hub 1.12.1
Bugs squashed:
-
Fix checking out a pull request when fork name is different than original repo
The repository name of the pull request head doesn't necessarily match the name of the project's repository. This can happen when a user forks a project but already has a repository of the same name.
-
Use non-predictable filename for downloaded patch file
Since the /tmp directory is readable by everybody on Unix, and since the patch name could be public or easy to guess, a attacker could create a symlink to a file writable by the user running hub, which would be replaced by the patch.
This has been assigned CVE-2014-0177.
-
Fix API 422 error:
Duplicate value for "description"
-
Fix "invalid byte sequence" errors in
pull-request
If the user's
LANG
environment variable doesn't include "UTF-8", the default external encoding in Ruby will be US-ASCII and as such, string operations will fail dealing with pull request message or changelog that
contains non-ASCII characters. -
Respect git "core.commentchar" setting in
pull-request
message -
Fix displaying output of
hub --noop pull-request
In attempts to make multi-page output from hub get cleared when exiting the pager in the terminal, I've broken outputting short bits of text such as
--noop
output, which would accidentally get swallowed. This fixes that output, but reverts clearing the terminal scrollback when exitinghub help hub
, for instance. I will revisit this in the future. -
Don't re-wrap default pull request message taken from commit
Re-wrapping to 78 chars was dangerous since it could lead to moving a #-reference to the beginning of a line which would then get interpreted as a comment.