mirror of
https://github.com/git/git
synced 2024-10-30 14:03:28 +00:00
252d693797
For a long time we have used ASAN_OPTIONS to set abort_on_error. This is important because we want to notice detected problems even in programs which are expected to fail. But we never did the same for UBSAN_OPTIONS. This means that our UBSan test suite runs might silently miss some cases. It also causes a more visible effect, which is that t4058 complains about unexpected "fixes" (and this is how I noticed the issue): $ make SANITIZE=undefined CC=gcc && (cd t && ./t4058-*) ... ok 8 - git read-tree does not segfault # TODO known breakage vanished ok 9 - reset --hard does not segfault # TODO known breakage vanished ok 10 - git diff HEAD does not segfault # TODO known breakage vanished The tests themselves aren't that interesting. We have a known bug where these programs segfault, and they do when compiled without sanitizers. With UBSan, when the test runs: test_might_fail git read-tree --reset base it gets: cache-tree.c:935:9: runtime error: member access within misaligned address 0x5a5a5a5a5a5a5a5a for type 'struct cache_entry', which requires 8 byte alignment So that's garbage memory which would _usually_ cause us to segfault, but UBSan catches it and complains first about the alignment. That makes sense, but the weird thing is that UBSan then exits instead of aborting, so our test_might_fail call considers that an acceptable outcome and the test "passes". Curiously, this historically seems to have aborted, because I've run "make test" with UBSan many times (and so did our CI) and we never saw the problem. Even more curiously, I see an abort if I use clang with ASan and UBSan together, like: # this aborts! make SANITIZE=undefined,address CC=clang But not with just UBSan, and not with both when used with gcc: # none of these do make SANITIZE=undefined CC=gcc make SANITIZE=undefined CC=clang make SANITIZE=undefined,address CC=gcc Likewise moving to older versions of gcc (I tried gcc-11 and gcc-12 on my Debian system) doesn't abort. Nor does moving around in Git's history. Neither this test nor the relevant code have been touched in a while, and going back to v2.41.0 produces the same outcome (even though many UBSan CI runs have passed in the meantime). So _something_ changed on my system (and likely will soon on other people's, since this is stock Debian unstable), but I didn't track it further. I don't know why it ever aborted in the past, but we definitely should be explicit here and tell UBSan what we want to happen. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
292 lines
7.9 KiB
ApacheConf
292 lines
7.9 KiB
ApacheConf
ServerName dummy
|
|
PidFile httpd.pid
|
|
DocumentRoot www
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
CustomLog access.log common
|
|
ErrorLog error.log
|
|
<IfModule !mod_log_config.c>
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
</IfModule>
|
|
<IfModule !mod_alias.c>
|
|
LoadModule alias_module modules/mod_alias.so
|
|
</IfModule>
|
|
<IfModule !mod_cgi.c>
|
|
LoadModule cgi_module modules/mod_cgi.so
|
|
</IfModule>
|
|
<IfModule !mod_env.c>
|
|
LoadModule env_module modules/mod_env.so
|
|
</IfModule>
|
|
<IfModule !mod_rewrite.c>
|
|
LoadModule rewrite_module modules/mod_rewrite.so
|
|
</IFModule>
|
|
<IfModule !mod_version.c>
|
|
LoadModule version_module modules/mod_version.so
|
|
</IfModule>
|
|
<IfModule !mod_headers.c>
|
|
LoadModule headers_module modules/mod_headers.so
|
|
</IfModule>
|
|
<IfModule !mod_setenvif.c>
|
|
LoadModule setenvif_module modules/mod_setenvif.so
|
|
</IfModule>
|
|
|
|
<IfDefine HTTP2>
|
|
LoadModule http2_module modules/mod_http2.so
|
|
Protocols h2 h2c
|
|
</IfDefine>
|
|
|
|
<IfModule !mod_auth_basic.c>
|
|
LoadModule auth_basic_module modules/mod_auth_basic.so
|
