diff options
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/RelNotes/2.11.1.txt | 120 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.12.0.txt | 81 | ||||
| -rw-r--r-- | Documentation/config.txt | 33 | ||||
| -rw-r--r-- | Documentation/diff-config.txt | 6 | ||||
| -rw-r--r-- | Documentation/diff-heuristic-options.txt | 2 | ||||
| -rw-r--r-- | Documentation/git-fetch-pack.txt | 6 | ||||
| -rw-r--r-- | Documentation/git-fetch.txt | 2 | ||||
| -rw-r--r-- | Documentation/git-gc.txt | 34 | ||||
| -rw-r--r-- | Documentation/git-grep.txt | 14 | ||||
| -rw-r--r-- | Documentation/git-p4.txt | 2 | ||||
| -rw-r--r-- | Documentation/git-pull.txt | 2 | ||||
| -rw-r--r-- | Documentation/git-push.txt | 2 | ||||
| -rw-r--r-- | Documentation/git-submodule.txt | 15 | ||||
| -rw-r--r-- | Documentation/git.txt | 3 | ||||
| -rw-r--r-- | Documentation/gitnamespaces.txt | 20 | ||||
| -rw-r--r-- | Documentation/transfer-data-leaks.txt | 30 |
16 files changed, 288 insertions, 84 deletions
diff --git a/Documentation/RelNotes/2.11.1.txt b/Documentation/RelNotes/2.11.1.txt new file mode 100644 index 0000000000..74b193f1a8 --- /dev/null +++ b/Documentation/RelNotes/2.11.1.txt @@ -0,0 +1,120 @@ +Git v2.11.1 Release Notes +========================= + +Fixes since v2.11 +----------------- + + * The default Travis-CI configuration specifies newer P4 and GitLFS. + + * The character width table has been updated to match Unicode 9.0 + + * Update the isatty() emulation for Windows by updating the previous + hack that depended on internals of (older) MSVC runtime. + + * "git rev-parse --symbolic" failed with a more recent notation like + "HEAD^-1" and "HEAD^!". + + * An empty directory in a working tree that can simply be nuked used + to interfere while merging or cherry-picking a change to create a + submodule directory there, which has been fixed.. + + * The code in "git push" to compute if any commit being pushed in the + superproject binds a commit in a submodule that hasn't been pushed + out was overly inefficient, making it unusable even for a small + project that does not have any submodule but have a reasonable + number of refs. + + * "git push --dry-run --recurse-submodule=on-demand" wasn't + "--dry-run" in the submodules. + + * The output from "git worktree list" was made in readdir() order, + and was unstable. + + * mergetool.<tool>.trustExitCode configuration variable did not apply + to built-in tools, but now it does. + + * "git p4" LFS support was broken when LFS stores an empty blob. + + * Fix a corner case in merge-recursive regression that crept in + during 2.10 development cycle. + + * Update the error messages from the dumb-http client when it fails + to obtain loose objects; we used to give sensible error message + only upon 404 but we now forbid unexpected redirects that needs to + be reported with something sensible. + + * When diff.renames configuration is on (and with Git 2.9 and later, + it is enabled by default, which made it worse), "git stash" + misbehaved if a file is removed and another file with a very + similar content is added. + + * "git diff --no-index" did not take "--no-abbrev" option. + + * "git difftool --dir-diff" had a minor regression when started from + a subdirectory, which has been fixed. + + * "git commit --allow-empty --only" (no pathspec) with dirty index + ought to be an acceptable way to create a new commit that does not + change any paths, but it was forbidden, perhaps because nobody + needed it so far. + + * A pathname that begins with "//" or "\\" on Windows is special but + path normalization logic was unaware of it. + + * "git pull --rebase", when there is no new commits on our side since + we forked from the upstream, should be able to fast-forward without + invoking "git rebase", but it didn't. + + * The way to specify hotkeys to "xxdiff" that is used by "git + mergetool" has been modernized to match recent versions of xxdiff. + + * Unlike "git am --abort", "git cherry-pick --abort" moved HEAD back + to where cherry-pick started while picking multiple changes, when + the