Commit Graph

59430 Commits

Author SHA1 Message Date
Jeff King
c716fe4bd9 credential: detect unrepresentable values when parsing urls
The credential protocol can't represent newlines in values, but URLs can
embed percent-encoded newlines in various components. A previous commit
taught the low-level writing routines to die() when encountering this,
but we can be a little friendlier to the user by detecting them earlier
and handling them gracefully.

This patch teaches credential_from_url() to notice such components,
issue a warning, and blank the credential (which will generally result
in prompting the user for a username and password). We blank the whole
credential in this case. Another option would be to blank only the
invalid component. However, we're probably better off not feeding a
partially-parsed URL result to a credential helper. We don't know how a
given helper would handle it, so we're better off to err on the side of
matching nothing rather than something unexpected.

The die() call in credential_write() is _probably_ impossible to reach
after this patch. Values should end up in credential structs only by URL
parsing (which is covered here), or by reading credential protocol input
(which by definition cannot read a newline into a value). But we should
definitely keep the low-level check, as it's our final and most accurate
line of defense against protocol injection attacks. Arguably it could
become a BUG(), but it probably doesn't matter much either way.

Note that the public interface of credential_from_url() grows a little
more than we need here. We'll use the extra flexibility in a future
patch to help fsck catch these cases.
2020-03-12 02:55:24 -04:00
Jeff King
17f1c0b8c7 t/lib-credential: use test_i18ncmp to check stderr
The credential tests have a "check" function which feeds some input to
git-credential and checks the stdout and stderr. We look for exact
matches in the output. For stdout, this makes sense; the output is
the credential protocol. But for stderr, we may be showing various
diagnostic messages, or the prompts fed to the askpass program, which
could be translated. Let's mark them as such.
2020-03-12 02:55:17 -04:00
Jeff King
9a6bbee800 credential: avoid writing values with newlines
The credential protocol that we use to speak to helpers can't represent
values with newlines in them. This was an intentional design choice to
keep the protocol simple, since none of the values we pass should
generally have newlines.

However, if we _do_ encounter a newline in a value, we blindly transmit
it in credential_write(). Such values may break the protocol syntax, or
worse, inject new valid lines into the protocol stream.

The most likely way for a newline to end up in a credential struct is by
decoding a URL with a percent-encoded newline. However, since the bug
occurs at the moment we write the value to the protocol, we'll catch it
there. That should leave no possibility of accidentally missing a code
path that can trigger the problem.

At this level of the code we have little choice but to die(). However,
since we'd not ever expect to see this case outside of a malicious URL,
that's an acceptable outcome.

Reported-by: Felix Wilhelm <fwilhelm@google.com>
2020-03-12 02:55:16 -04:00
Alessandro Menti
17ed936e96
l10n: it.po: update the Italian translation for Git 2.26.0 round 2
Signed-off-by: Alessandro Menti <alessandro.menti@alessandromenti.it>
2020-03-12 07:52:58 +01:00
Christopher Diaz Riveros
1afe18a3bb l10n: es: 2.26.0 round#2
Signed-off-by: Christopher Diaz Riveros <chrisadr@gentoo.org>
2020-03-11 23:19:58 -05:00
Jiang Xin
5ab9217a3c Merge branch of github.com:alshopov/git-po into master
* 'git-l10n_git-po_master' of github.com:alshopov/git-po:
  l10n: bg.po: Updated Bulgarian translation (4839t)
2020-03-12 10:17:22 +08:00
Jiang Xin
c6713676d6 Merge branch of github.com:bitigchi/git-po into master
* 'tr_translations_2.26.1' of github.com:bitigchi/git-po:
  l10n: tr: v2.26.0 round 2
2020-03-12 10:15:49 +08:00
Alexander Shopov
b22e556314 l10n: bg.po: Updated Bulgarian translation (4839t)
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
2020-03-12 00:04:37 +01:00
Emir Sarı
2713dec02d l10n: tr: v2.26.0 round 2
Signed-off-by: Emir Sarı <bitigchi@me.com>
2020-03-12 00:09:51 +03:00
Jean-Noël Avila
c9ef57cc3a l10n: fr : v2.26.0 rnd 2
Signed-off-by: Jean-Noël Avila <jn.avila@free.fr>
2020-03-11 21:19:25 +01:00
Elijah Newren
120b1eb731 git-rebase.txt: highlight backend differences with commit rewording
As noted by Junio:
    Back when "git am" was written, it was not considered a bug that the
    "git am --resolved" option did not offer the user a chance to update
    the log message to match the adjustment of the code the user made,
    but honestly, I'd have to say that it is a bug in "git am" in that
    over time it wasn't adjusted to the new world order where we
    encourage users to describe what they did when the automation
    hiccuped by opening an editor.  These days, even when automation
    worked well (e.g. a clean auto-merge with "git merge"), we open an
    editor.  The world has changed, and so should the expectations.

