gitaly-lfs-smudge: Update git-lfs module and dependencies
This version of git-lfs resolves https://github.com/advisories/GHSA-4g4p-42wc-9f3m, although this shouldn't affect Gitaly since it only occurs on Windows.
Relates to https://gitlab.com/gitlab-org/gitaly/-/issues/4208
Relevant diff in question: git diff 2e1d981afbe3..v3.2.0 lfs/pointer.go
diff --git a/lfs/pointer.go b/lfs/pointer.go
index b3d794f5..1d71ccbe 100644
--- a/lfs/pointer.go
+++ b/lfs/pointer.go
@@ -11,7 +11,10 @@ import (
"strconv"
"strings"
- "github.com/git-lfs/git-lfs/errors"
+ "github.com/git-lfs/git-lfs/v3/errors"
+ "github.com/git-lfs/git-lfs/v3/fs"
+ "github.com/git-lfs/git-lfs/v3/tr"
+ "github.com/git-lfs/gitobj/v2"
)
var (
@@ -34,6 +37,7 @@ type Pointer struct {
Size int64
OidType string
Extensions []*PointerExtension
+ Canonical bool
}
// A PointerExtension is parsed from the Git LFS Pointer file.
@@ -51,7 +55,7 @@ func (p ByPriority) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
func (p ByPriority) Less(i, j int) bool { return p[i].Priority < p[j].Priority }
func NewPointer(oid string, size int64, exts []*PointerExtension) *Pointer {
- return &Pointer{latest, oid, size, oidType, exts}
+ return &Pointer{latest, oid, size, oidType, exts, true}
}
func NewPointerExtension(name string, priority int, oid string) *PointerExtension {
@@ -77,18 +81,30 @@ func (p *Pointer) Encoded() string {
return buffer.String()
}
+func EmptyPointer() *Pointer {
+ return NewPointer(fs.EmptyObjectSHA256, 0, nil)
+}
+
func EncodePointer(writer io.Writer, pointer *Pointer) (int, error) {
return writer.Write([]byte(pointer.Encoded()))
}
+func DecodePointerFromBlob(b *gitobj.Blob) (*Pointer, error) {
+ // Check size before reading
+ if b.Size >= blobSizeCutoff {
+ return nil, errors.NewNotAPointerError(errors.New(tr.Tr.Get("blob size exceeds Git LFS pointer size cutoff")))
+ }
+ return DecodePointer(b.Contents)
+}
+
func DecodePointerFromFile(file string) (*Pointer, error) {
// Check size before reading
stat, err := os.Stat(file)
if err != nil {
return nil, err
}
- if stat.Size() > blobSizeCutoff {
- return nil, errors.NewNotAPointerError(errors.New("file size exceeds lfs pointer size cutoff"))
+ if stat.Size() >= blobSizeCutoff {
+ return nil, errors.NewNotAPointerError(errors.New(tr.Tr.Get("file size exceeds Git LFS pointer size cutoff")))
}
f, err := os.OpenFile(file, os.O_RDONLY, 0644)
if err != nil {
@@ -122,13 +138,20 @@ func DecodeFrom(reader io.Reader) (*Pointer, io.Reader, error) {
return nil, contents, err
}
+ if len(buf) == 0 {
+ return EmptyPointer(), contents, nil
+ }
+
p, err := decodeKV(bytes.TrimSpace(buf))
+ if err == nil && p != nil {
+ p.Canonical = p.Encoded() == string(buf)
+ }
return p, contents, err
}
func verifyVersion(version string) error {
if len(version) == 0 {
- return errors.NewNotAPointerError(errors.New("Missing version"))
+ return errors.NewNotAPointerError(errors.New(tr.Tr.Get("Missing version")))
}
for _, v := range v1Aliases {
@@ -137,7 +160,7 @@ func verifyVersion(version string) error {
}
}
- return errors.New("Invalid version: " + version)
+ return errors.New(tr.Tr.Get("Invalid version: %s", version))
