summaryrefslogtreecommitdiff
path: root/Documentation/RelNotes
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/RelNotes')
-rw-r--r--Documentation/RelNotes/1.7.11.7.txt2
-rw-r--r--Documentation/RelNotes/2.13.7.txt20
-rw-r--r--Documentation/RelNotes/2.14.4.txt5
-rw-r--r--Documentation/RelNotes/2.15.2.txt3
-rw-r--r--Documentation/RelNotes/2.16.4.txt5
-rw-r--r--Documentation/RelNotes/2.17.0.txt2
-rw-r--r--Documentation/RelNotes/2.17.1.txt16
-rw-r--r--Documentation/RelNotes/2.18.0.txt200
-rw-r--r--Documentation/RelNotes/2.19.0.txt57
9 files changed, 293 insertions, 17 deletions
diff --git a/Documentation/RelNotes/1.7.11.7.txt b/Documentation/RelNotes/1.7.11.7.txt
index e7e79d999b..e743a2a8e4 100644
--- a/Documentation/RelNotes/1.7.11.7.txt
+++ b/Documentation/RelNotes/1.7.11.7.txt
@@ -25,7 +25,7 @@ Fixes since v1.7.11.6
references" nor "Reload" did not update what is shown as the
contents of it, when the user overwrote the tag with "git tag -f".
- * "git for-each-ref" did not currectly support more than one --sort
+ * "git for-each-ref" did not correctly support more than one --sort
option.
* "git log .." errored out saying it is both rev range and a path
diff --git a/Documentation/RelNotes/2.13.7.txt b/Documentation/RelNotes/2.13.7.txt
new file mode 100644
index 0000000000..09fc01406c
--- /dev/null
+++ b/Documentation/RelNotes/2.13.7.txt
@@ -0,0 +1,20 @@
+Git v2.13.7 Release Notes
+=========================
+
+Fixes since v2.13.6
+-------------------
+
+ * Submodule "names" come from the untrusted .gitmodules file, but we
+ blindly append them to $GIT_DIR/modules to create our on-disk repo
+ paths. This means you can do bad things by putting "../" into the
+ name. We now enforce some rules for submodule names which will cause
+ Git to ignore these malicious names (CVE-2018-11235).
+
+ Credit for finding this vulnerability and the proof of concept from
+ which the test script was adapted goes to Etienne Stalmans.
+
+ * It was possible to trick the code that sanity-checks paths on NTFS
+ into reading random piece of memory (CVE-2018-11233).
+
+Credit for fixing for these bugs goes to Jeff King, Johannes
+Schindelin and others.
diff --git a/Documentation/RelNotes/2.14.4.txt b/Documentation/RelNotes/2.14.4.txt
new file mode 100644
index 0000000000..97755a89d9
--- /dev/null
+++ b/Documentation/RelNotes/2.14.4.txt
@@ -0,0 +1,5 @@
+Git v2.14.4 Release Notes
+=========================
+
+This release is to forward-port the fixes made in the v2.13.7 version
+of Git. See its release notes for details.
diff --git a/Documentation/RelNotes/2.15.2.txt b/Documentation/RelNotes/2.15.2.txt
index 9f7e28f8a2..b480e56b68 100644
--- a/Documentation/RelNotes/2.15.2.txt
+++ b/Documentation/RelNotes/2.15.2.txt
@@ -43,5 +43,8 @@ Fixes since v2.15.1
* Clarify and enhance documentation for "merge-base --fork-point", as
it was clear what it computed but not why/what for.
+ * This release also contains the fixes made in the v2.13.7 version of
+ Git. See its release notes for details.
