summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-10-17daemon: recognize hidden request argumentsLibravatar Brandon Williams1-9/+62
A normal request to git-daemon is structured as "command path/to/repo\0host=..\0" and due to a bug introduced in 49ba83fb6 (Add virtualization support to git-daemon, 2006-09-19) we aren't able to place any extra arguments (separated by NULs) besides the host otherwise the parsing of those arguments would enter an infinite loop. This bug was fixed in 73bb33a94 (daemon: Strictly parse the "extra arg" part of the command, 2009-06-04) but a check was put in place to disallow extra arguments so that new clients wouldn't trigger this bug in older servers. In order to get around this limitation teach git-daemon to recognize additional request arguments hidden behind a second NUL byte. Requests can then be structured like: "command path/to/repo\0host=..\0\0version=1\0key=value\0". git-daemon can then parse out the extra arguments and set 'GIT_PROTOCOL' accordingly. By placing these extra arguments behind a second NUL byte we can skirt around both the infinite loop bug in 49ba83fb6 (Add virtualization support to git-daemon, 2006-09-19) as well as the explicit disallowing of extra arguments introduced in 73bb33a94 (daemon: Strictly parse the "extra arg" part of the command, 2009-06-04) because both of these versions of git-daemon check for a single NUL byte after the host argument before terminating the argument parsing. Signed-off-by: Brandon Williams <bmwill@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-17protocol: introduce protocol extension mechanismsLibravatar Brandon Williams6-0/+144
Create protocol.{c,h} and provide functions which future servers and clients can use to determine which protocol to use or is being used. Also introduce the 'GIT_PROTOCOL' environment variable which will be used to communicate a colon separated list of keys with optional values to a server. Unknown keys and values must be tolerated. This mechanism is used to communicate which version of the wire protocol a client would like to use with a server. Signed-off-by: Brandon Williams <bmwill@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-17pkt-line: add packet_write functionLibravatar Brandon Williams2-0/+7
Add a function which can be used to write the contents of an arbitrary buffer. This makes it easy to build up data in a buffer before writing the packet instead of formatting the entire contents of the packet using 'packet_write_fmt()'. Signed-off-by: Brandon Williams <bmwill@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-27connect: in ref advertisement, shallows are lastLibravatar Jonathan Tan1-66/+123
Currently, get_remote_heads() parses the ref advertisement in one loop, allowing refs and shallow lines to intersperse, despite this not being allowed by the specification. Refactor get_remote_heads() to use two loops instead, enforcing that refs come first, and then shallows. This also makes it easier to teach get_remote_heads() to interpret other lines in the ref advertisement, which will be done in a subsequent patch. As part of this change, this patch interprets capabilities only on the first line in the ref advertisement, printing a warning message when encountering capabilities on other lines. Signed-off-by: Jonathan Tan <jonathantanmy@google.com> Signed-off-by: Brandon Williams <bmwill@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-26Sync with 2.14.2Libravatar Junio C Hamano11-56/+183
* maint: Git 2.14.2 Git 2.13.6 Git 2.12.5 Git 2.11.4 Git 2.10.5 cvsimport: shell-quote variable used in backticks archimport: use safe_pipe_capture for user input shell: drop git-cvsserver support by default cvsserver: use safe_pipe_capture for `constant commands` as well cvsserver: use safe_pipe_capture instead of backticks cvsserver: move safe_pipe_capture() to the main package
2017-09-25The ninth batch for 2.15Libravatar Junio C Hamano1-0/+67
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-25Merge branch 'ks/test-readme-phrasofix'Libravatar Junio C Hamano1-3/+3
Doc updates. * ks/test-readme-phrasofix: t/README: fix typo and grammatically improve a sentence
2017-09-25Merge branch 'ow/rev-parse-is-shallow-repo'Libravatar Junio C Hamano3-0/+23
"git rev-parse" learned "--is-shallow-repository", that is to be used in a way similar to existing "--is-bare-repository" and friends. * ow/rev-parse-is-shallow-repo: rev-parse: rev-parse: add --is-shallow-repository
2017-09-25Merge branch 'rj/test-ulimit-on-windows'Libravatar Junio C Hamano5-40/+42
