install.sh: warn about --pickaxe-regex segfault in affected versions
If gitweb pickaxe regular expressions are used the --pickaxe-regex will
be passed to Git. Unfortunately starting with Git v2.10.1 and continuing
through v2.12.2 use of that option can easily cause a segmentation fault.
Also known as a core dump.
Allowing a publicly exposed site to provide regular expression searches
may not be the best policy as some malicious regular expressions can use
an enormous amount of CPU on some systems.
The gitweb/gitweb_config.perl feature "regexp" is turned off by default
(and that is the recommended option). In which case gitweb will never
pass the --pickaxe-regex option to Git thereby avoiding the problem.
The problem was corrected in
f53c5de29cec68e3 (pickaxe: fix segfault with
'-S<...> --pickaxe-regex', 2017-03-18, v2.12.3) [1]. The fix is trivial
and can easily be backported to a custom build of 2.10.1 - 2.12.2, if
necessary, with a simple cherry-pick.
Warn about this potential issue when using an affected version of Git.
[1]: http://repo.or.cz/git.git/
f53c5de29cec68e3
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>