summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-07-31sequencer: fix "rebase -i --root" corrupting author header timestampLibravatar Eric Sunshine2-15/+10
When "git rebase -i --root" creates a new root commit, it corrupts the "author" header's timestamp by prepending a "@": author A U Thor <author@example.com> @1112912773 -0700 The commit parser is very strict about the format of the "author" header, and does not allow a "@" in that position. The "@" comes from GIT_AUTHOR_DATE in "rebase-merge/author-script", signifying a Unix epoch-based timestamp, however, read_author_ident() incorrectly allows it to slip into the commit's "author" header, thus corrupting it. One possible fix would be simply to filter out the "@" when constructing the "author" header timestamp, however, a more correct fix is to parse the GIT_AUTHOR_DATE date (via parse_date()) and format the parsed result into the "author" header. Since "rebase-merge/author-script" may be edited by the user, this approach has the extra benefit of catching other potential timestamp corruption due to hand-editing. We can do better than calling parse_date() ourselves and constructing the "author" header manually, however, by instead taking advantage of fmt_ident() which does this work for us. The benefits of using fmt_ident() are twofold. First, it simplifies the logic considerably by allowing us to avoid the complexity of building the "author" header in parallel with and in the same buffer from which "rebase-merge/author-script" is being parsed. Instead, fmt_ident() is invoked to compose the header after parsing is complete. Second, fmt_ident() is careful to prevent "crud" from polluting the composed ident. As with validating GIT_AUTHOR_DATE, this "crud" avoidance prevents other (possibly hand-edited) bogus author information from "rebase-merge/author-script" from corrupting the commit object. Signed-off-by: Eric Sunshine <sunshine@sunshineco.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-07-31sequencer: fix "rebase -i --root" corrupting author header timezoneLibravatar Eric Sunshine2-2/+7
When "git rebase -i --root" creates a new root commit, it corrupts the "author" header's timezone by repeating the last digit: author A U Thor <author@example.com> @1112912773 -07000 This is due to two bugs. First, write_author_script() neglects to add the closing quote to the value of GIT_AUTHOR_DATE when generating "rebase-merge/author-script". Second, although sq_dequote() correctly diagnoses the missing closing quote, read_author_ident() ignores sq_dequote()'s return value and blindly uses the result of the aborted dequote. sq_dequote() performs dequoting in-place by removing quoting and shifting content downward. When it detects misquoting (lack of closing quote, in this case), it gives up and returns an error without inserting a NUL-terminator at the end of the shifted content, which explains the duplicated last digit in the timezone. (Note that the "@" preceding the timestamp is a separate bug which will be fixed subsequently.) Signed-off-by: Eric Sunshine <sunshine@sunshineco.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-07-31sequencer: fix "rebase -i --root" corrupting author headerLibravatar Eric Sunshine2-2/+10
When "git rebase -i --root" creates a new root commit (say, by swapping in a different commit for the root), it corrupts the commit's "author" header with trailing garbage: author A U Thor <author@example.com> @1112912773 -07000or@example.com This is a result of read_author_ident() neglecting to NUL-terminate the buffer into which it composes the "author" header. (Note that the "@" preceding the timestamp and the extra "0" in the timezone are separate bugs which will be fixed subsequently.) Security considerations: Construction of the "author" header by read_author_ident() happens in-place and in parallel with parsing the content of "rebase-merge/author-script" which occupies the same buffer. This is possible because the constructed "author" header is always smaller than the content of "rebase-merge/author-script". Despite neglecting to NUL-terminate the constructed "author" header, memory is never accessed (either by read_author_ident() or its caller) beyond the allocated buffer since a NUL-terminator is present at the end of the loaded "rebase-merge/author-script" content, and additional NUL's are inserted as part of the parsing process. Signed-off-by: Eric Sunshine <sunshine@sunshineco.com> Acked-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-21Git 2.18Libravatar Junio C Hamano1-1/+1
