| a79fd20 | Johannes Schindelin | 12 February 2021, 14:50:00 UTC | Git 2.26.3 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:50:00 UTC |
| 8f80393 | Johannes Schindelin | 12 February 2021, 14:49:59 UTC | Sync with 2.25.5 * maint-2.25: Git 2.25.5 Git 2.24.4 Git 2.23.4 Git 2.22.5 Git 2.21.4 Git 2.20.5 Git 2.19.6 Git 2.18.5 Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:49:59 UTC |
| 42ce4c7 | Johannes Schindelin | 12 February 2021, 14:49:55 UTC | Git 2.25.5 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:49:55 UTC |
| 97d1dcb | Johannes Schindelin | 12 February 2021, 14:49:55 UTC | Sync with 2.24.4 * maint-2.24: Git 2.24.4 Git 2.23.4 Git 2.22.5 Git 2.21.4 Git 2.20.5 Git 2.19.6 Git 2.18.5 Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:49:55 UTC |
| 06214d1 | Johannes Schindelin | 12 February 2021, 14:49:50 UTC | Git 2.24.4 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:49:50 UTC |
| 92ac04b | Johannes Schindelin | 12 February 2021, 14:49:50 UTC | Sync with 2.23.4 * maint-2.23: Git 2.23.4 Git 2.22.5 Git 2.21.4 Git 2.20.5 Git 2.19.6 Git 2.18.5 Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:49:50 UTC |
| d60b6a9 | Johannes Schindelin | 12 February 2021, 14:49:46 UTC | Git 2.23.4 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:49:46 UTC |
| 4bd06fd | Johannes Schindelin | 12 February 2021, 14:49:45 UTC | Sync with 2.22.5 * maint-2.22: Git 2.22.5 Git 2.21.4 Git 2.20.5 Git 2.19.6 Git 2.18.5 Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:49:45 UTC |
| c753e2a | Johannes Schindelin | 12 February 2021, 14:49:41 UTC | Git 2.22.5 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:49:41 UTC |
| bcf08f3 | Johannes Schindelin | 12 February 2021, 14:49:41 UTC | Sync with 2.21.4 * maint-2.21: Git 2.21.4 Git 2.20.5 Git 2.19.6 Git 2.18.5 Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:49:41 UTC |
| c735d74 | Johannes Schindelin | 12 February 2021, 14:49:36 UTC | Git 2.21.4 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:49:36 UTC |
| b1726b1 | Johannes Schindelin | 12 February 2021, 14:49:35 UTC | Sync with 2.20.5 * maint-2.20: Git 2.20.5 Git 2.19.6 Git 2.18.5 Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:49:35 UTC |
| 8b1a5f3 | Johannes Schindelin | 12 February 2021, 14:49:17 UTC | Git 2.20.5 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:49:17 UTC |
| 8049638 | Johannes Schindelin | 12 February 2021, 14:49:17 UTC | Sync with 2.19.6 * maint-2.19: Git 2.19.6 Git 2.18.5 Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:49:17 UTC |
| 9fb2a1f | Johannes Schindelin | 12 February 2021, 14:47:48 UTC | Git 2.19.6 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:47:48 UTC |
| fb049fd | Johannes Schindelin | 12 February 2021, 14:47:47 UTC | Sync with 2.18.5 * maint-2.18: Git 2.18.5 Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:47:47 UTC |
| 6eed462 | Johannes Schindelin | 12 February 2021, 14:47:43 UTC | Git 2.18.5 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:47:43 UTC |
| 9b77cec | Johannes Schindelin | 12 February 2021, 14:47:42 UTC | Sync with 2.17.6 * maint-2.17: Git 2.17.6 unpack_trees(): start with a fresh lstat cache run-command: invalidate lstat cache after a command finished checkout: fix bug that makes checkout follow symlinks in leading path | 12 February 2021, 14:47:42 UTC |
| 6b82d3e | Johannes Schindelin | 29 January 2021, 18:13:11 UTC | Git 2.17.6 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:47:02 UTC |
| 22539ec | Matheus Tavares | 02 February 2021, 21:37:10 UTC | unpack_trees(): start with a fresh lstat cache We really want to avoid relying on stale information. Signed-off-by: Matheus Tavares <matheus.bernardino@usp.br> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:47:02 UTC |
| 0d58fef | Johannes Schindelin | 02 February 2021, 21:09:52 UTC | run-command: invalidate lstat cache after a command finished In the previous commit, we intercepted calls to `rmdir()` to invalidate the lstat cache in the successful case, so that the lstat cache could not have the idea that a directory exists where there is none. The same situation can arise, of course, when a separate process is spawned (most notably, this is the case in `submodule_move_head()`). Obviously, we cannot know whether a directory was removed in that process, therefore we must invalidate the lstat cache afterwards. Note: in contrast to `lstat_cache_aware_rmdir()`, we invalidate the lstat cache even in case of an error: the process might have removed a directory and still have failed afterwards. Co-authored-by: Matheus Tavares <matheus.bernardino@usp.br> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | 12 February 2021, 14:47:02 UTC |
