diff options
76 files changed, 891 insertions, 178 deletions
diff --git a/Documentation/RelNotes/2.3.10.txt b/Documentation/RelNotes/2.3.10.txt new file mode 100644 index 0000000000..9d425d814d --- /dev/null +++ b/Documentation/RelNotes/2.3.10.txt @@ -0,0 +1,18 @@ +Git v2.3.10 Release Notes +========================= + +Fixes since v2.3.9 +------------------ + + * xdiff code we use to generate diffs is not prepared to handle + extremely large files. It uses "int" in many places, which can + overflow if we have a very large number of lines or even bytes in + our input files, for example. Cap the input size to soemwhere + around 1GB for now. + + * Some protocols (like git-remote-ext) can execute arbitrary code + found in the URL. The URLs that submodules use may come from + arbitrary sources (e.g., .gitmodules files in a remote + repository), and can hurt those who blindly enable recursive + fetch. Restrict the allowed protocols to well known and safe + ones. diff --git a/Documentation/RelNotes/2.4.10.txt b/Documentation/RelNotes/2.4.10.txt new file mode 100644 index 0000000000..8621199bc6 --- /dev/null +++ b/Documentation/RelNotes/2.4.10.txt @@ -0,0 +1,18 @@ +Git v2.4.10 Release Notes +========================= + +Fixes since v2.4.9 +------------------ + + * xdiff code we use to generate diffs is not prepared to handle + extremely large files. It uses "int" in many places, which can + overflow if we have a very large number of lines or even bytes in + our input files, for example. Cap the input size to soemwhere + around 1GB for now. + + * Some protocols (like git-remote-ext) can execute arbitrary code + found in the URL. The URLs that submodules use may come from + arbitrary sources (e.g., .gitmodules files in a remote + repository), and can hurt those who blindly enable recursive + fetch. Restrict the allowed protocols to well known and safe + ones. diff --git a/Documentation/RelNotes/2.5.4.txt b/Documentation/RelNotes/2.5.4.txt new file mode 100644 index 0000000000..a5e8477a4a --- /dev/null +++ b/Documentation/RelNotes/2.5.4.txt @@ -0,0 +1,18 @@ +Git v2.5.4 Release Notes +======================== + +Fixes since v2.5.4 +------------------ + + * xdiff code we use to generate diffs is not prepared to handle + extremely large files. It uses "int" in many places, which can + overflow if we have a very large number of lines or even bytes in + our input files, for example. Cap the input size to soemwhere + around 1GB for now. + + * Some protocols (like git-remote-ext) can execute arbitrary code + found in the URL. The URLs that submodules use may come from + arbitrary sources (e.g., .gitmodules files in a remote + repository), and can hurt those who blindly enable recursive + fetch. Restrict the allowed protocols to well known and safe + ones. diff --git a/Documentation/RelNotes/2.6.1.txt b/Documentation/RelNotes/2.6.1.txt new file mode 100644 index 0000000000..1e51363e3c --- /dev/null +++ b/Documentation/RelNotes/2.6.1.txt @@ -0,0 +1,18 @@ +Git v2.6.1 Release Notes +======================== + +Fixes since v2.6 +---------------- + + * xdiff code we use to generate diffs is not prepared to handle + extremely large files. It uses "int" in many places, which can + overflow if we have a very large number of lines or even bytes in + our input files, for example. Cap the input size to soemwhere + around 1GB for now. + + * Some protocols (like git-remote-ext) can execute arbitrary code + found in the URL. The URLs that submodules use may come from + arbitrary sources (e.g., .gitmodules files in a remote + repository), and can hurt those who blindly enable recursive + fetch. Restrict the allowed protocols to well known and safe + ones. diff --git a/Documentation/RelNotes/2.6.2.txt b/Documentation/RelNotes/2.6.2.txt new file mode 100644 index 0000000000..5b65e35245 --- /dev/null +++ b/Documentation/RelNotes/2.6.2.txt @@ -0,0 +1,65 @@ +Git v2.6.2 Release Notes +======================== + +Fixes since v2.6.1 +------------------ + + * There were some classes of errors that "git fsck" diagnosed to its + standard error that did not cause it to exit with non-zero status. + + * A test script for the HTTP service had a timing dependent bug, + which was fixed. + + * Performance-measurement tests did not work without an installed Git. + + * On a case insensitive filesystems, setting GIT_WORK_TREE variable + using a random cases that does not agree with what the filesystem + thinks confused Git that it wasn't inside the working tree. + + * When "git am" was rewritten as a built-in, it stopped paying + attention to user.signingkey, which was fixed. + + * After "git checkout --detach", "git status" reported a fairly + useless "HEAD detached at HEAD", instead of saying at which exact + commit. + + * "git rebase -i" had a minor regression recently, which stopped + considering a line that begins with an indented '#' in its insn + sheet not a comment, which is now fixed. + + * Description of the "log.follow" configuration variable in "git log" + documentation is now also copied to "git config" documentation. + + * Allocation related functions and stdio are unsafe things to call + inside a signal handler, and indeed killing the pager can cause + glibc to deadlock waiting on allocation mutex as our signal handler + tries to free() some data structures in wait_for_pager(). Reduce + these unsafe calls. + + * The way how --ref/--notes to specify the notes tree reference are + DWIMmed was not clearly documented. + + * Customization to change the behaviour with "make -w" and "make -s" + in our Makefile was broken when they were used together. + + * The Makefile always runs the library archiver with hardcoded "crs" + options, which was inconvenient for exotic platforms on which + people want to use programs with totally different set of command + line options. + + * The ssh transport, just like any other transport over the network, + did not clear GIT_* environment variables, but it is possible to + use SendEnv and AcceptEnv to leak them to the remote invocation of + Git, which is not a good idea at all. Explicitly clear them just + like we do for the local transport. + + * "git blame --first-parent v1.0..v2.0" was not rejected but did not + limit the blame to commits on the first parent chain. + + * Very small number of options take a parameter that is optional + (which is not a great UI element as they can only appear at the end + of the command line). Add notice to documentation of each and + every one of them. + +Also contains typofixes, documentation updates and trivial code +clean-ups. diff --git a/Documentation/config.txt b/Documentation/config.txt index 0cc87a6f65..fec0dea5d0 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1840,6 +1840,12 @@ log.decorate:: specified, the full ref name (including prefix) will be printed. This is the same as the log commands '--decorate' option. +log.follow:: + If `true`, `git log` will act as if the `--follow` option was used when + a single <path> is given. This has the same limitations as `--follow`, + i.e. it cannot be used to follow multiple files and does not work well + on non-linear history. + log.showRoot:: If true, the initial commit will be shown as a big creation event. This is equivalent to a diff against an empty tree. diff --git a/Documentation/git-am.txt b/Documentation/git-am.txt index dbea6e7ae9..452c1feb23 100644 --- a/Documentation/git-am.txt +++ b/Documentation/git-am.txt @@ -141,7 +141,9 @@ default. You can use `--no-utf8` to override this. -S[<keyid>]:: --gpg-sign[=<keyid>]:: - GPG-sign commits. + GPG-sign commits. The `keyid` argument is optional and + defaults to the committer identity; if specified, it must be + stuck to the option without a space. --continue:: -r:: diff --git a/Documentation/git-bisect-lk2009.txt b/Documentation/git-bisect-lk2009.txt index 0f0c6ff082..c06efbd42a 100644 --- a/Documentation/git-bisect-lk2009.txt +++ b/Documentation/git-bisect-lk2009.txt @@ -1321,7 +1321,7 @@ So git bisect is unconditional goodness - and feel free to quote that _____________ Acknowledgments ----------------- +--------------- Many thanks to Junio Hamano for his help in reviewing this paper, for reviewing the patches I sent to the Git mailing list, for discussing diff --git a/Documentation/git-cherry-pick.txt b/Documentation/git-cherry-pick.txt index 1147c71da6..77da29a474 100644 --- a/Documentation/git-cherry-pick.txt +++ b/Documentation/git-cherry-pick.txt @@ -9,7 +9,7 @@ SYNOPSIS -------- [verse] 'git cherry-pick' [--edit] [-n] [-m parent-number] [-s] [-x] [--ff] - [-S[<key-id>]] <commit>... + [-S[<keyid>]] <commit>... 