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-19Merge branch 'en/rename-directory-detection-reboot'Libravatar Junio C Hamano0-0/+0
* en/rename-directory-detection-reboot: merge-recursive: use xstrdup() instead of fixed buffer
2018-06-19Merge tag 'l10n-2.18.0-rnd3.1' of git://github.com/git-l10n/git-poLibravatar Junio C Hamano2-2522/+3541
Merge Korean translation for l10n of Git 2.18.0 round 3 * tag 'l10n-2.18.0-rnd3.1' of git://github.com/git-l10n/git-po: l10n: ko.po: Update Korean translation
2018-06-19Merge branch 'cf/submodule-progress-dissociate'Libravatar Junio C Hamano1-2/+4
* cf/submodule-progress-dissociate: t7400: encapsulate setup code in test_expect_success
2018-06-19Merge branch 'js/rebase-i-root-fix'Libravatar Junio C Hamano1-1/+2
* js/rebase-i-root-fix: t3404: check root commit in 'rebase -i --root reword root commit'
2018-06-19t7400: encapsulate setup code in test_expect_successLibravatar Stefan Beller1-2/+4
When running t7400 in a shell you observe more output than expected: ... ok 8 - setup - hide init subdirectory ok 9 - setup - repository to add submodules to ok 10 - submodule add [master (root-commit) d79ce16] one Author: A U Thor <author@example.com> 1 file changed, 1 insertion(+) create mode 100644 one.t ok 11 - redirected submodule add does not show progress ok 12 - redirected submodule add --progress does show progress ok 13 - submodule add to .gitignored path fails ... Fix the output by encapsulating the setup code in test_expect_success Signed-off-by: Stefan Beller <sbeller@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-19t3404: check root commit in 'rebase -i --root reword root commit'Libravatar Todd Zullinger1-1/+2
When testing a reworded root commit, ensure that the squash-onto commit which is created and amended is still the root commit. Suggested-by: Phillip Wood <phillip.wood@talktalk.net> Helped-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Todd Zullinger <tmz@pobox.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-19doc: fix typos in documentation and release notesLibravatar Karthikeyan Singaravelan4-4/+4
Signed-off-by: Karthikeyan Singaravelan <tir.karthi@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18Almost 2.18 finalLibravatar Junio C Hamano1-0/+11
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18Merge branch 'es/make-no-iconv'Libravatar Junio C Hamano1-10/+12
"make NO_ICONV=NoThanks" did not override NEEDS_LIBICONV (i.e. linkage of -lintl, -liconv, etc. that are platform-specific tweaks), which has been corrected. * es/make-no-iconv: Makefile: make NO_ICONV really mean "no iconv"
2018-06-18Merge branch 'sg/t7406-chain-fix'Libravatar Junio C Hamano1-6/+6
Test fix. * sg/t7406-chain-fix: t7406-submodule-update: fix broken &&-chains
2018-06-18Merge branch 'ks/branch-set-upstream'Libravatar Junio C Hamano1-1/+1
A test title has been reworded to clarify it. * ks/branch-set-upstream: t3200: clarify description of --set-upstream test
2018-06-18Merge branch 'js/rebase-i-root-fix'Libravatar Junio C Hamano2-1/+10
A regression to "rebase -i --root" introduced during this cycle has been fixed. * js/rebase-i-root-fix: rebase --root: fix amending root commit messages rebase --root: demonstrate a bug while amending root commit messages
2018-06-18Merge branch 'jk/ewah-bounds-check'Libravatar Junio C Hamano5-7/+38
The code to read compressed bitmap was not careful to avoid reading past the end of the file, which has been corrected. * jk/ewah-bounds-check: ewah: adjust callers of ewah_read_mmap() ewah_read_mmap: bounds-check mmap reads