+
Also contains various documentation updates and code clean-ups.
diff --git a/Documentation/RelNotes/2.16.4.txt b/Documentation/RelNotes/2.16.4.txt
new file mode 100644
index 0000000000..6be538ba30
--- /dev/null
+++ b/Documentation/RelNotes/2.16.4.txt
@@ -0,0 +1,5 @@
+Git v2.16.4 Release Notes
+=========================
+
+This release is to forward-port the fixes made in the v2.13.7 version
+of Git. See its release notes for details.
diff --git a/Documentation/RelNotes/2.17.0.txt b/Documentation/RelNotes/2.17.0.txt
index d6db0e19cf..c2cf891f71 100644
--- a/Documentation/RelNotes/2.17.0.txt
+++ b/Documentation/RelNotes/2.17.0.txt
@@ -342,7 +342,7 @@ Fixes since v2.16
validate the data and connected-ness of objects in the received
pack; the code to perform this check has been taught about the
narrow clone's convention that missing objects that are reachable
- from objects in a pack that came from a promissor remote is OK.
+ from objects in a pack that came from a promisor remote is OK.
* There was an unused file-scope static variable left in http.c when
building for versions of libCURL that is older than 7.19.4, which
diff --git a/Documentation/RelNotes/2.17.1.txt b/Documentation/RelNotes/2.17.1.txt
new file mode 100644
index 0000000000..e01384fe8e
--- /dev/null
+++ b/Documentation/RelNotes/2.17.1.txt
@@ -0,0 +1,16 @@
+Git v2.17.1 Release Notes
+=========================
+
+Fixes since v2.17
+-----------------
+
+ * This release contains the same fixes made in the v2.13.7 version of
+ Git, covering CVE-2018-11233 and 11235, and forward-ported to
+ v2.14.4, v2.15.2 and v2.16.4 releases. See release notes to
+ v2.13.7 for details.
+
+ * In addition to the above fixes, this release has support on the
+ server side to reject pushes to repositories that attempt to create
+ such problematic .gitmodules file etc. as tracked contents, to help
+ hosting sites protect their customers by preventing malicious
+ contents from spreading.
diff --git a/Documentation/RelNotes/2.18.0.txt b/Documentation/RelNotes/2.18.0.txt
index 40c3b9470b..3ea280cf68 100644
--- a/Documentation/RelNotes/2.18.0.txt
+++ b/Documentation/RelNotes/2.18.0.txt
@@ -6,13 +6,15 @@ Updates since v2.17
UI, Workflows & Features
- * Rename detection logic in "diff" family that is used in "merge" has
+ * Rename detection logic that is used in "merge" and "cherry-pick" has
learned to guess when all of x/a, x/b and x/c have moved to z/a,
z/b and z/c, it is likely that x/d added in the meantime would also
want to move to z/d by taking the hint that the entire directory
'x' moved to 'z'. A bug causing dirty files involved in a rename
to be overwritten during merge has also been fixed as part of this
- work.
+ work. Incidentally, this also avoids updating a file in the
+ working tree after a (non-trivial) merge whose result matches what
+ our side originally had.
* "git filter-branch" learned to use a different exit code to allow
the callers to tell the case where there was no new commits to
@@ -48,7 +50,7 @@ UI, Workflows & Features
have been replaced with a stub that errors out and tells the user
there are replacements.
- * The new "checkout-encoding" attribute can ask Git to convert the
+ * The new "working-tree-encoding" attribute can ask Git to convert the
contents to the specified encoding when checking out to the working
tree (and the other way around when checking in).
@@ -102,7 +104,48 @@ UI, Workflows & Features
* The command line completion mechanism (in contrib/) learned to load
custom completion file for "git $command" where $command is a
custom "git-$command" that the end user has on the $PATH when using
- newer version of bash.
+ newer version of bash-completion.
+
+ * "git send-email" can sometimes offer confirmation dialog "Send this
+ email?" with choices 'Yes', 'No', 'Quit', and 'All'. A new action
+ 'Edit' has been added to this dialog's choice.
+
+ * With merge.renames configuration set to false, the recursive merge
+ strategy can be told not to spend cycles trying to find renamed
+ paths and merge them accordingly.
+
+ * "git status" learned to honor a new status.renames configuration to
+ skip rename detection, which could be useful for those who want to
+ do so without disabling the default rename detection done by the
+ "git diff" command.
+
+ * Command line completion (in contrib/) learned to complete pathnames
+ for various commands better.
