src/lib.rs b/vendor/gix-url/src/lib.rs index ca62bdd6f..1d90689ae 100644 --- a/vendor/gix-url/src/lib.rs +++ b/vendor/gix-url/src/lib.rs @@ -9,6 +9,7 @@ #![forbid(unsafe_code)] use bstr::{BStr, BString}; +use std::borrow::Cow; /// pub mod parse; @@ -47,6 +48,13 @@ pub struct Url { /// The port to use when connecting to a host. If `None`, standard ports depending on `scheme` will be used. pub port: Option, /// The path portion of the URL, usually the location of the git repository. + /// + /// # Security-Warning + /// + /// URLs allow paths to start with `-` which makes it possible to mask command-line arguments as path which then leads to + /// the invocation of programs from an attacker controlled URL. See for details. + /// + /// If this value is going to be used in a command-line application, call [Self::path_argument_safe()] instead. pub path: bstr::BString, } @@ -99,11 +107,12 @@ impl Url { self } - /// Turn a file url like `file://relative` into `file:///root/relative`, hence it assures the url's path component is absolute. - pub fn canonicalize(&mut self) -> Result<(), gix_path::realpath::Error> { + /// Turn a file url like `file://relative` into `file:///root/relative`, hence it assures the url's path component is absolute, + /// using `current_dir` if needed to achieve that. + pub fn canonicalize(&mut self, current_dir: &std::path::Path) -> Result<(), gix_path::realpath::Error> { if self.scheme == Scheme::File { - let path = gix_path::from_bstr(self.path.as_ref()); - let abs_path = gix_path::realpath(path)?; + let path = gix_path::from_bstr(Cow::Borrowed(self.path.as_ref())); + let abs_path = gix_path::realpath_opts(path.as_ref(), current_dir, gix_path::realpath::MAX_SYMLINKS)?; self.path = gix_path::into_bstr(abs_path).into_owned(); } Ok(()) @@ -121,9 +130,34 @@ impl Url { self.password.as_deref() } /// Returns the host mentioned in the url, if present. + /// + /// # Security-Warning + /// + /// URLs allow hosts to start with `-` which makes it possible to mask command-line arguments as host which then leads to + /// the invocation of programs from an attacker controlled URL. See for details. + /// + /// If this value is going to be used in a command-line application, call [Self::host_argument_safe()] instead. pub fn host(&self) -> Option<&str> { self.host.as_deref() } + + /// Return the host of this URL if present *and* if it can't be mistaken for a command-line argument. + /// + /// Use this method if the host is going to be passed to a command-line application. + pub fn host_argument_safe(&self) -> Option<&str> { + self.host().filter(|host| !looks_like_argument(host.as_bytes())) + } + + /// Return the path of this URL *and* if it can't be mistaken for a command-line argument. + /// Note that it always begins with a slash, which is ignored for this comparison. + /// + /// Use this method if the path is going to be passed to a command-line application. + pub fn path_argument_safe(&self) -> Option<&BStr> { + self.path + .get(1..) + .and_then(|truncated| (!looks_like_argument(truncated)).then_some(self.path.as_ref())) + } + /// Returns true if the path portion of the url is `/`. pub fn path_is_root(&self) -> bool { self.path == "/" @@ -144,12 +178,17 @@ impl Url { } } +fn looks_like_argument(b: &[u8]) -> bool { + b.first() == Some(&b'-') +} + /// Transformation impl Url { - /// Turn a file url like `file://relative` into `file:///root/relative`, hence it assures the url's path component is absolute. - pub fn canonicalized(&self) -> Result { + /// Turn a file url like `file://relative` into `file:///root/relative`, hence it assures the url's path component is absolute, using + /// `current_dir` if necessary. + pub fn canonicalized(&self, current_dir: &std::path::Path) -> Result { let mut res = self.clone(); - res.canonicalize()?; + res.canonicalize(current_dir)?; Ok(res) } } @@ -157,7 +196,7 @@ impl Url { /// Serialization impl Url { /// Write this URL losslessly to `out`, ready to be parsed again. - pub fn write_to(&self, mut out: impl std::io::Write) -> std::io::Result<()> { + pub fn write_to(&self, mut out: &mut dyn std::io::Write) -> std::io::Result<()> { if !(self.serialize_alternative_form && (self.scheme == Scheme::File || self.scheme == Scheme::Ssh)) { out.write_all(self.scheme.as_str().as_bytes())?; out.write_all(b"://")?; @@ -192,9 +231,9 @@ impl Url { pub fn to_bstring(&self) -> bstr::BString { let mut buf = Vec::with_capacity( (5 + 3) - + self.user.as_ref().map(|n| n.len()).unwrap_or_default() + + self.user.as_ref().map(String::len).unwrap_or_default() + 1 - + self.host.as_ref().map(|h| h.len()).unwrap_or_default() + + self.host.as_ref().map(String::len).unwrap_or_default() + self.port.map(|_| 5).unwrap_or_default() + self.path.len(), ); diff --git a/vendor/gix-url/tests/baseline/main.rs b/vendor/gix-url/tests/baseline/main.rs new file mode 100644 index 000000000..7843e6e18 --- /dev/null +++ b/vendor/gix-url/tests/baseline/main.rs @@ -0,0 +1,217 @@ +use bstr::ByteSlice; +use libtest_mimic::{Arguments, Failed, Trial}; + +fn main() { + // We do not need to set this hook back to its default, because this test gets compiled to its + // own binary and does therefore not interfere with other tests. + std::panic::set_hook(Box::new(|_| {})); + + let args = Arguments::from_args(); + let tests = get_baseline_test_cases(); + + libtest_mimic::run(&args, tests).exit(); +} + +fn get_baseline_test_cases() -> Vec { + baseline::URLS + .iter() + .map(|(url, expected)| { + Trial::test( + format!