Commit Graph

9847 Commits

Author SHA1 Message Date
Junio C Hamano
ad36dc8b4b Almost ready for 2.11.1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-01-17 15:19:11 -08:00
Junio C Hamano
647a1bcf14 Merge branch 'mm/gc-safety-doc' into maint
Doc update.

* mm/gc-safety-doc:
  git-gc.txt: expand discussion of races with other processes
2017-01-17 15:19:11 -08:00
Junio C Hamano
f976c89a20 Merge branch 'mm/push-social-engineering-attack-doc' into maint
Doc update on fetching and pushing.

* mm/push-social-engineering-attack-doc:
  doc: mention transfer data leaks in more places
2017-01-17 15:19:10 -08:00
Junio C Hamano
d4a682d42f Merge branch 'ls/filter-process' into maint
Doc update.

* ls/filter-process:
  t0021: fix flaky test
  docs: warn about possible '=' in clean/smudge filter process values
2017-01-17 15:19:08 -08:00
Junio C Hamano
ef6e815133 Merge branch 'kh/tutorial-grammofix' into maint
* kh/tutorial-grammofix:
  doc: omit needless "for"
  doc: make the intent of sentence clearer
  doc: add verb in front of command to run
  doc: add articles (grammar)
2017-01-17 15:19:08 -08:00
Junio C Hamano
34d5a66a61 Merge branch 'lr/doc-fix-cet' into maint
* lr/doc-fix-cet:
  date-formats.txt: Typo fix
2017-01-17 15:19:08 -08:00
Junio C Hamano
48d23c12e7 Merge branch 'dt/smart-http-detect-server-going-away' into maint
When the http server gives an incomplete response to a smart-http
rpc call, it could lead to client waiting for a full response that
will never come.  Teach the client side to notice this condition
and abort the transfer.

An improvement counterproposal has failed.
cf. <20161114194049.mktpsvgdhex2f4zv@sigill.intra.peff.net>

* dt/smart-http-detect-server-going-away:
  upload-pack: optionally allow fetching any sha1
  remote-curl: don't hang when a server dies before any output
2017-01-17 15:19:03 -08:00
Junio C Hamano
bcaf277b4a Merge branch 'jk/quote-env-path-list-component' into maint
A recent update to receive-pack to make it easier to drop garbage
objects made it clear that GIT_ALTERNATE_OBJECT_DIRECTORIES cannot
have a pathname with a colon in it (no surprise!), and this in turn
made it impossible to push into a repository at such a path.  This
has been fixed by introducing a quoting mechanism used when
appending such a path to the colon-separated list.

* jk/quote-env-path-list-component:
  t5615-alternate-env: double-quotes in file names do not work on Windows
  t5547-push-quarantine: run the path separator test on Windows, too
  tmp-objdir: quote paths we add to alternates
  alternates: accept double-quoted paths
2017-01-17 15:11:06 -08:00
Junio C Hamano
9d2a24864e Merge branch 'ak/commit-only-allow-empty' into maint
"git commit --allow-empty --only" (no pathspec) with dirty index
ought to be an acceptable way to create a new commit that does not
change any paths, but it was forbidden, perhaps because nobody
needed it so far.

* ak/commit-only-allow-empty:
  commit: remove 'Clever' message for --only --amend
  commit: make --only --allow-empty work without paths
2017-01-17 15:11:03 -08:00
Junio C Hamano
5ce6f51ff7 Merge branch 'jk/http-walker-limit-redirect' into maint
Update the error messages from the dumb-http client when it fails
to obtain loose objects; we used to give sensible error message
only upon 404 but we now forbid unexpected redirects that needs to
be reported with something sensible.

* jk/http-walker-limit-redirect:
  http-walker: complain about non-404 loose object errors
  http: treat http-alternates like redirects
  http: make redirects more obvious
  remote-curl: rename shadowed options variable
  http: always update the base URL for redirects
  http: simplify update_url_from_redirect
2017-01-17 14:49:29 -08:00
Jeff King
cf3c635210 alternates: accept double-quoted paths
We read lists of alternates from objects/info/alternates
files (delimited by newline), as well as from the
GIT_ALTERNATE_OBJECT_DIRECTORIES environment variable
(delimited by colon or semi-colon, depending on the
platform).