+
+ * "git blame" learns to unhighlight uninteresting metadata from the
+ originating commit on lines that are the same as the previous one,
+ and also paint lines in different colors depending on the age of
+ the commit.
+
+ * Transfer protocol v2 learned to support the partial clone.
+
+ * When a short hexadecimal string is used to name an object but there
+ are multiple objects that share the string as the prefix of their
+ names, the code lists these ambiguous candidates in a help message.
+ These object names are now sorted according to their types for
+ easier eyeballing.
+
+ * "git fetch $there $refspec" that talks over protocol v2 can take
+ advantage of server-side ref filtering; the code has been extended
+ so that this mechanism triggers also when fetching with configured
+ refspec.
+
+ * Our HTTP client code used to advertise that we accept gzip encoding
+ from the other side; instead, just let cURL library to advertise
+ and negotiate the best one.
+
+ * "git p4" learned to "unshelve" shelved commit from P4.
+ (merge 123f631761 ld/p4-unshelve later to maint).
Performance, Internal Implementation, Development Support etc.
@@ -218,20 +261,47 @@ Performance, Internal Implementation, Development Support etc.
repository object (which in turn tells the API which object store
the objects are to be located).
- * Rename detection logic in "diff" family that is used in "merge" has
- learned to guess when all of x/a, x/b and x/c have moved to z/a,
- z/b and z/c, it is likely that x/d added in the meantime would also
- want to move to z/d by taking the hint that the entire directory
- 'x' moved to 'z'. A bug causing dirty files involved in a rename
- to be overwritten during merge has also been fixed as part of this
- work. Incidentally, this also avoids updating a file in the
- working tree after a (non-trivial) merge whose result matches what
- our side originally had.
-
* "git pack-objects" needs to allocate tons of "struct object_entry"
while doing its work, and shrinking its size helps the performance
quite a bit.
+ * The implementation of "git rebase -i --root" has been updated to use
+ the sequencer machinery more.
+
+ * Developer support update, by using BUG() macro instead of die() to
+ mark codepaths that should not happen more clearly.
+
+ * Developer support. Use newer GCC on one of the builds done at
+ TravisCI.org to get more warnings and errors diagnosed.
+
+ * Conversion from uchar[20] to struct object_id continues.
+
+ * By code restructuring of submodule merge in merge-recursive,
+ informational messages from the codepath are now given using the
+ same mechanism as other output, and honor the merge.verbosity
+ configuration. The code also learned to give a few new messages
+ when a submodule three-way merge resolves cleanly when one side
+ records a descendant of the commit chosen by the other side.
+
+ * Avoid unchecked snprintf() to make future code auditing easier.
+ (merge ac4896f007 jk/snprintf-truncation later to maint).
+
+ * Many tests hardcode the raw object names, which would change once
+ we migrate away from SHA-1. While some of them must test against
+ exact object names, most of them do not have to use hardcoded
+ constants in the test. The latter kind of tests have been updated
+ to test the moral equivalent of the original without hardcoding the
+ actual object names.
+
+ * The list of commands with their various attributes were spread
+ across a few places in the build procedure, but it now is getting a
+ bit more consolidated to allow more automation.
+
+ * Quite a many tests assumed that newly created refs are made as
+ loose refs using the files backend, which have been updated to use
+ proper plumbing like rev-parse and update-ref, to avoid breakage
+ once we start using different ref backends.
+
Also contains various documentation updates and code clean-ups.
@@ -254,7 +324,7 @@ Fixes since v2.17
after giving an error message.
(merge 3bb0923f06 ps/contains-id-error-message later to maint).
- * "diff-highlight" filter (in contrib/) learned to undertand "git log
+ * "diff-highlight" filter (in contrib/) learned to understand "git log
--graph" output better.
(merge 4551fbba14 jk/diff-highlight-graph-fix later to maint).
@@ -382,6 +452,93 @@ Fixes since v2.17
HT by default. The problem is fixed by forcing 8-space tabs.
(merge 379805051d bc/asciidoctor-tab-width later to maint).
+ * Code clean-up to adjust to a more recent lockfile API convention that
+ allows lockfile instances kept on the stack.
