git status --diffstat?
Hi, I recently realized that I could use a "git status" syntax like this: On branch master Your branch is up-to-date with 'origin/master'. Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git checkout -- ..." to discard changes in working directory) modified: macd.py 2 +- modified: macd.wsgi 2 +- modified: macd/admin.py 4 modified: macd/index.html 2 +- modified: macd/models.py 7 +-- modified: macd/settings.py27 +-- modified: macd/urls.py 6 ++ modified: macd/views.py27 +++ (...) The idea is to add diffstats to git-status. I cooked up a Python script to do that [1], but I'd like that to be default behavior on my box. Someone suggested me to just implement it in C, but I'm not familiar with the codebase, so it'd take me a while. What do you think about this? Would anybody else find it useful and perhaps consider implementing it? Cheers, d33tah signature.asc Description: OpenPGP digital signature
Re: Segmentation fault found while fuzzing .pack file under 2.7.0.rc3
W dniu 06.01.2016 o 10:46, Duy Nguyen pisze: > On Tue, Jan 5, 2016 at 10:24 PM, Jeff King wrote: >> If you can find a fuzzed packfile that crashes "index-pack", then _that_ >> would be a big deal. > > I'm sure you know this, but if Jacek moves to break index-pack, then > he/she should also try to break unpack-objects because sometimes we > use that command instead of index-pack. > It sounds that you could use a little explanation on how I found this crashing case and what would it take to fuzz index-pack, according to the conversation I had on #git-devel on irc.freenode.net. Should I assume that you know the basic afl-fuzz in my next post? BTW @Duy, thanks for CC to me, I'm not subscribed to the ML. signature.asc Description: OpenPGP digital signature
Feature request: config option for default git commit -v
Hello, I'm asking for this one because there's quite a lot of interest (including me) in this feature and there is no convenient walkaround: https://stackoverflow.com/questions/5875275/git-commit-v-by-default Cheers, d33tah signature.asc Description: OpenPGP digital signature
Re: Feature request: config option for default git commit -v
W dniu 05.04.2016 o 16:47, Pranit Bauva pisze: > On Tue, Apr 5, 2016 at 8:08 PM, Jacek Wielemborek wrote: >> Hello, >> >> I'm asking for this one because there's quite a lot of interest >> (including me) in this feature and there is no convenient walkaround: >> >> https://stackoverflow.com/questions/5875275/git-commit-v-by-default >> >> Cheers, >> d33tah > > This is currently under progress. I am the one who is working on it. > One of the patches is currently on the pu branch. I am still polishing > it to include some more stuff. You can track its status by reading the > git.git messages by the git maintainer. The latest revision of the > patch is at http://thread.gmane.org/gmane.comp.version-control.git/288820 > > Thanks, > Pranit Bauva Awesome, thanks for the quick answer! I let the StackOverflow folks know. signature.asc Description: OpenPGP digital signature
Segmentation fault found while fuzzing .pack file under 2.7.0.rc3
Hello, Steps to reproduce: 1. base64 -d and unpack the .tar.gz file from here: https://gist.github.com/d33tah/4e976f2e043718594a85 2. cd into it, run "git log" I'll be happy to guide you through the fuzzing process - I stopped it at the first crash. Cheers, d33tah signature.asc Description: OpenPGP digital signature
Re: Segmentation fault found while fuzzing .pack file under 2.7.0.rc3
W dniu 06.01.2016 o 01:23, Jonathan Nieder pisze: > Jeff King wrote: > >> Git packfiles come from two places: >> >> 1. Local maintenance repacks loose and already-packed objects into a >> new packfile. We trust the local repack process to generate a valid >> packfile (though the contents of individual objects may be >> untrusted, of course). > > I think we should reconsider such trust. If one user creates a > malicious pack, if another user uses read-only git commands to access > the repository (after inspecting .git/config to make sure it doesn't > contain anything scary) the result should not be arbitrary code > execution. > > Producing bogus output or aborting is okay; arbitrary code execution > less so. > > Thanks, > Jonathan I'd be happy to help you go through the fuzzing process - I don't have enough horsepower and codebase knowledge to do it on my own though. If you have an afl-fuzz question though, let me know. signature.asc Description: OpenPGP digital signature