There's no mechanism for quoting the delimiters, so it's
impossible to specify an alternate path that contains a
colon in the environment, or one that contains a newline in
a file. We've lived with that restriction for ages because
both alternates and filenames with colons are relatively
rare, and it's only a problem when the two meet. But since
722ff7f87 (receive-pack: quarantine objects until
pre-receive accepts, 2016-10-03), which builds on the
alternates system, every push causes the receiver to set
GIT_ALTERNATE_OBJECT_DIRECTORIES internally.

It would be convenient to have some way to quote the
delimiter so that we can represent arbitrary paths.

The simplest thing would be an escape character before a
quoted delimiter (e.g., "\:" as a literal colon). But that
creates a backwards compatibility problem: any path which
uses that escape character is now broken, and we've just
shifted the problem. We could choose an unlikely escape
character (e.g., something from the non-printable ASCII
range), but that's awkward to use.

Instead, let's treat names as unquoted unless they begin
with a double-quote, in which case they are interpreted via
our usual C-stylke quoting rules. This also breaks
backwards-compatibility, but in a smaller way: it only
matters if your file has a double-quote as the very _first_
character in the path (whereas an escape character is a
problem anywhere in the path).  It's also consistent with
many other parts of git, which accept either a bare pathname
or a double-quoted one, and the sender can choose to quote
or not as required.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-12 15:10:43 -08:00
Luis Ressel
e2c20be57c date-formats.txt: Typo fix
Last time I checked, I was living in the UTC+01:00 time zone. UTC+02:00
would be Central European _Summer_ Time.

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-12 11:09:51 -08:00
Kristoffer Haugsbakk
47437fd3bd doc: omit needless "for"
What was intended was perhaps "... plumbing does for you" ("you" added), but
simply omitting the word "for" is more terse and gets the intended point across
just as well, if not more so.

I originally went with the approach of writing "for you", but Junio C
Hamano suggested this approach instead.

Signed-off-by: Kristoffer Haugsbakk <kristoffer.haugsbakk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-09 15:14:01 -08:00
Kristoffer Haugsbakk
c857c3a1ce doc: make the intent of sentence clearer
By adding the word "just", which might have been accidentally omitted.

Adding the word "just" makes it clear that the point is to *not* do an
octopus merge simply because you *can* do it.  In other words, you
should have a reason for doing it beyond simply having two (seemingly)
independent commits that you need to merge into another branch, since
it's not always the best approach.

The previous sentence made it look more like it was trying to say that
you shouldn't do an octopus merge *because* you can do an octopus merge.
Although this interpretation doesn't make sense and the rest of the
paragraph makes the intended meaning clear, this adjustment should make
the intent of the sentence more immediately clear to the reader.

Signed-off-by: Kristoffer Haugsbakk <kristoffer.haugsbakk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-09 15:14:01 -08:00
Kristoffer Haugsbakk
f383e4ed53 doc: add verb in front of command to run
Instead of using the command 'git clone' as a verb, use "run" as the
verb indicating the action of executing the command 'git clone'.

Signed-off-by: Kristoffer Haugsbakk <kristoffer.haugsbakk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-09 15:14:01 -08:00
Kristoffer Haugsbakk
8b9bb339cd doc: add articles (grammar)
Add definite and indefinite articles in three places where they were
missing.

- Use "the" in front of a directory name
- Use "the" in front of "style of cooperation"
- Use an indefinite article in front of "CVS background"

Signed-off-by: Kristoffer Haugsbakk <kristoffer.haugsbakk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-09 15:14:01 -08:00
Jeff King
50d3413740 http: make redirects more obvious
We instruct curl to always follow HTTP redirects. This is
convenient, but it creates opportunities for malicious
servers to create confusing situations. For instance,
imagine Alice is a git user with access to a private
repository on Bob's server. Mallory runs her own server and
wants to access objects from Bob's repository.

Mallory may try a few tricks that involve asking Alice to
clone from her, build on top, and then push the result:

  1. Mallory may simply redirect all fetch requests to Bob's
     server. Git will transparently follow those redirects
     and fetch Bob's history, which Alice may believe she
     got from Mallory. The subsequent push seems like it is
     just feeding Mallory back her own objects, but is
     actually leaking Bob's objects. There is nothing in
     git's output to indicate that Bob's repository was
     involved at all.

     The downside (for Mallory) of this attack is that Alice
     will have received Bob's entire repository, and is
     likely to notice that when building on top of it.

  2. If Mallory happens to know the sha1 of some object X in
     Bob's repository, she can instead build her own history
     that references that object. She then runs a dumb http
     server, and Alice's client will fetch each object
     individually. When it asks for X, Mallory redirects her
     to Bob's server. The end result is that Alice obtains
     objects from Bob, but they may be buried deep in
     history. Alice is less likely to notice.