}
func decodeKV(data []byte) (*Pointer, error) {
@@ -155,7 +178,7 @@ func decodeKV(data []byte) (*Pointer, error) {
value, ok := kvps["oid"]
if !ok {
- return nil, errors.New("Invalid Oid")
+ return nil, errors.New(tr.Tr.Get("Invalid OID"))
}
oid, err := parseOid(value)
@@ -166,7 +189,7 @@ func decodeKV(data []byte) (*Pointer, error) {
value, ok = kvps["size"]
size, err := strconv.ParseInt(value, 10, 64)
if err != nil || size < 0 {
- return nil, fmt.Errorf("invalid size: %q", value)
+ return nil, errors.New(tr.Tr.Get("invalid size: %q", value))
}
var extensions []*PointerExtension
@@ -190,14 +213,14 @@ func decodeKV(data []byte) (*Pointer, error) {
func parseOid(value string) (string, error) {
parts := strings.SplitN(value, ":", 2)
if len(parts) != 2 {
- return "", errors.New("Invalid Oid value: " + value)
+ return "", errors.New(tr.Tr.Get("Invalid OID value: %s", value))
}
if parts[0] != oidType {
- return "", errors.New("Invalid Oid type: " + parts[0])
+ return "", errors.New(tr.Tr.Get("Invalid OID type: %s", parts[0]))
}
oid := parts[1]
if !oidRE.Match([]byte(oid)) {
- return "", errors.New("Invalid Oid: " + oid)
+ return "", errors.New(tr.Tr.Get("Invalid OID: %s", oid))
}
return oid, nil
}
@@ -205,12 +228,12 @@ func parseOid(value string) (string, error) {
func parsePointerExtension(key string, value string) (*PointerExtension, error) {
keyParts := strings.SplitN(key, "-", 3)
if len(keyParts) != 3 || keyParts[0] != "ext" {
- return nil, errors.New("Invalid extension value: " + value)
+ return nil, errors.New(tr.Tr.Get("Invalid extension value: %s", value))
}
p, err := strconv.Atoi(keyParts[1])
if err != nil || p < 0 {
- return nil, errors.New("Invalid priority: " + keyParts[1])
+ return nil, errors.New(tr.Tr.Get("Invalid priority: %s", keyParts[1]))
}
name := keyParts[2]
@@ -227,7 +250,7 @@ func validatePointerExtensions(exts []*PointerExtension) error {
m := make(map[int]struct{})
for _, ext := range exts {
if _, exist := m[ext.Priority]; exist {
- return fmt.Errorf("duplicate priority found: %d", ext.Priority)
+ return errors.New(tr.Tr.Get("duplicate priority found: %d", ext.Priority))
}
m[ext.Priority] = struct{}{}
}
@@ -238,7 +261,7 @@ func decodeKVData(data []byte) (kvps map[string]string, exts map[string]string,
kvps = make(map[string]string)
if !matcherRE.Match(data) {
- err = errors.NewNotAPointerError(errors.New("invalid header"))
+ err = errors.NewNotAPointerError(errors.New(tr.Tr.Get("invalid header")))
return
}
@@ -253,7 +276,7 @@ func decodeKVData(data []byte) (kvps map[string]string, exts map[string]string,
parts := strings.SplitN(text, " ", 2)
if len(parts) < 2 {
- err = errors.NewNotAPointerError(fmt.Errorf("error reading line %d: %s", line, text))
+ err = errors.NewNotAPointerError(errors.New(tr.Tr.Get("error reading line %d: %s", line, text)))
return
}
@@ -261,7 +284,7 @@ func decodeKVData(data []byte) (kvps map[string]string, exts map[string]string,
value := parts[1]
if numKeys <= line {
- err = errors.NewNotAPointerError(fmt.Errorf("extra line: %s", text))
+ err = errors.NewNotAPointerError(errors.New(tr.Tr.Get("extra line: %s", text)))
return
} Edited by Stan Hu