Commit Graph

42717 Commits

Author SHA1 Message Date
Junio C Hamano
7720c33f63 Git 2.7.6
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJZflNxAAoJELC16IaWr+bLpSsQAIT1s4c/uKAXJBw8CegM4SP1
 SeB5NMnjz7VVtBsdXKPy6fVXBHCjffON/MvNXcXwGqzx3lh6SiMAVNjYknBkQcKN
 b639dD9HEEBRFf62a+QAyRYbFeg0NONVydB25s7RfR57HUNxFibaJDT5SoymO0/5
 YCdmMENuvijvCYcwyb3MSjAKCkwDDErPzyI4NZ2YZpC7IG46Uoxq8BCdHpKhXa5I
 3TNEDruBAd/UJCIQiMW1HP3OMQXzXmCTL5i4QSr/uloO1kNzkWgCZDkkFrSGFPdx
 UeTRXOM0r5QdFXZC36zZNoL5ELflgzrYFSerj6VkCAbiG4FAWL+43CCxuUcq5OkZ
 JsTYObieBMFiaowTn9hKo3ix1xDSjR2+p0bfZbOPy5jMB85oegnjV3Rp/eBoXsDm
 h4qo+5kv0h8H2wKdxcBfVg6LkpBZGsvEOveAtWZIcFIVIOyULj9UAsnTwOotwQiL
 NHO4J2fJhcvSYUj6oGB3SpabKZfcbVXRE2fzZq+3+Mt4DdzSdSmx5CEJfUmxN7sQ
 YLb8UKSr2vv03YfKRghCGxqjOcmQL5vY79O8+QSN3cCDFFAwxzNYaGeHJ+/chvh2
 NySOkUf/uA7H1xQiZmJI1mfwQvi527MEzblCPDButm6n8ty6QyWOQ+kQYzcW5jjI
 kPWdqc5pCZQ+Q+q6lQc0
 =rNay
 -----END PGP SIGNATURE-----

Merge tag 'v2.7.6' into maint-2.8

Git 2.7.6
2017-07-30 14:46:43 -07:00
Junio C Hamano
5e0649dc65 Git 2.7.6
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-30 14:45:13 -07:00
Junio C Hamano
a4f234bf9b Merge branch 'jk/ssh-funny-url' into maint-2.7 2017-07-28 16:11:54 -07:00
Jeff King
aeeb2d4968 connect: reject paths that look like command line options
If we get a repo path like "-repo.git", we may try to invoke
"git-upload-pack -repo.git". This is going to fail, since
upload-pack will interpret it as a set of bogus options. But
let's reject this before we even run the sub-program, since
we would not want to allow any mischief with repo names that
actually are real command-line options.

You can still ask for such a path via git-daemon, but there's no
security problem there, because git-daemon enters the repo itself
and then passes "."  on the command line.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:54:55 -07:00
Jeff King
3be4cf09cd connect: reject dashed arguments for proxy commands
If you have a GIT_PROXY_COMMAND configured, we will run it
with the host/port on the command-line. If a URL contains a
mischievous host like "--foo", we don't know how the proxy
command may handle it. It's likely to break, but it may also
do something dangerous and unwanted (technically it could
even do something useful, but that seems unlikely).

We should err on the side of caution and reject this before
we even run the command.

The hostname check matches the one we do in a similar
circumstance for ssh. The port check is not present for ssh,
but there it's not necessary because the syntax is "-p
<port>", and there's no ambiguity on the parsing side.

It's not clear whether you can actually get a negative port
to the proxy here or not. Doing:

  git fetch git://remote:-1234/repo.git

keeps the "-1234" as part of the hostname, with the default
port of 9418. But it's a good idea to keep this check close
to the point of running the command to make it clear that
there's no way to circumvent it (and at worst it serves as a
belt-and-suspenders check).

