From bab5a30b34c43db9385f1816aaf0e12b7219817f Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Thu, 8 Nov 2018 06:13:47 +0530 Subject: minor URL fixup --- README.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.markdown b/README.markdown index d821a1d..550759c 100644 --- a/README.markdown +++ b/README.markdown @@ -213,7 +213,7 @@ you; try running "gitolite help". # contact and support -Please see for mailing list and IRC +Please see for mailing list and IRC info. # license -- cgit v1.2.3-65-gdbad From 64aa53b7a569ac061da432d41d4157ec0986abbf Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Thu, 22 Nov 2018 18:20:26 +0530 Subject: testconf: allow picking up a custom rc file if available --- contrib/utils/testconf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contrib/utils/testconf b/contrib/utils/testconf index 5fa9194..03580f9 100755 --- a/contrib/utils/testconf +++ b/contrib/utils/testconf @@ -72,6 +72,14 @@ # which will give you a much nicer output. The only issue is if you have # include files, you will need to put that in the file whose name is sorted # first! +# +# Using a non-default ".gitolite.rc" +# ================================== +# +# If your conf needs a non-default `~/.gitolite.rc`, copy the file you need as +# "testconf.gitolite.rc" in the root directory of the gitolite-admin clone +# where you are running "testconf". (Whether you commit this file to the +# gitolite-admin repo, or keep it local/untracked, is your call). # ---------------------------------------------------------------------- od=$PWD @@ -106,6 +114,9 @@ rm -rf $testconf/.gitolite/conf mkdir -p $testconf/.gitolite/conf cp -a $od/conf/* $testconf/.gitolite/conf/ +# copy rc from $od, if it exists +[ -f $od/testconf.gitolite.rc ] && cp $od/testconf.gitolite.rc $testconf/.gitolite.rc + # compile+ gitolite compile -- cgit v1.2.3-65-gdbad From ca38bc324245143857a6bfa5c03d684b90d1abac Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Sun, 23 Dec 2018 14:30:15 +0530 Subject: option command needed chmod +x --- src/commands/option | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 src/commands/option diff --git a/src/commands/option b/src/commands/option old mode 100644 new mode 100755 -- cgit v1.2.3-65-gdbad From 5df2b817255ee919991da6c310239e08c8fcc1ae Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Tue, 25 Dec 2018 14:44:51 +0530 Subject: tighten up security for rsync Nick Cleaton (nick@cleaton.net) found and reported a security issue caused by trusting the remote rsync too much. It appears that rsync cannot -- without special precautions -- be used in any "restricted" environment. Gitolite ships with a "bundle helper" called "rsync" (disabled by default; more details below). This fix tightens up this helper to close this hole. TLDR for administrators and packagers: 1. Am I affected? Look in ~/.gitolite.rc for "rsync"; if it is there, you are affected. This is NOT an essential program, and it is not enabled by default. You (or a previous administrator of your site) would have to have explicitly enabled it for you to be affected. 2. What's the quick fix? Comment out the "rsync" line in ~/.gitolite.rc IMMEDIATELY. DO NOT LEAVE IT ENABLED IF YOU ARE UNABLE TO UPGRADE IMMEDIATELY! Uncomment it only after you have upgraded or patched. 3. That bad, huh? Sadly, yes :( DETAILS: This program is not a core program. Despite the name, it will not function as a generic "rsync". This is *only* meant to help out people who are on flaky connections, trying to clone a large repo. Because git clone is not resumable, one common technique is to have someone create a "bundle", then download the bundle to seed the local repo, then "git fetch" to finish off. Since the bundle is a single file, you can use resumable mechanisms (like rsync) to download it. What this command does is allow that kind of bundling to happen automatically, if an administrator enables it. The user simply rsyncs a bundle file using his gitolite credentials. As a result, the rsync helper command that ships with gitolite is executed. This program manages the creation and expiry of bundle files, then passes control to the *real* rsync program to perform the actual data transfer. It is this last step that requires special care when used in a restricted environment, resulting in the need for this patch. --- src/commands/rsync | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/src/commands/rsync b/src/commands/rsync index 1109ac4..c7b25d1 100755 --- a/src/commands/rsync +++ b/src/commands/rsync @@ -28,11 +28,6 @@ BUNDLE SUPPORT (2) Add 'rsync' to the ENABLE list in the rc file - -GENERIC RSYNC SUPPORT - - TBD - =cut =for usage @@ -43,7 +38,7 @@ BUNDLE SUPPORT Admins: see src/commands/rsync for setup instructions Users: - rsync -P git@host:repo.bundle . + rsync git@host:repo.bundle . # downloads a file called ".bundle"; repeat as # needed till the whole thing is downloaded git clone repo.bundle repo @@ -51,9 +46,8 @@ BUNDLE SUPPORT git remote set-url origin git@host:repo git fetch origin # and maybe git pull, etc. to freshen the clone -GENERIC RSYNC SUPPORT - - TBD + NOTE on options to the rsync command: you are only allowed to use the + "-v", "-n", "-q", and "-P" options. =cut @@ -62,9 +56,9 @@ usage() if not @ARGV or $ARGV[0] eq '-h'; # rsync driver program. Several things can be done later, but for now it # drives just the 'bundle' transfer. -if ( $ENV{SSH_ORIGINAL_COMMAND} =~ /^rsync --server --sender (-[-\w=.]+ )+\. (\S+)\.bundle$/ ) { +if ( $ENV{SSH_ORIGINAL_COMMAND} =~ /^rsync --server --sender (?:-[vn]*(?:e\d*\.\w*)? )?\. (\S+)\.bundle$/ ) { - my $repo = $2; + my $repo = $1; $repo =~ s/\.git$//; # all errors have the same message to avoid leaking info @@ -81,7 +75,7 @@ if ( $ENV{SSH_ORIGINAL_COMMAND} =~ /^rsync --server --sender (-[-\w=.]+ )+\. (\S exit 0; } -_warn "invalid rsync command '$ENV{SSH_ORIGINAL_COMMAND}'"; +_warn "Sorry, you are only allowed to use the '-v', '-n', '-q', and '-P' options."; usage(); # ---------------------------------------------------------------------- -- cgit v1.2.3-65-gdbad From b49133dc5f49b12807165ed250307213c1ac0a53 Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Tue, 8 Jan 2019 14:55:00 +0530 Subject: v3.6.11 --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index dd5f1d3..9cb5ffb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +2019-01-08 v3.6.11 fix security issue in 'rsync' (bundle helper); see commit + 5df2b81 for more + 2018-09-30 v3.6.10 fix up boo-boo caused by previous release; see mails on list for details -- cgit v1.2.3-65-gdbad