'git cherry-pick' --continue 'git cherry-pick' --quit 'git cherry-pick' --abort @@ -101,9 +101,11 @@ effect to your index in a row. --signoff:: Add Signed-off-by line at the end of the commit message. --S[<key-id>]:: ---gpg-sign[=<key-id>]:: - GPG-sign commits. +-S[<keyid>]:: +--gpg-sign[=<keyid>]:: + GPG-sign commits. The `keyid` argument is optional and + defaults to the committer identity; if specified, it must be + stuck to the option without a space. --ff:: If the current HEAD is the same as the parent of the diff --git a/Documentation/git-commit-tree.txt b/Documentation/git-commit-tree.txt index f5f2a8d326..a0b5457304 100644 --- a/Documentation/git-commit-tree.txt +++ b/Documentation/git-commit-tree.txt @@ -56,7 +56,9 @@ OPTIONS -S[<keyid>]:: --gpg-sign[=<keyid>]:: - GPG-sign commit. + GPG-sign commits. The `keyid` argument is optional and + defaults to the committer identity; if specified, it must be + stuck to the option without a space. --no-gpg-sign:: Countermand `commit.gpgSign` configuration variable that is diff --git a/Documentation/git-commit.txt b/Documentation/git-commit.txt index 904dafa0f7..7f34a5b331 100644 --- a/Documentation/git-commit.txt +++ b/Documentation/git-commit.txt @@ -13,7 +13,7 @@ SYNOPSIS [-F <file> | -m <msg>] [--reset-author] [--allow-empty] [--allow-empty-message] [--no-verify] [-e] [--author=<author>] [--date=<date>] [--cleanup=<mode>] [--[no-]status] - [-i | -o] [-S[<key-id>]] [--] [<file>...] + [-i | -o] [-S[<keyid>]] [--] [<file>...] DESCRIPTION ----------- @@ -314,7 +314,9 @@ changes to tracked files. -S[<keyid>]:: --gpg-sign[=<keyid>]:: - GPG-sign commit. + GPG-sign commits. The `keyid` argument is optional and + defaults to the committer identity; if specified, it must be + stuck to the option without a space. --no-gpg-sign:: Countermand `commit.gpgSign` configuration variable that is diff --git a/Documentation/git-grep.txt b/Documentation/git-grep.txt index 31811f16bd..4a44d6da13 100644 --- a/Documentation/git-grep.txt +++ b/Documentation/git-grep.txt @@ -160,12 +160,15 @@ OPTIONS For better compatibility with 'git diff', `--name-only` is a synonym for `--files-with-matches`. --O [<pager>]:: ---open-files-in-pager [<pager>]:: +-O[<pager>]:: +--open-files-in-pager[=<pager>]:: Open the matching files in the pager (not the output of 'grep'). If the pager happens to be "less" or "vi", and the user specified only one pattern, the first file is positioned at - the first match automatically. + the first match automatically. The `pager` argument is + optional; if specified, it must be stuck to the option + without a space. If `pager` is unspecified, the default pager + will be used (see `core.pager` in linkgit:git-config[1]). -z:: --null:: diff --git a/Documentation/git-interpret-trailers.txt b/Documentation/git-interpret-trailers.txt index d6d9231b50..0ecd497c4d 100644 --- a/Documentation/git-interpret-trailers.txt +++ b/Documentation/git-interpret-trailers.txt @@ -67,7 +67,7 @@ OPTIONS --trim-empty:: If the <value> part of any trailer contains only whitespace, the whole trailer will be removed from the resulting message. - This apply to existing trailers as well as new trailers. + This applies to existing trailers as well as new trailers. --trailer <token>[(=|:)<value>]:: Specify a (<token>, <value>) pair that should be applied as a diff --git a/Documentation/git-log.txt b/Documentation/git-log.txt index 97b9993ee8..03f958029a 100644 --- a/Documentation/git-log.txt +++ b/Documentation/git-log.txt @@ -185,10 +185,10 @@ log.date:: dates like `Sat May 8 19:35:34 2010 -0500`. log.follow:: - If a single <path> is given to git log, it will act as - if the `--follow` option was also used. This has the same - limitations as `--follow`, i.e. it cannot be used to follow - multiple files and does not work well on non-linear history. + If `true`, `git log` will act as if the `--follow` option was used when + a single <path> is given. This has the same limitations as `--follow`, + i.e. it cannot be used to follow multiple files and does not work well + on non-linear history. log.showRoot:: If `false`, `git log` and related commands will not treat the diff --git a/Documentation/git-ls-remote.txt b/Documentation/git-ls-remote.txt index 2e22915eb8..d510c05e11 100644 --- a/Documentation/git-ls-remote.txt +++ b/Documentation/git-ls-remote.txt @@ -9,7 +9,7 @@ git-ls-remote - List references in a remote repository SYNOPSIS -------- [verse] -'git ls-remote' [--heads] [--tags] [-u <exec> | --upload-pack <exec>] +'git ls-remote' [--heads] [--tags] [--upload-pack=<exec>] [--exit-code] <repository> [<refs>...] DESCRIPTION @@ -29,7 +29,6 @@ OPTIONS both, references stored in refs/heads and refs/tags are displayed. --u <exec>:: --upload-pack=<exec>:: Specify the full path of 'git-upload-pack' on the remote host. This allows listing references from repositories accessed via diff --git a/Documentation/git-merge.txt b/Documentation/git-merge.txt index a62d6729b9..07f7295ec8 100644 --- a/Documentation/git-merge.txt +++ b/Documentation/git-merge.txt @@ -10,7 +10,7 @@ SYNOPSIS -------- [verse] 'git merge' [-n] [--stat] [--no-commit] [--squash] [--[no-]edit] - [-s <strategy>] [-X <strategy-option>] [-S[<key-id>]] + [-s <strategy>] [-X <strategy-option>] [-S[<keyid>]] [--[no-]rerere-autoupdate] [-m <msg>] [<commit>...] 'git merge' <msg> HEAD <commit>... 'git merge' --abort @@ -67,7 +67,9 @@ include::merge-options.txt[] -S[<keyid>]:: --gpg-sign[=<keyid>]:: - GPG-sign the resulting merge commit. + GPG-sign the resulting merge commit. The `keyid` argument is + optional and defaults to the committer identity; if specified, + it must be stuck to the option without a space. -m <msg>:: Set the commit message to be used for the merge commit (in diff --git a/Documentation/git-notes.txt b/Documentation/git-notes.txt index a9a916f360..8de349968a 100644 --- a/Documentation/git-notes.txt +++ b/Documentation/git-notes.txt @@ -162,7 +162,9 @@ OPTIONS --ref <ref>:: Manipulate the notes tree in <ref>. This overrides 'GIT_NOTES_REF' and the "core.notesRef" configuration. The ref - is taken to be in `refs/notes/` if it is not qualified. + specifies the full refname when it begins with `refs/notes/`; when it + begins with `notes/`, `refs/` and otherwise `refs/notes/` is prefixed + to form a full name of the ref. --ignore-missing:: Do not consider it an error to request removing notes from an diff --git a/Documentation/git-rebase.txt b/Documentation/git-rebase.txt index ca039546a4..bccfdf7fde 100644 --- a/Documentation/git-rebase.txt +++ b/Documentation/git-rebase.txt @@ -294,7 +294,9 @@ which makes little sense. -S[<keyid>]:: --gpg-sign[=<keyid>]:: - GPG-sign commits. + GPG-sign commits. The `keyid` argument is optional and + defaults to the committer identity; if specified, it must be + stuck to the option without a space. -q:: --quiet:: diff --git a/Documentation/git-revert.txt b/Documentation/git-revert.txt index cceb5f2f7f..b15139ffdc 100644 --- a/Documentation/git-revert.txt +++ b/Documentation/git-revert.txt @@ -8,7 +8,7 @@ git-revert - Revert some existing commits SYNOPSIS -------- [verse] -'git revert' [--[no-]edit] [-n] [-m parent-number] [-s] [-S[<key-id>]] <commit>... +'git revert' [--[no-]edit] [-n] [-m parent-number] [-s] [-S[<keyid>]] <commit>... 'git revert' --continue 'git revert' --quit 'git revert' --abort @@ -80,9 +80,11 @@ more details. This is useful when reverting more than one commits' effect to your index in a row. --S[<key-id>]:: ---gpg-sign[=<key-id>]:: - GPG-sign commits. +-S[<keyid>]:: +--gpg-sign[=<keyid>]:: + GPG-sign commits. The `keyid` argument is optional and + defaults to the committer identity; if specified, it must be + stuck to the option without a space. -s:: --signoff:: diff --git a/Documentation/git-status.txt b/Documentation/git-status.txt index 335f312335..e1e8f57cdd 100644 --- a/Documentation/git-status.txt +++ b/Documentation/git-status.txt @@ -53,8 +53,9 @@ OPTIONS --untracked-files[=<mode>]:: Show untracked files. + -The mode parameter is optional (defaults to 'all'), and is used to -specify the handling of untracked files. +The mode parameter is used to specify the handling of untracked files. +It is optional: it defaults to 'all', and if specified, it must be +stuck to the option (e.g. `-uno`, but not `-u no`). + The possible options are: + diff --git a/Documentation/git-tag.txt b/Documentation/git-tag.txt index 84f6496bf2..08b4dfbf1b 100644 --- a/Documentation/git-tag.txt +++ b/Documentation/git-tag.txt @@ -9,7 +9,7 @@ git-tag - Create, list, delete or verify a tag object signed with GPG SYNOPSIS -------- [verse] -'git tag' [-a | -s | -u <key-id>] [-f] [-m <msg> | -F <file>] +'git tag' [-a | -s | -u <keyid>] [-f] [-m <msg> | -F <file>] <tagname> [<commit> | <object>] 'git tag' -d <tagname>... 