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:52:18 -07:00
Jeff King
2491f77b90 connect: factor out "looks like command line option" check
We reject hostnames that start with a dash because they may
be confused for command-line options. Let's factor out that
notion into a helper function, as we'll use it in more
places. And while it's simple now, it's not clear if some
systems might need more complex logic to handle all cases.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:51:56 -07:00
Jeff King
2d90add5ad t5813: add test for hostname starting with dash
Per the explanation in the previous patch, this should be
(and is) rejected.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:51:29 -07:00
Junio C Hamano
820d7650cc connect: reject ssh hostname that begins with a dash
When commands like "git fetch" talk with ssh://$rest_of_URL/, the
code splits $rest_of_URL into components like host, port, etc., and
then spawns the underlying "ssh" program by formulating argv[] array
that has:

 - the path to ssh command taken from GIT_SSH_COMMAND, etc.

 - dashed options like '-batch' (for Tortoise), '-p <port>' as
   needed.

 - ssh_host, which is supposed to be the hostname parsed out of
   $rest_of_URL.

 - then the command to be run on the other side, e.g. git
   upload-pack.

If the ssh_host ends up getting '-<anything>', the argv[] that is
used to spawn the command becomes something like:

    { "ssh", "-p", "22", "-<anything>", "command", "to", "run", NULL }

which obviously is bogus, but depending on the actual value of
"<anything>", will make "ssh" parse and use it as an option.

Prevent this by forbidding ssh_host that begins with a "-".

Noticed-by: Joern Schneeweisz of Recurity Labs
Reported-by: Brian at GitLab
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:51:14 -07:00
Junio C Hamano
cd08873275 Git 2.8.5
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-05-05 13:08:54 +09:00
Junio C Hamano
a8d93d19a2 Merge branch 'maint-2.7' into maint-2.8 2017-05-05 13:05:03 +09:00
Junio C Hamano
c8dd1e3bb1 Git 2.7.5
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-05-05 13:03:40 +09:00
Junio C Hamano
dc58c8554a Merge branch 'maint-2.6' into maint-2.7 2017-05-05 12:59:16 +09:00
Junio C Hamano
70fcaef90b Git 2.6.7
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-05-05 12:56:19 +09:00
Junio C Hamano
ab37a18b60 Merge branch 'maint-2.5' into maint-2.6 2017-05-05 12:52:26 +09:00
Junio C Hamano
ac33201285 Git 2.5.6
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-05-05 12:50:38 +09:00
Junio C Hamano
531788af95 Merge branch 'maint-2.4' into maint-2.5 2017-05-05 12:46:53 +09:00
Junio C Hamano
4000b40209 Git 2.4.12
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-05-05 12:43:16 +09:00
Junio C Hamano
5a4ffdf587 Merge branch 'jk/shell-no-repository-that-begins-with-dash' into maint-2.4
* jk/shell-no-repository-that-begins-with-dash:
  shell: disallow repo names beginning with dash
2017-05-05 12:17:55 +09:00
Jeff King
3ec804490a shell: disallow repo names beginning with dash
When a remote server uses git-shell, the client side will
connect to it like:

  ssh server "git-upload-pack 'foo.git'"

and we literally exec ("git-upload-pack", "foo.git"). In
early versions of upload-pack and receive-pack, we took a
repository argument and nothing else. But over time they
learned to accept dashed options. If the user passes a
repository name that starts with a dash, the results are
confusing at best (we complain of a bogus option instead of
a non-existent repository) and malicious at worst (the user
can start an interactive pager via "--help").

We could pass "--" to the sub-process to make sure the
user's argument is interpreted as a branch name. I.e.:

  git-upload-pack -- -foo.git

But adding "--" automatically would make us inconsistent
with a normal shell (i.e., when git-shell is not in use),
where "-foo.git" would still be an error. For that case, the
client would have to specify the "--", but they can't do so
reliably, as existing versions of git-shell do not allow
more than a single argument.

The simplest thing is to simply disallow "-" at the start of
the repo name argument. This hasn't worked either with or
without git-shell since version 1.0.0, and nobody has
complained.