2018-06-18Merge tag 'l10n-2.18.0-rnd3' of git://github.com/git-l10n/git-poLibravatar Junio C Hamano10-17929/+26095
l10n for Git 2.18.0 round 3 * tag 'l10n-2.18.0-rnd3' of git://github.com/git-l10n/git-po: l10n: zh_CN: for git v2.18.0 l10n round 1 to 3 l10n: bg.po: Updated Bulgarian translation (3608t) l10n: vi.po(3608t): Update Vietnamese translation for v2.18.0 round 3 l10n: fr.po v2.18.0 round 3 l10n: es.po: Spanish update for v2.18.0 round 3 l10n: git.pot: v2.18.0 round 3 (1 new, 1 removed) l10n: vi.po(3608t): Update Vietnamese translation for v2.18.0 round2 l10n: bg.po: Updated Bulgarian translation (3608t) l10n: es.po: Spanish update for v2.18.0 round 2 l10n: sv.po: Update Swedish translation (3608t0f0u) l10n: sv.po: Update Swedish translation (3470t0f0u) l10n: git.pot: v2.18.0 round 2 (144 new, 6 removed) l10n: fr.po v2.18 round 1 l10n: vi(3470t): Updated Vietnamese translation for v2.18.0 l10n: es.po: Spanish update for v2.18.0 round 1 l10n: git.pot: v2.18.0 round 1 (108 new, 14 removed) l10n: TEAMS: remove inactive de team members l10n: de.po: fix typos l10n: Update Catalan translation
2018-06-18A bunch of micro-fixes before going 2.18 finalLibravatar Junio C Hamano1-0/+11
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-19l10n: ko.po: Update Korean translationLibravatar Changwoo Ryu2-2522/+3541
Update the Korean translation and change the team leader to Gwan-gyeong Mun. Signed-off-by: Gwan-gyeong Mun <elongbug@gmail.com> Signed-off-by: Changwoo Ryu <cwryu@debian.org> Reviewed-by: Gwan-gyeong Mun <elongbug@gmail.com>
2018-06-18Merge branch 'sb/blame-color'Libravatar Junio C Hamano1-0/+1
Leakfix. * sb/blame-color: blame: release string_list after use in parse_color_fields()
2018-06-18Merge branch 'mw/doc-merge-enumfix'Libravatar Junio C Hamano1-1/+1
Fix old merge glitch in Documentation during v2.13-rc0 era. * mw/doc-merge-enumfix: doc: update the order of the syntax `git merge --continue`
2018-06-18Merge branch 'en/rename-directory-detection'Libravatar Junio C Hamano1-5/+5
Newly added codepath in merge-recursive had potential buffer overrun, which has been fixed. * en/rename-directory-detection: merge-recursive: use xstrdup() instead of fixed buffer
2018-06-18Merge branch 'rd/doc-remote-tracking-with-hyphen'Libravatar Junio C Hamano3-5/+5
Doc update. * rd/doc-remote-tracking-with-hyphen: Use hyphenated "remote-tracking branch" (docs and comments)
2018-06-18Merge branch 'jl/zlib-restore-nul-termination'Libravatar Junio C Hamano1-0/+3
Make zlib inflate codepath more robust against versions of zlib that clobber unused portion of outbuf. * jl/zlib-restore-nul-termination: packfile: correct zlib buffer handling
2018-06-18Merge branch 'ab/cred-netrc-no-autodie'Libravatar Junio C Hamano1-1/+0
Hotfix for contrib/ stuff broken by this cycle. * ab/cred-netrc-no-autodie: git-credential-netrc: remove use of "autodie"
2018-06-18Merge branch 'km/doc-workflows-typofix'Libravatar Junio C Hamano1-1/+1
Typofix. * km/doc-workflows-typofix: gitworkflows: fix grammar in 'Merge upwards' rule
2018-06-18Merge branch 'ld/git-p4-updates'Libravatar Junio C Hamano5-24/+307
"git p4" updates. * ld/git-p4-updates: git-p4: auto-size the block git-p4: narrow the scope of exceptions caught when parsing an int git-p4: raise exceptions from p4CmdList based on error from p4 server git-p4: better error reporting when p4 fails git-p4: add option to disable syncing of p4/master with p4 git-p4: disable-rebase: allow setting this via configuration git-p4: add options --commit and --disable-rebase
2018-06-18Merge branch 'rd/diff-options-typofix'Libravatar Junio C Hamano1-4/+4
Typofix. * rd/diff-options-typofix: diff-options.txt: fix minor typos, font inconsistencies, in docs
2018-06-18Merge branch 'rd/comment-typofix-in-sha1-file'Libravatar Junio C Hamano1-1/+1
In code comment typofix * rd/comment-typofix-in-sha1-file: sha1-file.c: correct $GITDIR to $GIT_DIR in a comment
2018-06-18merge-recursive: use xstrdup() instead of fixed bufferLibravatar René Scharfe1-5/+5