cherry-pick stopped to ask for help from the user, and the user + did "git reset --hard" to a different commit in order to re-attempt + the operation. + + * Code cleanup in shallow boundary computation. + + * A recent update to receive-pack to make it easier to drop garbage + objects made it clear that GIT_ALTERNATE_OBJECT_DIRECTORIES cannot + have a pathname with a colon in it (no surprise!), and this in turn + made it impossible to push into a repository at such a path. This + has been fixed by introducing a quoting mechanism used when + appending such a path to the colon-separated list. + + * The function usage_msg_opt() has been updated to say "fatal:" + before the custom message programs give, when they want to die + with a message about wrong command line options followed by the + standard usage string. + + * "git index-pack --stdin" needs an access to an existing repository, + but "git index-pack file.pack" to generate an .idx file that + corresponds to a packfile does not. + + * Fix for NDEBUG builds. + + * A lazy "git push" without refspec did not internally use a fully + specified refspec to perform 'current', 'simple', or 'upstream' + push, causing unnecessary "ambiguous ref" errors. + + * "git p4" misbehaved when swapping a directory and a symbolic link. + + * Even though an fix was attempted in Git 2.9.3 days, but running + "git difftool --dir-diff" from a subdirectory never worked. This + has been fixed. + + * "git p4" that tracks multile p4 paths imported a single changelist + that touches files in these multiple paths as one commit, followed + by many empty commits. This has been fixed. + + * A potential but unlikely buffer overflow in Windows port has been + fixed. + + * When the http server gives an incomplete response to a smart-http + rpc call, it could lead to client waiting for a full response that + will never come. Teach the client side to notice this condition + and abort the transfer. + + +Also contains various documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.12.0.txt b/Documentation/RelNotes/2.12.0.txt index 778145a3ed..f7d5e9cf14 100644 --- a/Documentation/RelNotes/2.12.0.txt +++ b/Documentation/RelNotes/2.12.0.txt @@ -61,6 +61,11 @@ UI, Workflows & Features the previous hack that depended on internals of (older) MSVC runtime. + * Some platforms no longer understand "latin-1" that is still seen in + the wild in e-mail headers; replace them with "iso-8859-1" that is + more widely known when conversion fails from/to it. + (merge df3755888b jc/latin-1 later to maint). + Performance, Internal Implementation, Development Support etc. @@ -70,17 +75,29 @@ Performance, Internal Implementation, Development Support etc. code with "git interpret-trailer". * The default Travis-CI configuration specifies newer P4 and GitLFS. - (merge 5f703e8f02 ls/travis-update-p4-and-lfs later to maint). * The "fast hash" that had disastrous performance issues in some corner cases has been retired from the internal diff. * The character width table has been updated to match Unicode 9.0 - (merge 9e6e9aefdf bb/unicode-9.0 later to maint). * Update the procedure to generate "tags" for developer support. (merge 046e4c1c09 jk/make-tags-find-sources-tweak later to maint). + * The codeflow of setting NOATIME and CLOEXEC on file descriptors Git + opens has been simplified. + (merge b4d065df03 jc/git-open-cloexec later to maint). + + * "git diff" and its family had two experimental heuristics to shift + the contents of a hunk to make the patch easier to read. One of + them turns out to be better than the other, so leave only the + "--indent-heuristic" option and remove the other one. + (merge 3cde4e02ee jc/retire-compaction-heuristics later to maint). + + * A new submodule helper "git submodule embedgitdirs" to make it + easier to move embedded .git/ directory for submodules in a + superproject to .git/modules/ (and point the latter with the former + that is turned into a "gitdir:" file) has been added. Also contains various documentation updates and code clean-ups. @@ -96,7 +113,6 @@ notes for