Merge branch 'ew/http-alternates-as-redirects-warning' into maint

Recent versions of Git treats http alternates (used in dumb http
transport) just like HTTP redirects and requires the client to
enable following it, due to security concerns.  But we forgot to
give a warning when we decide not to honor the alternates.

* ew/http-alternates-as-redirects-warning:
http: release strbuf on disabled alternates
http: inform about alternates-as-redirects behavior

diff --combined http-walker.c
index 507c200f004a0d1e295a6ffe876667ddf20db3bf,ab7d5537ae55809685c633c91e869107f73fbb5b..ee049cb13df6ed6a64b1980004100a5dd55dde51
--- 1/http-walker.c
--- 2/http-walker.c
+++ b/http-walker.c
@@@ -168,6 -168,11 +168,11 @@@ static int is_alternate_allowed(const c
        };
        int i;
  
+       if (http_follow_config != HTTP_FOLLOW_ALWAYS) {
+               warning("alternate disabled by http.followRedirects: %s", url);
+               return 0;
+       }
+ 
        for (i = 0; i < ARRAY_SIZE(protocols); i++) {
                const char *end;
                if (skip_prefix(url, protocols[i], &end) &&
@@@ -296,16 -301,13 +301,16 @@@ static void process_alternates_response
                                        okay = 1;
                                }
                        }
 -                      /* skip "objects\n" at end */
                        if (okay) {
                                struct strbuf target = STRBUF_INIT;
                                strbuf_add(&target, base, serverlen);
 -                              strbuf_add(&target, data + i, posn - i - 7);
 -
 -                              if (is_alternate_allowed(target.buf)) {
 +                              strbuf_add(&target, data + i, posn - i);
 +                              if (!strbuf_strip_suffix(&target, "objects")) {
 +                                      warning("ignoring alternate that does"
 +                                              " not end in 'objects': %s",
 +                                              target.buf);
 +                                      strbuf_release(&target);
 +                              } else if (is_alternate_allowed(target.buf)) {
                                        warning("adding alternate object store: %s",
                                                target.buf);
                                        newalt = xmalloc(sizeof(*newalt));
@@@ -317,6 -319,8 +322,8 @@@
                                        while (tail->next != NULL)
                                                tail = tail->next;
                                        tail->next = newalt;
+                               } else {
+                                       strbuf_release(&target);
                                }
                        }
                }
@@@ -334,9 -338,6 +341,6 @@@ static void fetch_alternates(struct wal
        struct alternates_request alt_req;
        struct walker_data *cdata = walker->data;
  
-       if (http_follow_config != HTTP_FOLLOW_ALWAYS)
-               return;
- 
        /*
         * If another request has already started fetching alternates,
         * wait for them to arrive and return to processing this request's