Paths can be longer than PATH_MAX. Avoid a buffer overrun in check_dir_renamed() by using xstrdup() to make a private copy safely. Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18RelNotes 2.18: minor fix to entry about dynamically loading completionsLibravatar SZEDER Gábor1-1/+1
It was not "newer versions of bash" but newer versions of bash-completion that made commit 085e2ee0e6 (completion: load completion file for external subcommand, 2018-04-29) both necessary and possible. Update the corresponding RelNotes entry accordingly. Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18t7406-submodule-update: fix broken &&-chainsLibravatar SZEDER Gábor1-6/+6
Three tests in 't7406-submodule-update' contain broken &&-chains, but since they are all in subshells, chain-lint couldn't notice them. Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18rebase --root: fix amending root commit messagesLibravatar Johannes Schindelin2-2/+2
The code path that triggered that "BUG" really does not want to run without an explicit commit message. In the case where we want to amend a commit message, we have an *implicit* commit message, though: the one of the commit to amend. Therefore, this code path should not even be entered. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18rebase --root: demonstrate a bug while amending root commit messagesLibravatar Todd Zullinger1-0/+9
When splitting a repository, running `git rebase -i --root` to reword the initial commit, Git dies with BUG: sequencer.c:795: root commit without message. Signed-off-by: Todd Zullinger <tmz@pobox.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18ewah: adjust callers of ewah_read_mmap()Libravatar Jeff King2-2/+3
The return value of ewah_read_mmap() is now an ssize_t, since we could (in theory) process up to 32GB of data. This would never happen in practice, but a corrupt or malicious .bitmap or index file could convince us to do so. Let's make sure that we don't stuff the value into an int, which would cause us to incorrectly move our pointer forward. We'd always move too little, since negative values are used for reporting errors. So the worst case is just that we end up reporting a corrupt file, not an out-of-bounds read. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18ewah_read_mmap: bounds-check mmap readsLibravatar Jeff King3-5/+35
The on-disk ewah format tells us how big the ewah data is, and we blindly read that much from the buffer without considering whether the mmap'd data is long enough, which can lead to out-of-bound reads. Let's make sure we have data available before reading it, both for the ewah header/footer as well as for the bit data itself. In particular: - keep our ptr/len pair in sync as we move through the buffer, and check it before each read - check the size for integer overflow (this should be impossible on 64-bit, as the size is given as a 32-bit count of 8-byte words, but is possible on a 32-bit system) - return the number of bytes read as an ssize_t instead of an int, again to prevent integer overflow - compute the return value using a pointer difference; this should yield the same result as the existing code, but makes it more obvious that we got our computations right The included test is far from comprehensive, as it just picks a static point at which to truncate the generated bitmap. But in practice this will hit in the middle of an ewah and make sure we're at least exercising this code. Reported-by: Luat Nguyen <root@l4w.io> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18t3200: clarify description of --set-upstream testLibravatar Kaartic Sivaraam1-1/+1
