Commit Graph

39609 Commits

Author SHA1 Message Date
Junio C Hamano
ef0e938a1a Sync with 2.3.9 2015-09-04 10:34:19 -07:00
Junio C Hamano
ecad27cf98 Git 2.3.9
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-04 10:32:15 -07:00
Junio C Hamano
8267cd11d6 Sync with 2.2.3 2015-09-04 10:29:28 -07:00
Junio C Hamano
441c4a4017 Git 2.2.3
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-04 10:26:23 -07:00
Junio C Hamano
f54cb059b1 Merge branch 'jk/long-paths' into maint-2.2 2015-09-04 10:25:23 -07:00
Jeff King
78f23bdf68 show-branch: use a strbuf for reflog descriptions
When we show "branch@{0}", we format into a fixed-size
buffer using sprintf. This can overflow if you have long
branch names. We can fix it by using a temporary strbuf.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-04 09:48:26 -07:00
Jeff King
5015f01c12 read_info_alternates: handle paths larger than PATH_MAX
This function assumes that the relative_base path passed
into it is no larger than PATH_MAX, and writes into a
fixed-size buffer. However, this path may not have actually
come from the filesystem; for example, add_submodule_odb
generates a path using a strbuf and passes it in. This is
hard to trigger in practice, though, because the long
submodule directory would have to exist on disk before we
would try to open its info/alternates file.

We can easily avoid the bug, though, by simply creating the
filename on the heap.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-04 09:36:51 -07:00
Jeff King
c29edfefb6 notes: use a strbuf in add_non_note
When we are loading a notes tree into our internal hash
table, we also collect any files that are clearly non-notes.
We format the name of the file into a PATH_MAX buffer, but
unlike true notes (which cannot be larger than a fanned-out
sha1 hash), these tree entries can be arbitrarily long,
overflowing our buffer.

We can fix this by switching to a strbuf. It doesn't even
cost us an extra allocation, as we can simply hand ownership
of the buffer over to the non-note struct.

This is of moderate security interest, as you might fetch
notes trees from an untrusted remote. However, we do not do
so by default, so you would have to manually fetch into the
notes namespace.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-04 09:36:28 -07:00
Jeff King
f514ef9787 verify_absent: allow filenames longer than PATH_MAX
When unpack-trees wants to know whether a path will
overwrite anything in the working tree, we use lstat() to
see if there is anything there. But if we are going to write
"foo/bar", we can't just lstat("foo/bar"); we need to look
for leading prefixes (e.g., "foo"). So we use the lstat cache
to find the length of the leading prefix, and copy the
filename up to that length into a temporary buffer (since
the original name is const, we cannot just stick a NUL in
it).

The copy we make goes into a PATH_MAX-sized buffer, which
will overflow if the prefix is longer than PATH_MAX. How
this happens is a little tricky, since in theory PATH_MAX is
the biggest path we will have read from the filesystem. But
this can happen if:

  - the compiled-in PATH_MAX does not accurately reflect
    what the filesystem is capable of

  - the leading prefix is not _quite_ what is on disk; it
    contains the next element from the name we are checking.
    So if we want to write "aaa/bbb/ccc/ddd" and "aaa/bbb"
    exists, the prefix of interest is "aaa/bbb/ccc". If
    "aaa/bbb" approaches PATH_MAX, then "ccc" can overflow
    it.

So this can be triggered, but it's hard to do. In
particular, you cannot just "git clone" a bogus repo. The
verify_absent checks happen before unpack-trees writes
anything to the filesystem, so there are never any leading
prefixes during the initial checkout, and the bug doesn't
trigger. And by definition, these files are larger than
PATH_MAX, so writing them will fail, and clone will
complain (though it may write a partial path, which will
cause a subsequent "git checkout" to hit the bug).

We can fix it by creating the temporary path on the heap.
The extra malloc overhead is not important, as we are
already making at least one stat() call (and probably more
for the prefix discovery).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-04 08:50:50 -07:00
Junio C Hamano
8545932d45 Git 2.4.8
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-08-03 10:43:01 -07:00
Junio C Hamano
29dce32f79 Merge branch 'js/rebase-i-clean-up-upon-continue-to-skip' into maint
Abandoning an already applied change in "git rebase -i" with
"--continue" left CHERRY_PICK_HEAD and confused later steps.

* js/rebase-i-clean-up-upon-continue-to-skip:
  rebase -i: do not leave a CHERRY_PICK_HEAD file behind
  t3404: demonstrate CHERRY_PICK_HEAD bug
2015-08-03 10:41:34 -07:00
Junio C Hamano
de67af4a8f Merge branch 'ss/clone-guess-dir-name-simplify' into maint
Code simplification.