'git tag' [-n[<num>]] -l [--contains <commit>] [--points-at <object>] @@ -24,19 +24,19 @@ to delete, list or verify tags. Unless `-f` is given, the named tag must not yet exist. -If one of `-a`, `-s`, or `-u <key-id>` is passed, the command +If one of `-a`, `-s`, or `-u <keyid>` is passed, the command creates a 'tag' object, and requires a tag message. Unless `-m <msg>` or `-F <file>` is given, an editor is started for the user to type in the tag message. -If `-m <msg>` or `-F <file>` is given and `-a`, `-s`, and `-u <key-id>` +If `-m <msg>` or `-F <file>` is given and `-a`, `-s`, and `-u <keyid>` are absent, `-a` is implied. Otherwise just a tag reference for the SHA-1 object name of the commit object is created (i.e. a lightweight tag). A GnuPG signed tag object will be created when `-s` or `-u -<key-id>` is used. When `-u <key-id>` is not used, the +<keyid>` is used. When `-u <keyid>` is not used, the committer identity for the current user is used to find the GnuPG key for signing. The configuration variable `gpg.program` is used to specify custom GnuPG binary. @@ -63,8 +63,8 @@ OPTIONS --sign:: Make a GPG-signed tag, using the default e-mail address's key. --u <key-id>:: ---local-user=<key-id>:: +-u <keyid>:: +--local-user=<keyid>:: Make a GPG-signed tag, using the given key. -f:: @@ -125,14 +125,14 @@ This option is only applicable when listing tags without annotation lines. Use the given tag message (instead of prompting). If multiple `-m` options are given, their values are concatenated as separate paragraphs. - Implies `-a` if none of `-a`, `-s`, or `-u <key-id>` + Implies `-a` if none of `-a`, `-s`, or `-u <keyid>` is given. -F <file>:: --file=<file>:: Take the tag message from the given file. Use '-' to read the message from the standard input. - Implies `-a` if none of `-a`, `-s`, or `-u <key-id>` + Implies `-a` if none of `-a`, `-s`, or `-u <keyid>` is given. --cleanup=<mode>:: @@ -166,7 +166,7 @@ it in the repository configuration as follows: ------------------------------------- [user] - signingKey = <gpg-key-id> + signingKey = <gpg-keyid> ------------------------------------- diff --git a/Documentation/git.txt b/Documentation/git.txt index 8b2dede3e9..4585103f99 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,17 +43,26 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.5.3/git.html[documentation for release 2.5.3] +* link:v2.6.2/git.html[documentation for release 2.6.2] * release notes for + link:RelNotes/2.6.2.txt[2.6.2], + link:RelNotes/2.6.1.txt[2.6.1], + link:RelNotes/2.6.0.txt[2.6]. + +* link:v2.5.4/git.html[documentation for release 2.5.4] + +* release notes for + link:RelNotes/2.5.4.txt[2.5.4], link:RelNotes/2.5.3.txt[2.5.3], link:RelNotes/2.5.2.txt[2.5.2], link:RelNotes/2.5.1.txt[2.5.1], link:RelNotes/2.5.0.txt[2.5]. -* link:v2.4.9/git.html[documentation for release 2.4.9] +* link:v2.4.10/git.html[documentation for release 2.4.10] * release notes for + link:RelNotes/2.4.10.txt[2.4.10], link:RelNotes/2.4.9.txt[2.4.9], link:RelNotes/2.4.8.txt[2.4.8], link:RelNotes/2.4.7.txt[2.4.7], @@ -65,9 +74,10 @@ Documentation for older releases are available here: link:RelNotes/2.4.1.txt[2.4.1], link:RelNotes/2.4.0.txt[2.4]. -* link:v2.3.9/git.html[documentation for release 2.3.9] +* link:v2.3.10/git.html[documentation for release 2.3.10] * release notes for + link:RelNotes/2.3.10.txt[2.3.10], link:RelNotes/2.3.9.txt[2.3.9], link:RelNotes/2.3.8.txt[2.3.8], link:RelNotes/2.3.7.txt[2.3.7], @@ -1087,6 +1097,33 @@ GIT_ICASE_PATHSPECS:: an operation has touched every ref (e.g., because you are cloning a repository to make a backup). +`GIT_ALLOW_PROTOCOL`:: + If set, provide a colon-separated list of protocols which are + allowed to be used with fetch/push/clone. This is useful to + restrict recursive submodule initialization from an untrusted + repository. Any protocol not mentioned will be disallowed (i.e., + this is a whitelist, not a blacklist). If the variable is not + set at all, all protocols are enabled. The protocol names + currently used by git are: + + - `file`: any local file-based path (including `file://` URLs, + or local paths) + + - `git`: the anonymous git protocol over a direct TCP + connection (or proxy, if configured) + + - `ssh`: git over ssh (including `host:path` syntax, + `git+ssh://`, etc). + + - `rsync`: git over rsync + + - `http`: git over http, both "smart http" and "dumb http". + Note that this does _not_ include `https`; if you want both, + you should specify both as `http:https`. + + - any external helpers are named by their protocol (e.g., use + `hg` to allow the `git-remote-hg` helper) + Discussion[[Discussion]] ------------------------ diff --git a/Documentation/pretty-options.txt b/Documentation/pretty-options.txt index 8d6c5cec4c..4b659ac1a6 100644 --- a/Documentation/pretty-options.txt +++ b/Documentation/pretty-options.txt @@ -55,8 +55,9 @@ By default, the notes shown are from the notes refs listed in the environment overrides). See linkgit:git-config[1] for more details. + With an optional '<ref>' argument, show this notes ref instead of the -default notes ref(s). The ref is taken to be in `refs/notes/` if it -is not qualified. +default notes ref(s). The ref specifies the full refname when it begins +with `refs/notes/`; when it begins with `notes/`, `refs/` and otherwise +`refs/notes/` is prefixed to form a full name of the ref. + Multiple --notes options can be combined to control which notes are being displayed. Examples: "--notes=foo" will show only notes from diff --git a/Documentation/user-manual.txt b/Documentation/user-manual.txt index 68978f5338..1b7987e737 100644 --- a/Documentation/user-manual.txt +++ b/Documentation/user-manual.txt @@ -3424,7 +3424,7 @@ just missing one particular blob version. [[the-index]] The index ------------ +--------- The index is a binary file (generally kept in `.git/index`) containing a sorted list of path names, each with permissions and the SHA-1 of a blob diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index 49d60c0671..787670926a 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.6.0-rc3 +DEF_VER=v2.6.2 LF=' ' @@ -375,6 +375,9 @@ ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS) ALL_LDFLAGS = $(LDFLAGS) STRIP ?= strip +# Create as necessary, replace existing, make ranlib unneeded. +ARFLAGS = rcs + # Among the variables below, these: # gitexecdir # template_dir @@ -1465,13 +1468,13 @@ endif QUIET_SUBDIR0 = +$(MAKE) -C # space to separate -C and subdir QUIET_SUBDIR1 = -ifneq ($(findstring $(MAKEFLAGS),w),w) +ifneq ($(findstring w,$(MAKEFLAGS)),w) PRINT_DIR = --no-print-directory else # "make -w" NO_SUBDIR = : endif -ifneq ($(findstring $(MAKEFLAGS),s),s) +ifneq ($(findstring s,$(MAKEFLAGS)),s) ifndef V QUIET_CC = @echo ' ' CC $@; QUIET_AR = @echo ' ' AR $@; @@ -1995,13 +1998,13 @@ $(REMOTE_CURL_PRIMARY): remote-curl.o http.o http-walker.o GIT-LDFLAGS $(GITLIBS $(LIBS) $(CURL_LIBCURL) $(EXPAT_LIBEXPAT) $(LIB_FILE): $(LIB_OBJS) - $(QUIET_AR)$(RM) $@ && $(AR) rcs $@ $^ + $(QUIET_AR)$(RM) $@ && $(AR) $(ARFLAGS) $@ $^ $(XDIFF_LIB): $(XDIFF_OBJS) - $(QUIET_AR)$(RM) $@ && $(AR) rcs $@ $^ + $(QUIET_AR)$(RM) $@ && $(AR) $(ARFLAGS) $@ $^ $(VCSSVN_LIB): $(VCSSVN_OBJS) - $(QUIET_AR)$(RM) $@ && $(AR) rcs $@ $^ + $(QUIET_AR)$(RM) $@ && $(AR) $(ARFLAGS) $@ $^ export DEFAULT_EDITOR DEFAULT_PAGER @@ -1 +1 @@ -Documentation/RelNotes/2.6.0.txt
\ No newline at end of file +Documentation/RelNotes/2.6.2.txt
\ No newline at end of file @@ -100,7 +100,7 @@ void NORETURN die_conclude_merge(void) { error(_("You have not concluded your merge (MERGE_HEAD exists).")); if (advice_resolve_conflict) - advise(_("Please, commit your changes before you can merge.")); + advise(_("Please, commit your changes before merging.")); die(_("Exiting because of unfinished merge.")); } diff --git a/builtin/am.c b/builtin/am.c index 4f77e07b95..3bd4fd701b 100644 --- a/builtin/am.c +++ b/builtin/am.c @@ -2208,6 +2208,17 @@ enum resume_mode { RESUME_ABORT }; +static int git_am_config(const char *k, const char *v, void *cb) +{ + int status; + + status = git_gpg_config(k, v, NULL); + if (status) + return status; + + return git_default_config(k, v, NULL); +} + int cmd_am(int argc, const char **argv, const char *prefix) { struct am_state state; @@ -2308,7 +2319,7 @@ int cmd_am(int argc, const char **argv, const char *prefix) OPT_END() }; - git_config(git_default_config, NULL); + git_config(git_am_config, NULL); am_state_init(&state, git_path("rebase-apply")); diff --git a/builtin/blame.c b/builtin/blame.c index 4db01c195c..295ce92da5 100644 --- a/builtin/blame.c +++ b/builtin/blame.c @@ -974,7 +974,10 @@ static void pass_blame_to_parent(struct scoreboard *sb, fill_origin_blob(&sb->revs->diffopt, target, &file_o); num_get_patch++; - diff_hunks(&file_p, &file_o, 0, blame_chunk_cb, &d); + if (diff_hunks(&file_p, &file_o, 0, blame_chunk_cb, &d)) + die("unable to generate diff (%s -> %s)", + sha1_to_hex(parent->commit->object.sha1), + sha1_to_hex(target->commit->object.sha1)); /* The rest are the same as the parent */ blame_chunk(&d.dstq, &d.srcq, INT_MAX, d.offset, INT_MAX, parent); *d.dstq = NULL; @@ -1120,7 +1123,9 @@ static void find_copy_in_blob(struct scoreboard *sb, * file_p partially may match that image. */ memset(split, 0, sizeof(struct blame_entry [3])); - diff_hunks(file_p, &file_o, 1, handle_split_cb, &d); + if (diff_hunks(file_p, &file_o, 1, handle_split_cb, &d)) + die("unable to generate diff (%s)", + sha1_to_hex(parent->commit->object.sha1)); /* remainder, if any, all match the preimage */ handle_split(sb, ent, d.tlno, d.plno, ent->num_lines, parent, split); } @@ -1366,8 +1371,15 @@ static void pass_whole_blame(struct scoreboard *sb, */ static struct commit_list *first_scapegoat(struct rev_info *revs, struct commit *commit) { - if (!reverse) + if (!reverse) { + if (revs->first_parent_only && + commit->parents && + commit->parents->next) { + free_commit_list(commit->parents->next); + commit->parents->next = NULL; + } return commit->parents; + } return lookup_decoration(&revs->children, &commit->object); } @@ -2680,6 +2692,8 @@ parse_done: } else if (contents_from) die("--contents and --children do not blend well."); + else if (revs.first_parent_only) + die("combining --first-parent and --reverse is not supported"); else { final_commit_name = prepare_initial(&sb); sb.commits.compare = compare_commits_by_reverse_commit_date; diff --git a/builtin/fsck.c b/builtin/fsck.c index 079470342f..b9a74f0cf6 100644 --- a/builtin/fsck.c +++ b/builtin/fsck.c @@ -38,6 +38,7 @@ static int show_dangling = 1; #define ERROR_OBJECT 01 #define ERROR_REACHABLE 02 #define ERROR_PACK 04 +#define ERROR_REFS 010 #ifdef NO_D_INO_IN_DIRENT #define SORT_DIRENT 0 @@ -521,8 +522,10 @@ static int fsck_handle_ref(const char *refname, const struct object_id *oid, /* We'll continue with the rest despite the error.. */ return 0; } - if (obj->type != OBJ_COMMIT && is_branch(refname)) + if (obj->type != OBJ_COMMIT && is_branch(refname)) { error("%s: not a commit", refname); + errors_found |= ERROR_REFS; + } default_refs++; obj->used = 1; mark_object_reachable(obj); @@ -585,17 +588,23 @@ static int fsck_head_link(void) fprintf(stderr, "Checking HEAD link\n"); head_points_at = resolve_ref_unsafe("HEAD", 0, head_oid.hash, &flag); - if (!head_points_at) + if (!head_points_at) { + errors_found |= ERROR_REFS; return error("Invalid HEAD"); + } if (!strcmp(head_points_at, "HEAD")) /* detached HEAD */ null_is_error = 1; - else if (!starts_with(head_points_at, "refs/heads/")) + else if (!starts_with(head_points_at, "refs/heads/")) { + errors_found |= ERROR_REFS; return error("HEAD points to something strange (%s)", head_points_at); + } if (is_null_oid(&head_oid)) { - if (null_is_error) + if (null_is_error) { + errors_found |= ERROR_REFS; return error("HEAD: detached HEAD points at nothing"); + } fprintf(stderr, "notice: HEAD points to an unborn branch (%s)\n", head_points_at + 11); } @@ -615,6 +624,7 @@ static int fsck_cache_tree(struct cache_tree *it) if (!obj) { error("%s: invalid sha1 pointer in cache-tree", sha1_to_hex(it->sha1)); + errors_found |= ERROR_REFS; return 1; } obj->used = 1; diff --git a/builtin/ls-remote.c b/builtin/ls-remote.c index 4554dbc8a9..5e9d5450b7 100644 --- a/builtin/ls-remote.c +++ b/builtin/ls-remote.c @@ -4,7 +4,7 @@ #include "remote.h" static const char ls_remote_usage[] = -"git ls-remote [--heads] [--tags] [-u <exec> | --upload-pack <exec>]\n" +"git ls-remote [--heads] [--tags] [--upload-pack=<exec>]\n" " [-q | --quiet] [--exit-code] [--get-url] [<repository> [<refs>...]]"; /* diff --git a/builtin/merge-file.c b/builtin/merge-file.c index ea8093f676..50d0bc873b 100644 --- a/builtin/merge-file.c +++ b/builtin/merge-file.c @@ -75,7 +75,8 @@ int cmd_merge_file(int argc, const char **argv, const char *prefix) names[i] = argv[i]; if (read_mmfile(mmfs + i, fname)) return -1; - if (buffer_is_binary(mmfs[i].ptr, mmfs[i].size)) + if (mmfs[i].size > MAX_XDIFF_SIZE || + buffer_is_binary(mmfs[i].ptr, mmfs[i].size)) return error("Cannot merge binary files: %s", argv[i]); } diff --git a/builtin/merge-tree.c b/builtin/merge-tree.c index f9ab48597e..2a4aafec6a 100644 --- a/builtin/merge-tree.c +++ b/builtin/merge-tree.c @@ -118,7 +118,8 @@ static void show_diff(struct merge_list *entry) if (!dst.ptr) size = 0; dst.size = size; - xdi_diff(&src, &dst, &xpp, &xecfg, &ecb); + if (xdi_diff(&src, &dst, &xpp, &xecfg, &ecb)) + die("unable to generate diff"); free(src.ptr); free(dst.ptr); } diff --git a/builtin/pull.c b/builtin/pull.c index a39bb0a11f..bf3fd3f9c8 100644 --- a/builtin/pull.c +++ b/builtin/pull.c @@ -66,7 +66,7 @@ static int parse_opt_rebase(const struct option *opt, const char *arg, int unset } static const char * const pull_usage[] = { - N_("git pull [options] [<repository> [<refspec>...]]"), + N_("git pull [<options>] [<repository> [<refspec>...]]"), NULL }; diff --git a/builtin/rerere.c b/builtin/rerere.c index 12535c9b4f..88e1359ebc 100644 --- a/builtin/rerere.c +++ b/builtin/rerere.c @@ -29,9 +29,10 @@ static int diff_two(const char *file1, const char *label1, xdemitconf_t xecfg; xdemitcb_t ecb; mmfile_t minus, plus; + int ret; if (read_mmfile(&minus, file1) || read_mmfile(&plus, file2)) - return 1; + return -1; printf("--- a/%s\n+++ b/%s\n", label1, label2); fflush(stdout); @@ -40,11 +41,11 @@ static int diff_two(const char *file1, const char *label1, memset(&xecfg, 0, sizeof(xecfg)); xecfg.ctxlen = 3; ecb.outf = outf; - xdi_diff(&minus, &plus, &xpp, &xecfg, &ecb); + ret = xdi_diff(&minus, &plus, &xpp, &xecfg, &ecb); free(minus.ptr); free(plus.ptr); - return 0; + return ret; } int cmd_rerere(int argc, const char **argv, const char *prefix) @@ -104,7 +105,8 @@ int cmd_rerere(int argc, const char **argv, const char *prefix) for (i = 0; i < merge_rr.nr; i++) { const char *path = merge_rr.items[i].string; const char *name = (const char *)merge_rr.items[i].util; - diff_two(rerere_path(name, "preimage"), path, path, path); + if (diff_two(rerere_path(name, "preimage"), path, path, path)) + die("unable to generate diff for %s", name); } } else usage_with_options(rerere_usage, options); diff --git a/combine-diff.c b/combine-diff.c index 30c7eb6d3c..0f62f54b5e 100644 --- a/combine-diff.c +++ b/combine-diff.c @@ -419,8 +419,10 @@ static void combine_diff(const struct object_id *parent, unsigned int mode, state.num_parent = num_parent; state.n = n; - xdi_diff_outf(&parent_file, result_file, consume_line, &state, - &xpp, &xecfg); + if (xdi_diff_outf(&parent_file, result_file, consume_line, &state, + &xpp, &xecfg)) + die("unable to generate combined diff for %s", + oid_to_hex(parent)); free(parent_file.ptr); /* Assign line numbers for this parent. @@ -9,6 +9,7 @@ #include "url.h" #include "string-list.h" #include "sha1-array.h" +#include "transport.h" static char *server_capabilities; static const char *parse_feature_value(const char *, const char *, int *); @@ -254,7 +255,7 @@ static const char *prot_name(enum protocol protocol) case PROTO_GIT: return "git"; default: - return "unkown protocol"; + return "unknown protocol"; } } @@ -694,6 +695,8 @@ struct child_process *git_connect(int fd[2], const char *url, else target_host = xstrdup(hostandport); + transport_check_allowed("git"); + /* These underlying connection commands die() if they * cannot connect. */ @@ -721,12 +724,16 @@ struct child_process *git_connect(int fd[2], const char *url, strbuf_addch(&cmd, ' '); sq_quote_buf(&cmd, path); + /* remove repo-local variables from the environment */ + conn->env = local_repo_env; + conn->use_shell = 1; conn->in = conn->out = -1; if (protocol == PROTO_SSH) { const char *ssh; - int putty, tortoiseplink = 0; + int putty = 0, tortoiseplink = 0; char *ssh_host = hostandport; const char *port = NULL; + transport_check_allowed("ssh"); get_host_and_port(&ssh_host, &port); if (!port) @@ -746,13 +753,17 @@ struct child_process *git_connect(int fd[2], const char *url, } ssh = getenv("GIT_SSH_COMMAND"); - if (ssh) { - conn->use_shell = 1; - putty = 0; - } else { + if (!ssh) { const char *base; char *ssh_dup; + /* + * GIT_SSH is the no-shell version of + * GIT_SSH_COMMAND (and must remain so for + * historical compatibility). + */ + conn->use_shell = 0; + ssh = getenv("GIT_SSH"); if (!ssh) ssh = "ssh"; @@ -762,8 +773,9 @@ struct child_process *git_connect(int fd[2], const char *url, tortoiseplink = !strcasecmp(base, "tortoiseplink") || !strcasecmp(base, "tortoiseplink.exe"); - putty = !strcasecmp(base, "plink") || - !strcasecmp(base, "plink.exe") || tortoiseplink; + putty = tortoiseplink || + !strcasecmp(base, "plink") || + !strcasecmp(base, "plink.exe"); free(ssh_dup); } @@ -778,9 +790,7 @@ struct child_process *git_connect(int fd[2], const char *url, } argv_array_push(&conn->args, ssh_host); } else { - /* remove repo-local variables from the environment */ - conn->env = local_repo_env; - conn->use_shell = 1; + transport_check_allowed("file"); } argv_array_push(&conn->args, cmd.buf); diff --git a/contrib/examples/git-pull.sh b/contrib/examples/git-pull.sh index e8dc2e0e7d..6b3a03f9b0 100755 --- a/contrib/examples/git-pull.sh +++ b/contrib/examples/git-pull.sh @@ -69,7 +69,7 @@ as appropriate to mark resolution and