On Cygwin, "ulimit -s" does not report failure but it does not work at all, which causes an unexpected success of some tests that expect failures under a limited stack situation. This has been fixed. * rj/test-ulimit-on-windows: t9010-*.sh: skip all tests if the PIPE prereq is missing test-lib: use more compact expression in PIPE prerequisite test-lib: don't use ulimit in test prerequisites on cygwin
2017-09-25Merge branch 'jk/info-alternates-fix'Libravatar Junio C Hamano1-20/+11
A regression fix for 2.11 that made the code to read the list of alternate object stores overrun the end of the string. * jk/info-alternates-fix: read_info_alternates: warn on non-trivial errors read_info_alternates: read contents into strbuf
2017-09-25Merge branch 'mh/for-each-string-list-item-empty-fix'Libravatar Junio C Hamano1-2/+4
Code cmp.std.c nitpick. * mh/for-each-string-list-item-empty-fix: for_each_string_list_item: avoid undefined behavior for empty list
2017-09-25Merge branch 'tb/test-lint-echo-e'Libravatar Junio C Hamano1-1/+1
The test linter has been taught that we do not like "echo -e". * tb/test-lint-echo-e: test-lint: echo -e (or -E) is not portable
2017-09-25Merge branch 'jk/revision-remove-cmdline-pathspec'Libravatar Junio C Hamano3-32/+18
Code clean-up that also plugs memory leaks. * jk/revision-remove-cmdline-pathspec: pathspec doc: parse_pathspec does not maintain references to args revision: replace "struct cmdline_pathspec" with argv_array
2017-09-25Merge branch 'ls/travis-scriptify'Libravatar Junio C Hamano10-81/+154
The scripts to drive TravisCI has been reorganized and then an optimization to avoid spending cycles on a branch whose tip is tagged has been implemented. * ls/travis-scriptify: travis-ci: fix "skip_branch_tip_with_tag()" string comparison travis: dedent a few scripts that are indented overly deeply travis-ci: skip a branch build if equal tag is present travis-ci: move Travis CI code into dedicated scripts
2017-09-25Merge branch 'aw/gc-lockfile-fscanf-fix'Libravatar Junio C Hamano1-1/+1
"git gc" tries to avoid running two instances at the same time by reading and writing pid/host from and to a lock file; it used to use an incorrect fscanf() format when reading, which has been corrected. * aw/gc-lockfile-fscanf-fix: gc: call fscanf() with %<len>s, not %<len>c, when reading hostname
2017-09-25Merge branch 'hv/mv-nested-submodules-test'Libravatar Junio C Hamano1-0/+25
A test to demonstrate "git mv" failing to adjust nested submodules has been added. * hv/mv-nested-submodules-test: add test for bug in git-mv for recursive submodules
2017-09-25Merge branch 'bw/git-clang-format'Libravatar Junio C Hamano2-0/+169
"make style" runs git-clang-format to help developers by pointing out coding style issues. * bw/git-clang-format: Makefile: add style build rule clang-format: outline the git project's coding style
2017-09-25Merge branch 'nm/imap-send-with-curl'Libravatar Junio C Hamano1-20/+41
"git imap-send" has our own implementation of the protocol and also can use more recent libCurl with the imap protocol support. Update the latter so that it can use the credential subsystem, and then make it the default option to use, so that we can eventually deprecate and remove the former. * nm/imap-send-with-curl: imap-send: use curl by default when possible imap_send: setup_curl: retreive credentials if not set in config file imap-send: add wrapper to get server credentials if needed imap-send: return with error if curl failed
2017-09-25Merge branch 'ks/commit-do-not-touch-cut-line'Libravatar Junio C Hamano1-1/+1
The explanation of the cut-line in the commit log editor has been slightly tweaked. * ks/commit-do-not-touch-cut-line: commit-template: change a message to be more intuitive
2017-09-25Merge branch 'tg/refs-allowed-flags'Libravatar Junio C Hamano2-0/+10
API error-proofing which happens to also squelch warnings from GCC. * tg/refs-allowed-flags: refs: strip out not allowed flags from ref_transaction_update
2017-09-25Merge branch 'rs/archive-excluded-directory'Libravatar Junio C Hamano4-21/+6
"git archive", especially when used with pathspec, stored an empty directory in its output, even though Git itself never does so. This has been fixed. * rs/archive-excluded-directory: archive: don't add empty directories to archives
2017-09-25Merge branch 'ks/help-alias-label'Libravatar Junio C Hamano1-1/+1
"git help co" now says "co is aliased to ...", not "git co is". * ks/help-alias-label: help: change a message to be more precise
