[evolvis-commits] r18382: scmsvn-tweaks pending merges:↵ Thorsten Glaser 2012-04-26 be explicit about denyNonFastforwards and add denyDeletes

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Apr 26 14:43:59 CEST 2012


Author: mirabilos
Date: 2012-04-26 14:43:58 +0200 (Thu, 26 Apr 2012)
New Revision: 18382

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/debian/changelog
   trunk/gforge_base/evolvisforge-5.1/src/plugins/scmgit/common/GitPlugin.class.php
Log:
scmsvn-tweaks pending merges:
  Thorsten Glaser 2012-04-26 be explicit about denyNonFastforwards and add denyDeletes

Modified: trunk/gforge_base/evolvisforge-5.1/src/debian/changelog
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/debian/changelog	2012-04-26 12:43:54 UTC (rev 18381)
+++ trunk/gforge_base/evolvisforge-5.1/src/debian/changelog	2012-04-26 12:43:58 UTC (rev 18382)
@@ -15,8 +15,11 @@
   * Apply patch [#387] cronjob stats_projects-backfill.php missing
     enviroment by Erica Vidal
 
- -- Thorsten Glaser <t.glaser at tarent.de>  Thu, 26 Apr 2012 11:36:20 +0200
+  [ Thorsten Glaser ]
+  * Improve security of git repositories
 
+ -- Thorsten Glaser <t.glaser at tarent.de>  Thu, 26 Apr 2012 14:42:55 +0200
+
 fusionforge (1:5.1.1+evolvis56) unstable; urgency=low
 
   * My Account: languages not shipped and not English (untranslated)

Modified: trunk/gforge_base/evolvisforge-5.1/src/plugins/scmgit/common/GitPlugin.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/plugins/scmgit/common/GitPlugin.class.php	2012-04-26 12:43:54 UTC (rev 18381)
+++ trunk/gforge_base/evolvisforge-5.1/src/plugins/scmgit/common/GitPlugin.class.php	2012-04-26 12:43:58 UTC (rev 18382)
@@ -321,6 +321,8 @@
 		system("mkdir -p $main_repo");
 		if (!is_file ("$main_repo/HEAD") && !is_dir("$main_repo/objects") && !is_dir("$main_repo/refs")) {
 			system ("GIT_DIR=\"$main_repo\" git init --bare --shared=group") ;
+			system ("GIT_DIR=\"$main_repo\" git config receive.denyNonFastforwards true") ;
+			system ("GIT_DIR=\"$main_repo\" git config receive.denyDeletes true") ;
 			system ("GIT_DIR=\"$main_repo\" git update-server-info") ;
 			if (is_file ("$main_repo/hooks/post-update.sample")) {
 				rename ("$main_repo/hooks/post-update.sample",



More information about the evolvis-commits mailing list