make a commit.")" die_merge () { if [ $(git config --bool --get advice.resolveConflict || echo true) = "true" ]; then die "$(gettext "You have not concluded your merge (MERGE_HEAD exists). -Please, commit your changes before you can merge.")" +Please, commit your changes before merging.")" else die "$(gettext "You have not concluded your merge (MERGE_HEAD exists).")" fi @@ -1041,8 +1041,9 @@ static void diff_words_show(struct diff_words_data *diff_words) xpp.flags = 0; /* as only the hunk header will be parsed, we need a 0-context */ xecfg.ctxlen = 0; - xdi_diff_outf(&minus, &plus, fn_out_diff_words_aux, diff_words, - &xpp, &xecfg); + if (xdi_diff_outf(&minus, &plus, fn_out_diff_words_aux, diff_words, + &xpp, &xecfg)) + die("unable to generate word diff"); free(minus.ptr); free(plus.ptr); if (diff_words->current_plus != diff_words->plus.text.ptr + @@ -2449,8 +2450,9 @@ static void builtin_diff(const char *name_a, xecfg.ctxlen = strtoul(v, NULL, 10); if (o->word_diff) init_diff_words_data(&ecbdata, o, one, two); - xdi_diff_outf(&mf1, &mf2, fn_out_consume, &ecbdata, - &xpp, &xecfg); + if (xdi_diff_outf(&mf1, &mf2, fn_out_consume, &ecbdata, + &xpp, &xecfg)) + die("unable to generate diff for %s", one->path); if (o->word_diff) free_diff_words_data(&ecbdata); if (textconv_one) @@ -2527,8 +2529,9 @@ static void builtin_diffstat(const char *name_a, const char *name_b, xpp.flags = o->xdl_opts; xecfg.ctxlen = o->context; xecfg.interhunkctxlen = o->interhunkcontext; - xdi_diff_outf(&mf1, &mf2, diffstat_consume, diffstat, - &xpp, &xecfg); + if (xdi_diff_outf(&mf1, &mf2, diffstat_consume, diffstat, + &xpp, &xecfg)) + die("unable to generate diffstat for %s", one->path); } diff_free_filespec_data(one); @@ -2574,8 +2577,9 @@ static void builtin_checkdiff(const char *name_a, const char *name_b, memset(&xecfg, 0, sizeof(xecfg)); xecfg.ctxlen = 1; /* at least one context line */ xpp.flags = 0; - xdi_diff_outf(&mf1, &mf2, checkdiff_consume, &data, - &xpp, &xecfg); + if (xdi_diff_outf(&mf1, &mf2, checkdiff_consume, &data, + &xpp, &xecfg)) + die("unable to generate checkdiff for %s", one->path); if (data.ws_rule & WS_BLANK_AT_EOF) { struct emit_callback ecbdata; @@ -4510,8 +4514,10 @@ static int diff_get_patch_id(struct diff_options *options, unsigned char *sha1) xpp.flags = 0; xecfg.ctxlen = 3; xecfg.flags = 0; - xdi_diff_outf(&mf1, &mf2, patch_id_consume, &data, - &xpp, &xecfg); + if (xdi_diff_outf(&mf1, &mf2, patch_id_consume, &data, + &xpp, &xecfg)) + return error("unable to generate patch-id diff for %s", + p->one->path); } git_SHA1_Final(sha1, &ctx); diff --git a/diffcore-pickaxe.c b/diffcore-pickaxe.c index 185f86b284..7715c13ec4 100644 --- a/diffcore-pickaxe.c +++ b/diffcore-pickaxe.c @@ -62,8 +62,8 @@ static int diff_grep(mmfile_t *one, mmfile_t *two, ecbdata.hit = 0; xecfg.ctxlen = o->context; xecfg.interhunkctxlen = o->interhunkcontext; - xdi_diff_outf(one, two, diffgrep_consume, &ecbdata, - &xpp, &xecfg); + if (xdi_diff_outf(one, two, diffgrep_consume, &ecbdata, &xpp, &xecfg)) + return 0; return ecbdata.hit; } @@ -2030,6 +2030,15 @@ int file_exists(const char *f) return lstat(f, &sb) == 0; } +static int cmp_icase(char a, char b) +{ + if (a == b) + return 0; + if (ignore_case) + return toupper(a) - toupper(b); + return a - b; +} + /* * Given two normalized paths (a trailing slash is ok), if subdir is * outside dir, return -1. Otherwise return the offset in subdir that @@ -2041,7 +2050,7 @@ int dir_inside_of(const char *subdir, const char *dir) assert(dir && subdir && *dir && *subdir); - while (*dir && *subdir && *dir == *subdir) { + while (*dir && *subdir && !cmp_icase(*dir, *subdir)) { dir++; subdir++; offset++; diff --git a/git-rebase--interactive.sh b/git-rebase--interactive.sh index f01637b1fd..d65c06eff3 100644 --- a/git-rebase--interactive.sh +++ b/git-rebase--interactive.sh @@ -729,8 +729,8 @@ transform_todo_ids () { # that do not have a SHA-1 at the beginning of $rest. ;; *) - sha1=$(git rev-parse --verify --quiet "$@" ${rest%% *}) && - rest="$sha1 ${rest#* }" + sha1=$(git rev-parse --verify --quiet "$@" ${rest%%[ ]*}) && + rest="$sha1 ${rest#*[ ]}" ;; esac printf '%s\n' "$command${rest:+ }$rest" @@ -857,7 +857,8 @@ add_exec_commands () { # Check if the SHA-1 passed as an argument is a # correct one, if not then print $2 in "$todo".badsha # $1: the SHA-1 to test -# $2: the line to display if incorrect SHA-1 +# $2: the line number of the input +# $3: the input filename check_commit_sha () { badsha=0 if test -z $1 @@ -873,9 +874,10 @@ check_commit_sha () { if test $badsha -ne 0 then + line="$(sed -n -e "${2}p" "$3")" warn "Warning: the SHA-1 is missing or isn't" \ "a commit in the following line:" - warn " - $2" + warn " - $line" warn fi @@ -886,37 +888,31 @@ check_commit_sha () { # from the todolist in stdin check_bad_cmd_and_sha () { retval=0 - git stripspace --strip-comments | - ( - while read -r line - do - IFS=' ' - set -- $line - command=$1 - sha1=$2 - - case $command in - ''|noop|x|"exec") - # Doesn't expect a SHA-1 - ;; - pick|p|drop|d|reword|r|edit|e|squash|s|fixup|f) - if ! check_commit_sha $sha1 "$line" - then - retval=1 - fi - ;; - *) - warn "Warning: the command isn't recognized" \ - "in the following line:" - warn " - $line" - warn + lineno=0 + while read -r command rest + do + lineno=$(( $lineno + 1 )) + case $command in + "$comment_char"*|''|noop|x|exec) + # Doesn't expect a SHA-1 + ;; + pick|p|drop|d|reword|r|edit|e|squash|s|fixup|f) + if ! check_commit_sha "${rest%%[ ]*}" "$lineno" "$1" + then retval=1 - ;; - esac - done - - return $retval - ) + fi + ;; + *) + line="$(sed -n -e "${lineno}p" "$1")" + warn "Warning: the command isn't recognized" \ + "in the following line:" + warn " - $line" + warn + retval=1 + ;; + esac + done <"$1" + return $retval } # Print the list of the SHA-1 of the commits @@ -1010,7 +1006,7 @@ check_todo_list () { ;; esac - if ! check_bad_cmd_and_sha <"$todo" + if ! check_bad_cmd_and_sha "$todo" then raise_error=t fi diff --git a/git-submodule.sh b/git-submodule.sh index 25b1ddf252..82e35582cd 100755 --- a/git-submodule.sh +++ b/git-submodule.sh @@ -22,6 +22,15 @@ require_work_tree wt_prefix=$(git rev-parse --show-prefix) cd_to_toplevel +# Restrict ourselves to a vanilla subset of protocols; the URLs +# we get are under control of a remote repository, and we do not +# want them kicking off arbitrary git-remote-* programs. +# +# If the user has already specified a set of allowed protocols, +# we assume they know what they're doing and use that instead. +: ${GIT_ALLOW_PROTOCOL=file:git:http:https:ssh} +export GIT_ALLOW_PROTOCOL + command= branch= force= @@ -9,6 +9,7 @@ #include "version.h" #include "pkt-line.h" #include "gettext.h" +#include "transport.h" int active_requests; int http_is_verbose; @@ -356,6 +357,7 @@ static void set_curl_keepalive(CURL *c) static CURL *get_curl_handle(void) { CURL *result = curl_easy_init(); + long allowed_protocols = 0; if (!result) die("curl_easy_init failed"); @@ -425,11 +427,27 @@ static CURL *get_curl_handle(void) } curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1); + curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20); #if LIBCURL_VERSION_NUM >= 0x071301 curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL); #elif LIBCURL_VERSION_NUM >= 0x071101 curl_easy_setopt(result, CURLOPT_POST301, 1); #endif +#if LIBCURL_VERSION_NUM >= 0x071304 + if (is_transport_allowed("http")) + allowed_protocols |= CURLPROTO_HTTP; + if (is_transport_allowed("https")) + allowed_protocols |= CURLPROTO_HTTPS; + if (is_transport_allowed("ftp")) + allowed_protocols |= CURLPROTO_FTP; + if (is_transport_allowed("ftps")) + allowed_protocols |= CURLPROTO_FTPS; + curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols); +#else + if (transport_restrict_protocols()) + warning("protocol restrictions not applied to curl redirects because\n" + "your curl version is too old (>= 7.19.4)"); +#endif if (getenv("GIT_CURL_VERBOSE")) curl_easy_setopt(result, CURLOPT_VERBOSE, 1); diff --git a/line-log.c b/line-log.c index c12c69f05a..626b22cc31 100644 --- a/line-log.c +++ b/line-log.c @@ -325,7 +325,7 @@ static int collect_diff_cb(long start_a, long count_a, return 0; } -static void collect_diff(mmfile_t *parent, mmfile_t *target, struct diff_ranges *out) +static int collect_diff(mmfile_t *parent, mmfile_t *target, struct diff_ranges *out) { struct collect_diff_cbdata cbdata = {NULL}; xpparam_t xpp; @@ -340,7 +340,7 @@ static void collect_diff(mmfile_t *parent, mmfile_t *target, struct diff_ranges xecfg.hunk_func = collect_diff_cb; memset(&ecb, 0, sizeof(ecb)); ecb.priv = &cbdata; - xdi_diff(parent, target, &xpp, &xecfg, &ecb); + return xdi_diff(parent, target, &xpp, &xecfg, &ecb); } /* @@ -1030,7 +1030,8 @@ static int process_diff_filepair(struct rev_info *rev, } diff_ranges_init(&diff); - collect_diff(&file_parent, &file_target, &diff); + if (collect_diff(&file_parent, &file_target, &diff)) + die("unable to generate diff for %s", pair->one->path); /* NEEDSWORK should apply some heuristics to prevent mismatches */ free(rg->path); diff --git a/ll-merge.c b/ll-merge.c index fc3c049594..bf83290793 100644 --- a/ll-merge.c +++ b/ll-merge.c @@ -89,7 +89,10 @@ static int ll_xdl_merge(const struct ll_merge_driver *drv_unused, xmparam_t xmp; assert(opts); - if (buffer_is_binary(orig->ptr, orig->size) || + if (orig->size > MAX_XDIFF_SIZE || + src1->size > MAX_XDIFF_SIZE || + src2->size > MAX_XDIFF_SIZE || + buffer_is_binary(orig->ptr, orig->size) || buffer_is_binary(src1->ptr, src1->size) || buffer_is_binary(src2->ptr, src2->size)) { return ll_binary_merge(drv_unused, result, @@ -14,19 +14,29 @@ static const char *pager_argv[] = { NULL, NULL }; static struct child_process pager_process = CHILD_PROCESS_INIT; -static void wait_for_pager(void) +static void wait_for_pager(int in_signal) { - fflush(stdout); - fflush(stderr); + if (!in_signal) { + fflush(stdout); + fflush(stderr); + } /* signal EOF to pager */ close(1); close(2); - finish_command(&pager_process); + if (in_signal) + finish_command_in_signal(&pager_process); + else + finish_command(&pager_process); +} + +static void wait_for_pager_atexit(void) +{ + wait_for_pager(0); } static void wait_for_pager_signal(int signo) { - wait_for_pager(); + wait_for_pager(1); sigchain_pop(signo); raise(signo); } @@ -90,7 +100,7 @@ void setup_pager(void) /* this makes sure that the parent terminates after the pager */ sigchain_push_common(wait_for_pager_signal); - atexit(wait_for_pager); + atexit(wait_for_pager_atexit); } int pager_in_use(void) @@ -4,9 +4,15 @@ int quote_path_fully = 1; +static inline int need_bs_quote(char c) +{ + return (c == '\'' || c == '!'); +} + /* Help to copy the thing properly quoted for the shell safety. * any single quote is replaced with '\'', any exclamation point * is replaced with '\!', and the whole thing is enclosed in a + * single quote pair. * * E.g. * original sq_quote result @@ -15,11 +21,6 @@ int quote_path_fully = 1; * a'b ==> a'\''b ==> 'a'\''b' * a!b ==> a'\!'b ==> 'a'\!'b' */ -static inline int need_bs_quote(char c) -{ - return (c == '\'' || c == '!'); -} - void sq_quote_buf(struct strbuf *dst, const char *src) { char *to_free = NULL; diff --git a/run-command.c b/run-command.c index 3277cf797e..e09275bd9e 100644 --- a/run-command.c +++ b/run-command.c @@ -18,26 +18,27 @@ struct child_to_clean { static struct child_to_clean *children_to_clean; static int installed_child_cleanup_handler; -static void cleanup_children(int sig) +static void cleanup_children(int sig, int in_signal) { while (children_to_clean) { struct child_to_clean *p = children_to_clean; children_to_clean = p->next; kill(p->pid, sig); - free(p); + if (!in_signal) + free(p); } } static void cleanup_children_on_signal(int sig) { - cleanup_children(sig); + cleanup_children(sig, 1); sigchain_pop(sig); raise(sig); } static void cleanup_children_on_exit(void) { - cleanup_children(SIGTERM); + cleanup_children(SIGTERM, 0); } static void mark_child_for_cleanup(pid_t pid) @@ -220,7 +221,7 @@ static inline void set_cloexec(int fd) fcntl(fd, F_SETFD, flags | FD_CLOEXEC); } -static int wait_or_whine(pid_t pid, const char *argv0) +static int wait_or_whine(pid_t pid, const char *argv0, int in_signal) { int status, code = -1; pid_t waiting; @@ -228,6 +229,8 @@ static int wait_or_whine(pid_t pid, const char *argv0) while ((waiting = waitpid(pid, &status, 0)) < 0 && errno == EINTR) ; /* nothing */ + if (in_signal) + return 0; if (waiting < 0) { failed_errno = errno; @@ -437,7 +440,7 @@ fail_pipe: * At this point we know that fork() succeeded, but execvp() * failed. Errors have been reported to our stderr. */ - wait_or_whine(cmd->pid, cmd->argv[0]); + wait_or_whine(cmd->pid, cmd->argv[0], 0); failed_errno = errno; cmd->pid = -1; } @@ -536,12 +539,18 @@ fail_pipe: int finish_command(struct child_process *cmd) { - int ret = wait_or_whine(cmd->pid, cmd->argv[0]); + int ret = wait_or_whine(cmd->pid, cmd->argv[0], 0); argv_array_clear(&cmd->args); argv_array_clear(&cmd->env_array); return ret; } +int finish_command_in_signal(struct child_process *cmd) +{ + return wait_or_whine(cmd->pid, cmd->argv[0], 1); +} + + int run_command(struct child_process *cmd) { int code; @@ -772,7 +781,7 @@ error: int finish_async(struct async *async) { #ifdef NO_PTHREADS - return wait_or_whine(async->pid, "child process"); + return wait_or_whine(async->pid, "child process", 0); #else void *ret = (void *)(intptr_t)(-1); diff --git a/run-command.h b/run-command.h index 5b4425a3cb..275d35c442 100644 --- a/run-command.h +++ b/run-command.h @@ -50,6 +50,7 @@ void child_process_init(struct child_process *); int start_command(struct child_process *); int finish_command(struct child_process *); +int finish_command_in_signal(struct child_process *); int run_command(struct child_process *); /* diff --git a/t/annotate-tests.sh b/t/annotate-tests.sh index f5c01758ca..b1673b3e8f 100644 --- a/t/annotate-tests.sh +++ b/t/annotate-tests.sh @@ -111,6 +111,10 @@ test_expect_success 'blame 2 authors + 2 merged-in authors' ' check_count A 2 B 1 B1 2 B2 1 ' +test_expect_success 'blame --first-parent blames merge for branch1' ' + check_count --first-parent A 2 B 1 "A U Thor" 2 B2 1 +' + test_expect_success 'blame ancestor' ' check_count -h master A 2 B 2 ' diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index 0b81a0047b..7d15e6d44c 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -119,6 +119,10 @@ RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301] RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302] RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301] RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301] +RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302] + +RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302] +RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302] <IfDefine SSL> LoadModule ssl_module modules/mod_ssl.so diff --git a/t/lib-proto-disable.sh b/t/lib-proto-disable.sh new file mode 100644 index 0000000000..b0917d93e6 --- /dev/null +++ b/t/lib-proto-disable.sh @@ -0,0 +1,96 @@ +# Test routines for checking protocol disabling. + +# test cloning a particular protocol +# $1 - description of the protocol +# $2 - machine-readable name of the protocol +# $3 - the URL to try cloning +test_proto () { + desc=$1 + proto=$2 + url=$3 + + test_expect_success "clone $1 (enabled)" ' + rm -rf tmp.git && + ( + GIT_ALLOW_PROTOCOL=$proto && + export GIT_ALLOW_PROTOCOL && + git clone --bare "$url" tmp.git + ) + ' + + test_expect_success "fetch $1 (enabled)" ' + ( + cd tmp.git && + GIT_ALLOW_PROTOCOL=$proto && + export GIT_ALLOW_PROTOCOL && + git fetch + ) + ' + + test_expect_success "push $1 (enabled)" ' + ( + cd tmp.git && + GIT_ALLOW_PROTOCOL=$proto && + export GIT_ALLOW_PROTOCOL && + git push origin HEAD:pushed + ) + ' + + test_expect_success "push $1 (disabled)" ' + ( + cd tmp.git && + GIT_ALLOW_PROTOCOL=none && + export GIT_ALLOW_PROTOCOL && + test_must_fail git push origin HEAD:pushed + ) + ' + + test_expect_success "fetch $1 (disabled)" ' + ( + cd tmp.git && + GIT_ALLOW_PROTOCOL=none && + export GIT_ALLOW_PROTOCOL && + test_must_fail git fetch + ) + ' + + test_expect_success "clone $1 (disabled)" ' + rm -rf tmp.git && + ( + GIT_ALLOW_PROTOCOL=none && + export GIT_ALLOW_PROTOCOL && + test_must_fail git clone --bare "$url" tmp.git + ) + ' +} + +# set up an ssh wrapper that will access $host/$repo in the +# trash directory, and enable it for subsequent tests. +setup_ssh_wrapper () { + test_expect_success 'setup ssh wrapper' ' + write_script ssh-wrapper <<-\EOF && + echo >&2 "ssh: $*" + host=$1; shift + cd "$TRASH_DIRECTORY/$host" && + eval "$*" + EOF + GIT_SSH="$PWD/ssh-wrapper" && + export GIT_SSH && + export TRASH_DIRECTORY + ' +} + +# set up a wrapper that can be used with remote-ext to +# access repositories in the "remote" directory of trash-dir, +# like "ext::fake-remote %S repo.git" +setup_ext_wrapper () { + test_expect_success 'setup ext wrapper' ' + write_script fake-remote <<-\EOF && + echo >&2 "fake-remote: $*" + cd "$TRASH_DIRECTORY/remote" && + eval "$*" + EOF + PATH=$TRASH_DIRECTORY:$PATH && + export TRASH_DIRECTORY + ' +} diff --git a/t/perf/aggregate.perl b/t/perf/aggregate.perl index 15f7fc1b80..924b19dab4 100755 --- a/t/perf/aggregate.perl +++ b/t/perf/aggregate.perl @@ -1,5 +1,6 @@ #!