details). standard I/O streams are connected to a TTY, but isatty() that comes with Windows incorrectly returned true if it is used on NUL (i.e. an equivalent to /dev/null). This has been fixed. - (merge cbb3f3c9b1 js/mingw-isatty later to maint). * "git svn" did not work well with path components that are "0", and some configuration variable it uses were not documented. @@ -104,70 +120,56 @@ notes for details). * "git rev-parse --symbolic" failed with a more recent notation like "HEAD^-1" and "HEAD^!". - (merge a2e7b04c44 jk/rev-parse-symbolic-parents-fix later to maint). * An empty directory in a working tree that can simply be nuked used to interfere while merging or cherry-picking a change to create a submodule directory there, which has been fixed.. - (merge 5423d2e700 dt/empty-submodule-in-merge later to maint). * The code in "git push" to compute if any commit being pushed in the superproject binds a commit in a submodule that hasn't been pushed out was overly inefficient, making it unusable even for a small project that does not have any submodule but have a reasonable number of refs. - (merge 250ab24ab3 hv/submodule-not-yet-pushed-fix later to maint). * "git push --dry-run --recurse-submodule=on-demand" wasn't "--dry-run" in the submodules. - (merge 0301c821c5 bw/push-dry-run later to maint). * The output from "git worktree list" was made in readdir() order, and was unstable. - (merge 4df1d4d466 nd/worktree-list-fixup later to maint). * mergetool.<tool>.trustExitCode configuration variable did not apply to built-in tools, but now it does. - (merge 2967284456 da/mergetool-trust-exit-code later to maint). * "git p4" LFS support was broken when LFS stores an empty blob. - (merge d5eb3cf5e7 ls/p4-empty-file-on-lfs later to maint). * A corner case in merge-recursive regression that crept in during 2.10 development cycle has been fixed. - (merge 1c25d2d8ed jc/renormalize-merge-kill-safer-crlf later to maint). * Transport with dumb http can be fooled into following foreign URLs that the end user does not intend to, especially with the server side redirects and http-alternates mechanism, which can lead to security issues. Tighten the redirection and make it more obvious to the end user when it happens. - (merge cb4d2d35c4 jk/http-walker-limit-redirect-2.9 later to maint). * Update the error messages from the dumb-http client when it fails to obtain loose objects; we used to give sensible error message only upon 404 but we now forbid unexpected redirects that needs to be reported with something sensible. - (merge 3680f16f9d jk/http-walker-limit-redirect later to maint). * When diff.renames configuration is on (and with Git 2.9 and later, it is enabled by default, which made it worse), "git stash" misbehaved if a file is removed and another file with a very similar content is added. - (merge 9d4e28ead5 jk/stash-disable-renames-internally later to maint). * "git diff --no-index" did not take "--no-abbrev" option. - (merge 43d1948b7b jb/diff-no-index-no-abbrev later to maint). * "git difftool --dir-diff" had a minor regression when started from a subdirectory, which has been fixed. - (merge 853e10c197 da/difftool-dir-diff-fix later to maint). * "git commit --allow-empty --only" (no pathspec) with dirty index ought to be an acceptable way to create a new commit that does not change any paths, but it was forbidden, perhaps because nobody needed it so far. - (merge beb635ca9c ak/commit-only-allow-empty later to maint). * Git 2.11 had a minor regression in "merge --ff-only" that competed with another process that simultanously attempted to update the @@ -177,26 +179,21 @@ notes for details). * A pathname that begins with "//" or "\\" on Windows is special but path normalization logic was unaware of it. - (merge 7814fbe3f1 js/normalize-path-copy-ceil later to maint). * "git pull --rebase", when there is no new commits on our side since we forked from the upstream, should be able to fast-forward without invoking "git rebase", but it didn't. - (merge 33b842a1e9 jc/pull-rebase-ff later to maint). * The way to specify