Commit Graph

45358 Commits

Author SHA1 Message Date
Stephan Beyer
1868331f13 am: change safe_to_abort()'s not rewinding error into a warning
The error message tells the user that something went terribly wrong
and the --abort could not be performed. But the --abort is performed,
only without rewinding. By simply changing the error into a warning,
we indicate the user that she must not try something like
"git am --abort --force", instead she just has to check the HEAD.

Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-08 09:09:44 -08:00
Stephan Beyer
ccd71b2f38 am: fix filename in safe_to_abort() error message
Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-08 09:09:34 -08:00
Nguyễn Thái Ngọc Duy
649b0c316a shallow.c: remove useless code
Some context before we talk about the removed code.

This paint_down() is part of step 6 of 58babff (shallow.c: the 8 steps
to select new commits for .git/shallow - 2013-12-05). When we fetch from
a shallow repository, we need to know if one of the new/updated refs
needs new "shallow commits" in .git/shallow (because we don't have
enough history of those refs) and which one.

The question at step 6 is, what (new) shallow commits are required in
other to maintain reachability throughout the repository _without_
cutting our history short? To answer, we mark all commits reachable from
existing refs with UNINTERESTING ("rev-list --not --all"), mark shallow
commits with BOTTOM, then for each new/updated refs, walk through the
commit graph until we either hit UNINTERESTING or BOTTOM, marking the
ref on the commit as we walk.

After all the walking is done, we check the new shallow commits. If we
have not seen any new ref marked on a new shallow commit, we know all
new/updated refs are reachable using just our history and .git/shallow.
The shallow commit in question is not needed and can be thrown away.

So, the code.

The loop here (to walk through commits) is basically

1.  get one commit from the queue
2.  ignore if it's SEEN or UNINTERESTING
3.  mark it
4.  go through all the parents and..
5a. mark it if it's never marked before
5b. put it back in the queue

What we do in this patch is drop step 5a because it is not
necessary. The commit being marked at 5a is put back on the queue, and
will be marked at step 3 at the next iteration. The only case it will
not be marked is when the commit is already marked UNINTERESTING (5a
does not check this), which will be ignored at step 2.

But we don't care about refs marking on UNINTERESTING. We care about the
marking on _shallow commits_ that are not reachable from our current
history (and having UNINTERESTING on it means it's reachable). So it's
ok for an UNINTERESTING not to be ref-marked.

Reported-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-07 15:44:31 -08:00
Rasmus Villemoes
1127b3ced5 shallow.c: bit manipulation tweaks
First of all, 1 << 31 is technically undefined behaviour, so let's just
use an unsigned literal.

If i is 'signed int' and gcc doesn't know that i is positive, gcc
generates code to compute the C99-mandated values of "i / 32" and "i %
32", which is a lot more complicated than simple a simple shifts/mask.

The only caller of paint_down actually passes an "unsigned int" value,
but the prototype of paint_down causes (completely well-defined)
conversion to signed int, and gcc has no way of knowing that the
converted value is non-negative. Just make the id parameter unsigned.

In update_refstatus, the change in generated code is much smaller,
presumably because gcc is smart enough to see that i starts as 0 and is
only incremented, so it is allowed (per the UD of signed overflow) to
assume that i is always non-negative. But let's just help less smart
compilers generate good code anyway.

Signed-off-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-07 15:44:31 -08:00
Rasmus Villemoes
381aa8e730 shallow.c: avoid theoretical pointer wrap-around
The expression info->free+size is technically undefined behaviour in
exactly the case we want to test for. Moreover, the compiler is likely
to translate the expression to

  (unsigned long)info->free + size > (unsigned long)info->end

where there's at least a theoretical chance that the LHS could wrap
around 0, giving a false negative.

This might as well be written using pointer subtraction avoiding these
issues.

Signed-off-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-07 15:44:31 -08:00
Nguyễn Thái Ngọc Duy
f2386c6b77 shallow.c: make paint_alloc slightly more robust
paint_alloc() allocates a big block of memory and splits it into
smaller, fixed size, chunks of memory whenever it's called. Each chunk
contains enough bits to present all "new refs" [1] in a fetch from a
shallow repository.

