We provide `BUILD_PATH` to our build script; provide it and mutate
`PATH` when running our tests as well.
We were previously using `cygpath` to try to convert a _list_ of Windows
paths into cygwin / Unix style `PATH` format. This does not work -- it
treats the path list as a single path (with semicolons -- understandably
as those are allowed characters in a Windows path).
For example, `C:\One;C:\Two;C:\Three` is converted to
`/c/one;c:/two;c:/three`.
Add a new function to convert path lists, so that paths are split by
semicolon and fed to `cygpath` independently, then re-joined with a
colon. This means that our example `C:\One;C:\Two;C:\Three` is correctly
converted to `/c/one:/c/two:/c/three`.
Teach the clone tests how to clone from github.com, when given a keypair
with a passphrase and known_hosts data. This allows us to better
exercise our known_hosts checking and ensure that the lifecycle of the
certificate callback matches our expectations.
Use `git_sysdir_find_homedir_file` to identify the path to the home
directory's `.ssh/known_hosts`; this takes Windows paths into account by
preferring `HOME`, then falling back to `HOMEPATH` and `USERPROFILE`
directories.
Provide a mechanism to look up the user's home directory, using the same
mechanism that we use for locating the global configuration path (a
fancy name for saying "the home directory").
SSH known hosts lookups now use this, instead of simply looking at the
HOME environment variable, to support Windows-style home directory
lookups in `HOME`, `HOMEPATH`, or `USERPROFILE`.
The windows sysdir functions are libgit2-specific and for git
compatibility only; remove them from the shared util directory and bring
them into the libgit2 source tree.
The server and client negotiate a single hostkey, but the "best" cipher may not
be the one for which we have an entry in `known_hosts`. This can lead to us not
finding the key in known_hosts even though we should be connecting.
Instead here we look up the hostname with a nonsense key to perform a lookup in
the known hosts and set that. This is roughly what the OpenSSH client does as
well.
We're currently running it as part of the online suite but that doesn't have any
setup for ssh so we won't find the GitHub keys we set up during the test.
It doesn't need the private key setup as we just want to make sure we see some
auth request from the server, but with the addition of hostkey checking we're
now seeing it fail when we skip these tests.
Currently just the one test needs it.
The ssh-rsa makes sure we're asking for the cipher we find in `known_hosts` as
that won't be the one selected by default. This will be relevant in later changes.
slide_hash knowingly reads (possibly) uninitialised memory, see comment
lower down about prev[n] potentially being garbage. In this case, the
result is never used - so we don't care about MSAN complaining about
this read.
By adding the no_sanitize("memory") attribute, clients of zlib won't
see this (unnecessary) error when building and running with
MemorySanitizer. An alternative approach is for clients to build zlib
with -fsanitize-ignorelist=... where the ignorelist contains something
like 'fun:slide_hash'. But that's more work and needs to be redone
for any and all CI systems running a given project with MSAN. Adding
this annotation to zlib's sources is overall more convenient - but
also won't affect non-MSAN builds.
This specific issue was found while running git's test suite, but has
also been reported by other clients, see e.g. #518.
In the ownership checks implemented for CVE-2022-24765, we disallowed
users to access their own repositories when running with `sudo`.
Examine the `SUDO_UID` environment variable and allow users running
with `sudo`. This matches git's behavior.
To match git's behavior with CVE 2022-29187, validate not only the
working directory, but also the gitdir and gitlink (if it exists). This
a follow up to CVE-2022-24765 that was fixed earlier.