Both of these attacks are fairly hard to pull off. There's a
social component in getting Mallory to convince Alice to
work with her. Alice may be prompted for credentials in
accessing Bob's repository (but not always, if she is using
a credential helper that caches). Attack (1) requires a
certain amount of obliviousness on Alice's part while making
a new commit. Attack (2) requires that Mallory knows a sha1
in Bob's repository, that Bob's server supports dumb http,
and that the object in question is loose on Bob's server.

But we can probably make things a bit more obvious without
any loss of functionality. This patch does two things to
that end.

First, when we encounter a whole-repo redirect during the
initial ref discovery, we now inform the user on stderr,
making attack (1) much more obvious.

Second, the decision to follow redirects is now
configurable. The truly paranoid can set the new
http.followRedirects to false to avoid any redirection
entirely. But for a more practical default, we will disallow
redirects only after the initial ref discovery. This is
enough to thwart attacks similar to (2), while still
allowing the common use of redirects at the repository
level. Since c93c92f30 (http: update base URLs when we see
redirects, 2013-09-28) we re-root all further requests from
the redirect destination, which should generally mean that
no further redirection is necessary.

As an escape hatch, in case there really is a server that
needs to redirect individual requests, the user can set
http.followRedirects to "true" (and this can be done on a
per-server basis via http.*.followRedirects config).

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 12:32:48 -08:00
Lars Schneider
c6b0831c9c docs: warn about possible '=' in clean/smudge filter process values
A pathname value in a clean/smudge filter process "key=value" pair can
contain the '=' character (introduced in edcc858). Make the user aware
of this issue in the docs, add a corresponding test case, and fix the
issue in filter process value parser of the example implementation in
contrib.

Signed-off-by: Lars Schneider <larsxschneider@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 11:29:52 -08:00
Andreas Krey
319d835240 commit: make --only --allow-empty work without paths
--only is implied when paths are present, and required
them unless --amend. But with --allow-empty it should
be allowed as well - it is the only way to create an
empty commit in the presence of staged changes.

Signed-off-by: Andreas Krey <a.krey@gmx.de>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 12:41:06 -08:00
Junio C Hamano
a274e0a036 Sync with maint-2.10
* maint-2.10:
  preparing for 2.10.3
2016-12-05 11:25:47 -08:00
Junio C Hamano
c3808ca698 preparing for 2.10.3
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 11:25:02 -08:00
Junio C Hamano
797d1a4672 Merge branch 'nd/worktree-lock' into maint
Typofix.

* nd/worktree-lock:
  git-worktree.txt: fix typo "to"/"two", and add comma
2016-11-29 13:28:02 -08:00
Junio C Hamano
d92466ee25 Merge branch 'ps/common-info-doc' into maint
Doc fix.

* ps/common-info-doc:
  doc: fix location of 'info/' with $GIT_COMMON_DIR
2016-11-29 13:28:01 -08:00
Junio C Hamano
6afadbd5ee Merge branch 'sc/fmt-merge-msg-doc-markup-fix' into maint
Documentation fix.

* sc/fmt-merge-msg-doc-markup-fix:
  Documentation/fmt-merge-msg: fix markup in example
2016-11-29 13:28:00 -08:00
Junio C Hamano
50b8276ab9 Merge branch 'jk/rebase-config-insn-fmt-docfix' into maint
Documentation fix.

* jk/rebase-config-insn-fmt-docfix:
  doc: fix missing "::" in config list
2016-11-29 13:27:58 -08:00
Junio C Hamano
454cb6bd52 Git 2.11
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-29 12:23:07 -08:00
Marc Branchaud
aeddbfdfa4 RelNotes: spelling and phrasing fixups
Signed-off-by: Marc Branchaud <marcnarc@xiplink.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-28 15:58:48 -08:00
Junio C Hamano
e2b2d6a172 Git 2.11-rc3
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-23 11:24:59 -08:00
Junio C Hamano
6a2b569c2f Merge branch 'jt/trailer-with-cruft'
Doc update.

* jt/trailer-with-cruft:
  doc: mention user-configured trailers
2016-11-23 11:23:17 -08:00
Jonathan Tan
df616b19b4 doc: mention user-configured trailers
In commit 1462450 ("trailer: allow non-trailers in trailer block",
2016-10-21), functionality was added (and tested [1]) to allow
non-trailer lines in trailer blocks, as long as those blocks contain at
least one Git-generated or user-configured trailer, and consists of at
least 25% trailers. The documentation was updated to mention this new
functionality, but did not mention "user-configured trailer".