+ (merge 0fa5a2ed8d ma/lockfile-cleanup later to maint).
+
+ * the_repository->index is not a allocated piece of memory but
+ repo_clear() indiscriminately attempted to free(3) it, which has
+ been corrected.
+ (merge 74373b5f10 nd/repo-clear-keep-the-index later to maint).
+
+ * Code clean-up to avoid non-standard-conformant pointer arithmetic.
+ (merge c112084af9 rs/no-null-ptr-arith-in-fast-export later to maint).
+
+ * Code clean-up to turn history traversal more robust in a
+ semi-corrupt repository.
+ (merge 8702b30fd7 jk/unavailable-can-be-missing later to maint).
+
+ * "git update-ref A B" is supposed to ensure that ref A does not yet
+ exist when B is a NULL OID, but this check was not done correctly
+ for pseudo-refs outside refs/ hierarchy, e.g. MERGE_HEAD.
+
+ * "git submodule update" and "git submodule add" supported the
+ "--reference" option to borrow objects from a neighbouring local
+ repository like "git clone" does, but lacked the more recent
+ invention "--dissociate". Also "git submodule add" has been taught
+ to take the "--progress" option.
+ (merge a0ef29341a cf/submodule-progress-dissociate later to maint).
+
+ * Update credential-netrc helper (in contrib/) to allow customizing
+ the GPG used to decrypt the encrypted .netrc file.
+ (merge 786ef50a23 lm/credential-netrc later to maint).
+
+ * "git submodule update" attempts two different kinds of "git fetch"
+ against the upstream repository to grab a commit bound at the
+ submodule's path, but it incorrectly gave up if the first kind
+ (i.e. a normal fetch) failed, making the second "last resort" one
+ (i.e. fetching an exact commit object by object name) ineffective.
+ This has been corrected.
+ (merge e30d833671 sb/submodule-update-try-harder later to maint).
+
+ * Error behaviour of "git grep" when it cannot read the index was
+ inconsistent with other commands that uses the index, which has
+ been corrected to error out early.
+ (merge b2aa84c789 sb/grep-die-on-unreadable-index later to maint).
+
+ * We used to call regfree() after regcomp() failed in some codepaths,
+ which have been corrected.
+ (merge 17154b1576 ma/regex-no-regfree-after-comp-fail later to maint).
+
+ * The import-tars script (in contrib/) has been taught to handle
+ tarballs with overly long paths that use PAX extended headers.
+ (merge 12ecea46e3 pa/import-tars-long-names later to maint).
+
+ * "git rev-parse Y..." etc. misbehaved when given endpoints were
+ not committishes.
+ (merge 0ed556d38f en/rev-parse-invalid-range later to maint).
+
+ * "git pull --recurse-submodules --rebase", when the submodule
+ repository's history did not have anything common between ours and
+ the upstream's, failed to execute. We need to fetch from them to
+ continue even in such a case.
+ (merge 4d36f88be7 jt/submodule-pull-recurse-rebase later to maint).
+
+ * "git remote update" can take both a single remote nickname and a
+ nickname for remote groups, but only one of them was documented.
+ (merge a97447a42a nd/remote-update-doc later to maint).
+
+ * "index-pack --strict" has been taught to make sure that it runs the
+ final object integrity checks after making the freshly indexed
+ packfile available to itself.
+ (merge 3737746120 jk/index-pack-maint later to maint).
+
+ * Make zlib inflate codepath more robust against versions of zlib
+ that clobber unused portion of outbuf.
+ (merge b611396e97 jl/zlib-restore-nul-termination later to maint).
+
+ * Fix old merge glitch in Documentation during v2.13-rc0 era.
+ (merge 28cb06020b mw/doc-merge-enumfix later to maint).
+
+ * The code to read compressed bitmap was not careful to avoid reading
+ past the end of the file, which has been corrected.
+ (merge 1140bf01ec jk/ewah-bounds-check later to maint).
+
+ * "make NO_ICONV=NoThanks" did not override NEEDS_LIBICONV
+ (i.e. linkage of -lintl, -liconv, etc. that are platform-specific
+ tweaks), which has been corrected.