We do not check if the new "big block" is smaller than the requested
memory chunk though. If it happens, we'll happily pass back a memory
region smaller than expected. Which will lead to problems eventually.

A normal fetch may add/update a dozen new refs. Let's stay on the
"reasonably extreme" side and say we need 16k refs (or bits from
paint_alloc's perspective). Each chunk of memory would be 2k, much
smaller than the memory pool (512k).

So, normally, the under-allocation situation should never happen. A bad
guy, however, could make a fetch that adds more than 4m new/updated refs
to this code which results in a memory chunk larger than pool size.
Check this case and abort.

Noticed-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Reviewed-by: Jeff King <peff@peff.net>

[1] Details are in commit message of 58babff (shallow.c: the 8 steps to
    select new commits for .git/shallow - 2013-12-05), step 6.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-07 15:44:31 -08:00
Nguyễn Thái Ngọc Duy
6bc3d8c5ec shallow.c: stop abusing COMMIT_SLAB_SIZE for paint_info's memory pools
We need to allocate a "big" block of memory in paint_alloc(). The exact
size does not really matter. But the pool size has no relation with
commit-slab. Stop using that macro here.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-07 15:44:31 -08:00
Nguyễn Thái Ngọc Duy
0afd307ab4 shallow.c: rename fields in paint_info to better express their purposes
paint_alloc() is basically malloc(), tuned for allocating a fixed number
of bits on every call without worrying about freeing any individual
allocation since all will be freed at the end. It does it by allocating
a big block of memory every time it runs out of "free memory". "slab" is
a poor choice of name, at least poorer than "pool".

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-07 15:44:31 -08:00
Jeff King
9d4e28ead5 stash: prefer plumbing over git-diff
When creating a stash, we need to look at the diff between
the working tree and HEAD, and do so using the git-diff
porcelain.  Because git-diff enables porcelain config like
renames by default, this causes at least one problem. The
--name-only format will not mention the source side of a
rename, meaning we will fail to stash a deletion that is
part of a rename.

We could fix that case by passing --no-renames, but this is
a symptom of a larger problem. We should be using the
diff-index plumbing here, which does not have renames
enabled by default, and also does not respect any
potentially confusing config options.

Reported-by: Matthew Patey <matthew.patey2167@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 14:16:53 -08:00
Jeff King
3680f16f9d http-walker: complain about non-404 loose object errors
Since commit 17966c0a6 (http: avoid disconnecting on 404s
for loose objects, 2016-07-11), we turn off curl's
FAILONERROR option and instead manually deal with failing
HTTP codes.

However, the logic to do so only recognizes HTTP 404 as a
failure. This is probably the most common result, but if we
were to get another code, the curl result remains CURLE_OK,
and we treat it as success. We still end up detecting the
failure when we try to zlib-inflate the object (which will
fail), but instead of reporting the HTTP error, we just
claim that the object is corrupt.

Instead, let's catch anything in the 300's or above as an
error (300's are redirects which are not an error at the
HTTP level, but are an indication that we've explicitly
disabled redirects, so we should treat them as such; we
certainly don't have the resulting object content).

Note that we also fill in req->errorstr, which we didn't do
before. Without FAILONERROR, curl will not have filled this
in, and it will remain a blank string. This never mattered
for the 404 case, because in the logic below we hit the
"missing_target()" branch and print nothing. But for other
errors, we'd want to say _something_, if only to fill in the
blank slot in the error message.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 12:43:34 -08:00
Junio C Hamano
43ec089eea Merge branch 'ew/http-walker' into jk/http-walker-limit-redirect
* ew/http-walker:
  list: avoid incompatibility with *BSD sys/queue.h
  http-walker: reduce O(n) ops with doubly-linked list
  http: avoid disconnecting on 404s for loose objects
  http-walker: remove unused parameter from fetch_object
2016-12-06 12:43:23 -08:00
Jeff King
cb4d2d35c4 http: treat http-alternates like redirects
The previous commit made HTTP redirects more obvious and
tightened up the default behavior. However, there's another
way for a server to ask a git client to fetch arbitrary
content: by having an http-alternates file (or a regular
alternates file, which is used as a backup).

