Commit Graph

48241 Commits

Author SHA1 Message Date
Jeff King
3be4cf09cd connect: reject dashed arguments for proxy commands
If you have a GIT_PROXY_COMMAND configured, we will run it
with the host/port on the command-line. If a URL contains a
mischievous host like "--foo", we don't know how the proxy
command may handle it. It's likely to break, but it may also
do something dangerous and unwanted (technically it could
even do something useful, but that seems unlikely).

We should err on the side of caution and reject this before
we even run the command.

The hostname check matches the one we do in a similar
circumstance for ssh. The port check is not present for ssh,
but there it's not necessary because the syntax is "-p
<port>", and there's no ambiguity on the parsing side.

It's not clear whether you can actually get a negative port
to the proxy here or not. Doing:

  git fetch git://remote:-1234/repo.git

keeps the "-1234" as part of the hostname, with the default
port of 9418. But it's a good idea to keep this check close
to the point of running the command to make it clear that
there's no way to circumvent it (and at worst it serves as a
belt-and-suspenders check).

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:52:18 -07:00
Jeff King
2491f77b90 connect: factor out "looks like command line option" check
We reject hostnames that start with a dash because they may
be confused for command-line options. Let's factor out that
notion into a helper function, as we'll use it in more
places. And while it's simple now, it's not clear if some
systems might need more complex logic to handle all cases.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:51:56 -07:00
Jeff King
2d90add5ad t5813: add test for hostname starting with dash
Per the explanation in the previous patch, this should be
(and is) rejected.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:51:29 -07:00
Junio C Hamano
820d7650cc connect: reject ssh hostname that begins with a dash
When commands like "git fetch" talk with ssh://$rest_of_URL/, the
code splits $rest_of_URL into components like host, port, etc., and
then spawns the underlying "ssh" program by formulating argv[] array
that has:

 - the path to ssh command taken from GIT_SSH_COMMAND, etc.

 - dashed options like '-batch' (for Tortoise), '-p <port>' as
   needed.

 - ssh_host, which is supposed to be the hostname parsed out of
   $rest_of_URL.

 - then the command to be run on the other side, e.g. git
   upload-pack.

If the ssh_host ends up getting '-<anything>', the argv[] that is
used to spawn the command becomes something like:

    { "ssh", "-p", "22", "-<anything>", "command", "to", "run", NULL }

which obviously is bogus, but depending on the actual value of
"<anything>", will make "ssh" parse and use it as an option.

Prevent this by forbidding ssh_host that begins with a "-".

Noticed-by: Joern Schneeweisz of Recurity Labs
Reported-by: Brian at GitLab
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:51:14 -07:00
Jeff King
30c586ff15 t/lib-proto-disable: restore protocol.allow after config tests
The tests for protocol.allow actually set that variable in
the on-disk config, run a series of tests, and then never
clean up after themselves. This means that whatever tests we
run after have protocol.allow=never, which may influence
their results.

In most cases we either exit after running these tests, or
do another round of test_proto(). In the latter case, this happens to
work because:

  1. Tests of the GIT_ALLOW_PROTOCOL environment variable
     override the config.

  2. Tests of the specific config "protocol.foo.allow"
     override the protocol.allow config.

  3. The next round of protocol.allow tests start off by
     setting the config to a known value.

However, it's a land-mine waiting to trap somebody adding
new tests to one of the t581x test scripts. Let's make sure
we clean up after ourselves.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:48:39 -07:00
Jonathan Tan
a7c28a2161 tests: ensure fsck fails on corrupt packfiles
t1450-fsck.sh does not have a test that checks fsck's behavior when a
packfile is invalid. It does have a test for when an object in a
packfile is invalid, but in that test, the packfile itself is valid.

Add such a test.

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 15:26:48 -07:00
Andreas Heiduk
ac05222b31 doc: remove unsupported parameter from patch-id
The patch is read from standard input and not from a parameter.