Further update the documentation to also mention "user-configured
trailer".

[1] "with non-trailer lines mixed with a configured trailer" in
t/t7513-interpret-trailers.sh

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-21 12:49:57 -08:00
David Turner
f8edeaa05d upload-pack: optionally allow fetching any sha1
It seems a little silly to do a reachabilty check in the case where we
trust the user to access absolutely everything in the repository.

Also, it's racy in a distributed system -- perhaps one server
advertises a ref, but another has since had a force-push to that ref,
and perhaps the two HTTP requests end up directed to these different
servers.

Signed-off-by: David Turner <dturner@twosigma.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-18 13:06:14 -08:00
Junio C Hamano
1310affe02 Git 2.11-rc2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-17 13:47:36 -08:00
Junio C Hamano
166251c32e Merge branch 'nd/worktree-lock'
Typofix.

* nd/worktree-lock:
  git-worktree.txt: fix typo "to"/"two", and add comma
2016-11-17 13:45:21 -08:00
Matt McCutchen
f1350d0c12 git-gc.txt: expand discussion of races with other processes
In general, "git gc" may delete objects that another concurrent process
is using but hasn't created a reference to.  Git has some mitigations,
but they fall short of a complete solution.  Document this in the
git-gc(1) man page and add a reference from the documentation of the
gc.pruneExpire config variable.

Based on a write-up by Jeff King:

http://marc.info/?l=git&m=147922960131779&w=2

Signed-off-by: Matt McCutchen <matt@mattmccutchen.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-16 13:42:17 -08:00
Matt McCutchen
235ec24352 doc: mention transfer data leaks in more places
The "SECURITY" section of the gitnamespaces(7) man page described two
ways for a client to steal data from a server that wasn't intended to be
shared. Similar attacks can be performed by a server on a client, so
adapt the section to cover both directions and add it to the
git-fetch(1), git-pull(1), and git-push(1) man pages. Also add
references to this section from the documentation of server
configuration options that attempt to control data leakage but may not
be fully effective.

Signed-off-by: Matt McCutchen <matt@mattmccutchen.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-14 11:23:07 -08:00
Ben North
2b090822e8 git-worktree.txt: fix typo "to"/"two", and add comma
Signed-off-by: Ben North <ben@redfrontdoor.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-13 17:56:56 -08:00
Junio C Hamano
3ab228137f Git 2.11.0-rc1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-11 14:04:32 -08:00
Junio C Hamano
12133d52c1 Merge branch 'ps/common-info-doc'
Doc fix.

* ps/common-info-doc:
  doc: fix location of 'info/' with $GIT_COMMON_DIR
2016-11-11 13:56:31 -08:00
Patrick Steinhardt
3285b7badb doc: fix location of 'info/' with $GIT_COMMON_DIR
With the introduction of the $GIT_COMMON_DIR variable, the
repository layout manual was changed to reflect the location for
many files in case the variable is set. While adding the new
locations, one typo snuck in regarding the location of the
'info/' folder, which is falsely claimed to reside at
"$GIT_COMMON_DIR/index".

Fix the typo to point to "$GIT_COMMON_DIR/info/" instead.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-11 09:37:33 -08:00
Junio C Hamano
be5a750939 A bit of updates post -rc0
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-01 12:59:58 -07:00
Junio C Hamano
1fe8f2cf46 Git 2.11-rc0
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-31 13:19:53 -07:00
Junio C Hamano
590f0bfe9f Merge branch 'sc/fmt-merge-msg-doc-markup-fix'
Documentation fix.

* sc/fmt-merge-msg-doc-markup-fix:
  Documentation/fmt-merge-msg: fix markup in example
2016-10-31 13:15:26 -07:00
Junio C Hamano
702b6a6fc0 Merge branch 'jk/rebase-config-insn-fmt-docfix'
Documentation fix.

* jk/rebase-config-insn-fmt-docfix:
  doc: fix missing "::" in config list
2016-10-31 13:15:24 -07:00
Junio C Hamano
9fa1f902bf Merge branch 'aw/numbered-stash'
The user always has to say "stash@{$N}" when naming a single
element in the default location of the stash, i.e. reflogs in
refs/stash.  The "git stash" command learned to accept "git stash
apply 4" as a short-hand for "git stash apply stash@{4}".