hotkeys to "xxdiff" that is used by "git mergetool" has been modernized to match recent versions of xxdiff. - (merge 6cf5f6cef7 da/mergetool-xxdiff-hotkey later to maint). * Unlike "git am --abort", "git cherry-pick --abort" moved HEAD back to where cherry-pick started while picking multiple changes, when the cherry-pick stopped to ask for help from the user, and the user did "git reset --hard" to a different commit in order to re-attempt the operation. - (merge ce73bb22d8 sb/sequencer-abort-safety later to maint). * Code cleanup in shallow boundary computation. - (merge 649b0c316a nd/shallow-fixup later to maint). * A recent update to receive-pack to make it easier to drop garbage objects made it clear that GIT_ALTERNATE_OBJECT_DIRECTORIES cannot @@ -204,52 +201,56 @@ notes for details). made it impossible to push into a repository at such a path. This has been fixed by introducing a quoting mechanism used when appending such a path to the colon-separated list. - (merge 5e74824fac jk/quote-env-path-list-component later to maint). * The function usage_msg_opt() has been updated to say "fatal:" before the custom message programs give, when they want to die with a message about wrong command line options followed by the standard usage string. - (merge 87433261a4 jk/parseopt-usage-msg-opt later to maint). * "git index-pack --stdin" needs an access to an existing repository, but "git index-pack file.pack" to generate an .idx file that corresponds to a packfile does not. - (merge 29401e1575 jk/index-pack-wo-repo-from-stdin later to maint). * Fix for NDEBUG builds. - (merge 08414938a2 jt/mailinfo-fold-in-body-headers later to maint). * A lazy "git push" without refspec did not internally use a fully specified refspec to perform 'current', 'simple', or 'upstream' push, causing unnecessary "ambiguous ref" errors. - (merge b284495e93 jc/push-default-explicit later to maint). * "git p4" misbehaved when swapping a directory and a symbolic link. - (merge df8a9e86db ld/p4-compare-dir-vs-symlink later to maint). * Even though an fix was attempted in Git 2.9.3 days, but running "git difftool --dir-diff" from a subdirectory never worked. This has been fixed. - (merge ce6926974e jk/difftool-in-subdir later to maint). * "git p4" that tracks multile p4 paths imported a single changelist that touches files in these multiple paths as one commit, followed by many empty commits. This has been fixed. - (merge 9943e5b979 gv/p4-multi-path-commit-fix later to maint). * A potential but unlikely buffer overflow in Windows port has been fixed. - (merge c46458e82f mk/mingw-winansi-ttyname-termination-fix later to maint). + + * When the http server gives an incomplete response to a smart-http + rpc call, it could lead to client waiting for a full response that + will never come. Teach the client side to notice this condition + and abort the transfer. + + * Compression setting for producing packfiles were spread across + three codepaths, one of which did not honor any configuration. + Unify these so that all of them honor core.compression and + pack.compression variables the same way. + (merge 8de7eeb54b jc/compression-config later to maint). + + * "git fast-import" sometimes mishandled while rebalancing notes + tree, which has been fixed. + (merge 405d7f4af6 mh/fast-import-notes-fix-new later to maint). + + * Recent update to the default abbreviation length that auto-scales + lacked documentation update, which has been corrected. + (merge 48d5014dd4 jc/abbrev-autoscale-config later to maint). + + * Leakage of lockfiles in the config subsystem has been fixed. + (merge c06fa62dfc nd/config-misc-fixes later to maint). * Other minor doc, test and build updates and code cleanups. - (merge fa6ca11105 nd/qsort-in-merge-recursive later to maint). - (merge fa3142c919 ak/lazy-prereq-mktemp later to maint). - (merge 9c48b4fb23 ls/t0021-fixup later to maint). - (merge 584f99c87b sb/unpack-trees-grammofix later to maint). - (merge 54471fdcc3 jk/readme-gmane-is-no-more later to maint). - (merge 9e189f1a5c sb/t3600-cleanup later to maint). - (merge