Similar to the HTTP redirect case, a malicious server can
claim to have refs pointing at object X, return a 404 when
the client asks for X, but point to some other URL via
http-alternates, which the client will transparently fetch.
The end result is that it looks from the user's perspective
like the objects came from the malicious server, as the
other URL is not mentioned at all.

Worse, because we feed the new URL to curl ourselves, the
usual protocol restrictions do not kick in (neither curl's
default of disallowing file://, nor the protocol
whitelisting in f4113cac0 (http: limit redirection to
protocol-whitelist, 2015-09-22).

Let's apply the same rules here as we do for HTTP redirects.
Namely:

  - unless http.followRedirects is set to "always", we will
    not follow remote redirects from http-alternates (or
    alternates) at all

  - set CURLOPT_PROTOCOLS alongside CURLOPT_REDIR_PROTOCOLS
    restrict ourselves to a known-safe set and respect any
    user-provided whitelist.

  - mention alternate object stores on stderr so that the
    user is aware another source of objects may be involved

The first item may prove to be too restrictive. The most
common use of alternates is to point to another path on the
same server. While it's possible for a single-server
redirect to be an attack, it takes a fairly obscure setup
(victim and evil repository on the same host, host speaks
dumb http, and evil repository has access to edit its own
http-alternates file).

So we could make the checks more specific, and only cover
cross-server redirects. But that means parsing the URLs
ourselves, rather than letting curl handle them. This patch
goes for the simpler approach. Given that they are only used
with dumb http, http-alternates are probably pretty rare.
And there's an escape hatch: the user can allow redirects on
a specific server by setting http.<url>.followRedirects to
"always".

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 12:32:48 -08:00
Jeff King
50d3413740 http: make redirects more obvious
We instruct curl to always follow HTTP redirects. This is
convenient, but it creates opportunities for malicious
servers to create confusing situations. For instance,
imagine Alice is a git user with access to a private
repository on Bob's server. Mallory runs her own server and
wants to access objects from Bob's repository.

Mallory may try a few tricks that involve asking Alice to
clone from her, build on top, and then push the result:

  1. Mallory may simply redirect all fetch requests to Bob's
     server. Git will transparently follow those redirects
     and fetch Bob's history, which Alice may believe she
     got from Mallory. The subsequent push seems like it is
     just feeding Mallory back her own objects, but is
     actually leaking Bob's objects. There is nothing in
     git's output to indicate that Bob's repository was
     involved at all.

     The downside (for Mallory) of this attack is that Alice
     will have received Bob's entire repository, and is
     likely to notice that when building on top of it.

  2. If Mallory happens to know the sha1 of some object X in
     Bob's repository, she can instead build her own history
     that references that object. She then runs a dumb http
     server, and Alice's client will fetch each object
     individually. When it asks for X, Mallory redirects her
     to Bob's server. The end result is that Alice obtains
     objects from Bob, but they may be buried deep in
     history. Alice is less likely to notice.

Both of these attacks are fairly hard to pull off. There's a
social component in getting Mallory to convince Alice to
work with her. Alice may be prompted for credentials in
accessing Bob's repository (but not always, if she is using
a credential helper that caches). Attack (1) requires a
certain amount of obliviousness on Alice's part while making
a new commit. Attack (2) requires that Mallory knows a sha1
in Bob's repository, that Bob's server supports dumb http,
and that the object in question is loose on Bob's server.

But we can probably make things a bit more obvious without
any loss of functionality. This patch does two things to
that end.

First, when we encounter a whole-repo redirect during the
initial ref discovery, we now inform the user on stderr,
making attack (1) much more obvious.

Second, the decision to follow redirects is now
configurable. The truly paranoid can set the new
http.followRedirects to false to avoid any redirection
entirely. But for a more practical default, we will disallow
redirects only after the initial ref discovery. This is
enough to thwart attacks similar to (2), while still
allowing the common use of redirects at the repository
level. Since c93c92f30 (http: update base URLs when we see
redirects, 2013-09-28) we re-root all further requests from
the redirect destination, which should generally mean that
no further redirection is necessary.

As an escape hatch, in case there really is a server that
needs to redirect individual requests, the user can set
http.followRedirects to "true" (and this can be done on a
per-server basis via http.*.followRedirects config).