("baseline {}", url.to_str().expect("url is valid utf-8")), + move || { + std::panic::catch_unwind(|| { + assert_urls_equal(expected, &gix_url::parse(url).expect("valid urls can be parsed")) + }) + .map_err(|err| { + // Succeeds whenever `panic!` was given a string literal (for example if + // `assert!` is given a string literal). + match err.downcast_ref::<&str>() { + Some(panic_message) => panic_message.into(), + None => { + // Succeeds whenever `panic!` was given an owned String (for + // example when using the `format!` syntax and always for + // `assert_*!` macros). + match err.downcast_ref::() { + Some(panic_message) => panic_message.into(), + None => Failed::without_message(), + } + } + } + }) + }, + ) + .with_ignored_flag(true /* currently most of these fail */) + }) + .collect::<_>() +} + +fn assert_urls_equal(expected: &baseline::GitDiagUrl<'_>, actual: &gix_url::Url) { + assert_eq!( + gix_url::Scheme::from(expected.protocol.to_str().unwrap()), + actual.scheme + ); + + match expected.host { + baseline::GitDiagHost::NonSsh { host_and_port } => match host_and_port { + Some(host_and_port) => { + assert!(actual.host().is_some()); + + let mut gix_host_and_port = String::with_capacity(host_and_port.len()); + + if let Some(user) = actual.user() { + gix_host_and_port.push_str(user); + gix_host_and_port.push('@'); + } + + gix_host_and_port.push_str(actual.host().unwrap()); + + if let Some(port) = actual.port { + gix_host_and_port.push(':'); + gix_host_and_port.push_str(&port.to_string()); + } + + assert_eq!(host_and_port, gix_host_and_port); + } + None => { + assert!(actual.host().is_none()); + assert!(actual.port.is_none()); + } + }, + baseline::GitDiagHost::Ssh { user_and_host, port } => { + match user_and_host { + Some(user_and_host) => { + assert!(actual.host().is_some()); + + let mut gix_user_and_host = String::with_capacity(user_and_host.len()); + if let Some(user) = actual.user() { + gix_user_and_host.push_str(user); + gix_user_and_host.push('@'); + } + gix_user_and_host.push_str(actual.host().unwrap()); + + assert_eq!(user_and_host, gix_user_and_host); + } + None => { + assert!(actual.host().is_none()); + assert!(actual.user().is_none()); + } + } + match port { + Some(port) => { + assert!(actual.port.is_some()); + assert_eq!(port, actual.port.unwrap().to_string()); + } + None => { + assert!(actual.port.is_none()); + } + } + } + } + + match expected.path { + Some(path) => { + assert_eq!(path, actual.path); + } + None => { + // I guess? This case does not happen a single time in the current fixtures... + assert!(actual.path.is_empty()); + } + } +} + +mod baseline { + use bstr::{BStr, BString, ByteSlice}; + use gix_testtools::once_cell::sync::Lazy; + + static BASELINE: Lazy = Lazy::new(|| { + let base = gix_testtools::scripted_fixture_read_only("make_baseline.sh").unwrap(); + BString::from(std::fs::read(base.join("git-baseline.generic")).expect("fixture file exists")) + }); + + pub static URLS: Lazy)>> = Lazy::new(|| { + let mut out = Vec::new(); + + let url_block = BASELINE + .split(|c| c == &b';') + .filter(|url| !url.is_empty()) + .map(ByteSlice::trim); + + for block in url_block { + let (url, diag_url) = GitDiagUrl::parse(block.as_bstr()); + out.push((url, diag_url)); + } + out + }); + + #[derive(Debug)] + pub struct GitDiagUrl<'a> { + pub protocol: &'a BStr, + pub host: GitDiagHost<'a>, + pub path: Option<&'a BStr>, + } + + impl GitDiagUrl<'_> { + /// Parses the given string into a [GitDiagUrl] according to the format + /// specified in [Git's `connect.c`][git_src]. + /// + /// [git_src]: https://github.com/git/git/blob/master/connect.c#L1415 + fn parse(diag_url: &BStr) -> (&'_ BStr, GitDiagUrl<'_>) { + let mut lines = diag_url.lines().map(ByteSlice::trim); + let mut next_attr = |name: &str| { + lines + .next() + .expect("well-known format") + .strip_prefix(format!("Diag: {name}=").as_bytes()) + .expect("attribute is at the correct location") + .as_bstr() + }; + + let url = next_attr("url"); + let protocol = next_attr("protocol"); + + let host = if protocol == "ssh" { + let user_and_host = next_attr("userandhost"); + let port = next_attr("port"); + GitDiagHost::Ssh { + user_and_host: if user_and_host == "NULL" { + None + } else { + Some(user_and_host) + }, + port: if port == "NONE" { None } else { Some(port) }, + } + } else { + let host_and_port = next_attr("hostandport"); + GitDiagHost::NonSsh { + host_and_port: if host_and_port == "NULL" { + None + } else { + Some(host_and_port) + }, + } + }; + + let path = next_attr("path"); + assert!(lines.next().is_none(), "we consume everything"); + ( + url, + GitDiagUrl { + protocol, + host, + path: if path == "NULL" { None } else { Some(path) }, + }, + ) + } + } + + #[derive(Debug)] + pub enum GitDiagHost<'a> { + NonSsh { + host_and_port: Option<&'a BStr>, + }, + Ssh { + user_and_host: Option<&'a BStr>, + port: Option<&'a BStr>, + }, + } +} -- cgit v1.2.3