Junio also suggested providing a workaround such as allowing --no-edit
together with git rebase --continue, but that should probably be done in
a patch after the git-2.26.0 release.  For now, just document the known
difference in the Behavioral Differences section.

Signed-off-by: Elijah Newren <newren@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-11 12:11:08 -07:00
Elijah Newren
9a1b7474d6 sequencer: clear state upon dropping a become-empty commit
In commit e98c4269c8 ("rebase (interactive-backend): fix handling of
commits that become empty", 2020-02-15), the merge backend was changed
to drop commits that did not start empty but became so after being
applied (because their changes were a subset of what was already
upstream).  This new code path did not need to go through the process of
creating a commit, since we were dropping the commit instead.
Unfortunately, this also means we bypassed the clearing of the
CHERRY_PICK_HEAD and MERGE_MSG files, which if there were no further
commits to cherry-pick would mean that the rebase would end but assume
there was still an operation in progress.  Ensure that we clear such
state files when we decide to drop the commit.

Signed-off-by: Elijah Newren <newren@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-11 12:11:05 -07:00
Jiang Xin
937d143630 i18n: unmark a message in rebase.c
Commit v2.25.0-4-ge98c4269c8 (rebase (interactive-backend): fix handling
of commits that become empty, 2020-02-15) marked "{drop,keep,ask}" for
translation, but this message should not be changed.

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-11 11:39:01 -07:00
René Scharfe
9c688735f6 pull: document more passthru options
git pull accepts the options --dry-run, -p/--prune, --refmap, and
-t/--tags since a32975f516 (pull: pass git-fetch's options to git-fetch,
2015-06-18), -j/--jobs since 62104ba14a (submodules: allow parallel
fetching, add tests and documentation, 2015-12-15), and --set-upstream
since 24bc1a1292 (pull, fetch: add --set-upstream option, 2019-08-19).
Update its documentation to match.

Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-11 11:29:14 -07:00
Junio C Hamano
a56d361f66 Merge branch 'ds/sparse-add'
Test fix.

* ds/sparse-add:
  t1091: don't grep for `strerror()` string
2020-03-11 10:58:16 -07:00
Junio C Hamano
5fa9169ced Merge branch 'dr/push-remote-ref-update'
Code clean-up.

* dr/push-remote-ref-update:
  remote: drop "explicit" parameter from remote_ref_for_branch()
2020-03-11 10:58:16 -07:00
Junio C Hamano
cdef998b46 Merge branch 'jc/doc-single-h-is-for-help'
Both "git ls-remote -h" and "git grep -h" give short usage help,
like any other Git subcommand, but it is not unreasonable to expect
that the former would behave the same as "git ls-remote --head"
(there is no other sensible behaviour for the latter).  The
documentation has been updated in an attempt to clarify this.

* jc/doc-single-h-is-for-help:
  Documentation: clarify that `-h` alone stands for `help`
2020-03-11 10:58:16 -07:00
Jiang Xin
051fae4d51 l10n: git.pot: v2.26.0 round 2 (7 new, 2 removed)
Generate po/git.pot from v2.26.0-rc1 for git v2.26.0 l10n round 2.

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
2020-03-11 15:27:39 +08:00
Jiang Xin
52b2742df8 Merge branch 'master' of github.com:git/git into git-po-master
* 'master' of github.com:git/git: (27 commits)
  Git 2.26-rc1
  remote-curl: show progress for fetches over dumb HTTP
  show_one_mergetag: print non-parent in hex form.
  config.mak.dev: re-enable -Wformat-zero-length
  rebase-interactive.c: silence format-zero-length warnings
  mingw: workaround for hangs when sending STDIN
  t6020: new test with interleaved lexicographic ordering of directories
  t6022, t6046: test expected behavior instead of testing a proxy for it
  t3035: prefer test_must_fail to bash negation for git commands
  t6020, t6022, t6035: update merge tests to use test helper functions
  t602[1236], t6034: modernize test formatting
  merge-recursive: apply collision handling unification to recursive case
  completion: add diff --color-moved[-ws]
  t1050: replace test -f with test_path_is_file
  am: support --show-current-patch=diff to retrieve .git/rebase-apply/patch
  am: support --show-current-patch=raw as a synonym for--show-current-patch
  am: convert "resume" variable to a struct
  parse-options: convert "command mode" to a flag
  parse-options: add testcases for OPT_CMDMODE()
  stash push: support the --pathspec-from-file option
  ...
2020-03-11 14:59:05 +08:00
Emir Sarı
9643441983 l10n: tr: Add glossary for Turkish translations
Signed-off-by: Emir Sarı <bitigchi@me.com>
2020-03-10 23:31:48 +03:00
Alex Henrie
d18c950a69 pull: warn if the user didn't say whether to rebase or to merge
Often novice Git users forget to say "pull --rebase" and end up with an
unnecessary merge from upstream. What they usually want is either "pull
--rebase" in the simpler cases, or "pull --ff-only" to update the copy
of main integration branches, and rebase their work separately. The
pull.rebase configuration variable exists to help them in the simpler
cases, but there is no mechanism to make these users aware of it.

