diff options
-rw-r--r-- | Documentation/RelNotes/1.8.1.4.txt | 11 | ||||
-rw-r--r-- | Documentation/RelNotes/1.8.1.5.txt | 37 | ||||
-rw-r--r-- | Documentation/config.txt | 2 | ||||
-rw-r--r-- | Documentation/git.txt | 3 | ||||
-rw-r--r-- | Documentation/user-manual.txt | 135 | ||||
-rw-r--r-- | Makefile | 14 | ||||
-rw-r--r-- | builtin/check-ignore.c | 2 | ||||
-rw-r--r-- | config.mak.in | 2 | ||||
-rw-r--r-- | imap-send.c | 67 | ||||
-rw-r--r-- | name-hash.c | 4 | ||||
-rwxr-xr-x | t/t0008-ignores.sh | 15 | ||||
-rwxr-xr-x | t/t7512-status-help.sh | 2 |
12 files changed, 223 insertions, 71 deletions
diff --git a/Documentation/RelNotes/1.8.1.4.txt b/Documentation/RelNotes/1.8.1.4.txt new file mode 100644 index 0000000000..22af1d1643 --- /dev/null +++ b/Documentation/RelNotes/1.8.1.4.txt @@ -0,0 +1,11 @@ +Git 1.8.1.4 Release Notes +========================= + +Fixes since v1.8.1.3 +-------------------- + + * "git imap-send" talking over imaps:// did make sure it received a + valid certificate from the other end, but did not check if the + certificate matched the host it thought it was talking to. + +Also contains various documentation fixes. diff --git a/Documentation/RelNotes/1.8.1.5.txt b/Documentation/RelNotes/1.8.1.5.txt new file mode 100644 index 0000000000..92da6b2777 --- /dev/null +++ b/Documentation/RelNotes/1.8.1.5.txt @@ -0,0 +1,37 @@ +Git 1.8.1.5 Release Notes +========================= + +Fixes since v1.8.1.5 +-------------------- + + * "git apply --summary" has been taught to make sure the similarity + value shown in its output is sensible, even when the input had a + bogus value. + + * "git clean" showed what it was going to do, but sometimes ended + up finding that it was not allowed to do so, which resulted in a + confusing output (e.g. after saying that it will remove an + untracked directory, it found an embedded git repository there + which it is not allowed to remove). It now performs the actions + and then reports the outcome more faithfully. + + * "git clone" used to allow --bare and --separate-git-dir=$there + options at the same time, which was nonsensical. + + * "git cvsimport" mishandled timestamps at DST boundary. + + * We used to have an arbitrary 32 limit for combined diff input, + resulting in incorrect number of leading colons shown when showing + the "--raw --cc" output. + + * The smart HTTP clients forgot to verify the content-type that comes + back from the server side to make sure that the request is being + handled properly. + + * "git help remote-helpers" failed to find the documentation. + + * "gitweb" pages served over HTTPS, when configured to show picon or + gravatar, referred to these external resources to be fetched via + HTTP, resulting in mixed contents warning in browsers. + +Also contains various documentation fixes. diff --git a/Documentation/config.txt b/Documentation/config.txt index 3bb53da522..bbba728d09 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -182,7 +182,7 @@ advice.*:: Advice shown when linkgit:git-merge[1] refuses to merge to avoid overwriting local changes. resolveConflict:: - Advices shown by various commands when conflicts + Advice shown by various commands when conflicts prevent the operation from being performed. implicitIdentity:: Advice on how to set your identity configuration when diff --git a/Documentation/git.txt b/Documentation/git.txt index 2d975e3b01..0847cdcc68 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -43,9 +43,10 @@ unreleased) version of Git, that is available from 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v1.8.1.3/git.html[documentation for release 1.8.1.3] +* link:v1.8.1.4/git.html[documentation for release 1.8.1.4] * release notes for + link:RelNotes/1.8.1.4.txt[1.8.1.4], link:RelNotes/1.8.1.3.txt[1.8.1.3], link:RelNotes/1.8.1.2.txt[1.8.1.2], link:RelNotes/1.8.1.1.txt[1.8.1.1], diff --git a/Documentation/user-manual.txt b/Documentation/user-manual.txt index 23689b0b93..5f36f8115f 100644 --- a/Documentation/user-manual.txt +++ b/Documentation/user-manual.txt @@ -2006,7 +2006,7 @@ Note that the target of a "push" is normally a <<def_bare_repository,bare>> repository. You can also push to a repository that has a checked-out working tree, but a push to update the currently checked-out branch is denied by default to prevent confusion. -See the description ofthe receive.denyCurrentBranch option +See the description of the receive.denyCurrentBranch option in linkgit:git-config[1] for details. As with `git fetch`, you may also set up configuration options to @@ -2306,17 +2306,13 @@ branch and then merge into each of the test and release branches. For these changes, just apply