| 684dd4c | Matheus Tavares | 10 December 2020, 13:27:55 UTC | checkout: fix bug that makes checkout follow symlinks in leading path Before checking out a file, we have to confirm that all of its leading components are real existing directories. And to reduce the number of lstat() calls in this process, we cache the last leading path known to contain only directories. However, when a path collision occurs (e.g. when checking out case-sensitive files in case-insensitive file systems), a cached path might have its file type changed on disk, leaving the cache on an invalid state. Normally, this doesn't bring any bad consequences as we usually check out files in index order, and therefore, by the time the cached path becomes outdated, we no longer need it anyway (because all files in that directory would have already been written). But, there are some users of the checkout machinery that do not always follow the index order. In particular: checkout-index writes the paths in the same order that they appear on the CLI (or stdin); and the delayed checkout feature -- used when a long-running filter process replies with "status=delayed" -- postpones the checkout of some entries, thus modifying the checkout order. When we have to check out an out-of-order entry and the lstat() cache is invalid (due to a previous path collision), checkout_entry() may end up using the invalid data and thrusting that the leading components are real directories when, in reality, they are not. In the best case scenario, where the directory was replaced by a regular file, the user will get an error: "fatal: unable to create file 'foo/bar': Not a directory". But if the directory was replaced by a symlink, checkout could actually end up following the symlink and writing the file at a wrong place, even outside the repository. Since delayed checkout is affected by this bug, it could be used by an attacker to write arbitrary files during the clone of a maliciously crafted repository. Some candidate solutions considered were to disable the lstat() cache during unordered checkouts or sort the entries before passing them to the checkout machinery. But both ideas include some performance penalty and they don't future-proof the code against new unordered use cases. Instead, we now manually reset the lstat cache whenever we successfully remove a directory. Note: We are not even checking whether the directory was the same as the lstat cache points to because we might face a scenario where the paths refer to the same location but differ due to case folding, precomposed UTF-8 issues, or the presence of `..` components in the path. Two regression tests, with case-collisions and utf8-collisions, are also added for both checkout-index and delayed checkout. Note: to make the previously mentioned clone attack unfeasible, it would be sufficient to reset the lstat cache only after the remove_subtree() call inside checkout_entry(). This is the place where we would remove a directory whose path collides with the path of another entry that we are currently trying to check out (possibly a symlink). However, in the interest of a thorough fix that does not leave Git open to similar-but-not-identical attack vectors, we decided to intercept all `rmdir()` calls in one fell swoop. This addresses CVE-2021-21300. Co-authored-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Matheus Tavares <matheus.bernardino@usp.br> | 12 February 2021, 14:47:02 UTC |
| af6b65d | Jonathan Nieder | 19 April 2020, 23:32:24 UTC | Git 2.26.2 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:32:24 UTC |
| 7397ca3 | Jonathan Nieder | 19 April 2020, 23:31:07 UTC | Git 2.25.4 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:31:07 UTC |
| b86a4be | Jonathan Nieder | 19 April 2020, 23:30:34 UTC | Git 2.24.3 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:30:34 UTC |
| f2771ef | Jonathan Nieder | 19 April 2020, 23:30:27 UTC | Git 2.23.3 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:30:27 UTC |
| c9808fa | Jonathan Nieder | 19 April 2020, 23:30:19 UTC | Git 2.22.4 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:30:19 UTC |
| 9206d27 | Jonathan Nieder | 19 April 2020, 23:30:08 UTC | Git 2.21.3 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:30:08 UTC |
| 041bc65 | Jonathan Nieder | 19 April 2020, 23:28:57 UTC | Git 2.20.4 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:28:57 UTC |
| 76b54ee | Jonathan Nieder | 19 April 2020, 23:26:41 UTC | Git 2.19.5 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:26:41 UTC |
| ba6f090 | Jonathan Nieder | 19 April 2020, 23:24:14 UTC | Git 2.18.4 This merges up the security fix from v2.17.5. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:24:14 UTC |
| df5be6d | Jeff King | 19 April 2020, 06:34:55 UTC | Git 2.17.5 Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:10:58 UTC |
| 1a3609e | Jonathan Nieder | 19 April 2020, 03:57:22 UTC | fsck: reject URL with empty host in .gitmodules Git's URL parser interprets https:///example.com/repo.git to have no host and a path of "example.com/repo.git". Curl, on the other hand, internally redirects it to https://example.com/repo.git. As a result, until "credential: parse URL without host as empty host, not unset", tricking a user into fetching from such a URL would cause Git to send credentials for another host to example.com. Teach fsck to block and detect .gitmodules files using such a URL to prevent sharing them with Git versions that are not yet protected. A relative URL in a .gitmodules file could also be used to trigger this. The relative URL resolver used for .gitmodules does not normalize sequences of slashes and can follow ".." components out of the path part and to the host part of a URL, meaning that such a relative URL can be used to traverse from a https://foo.example.com/innocent superproject to a https:///attacker.example.com/exploit submodule. Fortunately, redundant extra slashes in .gitmodules are rare, so we can catch this by detecting one after a leading sequence of "./" and "../" components. Helped-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Reviewed-by: Jeff King <peff@peff.net> | 19 April 2020, 23:10:58 UTC |