2017-09-25Merge branch 'jn/per-repo-object-store-fixes'Libravatar Junio C Hamano6-20/+45
Step #0 of a planned & larger series to make the in-core object store per in-core repository object. * jn/per-repo-object-store-fixes: replace-objects: evaluate replacement refs without using the object store push, fetch: error out for submodule entries not pointing to commits pack: make packed_git_mru global a value instead of a pointer
2017-09-25Merge branch 'jk/write-in-full-fix'Libravatar Junio C Hamano22-67/+65
Many codepaths did not diagnose write failures correctly when disks go full, due to their misuse of write_in_full() helper function, which have been corrected. * jk/write-in-full-fix: read_pack_header: handle signed/unsigned comparison in read result config: flip return value of store_write_*() notes-merge: use ssize_t for write_in_full() return value pkt-line: check write_in_full() errors against "< 0" convert less-trivial versions of "write_in_full() != len" avoid "write_in_full(fd, buf, len) != len" pattern get-tar-commit-id: check write_in_full() return against 0 config: avoid "write_in_full(fd, buf, len) < len" pattern
2017-09-25Merge branch 'ez/doc-duplicated-words-fix'Libravatar Junio C Hamano4-4/+4
Typofix. * ez/doc-duplicated-words-fix: doc: fix minor typos (extra/duplicated words)
2017-09-25Merge branch 'kd/doc-for-each-ref'Libravatar Junio C Hamano1-16/+17
Doc update. * kd/doc-for-each-ref: doc/for-each-ref: explicitly specify option names doc/for-each-ref: consistently use '=' to between argument names and values
2017-09-25Merge branch 'cc/subprocess-handshake-missing-capabilities'Libravatar Junio C Hamano1-2/+2
Finishing touches to a topic already in 'master'. * cc/subprocess-handshake-missing-capabilities: subprocess: loudly die when subprocess asks for an unsupported capability
2017-09-25Merge branch 'kw/write-index-reduce-alloc'Libravatar Junio C Hamano2-1/+4
A hotfix to a topic already in 'master'. * kw/write-index-reduce-alloc: read-cache: fix index corruption with index v4 Add t/helper/test-write-cache to .gitignore
2017-09-25Merge branch 'mg/name-rev-tests-with-short-stack'Libravatar Junio C Hamano3-6/+63
A handful of tests to demonstrates a recursive implementation of "name-rev" hurts. * mg/name-rev-tests-with-short-stack: t6120: test describe and name-rev with deep repos t6120: clean up state after breaking repo t6120: test name-rev --all and --stdin t7004: move limited stack prereq to test-lib
2017-09-22Git 2.14.2Libravatar Junio C Hamano1-0/+11
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Sync with 2.13.6Libravatar Junio C Hamano10-56/+172
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.13.6Libravatar Junio C Hamano3-2/+19
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Sync with 2.12.5Libravatar Junio C Hamano9-56/+155
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.12.5Libravatar Junio C Hamano3-2/+19
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Sync with 2.11.4Libravatar Junio C Hamano8-56/+138
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.11.4Libravatar Junio C Hamano3-2/+19
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Sync with 2.10.5Libravatar Junio C Hamano7-56/+121
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.10.5Libravatar Junio C Hamano3-2/+19
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Merge branch 'jk/safe-pipe-capture' into maint-2.10Libravatar Junio C Hamano1-2/+2
2017-09-22Merge branch 'jk/cvsimport-quoting' into maint-2.10Libravatar Junio C Hamano1-0/+1
2017-09-22Merge branch 'jc/cvsserver' into maint-2.10Libravatar Junio C Hamano1-40/+37
2017-09-22Merge branch 'jk/git-shell-drop-cvsserver' into maint-2.10Libravatar Junio C Hamano3-14/+64
2017-09-22travis-ci: fix "skip_branch_tip_with_tag()" string comparisonLibravatar Lars Schneider1-1/+1
09f5e97 ("travis-ci: skip a branch build if equal tag is present", 2017-09-17) introduced the "skip_branch_tip_with_tag" function with a broken string comparison. Fix it! Reported-by: SZEDER Gábor <szeder.dev@gmail.com> Signed-off-by: Lars Schneider <larsxschneider@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-21pathspec doc: parse_pathspec does not maintain references to argsLibravatar Jonathan Nieder2-4/+7
The command line arguments passed to main() are valid for the life of a program, but the same is not true for all other argv-style arrays (e.g. when a caller creates an argv_array). Clarify that parse_pathspec does not rely on the argv passed to it to remain valid. This makes it easier to tell that callers like "git rev-list --stdin" are safe and ensures that that is more likely to remain true as the implementation of parse_pathspec evolves. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-21Merge branch 'jk/leak-checkers'Libravatar Junio C Hamano1-2/+2