* aw/numbered-stash:
  stash: allow stashes to be referenced by index only
2016-10-31 13:15:22 -07:00
Junio C Hamano
cabb79d8c1 Merge branch 'jt/trailer-with-cruft'
Update "interpret-trailers" machinery and teaches it that people in
real world write all sorts of crufts in the "trailer" that was
originally designed to have the neat-o "Mail-Header: like thing"
and nothing else.

* jt/trailer-with-cruft:
  trailer: support values folded to multiple lines
  trailer: forbid leading whitespace in trailers
  trailer: allow non-trailers in trailer block
  trailer: clarify failure modes in parse_trailer
  trailer: make args have their own struct
  trailer: streamline trailer item create and add
  trailer: use list.h for doubly-linked list
  trailer: improve const correctness
2016-10-31 13:15:22 -07:00
Junio C Hamano
dbaa6bdce2 Merge branch 'ls/filter-process'
The smudge/clean filter API expect an external process is spawned
to filter the contents for each path that has a filter defined.  A
new type of "process" filter API has been added to allow the first
request to run the filter for a path to spawn a single process, and
all filtering need is served by this single process for multiple
paths, reducing the process creation overhead.

* ls/filter-process:
  contrib/long-running-filter: add long running filter example
  convert: add filter.<driver>.process option
  convert: prepare filter.<driver>.process option
  convert: make apply_filter() adhere to standard Git error handling
  pkt-line: add functions to read/write flush terminated packet streams
  pkt-line: add packet_write_gently()
  pkt-line: add packet_flush_gently()
  pkt-line: add packet_write_fmt_gently()
  pkt-line: extract set_packet_header()
  pkt-line: rename packet_write() to packet_write_fmt()
  run-command: add clean_on_exit_handler
  run-command: move check_pipe() from write_or_die to run_command
  convert: modernize tests
  convert: quote filter names in error messages
2016-10-31 13:15:21 -07:00
Jeff King
6d834ac8f1 doc: fix missing "::" in config list
The rebase.instructionFormat option is missing its "::" to
tell AsciiDoc that it's a list entry. As a result, the
option name gets lumped into the description in one big
paragraph.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-30 15:26:37 -07:00
Junio C Hamano
7805bda2ac Git 2.10.2
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYE3auAAoJELC16IaWr+bLaxUQAKP/acM6xJ/5bT9l8cISh6Ac
 lEmOhbnQ2awPkqObk4yJKJPPzwznNsFSK4j3MlVqlGdPdFY9jHnI49QFUPNGeDnx
 ledmfH6YJHi9hln/cyqNmGvG95uszAqgYQBYthsFS7Zr2XtXp2w2YUosNWt+ghfU
 s66Vbll5X7k7KlAkxryW257D5WNtjuv2Agy1gnVZyOHOR+qHIBVc4hK6ZfjjD/4k
 yQGLP5BEFEb+4nzOVgGJ1auh4cLEtySMp0qV5tiaJG4KXitQZ5j+rLBIDMDQSGFk
 14eW+0/U0dFhqoTtF7V8KQ96ObSvCWfQh+1wRsEemspYwPF2Ahp/EvlDXdKzU+7R
 av4dSrK4K0HMa2W3LfM4tDk+ghBOrhQfib426Dp3NWKxlCXqRGtNcir7vC9AP34W
 op9zi5bR47eZAWOkBykL1zAN8ukt9oyuGog9Zrt+Ie9D7LHIgdZUBNhAYzB1u0xi
 ggkHRu3V5vAaKOTu5ULDbRfDkFPGgRNewQjozhNOcv/LJR4zYVZamPZ7C+aPtmhv
 hINdC2SrfANL2wIwjKGtFsUmzkDObuvRXuDuA6+oE+qLBHycfRiwVaFchPqw5cCa
 afO4b2qoV9m4p+I4frt9XeckLwfEytBjwEGLOMe9SAk9qvHmJrDk6sO+j80y2v3j
 IFHXRKS4bzNFYzYrEzbN
 =JIxn
 -----END PGP SIGNATURE-----

Sync with 2.10.2
2016-10-28 09:04:06 -07:00
Junio C Hamano
ac84098b7e Git 2.10.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-28 09:02:44 -07:00
Junio C Hamano
4efd8e64d3 Merge branch 'rs/pretty-format-color-doc-fix' into maint
Small doc update.

* rs/pretty-format-color-doc-fix:
  pretty: fix document link for color specification
2016-10-28 09:01:23 -07:00