| e7fab62 | Jonathan Nieder | 19 April 2020, 03:54:57 UTC | credential: treat URL with empty scheme as invalid Until "credential: refuse to operate when missing host or protocol", Git's credential handling code interpreted URLs with empty scheme to mean "give me credentials matching this host for any protocol". Luckily libcurl does not recognize such URLs (it tries to look for a protocol named "" and fails). Just in case that changes, let's reject them within Git as well. This way, credential_from_url is guaranteed to always produce a "struct credential" with protocol and host set. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:10:58 UTC |
| c44088e | Jonathan Nieder | 19 April 2020, 03:54:13 UTC | credential: treat URL without scheme as invalid libcurl permits making requests without a URL scheme specified. In this case, it guesses the URL from the hostname, so I can run git ls-remote http::ftp.example.com/path/to/repo and it would make an FTP request. Any user intentionally using such a URL is likely to have made a typo. Unfortunately, credential_from_url is not able to determine the host and protocol in order to determine appropriate credentials to send, and until "credential: refuse to operate when missing host or protocol", this resulted in another host's credentials being leaked to the named host. Teach credential_from_url_gently to consider such a URL to be invalid so that fsck can detect and block gitmodules files with such URLs, allowing server operators to avoid serving them to downstream users running older versions of Git. This also means that when such URLs are passed on the command line, Git will print a clearer error so affected users can switch to the simpler URL that explicitly specifies the host and protocol they intend. One subtlety: .gitmodules files can contain relative URLs, representing a URL relative to the URL they were cloned from. The relative URL resolver used for .gitmodules can follow ".." components out of the path part and past the host part of a URL, meaning that such a relative URL can be used to traverse from a https://foo.example.com/innocent superproject to a https::attacker.example.com/exploit submodule. Fortunately a leading ':' in the first path component after a series of leading './' and '../' components is unlikely to show up in other contexts, so we can catch this by detecting that pattern. Reported-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Reviewed-by: Jeff King <peff@peff.net> | 19 April 2020, 23:10:58 UTC |
| fe29a9b | Jeff King | 19 April 2020, 03:53:09 UTC | credential: die() when parsing invalid urls When we try to initialize credential loading by URL and find that the URL is invalid, we set all fields to NULL in order to avoid acting on malicious input. Later when we request credentials, we diagonse the erroneous input: fatal: refusing to work with credential missing host field This is problematic in two ways: - The message doesn't tell the user *why* we are missing the host field, so they can't tell from this message alone how to recover. There can be intervening messages after the original warning of bad input, so the user may not have the context to put two and two together. - The error only occurs when we actually need to get a credential. If the URL permits anonymous access, the only encouragement the user gets to correct their bogus URL is a quiet warning. This is inconsistent with the check we perform in fsck, where any use of such a URL as a submodule is an error. When we see such a bogus URL, let's not try to be nice and continue without helpers. Instead, die() immediately. This is simpler and obviously safe. And there's very little chance of disrupting a normal workflow. It's _possible_ that somebody has a legitimate URL with a raw newline in it. It already wouldn't work with credential helpers, so this patch steps that up from an inconvenience to "we will refuse to work with it at all". If such a case does exist, we should figure out a way to work with it (especially if the newline is only in the path component, which we normally don't even pass to helpers). But until we see a real report, we're better off being defensive. Reported-by: Carlo Arenas <carenas@gmail.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:10:58 UTC |