e2c20be57c lr/doc-fix-cet later to maint). - (merge 47437fd3bd kh/tutorial-grammofix later to maint). (merge f2627d9b19 sb/submodule-config-cleanup later to maint). - (merge 7eeda8b821 ls/filter-process later to maint). diff --git a/Documentation/config.txt b/Documentation/config.txt index 30cb946104..506431267e 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -783,10 +783,11 @@ core.sparseCheckout:: linkgit:git-read-tree[1] for more information. core.abbrev:: - Set the length object names are abbreviated to. If unspecified, - many commands abbreviate to 7 hexdigits, which may not be enough - for abbreviated object names to stay unique for sufficiently long - time. + Set the length object names are abbreviated to. If + unspecified or set to "auto", an appropriate value is + computed based on the approximate number of packed objects + in your repository, which hopefully is enough for + abbreviated object names to stay unique for some time. add.ignoreErrors:: add.ignore-errors (deprecated):: @@ -1409,7 +1410,9 @@ gc.pruneExpire:: Override the grace period with this config variable. The value "now" may be used to disable this grace period and always prune unreachable objects immediately, or "never" may be used to - suppress pruning. + suppress pruning. This feature helps prevent corruption when + 'git gc' runs concurrently with another process writing to the + repository; see the "NOTES" section of linkgit:git-gc[1]. gc.worktreePruneExpire:: When 'git gc' is run, it calls @@ -2986,6 +2989,11 @@ is omitted from the advertisements but `refs/heads/master` and `refs/namespaces/bar/refs/heads/master` are still advertised as so-called "have" lines. In order to match refs before stripping, add a `^` in front of the ref name. If you combine `!` and `^`, `!` must be specified first. ++ +Even if you hide refs, a client may still be able to steal the target +objects via the techniques described in the "SECURITY" section of the +linkgit:gitnamespaces[7] man page; it's best to keep private data in a +separate repository. transfer.unpackLimit:: When `fetch.unpackLimit` or `receive.unpackLimit` are @@ -2995,7 +3003,7 @@ transfer.unpackLimit:: uploadarchive.allowUnreachable:: If true, allow clients to use `git archive --remote` to request any tree, whether reachable from the ref tips or not. See the - discussion in the `SECURITY` section of + discussion in the "SECURITY" section of linkgit:git-upload-archive[1] for more details. Defaults to `false`. @@ -3009,12 +3017,23 @@ uploadpack.allowTipSHA1InWant:: When `uploadpack.hideRefs` is in effect, allow `upload-pack` to accept a fetch request that asks for an object at the tip of a hidden ref (by default, such a request is rejected). - see also `uploadpack.hideRefs`. + See also `uploadpack.hideRefs`. Even if this is false, a client + may be able to steal objects via the techniques described in the + "SECURITY" section of the linkgit:gitnamespaces[7] man page; it's + best to keep private data in a separate repository. uploadpack.allowReachableSHA1InWant:: Allow `upload-pack` to accept a fetch request that asks for an object that is reachable from any ref tip. However, note that calculating object reachability is computationally expensive. + Defaults to `false`. Even if this is false, a client may be able + to steal objects via the techniques described in the "SECURITY" + section of the linkgit:gitnamespaces[7] man page; it's best to + keep private data in a separate repository. + +uploadpack.allowAnySHA1InWant:: + Allow `upload-pack` to accept a fetch request that asks for any + object at all. Defaults to `false`. uploadpack.keepAlive:: diff --git a/Documentation/diff-config.txt b/Documentation/diff-config.txt index 58f4bd6afa..d8570f2a75 100644 --- a/Documentation/diff-config.txt +++ b/Documentation/diff-config.txt @@ -172,10 +172,8 @@ diff.tool:: include::mergetools-diff.txt[] diff.indentHeuristic:: -diff.compactionHeuristic:: - Set one of these options to `true` to enable one of two - experimental heuristics that shift diff hunk boundaries to - make patches