github GitoxideLabs/gitoxide gix-transport-v0.42.0
gix-transport v0.42.0
on GitHub

latest releases: v0.38.0, gitoxide-core-v0.42.0, gix-fsck-v0.7.0...
7 months ago

Bug Fixes

  • Prevent usernames with leading - from being passed to SSH
    This detects ambiguous usernames in dangerous cases where they
    would be passed to external commands to form SSH connections, if
    they would be misinterpreted as option arguments.

    This change is analogous to b06a0dd, hardening gix-transport and
    applications that use it against options smuggled in URLs, but for
    the non-mandatory username portion of a URL, rather than the host
    and path portions that were covered there.

    For example, commands like these no longer pass -F... options to
    ssh:

    gix clone 'ssh://-Fconfigfile@example.com/abc'
    gix clone -- '-Fconfigfile@example.com:abc/def'

    Instead, they refuse to run ssh, producing the error:

    Error: Username '-Fconfigfile' could be mistaken for a command-line argument

  • forward curl rustls feature from gix-transport to avoid curl in gix.
    This removes the curl dependency just for configuring it, and removes
    a hazard which became evident with reqwest.

Bug Fixes (BREAKING)

  • declare reqwest dependency update as breaking
    Related to #1327 .

Commit Statistics

  • 20 commits contributed to the release over the course of 20 calendar days.
  • 22 days passed between releases.
  • 3 commits were understood as conventional.
  • 1 unique issue was worked on: #1328

Commit Details

  • #1328
    • Forward curl rustls feature from gix-transport to avoid curl in gix. (98cfbec)
    • Declare reqwest dependency update as breaking (e304369)
  • Uncategorized
    • Prepare changelogs prior to release (5755271)
    • Merge branch 'strange-usernames' (1272542)
    • Refactor gix-transport with minor edits to comments (996310b)
    • (Re)add a short, more specific comment about user@ (03fb64a)
    • Use Url::host_as_argument() in ssh::connect() (cf59f57)
    • Test that leading-- host names aren't used in -G check (902367f)
    • Try, so far unsuccessfully, to add missing -G test (524739b)
    • Reallow user@-arg... in prepare_invocation (2911623)
    • Start on using {user,host}_as_argument in prepare_invocation (4dda375)
    • Comment gix_transport::client::blocking_io::ssh::connect (2e7517e)
    • Prevent usernames with leading - from being passed to SSH (f56ad39)
    • Add ambiguous user unit tests, and more for hostname (5428609)
    • Merge pull request #1341 from szepeviktor/typos (55f379b)
    • Fix typos (f72ecce)
    • Merge pull request #1333 from cesfahani/fix_zombie_ssh_procs (16dc027)
    • Fix zombie ssh processes from accumulating (ba93ef2)
    • Merge branch 'patch-1' (9e9c653)
    • Remove dep reqwest from gix (e3eedd8)
Check out latest releases or
releases around GitoxideLabs/gitoxide gix-transport-v0.42.0

Don't miss a new gitoxide release

NewReleases is sending notifications on new releases.

Get notifications