| a2b26ff | Jonathan Nieder | 19 April 2020, 03:52:34 UTC | fsck: convert gitmodules url to URL passed to curl In 07259e74ec1 (fsck: detect gitmodules URLs with embedded newlines, 2020-03-11), git fsck learned to check whether URLs in .gitmodules could be understood by the credential machinery when they are handled by git-remote-curl. However, the check is overbroad: it checks all URLs instead of only URLs that would be passed to git-remote-curl. In principle a git:// or file:/// URL does not need to follow the same conventions as an http:// URL; in particular, git:// and file:// protocols are not succeptible to issues in the credential API because they do not support attaching credentials. In the HTTP case, the URL in .gitmodules does not always match the URL that would be passed to git-remote-curl and the credential machinery: Git's URL syntax allows specifying a remote helper followed by a "::" delimiter and a URL to be passed to it, so that git ls-remote http::https://example.com/repo.git invokes git-remote-http with https://example.com/repo.git as its URL argument. With today's checks, that distinction does not make a difference, but for a check we are about to introduce (for empty URL schemes) it will matter. .gitmodules files also support relative URLs. To ensure coverage for the https based embedded-newline attack, urldecode and check them directly for embedded newlines. Helped-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Reviewed-by: Jeff King <peff@peff.net> | 19 April 2020, 23:10:58 UTC |
| 8ba8ed5 | Jeff King | 19 April 2020, 03:50:48 UTC | credential: refuse to operate when missing host or protocol The credential helper protocol was designed to be very flexible: the fields it takes as input are treated as a pattern, and any missing fields are taken as wildcards. This allows unusual things like: echo protocol=https | git credential reject to delete all stored https credentials (assuming the helpers themselves treat the input that way). But when helpers are invoked automatically by Git, this flexibility works against us. If for whatever reason we don't have a "host" field, then we'd match _any_ host. When you're filling a credential to send to a remote server, this is almost certainly not what you want. Prevent this at the layer that writes to the credential helper. Add a check to the credential API that the host and protocol are always passed in, and add an assertion to the credential_write function that speaks credential helper protocol to be doubly sure. There are a few ways this can be triggered in practice: - the "git credential" command passes along arbitrary credential parameters it reads from stdin. - until the previous patch, when the host field of a URL is empty, we would leave it unset (rather than setting it to the empty string) - a URL like "example.com/foo.git" is treated by curl as if "http://" was present, but our parser sees it as a non-URL and leaves all fields unset - the recent fix for URLs with embedded newlines blanks the URL but otherwise continues. Rather than having the desired effect of looking up no credential at all, many helpers will return _any_ credential Our earlier test for an embedded newline didn't catch this because it only checked that the credential was cleared, but didn't configure an actual helper. Configuring the "verbatim" helper in the test would show that it is invoked (it's obviously a silly helper which doesn't look at its input, but the point is that it shouldn't be run at all). Since we're switching this case to die(), we don't need to bother with a helper. We can see the new behavior just by checking that the operation fails. We'll add new tests covering partial input as well (these can be triggered through various means with url-parsing, but it's simpler to just check them directly, as we know we are covered even if the url parser changes behavior in the future). [jn: changed to die() instead of logging and showing a manual username/password prompt] Reported-by: Carlo Arenas <carenas@gmail.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:10:58 UTC |
| 2403668 | Jeff King | 19 April 2020, 03:48:05 UTC | credential: parse URL without host as empty host, not unset We may feed a URL like "cert:///path/to/cert.pem" into the credential machinery to get the key for a client-side certificate. That credential has no hostname field, which is about to be disallowed (to avoid confusion with protocols where a helper _would_ expect a hostname). This means as of the next patch, credential helpers won't work for unlocking certs. Let's fix that by doing two things: - when we parse a url with an empty host, set the host field to the empty string (asking only to match stored entries with an empty host) rather than NULL (asking to match _any_ host). - when we build a cert:// credential by hand, similarly assign an empty string It's the latter that is more likely to impact real users in practice, since it's what's used for http connections. But we don't have good infrastructure to test it. The url-parsing version will help anybody using git-credential in a script, and is easy to test. Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Taylor Blau <me@ttaylorr.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:10:57 UTC |