easier to read. + Set this option to `true` to enable experimental heuristics + that shift diff hunk boundaries to make patches easier to read. diff.algorithm:: Choose a diff algorithm. The variants are as follows: diff --git a/Documentation/diff-heuristic-options.txt b/Documentation/diff-heuristic-options.txt index 36cb549df9..d4f3d95505 100644 --- a/Documentation/diff-heuristic-options.txt +++ b/Documentation/diff-heuristic-options.txt @@ -1,7 +1,5 @@ --indent-heuristic:: --no-indent-heuristic:: ---compaction-heuristic:: ---no-compaction-heuristic:: These are to help debugging and tuning experimental heuristics (which are off by default) that shift diff hunk boundaries to make patches easier to read. diff --git a/Documentation/git-fetch-pack.txt b/Documentation/git-fetch-pack.txt index d45f6adc69..f7ebe36a7b 100644 --- a/Documentation/git-fetch-pack.txt +++ b/Documentation/git-fetch-pack.txt @@ -119,9 +119,9 @@ be in a separate packet, and the list must end with a flush packet. $GIT_DIR (e.g. "HEAD", "refs/heads/master"). When unspecified, update from all heads the remote side has. + -If the remote has enabled the options `uploadpack.allowTipSHA1InWant` or -`uploadpack.allowReachableSHA1InWant`, they may alternatively be 40-hex -sha1s present on the remote. +If the remote has enabled the options `uploadpack.allowTipSHA1InWant`, +`uploadpack.allowReachableSHA1InWant`, or `uploadpack.allowAnySHA1InWant`, +they may alternatively be 40-hex sha1s present on the remote. SEE ALSO -------- diff --git a/Documentation/git-fetch.txt b/Documentation/git-fetch.txt index 9e4216999d..b153aefa68 100644 --- a/Documentation/git-fetch.txt +++ b/Documentation/git-fetch.txt @@ -192,6 +192,8 @@ The first command fetches the `maint` branch from the repository at objects will eventually be removed by git's built-in housekeeping (see linkgit:git-gc[1]). +include::transfer-data-leaks.txt[] + BUGS ---- Using --recurse-submodules can only fetch new commits in already checked diff --git a/Documentation/git-gc.txt b/Documentation/git-gc.txt index bed60f471c..852b72c679 100644 --- a/Documentation/git-gc.txt +++ b/Documentation/git-gc.txt @@ -63,11 +63,10 @@ automatic consolidation of packs. --prune=<date>:: Prune loose objects older than date (default is 2 weeks ago, overridable by the config variable `gc.pruneExpire`). - --prune=all prunes loose objects regardless of their age (do - not use --prune=all unless you know exactly what you are doing. - Unless the repository is quiescent, you will lose newly created - objects that haven't been anchored with the refs and end up - corrupting your repository). --prune is on by default. + --prune=all prunes loose objects regardless of their age and + increases the risk of corruption if another process is writing to + the repository concurrently; see "NOTES" below. --prune is on by + default. --no-prune:: Do not prune any loose objects. @@ -138,17 +137,36 @@ default is "2 weeks ago". Notes ----- -'git gc' tries very hard to be safe about the garbage it collects. In +'git gc' tries very hard not to delete objects that are referenced +anywhere in your repository. In particular, it will keep not only objects referenced by your current set of branches and tags, but also objects referenced by the index, remote-tracking branches, refs saved by 'git filter-branch' in refs/original/, or reflogs (which may reference commits in branches that were later amended or rewound). - -If you are expecting some objects to be collected and they aren't, check +If you are expecting some objects to be deleted and they aren't, check all of those locations and decide whether it makes sense in your case to remove those references. +On the other hand, when 'git gc' runs concurrently with another process, +there is a risk of it deleting an object that the other process is using +but hasn't created a reference to. This may just cause the other process +to fail or may corrupt the repository if the other process later adds a +reference to the deleted object. Git has two features that significantly +mitigate this problem: + +. Any object with modification time newer than the `--prune` date is kept, + along with everything reachable from it. + +. Most operations that add an object to the database update the + modification time of the object if it is already present so that #1 + applies. + +However, these features fall short of a complete solution, so users who +run commands concurrently have to live with some risk of corruption (which +seems to be low in practice) unless they turn off automatic garbage +collection with 'git config gc.auto 0'. + HOOKS ----- diff --git a/Documentation/git-grep.txt b/Documentation/git-grep.txt index 0ecea6e491..71f32f3508 100644 --- a/Documentation/git-grep.txt +++ b/Documentation/git-grep.txt @@ -26,6 +26,7 @@ SYNOPSIS [--threads <num>] [-f <file>] [-e] <pattern> [--and|--or|--not|(|)|-e <pattern>...] + [--recurse-submodules] [--parent-basename <basename>] [ [--[no-]exclude-standard] [--cached | --no-index | --untracked] | <tree>...] [--] [<pathspec>...] @@ -88,6 +89,19 @@ OPTIONS mechanism. Only useful when searching files in the current directory with `--no-index`. +--recurse-submodules:: + Recursively search in each submodule that has been initialized and + checked out in the repository. When used in combination with the + <tree> option the prefix of all submodule output will be the name of + the parent project's <tree> object. + +--parent-basename <basename>:: + For internal use only. In order to produce uniform output with the + --recurse-submodules option, this option can be used to provide the + basename of a parent's <tree> object to a submodule so the submodule + can prefix its output with the parent's name rather than the SHA1 of + the submodule. + -a:: --text:: Process binary files as if they were text. diff --git a/Documentation/git-p4.txt b/Documentation/git-p4.txt index bae862ddcb..7436c64a95 100644 --- a/Documentation/git-p4.txt +++ b/Documentation/git-p4.txt @@ -479,6 +479,8 @@ git-p4.client:: git-p4.retries:: Specifies the number of times to retry a p4 command (notably, 'p4 sync') if the network times out. The default value is 3. + Set the value to 0 to disable retries or if your p4 version + does not support retries (pre 2012.2). Clone and sync variables ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/Documentation/git-pull.txt b/Documentation/git-pull.txt index d033b258e5..4470e4b574 100644 --- a/Documentation/git-pull.txt +++ b/Documentation/git-pull.txt @@ -237,6 +237,8 @@ If you tried a pull which resulted in complex conflicts and would want to start over, you can recover with 'git reset'. +include::transfer-data-leaks.txt[] + BUGS ---- Using --recurse-submodules can only fetch new commits in already checked diff --git a/Documentation/git-push.txt b/Documentation/git-push.txt index 47b77e693b..8eefabd0d1 100644 --- a/Documentation/git-push.txt +++ b/Documentation/git-push.txt @@ -559,6 +559,8 @@ Commits A and B would no longer belong to a branch with a symbolic name, and so would be unreachable. As such, these commits would be removed by a `git gc` command on the origin repository. +include::transfer-data-leaks.txt[] + GIT --- Part of the linkgit:git[1] suite diff --git a/Documentation/git-submodule.txt b/Documentation/git-submodule.txt index d841573475..918bd1d1bd 100644 --- a/Documentation/git-submodule.txt +++ b/Documentation/git-submodule.txt @@ -22,6 +22,7 @@ SYNOPSIS [commit] [--] [<path>...] 'git submodule' [--quiet] foreach [--recursive] <command> 'git submodule' [--quiet] sync [--recursive] [--] [<path>...] +'git submodule' [--quiet] absorbgitdirs [--] [<path>...] DESCRIPTION @@ -245,6 +246,20 @@ sync:: If `--recursive` is specified, this command will recurse into the registered submodules, and sync any nested submodules within. +absorbgitdirs:: + If a git directory of a submodule is inside the submodule, + move the git directory of the submodule into its superprojects + `$GIT_DIR/modules` path and then connect the git directory and + its working directory by setting the `core.worktree` and adding + a .git file pointing to the git directory embedded in