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 12:32:48 -08:00
Jeff King
fcaa6e64b3 remote-curl: rename shadowed options variable
The discover_refs() function has a local "options" variable
to hold the http_get_options we pass to http_get_strbuf().
But this shadows the global "struct options" that holds our
program-level options, which cannot be accessed from this
function.

Let's give the local one a more descriptive name so we can
tell the two apart.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 12:32:48 -08:00
Jeff King
6628eb41db http: always update the base URL for redirects
If a malicious server redirects the initial ref
advertisement, it may be able to leak sha1s from other,
unrelated servers that the client has access to. For
example, imagine that Alice is a git user, she has access to
a private repository on a server hosted by Bob, and Mallory
runs a malicious server and wants to find out about Bob's
private repository.

Mallory asks Alice to clone an unrelated repository from her
over HTTP. When Alice's client contacts Mallory's server for
the initial ref advertisement, the server issues an HTTP
redirect for Bob's server. Alice contacts Bob's server and
gets the ref advertisement for the private repository. If
there is anything to fetch, she then follows up by asking
the server for one or more sha1 objects. But who is the
server?

If it is still Mallory's server, then Alice will leak the
existence of those sha1s to her.

Since commit c93c92f30 (http: update base URLs when we see
redirects, 2013-09-28), the client usually rewrites the base
URL such that all further requests will go to Bob's server.
But this is done by textually matching the URL. If we were
originally looking for "http://mallory/repo.git/info/refs",
and we got pointed at "http://bob/other.git/info/refs", then
we know that the right root is "http://bob/other.git".

If the redirect appears to change more than just the root,
we punt and continue to use the original server. E.g.,
imagine the redirect adds a URL component that Bob's server
will ignore, like "http://bob/other.git/info/refs?dummy=1".

We can solve this by aborting in this case rather than
silently continuing to use Mallory's server. In addition to
protecting from sha1 leakage, it's arguably safer and more
sane to refuse a confusing redirect like that in general.
For example, part of the motivation in c93c92f30 is
avoiding accidentally sending credentials over clear http,
just to get a response that says "try again over https". So
even in a non-malicious case, we'd prefer to err on the side
of caution.

The downside is that it's possible this will break a
legitimate but complicated server-side redirection scheme.
The setup given in the newly added test does work, but it's
convoluted enough that we don't need to care about it. A
more plausible case would be a server which redirects a
request for "info/refs?service=git-upload-pack" to just
"info/refs" (because it does not do smart HTTP, and for some
reason really dislikes query parameters).  Right now we
would transparently downgrade to dumb-http, but with this
patch, we'd complain (and the user would have to set
GIT_SMART_HTTP=0 to fetch).

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 12:32:48 -08:00
Jeff King
986d7f4d37 http: simplify update_url_from_redirect
This function looks for a common tail between what we asked
for and where we were redirected to, but it open-codes the
comparison. We can avoid some confusing subtractions by
using strip_suffix_mem().

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 12:32:48 -08:00
Lars Schneider
c6b0831c9c docs: warn about possible '=' in clean/smudge filter process values
A pathname value in a clean/smudge filter process "key=value" pair can
contain the '=' character (introduced in edcc858). Make the user aware
of this issue in the docs, add a corresponding test case, and fix the
issue in filter process value parser of the example implementation in
contrib.

Signed-off-by: Lars Schneider <larsxschneider@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-06 11:29:52 -08:00
Lars Schneider
9c48b4fb23 t0021: minor filter process test cleanup
Remove superfluous .gitignore pattern and invalid '.' in `git commit`
calls.

Signed-off-by: Lars Schneider <larsxschneider@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 14:59:03 -08:00
Lars Schneider
d5eb3cf5e7 git-p4: fix empty file processing for large file system backend GitLFS
If git-p4 tried to store an empty file in GitLFS then it crashed while
parsing the pointer file:

  oid = re.search(r'^oid \w+:(\w+)', pointerFile, re.MULTILINE).group(1)
  AttributeError: 'NoneType' object has no attribute 'group'

This happens because GitLFS does not create a pointer file for an empty
file. Teach git-p4 this behavior to fix the problem and add a test case.