Signed-off-by: Andreas Heiduk <asheiduk@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-28 14:41:32 -07:00
Ramsay Jones
1f180e5eb9 credential-cache: interpret an ECONNRESET as an EOF
Since commit 612c49e94d ("credential-cache: add tests for XDG
functionality", 17-03-2017), the cygwin build has been failing all the
new tests added by that commit. In particular, the 'git credential-cache
exit' command, as part of the test cleanup code, has been die-ing with
the message:

    fatal: read error from cache daemon: Connection reset by peer

As this git command is part of an && chain in a 'test_when_finished'
call, the remaining test cleanup is not happening, so practically all
remaining tests fail due to the unexpected presence of various socket
files and directories.

A simple means of getting the tests to pass, is to simply ignore the
failure of 'git credential-cache exit' command and make sure all test
cleanup is done. For example, the diff for test #12 would look like:

    diff --git a/t/t0301-credential-cache.sh b/t/t0301-credential-cache.sh
    index fd92533ac..87e5001bb 100755
    --- a/t/t0301-credential-cache.sh
    +++ b/t/t0301-credential-cache.sh
    @@ -17,7 +17,7 @@ helper_test cache

     test_expect_success 'socket defaults to ~/.cache/git/credential/socket' '
            test_when_finished "
    -               git credential-cache exit &&
    +               (git credential-cache exit || :) &&
                    rmdir -p .cache/git/credential/
            " &&
            test_path_is_missing "$HOME/.git-credential-cache" &&

... and so on for all remaining tests. While this does indeed make all
tests pass, it is not really a solution.

As an aside, while looking to debug this issue, I added the '--debug'
option to the invocation of the 'git-credential-cache--daemon' child
process (see the spawn_daemon() function). This not only fixed the tests,
but also stopped git-credential-cache exiting with a failure. Since the
only effect of passing '--debug' was to suppress the redirection of stderr
to the bit-bucket (/dev/null), I have no idea why this seems to fix the
protocol interaction between git and git-credential-cache--daemon. (I
did think that maybe it was a timing issue, so I tried sleeping before
reading from the daemon on Linux, but that only slowed down the tests!)

All descriptions of the "Connection reset by peer" error, that I could
find, say that the peer had destroyed the connection before the client
attempted to perform I/O on the connection. Since the daemon does not
respond to an "exit" message from the client, it just closes the socket
and deletes the socket file (via the atexit handler), it seems that the
expected result is for the client to receive an EOF.  Indeed, this is
exactly what seems to be happening on Linux. Also a comment in
credential-cache--daemon.c reads:

    else if (!strcmp(action.buf, "exit")) {
            /*
             * It's important that we clean up our socket first, and then
             * signal the client only once we have finished the cleanup.
             * Calling exit() directly does this, because we clean up in
             * our atexit() handler, and then signal the client when our
             * process actually ends, which closes the socket and gives
             * them EOF.
             */
            exit(0);
    }

On cygwin this is not the case, at least when not passing --debug to the
daemon, and the read following the "exit" gets an error with errno set
to ECONNRESET.

In order to suppress the fatal exit in this case, check the read error
for an ECONNRESET and return as if no data was read from the daemon.
This effectively converts an ECONNRESET into an EOF.

Signed-off-by: Ramsay Jones <ramsay@ramsayjones.plus.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-27 10:21:46 -07:00
Jiang Xin
79e8ee89ae Merge branch 'master' of https://github.com/ralfth/git-po-de
* 'master' of https://github.com/ralfth/git-po-de:
  l10n: de.po: update German translation
2017-07-27 23:12:11 +08:00
Jiang Xin
437d212413 Merge branch 'fr_l10n_v2.14.0rnd2' of git://github.com/jnavila/git
* 'fr_l10n_v2.14.0rnd2' of git://github.com/jnavila/git:
  l10n: fr.po v2.14.0 rnd 2
  l10n: fr.po Fix some french typos
  l10n: fr.po Fix typo
  l10n: fr.po Fix some translations
2017-07-27 23:10:13 +08:00
Jean-Noel Avila
12142e1bcb l10n: fr.po v2.14.0 rnd 2
Signed-off-by: Jean-Noel Avila <jean-noel.avila@scantech.fr>
2017-07-27 04:29:15 +02:00
Sylvestre Ledru
eb7bb1cc09 l10n: fr.po Fix some french typos
Signed-off-by: Sylvestre Ledru <sylvestre@debian.org>
2017-07-27 04:28:56 +02:00
Louis
694f610d65 l10n: fr.po Fix typo
Signed-off-by: Louis <spalax@gresille.org>
2017-07-27 04:22:23 +02:00
Hugues Peccatte
8430988d35 l10n: fr.po Fix some translations
Signed-off-by: Hugues Peccatte <hugues.peccatte@aareon.fr>
Signed-off-by: Jean-Noel Avila <jn.avila@free.fr>
2017-07-27 04:22:19 +02:00
Stefan Beller
0ba9c9a0fb t8008: rely on rev-parse'd HEAD instead of sha1 value
Remove hard coded sha1 values, obtain the values using
'git rev-parse HEAD' which should be future proof regardless
of the hash function used.

