Merge branch 'jk/connect-clear-env' into maint

The ssh transport, just like any other transport over the network,
did not clear GIT_* environment variables, but it is possible to
use SendEnv and AcceptEnv to leak them to the remote invocation of
Git, which is not a good idea at all.  Explicitly clear them just
like we do for the local transport.

* jk/connect-clear-env:
git_connect: clarify conn->use_shell flag
git_connect: clear GIT_* environment for ssh

diff --cc connect.c
index 27a706f76621621a25b7e58188e5d1da9b9a2ccd,acd39d70c8781d837bce45317d6b9641a522f85f..ced4961398d397e0e21661ce7105be293c3585c2
--- 1/connect.c
--- 2/connect.c
+++ b/connect.c
@@@ -727,10 -727,9 +730,10 @@@ struct child_process *git_connect(int f
                conn->in = conn->out = -1;
                if (protocol == PROTO_SSH) {
                        const char *ssh;
-                       int putty, tortoiseplink = 0;
+                       int putty = 0, tortoiseplink = 0;
                        char *ssh_host = hostandport;
                        const char *port = NULL;
 +                      transport_check_allowed("ssh");
                        get_host_and_port(&ssh_host, &port);
  
                        if (!port)
@@@ -781,11 -785,6 +789,8 @@@
                                argv_array_push(&conn->args, port);
                        }
                        argv_array_push(&conn->args, ssh_host);
-                       /* remove repo-local variables from the environment */
-                       conn->env = local_repo_env;
-                       conn->use_shell = 1;
 +              } else {
 +                      transport_check_allowed("file");
                }
                argv_array_push(&conn->args, cmd.buf);