* ss/clone-guess-dir-name-simplify:
  clone: simplify string handling in guess_dir_name()
2015-08-03 10:41:33 -07:00
Junio C Hamano
44737c4228 Merge branch 'sg/completion-commit-cleanup' into maint
* sg/completion-commit-cleanup:
  completion: teach 'scissors' mode to 'git commit --cleanup='
2015-08-03 10:41:33 -07:00
Junio C Hamano
c36e465aca Merge branch 'pt/am-abort-fix' into maint
Various fixes around "git am" that applies a patch to a history
that is not there yet.

* pt/am-abort-fix:
  am --abort: keep unrelated commits on unborn branch
  am --abort: support aborting to unborn branch
  am --abort: revert changes introduced by failed 3way merge
  am --skip: support skipping while on unborn branch
  am -3: support 3way merge on unborn branch
  am --skip: revert changes introduced by failed 3way merge
2015-08-03 10:41:32 -07:00
Junio C Hamano
0533a9b70c Merge branch 'mh/reporting-broken-refs-from-for-each-ref' into maint
"git for-each-ref" reported "missing object" for 0{40} when it
encounters a broken ref.  The lack of object whose name is 0{40} is
not the problem; the ref being broken is.

* mh/reporting-broken-refs-from-for-each-ref:
  read_loose_refs(): treat NULL_SHA1 loose references as broken
  read_loose_refs(): simplify function logic
  for-each-ref: report broken references correctly
  t6301: new tests of for-each-ref error handling
2015-08-03 10:41:31 -07:00
Junio C Hamano
a94594dcf7 Merge branch 'sg/commit-cleanup-scissors' into maint
"git commit --cleanup=scissors" was not careful enough to protect
against getting fooled by a line that looked like scissors.

* sg/commit-cleanup-scissors:
  commit: cope with scissors lines in commit message
2015-08-03 10:41:30 -07:00
Junio C Hamano
ca00f80b58 Git 2.4.7
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-27 12:25:42 -07:00
Junio C Hamano
caac7a3abe Merge branch 'jk/pretty-encoding-doc' into maint
Doc update.

* jk/pretty-encoding-doc:
  docs: clarify that --encoding can produce invalid sequences
2015-07-27 12:21:48 -07:00
Junio C Hamano
ff132a190e Merge branch 'tb/checkout-doc' into maint
Doc update.

* tb/checkout-doc:
  git-checkout.txt: document "git checkout <pathspec>" better
2015-07-27 12:21:47 -07:00
Junio C Hamano
3afcec9057 Merge branch 'ls/hint-rev-list-count' into maint
* ls/hint-rev-list-count:
  rev-list: add --count to usage guide
2015-07-27 12:21:47 -07:00
Junio C Hamano
315b3ba3e4 Merge branch 'mm/branch-doc-updates' into maint
* mm/branch-doc-updates:
  Documentation/branch: document -M and -D in terms of --force
  Documentation/branch: document -d --force and -m --force
2015-07-27 12:21:46 -07:00
Junio C Hamano
bde6a72af5 Merge branch 'jc/fsck-retire-require-eoh' into maint
A fix to a minor regression to "git fsck" in v2.2 era that started
complaining about a body-less tag object when it lacks a separator
empty line after its header to separate it with a non-existent body.

* jc/fsck-retire-require-eoh:
  fsck: it is OK for a tag and a commit to lack the body
2015-07-27 12:21:46 -07:00
Junio C Hamano
c18593658e Merge branch 'et/http-proxyauth' into maint
We used to ask libCURL to use the most secure authentication method
available when talking to an HTTP proxy only when we were told to
talk to one via configuration variables.  We now ask libCURL to
always use the most secure authentication method, because the user
can tell libCURL to use an HTTP proxy via an environment variable
without using configuration variables.

* et/http-proxyauth:
  http: always use any proxy auth method available
2015-07-27 12:21:44 -07:00
Junio C Hamano
342c14db8c Merge branch 'jc/unexport-git-pager-in-use-in-pager' into maint
When you say "!<ENTER>" while running say "git log", you'd confuse
yourself in the resulting shell, that may look as if you took
control back to the original shell you spawned "git log" from but
that isn't what is happening.  To that new shell, we leaked
GIT_PAGER_IN_USE environment variable that was meant as a local
communication between the original "Git" and subprocesses that was
spawned by it after we launched the pager, which caused many
"interesting" things to happen, e.g. "git diff | cat" still paints
its output in color by default.

Stop leaking that environment variable to the pager's half of the
fork; we only need it on "Git" side when we spawn the pager.

* jc/unexport-git-pager-in-use-in-pager:
  pager: do not leak "GIT_PAGER_IN_USE" to the pager
2015-07-27 12:21:44 -07:00
Junio C Hamano
3b175fb940 Merge branch 'mh/strbuf-read-file-returns-ssize-t' into maint
Avoid possible ssize_t to int truncation.