Additionally future-proof the test by hard coding the
abbreviation length of the hash.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-26 13:32:59 -07:00
Jonathan Tan
fa64a2fdbe sub-process: refactor handshake to common function
Refactor, into a common function, the version and capability negotiation
done when invoking a long-running process as a clean or smudge filter.
This will be useful for other Git code that needs to interact similarly
with a long-running process.

As you can see in the change to t0021, this commit changes the error
message reported when the long-running process does not introduce itself
with the expected "server"-terminated line. Originally, the error
message reports that the filter "does not support filter protocol
version 2", differentiating between the old single-file filter protocol
and the new multi-file filter protocol - I have updated it to something
more generic and useful.

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-26 13:00:40 -07:00
Jonathan Tan
7e2e1bbb24 Documentation: migrate sub-process docs to header
Move the documentation for the sub-process API from a separate txt file
to its header file.

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-26 12:56:40 -07:00
Junio C Hamano
487fe1ffcd Merge branch 'ls/filter-process-delayed' into jt/subprocess-handshake
* ls/filter-process-delayed:
  convert: add "status=delayed" to filter process protocol
  convert: refactor capabilities negotiation
  convert: move multiple file filter error handling to separate function
  convert: put the flags field before the flag itself for consistent style
  t0021: write "OUT <size>" only on success
  t0021: make debug log file name configurable
  t0021: keep filter log files on comparison
2017-07-26 12:56:19 -07:00
Jonathan Tan
78e7b98f45 fsck: cleanup unused variable
Remove the unused variable "heads" from cmd_fsck().

This variable was made unused in commit c3271a0 ("fsck: do not fallback
"git fsck <bogus>" to "git fsck"", 2017-01-17).

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-26 11:36:14 -07:00
Ralf Thielow
2166cd5af0 l10n: de.po: update German translation
Signed-off-by: Ralf Thielow <ralf.thielow@gmail.com>
2017-07-26 18:22:27 +02:00
Andreas Heiduk
c0bb6d9cef doc: add missing values "none" and "default" for diff.wsErrorHighlight
The values have eluded documentation so far. While at it streamline
the wording by grouping relevant parts together.

Signed-off-by: Andreas Heiduk <asheiduk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-25 14:30:49 -07:00
Junio C Hamano
90dbf226ba Merge branch 'js/msgfmt-on-windows' of ../git-gui into js/git-gui-msgfmt-on-windows
* 'js/msgfmt-on-windows' of ../git-gui:
  git-gui (MinGW): make use of MSys2's msgfmt
  git gui: allow for a long recentrepo list
  git gui: de-dup selected repo from recentrepo history
  git gui: cope with duplicates in _get_recentrepo
  git-gui: remove duplicate entries from .gitconfig's gui.recentrepo
2017-07-25 13:42:41 -07:00
Johannes Schindelin
492595cfc7 git-gui (MinGW): make use of MSys2's msgfmt
When Git for Windows was still based on MSys1, we had no gettext, ergo
no msgfmt, either. Therefore, we introduced a small and simple Tcl
script to perform the same task.

However, with MSys2, we no longer need that because we have a proper
msgfmt executable. Plus, the po2msg.sh script somehow manages to hang
when run in parallel in Git for Windows' SDK (symptom: the Continuous
Testing tasks timing out).

Two reasons to use real msgfmt.exe instead.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-25 12:32:14 -07:00
Dimitrios Christidis
edd64ef4f7 fmt-merge-msg: fix coding style
Align argument list and place opening brace on its own line.