|
</IfModule>
|
|
<IfModule !mod_authn_file.c>
|
|
LoadModule authn_file_module modules/mod_authn_file.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_user.c>
|
|
LoadModule authz_user_module modules/mod_authz_user.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_host.c>
|
|
LoadModule authz_host_module modules/mod_authz_host.so
|
|
</IfModule>
|
|
|
|
<IfDefine PROXY>
|
|
<IfModule !mod_proxy.c>
|
|
LoadModule proxy_module modules/mod_proxy.so
|
|
</IfModule>
|
|
<IfModule !mod_proxy_http.c>
|
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
|
</IfModule>
|
|
ProxyRequests On
|
|
<Proxy "*">
|
|
AuthType Basic
|
|
AuthName "proxy-auth"
|
|
AuthUserFile proxy-passwd
|
|
Require valid-user
|
|
</Proxy>
|
|
</IfDefine>
|
|
|
|
<IfModule !mod_authn_core.c>
|
|
LoadModule authn_core_module modules/mod_authn_core.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_core.c>
|
|
LoadModule authz_core_module modules/mod_authz_core.so
|
|
</IfModule>
|
|
<IfModule !mod_access_compat.c>
|
|
LoadModule access_compat_module modules/mod_access_compat.so
|
|
</IfModule>
|
|
<IfModule !mod_unixd.c>
|
|
LoadModule unixd_module modules/mod_unixd.so
|
|
</IfModule>
|
|
|
|
<IfDefine HTTP2>
|
|
<IfModule !mod_mpm_event.c>
|
|
LoadModule mpm_event_module modules/mod_mpm_event.so
|
|
</IfModule>
|
|
</IfDefine>
|
|
<IfDefine !HTTP2>
|
|
<IfModule !mod_mpm_prefork.c>
|
|
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
|
|
</IfModule>
|
|
</IfDefine>
|
|
|
|
PassEnv GIT_VALGRIND
|
|
PassEnv GIT_VALGRIND_OPTIONS
|
|
PassEnv GNUPGHOME
|
|
PassEnv ASAN_OPTIONS
|
|
PassEnv LSAN_OPTIONS
|
|
PassEnv UBSAN_OPTIONS
|
|
PassEnv GIT_TRACE
|
|
PassEnv GIT_CONFIG_NOSYSTEM
|
|
PassEnv GIT_TEST_SIDEBAND_ALL
|
|
PassEnv LANG
|
|
PassEnv LC_ALL
|
|
|
|
Alias /dumb/ www/
|
|
Alias /auth/dumb/ www/auth/dumb/
|
|
|
|
SetEnv PERL_PATH ${PERL_PATH}
|
|
|
|
<LocationMatch /smart/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
</LocationMatch>
|
|
<LocationMatch /smart_noexport/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
</LocationMatch>
|
|
<LocationMatch /smart_custom_env/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
SetEnv GIT_COMMITTER_NAME "Custom User"
|
|
SetEnv GIT_COMMITTER_EMAIL custom@example.com
|
|
</LocationMatch>
|
|
<LocationMatch /smart_namespace/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
SetEnv GIT_NAMESPACE ns
|
|
</LocationMatch>
|
|
<LocationMatch /smart_cookies/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
Header set Set-Cookie name=value
|
|
</LocationMatch>
|
|
<LocationMatch /smart_headers/>
|
|
<RequireAll>
|
|
Require expr %{HTTP:x-magic-one} == 'abra'
|
|
Require expr %{HTTP:x-magic-two} == 'cadabra'
|
|
</RequireAll>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
</LocationMatch>
|
|
<LocationMatch /one_time_perl/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
</LocationMatch>
|
|
<LocationMatch /smart_v0/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
SetEnv GIT_PROTOCOL
|
|
</LocationMatch>
|
|
<LocationMatch /custom_auth/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
<IfDefine USE_CGIPASSAUTH>
|
|
CGIPassAuth on
|
|
</IfDefine>
|
|
</LocationMatch>
|
|
ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/
|
|
ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/
|
|
ScriptAlias /smart/no_report/git-receive-pack error-no-report.sh/
|
|
ScriptAliasMatch /error_git_upload_pack/(.*)/git-upload-pack error.sh/
|
|
ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1
|
|
ScriptAlias /broken_smart/ broken-smart-http.sh/
|
|
ScriptAlias /error_smart/ error-smart-http.sh/
|
|
ScriptAlias /error/ error.sh/
|
|
ScriptAliasMatch /one_time_perl/(.*) apply-one-time-perl.sh/$1
|
|
ScriptAliasMatch /custom_auth/(.*) nph-custom-auth.sh/$1
|
|
<Directory ${GIT_EXEC_PATH}>