* mh/strbuf-read-file-returns-ssize-t:
  strbuf: strbuf_read_file() should return ssize_t
2015-07-27 12:21:43 -07:00
Junio C Hamano
6f402a93ce Merge branch 'kb/config-unmap-before-renaming' into maint
"git config" failed to update the configuration file when the
underlying filesystem is incapable of renaming a file that is still
open.

* kb/config-unmap-before-renaming:
  config.c: fix writing config files on Windows network shares
2015-07-27 12:21:42 -07:00
Junio C Hamano
726359be47 Merge branch 'jk/rev-list-no-bitmap-while-pruning' into maint
A minor bugfix when pack bitmap is used with "rev-list --count".

* jk/rev-list-no-bitmap-while-pruning:
  rev-list: disable --use-bitmap-index when pruning commits
2015-07-27 12:21:42 -07:00
Junio C Hamano
aa0b816c5d Merge branch 'rh/test-color-avoid-terminfo-in-original-home' into maint
An ancient test framework enhancement to allow color was not
entirely correct; this makes it work even when tput needs to read
from the ~/.terminfo under the user's real HOME directory.

* rh/test-color-avoid-terminfo-in-original-home:
  test-lib.sh: fix color support when tput needs ~/.terminfo
  Revert "test-lib.sh: do tests for color support after changing HOME"
2015-07-27 12:21:41 -07:00
Junio C Hamano
7c696007ca Merge branch 'jk/fix-refresh-utime' into maint
Fix a small bug in our use of umask() return value.

* jk/fix-refresh-utime:
  check_and_freshen_file: fix reversed success-check
2015-07-27 12:21:40 -07:00
Junio C Hamano
3f8b439a0e Merge branch 'cb/rebase-am-exit-code' into maint
"git rebase" did not exit with failure when format-patch it invoked
failed for whatever reason.

* cb/rebase-am-exit-code:
  rebase: return non-zero error code if format-patch fails
2015-07-27 12:21:39 -07:00
Junio C Hamano
de62fe8c42 Merge branch 'jk/index-pack-reduce-recheck' into maint
Disable "have we lost a race with competing repack?" check while
receiving a huge object transfer that runs index-pack.

* jk/index-pack-reduce-recheck:
  index-pack: avoid excessive re-reading of pack directory
2015-07-27 12:21:38 -07:00
Junio C Hamano
bb3e7b1a55 Git 2.4.6
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-15 12:31:07 -07:00
Junio C Hamano
b7abfacf5e Merge branch 'mm/describe-doc' into maint
Docfix.

* mm/describe-doc:
  Documentation/describe: improve one-line summary
2015-07-15 11:41:26 -07:00
Junio C Hamano
51d5980ea0 Merge branch 'jc/prompt-document-ps1-state-separator' into maint
Docfix.

* jc/prompt-document-ps1-state-separator:
  git-prompt.sh: document GIT_PS1_STATESEPARATOR
2015-07-15 11:41:26 -07:00
Junio C Hamano
3f20927717 Merge branch 'es/osx-header-pollutes-mask-macro' into maint
* es/osx-header-pollutes-mask-macro:
  ewah: use less generic macro name
  ewah/bitmap: silence warning about MASK macro redefinition
2015-07-15 11:41:24 -07:00
Junio C Hamano
71a8af60ae Merge branch 'es/utf8-stupid-compiler-workaround' into maint
A compilation workaround.

* es/utf8-stupid-compiler-workaround:
  utf8: NO_ICONV: silence uninitialized variable warning
2015-07-15 11:41:23 -07:00
Junio C Hamano
a15ebbc2c7 Merge branch 'fk/doc-format-patch-vn' into maint
Docfix.

* fk/doc-format-patch-vn:
  doc: format-patch: fix typo
2015-07-15 11:41:22 -07:00
Junio C Hamano
e9da4e6ff2 Merge branch 'pt/t0302-needs-sanity' into maint
* pt/t0302-needs-sanity:
  t0302: "unreadable" test needs SANITY prereq
2015-07-15 11:41:21 -07:00
Junio C Hamano
eca143b721 Merge branch 'me/fetch-into-shallow-safety' into maint
"git fetch --depth=<depth>" and "git clone --depth=<depth>" issued
a shallow transfer request even to an upload-pack that does not
support the capability.

* me/fetch-into-shallow-safety:
  fetch-pack: check for shallow if depth given
2015-07-15 11:41:20 -07:00
Junio C Hamano
697f67ac9f Merge branch 'mh/fsck-reflog-entries' into maint
"git fsck" used to ignore missing or invalid objects recorded in reflog.