directly to the "release" branch, and then merge that into the "test" branch. -To create diffstat and shortlog summaries of changes to include in a "please -pull" request to Linus you can use: +After pushing your work to `mytree`, you can use +linkgit:git-request-pull[1] to prepare a "please pull" request message +to send to Linus: ------------------------------------------------- -$ git diff --stat origin..release -------------------------------------------------- - -and - -------------------------------------------------- -$ git log -p origin..release | git shortlog +$ git push mytree +$ git request-pull origin mytree release ------------------------------------------------- Here are some of the scripts that simplify all this even further. @@ -2557,6 +2553,12 @@ return mywork to the state it had before you started the rebase: $ git rebase --abort ------------------------------------------------- +If you need to reorder or edit a number of commits in a branch, it may +be easier to use `git rebase -i`, which allows you to reorder and +squash commits, as well as marking them for individual editing during +the rebase. See <<interactive-rebase>> for details, and +<<reordering-patch-series>> for alternatives. + [[rewriting-one-commit]] Rewriting a single commit ------------------------- @@ -2570,72 +2572,89 @@ $ git commit --amend which will replace the old commit by a new commit incorporating your changes, giving you a chance to edit the old commit message first. +This is useful for fixing typos in your last commit, or for adjusting +the patch contents of a poorly staged commit. -You can also use a combination of this and linkgit:git-rebase[1] to -replace a commit further back in your history and recreate the -intervening changes on top of it. First, tag the problematic commit -with +If you need to amend commits from deeper in your history, you can +use <<interactive-rebase,interactive rebase's `edit` instruction>>. -------------------------------------------------- -$ git tag bad mywork~5 -------------------------------------------------- - -(Either gitk or `git log` may be useful for finding the commit.) +[[reordering-patch-series]] +Reordering or selecting from a patch series +------------------------------------------- -Then check out that commit, edit it, and rebase the rest of the series -on top of it (note that we could check out the commit on a temporary -branch, but instead we're using a <<detached-head,detached head>>): +Sometimes you want to edit a commit deeper in your history. One +approach is to use `git format-patch` to create a series of patches +and then reset the state to before the patches: ------------------------------------------------- -$ git checkout bad -$ # make changes here and update the index -$ git commit --amend -$ git rebase --onto HEAD bad mywork +$ git format-patch origin +$ git reset --hard origin ------------------------------------------------- -When you're done, you'll be left with mywork checked out, with the top -patches on mywork reapplied on top of your modified commit. You can -then clean up with +Then modify, reorder, or eliminate patches as needed before applying +them again with linkgit:git-am[1]: ------------------------------------------------- -$ git tag -d bad +$ git am *.patch ------------------------------------------------- -Note that the immutable nature of Git history means that you haven't really -"modified" existing commits; instead, you have replaced the old commits with -new commits having new object names. +[[interactive-rebase]] +Using interactive rebases +------------------------- -[[reordering-patch-series]] -Reordering or selecting from a patch series -------------------------------------------- +You can also edit a patch series with an interactive rebase. This is +the same as <<reordering-patch-series,reordering a patch series using +`format-patch`>>, so use whichever interface you like best. -Given one existing commit, the linkgit:git-cherry-pick[1] command -allows you to apply the change introduced by that commit and create a -new commit that records it. So, for example, if "mywork" points to a -series of patches on top of "origin", you might do something like: +Rebase your current HEAD on the last commit you want to retain as-is. +For example, if you want to reorder the last 5 commits, use: ------------------------------------------------- -$ git checkout -b mywork-new origin -$ gitk origin..mywork & +$ git rebase -i HEAD~5 ------------------------------------------------- -and browse through the list of patches in the mywork branch using gitk, -applying them (possibly in a different order) to mywork-new using -cherry-pick, and possibly modifying them as you go using `git commit --amend`. -The linkgit:git-gui[1] command may also help as it allows you to -individually select diff hunks for inclusion in the index (by -right-clicking on the diff hunk and choosing "Stage Hunk for Commit"). - -Another technique is to use `git format-patch` to create a series of -patches, then reset the state to before the patches: +This will open your editor with a list of steps to be taken to perform +your rebase. ------------------------------------------------- -$ git format-patch origin -$ git reset --hard origin -------------------------------------------------- +pick deadbee The oneline of this commit +pick fa1afe1 The oneline of the next commit +... -Then modify, reorder, or eliminate patches as preferred before applying -them again with linkgit:git-am[1]. +# Rebase c0ffeee..deadbee onto c0ffeee +# +# Commands: +# p, pick = use commit +# r, reword = use commit, but edit the commit message +# e, edit = use commit, but stop for amending +# s, squash = use commit, but meld into previous commit +# f, fixup = like "squash", but discard this commit's log message +# x, exec = run command (the rest of the line) using shell +# +# These lines can be re-ordered; they are executed from top to bottom. +# +# If you remove a line here THAT COMMIT WILL BE LOST. +# +# However, if you remove everything, the rebase will be aborted. +# +# Note that empty commits are commented out +------------------------------------------------- + +As explained in the comments, you can reorder commits, squash them +together, edit commit messages, etc. by editing the list. Once you +are satisfied, save the list and close your editor, and the rebase +will begin. + +The rebase will stop where `pick` has been replaced with `edit` or +when a step in the list fails to mechanically resolve conflicts and +needs your help. When you are done editing and/or resolving conflicts +you can continue with `git rebase --continue`. If you decide that +things are getting too hairy, you can always bail out with `git rebase +--abort`. Even after the rebase is complete, you can still recover +the original branch by using the <<reflogs,reflog>>. + +For a more detailed discussion of the procedure and additional tips, +see the "INTERACTIVE MODE" section of linkgit:git-rebase[1]. [[patch-series-tools]] Other tools @@ -3721,7 +3740,9 @@ module a NOTE: The changes are still visible in the submodule's reflog. -This is not the case if you did not commit your changes. +If you have uncommitted changes in your submodule working tree, `git +submodule update` will not overwrite them. Instead, you get the usual +warning about not being able switch from a dirty branch. [[low-level-operations]] Low-level Git operations @@ -1821,12 +1821,14 @@ $(patsubst %.py,%,$(SCRIPT_PYTHON)): % : unimplemented.sh mv $@+ $@ endif # NO_PYTHON +CONFIGURE_RECIPE = $(RM) configure configure.ac+ && \ + sed -e 's/@@GIT_VERSION@@/$(GIT_VERSION)/g' \ + configure.ac >configure.ac+ && \ + autoconf -o configure configure.ac+ && \ + $(RM) configure.ac+ + configure: configure.ac GIT-VERSION-FILE - $(QUIET_GEN)$(RM) $@ $<+ && \ - sed -e 's/@@GIT_VERSION@@/$(GIT_VERSION)/g' \ - $< > $<+ && \ - autoconf -o $@ $<+ && \ - $(RM) $<+ + $(QUIET_GEN)$(CONFIGURE_RECIPE) ifdef AUTOCONFIGURED # We avoid depending on 'configure' here, because it gets rebuilt @@ -1835,7 +1837,7 @@ ifdef AUTOCONFIGURED # do want to recheck when the platform/environment detection logic # changes, hence this depends on configure.ac. config.status: configure.ac - $(QUIET_GEN)$(MAKE) configure && \ + $(QUIET_GEN)$(CONFIGURE_RECIPE) && \ if test -f config.status; then \ ./config.status --recheck; \ else \ diff --git a/builtin/check-ignore.c b/builtin/check-ignore.c index 709535ce09..0240f99b57 100644 --- a/builtin/check-ignore.c +++ b/builtin/check-ignore.c @@ -89,7 +89,7 @@ static int check_ignore(const char *prefix, const char **pathspec) ? strlen(prefix) : 0, path); full_path = check_path_for_gitlink(full_path); die_if_path_beyond_symlink(full_path, prefix); - if (!seen[i] && path[0]) { + if (!seen[i]) { exclude = last_exclude_matching_path(&check, full_path, -1, &dtype); if (exclude) { diff --git a/config.mak.in b/config.mak.in index d7c49cd8f3..fa02bdd82a 100644 --- a/config.mak.in +++ b/config.mak.in @@ -8,6 +8,7 @@ LDFLAGS = @LDFLAGS@ AR = @AR@ TAR = @TAR@ DIFF = @DIFF@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ #INSTALL = @INSTALL@ # needs install-sh or install.sh in sources prefix = @prefix@ @@ -17,6 +18,7 @@ gitexecdir = @libexecdir@/git-core datarootdir = @datarootdir@ template_dir = @datadir@/git-core/templates sysconfdir = @sysconfdir@ +docdir = @docdir@ mandir = @mandir@ htmldir = @htmldir@ diff --git a/imap-send.c b/imap-send.c index 21dc20b57d..43ac4e0bdf 100644 --- a/imap-send.c +++ b/imap-send.c @@ -31,6 +31,7 @@ typedef void *SSL; #else #include <openssl/evp.h> #include <openssl/hmac.h> +#include <openssl/x509v3.h> #endif static const char imap_send_usage[] = "git imap-send < <mbox>"; @@ -200,12 +201,64 @@ static void socket_perror(const char *func, struct imap_socket *sock, int ret) } } +#ifdef NO_OPENSSL static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int verify) { -#ifdef NO_OPENSSL fprintf(stderr, "SSL requested but SSL support not compiled in\n"); return -1; +} + #else + +static int host_matches(const char *host, const char *pattern) +{ + if (pattern[0] == '*' && pattern[1] == '.') { + pattern += 2; + if (!(host = strchr(host, '.'))) + return 0; + host++; + } + + return *host && *pattern && !strcasecmp(host, pattern); +} + +static int verify_hostname(X509 *cert, const char *hostname) +{ + int len; + X509_NAME *subj; + char cname[1000]; + int i, found; + STACK_OF(GENERAL_NAME) *subj_alt_names; + + /* try the DNS subjectAltNames */ + found = 0; + if ((subj_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL))) { + int num_subj_alt_names = sk_GENERAL_NAME_num(subj_alt_names); + for (i = 0; !found && i < num_subj_alt_names; i++) { + GENERAL_NAME *subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i); + if (subj_alt_name->type == GEN_DNS && + strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length && + host_matches(hostname, (const char *)(subj_alt_name->d.ia5->data))) + found = 1; + } + sk_GENERAL_NAME_pop_free(subj_alt_names, GENERAL_NAME_free); + } + if (found) + return 0; + + /* try the common name */ + if (!(subj = X509_get_subject_name(cert))) + return error("cannot get certificate subject"); + if ((len = X509_NAME_get_text_by_NID(subj, NID_commonName, cname, sizeof(cname))) < 0) + return error("cannot get certificate common name"); + if (strlen(cname) == (size_t)len && host_matches(hostname, cname)) + return 0; + return error("certificate owner '%s' does not match hostname '%s'", + cname, hostname); +} + +static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int verify) +{ #if (OPENSSL_VERSION_NUMBER >= 0x10000000L) const SSL_METHOD *meth; #else @@ -213,6 +266,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve #endif SSL_CTX *ctx; int ret; + X509 *cert; SSL_library_init(); SSL_load_error_strings(); @@ -256,9 +310,18 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve return -1; } + if (verify) { + /* make sure the hostname matches that of the certificate */ + cert = SSL_get_peer_certificate(sock->ssl); + if (!cert) + return error("unable to get peer certificate."); + if (verify_hostname(cert, server.host) < 0) + return -1; + } + return 0; -#endif } +#endif static int socket_read(struct imap_socket *sock, char *buf, int len) { diff --git a/name-hash.c b/name-hash.c index d8d25c23e9..942c459622 100644 --- a/name-hash.c +++ b/name-hash.c @@ -24,11 +24,11 @@ static unsigned int hash_name(const char *name, int namelen) { unsigned int hash = 0x123; - do { + while (namelen--) { unsigned char c = *name++; c = icase_hash(c); hash = hash*101 + c; - } while (--namelen); + } return hash; } diff --git a/t/t0008-ignores.sh b/t/t0008-ignores.sh index d7df7198c4..9c1bde1fd6 100755 --- a/t/t0008-ignores.sh +++ b/t/t0008-ignores.sh @@ -75,6 +75,16 @@ test_check_ignore () { stderr_empty_on_success "$expect_code" } +# Runs the same code with 3 different levels of output verbosity, +# expecting success each time. Takes advantage of the fact that +# check-ignore --verbose output is the same as normal output except +# for the extra first column. +# +# Arguments: +# - (optional) prereqs for this test, e.g. 'SYMLINKS' +# - test name +# - output to expect from -v / --verbose mode +# - code to run (should invoke test_check_ignore) test_expect_success_multi () { prereq= if test $# -eq 4 @@ -128,6 +138,7 @@ test_expect_success 'setup' ' cat <<-\EOF >.gitignore && one ignored-* + top-level-dir/ EOF for dir in . a do @@ -167,6 +178,10 @@ test_expect_success 'setup' ' # # test invalid inputs +test_expect_success_multi '. corner-case' '' ' + test_check_ignore . 1 +' + test_expect_success_multi 'empty command line' '' ' test_check_ignore "" 128 && stderr_contains "fatal: no path specified" diff --git a/t/t7512-status-help.sh b/t/t7512-status-help.sh index 51ab89411f..d2da89a5f5 100755 --- a/t/t7512-status-help.sh +++ b/t/t7512-status-help.sh @@ -5,7 +5,7 @@ # Grenoble INP Ensimag # -test_description='git status advices' +test_description='git status advice' . ./test-lib.sh |