Signed-off-by: Lars Schneider <larsxschneider@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 14:57:33 -08:00
Lars Schneider
5f703e8f02 travis-ci: update P4 to 16.2 and GitLFS to 1.5.2 in Linux build
Update Travis-CI dependencies to the latest available versions in
Linux build.

Signed-off-by: Lars Schneider <larsxschneider@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 14:55:52 -08:00
Andreas Krey
319d835240 commit: make --only --allow-empty work without paths
--only is implied when paths are present, and required
them unless --amend. But with --allow-empty it should
be allowed as well - it is the only way to create an
empty commit in the presence of staged changes.

Signed-off-by: Andreas Krey <a.krey@gmx.de>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 12:41:06 -08:00
Stefan Beller
8954bd76eb t3600: remove useless redirect
In the next line the `actual` is overwritten again, so no need to redirect
the output of checkout into that file.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 12:19:30 -08:00
Stefan Beller
584f99c87b unpack-trees: fix grammar for untracked files in directories
Noticed-by: David Turner <dturner@twosigma.com>
Signed-off-by: Stefan Beller <sbeller@google.com>
Reviewed-by: David Turner <dturner@twosigma.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 12:17:02 -08:00
Junio C Hamano
a274e0a036 Sync with maint-2.10
* maint-2.10:
  preparing for 2.10.3
2016-12-05 11:25:47 -08:00
Junio C Hamano
c3808ca698 preparing for 2.10.3
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-05 11:25:02 -08:00
Junio C Hamano
cd1c2e7301 Merge branch 'jk/common-main' into maint-2.10
* jk/common-main:
  common-main: stop munging argv[0] path
  git-compat-util: move content inside ifdef/endif guards
2016-12-05 11:24:28 -08:00
Torsten Bögershausen
1c25d2d8ed convert: git cherry-pick -Xrenormalize did not work
Working with a repo that used to be all CRLF. At some point it
was changed to all LF, with `text=auto` in .gitattributes.
Trying to cherry-pick a commit from before the switchover fails:

    $ git cherry-pick -Xrenormalize <commit>
    fatal: CRLF would be replaced by LF in [path]

Commit 65237284 "unify the "auto" handling of CRLF" introduced
a regression:

Whenever crlf_action is CRLF_TEXT_XXX and not CRLF_AUTO_XXX,
SAFE_CRLF_RENORMALIZE was feed into check_safe_crlf().  This is
wrong because here everything else than SAFE_CRLF_WARN is treated as
SAFE_CRLF_FAIL.

Call check_safe_crlf() only if checksafe is SAFE_CRLF_WARN or
SAFE_CRLF_FAIL.

Reported-by: Eevee (Lexy Munroe) <eevee@veekun.com>
Signed-off-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-01 11:27:08 -08:00
Junio C Hamano
b365dafe23 Merge branch 'tb/t0027-raciness-fix' into jc/renormalize-merge-kill-safer-crlf
* tb/t0027-raciness-fix:
  convert: Correct NNO tests and missing `LF will be replaced by CRLF`
2016-12-01 10:34:42 -08:00
Junio C Hamano
33b842a1e9 pull: fast-forward "pull --rebase=true"
"git pull --rebase" always runs "git rebase" after fetching the
commit to serve as the new base, even when the new base is a
descendant of the current HEAD, i.e. we haven't done any work.

In such a case, we can instead fast-forward to the new base without
invoking the rebase process.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-29 14:40:16 -08:00
Junio C Hamano
0a79ccaac7 Merge branch 'tk/diffcore-delta-remove-unused' into maint
Code cleanup.

* tk/diffcore-delta-remove-unused:
  diffcore-delta: remove unused parameter to diffcore_count_changes()
2016-11-29 13:28:03 -08:00
Junio C Hamano
af8d6a9821 Merge branch 'jk/create-branch-remove-unused-param' into maint
Code clean-up.

* jk/create-branch-remove-unused-param:
  create_branch: drop unused "head" parameter
2016-11-29 13:28:02 -08:00
Junio C Hamano
797d1a4672 Merge branch 'nd/worktree-lock' into maint
Typofix.