Issue a warning message when no --[no-]rebase option from the command
line and no pull.rebase configuration variable is given. This will
inconvenience those who never want to "pull --rebase", who haven't had
to do anything special, but the cost of the inconvenience is paid only
once per user, which should be a reasonable cost to help a number of new
users.

Signed-off-by: Alex Henrie <alexhenrie24@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-10 13:06:41 -07:00
SZEDER Gábor
7422b2a0a1 commit-slab: clarify slabname##_peek()'s return value
Ever since 862e730ec1 (commit-slab: introduce slabname##_peek()
function, 2015-05-14) the slabname##_peek() function is documented as:

  This function is similar to indegree_at(), but it will return NULL
  until a call to indegree_at() was made for the commit.

This, however, is usually not the case.  If indegree_at() allocates
memory, then it will do so not only for the single commit it got as
parameter, but it will allocate a whole new, ~512kB slab.  Later on,
if any other commit's 'index' field happens to point into an already
allocated slab, then indegree_peek() for such a commit will return a
valid non-NULL pointer, pointing to a zero-initialized location in the
slab, even if no indegree_at() call has been made for that commit yet.

Update slabname##_peek()'s documentation to clarify this.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-10 11:44:24 -07:00
Alexandr Miloslavskiy
49d3c4b481 get_superproject_working_tree(): return strbuf
Together with the previous commits, this commit fully fixes the problem
of using shared buffer for `real_path()` in `get_superproject_working_tree()`.

Signed-off-by: Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-10 11:41:40 -07:00
Alexandr Miloslavskiy
4530a85b4c real_path_if_valid(): remove unsafe API
This commit continues the work started with previous commit.

Signed-off-by: Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-10 11:41:40 -07:00
Alexandr Miloslavskiy
3d7747e318 real_path: remove unsafe API
Returning a shared buffer invites very subtle bugs due to reentrancy or
multi-threading, as demonstrated by the previous patch.

There was an unfinished effort to abolish this [1].

Let's finally rid of `real_path()`, using `strbuf_realpath()` instead.

This patch uses a local `strbuf` for most places where `real_path()` was
previously called.

However, two places return the value of `real_path()` to the caller. For
them, a `static` local `strbuf` was added, effectively pushing the
problem one level higher:
    read_gitfile_gently()
    get_superproject_working_tree()

[1] https://lore.kernel.org/git/1480964316-99305-1-git-send-email-bmwill@google.com/

Signed-off-by: Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-10 11:41:40 -07:00
SZEDER Gábor
6bb40ed20a ci: use python3 in linux-gcc and osx-gcc and python2 elsewhere
Python2 reached end of life, and we have been preparing our Python
scripts to work with Python3.  'git p4', the main in-tree user of
Python, has just received a number of compatibility updates.  Our
other notable Python script 'contrib/svn-fe/svnrdump_sim.py' is only
used in 't9020-remote-svn.sh', and is apparently already compatible
with both Python2 and 3.

Our CI jobs currently only use Python2.  We want to make sure that
these Python scripts do indeed work with Python3, and we also want to
make sure that these scripts keep working with Python2 as well, for
the sake of some older LTS/Enterprise setups.

