diff --git a/Documentation/RelNotes/2.4.12.txt b/Documentation/RelNotes/2.4.12.txt new file mode 100644 index 0000000000..7d15f94725 --- /dev/null +++ b/Documentation/RelNotes/2.4.12.txt @@ -0,0 +1,12 @@ +Git v2.4.12 Release Notes +========================= + +Fixes since v2.4.11 +------------------- + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/RelNotes/2.5.6.txt b/Documentation/RelNotes/2.5.6.txt new file mode 100644 index 0000000000..9cd025bb1c --- /dev/null +++ b/Documentation/RelNotes/2.5.6.txt @@ -0,0 +1,12 @@ +Git v2.5.6 Release Notes +======================== + +Fixes since v2.5.5 +------------------ + + * "git-shell" rejects a request to serve a repository whose name + begins with a dash, which makes it no longer possible to get it + confused into spawning service programs like "git-upload-pack" with + an option like "--help", which in turn would spawn an interactive + pager, instead of working with the repository user asked to access + (i.e. the one whose name is "--help"). diff --git a/Documentation/git.txt b/Documentation/git.txt index ea256de13c..9b75c50d30 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -54,9 +54,10 @@ Documentation for older releases are available here: link:RelNotes/2.6.1.txt[2.6.1], link:RelNotes/2.6.0.txt[2.6]. -* link:v2.5.5/git.html[documentation for release 2.5.5] +* link:v2.5.6/git.html[documentation for release 2.5.6] * release notes for + link:RelNotes/2.5.6.txt[2.5.6], link:RelNotes/2.5.5.txt[2.5.5], link:RelNotes/2.5.4.txt[2.5.4], link:RelNotes/2.5.3.txt[2.5.3], @@ -64,9 +65,10 @@ Documentation for older releases are available here: link:RelNotes/2.5.1.txt[2.5.1], link:RelNotes/2.5.0.txt[2.5]. -* link:v2.4.11/git.html[documentation for release 2.4.11] +* link:v2.4.12/git.html[documentation for release 2.4.12] * release notes for + link:RelNotes/2.4.12.txt[2.4.12], link:RelNotes/2.4.11.txt[2.4.11], link:RelNotes/2.4.10.txt[2.4.10], link:RelNotes/2.4.9.txt[2.4.9], diff --git a/shell.c b/shell.c index ace62e4b65..c3bf8ec38a 100644 --- a/shell.c +++ b/shell.c @@ -13,7 +13,7 @@ static int do_generic_cmd(const char *me, char *arg) const char *my_argv[4]; setup_path(); - if (!arg || !(arg = sq_dequote(arg))) + if (!arg || !(arg = sq_dequote(arg)) || *arg == '-') die("bad argument"); if (!starts_with(me, "git-")) die("bad command");