* mh/fsck-reflog-entries:
  fsck: report errors if reflog entries point at invalid objects
  fsck_handle_reflog_sha1(): new function
2015-07-15 11:41:19 -07:00
Junio C Hamano
ada9ecd989 Merge branch 'af/tcsh-completion-noclobber' into maint
The tcsh completion writes a bash scriptlet but that would have
failed for users with noclobber set.

* af/tcsh-completion-noclobber:
  git-completion.tcsh: fix redirect with noclobber
2015-07-15 11:41:18 -07:00
Junio C Hamano
7c621186ba Merge branch 'pa/auto-gc-mac-osx' into maint
Recent Mac OS X updates breaks the logic to detect that the machine
is on the AC power in the sample pre-auto-gc script.

* pa/auto-gc-mac-osx:
  hooks/pre-auto-gc: adjust power checking for newer OS X
2015-07-15 11:41:17 -07:00
Junio C Hamano
93eba05b4f Merge branch 'jc/do-not-feed-tags-to-clear-commit-marks' into maint
"git format-patch --ignore-if-upstream A..B" did not like to be fed
tags as boundary commits.

* jc/do-not-feed-tags-to-clear-commit-marks:
  format-patch: do not feed tags to clear_commit_marks()
2015-07-15 11:41:16 -07:00
Sebastian Schuberth
7e837c6477 clone: simplify string handling in guess_dir_name()
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-09 14:21:29 -07:00
Jeff King
3096b2ecdb check_and_freshen_file: fix reversed success-check
When we want to write out a loose object file, we have
always first made sure we don't already have the object
somewhere. Since 33d4221 (write_sha1_file: freshen existing
objects, 2014-10-15), we also update the timestamp on the
file, so that a simultaneous prune knows somebody is
likely to reference it soon.

If our utime() call fails, we treat this the same as not
having the object in the first place; the safe thing to do
is write out another copy. However, the loose-object check
accidentally inverts the utime() check; it returns failure
_only_ when the utime() call actually succeeded. Thus it was
failing to protect us there, and in the normal case where
utime() succeeds, it caused us to pointlessly write out and
link the object.

This passed our freshening tests, because writing out the
new object is certainly _one_ way of updating its utime. So
the normal case was inefficient, but not wrong.

While we're here, let's also drop a comment in front of the
check_and_freshen functions, making a note of their return
type (since it is not our usual "0 for success, -1 for
error").

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-08 15:58:28 -07:00
Clemens Buchacher
60d708b220 rebase: return non-zero error code if format-patch fails
Since e481af06 (rebase: Handle cases where format-patch fails) we
notice if format-patch fails and return immediately from
git-rebase--am. We save the return value with ret=$?, but then we
return $?, which is usually zero in this case.

Fix this by returning $ret instead.

Cc: Andrew Wong <andrew.kw.w@gmail.com>
Signed-off-by: Clemens Buchacher <clemens.buchacher@intel.com>
Helped-by: Jorge Nunes <jorge.nunes@intel.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-08 15:36:42 -07:00
Matthieu Moy
83fe16703e Documentation/branch: document -M and -D in terms of --force
Now that we have proper documentation for --force's interaction with -d
and -m, we can avoid duplication and consider -M and -D as convenience
aliases for -m --force and -d --force.

Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-06 10:36:54 -07:00
Matthieu Moy
8482d042a0 Documentation/branch: document -d --force and -m --force
The --force option was modified in 356e91f (branch: allow -f with -m and
-d, 2014-12-08), but the documentation was not updated.

Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-06 10:36:51 -07:00
Michael Haggerty
6c8afe495b strbuf: strbuf_read_file() should return ssize_t
It is currently declared to return int, which could overflow for
large files.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-03 18:25:02 -07:00
Junio C Hamano
124b51909d pager: do not leak "GIT_PAGER_IN_USE" to the pager
Since 2e6c012e (setup_pager: set GIT_PAGER_IN_USE, 2011-08-17), we
export GIT_PAGER_IN_USE so that a process that becomes the upstream
of the spawned pager can still tell that we have spawned the pager
and decide to do colored output even when its output no longer goes
to a terminal (i.e. isatty(1)).

But we forgot to clear it from the enviornment of the spawned pager.

This is not a problem in a sane world, but if you have a handful of
thousands Git users in your organization, somebody is bound to do
strange things, e.g. typing "!<ENTER>" instead of 'q' to get control
back from $LESS.  GIT_PAGER_IN_USE is still set in that subshell
spawned by "less", and all sorts of interesting things starts
happening, e.g. "git diff | cat" starts coloring its output.

We can clear the environment variable in the half of the fork that
runs the pager to avoid the confusion.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
Acked-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-07-03 18:07:21 -07:00