Many of our programs consider that it is OK to release dynamic storage that is used throughout the life of the program by simply exiting, but this makes it harder to leak detection tools to avoid reporting false positives. Plug many existing leaks and introduce a mechanism for developers to mark that the region of memory pointed by a pointer is not lost/leaking to help these tools. * jk/leak-checkers: git-compat-util: make UNLEAK less error-prone
2017-09-21revision: replace "struct cmdline_pathspec" with argv_arrayLibravatar Jeff King1-28/+11
We assemble an array of strings in a custom struct, NULL-terminate the result, and then pass it to parse_pathspec(). But then we never free the array or the individual strings (nor can we do the latter, as they are heap-allocated when they come from stdin but not when they come from the passed-in argv). Let's swap this out for an argv_array. It does the same thing with fewer lines of code, and it's safe to call argv_array_clear() at the end to avoid a memory leak. Reported-by: Martin Ågren <martin.agren@gmail.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-21test-lint: echo -e (or -E) is not portableLibravatar Torsten Bögershausen1-1/+1
Some implementations of `echo` support the '-e' option to enable backslash interpretation of the following string. As an addition, they support '-E' to turn it off. However, none of these are portable, POSIX doesn't even mention them, and many implementations don't support them. A check for '-n' is already done in check-non-portable-shell.pl, extend it to cover '-n', '-e' or '-E'. Signed-off-by: Torsten Bögershausen <tboegi@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-20git-compat-util: make UNLEAK less error-proneLibravatar Jonathan Tan1-2/+2
Commit 0e5bba5 ("add UNLEAK annotation for reducing leak false positives", 2017-09-08) introduced an UNLEAK macro to be used as "UNLEAK(var);", but its existing definitions leave semicolons that act as empty statements, which will lead to syntax errors, e.g. if (condition) UNLEAK(var); else something_else(var); would be broken with two statements between if (condition) and else. Lose the excess semicolon from the end of the macro replacement text. Signed-off-by: Jonathan Tan <jonathantanmy@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-20for_each_string_list_item: avoid undefined behavior for empty listLibravatar Michael Haggerty1-2/+4
If you pass a newly initialized or newly cleared `string_list` to `for_each_string_list_item()`, then the latter does for ( item = (list)->items; /* NULL */ item < (list)->items + (list)->nr; /* NULL + 0 */ ++item) Even though this probably works almost everywhere, it is undefined behavior, and it could plausibly cause highly-optimizing compilers to misbehave. C99 section 6.5.6 paragraph 8 explains: If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined. and (6.3.2.3.3) a null pointer does not point to anything. Guard the loop with a NULL check to make the intent crystal clear to even the most pedantic compiler. A suitably clever compiler could let the NULL check only run in the first iteration, but regardless, this overhead is likely to be dwarfed by the work to be done on each item. This problem was noticed by Coverity. [jn: using a NULL check instead of a placeholder empty list; fleshed out the commit message based on mailing list discussion] Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-20read_info_alternates: warn on non-trivial errorsLibravatar Jeff King1-0/+1
When we fail to open $GIT_DIR/info/alternates, we silently assume there are no alternates. This is the right thing to do for ENOENT, but not for other errors. A hard error is probably overkill here. If we fail to read an alternates file then either we'll complete our operation anyway, or we'll fail to find some needed object. Either way, a warning is good idea. And we already have a helper function to handle this pattern; let's just call warn_on_fopen_error(). Note that technically the errno from strbuf_read_file() might be from a read() error, not open(). But since read() would never return ENOENT or ENOTDIR, and since it produces a generic "unable to access" error, it's suitable for handling errors from either. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>