| 73aafe9 | Jeff King | 19 April 2020, 03:47:30 UTC | t0300: use more realistic inputs Many of the tests in t0300 give partial inputs to git-credential, omitting a protocol or hostname. We're checking only high-level things like whether and how helpers are invoked at all, and we don't care about specific hosts. However, in preparation for tightening up the rules about when we're willing to run a helper, let's start using input that's a bit more realistic: pretend as if http://example.com is being examined. This shouldn't change the point of any of the tests, but do note we have to adjust the expected output to accommodate this (filling a credential will repeat back the protocol/host fields to stdout, and the helper debug messages and askpass prompt will change on stderr). Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Taylor Blau <me@ttaylorr.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:10:57 UTC |
| a88dbd2 | Jeff King | 19 April 2020, 05:36:02 UTC | t0300: make "quit" helper more realistic We test a toy credential helper that writes "quit=1" and confirms that we stop running other helpers. However, that helper is unrealistic in that it does not bother to read its stdin at all. For now we don't send any input to it, because we feed git-credential a blank credential. But that will change in the next patch, which will cause this test to racily fail, as git-credential will get SIGPIPE writing to the helper rather than exiting because it was asked to. Let's make this one-off helper more like our other sample helpers, and have it source the "dump" script. That will read stdin, fixing the SIGPIPE problem. But it will also write what it sees to stderr. We can make the test more robust by checking that output, which confirms that we do run the quit helper, don't run any other helpers, and exit for the reason we expected. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | 19 April 2020, 23:10:52 UTC |
| de49261 | Junio C Hamano | 25 March 2020, 20:07:47 UTC | Git 2.26.1 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 25 March 2020, 20:07:47 UTC |
| 274b9cc | Junio C Hamano | 22 March 2020, 23:50:46 UTC | Git 2.26 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 22 March 2020, 23:50:46 UTC |
| 55a7568 | Junio C Hamano | 21 March 2020, 20:48:54 UTC | Merge branch 'en/rebase-backend' Test fix. * en/rebase-backend: t3419: prevent failure when run with EXPENSIVE | 21 March 2020, 20:48:54 UTC |
| c452dfa | Junio C Hamano | 21 March 2020, 19:12:28 UTC | Merge tag 'l10n-2.26.0-rnd2.1' of git://github.com/git-l10n/git-po.git l10n-2.26.0-rnd2.1 * tag 'l10n-2.26.0-rnd2.1' of https://github.com/git-l10n/git-po: (28 commits) l10n: tr.po: change file mode to 644 l10n: de.po: Update German translation for Git 2.26.0 l10n: de.po: add missing space l10n: tr: Fix a couple of ambiguities l10n: Update Catalan translation l10n: sv.po: Update Swedish translation (4839t0f0u) l10n: zh_CN: Revise v2.26.0 translation l10n: zh_CN: for git v2.26.0 l10n round 1 and 2 l10n: vi(4839t): Updated Vietnamese translation for v2.26.0 l10n: vi: fix translation + grammar l10n: zh_TW.po: v2.26.0 round 2 (0 untranslated) l10n: zh_TW.po: v2.26.0 round 1 (11 untranslated) l10n: it.po: update the Italian translation for Git 2.26.0 round 2 l10n: es: 2.26.0 round#2 l10n: bg.po: Updated Bulgarian translation (4839t) l10n: tr: v2.26.0 round 2 l10n: fr : v2.26.0 rnd 2 l10n: git.pot: v2.26.0 round 2 (7 new, 2 removed) l10n: tr: Add glossary for Turkish translations l10n: sv.po: Update Swedish translation (4835t0f0u) ... | 21 March 2020, 19:12:28 UTC |
| 1557364 | Jiang Xin | 21 March 2020, 10:26:56 UTC | l10n: tr.po: change file mode to 644 Signed-off-by: Jiang Xin <worldhello.net@gmail.com> | 21 March 2020, 10:26:56 UTC |
| 2da1b05 | brian m. carlson | 20 March 2020, 21:52:41 UTC | t3419: prevent failure when run with EXPENSIVE This test runs a function which itself runs several assertions. The last of these assertions cleans up the .git/rebase-apply directory, since when run with EXPENSIVE set, the function is invoked a second time to run the same tests with a larger data set. However, as of 2ac0d6273f ("rebase: change the default backend from "am" to "merge"", 2020-02-15), the default backend of rebase has changed, and cleaning up the rebase-apply directory has no effect: it no longer exists, since we're using rebase-merge instead. Since we don't really care which rebase backend is in use, let's just use the command "git rebase --quit", which will do the right thing regardless. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> | 20 March 2020, 22:25:24 UTC |
| 1ae3a38 | Matthias Rüster | 14 March 2020, 21:10:16 UTC | l10n: de.po: Update German translation for Git 2.26.0 Signed-off-by: Matthias Rüster <matthias.ruester@gmail.com> Reviewed-by: Ralf Thielow <ralf.thielow@gmail.com> Reviewed-by: Phillip Szelat <phillip.szelat@gmail.com> | 20 March 2020, 11:19:22 UTC |
| 5804c6e | Ralf Thielow | 21 January 2020, 16:30:48 UTC | l10n: de.po: add missing space Signed-off-by: Ralf Thielow <ralf.thielow@gmail.com> | 20 March 2020, 09:45:37 UTC |
| 98cedd0 | Junio C Hamano | 19 March 2020, 23:06:51 UTC | Merge https://github.com/prati0100/git-gui * 'master' of https://github.com/prati0100/git-gui: git-gui: create a new namespace for chord script evaluation git-gui: reduce Tcl version requirement from 8.6 to 8.5 git-gui--askpass: coerce answers to UTF-8 on Windows git-gui: fix error popup when doing blame -> "Show History Context" git-gui: add missing close bracket git-gui: update German translation git-gui: extend translation glossary template with more terms git-gui: update pot template and German translation to current source code | 19 March 2020, 23:06:51 UTC |