the + superprojects git directory. ++ +A repository that was cloned independently and later added as a submodule or +old setups have the submodules git directory inside the submodule instead of +embedded into the superprojects git directory. ++ +This command is recursive by default. + OPTIONS ------- -q:: diff --git a/Documentation/git.txt b/Documentation/git.txt index ba222f68cc..4f208fab92 100644 --- a/Documentation/git.txt +++ b/Documentation/git.txt @@ -44,9 +44,10 @@ unreleased) version of Git, that is available from the 'master' branch of the `git.git` repository. Documentation for older releases are available here: -* link:v2.11.0/git.html[documentation for release 2.11] +* link:v2.11.1/git.html[documentation for release 2.11.1] * release notes for + link:RelNotes/2.11.1.txt[2.11.1], link:RelNotes/2.11.0.txt[2.11]. * link:v2.10.2/git.html[documentation for release 2.10.2] diff --git a/Documentation/gitnamespaces.txt b/Documentation/gitnamespaces.txt index 7685e3651a..b614969ad2 100644 --- a/Documentation/gitnamespaces.txt +++ b/Documentation/gitnamespaces.txt @@ -61,22 +61,4 @@ For a simple local test, you can use linkgit:git-remote-ext[1]: git clone ext::'git --namespace=foo %s /tmp/prefixed.git' ---------- -SECURITY --------- - -Anyone with access to any namespace within a repository can potentially -access objects from any other namespace stored in the same repository. -You can't directly say "give me object ABCD" if you don't have a ref to -it, but you can do some other sneaky things like: - -. Claiming to push ABCD, at which point the server will optimize out the - need for you to actually send it. Now you have a ref to ABCD and can - fetch it (claiming not to have it, of course). - -. Requesting other refs, claiming that you have ABCD, at which point the - server may generate deltas against ABCD. - -None of this causes a problem if you only host public repositories, or -if everyone who may read one namespace may also read everything in every -other namespace (for instance, if everyone in an organization has read -permission to every repository). +include::transfer-data-leaks.txt[] diff --git a/Documentation/transfer-data-leaks.txt b/Documentation/transfer-data-leaks.txt new file mode 100644 index 0000000000..914bacc39e --- /dev/null +++ b/Documentation/transfer-data-leaks.txt @@ -0,0 +1,30 @@ +SECURITY +-------- +The fetch and push protocols are not designed to prevent one side from +stealing data from the other repository that was not intended to be +shared. If you have private data that you need to protect from a malicious +peer, your best option is to store it in another repository. This applies +to both clients and servers. In particular, namespaces on a server are not +effective for read access control; you should only grant read access to a +namespace to clients that you would trust with read access to the entire +repository. + +The known attack vectors are as follows: + +. The victim sends "have" lines advertising the IDs of objects it has that + are not explicitly intended to be shared but can be used to optimize the + transfer if the peer also has them. The attacker chooses an object ID X + to steal and sends a ref to X, but isn't required to send the content of + X because the victim already has it. Now the victim believes that the + attacker has X, and it sends the content of X back to the attacker + later. (This attack is most straightforward for a client to perform on a + server, by creating a ref to X in the namespace the client has access + to and then fetching it. The most likely way for a server to perform it + on a client is to "merge" X into a public branch and hope that the user + does additional work on this branch and pushes it back to the server + without noticing the merge.) + +. As in #1, the attacker chooses an object ID X to steal. The victim sends + an object Y that the attacker already has, and the attacker falsely + claims to have X and not Y, so the victim sends Y as a delta against X. + The delta reveals regions of X that are similar to Y to the attacker. |