* nd/worktree-lock:
  git-worktree.txt: fix typo "to"/"two", and add comma
2016-11-29 13:28:02 -08:00
Junio C Hamano
d92466ee25 Merge branch 'ps/common-info-doc' into maint
Doc fix.

* ps/common-info-doc:
  doc: fix location of 'info/' with $GIT_COMMON_DIR
2016-11-29 13:28:01 -08:00
Junio C Hamano
e3c4323e23 Merge branch 'rs/cocci' into maint
Improve the rule to convert "unsigned char [20]" into "struct
object_id *" in contrib/coccinelle/

* rs/cocci:
  cocci: avoid self-references in object_id transformations
2016-11-29 13:28:00 -08:00
Junio C Hamano
91207f3784 Merge branch 'nd/test-helpers' into maint
Update to the test framework made in 2.9 timeframe broke running
the tests under valgrind, which has been fixed.

* nd/test-helpers:
  valgrind: support test helpers
2016-11-29 13:28:00 -08:00
Junio C Hamano
6afadbd5ee Merge branch 'sc/fmt-merge-msg-doc-markup-fix' into maint
Documentation fix.

* sc/fmt-merge-msg-doc-markup-fix:
  Documentation/fmt-merge-msg: fix markup in example
2016-11-29 13:28:00 -08:00
Junio C Hamano
c8a3ec37ab Merge branch 'rs/commit-pptr-simplify' into maint
Code simplification.

* rs/commit-pptr-simplify:
  commit: simplify building parents list
2016-11-29 13:27:59 -08:00
Junio C Hamano
50b8276ab9 Merge branch 'jk/rebase-config-insn-fmt-docfix' into maint
Documentation fix.

* jk/rebase-config-insn-fmt-docfix:
  doc: fix missing "::" in config list
2016-11-29 13:27:58 -08:00
Junio C Hamano
e9f74313e7 Merge branch 'ak/pre-receive-hook-template-modefix' into maint
A trivial clean-up to a recently graduated topic.

* ak/pre-receive-hook-template-modefix:
  pre-receive.sample: mark it executable
2016-11-29 13:27:57 -08:00
Junio C Hamano
729fb9ad34 Merge branch 'ls/macos-update' into maint
Portability update and workaround for builds on recent Mac OS X.

* ls/macos-update:
  travis-ci: disable GIT_TEST_HTTPD for macOS
  Makefile: set NO_OPENSSL on macOS by default
2016-11-29 13:27:56 -08:00
Junio C Hamano
25e298d2c9 Merge branch 'as/merge-attr-sleep' into maint
Fix for a racy false-positive test failure.

* as/merge-attr-sleep:
  t6026: clarify the point of "kill $(cat sleep.pid)"
  t6026: ensure that long-running script really is
  Revert "t6026-merge-attr: don't fail if sleep exits early"
  Revert "t6026-merge-attr: ensure that the merge driver was called"
  t6026-merge-attr: ensure that the merge driver was called
  t6026-merge-attr: don't fail if sleep exits early
2016-11-29 13:27:56 -08:00
Junio C Hamano
bb6bc68d22 Merge branch 'ak/sh-setup-dot-source-i18n-fix' into maint
Recent update to git-sh-setup (a library of shell functions that
are used by our in-tree scripted Porcelain commands) included
another shell library git-sh-i18n without specifying where it is,
relying on the $PATH.  This has been fixed to be more explicit by
prefixing $(git --exec-path) output in front.

* ak/sh-setup-dot-source-i18n-fix:
  git-sh-setup: be explicit where to dot-source git-sh-i18n from.
2016-11-29 13:27:56 -08:00
Junio C Hamano
aa22ef8a80 Merge branch 'jk/daemon-path-ok-check-truncation' into maint
"git daemon" used fixed-length buffers to turn URL to the
repository the client asked for into the server side directory
path, using snprintf() to avoid overflowing these buffers, but
allowed possibly truncated paths to the directory.  This has been
tightened to reject such a request that causes overlong path to be
required to serve.

* jk/daemon-path-ok-check-truncation:
  daemon: detect and reject too-long paths
2016-11-29 13:27:56 -08:00
Junio C Hamano
f2ad912f99 Merge branch 'rs/ring-buffer-wraparound' into maint
The code that we have used for the past 10+ years to cycle
4-element ring buffers turns out to be not quite portable in
theoretical world.