Therefore, pick two jobs and use Python3 there, while leaving other
jobs to still stick to Python2 for now.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-10 11:27:13 -07:00
Jiang Xin
438393202c Merge branch 'master' of github.com:nafmo/git-l10n-sv
* 'master' of github.com:nafmo/git-l10n-sv:
  l10n: sv.po: Update Swedish translation (4835t0f0u)
2020-03-10 14:28:22 +08:00
Jiang Xin
fa89e04fe1 Merge branch 'fr_2.26.0' of github.com:jnavila/git
* 'fr_2.26.0' of github.com:jnavila/git:
  l10n: fr v2.26.0 rnd1
2020-03-10 14:26:58 +08:00
Peter Krefting
2591c4cf6d l10n: sv.po: Update Swedish translation (4835t0f0u)
Signed-off-by: Peter Krefting <peter@softwolves.pp.se>
2020-03-09 21:02:58 +01:00
Emir Sarı
dd2c269652 l10n: tr: Add Turkish translations
Signed-off-by: Emir Sarı <bitigchi@me.com>
2020-03-09 21:41:28 +03:00
Emir Sarı
8f4f099f8b l10n: tr: Add Turkish translation team info
Signed-off-by: Emir Sarı <bitigchi@me.com>
2020-03-09 21:39:08 +03:00
Junio C Hamano
b4374e96c8 Git 2.26-rc1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-09 11:21:21 -07:00
Junio C Hamano
4a5c3e10f2 Merge branch 'rs/show-progress-in-dumb-http-fetch'
"git fetch" over HTTP walker protocol did not show any progress
output.  We inherently do not know how much work remains, but still
we can show something not to bore users.

* rs/show-progress-in-dumb-http-fetch:
  remote-curl: show progress for fetches over dumb HTTP
2020-03-09 11:21:21 -07:00
Junio C Hamano
3658d77f8e Merge branch 'hd/show-one-mergetag-fix'
"git show" and others gave an object name in raw format in its
error output, which has been corrected to give it in hex.

* hd/show-one-mergetag-fix:
  show_one_mergetag: print non-parent in hex form.
2020-03-09 11:21:21 -07:00
Junio C Hamano
6125104b88 Merge branch 'rt/format-zero-length-fix'
Recently we inadvertently added a few instances of using 0-width
format string to functions that we mark as printf-like without any
developers noticing.  The root cause was that the compiler warning
that is triggered by this is almost always useless and we disabled
the warning in our developer builds, but not for general public.
The new instances have been corrected, and the warning has been
resurrected in the developer builds.

* rt/format-zero-length-fix:
  config.mak.dev: re-enable -Wformat-zero-length
  rebase-interactive.c: silence format-zero-length warnings
2020-03-09 11:21:21 -07:00
Junio C Hamano
1ac37deba2 Merge branch 'am/mingw-poll-fix'
MinGW's poll() emulation has been improved.

* am/mingw-poll-fix:
  mingw: workaround for hangs when sending STDIN
2020-03-09 11:21:20 -07:00
Junio C Hamano
cf372dc815 Merge branch 'en/test-cleanup'
Test cleanup.

* en/test-cleanup:
  t6020: new test with interleaved lexicographic ordering of directories
  t6022, t6046: test expected behavior instead of testing a proxy for it
  t3035: prefer test_must_fail to bash negation for git commands
  t6020, t6022, t6035: update merge tests to use test helper functions
  t602[1236], t6034: modernize test formatting
2020-03-09 11:21:20 -07:00
Junio C Hamano
d1075adfdf Merge branch 'en/merge-path-collision'
Handling of conflicting renames in merge-recursive have further
been made consistent with how existing codepaths try to mimic what
is done to add/add conflicts.

* en/merge-path-collision:
  merge-recursive: apply collision handling unification to recursive case
2020-03-09 11:21:20 -07:00
Junio C Hamano
a4fd114ffc Merge branch 'kk/complete-diff-color-moved'
Completion update.

* kk/complete-diff-color-moved:
  completion: add diff --color-moved[-ws]
2020-03-09 11:21:20 -07:00
Junio C Hamano
a0d752c1a3 Merge branch 'rj/t1050-use-test-path-is-file'
Code cleanup.

* rj/t1050-use-test-path-is-file:
  t1050: replace test -f with test_path_is_file
2020-03-09 11:21:20 -07:00
Junio C Hamano
0e0d717537 Merge branch 'pb/am-show-current-patch'
"git am --short-current-patch" is a way to show the piece of e-mail
for the stopped step, which is not suitable to directly feed "git
apply" (it is designed to be a good "git am" input).  It learned a
new option to show only the patch part.

* pb/am-show-current-patch:
  am: support --show-current-patch=diff to retrieve .git/rebase-apply/patch
  am: support --show-current-patch=raw as a synonym for--show-current-patch
  am: convert "resume" variable to a struct
  parse-options: convert "command mode" to a flag
  parse-options: add testcases for OPT_CMDMODE()
2020-03-09 11:21:19 -07:00
Junio C Hamano
9b7f726dfc Merge branch 'am/pathspec-f-f-more'
"git rm" and "git stash" learns the new "--pathspec-from-file"
option.

