Tighten key parser to not accept keys containing a non-numeric fields, which could be used to embed data useful for a SHA1 attack against git.

Also todo about why this is important, and with some further hardening to add. This commit was sponsored by Ignacio on Patreon.
author: Joey Hess <joeyh@joeyh.name> 2017-02-24 00:17:25 -0400
committer: Joey Hess <joeyh@joeyh.name> 2017-02-24 00:17:25 -0400
commit: 24115d7fe885e3c15603daca9c2bd5e25c7c5a14 (patch)
tree: fb3d90f72b86a78ab46163dd3c3f1ab44a4ee1d6 /CHANGELOG
parent: 55983c0a8e4ad4908b57b69f64256fbb7aa24397 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index c6a4aeecd..2a80fb7b2 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -33,6 +33,9 @@ git-annex (6.20170215) UNRELEASED; urgency=medium
     to wget, since curl is able to display only errors to stderr, unlike
     wget.
   * status: Pass --ignore-submodules=when option on to git status.
+  * Tighten key parser to not accept keys containing a non-numeric
+    fields, which could be used to embed data useful for a SHA1
+    attack against git.
 
  -- Joey Hess <id@joeyh.name>  Tue, 14 Feb 2017 15:54:25 -0400
author	Joey Hess <joeyh@joeyh.name>	2017-02-24 00:17:25 -0400
committer	Joey Hess <joeyh@joeyh.name>	2017-02-24 00:17:25 -0400
commit	24115d7fe885e3c15603daca9c2bd5e25c7c5a14 (patch)
tree	fb3d90f72b86a78ab46163dd3c3f1ab44a4ee1d6 /CHANGELOG
parent	55983c0a8e4ad4908b57b69f64256fbb7aa24397 (diff)