+ (merge fdb1fbbc7d es/make-no-iconv later to maint).
+
* Other minor doc, test and build updates and code cleanups.
(merge 248f66ed8e nd/trace-with-env later to maint).
(merge 14ced5562c ys/bisect-object-id-missing-conversion-fix later to maint).
@@ -411,3 +568,16 @@ Fixes since v2.17
(merge 5356a3c354 ah/misc-doc-updates later to maint).
(merge 92c4a7a129 nd/completion-aliasfiletype-typofix later to maint).
(merge 58bd77b66a nd/pack-unreachable-objects-doc later to maint).
+ (merge 4ed79d5203 sg/t6500-no-redirect-of-stdin later to maint).
+ (merge 17b8a2d6cd jk/config-blob-sans-repo later to maint).
+ (merge 590551ca2c rd/tag-doc-lightweight later to maint).
+ (merge 44f560fc16 rd/init-typo later to maint).
+ (merge f156a0934a rd/p4-doc-markup-env later to maint).
+ (merge 2a00502b14 tg/doc-sec-list later to maint).
+ (merge 47cc91310a jk/submodule-fsck-loose-fixup later to maint).
+ (merge efde7b725c rd/comment-typofix-in-sha1-file later to maint).
+ (merge 7eedad15df rd/diff-options-typofix later to maint).
+ (merge 58ebd936cc km/doc-workflows-typofix later to maint).
+ (merge 30aa96cdf8 rd/doc-remote-tracking-with-hyphen later to maint).
+ (merge cf317877e3 ks/branch-set-upstream later to maint).
+ (merge 8de19d6be8 sg/t7406-chain-fix later to maint).
diff --git a/Documentation/RelNotes/2.19.0.txt b/Documentation/RelNotes/2.19.0.txt
new file mode 100644
index 0000000000..2954653d10
--- /dev/null
+++ b/Documentation/RelNotes/2.19.0.txt
@@ -0,0 +1,57 @@
+Git 2.19 Release Notes
+======================
+
+Updates since v2.18
+-------------------
+
+UI, Workflows & Features
+
+ * "git diff" compares the index and the working tree. For paths
+ added with intent-to-add bit, the command shows the full contents
+ of them as added, but the paths themselves were not marked as new
+ files. They are now shown as new by default.
+
+ "git apply" learned the "--intent-to-add" option so that an
+ otherwise working-tree-only application of a patch will add new
+ paths to the index marked with the "intent-to-add" bit.
+
+
+Performance, Internal Implementation, Development Support etc.
+
+ * The bulk of "git submodule foreach" has been rewritten in C.
+
+ * The in-core "commit" object had an all-purpose "void *util" field,
+ which was tricky to use especially in library-ish part of the
+ code. All of the existing uses of the field has been migrated to a
+ more dedicated "commit-slab" mechanism and the field is eliminated.
+
+ * A less often used command "git show-index" has been modernized.
+ (merge fb3010c31f jk/show-index later to maint).
+
+ * The conversion to pass "the_repository" and then "a_repository"
+ throughout the object access API continues.
+
+ * Continuing with the idea to programatically enumerate various
+ pieces of data required for command line completion, teach the
+ codebase to report the list of configuration variables
+ subcommands care about to help complete them.
+
+ * Separate "rebase -p" codepath out of "rebase -i" implementation to
+ slim down the latter and make it easier to manage.
+
+
+Fixes since v2.18
+-----------------
+
+ * "git remote update" can take both a single remote nickname and a
+ nickname for remote groups, and the completion script (in contrib/)
+ has been taught about it.
+ (merge 9cd4382ad5 ls/complete-remote-update-names later to maint).
+
+ * "git fetch --shallow-since=<cutoff>" that specifies the cut-off
+ point that is newer than the existing history used to end up
+ grabbing the entire history. Such a request now errors out.
+ (merge e34de73c56 nd/reject-empty-shallow-request later to maint).
+
+ * Code cleanup.
+ (merge aee9be2ebe sg/update-ref-stdin-cleanup later to maint).