|
|
Options FollowSymlinks
|
|
</Directory>
|
|
<Files incomplete-length-upload-pack-v2-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files incomplete-body-upload-pack-v2-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files error-no-report.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files broken-smart-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files error-smart-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files error.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files apply-one-time-perl.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files ${GIT_EXEC_PATH}/git-http-backend>
|
|
Options ExecCGI
|
|
</Files>
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/dumb-redir/(.*)$ /dumb/$1 [R=301]
|
|
RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
|
|
RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
|
|
RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
|
|
RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
|
|
RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]
|
|
|
|
RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
|
|
RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
|
|
|
|
# redir-to/502/x?y -> really-redir-to?path=502/x&qs=y which returns 502
|
|
# redir-to/x?y -> really-redir-to?path=x&qs=y -> x?y
|
|
RewriteCond %{QUERY_STRING} ^(.*)$
|
|
RewriteRule ^/redir-to/(.*)$ /really-redir-to?path=$1&qs=%1 [R=302]
|
|
RewriteCond %{QUERY_STRING} ^path=502/(.*)&qs=(.*)$
|
|
RewriteRule ^/really-redir-to$ - [R=502,L]
|
|
RewriteCond %{QUERY_STRING} ^path=(.*)&qs=(.*)$
|
|
RewriteRule ^/really-redir-to$ /%1?%2 [R=302]
|
|
|
|
# The first rule issues a client-side redirect to something
|
|
# that _doesn't_ look like a git repo. The second rule is a
|
|
# server-side rewrite, so that it turns out the odd-looking
|
|
# thing _is_ a git repo. The "[PT]" tells Apache to match
|
|
# the usual ScriptAlias rules for /smart.
|
|
RewriteRule ^/insane-redir/(.*)$ /intern-redir/$1/foo [R=301]
|
|
RewriteRule ^/intern-redir/(.*)/foo$ /smart/$1 [PT]
|
|
|
|
# Serve info/refs internally without redirecting, but
|
|
# issue a redirect for any object requests.
|
|
RewriteRule ^/redir-objects/(.*/info/refs)$ /dumb/$1 [PT]
|
|
RewriteRule ^/redir-objects/(.*/objects/.*)$ /dumb/$1 [R=301]
|
|
|
|
<IfDefine SSL>
|
|
LoadModule ssl_module modules/mod_ssl.so
|
|
|
|
SSLCertificateFile httpd.pem
|
|
SSLCertificateKeyFile httpd.pem
|
|
SSLRandomSeed startup file:/dev/urandom 512
|
|
SSLRandomSeed connect file:/dev/urandom 512
|
|
SSLSessionCache none
|
|
SSLEngine On
|
|
</IfDefine>
|
|
|
|
<Location /auth/>
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</Location>
|
|
|
|
<LocationMatch "^/auth-push/.*/git-receive-pack$">
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</LocationMatch>
|
|
|
|
<LocationMatch "^/auth-fetch/.*/git-upload-pack$">
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</LocationMatch>
|
|
|
|
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
|
|
RewriteCond %{REQUEST_URI} /git-receive-pack$
|
|
RewriteRule ^/half-auth-complete/ - [E=AUTHREQUIRED:yes]
|
|
|
|
<Location /half-auth-complete/>
|
|
Order Deny,Allow
|
|
Deny from env=AUTHREQUIRED
|
|
|
|
AuthType Basic
|
|
AuthName "Git Access"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
Satisfy Any
|
|
</Location>
|
|
|
|
<IfDefine DAV>
|
|
LoadModule dav_module modules/mod_dav.so
|
|
LoadModule dav_fs_module modules/mod_dav_fs.so
|
|
|
|
DAVLockDB DAVLock
|
|
<Location /dumb/>
|
|
Dav on
|
|
</Location>
|
|
<Location /auth/dumb>
|
|
Dav on
|
|
</Location>
|
|
</IfDefine>
|
|
|
|
<IfDefine SVN>
|
|
LoadModule dav_svn_module modules/mod_dav_svn.so
|
|
|
|
<Location /${LIB_HTTPD_SVN}>
|
|
DAV svn
|
|
SVNPath "${LIB_HTTPD_SVNPATH}"
|
|
</Location>
|
|
</IfDefine>
|