* rs/ring-buffer-wraparound:
  hex: make wraparound of the index into ring-buffer explicit
2016-11-29 13:27:55 -08:00
Junio C Hamano
a3f2781dd0 Merge branch 'mm/send-email-cc-cruft-after-address' into maint
"git send-email" attempts to pick up valid e-mails from the
trailers, but people in real world write non-addresses there, like
"Cc: Stable <add@re.ss> # 4.8+", which broke the output depending
on the availability and vintage of Mail::Address perl module.

* mm/send-email-cc-cruft-after-address:
  Git.pm: add comment pointing to t9000
  t9000-addresses: update expected results after fix
  parse_mailboxes: accept extra text after <...> address
2016-11-29 13:27:55 -08:00
Junio C Hamano
fa308cd848 Merge branch 'cp/completion-negative-refs' into maint
The command-line completion script (in contrib/) learned to
complete "git cmd ^mas<HT>" to complete the negative end of
reference to "git cmd ^master".

* cp/completion-negative-refs:
  completion: support excluding refs
2016-11-29 13:27:53 -08:00
Junio C Hamano
bab32da385 Merge branch 'jc/am-read-author-file' into maint
Extract a small helper out of the function that reads the authors
script file "git am" internally uses.
This by itself is not useful until a second caller appears in the
future for "rebase -i" helper.

* jc/am-read-author-file:
  am: refactor read_author_script()
2016-11-29 13:27:53 -08:00
Junio C Hamano
454cb6bd52 Git 2.11
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-29 12:23:07 -08:00
Junio C Hamano
95c2b13a5f Merge branch 'jk/common-main'
Fix for a small regression in a topic already in 'master'.

* jk/common-main:
  common-main: stop munging argv[0] path
2016-11-29 12:22:13 -08:00
Junio C Hamano
061eeff104 l10n-2.11.0-rnd3.1: update ru and ca translations
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYPYGEAAoJEMek6Rt1RHooL5gQALq7rZbGpTpdl46wm3cvgsBt
 ZjnoJ/cxy9aps0zwFjG+hAE+/Mo4bt2dQvUOcrEmvIA1fNrlttT5TejK1kn7tUzJ
 KxWFgAV5J0LfMU6DH3MIMzYhGNsmFtVH+tpUjntDdZW3ozCQdtH1rg4h2nXt56vk
 z7UJ1LLW9Anf6963khcLX/OUqbX7uKxhFEbXBvdccshbydH0jRQSHFLbIPYIpUU2
 QvudFR2RTBZmotQyRmF2gOytkdJTSY7vMw8SowR4N0YMumfa7L93WJgs+zTnvweI
 9SBvuhRiaJlbRkBZ87IOwPYjXDjfTYdj4dKnlpUqWJjFKa1LGt4w4e3VKODjAfrr
 ohxg2BXqT9NOT3nA5dxsNJY4xkQKlrBFGNLthoee2gqeIpP6/D+FtDoePfqVJa08
 kg5EwSw1N61ZIX76XBW4gQvqfhre3XYnrLkf2F1Hf5640gI86XzHpRBaztmESLSh
 2/kbksAzdIVe5s57BFThyATsJ1ZxWWrFdb15+ibaafvo8YSMeRiWNL7KF5ZLijPE
 9GdbXOTT7Pt4L3c0g++CfUCRmH6TJWpHukxrv8Px2gM5yyKiHceudiag51CK4835
 QXebqVh26snKdC0KXZUDKj7t3JvtYTi/KCf8bfwJrx931sHDezKLijoPMSwM+tdz
 VLWJZlXVtRc+fvtU+ZYN
 =sktY
 -----END PGP SIGNATURE-----

Merge tag 'l10n-2.11.0-rnd3.1' of git://github.com/git-l10n/git-po

l10n-2.11.0-rnd3.1: update ru and ca translations

* tag 'l10n-2.11.0-rnd3.1' of git://github.com/git-l10n/git-po:
  l10n: ru.po: update Russian translation
  l10n: ca.po: update translation
2016-11-29 11:36:11 -08:00