Signed-off-by: Dimitrios Christidis <dimitrios@christidis.me>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-25 12:11:18 -07:00
Jiang Xin
7b043d09b0 Merge branch 'master' of https://github.com/Softcatala/git-po
* 'master' of https://github.com/Softcatala/git-po:
  l10n: Update Catalan translation
2017-07-26 00:13:54 +08:00
Jiang Xin
b1bb0df04b Merge branch 'master' of git://github.com/alshopov/git-po
* 'master' of git://github.com/alshopov/git-po:
  l10n: bg.po: Updated Bulgarian translation (3213t)
2017-07-26 00:13:05 +08:00
Tran Ngoc Quan
365fb9d947 l10n: vi.po (3213t): Updated 9 new strings
Signed-off-by: Tran Ngoc Quan <vnwildman@gmail.com>
2017-07-25 07:09:13 +07:00
Junio C Hamano
5800c63717 Git 2.14-rc1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-24 14:50:35 -07:00
Christian Couder
7a40a95eb4 refs: use skip_prefix() in ref_is_hidden()
This is shorter, makes the logic a bit easier to follow, and is
perhaps a bit faster too.

The logic is to make the final decision only when "subject" is there,
its early part matches "match", and the match is at the slash
boundary (or the whole thing).

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-24 14:48:59 -07:00
SZEDER Gábor
9e7d8a9bfb blame: fix memory corruption scrambling revision name in error message
When attempting to blame a non-existing path, git should show an error
message like this:

  $ git blame e83c51633 -- nonexisting-file
  fatal: no such path nonexisting-file in e83c51633

Since the recent commit 835c49f7d (blame: rework methods that
determine 'final' commit, 2017-05-24) the revision name is either
missing or some scrambled characters are shown instead.  The reason is
that the revision name must be duplicated, because it is invalidated
when the pending objects array is cleared in the meantime, but this
commit dropped the duplication.

Restore the duplication of the revision name in the affected functions
(find_single_final() and find_single_initial()).

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-24 14:38:02 -07:00
Junio C Hamano
9e3958e86d Merge https://github.com/git-l10n/git-po
* https://github.com/git-l10n/git-po:
  l10n: git.pot: v2.14.0 round 2 (9 new, 2 removed)
  l10n: sv.po: Update Swedish translation (3206t0f0u)
  l10n: ko.po: Update Korean translation
  l10n: Update Catalan translation
  l10n: bg.po: Updated Bulgarian translation (3206t)
  l10n: vi.po(3206t): Update Vietnamese translation
  l10n: git.pot: v2.14.0 round 1 (34 new, 23 removed)
  l10n: ru.po: update Russian translation
  l10n: Fixes to Catalan translation
2017-07-24 14:01:08 -07:00
Jordi Mas
1d99545f77 l10n: Update Catalan translation
Signed-off-by: Jordi Mas <jmas@softcatala.org>
2017-07-24 18:29:29 +02:00
Alexander Shopov
3db60c9132 l10n: bg.po: Updated Bulgarian translation (3213t)
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
2017-07-24 17:28:43 +02:00
Jiang Xin
91d443d0d8 l10n: git.pot: v2.14.0 round 2 (9 new, 2 removed)
Generate po/git.pot from v2.14.0-rc0-40-g5eada8987e for git v2.14.0 l10n round 2.

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
2017-07-24 22:00:44 +08:00
Jiang Xin
92125538ff Merge branch 'master' of git://github.com/git-l10n/git-po
* 'master' of git://github.com/git-l10n/git-po:
  l10n: sv.po: Update Swedish translation (3206t0f0u)
  l10n: ko.po: Update Korean translation
  l10n: Update Catalan translation
  l10n: bg.po: Updated Bulgarian translation (3206t)
  l10n: vi.po(3206t): Update Vietnamese translation
  l10n: git.pot: v2.14.0 round 1 (34 new, 23 removed)
  l10n: ru.po: update Russian translation
  l10n: Fixes to Catalan translation
2017-07-24 21:53:47 +08:00
Jiang Xin
842e0d63aa Merge branch 'master' of git://github.com/nafmo/git-l10n-sv
* 'master' of git://github.com/nafmo/git-l10n-sv:
  l10n: sv.po: Update Swedish translation (3206t0f0u)
2017-07-22 06:19:21 +08:00
Junio C Hamano
5eada8987e Sync with maint
* maint:
  fixes from 'master' for 2.13.4
2017-07-21 15:13:25 -07:00
Junio C Hamano
2187e112d7 fixes from 'master' for 2.13.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-21 15:06:09 -07:00
Junio C Hamano
38351249be Merge branch 'ew/fd-cloexec-fix' into maint
Portability/fallback fix.