Note that this patch just applies to do_generic_cmd(), which
runs upload-pack, receive-pack, and upload-archive. There
are two other types of commands that git-shell runs:

  - do_cvs_cmd(), but this already restricts the argument to
    be the literal string "server"

  - admin-provided commands in the git-shell-commands
    directory. We'll pass along arbitrary arguments there,
    so these commands could have similar problems. But these
    commands might actually understand dashed arguments, so
    we cannot just block them here. It's up to the writer of
    the commands to make sure they are safe. With great
    power comes great responsibility.

Reported-by: Timo Schmid <tschmid@ernw.de>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-05-05 12:07:27 +09:00
Junio C Hamano
0b65a8dbdb Git 2.8.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-06 14:29:32 -07:00
Junio C Hamano
1676827c85 Merge branch 'kb/msys2-tty' into maint
The "are we talking with TTY, doing an interactive session?"
detection has been updated to work better for "Git for Windows".

* kb/msys2-tty:
  mingw: make isatty() recognize MSYS2's pseudo terminals (/dev/pty*)
2016-06-06 14:27:38 -07:00
Junio C Hamano
389c3289cf Merge branch 'da/difftool' into maint
"git difftool" learned to handle unmerged paths correctly in
dir-diff mode.

* da/difftool:
  difftool: handle unmerged files in dir-diff mode
  difftool: initialize variables for readability
2016-06-06 14:27:37 -07:00
Junio C Hamano
7dcbf891d9 Merge branch 'tb/core-eol-fix' into maint
A couple of bugs around core.autocrlf have been fixed.

* tb/core-eol-fix:
  convert.c: ident + core.autocrlf didn't work
  t0027: test cases for combined attributes
  convert: allow core.autocrlf=input and core.eol=crlf
  t0027: make commit_chk_wrnNNO() reliable
2016-06-06 14:27:36 -07:00
Junio C Hamano
05781d37fa Merge branch 'ar/diff-args-osx-precompose' into maint
Many commands normalize command line arguments from NFD to NFC
variant of UTF-8 on OSX, but commands in the "diff" family did
not, causing "git diff $path" to complain that no such path is
known to Git.  They have been taught to do the normalization.

* ar/diff-args-osx-precompose:
  diff: run arguments through precompose_argv
2016-06-06 14:27:35 -07:00
Junio C Hamano
4b0891ffe4 More topics for 2.8.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-31 14:11:38 -07:00
Junio C Hamano
3296e1a93a Merge branch 'sb/submodule-deinit-all' into maint
Correct faulty recommendation to use "git submodule deinit ." when
de-initialising all submodules, which would result in a strange
error message in a pathological corner case.

* sb/submodule-deinit-all:
  submodule deinit: require '--all' instead of '.' for all submodules
2016-05-31 14:09:46 -07:00
Junio C Hamano
e646a82ce2 Merge branch 'bn/http-cookiefile-config' into maint
"http.cookieFile" configuration variable clearly wants a pathname,
but we forgot to treat it as such by e.g. applying tilde expansion.

* bn/http-cookiefile-config:
  http: expand http.cookieFile as a path
  Documentation: config: improve word ordering for http.cookieFile
2016-05-31 14:08:28 -07:00
Junio C Hamano
68a6e976a8 Merge branch 'jk/test-send-sh-x-trace-elsewhere' into maint
Running tests with '-x' option to trace the individual command
executions is a useful way to debug test scripts, but some tests
that capture the standard error stream and check what the command
said can be broken with the trace output mixed in.  When running
our tests under "bash", however, we can redirect the trace output
to another file descriptor to keep the standard error of programs
being tested intact.

* jk/test-send-sh-x-trace-elsewhere:
  test-lib: set BASH_XTRACEFD automatically
2016-05-31 14:08:27 -07:00
Junio C Hamano
9ee8f9409c Merge branch 'js/name-rev-use-oldest-ref' into maint
"git describe --contains" often made a hard-to-justify choice of
tag to give name to a given commit, because it tried to come up
with a name with smallest number of hops from a tag, causing an old
commit whose close descendant that is recently tagged were not
described with respect to an old tag but with a newer tag.  It did
not help that its computation of "hop" count was further tweaked to
penalize being on a side branch of a merge.  The logic has been
updated to favor using the tag with the oldest tagger date, which
is a lot easier to explain to the end users: "We describe a commit
in terms of the (chronologically) oldest tag that contains the
commit."

