delta/python-packages/gitpython.git/git/repo, branch 3.1.30 github.com: gitpython-developers/GitPython.git Merge pull request #1521 from stsewd/block-insecure-options 2022-12-29T07:09:28+00:00 Sebastian Thiel sebastian.thiel@icloud.com 2022-12-29T07:09:28+00:00 678a8fe08dd466fcfe8676294b52887955138960 Block insecure options and protocols by default 
Block insecure options and protocols by default
 Fix type hint on create_tag 2022-12-29T07:06:10+00:00 Andrew Cassidy drewcassidy@me.com 2022-12-29T05:53:50+00:00 ae6a6e4b088a35c0fc7b17940722c8a515f7bee7 pycharm yells at me without this 
pycharm yells at me without this
Block unsafe options and protocols by default 2022-12-24T01:40:06+00:00 Santos Gallegos stsewd@proton.me 2022-12-24T01:19:52+00:00 e6108c7997f5c8f7361b982959518e982b973230 






Forbid unsafe protocol URLs in Repo.clone{,_from}()
2022-12-23T21:16:21+00:00

Steve Kowalik
steven@wedontsleep.org

2022-12-20T06:05:50+00:00

2625ed9fc074091c531c27ffcba7902771130261

Since the URL is passed directly to git clone, and the remote-ext helper
will happily execute shell commands, so by default disallow URLs that
contain a "::" unless a new unsafe_protocols kwarg is passed.
(CVE-2022-24439)

Fixes #1515





Since the URL is passed directly to git clone, and the remote-ext helper
will happily execute shell commands, so by default disallow URLs that
contain a "::" unless a new unsafe_protocols kwarg is passed.
(CVE-2022-24439)

Fixes #1515







Fix command injection
2022-12-21T03:04:06+00:00

Santos Gallegos
stsewd@proton.me

2022-12-21T01:26:37+00:00

fbf9c7e72218e44bc29eb4907d5c00118370376b

Add `--` in some commands that receive user input
and if interpreted as options could lead to remote
code execution (RCE).

There may be more commands that could benefit from `--`
so the input is never interpreted as an option,
but most of those aren't dangerous.

Fixed commands:

- push
- pull
- fetch
- clone/clone_from and friends
- archive (not sure if this one can be exploited, but it doesn't hurt
  adding `--` :))

For anyone using GitPython and exposing any of the GitPython methods to users,
make sure to always validate the input (like if starts with `--`).
And for anyone allowing users to pass arbitrary options, be aware
that some options may lead fo RCE, like `--exc`, `--upload-pack`,
`--receive-pack`, `--config` (https://github.com/gitpython-developers/GitPython/pull/1516).

Ref https://github.com/gitpython-developers/GitPython/issues/1517





Add `--` in some commands that receive user input
and if interpreted as options could lead to remote
code execution (RCE).

There may be more commands that could benefit from `--`
so the input is never interpreted as an option,
but most of those aren't dangerous.

Fixed commands:

- push
- pull
- fetch
- clone/clone_from and friends
- archive (not sure if this one can be exploited, but it doesn't hurt
  adding `--` :))

For anyone using GitPython and exposing any of the GitPython methods to users,
make sure to always validate the input (like if starts with `--`).
And for anyone allowing users to pass arbitrary options, be aware
that some options may lead fo RCE, like `--exc`, `--upload-pack`,
`--receive-pack`, `--config` (https://github.com/gitpython-developers/GitPython/pull/1516).

Ref https://github.com/gitpython-developers/GitPython/issues/1517







feat(blame): Support custom `rev_opts` for blame
2022-08-31T05:04:34+00:00

Joseph Hale
me@jhale.dev

2022-08-30T06:45:51+00:00

18a79d8028f934f8f78da33de3b0523fc7d1df47

The `git blame` CLI offers a repeated `-C` option that can be used to detect
lines that move within/between files. While a slower operation, it yields more
accurate authorship reports.
https://git-scm.com/docs/git-blame#Documentation/git-blame.txt--Cltnumgt

While GitPython does enable passing custom kwargs to the command line `git`
invocation, the fact that kwargs is a dictionary (i.e. no duplicate keys) means
that there was no way to request the `-C` option in `git blame` more than once.

This commit adds an optional `rev_opts` parameter to the `blame` method which
accepts a list of strings to propagate to the CLI invocation of `git blame`. By
using a `List[str]` for `rev_opts`, users of GitPython can pass now the `-C`
option multiple times to get more detailed authorship reports from `git blame`.





The `git blame` CLI offers a repeated `-C` option that can be used to detect
lines that move within/between files. While a slower operation, it yields more
accurate authorship reports.
https://git-scm.com/docs/git-blame#Documentation/git-blame.txt--Cltnumgt

While GitPython does enable passing custom kwargs to the command line `git`
invocation, the fact that kwargs is a dictionary (i.e. no duplicate keys) means
that there was no way to request the `-C` option in `git blame` more than once.

This commit adds an optional `rev_opts` parameter to the `blame` method which
accepts a list of strings to propagate to the CLI invocation of `git blame`. By
using a `List[str]` for `rev_opts`, users of GitPython can pass now the `-C`
option multiple times to get more detailed authorship reports from `git blame`.







docs: add typerror exception to active_branch method
2022-08-20T11:49:16+00:00

Patrick Gerard
info@content-baer.de

2022-08-20T11:37:48+00:00

7dda25eafa80fc6cb2dd0a21f992205119270007

docs: add typerror exception to active_branch method

fix: sphinx syntax

add author





docs: add typerror exception to active_branch method

fix: sphinx syntax

add author







BUG: Use Cygwin paths for Cygwin git
2022-06-11T15:21:54+00:00

DWesl
22566757+DWesl@users.noreply.github.com

2022-06-11T15:21:54+00:00

9be148c65e9e6c7ed6706c12adc785187918da88












STY: Remove import of now-unused function
2022-06-11T14:01:53+00:00

DWesl
22566757+DWesl@users.noreply.github.com

2022-06-11T14:01:53+00:00

21113a81560dfea6f2eea5f50ceb5e87e9097c82












BUG: Convert to native path before checking if absolute
2022-06-11T01:35:40+00:00

DWesl
22566757+DWesl@users.noreply.github.com

2022-06-11T01:35:40+00:00

5d874ddc5a6cab35812e1ef395c18216f9399425