/usr/bin/perl +use lib '../../perl/blib/lib'; use strict; use warnings; use Git; diff --git a/t/t1450-fsck.sh b/t/t1450-fsck.sh index 956673b8a1..dc09797021 100755 --- a/t/t1450-fsck.sh +++ b/t/t1450-fsck.sh @@ -77,11 +77,31 @@ test_expect_success 'object with bad sha1' ' test_expect_success 'branch pointing to non-commit' ' git rev-parse HEAD^{tree} >.git/refs/heads/invalid && test_when_finished "git update-ref -d refs/heads/invalid" && - git fsck 2>out && + test_must_fail git fsck 2>out && cat out && grep "not a commit" out ' +test_expect_success 'HEAD link pointing at a funny object' ' + test_when_finished "mv .git/SAVED_HEAD .git/HEAD" && + mv .git/HEAD .git/SAVED_HEAD && + echo 0000000000000000000000000000000000000000 >.git/HEAD && + # avoid corrupt/broken HEAD from interfering with repo discovery + test_must_fail env GIT_DIR=.git git fsck 2>out && + cat out && + grep "detached HEAD points" out +' + +test_expect_success 'HEAD link pointing at a funny place' ' + test_when_finished "mv .git/SAVED_HEAD .git/HEAD" && + mv .git/HEAD .git/SAVED_HEAD && + echo "ref: refs/funny/place" >.git/HEAD && + # avoid corrupt/broken HEAD from interfering with repo discovery + test_must_fail env GIT_DIR=.git git fsck 2>out && + cat out && + grep "HEAD points to something strange" out +' + test_expect_success 'email without @ is okay' ' git cat-file commit HEAD >basis && sed "s/@/AT/" basis >okay && diff --git a/t/t2026-prune-linked-checkouts.sh b/t/t2026-worktree-prune.sh index a0f1e3bb80..a0f1e3bb80 100755 --- a/t/t2026-prune-linked-checkouts.sh +++ b/t/t2026-worktree-prune.sh diff --git a/t/t3203-branch-output.sh b/t/t3203-branch-output.sh index f51d0f3cad..16efe7af03 100755 --- a/t/t3203-branch-output.sh +++ b/t/t3203-branch-output.sh @@ -106,6 +106,19 @@ EOF test_i18ncmp expect actual ' +test_expect_success 'git branch shows detached HEAD properly after checkout --detach' ' + git checkout master && + cat >expect <<EOF && +* (HEAD detached at $(git rev-parse --short HEAD^0)) + branch-one + branch-two + master +EOF + git checkout --detach && + git branch >actual && + test_i18ncmp expect actual +' + test_expect_success 'git branch shows detached HEAD properly after moving' ' cat >expect <<EOF && * (HEAD detached from $(git rev-parse --short HEAD)) diff --git a/t/t3301-notes.sh b/t/t3301-notes.sh index 8cffd35fb0..cd70274ea5 100755 --- a/t/t3301-notes.sh +++ b/t/t3301-notes.sh @@ -1122,6 +1122,12 @@ test_expect_success 'git notes copy diagnoses too many or too few parameters' ' test_must_fail git notes copy one two three ' +test_expect_success 'git notes get-ref expands refs/heads/master to refs/notes/refs/heads/master' ' + test_unconfig core.notesRef && + sane_unset GIT_NOTES_REF && + test "$(git notes --ref=refs/heads/master get-ref)" = "refs/notes/refs/heads/master" +' + test_expect_success 'git notes get-ref (no overrides)' ' test_unconfig core.notesRef && sane_unset GIT_NOTES_REF && diff --git a/t/t3404-rebase-interactive.sh b/t/t3404-rebase-interactive.sh index d26e3f57dc..3de0b1dcfd 100755 --- a/t/t3404-rebase-interactive.sh +++ b/t/t3404-rebase-interactive.sh @@ -1227,6 +1227,21 @@ test_expect_success 'static check of bad command' ' test C = $(git cat-file commit HEAD^ | sed -ne \$p) ' +test_expect_success 'tabs and spaces are accepted in the todolist' ' + rebase_setup_and_clean indented-comment && + write_script add-indent.sh <<-\EOF && + ( + # Turn single spaces into space/tab mix + sed "1s/ / /g; 2s/ / /g; 3s/ / /g" "$1" + printf "\n\t# comment\n #more\n\t # comment\n" + ) >$1.new + mv "$1.new" "$1" + EOF + test_set_editor "$(pwd)/add-indent.sh" && + git rebase -i HEAD^^^ && + test E = $(git cat-file commit HEAD | sed -ne \$p) +' + cat >expect <<EOF Warning: the SHA-1 is missing or isn't a commit in the following line: - edit XXXXXXX False commit diff --git a/t/t5507-remote-environment.sh b/t/t5507-remote-environment.sh new file mode 100755 index 0000000000..e6149295b1 --- /dev/null +++ b/t/t5507-remote-environment.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +test_description='check environment showed to remote side of transports' +. ./test-lib.sh + +test_expect_success 'set up "remote" push situation' ' + test_commit one && + git config push.default current && + git init remote +' + +test_expect_success 'set up fake ssh' ' + GIT_SSH_COMMAND="f() { + cd \"\$TRASH_DIRECTORY\" && + eval \"\$2\" + }; f" && + export GIT_SSH_COMMAND && + export TRASH_DIRECTORY +' + +# due to receive.denyCurrentBranch=true +test_expect_success 'confirm default push fails' ' + test_must_fail git push remote +' + +test_expect_success 'config does not travel over same-machine push' ' + test_must_fail git -c receive.denyCurrentBranch=false push remote +' + +test_expect_success 'config does not travel over ssh push' ' + test_must_fail git -c receive.denyCurrentBranch=false push host:remote +' + +test_done diff --git a/t/t5560-http-backend-noserver.sh b/t/t5560-http-backend-noserver.sh index aa73eeaef8..9fafcf1945 100755 --- a/t/t5560-http-backend-noserver.sh +++ b/t/t5560-http-backend-noserver.sh @@ -44,10 +44,6 @@ POST() { test_cmp exp act } -log_div() { - return 0 -} - . "$TEST_DIRECTORY"/t556x_common expect_aliased() { diff --git a/t/t5561-http-backend.sh b/t/t5561-http-backend.sh index 19afe96698..90e0d6f0fe 100755 --- a/t/t5561-http-backend.sh +++ b/t/t5561-http-backend.sh @@ -29,15 +29,9 @@ POST() { test_cmp exp act } -log_div() { - echo >>"$HTTPD_ROOT_PATH"/access.log - echo "### $1" >>"$HTTPD_ROOT_PATH"/access.log - echo "###" >>"$HTTPD_ROOT_PATH"/access.log -} - . "$TEST_DIRECTORY"/t556x_common -cat >exp <<EOF +grep '^[^#]' >exp <<EOF ### refs/heads/master ### diff --git a/t/t556x_common b/t/t556x_common index 82926cfdb7..359fcfe32b 100755 --- a/t/t556x_common +++ b/t/t556x_common @@ -52,21 +52,17 @@ get_static_files() { SMART=smart GIT_HTTP_EXPORT_ALL=1 && export GIT_HTTP_EXPORT_ALL test_expect_success 'direct refs/heads/master not found' ' - log_div "refs/heads/master" && GET refs/heads/master "404 Not Found" ' test_expect_success 'static file is ok' ' - log_div "getanyfile default" && get_static_files "200 OK" ' SMART=smart_noexport unset GIT_HTTP_EXPORT_ALL test_expect_success 'no export by default' ' - log_div "no git-daemon-export-ok" && get_static_files "404 Not Found" ' test_expect_success 'export if git-daemon-export-ok' ' - log_div "git-daemon-export-ok" && (cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && touch git-daemon-export-ok ) && @@ -75,47 +71,39 @@ test_expect_success 'export if git-daemon-export-ok' ' SMART=smart GIT_HTTP_EXPORT_ALL=1 && export GIT_HTTP_EXPORT_ALL test_expect_success 'static file if http.getanyfile true is ok' ' - log_div "getanyfile true" && config http.getanyfile true && get_static_files "200 OK" ' test_expect_success 'static file if http.getanyfile false fails' ' - log_div "getanyfile false" && config http.getanyfile false && get_static_files "403 Forbidden" ' test_expect_success 'http.uploadpack default enabled' ' - log_div "uploadpack default" && GET info/refs?service=git-upload-pack "200 OK" && POST git-upload-pack 0000 "200 OK" ' test_expect_success 'http.uploadpack true' ' - log_div "uploadpack true" && config http.uploadpack true && GET info/refs?service=git-upload-pack "200 OK" && POST git-upload-pack 0000 "200 OK" ' test_expect_success 'http.uploadpack false' ' - log_div "uploadpack false" && config http.uploadpack false && GET info/refs?service=git-upload-pack "403 Forbidden" && POST git-upload-pack 0000 "403 Forbidden" ' test_expect_success 'http.receivepack default disabled' ' - log_div "receivepack default" && GET info/refs?service=git-receive-pack "403 Forbidden" && POST git-receive-pack 0000 "403 Forbidden" ' test_expect_success 'http.receivepack true' ' - log_div "receivepack true" && config http.receivepack true && GET info/refs?service=git-receive-pack "200 OK" && POST git-receive-pack 0000 "200 OK" ' test_expect_success 'http.receivepack false' ' - log_div "receivepack false" && config http.receivepack false && GET info/refs?service=git-receive-pack "403 Forbidden" && POST git-receive-pack 0000 "403 Forbidden" diff --git a/t/t5810-proto-disable-local.sh b/t/t5810-proto-disable-local.sh new file mode 100755 index 0000000000..563592d8a8 --- /dev/null +++ b/t/t5810-proto-disable-local.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +test_description='test disabling of local paths in clone/fetch' +. ./test-lib.sh +. "$TEST_DIRECTORY/lib-proto-disable.sh" + +test_expect_success 'setup repository to clone' ' + test_commit one +' + +test_proto "file://" file "file://$PWD" +test_proto "path" file . + +test_done diff --git a/t/t5811-proto-disable-git.sh b/t/t5811-proto-disable-git.sh new file mode 100755 index 0000000000..8ac6b2a1d0 --- /dev/null +++ b/t/t5811-proto-disable-git.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +test_description='test disabling of git-over-tcp in clone/fetch' +. ./test-lib.sh +. "$TEST_DIRECTORY/lib-proto-disable.sh" +. "$TEST_DIRECTORY/lib-git-daemon.sh" +start_git_daemon + +test_expect_success 'create git-accessible repo' ' + bare="$GIT_DAEMON_DOCUMENT_ROOT_PATH/repo.git" && + test_commit one && + git --bare init "$bare" && + git push "$bare" HEAD && + >"$bare/git-daemon-export-ok" && + git -C "$bare" config daemon.receivepack true +' + +test_proto "git://" git "$GIT_DAEMON_URL/repo.git" + +test_done diff --git a/t/t5812-proto-disable-http.sh b/t/t5812-proto-disable-http.sh new file mode 100755 index 0000000000..0d105d5417 --- /dev/null +++ b/t/t5812-proto-disable-http.