* js/name-rev-use-oldest-ref:
  name-rev: include taggerdate in considering the best name
2016-05-31 14:08:26 -07:00
Junio C Hamano
b051c59a00 Start preparing for 2.8.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-26 13:21:00 -07:00
Junio C Hamano
6396212d1c Merge branch 'jc/linkgit-fix' into maint
Many 'linkgit:<git documentation page>' references were broken,
which are all fixed with this.

* jc/linkgit-fix:
  Documentation: fix linkgit references
2016-05-26 13:17:26 -07:00
Junio C Hamano
5deca53908 Merge branch 'ls/travis-build-doc' into maint
CI test was taught to build documentation pages.

* ls/travis-build-doc:
  travis-ci: build documentation
2016-05-26 13:17:25 -07:00
Junio C Hamano
f14acabf3a Merge branch 'jc/fsck-nul-in-commit' into maint
"git fsck" learned to catch NUL byte in a commit object as
potential error and warn.

* jc/fsck-nul-in-commit:
  fsck: detect and warn a commit with embedded NUL
  fsck_commit_buffer(): do not special case the last validation
2016-05-26 13:17:24 -07:00
Junio C Hamano
cca92531e3 Merge branch 'jk/rebase-interative-eval-fix' into maint
Portability enhancement for "rebase -i" to help platforms whose
shell does not like "for i in <empty>" (which is not POSIX-kosher).

* jk/rebase-interative-eval-fix:
  rebase--interactive: avoid empty list in shell for-loop
2016-05-26 13:17:24 -07:00
Junio C Hamano
e29300d69f Merge branch 'js/windows-dotgit' into maint
On Windows, .git and optionally any files whose name starts with a
dot are now marked as hidden, with a core.hideDotFiles knob to
customize this behaviour.

* js/windows-dotgit:
  mingw: remove unnecessary definition
  mingw: introduce the 'core.hideDotFiles' setting
2016-05-26 13:17:23 -07:00
Junio C Hamano
968004c39c Merge branch 'kf/gpg-sig-verification-doc' into maint
Documentation for "git merge --verify-signatures" has been updated
to clarify that the signature of only the commit at the tip is
verified.  Also the phrasing used for signature and key validity is
adjusted to align with that used by OpenPGP.

* kf/gpg-sig-verification-doc:
  Documentation: clarify signature verification
2016-05-26 13:17:22 -07:00
Junio C Hamano
d07211b5fa Merge branch 'lp/typofixes' into maint
Typofixes.

* lp/typofixes:
  typofix: assorted typofixes in comments, documentation and messages
2016-05-26 13:17:21 -07:00
Junio C Hamano
1f62b9256d Merge branch 'sb/z-is-gnutar-ism' into maint
Test fix.

* sb/z-is-gnutar-ism:
  t6041: do not compress backup tar file
  t3513: do not compress backup tar file
2016-05-26 13:17:21 -07:00
Junio C Hamano
b262b8f889 Merge branch 'va/i18n-misc-updates' into maint
Mark several messages for translation.

* va/i18n-misc-updates:
  i18n: unpack-trees: avoid substituting only a verb in sentences
  i18n: builtin/pull.c: split strings marked for translation
  i18n: builtin/pull.c: mark placeholders for translation
  i18n: git-parse-remote.sh: mark strings for translation
  i18n: branch: move comment for translators
  i18n: branch: unmark string for translation
  i18n: builtin/rm.c: remove a comma ',' from string
  i18n: unpack-trees: mark strings for translation
  i18n: builtin/branch.c: mark option for translation
  i18n: index-pack: use plural string instead of normal one
2016-05-26 13:17:20 -07:00
Junio C Hamano
57b76d3379 Merge branch 'bn/config-doc-tt-varnames' into maint
Doc formatting fixes.