Support for the --set-upstream option was removed in 52668846ea (builtin/branch: stop supporting the "--set-upstream" option, 2017-08-17). The change did not completely remove the command due to an issue noted in the commit's log message. So, a test was added to ensure that a command which uses the '--set-upstream' option fails instead of silently acting as an alias for the '--set-upstream-to' option due to option parsing features. To avoid confusion, clarify that the option is disabled intentionally in the corresponding test description. The test is expected to be around as long as we intentionally fail on seeing the '--set-upstream' option which in turn we expect to do for a period of time after which we can be sure that existing users of '--set-upstream' are aware that the option is no longer supported. Signed-off-by: Kaartic Sivaraam <kaartic.sivaraam@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18l10n: zh_CN: for git v2.18.0 l10n round 1 to 3Libravatar Jiang Xin1-2452/+3552
Translate 251 new messages (3608t0f0u) for git 2.18.0. Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
2018-06-17Merge branch 'master' of git://github.com/nafmo/git-l10n-svLibravatar Jiang Xin1-2453/+3562
* 'master' of git://github.com/nafmo/git-l10n-sv: l10n: sv.po: Update Swedish translation (3608t0f0u) l10n: sv.po: Update Swedish translation (3470t0f0u)
2018-06-17Merge branch 'master' of https://github.com/vnwildman/gitLibravatar Jiang Xin1-21/+21
* 'master' of https://github.com/vnwildman/git: l10n: vi.po(3608t): Update Vietnamese translation for v2.18.0 round 3
2018-06-17Merge branch 'master' of git://github.com/alshopov/git-poLibravatar Jiang Xin1-19/+19
* 'master' of git://github.com/alshopov/git-po: l10n: bg.po: Updated Bulgarian translation (3608t)
2018-06-17Merge branch 'fr_2.18_rnd3' of git://github.com/jnavila/gitLibravatar Jiang Xin1-466/+1071
* 'fr_2.18_rnd3' of git://github.com/jnavila/git: l10n: fr.po v2.18.0 round 3
2018-06-17l10n: bg.po: Updated Bulgarian translation (3608t)Libravatar Alexander Shopov1-19/+19
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
2018-06-17l10n: vi.po(3608t): Update Vietnamese translation for v2.18.0 round 3Libravatar Tran Ngoc Quan1-21/+21
Signed-off-by: Tran Ngoc Quan <vnwildman@gmail.com>
2018-06-16l10n: fr.po v2.18.0 round 3Libravatar Jean-Noël Avila1-466/+1071
Signed-off-by: Jean-Noël Avila <jn.avila@free.fr>
2018-06-16l10n: es.po: Spanish update for v2.18.0 round 3Libravatar Christopher Diaz Riveros1-20/+20
Signed-off-by: Christopher Diaz Riveros <chrisadr@gentoo.org>
2018-06-16l10n: git.pot: v2.18.0 round 3 (1 new, 1 removed)Libravatar Jiang Xin1-17/+17
Generate po/git.pot from v2.18.0-rc2 for git v2.18.0 l10n round 3. Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
2018-06-16Merge branch 'master' of git://github.com/git-l10n/git-poLibravatar Jiang Xin8-12862/+18214
* 'master' of git://github.com/git-l10n/git-po: l10n: vi.po(3608t): Update Vietnamese translation for v2.18.0 round2 l10n: bg.po: Updated Bulgarian translation (3608t) l10n: es.po: Spanish update for v2.18.0 round 2 l10n: git.pot: v2.18.0 round 2 (144 new, 6 removed) l10n: fr.po v2.18 round 1 l10n: vi(3470t): Updated Vietnamese translation for v2.18.0 l10n: es.po: Spanish update for v2.18.0 round 1 l10n: git.pot: v2.18.0 round 1 (108 new, 14 removed) l10n: TEAMS: remove inactive de team members l10n: de.po: fix typos l10n: Update Catalan translation
2018-06-15Makefile: make NO_ICONV really mean "no iconv"Libravatar Eric Sunshine1-10/+12
The Makefile tweak NO_ICONV is meant to allow Git to be built without iconv in case iconv is not installed or is otherwise dysfunctional. However, NO_ICONV's disabling of iconv is incomplete and can incorrectly allow "-liconv" to slip into the linker flags when NEEDS_LIBICONV is defined, which breaks the build when iconv is not installed. On some platforms, iconv lives directly in libc, whereas, on others it resides in libiconv. For the latter case, NEEDS_LIBICONV instructs the Makefile to add "-liconv" to the linker flags. config.mak.uname automatically defines NEEDS_LIBICONV for platforms which require it. The adding of "-liconv" is done unconditionally, despite NO_ICONV. Work around this problem by making NO_ICONV take precedence over NEEDS_LIBICONV. Reported by: Mahmoud Al-Qudsi <mqudsi@neosmart.net> Signed-off-by: Eric Sunshine <sunshine@sunshineco.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>