* am/pathspec-f-f-more:
  stash push: support the --pathspec-from-file option
  stash: eliminate crude option parsing
  doc: stash: synchronize <pathspec> description
  doc: stash: document more options
  doc: stash: split options from description (2)
  doc: stash: split options from description (1)
  rm: support the --pathspec-from-file option
  doc: rm: synchronize <pathspec> description
2020-03-09 11:21:19 -07:00
Martin Ågren
4605a73073 t1091: don't grep for strerror() string
We grep for "File exists" in stderr of the failing `git sparse-checkout`
to make sure that it failed for the right reason. We expect the string
to show up there since we call `strerror(errno)` in
`unable_to_lock_message()` in lockfile.c.

On the NonStop platform, this fails because the error string is "File
already exists", which doesn't match our grepping.

See 9042140097 ("test-dir-iterator: do not assume errno values",
2019-07-30) for a somewhat similar fix. There, we patched a test helper,
which meant we had access to `errno` and could investigate it better in
the test helper instead of just outputting the numerical value and
evaluating it in the test script. The current situation is different,
since (short of modifying the lockfile machinery, e.g., to be more
verbose) we don't have more than the output from `strerror()` available.

Except we do: We prefix `strerror(errno)` with `_("Unable to create
'%s.lock': ")`. Let's grep for that part instead. It verifies that we
were indeed unable to create the lock file. (If that fails for some
other reason than the file existing, we really really should expect
other tests to fail as well.)

An alternative fix would be to loosen the expression a bit and grep for
"File.* exists" instead. There would be no guarantee that some other
implementation couldn't come up with another error string, That is, that
could be the first move in an endless game of whack-a-mole. Of course,
it could also take us from "99" to "100" percent of the platforms and
we'd never have this problem again. But since we have another way of
addressing this, let's not even try the "loosen it up a bit" strategy.

Reported-by: Randall S. Becker <rsbecker@nexbridge.com>
Signed-off-by: Martin Ågren <martin.agren@gmail.com>
Acked-by: Derrick Stolee <dstolee@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-09 08:05:13 -07:00
Junio C Hamano
564956f358 update how-to-maintain-git
Some parts of the workflow described in the document has got a bit
stale with the recent toolchain improvements.  Update the procedure
a bit, and also describe the convention used around SQUASH??? fixups.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-09 07:57:57 -07:00
Jean-Noël Avila
4d9c2902a1 l10n: fr v2.26.0 rnd1
Signed-off-by: Jean-Noël Avila <jn.avila@free.fr>
2020-03-08 23:26:01 +01:00
Jiang Xin
ad182bee3f Merge branch of github.com:alshopov/git-po into master
* 'git-l10n_git-po_master' of github.com:alshopov/git-po:
  l10n: bg.po: Updated Bulgarian translation (4835t)
2020-03-08 23:44:13 +08:00
Alessandro Menti
23fa46712a
l10n: it.po: update the Italian translation for Git 2.26.0 round 1
Signed-off-by: Alessandro Menti <alessandro.menti@alessandromenti.it>
2020-03-07 09:57:36 +01:00
Alexandr Miloslavskiy
0915a5b4cd set_git_dir: fix crash when used with real_path()
`real_path()` returns result from a shared buffer, inviting subtle
reentrance bugs. One of these bugs occur when invoked this way:
    set_git_dir(real_path(git_dir))

In this case, `real_path()` has reentrance:
    real_path
    read_gitfile_gently
    repo_set_gitdir
    setup_git_env
    set_git_dir_1
    set_git_dir

Later, `set_git_dir()` uses its now-dead parameter:
    !is_absolute_path(path)

Fix this by using a dedicated `strbuf` to hold `strbuf_realpath()`.

Signed-off-by: Alexandr Miloslavskiy <alexandr.miloslavskiy@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-06 14:45:51 -08:00
Alexander Shopov
98f24073a5 l10n: bg.po: Updated Bulgarian translation (4835t)
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
2020-03-06 07:52:57 +01:00
Jiang Xin
f7c6172e97 l10n: git.pot: v2.26.0 round 1 (73 new, 38 removed)
Generate po/git.pot from v2.26.0-rc0 for git v2.26.0 l10n round 1.

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
2020-03-06 14:27:08 +08:00