* bn/config-doc-tt-varnames:
  config: consistently format $variables in monospaced font
  config: describe 'pathname' value type
2016-05-26 13:17:19 -07:00
Junio C Hamano
4e327bb4c2 Merge branch 'nd/remote-plural-ours-plus-theirs' into maint
Message fix.

* nd/remote-plural-ours-plus-theirs:
  remote.c: specify correct plural form in "commit diverge" message
2016-05-26 13:17:18 -07:00
Junio C Hamano
e8c7b8cf68 Merge branch 'ak/t4151-ls-files-could-be-empty' into maint
Test fix.

* ak/t4151-ls-files-could-be-empty:
  t4151: make sure argument to 'test -z' is given
2016-05-26 13:17:17 -07:00
Junio C Hamano
6de6aba9f2 Merge branch 'jc/test-seq' into maint
Test fix.

* jc/test-seq:
  test-lib-functions.sh: rewrite test_seq without Perl
  test-lib-functions.sh: remove misleading comment on test_seq
2016-05-26 13:17:16 -07:00
Junio C Hamano
86a1d147e8 Merge branch 'tb/t5601-sed-fix' into maint
Test fix.

* tb/t5601-sed-fix:
  t5601: Remove trailing space in sed expression
2016-05-26 13:17:15 -07:00
Junio C Hamano
6db5205148 Merge branch 'va/i18n-remote-comment-to-align' into maint
Message fix.

* va/i18n-remote-comment-to-align:
  i18n: remote: add comment for translators
2016-05-26 13:17:14 -07:00
Junio C Hamano
31efe2a8a8 Merge branch 'va/mailinfo-doc-typofix' into maint
Typofix.

* va/mailinfo-doc-typofix:
  Documentation/git-mailinfo: fix typo
2016-05-26 13:17:14 -07:00
Junio C Hamano
adbcfe6547 Merge branch 'maint-2.7' into maint
* maint-2.7:
  archive-tar: convert snprintf to xsnprintf
2016-05-26 13:16:51 -07:00
Karsten Blees
f7f90e0f4f mingw: make isatty() recognize MSYS2's pseudo terminals (/dev/pty*)
MSYS2 emulates pseudo terminals via named pipes, and isatty() returns 0
for such file descriptors. Therefore, some interactive functionality
(such as launching a pager, asking if a failed unlink should be repeated
etc.) doesn't work when run in a terminal emulator that uses MSYS2's
ptys (such as mintty).

However, MSYS2 uses special names for its pty pipes ('msys-*-pty*'),
which allows us to distinguish them from normal piped input / output.

On startup, check if stdin / stdout / stderr are connected to such pipes
using the NtQueryObject API from NTDll.dll. If the names match, adjust
the flags in MSVCRT's ioinfo structure accordingly.

Signed-off-by: Karsten Blees <blees@dcon.de>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-26 13:12:02 -07:00
Junio C Hamano
50b4a7807f Merge branch 'jk/war-on-sprintf' into maint-2.7
* jk/war-on-sprintf:
  archive-tar: convert snprintf to xsnprintf
2016-05-26 10:45:37 -07:00
Jeff King
9e6c1e91a3 archive-tar: convert snprintf to xsnprintf
Commit f2f0267 (archive-tar: use xsnprintf for trivial
formatting, 2015-09-24) converted cases of "sprintf" to
"xsnprintf", but accidentally left one as just "snprintf".
This meant that we could silently truncate the resulting
buffer instead of flagging an error.

In practice, this is impossible to achieve, as we are
formatting a ustar checksum, which can be at most 7
characters. But the point of xsnprintf is to document and
check for "should be impossible" conditions; this site was
just accidentally mis-converted during f2f0267.

Noticed-by: Paul Green <Paul.Green@stratus.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-26 10:44:26 -07:00