| 4914ba4 | Emir Sarı | 19 March 2020, 22:36:24 UTC | l10n: tr: Fix a couple of ambiguities Signed-off-by: Emir Sarı <bitigchi@me.com> | 19 March 2020, 22:36:24 UTC |
| a572802 | Pratyush Yadav | 19 March 2020, 15:59:19 UTC | Merge branch 'py/remove-tcloo' Reduce the Tcl version requirement to 8.5 to allow git-gui to run on MacOS distributions like High Sierra. While here, fix a potential variable name collision. * py/remove-tcloo: git-gui: create a new namespace for chord script evaluation git-gui: reduce Tcl version requirement from 8.6 to 8.5 | 19 March 2020, 15:59:19 UTC |
| 7fcb965 | Elijah Newren | 18 March 2020, 21:18:26 UTC | RelNotes/2.26.0: fix various typos Signed-off-by: Elijah Newren <newren@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> | 18 March 2020, 22:42:37 UTC |
| f0c03bc | Jordi Mas | 18 March 2020, 19:24:20 UTC | l10n: Update Catalan translation Signed-off-by: Jordi Mas <jmas@softcatala.org> | 18 March 2020, 19:24:20 UTC |
| 67b0a24 | Junio C Hamano | 18 March 2020, 01:12:01 UTC | Git 2.25.3 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 18 March 2020, 01:12:01 UTC |
| be8661a | Junio C Hamano | 17 March 2020, 22:16:14 UTC | Sync with Git 2.25.2 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 22:27:15 UTC |
| 0822e66 | Junio C Hamano | 17 March 2020, 21:54:02 UTC | Git 2.25.2 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 22:06:37 UTC |
| 65588b0 | Beat Bolli | 17 March 2020, 15:36:05 UTC | unicode: update the width tables to Unicode 13.0 Now that Unicode 13.0 has been announced[0], update the character width tables to the new version. [0] https://home.unicode.org/announcing-the-unicode-standard-version-13-0/ Signed-off-by: Beat Bolli <dev+git@drbeat.li> Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 22:06:37 UTC |
| 7be274b | Junio C Hamano | 17 March 2020, 22:02:26 UTC | Merge branch 'js/ci-windows-update' into maint Updates to the CI settings. * js/ci-windows-update: Azure Pipeline: switch to the latest agent pools ci: prevent `perforce` from being quarantined t/lib-httpd: avoid using macOS' sed | 17 March 2020, 22:02:26 UTC |
| 9a75ecd | Junio C Hamano | 17 March 2020, 22:02:26 UTC | Merge branch 'jk/run-command-formatfix' into maint Code style cleanup. * jk/run-command-formatfix: run-command.h: fix mis-indented struct member | 17 March 2020, 22:02:26 UTC |
| 221887a | Junio C Hamano | 17 March 2020, 22:02:26 UTC | Merge branch 'jk/doc-credential-helper' into maint Docfix. * jk/doc-credential-helper: doc: move credential helper info into gitcredentials(7) | 17 March 2020, 22:02:26 UTC |
| 32fc2c6 | Junio C Hamano | 17 March 2020, 22:02:25 UTC | Merge branch 'js/mingw-open-in-gdb' into maint Dev support. * js/mingw-open-in-gdb: mingw: add a helper function to attach GDB to the current process | 17 March 2020, 22:02:25 UTC |
| fe0d2c8 | Junio C Hamano | 17 March 2020, 22:02:25 UTC | Merge branch 'js/test-unc-fetch' into maint Test updates. * js/test-unc-fetch: t5580: test cloning without file://, test fetching via UNC paths | 17 March 2020, 22:02:25 UTC |
| 618db36 | Junio C Hamano | 17 March 2020, 22:02:25 UTC | Merge branch 'js/test-write-junit-xml-fix' into maint Testfix. * js/test-write-junit-xml-fix: tests: fix --write-junit-xml with subshells | 17 March 2020, 22:02:25 UTC |
| 50e1b41 | Junio C Hamano | 17 March 2020, 22:02:25 UTC | Merge branch 'en/simplify-check-updates-in-unpack-trees' into maint Code simplification. * en/simplify-check-updates-in-unpack-trees: unpack-trees: exit check_updates() early if updates are not wanted | 17 March 2020, 22:02:25 UTC |
| fda2baf | Junio C Hamano | 17 March 2020, 22:02:24 UTC | Merge branch 'jc/doc-single-h-is-for-help' into maint Both "git ls-remote -h" and "git grep -h" give short usage help, like any other Git subcommand, but it is not unreasonable to expect that the former would behave the same as "git ls-remote --head" (there is no other sensible behaviour for the latter). The documentation has been updated in an attempt to clarify this. * jc/doc-single-h-is-for-help: Documentation: clarify that `-h` alone stands for `help` | 17 March 2020, 22:02:24 UTC |
| 41d910e | Junio C Hamano | 17 March 2020, 22:02:24 UTC | Merge branch 'hd/show-one-mergetag-fix' into maint "git show" and others gave an object name in raw format in its error output, which has been corrected to give it in hex. * hd/show-one-mergetag-fix: show_one_mergetag: print non-parent in hex form. | 17 March 2020, 22:02:24 UTC |
| 2d7247a | Junio C Hamano | 17 March 2020, 22:02:23 UTC | Merge branch 'am/mingw-poll-fix' into maint MinGW's poll() emulation has been improved. * am/mingw-poll-fix: mingw: workaround for hangs when sending STDIN | 17 March 2020, 22:02:24 UTC |
| 4e730fc | Junio C Hamano | 17 March 2020, 22:02:23 UTC | Merge branch 'hi/gpg-use-check-signature' into maint "git merge signed-tag" while lacking the public key started to say "No signature", which was utterly wrong. This regression has been reverted. * hi/gpg-use-check-signature: Revert "gpg-interface: prefer check_signature() for GPG verification" | 17 March 2020, 22:02:23 UTC |