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +test_description='test disabling of git-over-http in clone/fetch' +. ./test-lib.sh +. "$TEST_DIRECTORY/lib-proto-disable.sh" +. "$TEST_DIRECTORY/lib-httpd.sh" +start_httpd + +test_expect_success 'create git-accessible repo' ' + bare="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && + test_commit one && + git --bare init "$bare" && + git push "$bare" HEAD && + git -C "$bare" config http.receivepack true +' + +test_proto "smart http" http "$HTTPD_URL/smart/repo.git" + +test_expect_success 'curl redirects respect whitelist' ' + test_must_fail env GIT_ALLOW_PROTOCOL=http:https \ + git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr && + { + test_i18ngrep "ftp.*disabled" stderr || + test_i18ngrep "your curl version is too old" + } +' + +test_expect_success 'curl limits redirects' ' + test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git" +' + +stop_httpd +test_done diff --git a/t/t5813-proto-disable-ssh.sh b/t/t5813-proto-disable-ssh.sh new file mode 100755 index 0000000000..ad877d774a --- /dev/null +++ b/t/t5813-proto-disable-ssh.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +test_description='test disabling of git-over-ssh in clone/fetch' +. ./test-lib.sh +. "$TEST_DIRECTORY/lib-proto-disable.sh" + +setup_ssh_wrapper + +test_expect_success 'setup repository to clone' ' + test_commit one && + mkdir remote && + git init --bare remote/repo.git && + git push remote/repo.git HEAD +' + +test_proto "host:path" ssh "remote:repo.git" +test_proto "ssh://" ssh "ssh://remote/$PWD/remote/repo.git" +test_proto "git+ssh://" ssh "git+ssh://remote/$PWD/remote/repo.git" + +test_done diff --git a/t/t5814-proto-disable-ext.sh b/t/t5814-proto-disable-ext.sh new file mode 100755 index 0000000000..9d6f7dfa2c --- /dev/null +++ b/t/t5814-proto-disable-ext.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +test_description='test disabling of remote-helper paths in clone/fetch' +. ./test-lib.sh +. "$TEST_DIRECTORY/lib-proto-disable.sh" + +setup_ext_wrapper + +test_expect_success 'setup repository to clone' ' + test_commit one && + mkdir remote && + git init --bare remote/repo.git && + git push remote/repo.git HEAD +' + +test_proto "remote-helper" ext "ext::fake-remote %S repo.git" + +test_done diff --git a/t/t5815-submodule-protos.sh b/t/t5815-submodule-protos.sh new file mode 100755 index 0000000000..06f55a1b8a --- /dev/null +++ b/t/t5815-submodule-protos.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +test_description='test protocol whitelisting with submodules' +. ./test-lib.sh +. "$TEST_DIRECTORY"/lib-proto-disable.sh + +setup_ext_wrapper +setup_ssh_wrapper + +test_expect_success 'setup repository with submodules' ' + mkdir remote && + git init remote/repo.git && + (cd remote/repo.git && test_commit one) && + # submodule-add should probably trust what we feed it on the cmdline, + # but its implementation is overly conservative. + GIT_ALLOW_PROTOCOL=ssh git submodule add remote:repo.git ssh-module && + GIT_ALLOW_PROTOCOL=ext git submodule add "ext::fake-remote %S repo.git" ext-module && + git commit -m "add submodules" +' + +test_expect_success 'clone with recurse-submodules fails' ' + test_must_fail git clone --recurse-submodules . dst +' + +test_expect_success 'setup individual updates' ' + rm -rf dst && + git clone . dst && + git -C dst submodule init +' + +test_expect_success 'update of ssh allowed' ' + git -C dst submodule update ssh-module +' + +test_expect_success 'update of ext not allowed' ' + test_must_fail git -C dst submodule update ext-module +' + +test_expect_success 'user can override whitelist' ' + GIT_ALLOW_PROTOCOL=ext git -C dst submodule update ext-module +' + +test_done diff --git a/transport-helper.c b/transport-helper.c index 99f1ace1f2..63d54271b0 100644 --- a/transport-helper.c +++ b/transport-helper.c @@ -1043,6 +1043,8 @@ int transport_helper_init(struct transport *transport, const char *name) struct helper_data *data = xcalloc(1, sizeof(*data)); data->name = name; + transport_check_allowed(name); + if (getenv("GIT_TRANSPORT_HELPER_DEBUG")) debug = 1; diff --git a/transport.c b/transport.c index 2d51348f3f..863eb524f9 100644 --- a/transport.c +++ b/transport.c @@ -915,6 +915,42 @@ static int external_specification_len(const char *url) return strchr(url, ':') - url; } +static const struct string_list *protocol_whitelist(void) +{ + static int enabled = -1; + static struct string_list allowed = STRING_LIST_INIT_DUP; + + if (enabled < 0) { + const char *v = getenv("GIT_ALLOW_PROTOCOL"); + if (v) { + string_list_split(&allowed, v, ':', -1); + string_list_sort(&allowed); + enabled = 1; + } else { + enabled = 0; + } + } + + return enabled ? &allowed : NULL; +} + +int is_transport_allowed(const char *type) +{ + const struct string_list *allowed = protocol_whitelist(); + return !allowed || string_list_has_string(allowed, type); +} + +void transport_check_allowed(const char *type) +{ + if (!is_transport_allowed(type)) + die("transport '%s' not allowed", type); +} + +int transport_restrict_protocols(void) +{ + return !!protocol_whitelist(); +} + struct transport *transport_get(struct remote *remote, const char *url) { const char *helper; @@ -946,12 +982,14 @@ struct transport *transport_get(struct remote *remote, const char *url) if (helper) { transport_helper_init(ret, helper); } else if (starts_with(url, "rsync:")) { + transport_check_allowed("rsync"); ret->get_refs_list = get_refs_via_rsync; ret->fetch = fetch_objs_via_rsync; ret->push = rsync_transport_push; ret->smart_options = NULL; } else if (url_is_local_not_ssh(url) && is_file(url) && is_bundle(url, 1)) { struct bundle_transport_data *data = xcalloc(1, sizeof(*data)); + transport_check_allowed("file"); ret->data = data; ret->get_refs_list = get_refs_from_bundle; ret->fetch = fetch_refs_from_bundle; @@ -963,7 +1001,10 @@ struct transport *transport_get(struct remote *remote, const char *url) || starts_with(url, "ssh://") || starts_with(url, "git+ssh://") || starts_with(url, "ssh+git://")) { - /* These are builtin smart transports. */ + /* + * These are builtin smart transports; "allowed" transports + * will be checked individually in git_connect. + */ struct git_transport_data *data = xcalloc(1, sizeof(*data)); ret->data = data; ret->set_option = NULL; diff --git a/transport.h b/transport.h index d682b77b9e..4336dd33eb 100644 --- a/transport.h +++ b/transport.h @@ -133,6 +133,24 @@ struct transport { /* Returns a transport suitable for the url */ struct transport *transport_get(struct remote *, const char *); +/* + * Check whether a transport is allowed by the environment. Type should + * generally be the URL scheme, as described in Documentation/git.txt + */ +int is_transport_allowed(const char *type); + +/* + * Check whether a transport is allowed by the environment, + * and die otherwise. + */ +void transport_check_allowed(const char *type); + +/* + * Returns true if the user has attempted to turn on protocol + * restrictions at all. + */ +int transport_restrict_protocols(void); + /* Transport options which apply to git:// and scp-style URLs */ /* The program to use on the remote side to send a pack */ diff --git a/wt-status.c b/wt-status.c index c327fe8128..3e3b8c0989 100644 --- a/wt-status.c +++ b/wt-status.c @@ -1319,6 +1319,12 @@ static int grab_1st_switch(unsigned char *osha1, unsigned char *nsha1, hashcpy(cb->nsha1, nsha1); for (end = target; *end && *end != '\n'; end++) ; + if (!memcmp(target, "HEAD", end - target)) { + /* HEAD is relative. Resolve it to the right reflog entry. */ + strbuf_addstr(&cb->buf, + find_unique_abbrev(nsha1, DEFAULT_ABBREV)); + return 1; + } strbuf_add(&cb->buf, target, end - target); return 1; } diff --git a/xdiff-interface.c b/xdiff-interface.c index ecfa05f616..cb67c1c42b 100644 --- a/xdiff-interface.c +++ b/xdiff-interface.c @@ -131,6 +131,9 @@ int xdi_diff(mmfile_t *mf1, mmfile_t *mf2, xpparam_t const *xpp, xdemitconf_t co mmfile_t a = *mf1; mmfile_t b = *mf2; + if (mf1->size > MAX_XDIFF_SIZE || mf2->size > MAX_XDIFF_SIZE) + return -1; + trim_common_tail(&a, &b, xecfg->ctxlen); return xdl_diff(&a, &b, xpp, xecfg, xecb); diff --git a/xdiff-interface.h b/xdiff-interface.h index eff7762ee1..fbb5a1c394 100644 --- a/xdiff-interface.h +++ b/xdiff-interface.h @@ -3,6 +3,13 @@ #include "xdiff/xdiff.h" +/* + * xdiff isn't equipped to handle content over a gigabyte; + * we make the cutoff 1GB - 1MB to give some breathing + * room for constant-sized additions (e.g., merge markers) + */ +#define MAX_XDIFF_SIZE (1024UL * 1024 * 1023) + typedef void (*xdiff_emit_consume_fn)(void *, char *, unsigned long); int xdi_diff(mmfile_t *mf1, mmfile_t *mf2, xpparam_t const *xpp, xdemitconf_t const *xecfg, xdemitcb_t *ecb); |