* ew/fd-cloexec-fix:
  set FD_CLOEXEC properly when O_CLOEXEC is not supported
2017-07-21 15:03:40 -07:00
Junio C Hamano
bae7e3f153 Merge branch 'ks/fix-rebase-doc-picture' into maint
Doc update.

* ks/fix-rebase-doc-picture:
  doc: correct a mistake in an illustration
2017-07-21 15:03:39 -07:00
Junio C Hamano
bdea5bae22 Merge branch 'js/alias-case-sensitivity' into maint
A recent update broke an alias that contained an uppercase letter.

* js/alias-case-sensitivity:
  alias: compare alias name *case-insensitively*
  t1300: demonstrate that CamelCased aliases regressed
2017-07-21 15:03:38 -07:00
Junio C Hamano
ba1c08942c Merge branch 'bb/unicode-10.0' into maint
Update the character width tables.

* bb/unicode-10.0:
  unicode: update the width tables to Unicode 10
2017-07-21 15:03:38 -07:00
Junio C Hamano
19533e2c71 Hopefully the final last-minute fix before -rc1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-21 15:02:51 -07:00
Junio C Hamano
4326211593 Merge branch 'ks/doc-fixes'
Doc clean-up.

* ks/doc-fixes:
  doc: reformat the paragraph containing the 'cut-line'
  doc: camelCase the i18n config variables to improve readability
2017-07-21 14:57:37 -07:00
Junio C Hamano
3e05c53431 Merge branch 'rj/cygwin-fread-reads-directories'
It turns out that Cygwin also needs the fopen() wrapper that
returns failure when a directory is opened for reading.

* rj/cygwin-fread-reads-directories:
  config.mak.uname: set FREAD_READS_DIRECTORIES for cygwin
2017-07-21 14:57:37 -07:00
Junio C Hamano
a491307448 Merge branch 'jc/po-pritime-fix'
We started using "%" PRItime, imitating "%" PRIuMAX and friends, as
a way to format the internal timestamp value, but this does not
play well with gettext(1) i18n framework, and causes "make pot"
that is run by the l10n coordinator to create a broken po/git.pot
file.  This is a possible workaround for that problem.

* jc/po-pritime-fix:
  Makefile: help gettext tools to cope with our custom PRItime format
2017-07-21 14:57:37 -07:00
Johannes Schindelin
c1e860f1dc run_processes_parallel: change confusing task_cb convention
By declaring the task_cb parameter of type `void **`, the signature of
the get_next_task method suggests that the "task-specific cookie" can be
defined in that method, and the signatures of the start_failure and of
the task_finished methods declare that parameter of type `void *`,
suggesting that those methods are mere users of said cookie.

That convention makes a total lot of sense, because the tasks are pretty
much dead when one of the latter two methods is called: there would be
little use to reset that cookie at that point because nobody would be
able to see the change afterwards.

However, this is not what the code actually does. For all three methods,
it passes the *address* of pp->children[i].data.

As reasoned above, this behavior makes no sense. So let's change the
implementation to adhere to the convention suggested by the signatures.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Acked-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-21 11:58:46 -07:00
Ramsay Jones
a5956d6a56 config.mak.uname: set FREAD_READS_DIRECTORIES for cygwin
Signed-off-by: Ramsay Jones <ramsay@ramsayjones.plus.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-21 11:58:06 -07:00
Junio C Hamano
981adb928e A few more topics while waiting for the po/PRItime resolution
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-20 16:31:56 -07:00
Junio C Hamano
4f0b213699 Merge branch 'mt/p4-parse-G-output'
Use "p4 -G" to make "p4 changes" output more Python-friendly
to parse.

* mt/p4-parse-G-output:
  git-p4: filter for {'code':'info'} in p4CmdList
  git-p4: parse marshal output "p4 -G" in p4 changes
  git-p4: git-p4 tests with p4 triggers
2017-07-20 16:30:00 -07:00