| 76ccbda | Junio C Hamano | 17 March 2020, 22:02:23 UTC | Merge branch 'ds/partial-clone-fixes' into maint Fix for a bug revealed by a recent change to make the protocol v2 the default. * ds/partial-clone-fixes: partial-clone: avoid fetching when looking for objects partial-clone: demonstrate bugs in partial fetch | 17 March 2020, 22:02:23 UTC |
| 569b898 | Junio C Hamano | 17 March 2020, 22:02:23 UTC | Merge branch 'en/t3433-rebase-stat-dirty-failure' into maint The merge-recursive machinery failed to refresh the cache entry for a merge result in a couple of places, resulting in an unnecessary merge failure, which has been fixed. * en/t3433-rebase-stat-dirty-failure: merge-recursive: fix the refresh logic in update_file_flags t3433: new rebase testcase documenting a stat-dirty-like failure | 17 March 2020, 22:02:23 UTC |
| 16a4bf1 | Junio C Hamano | 17 March 2020, 22:02:23 UTC | Merge branch 'en/check-ignore' into maint "git check-ignore" did not work when the given path is explicitly marked as not ignored with a negative entry in the .gitignore file. * en/check-ignore: check-ignore: fix documentation and implementation to match | 17 March 2020, 22:02:23 UTC |
| 3246495 | Junio C Hamano | 17 March 2020, 22:02:22 UTC | Merge branch 'jk/push-option-doc-markup-fix' into maint Doc markup fix. * jk/push-option-doc-markup-fix: doc/config/push: use longer "--" line for preformatted example | 17 March 2020, 22:02:22 UTC |
| 56f97d5 | Junio C Hamano | 17 March 2020, 22:02:22 UTC | Merge branch 'jk/doc-diff-parallel' into maint Update to doc-diff. * jk/doc-diff-parallel: doc-diff: use single-colon rule in rendering Makefile | 17 March 2020, 22:02:22 UTC |
| 1a4abcb | Junio C Hamano | 17 March 2020, 22:02:22 UTC | Merge branch 'jh/notes-fanout-fix' into maint The code to automatically shrink the fan-out in the notes tree had an off-by-one bug, which has been killed. * jh/notes-fanout-fix: notes.c: fix off-by-one error when decreasing notes fanout t3305: check notes fanout more carefully and robustly | 17 March 2020, 22:02:22 UTC |
| 7e84f46 | Junio C Hamano | 17 March 2020, 22:02:21 UTC | Merge branch 'jk/index-pack-dupfix' into maint The index-pack code now diagnoses a bad input packstream that records the same object twice when it is used as delta base; the code used to declare a software bug when encountering such an input, but it is an input error. * jk/index-pack-dupfix: index-pack: downgrade twice-resolved REF_DELTA to die() | 17 March 2020, 22:02:22 UTC |
| fa24bbe | Junio C Hamano | 17 March 2020, 22:02:21 UTC | Merge branch 'js/rebase-i-with-colliding-hash' into maint "git rebase -i" identifies existing commits in its todo file with their abbreviated object name, which could become ambigous as it goes to create new commits, and has a mechanism to avoid ambiguity in the main part of its execution. A few other cases however were not covered by the protection against ambiguity, which has been corrected. * js/rebase-i-with-colliding-hash: rebase -i: also avoid SHA-1 collisions with missingCommitsCheck rebase -i: re-fix short SHA-1 collision parse_insn_line(): improve error message when parsing failed | 17 March 2020, 22:02:21 UTC |
| a7a2e12 | Junio C Hamano | 17 March 2020, 22:02:21 UTC | Merge branch 'jk/clang-sanitizer-fixes' into maint C pedantry ;-) fix. * jk/clang-sanitizer-fixes: obstack: avoid computing offsets from NULL pointer xdiff: avoid computing non-zero offset from NULL pointer avoid computing zero offsets from NULL pointer merge-recursive: use subtraction to flip stage merge-recursive: silence -Wxor-used-as-pow warning | 17 March 2020, 22:02:21 UTC |
| 93d0892 | Junio C Hamano | 17 March 2020, 22:02:21 UTC | Merge branch 'dt/submodule-rm-with-stale-cache' into maint Running "git rm" on a submodule failed unnecessarily when .gitmodules is only cache-dirty, which has been corrected. * dt/submodule-rm-with-stale-cache: git rm submodule: succeed if .gitmodules index stat info is zero | 17 March 2020, 22:02:21 UTC |
| dae4777 | Junio C Hamano | 17 March 2020, 22:02:21 UTC | Merge branch 'pb/recurse-submodule-in-worktree-fix' into maint The "--recurse-submodules" option of various subcommands did not work well when run in an alternate worktree, which has been corrected. * pb/recurse-submodule-in-worktree-fix: submodule.c: use get_git_dir() instead of get_git_common_dir() t2405: clarify test descriptions and simplify test t2405: use git -C and test_commit -C instead of subshells t7410: rename to t2405-worktree-submodule.sh | 17 March 2020, 22:02:21 UTC |
| 758d077 | Junio C Hamano | 17 March 2020, 22:02:20 UTC | Merge branch 'es/outside-repo-errmsg-hints' into maint An earlier update to show the location of working tree in the error message did not consider the possibility that a git command may be run in a bare repository, which has been corrected. * es/outside-repo-errmsg-hints: prefix_path: show gitdir if worktree unavailable prefix_path: show gitdir when arg is outside repo | 17 March 2020, 22:02:20 UTC |
| f0c344c | Junio C Hamano | 17 March 2020, 22:02:20 UTC | Merge branch 'js/builtin-add-i-cmds' into maint Minor bugfixes to "git add -i" that has recently been rewritten in C. * js/builtin-add-i-cmds: built-in add -i: accept open-ended ranges again built-in add -i: do not try to `patch`/`diff` an empty list of files | 17 March 2020, 22:02:20 UTC |
| 506223f | Junio C Hamano | 17 March 2020, 21:36:45 UTC | Git 2.24.2 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 21:36:45 UTC |
| 17a0278 | Junio C Hamano | 17 March 2020, 21:33:34 UTC | Git 2.23.2 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 21:33:34 UTC |
| 69fab82 | Junio C Hamano | 17 March 2020, 21:24:55 UTC | Git 2.22.3 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 21:24:55 UTC |
| fe22686 | Junio C Hamano | 17 March 2020, 21:16:08 UTC | Git 2.21.2 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 21:16:08 UTC |
| d1259ce | Junio C Hamano | 17 March 2020, 20:42:38 UTC | Git 2.20.3 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 20:46:10 UTC |
| a5979d7 | Junio C Hamano | 17 March 2020, 20:37:37 UTC | Git 2.19.4 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 20:43:08 UTC |
| 21a3e50 | Junio C Hamano | 17 March 2020, 20:34:12 UTC | Git 2.18.3 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 20:34:12 UTC |
| c42c0f1 | Junio C Hamano | 17 March 2020, 20:23:48 UTC | Git 2.17.4 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 17 March 2020, 20:25:33 UTC |
| d7d8b20 | Peter Krefting | 17 March 2020, 17:33:22 UTC | l10n: sv.po: Update Swedish translation (4839t0f0u) Signed-off-by: Peter Krefting <peter@softwolves.pp.se> | 17 March 2020, 17:33:22 UTC |
| 3891a84 | Pratyush Yadav | 14 March 2020, 21:38:36 UTC | git-gui: create a new namespace for chord script evaluation Evaluating the script in the same namespace as the chord itself creates potential for variable name collision. And in that case the script would unknowingly use the chord's variables. For example, say the script has a variable called 'is_completed', which also exists in the chord's namespace. The script then calls 'eval' and sets 'is_completed' to 1 thinking it is setting its own variable, completely unaware of how the chord works behind the scenes. This leads to the chord never actually executing because it sees 'is_completed' as true and thinks it has already completed. Avoid the potential collision by creating a separate namespace for the script that is a child of the chord's namespace. Signed-off-by: Pratyush Yadav <me@yadavpratyush.com> | 17 March 2020, 13:18:54 UTC |
| 8a8efbe | Pratyush Yadav | 17 February 2020, 15:39:29 UTC | git-gui: reduce Tcl version requirement from 8.6 to 8.5 On some MacOS distributions like High Sierra, Tcl 8.5 is shipped by default. This makes git-gui error out at startup because of the version mismatch. The only part that requires Tcl 8.6 is SimpleChord, which depends on TclOO. So, don't use it and use our homegrown class.tcl instead. This means some slight syntax changes. Since class.tcl doesn't have an "unknown" method like TclOO does, we can't just call '$note', but have to use '$note activate' instead. The constructor now needs a proper namespace qualifier. Update the documentation to reflect the new syntax. As of now, the only part of git-gui that needs Tcl 8.5 is a call to 'apply' in lib/index.tcl::lambda. Keep using it until someone shows up shouting that their OS ships with 8.4 only. Then we would have to look into implementing it in pure Tcl. Signed-off-by: Pratyush Yadav <me@yadavpratyush.com> | 17 March 2020, 13:18:54 UTC |
| 440e744 | Fangyi Zhou | 11 March 2020, 11:55:43 UTC | l10n: zh_CN: Revise v2.26.0 translation Signed-off-by: Fangyi Zhou <me@fangyi.io> Reviewed-by: 依云 <lilydjwg@gmail.com> Signed-off-by: Jiang Xin <worldhello.net@gmail.com> | 17 March 2020, 06:05:22 UTC |
| 2b472aa | Jiang Xin | 30 December 2019, 00:56:49 UTC | l10n: zh_CN: for git v2.26.0 l10n round 1 and 2 Translate 79 new messages (4839t0f0u) for git 2.26.0. Signed-off-by: Jiang Xin <worldhello.net@gmail.com> | 17 March 2020, 06:05:22 UTC |
| 6c85aac | Junio C Hamano | 16 March 2020, 19:46:32 UTC | Git 2.26-rc2 Signed-off-by: Junio C Hamano <gitster@pobox.com> | 16 March 2020, 19:46:32 UTC |
| 74f172e | Junio C Hamano | 16 March 2020, 19:43:30 UTC | Merge branch 'en/test-cleanup' Test fixes. * en/test-cleanup: t6022, t6046: fix flaky files-are-updated checks | 16 March 2020, 19:43:30 UTC |
| e96327c | Junio C Hamano | 16 March 2020, 19:43:29 UTC | Merge branch 'es/outside-repo-errmsg-hints' An earlier update to show the location of working tree in the error message did not consider the possibility that a git command may be run in a bare repository, which has been corrected. * es/outside-repo-errmsg-hints: prefix_path: show gitdir if worktree unavailable | 16 March 2020, 19:43:29 UTC |
| ee94b97 | Tran Ngoc Quan | 16 March 2020, 01:55:40 UTC | l10n: vi(4839t): Updated Vietnamese translation for v2.26.0 Signed-off-by: Tran Ngoc Quan <vnwildman@gmail.com> | 16 March 2020, 07:21:58 UTC |
| 15fa8d9 | Đoàn Trần Công Danh | 13 January 2020, 15:48:39 UTC | l10n: vi: fix translation + grammar - context should be translated to ngữ cảnh instead of nội dung - add missing accents - switch adjective and secondary objects position: * The formatted English text will be "To remove '+/-' lines", it should be translated to "Để bỏ dòng bắt đầu với '+/-' Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com> | 16 March 2020, 07:21:58 UTC |
