From: Junio C Hamano <gitster@pobox.com>
Date: Fri, 30 Mar 2018 19:42:03 +0000 (-0700)
Subject: Merge branch 'lv/tls-1.3' into next
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/4f137314080fa66b33f7bb342a1b6926020f7770?hp=-c

Merge branch 'lv/tls-1.3' into next

When built with more recent cURL, GIT_SSL_VERSION can now specify
"tlsv1.3" as its value.

* lv/tls-1.3:
http: allow use of TLS 1.3
---

4f137314080fa66b33f7bb342a1b6926020f7770
diff --combined Documentation/config.txt
index 4e0cff87f6,ca8d1687cc..2659153cb3
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@@ -1398,16 -1398,7 +1398,16 @@@ fetch.unpackLimit:
  
  fetch.prune::
  	If true, fetch will automatically behave as if the `--prune`
 -	option was given on the command line.  See also `remote.<name>.prune`.
 +	option was given on the command line.  See also `remote.<name>.prune`
 +	and the PRUNING section of linkgit:git-fetch[1].
 +
 +fetch.pruneTags::
 +	If true, fetch will automatically behave as if the
 +	`refs/tags/*:refs/tags/*` refspec was provided when pruning,
 +	if not set already. This allows for setting both this option
 +	and `fetch.prune` to maintain a 1=1 mapping to upstream
 +	refs. See also `remote.<name>.pruneTags` and the PRUNING
 +	section of linkgit:git-fetch[1].
  
  fetch.output::
  	Control how ref update status is printed. Valid values are
@@@ -1957,6 -1948,7 +1957,7 @@@ http.sslVersion:
  	- tlsv1.0
  	- tlsv1.1
  	- tlsv1.2
+ 	- tlsv1.3
  
  +
  Can be overridden by the `GIT_SSL_VERSION` environment variable.
@@@ -2954,15 -2946,6 +2955,15 @@@ remote.<name>.prune:
  	remote (as if the `--prune` option was given on the command line).
  	Overrides `fetch.prune` settings, if any.
  
 +remote.<name>.pruneTags::
 +	When set to true, fetching from this remote by default will also
 +	remove any local tags that no longer exist on the remote if pruning
 +	is activated in general via `remote.<name>.prune`, `fetch.prune` or
 +	`--prune`. Overrides `fetch.pruneTags` settings, if any.
 ++
 +See also `remote.<name>.prune` and the PRUNING section of
 +linkgit:git-fetch[1].
 +
  remotes.<group>::
  	The list of remotes which are fetched by "git remote update
  	<group>".  See linkgit:git-remote[1].
@@@ -3228,8 -3211,7 +3229,8 @@@ submodule.active:
  
  submodule.recurse::
  	Specifies if commands recurse into submodules by default. This
 -	applies to all commands that have a `--recurse-submodules` option.
 +	applies to all commands that have a `--recurse-submodules` option,
 +	except `clone`.
  	Defaults to false.
  
  submodule.fetchJobs::
@@@ -3362,10 -3344,6 +3363,10 @@@ uploadpack.packObjectsHook:
  	was run. I.e., `upload-pack` will feed input intended for
  	`pack-objects` to the hook, and expects a completed packfile on
  	stdout.
 +
 +uploadpack.allowFilter::
 +	If this option is set, `upload-pack` will support partial
 +	clone and partial fetch object filtering.
  +
  Note that this configuration variable is ignored if it is seen in the
  repository-level config (this is a safety measure against fetching from
diff --combined http.c
index d058b75be4,4699cf76c9..91e70fe33a
--- a/http.c
+++ b/http.c
@@@ -62,6 -62,9 +62,9 @@@ static struct 
  	{ "tlsv1.1", CURL_SSLVERSION_TLSv1_1 },
  	{ "tlsv1.2", CURL_SSLVERSION_TLSv1_2 },
  #endif
+ #if LIBCURL_VERSION_NUM >= 0x073400
+ 	{ "tlsv1.3", CURL_SSLVERSION_TLSv1_3 },
+ #endif
  };
  #if LIBCURL_VERSION_NUM >= 0x070903
  static const char *ssl_key;
@@@ -69,9 -72,6 +72,9 @@@
  #if LIBCURL_VERSION_NUM >= 0x070908
  static const char *ssl_capath;
  #endif
 +#if LIBCURL_VERSION_NUM >= 0x071304
 +static const char *curl_no_proxy;
 +#endif
  #if LIBCURL_VERSION_NUM >= 0x072c00
  static const char *ssl_pinnedkey;
  #endif
@@@ -80,6 -80,7 +83,6 @@@ static long curl_low_speed_limit = -1
  static long curl_low_speed_time = -1;
  static int curl_ftp_no_epsv;
  static const char *curl_http_proxy;
 -static const char *curl_no_proxy;
  static const char *http_proxy_authmethod;
  static struct {
  	const char *name;
@@@ -972,6 -973,21 +975,6 @@@ static void set_from_env(const char **v
  		*var = val;
  }
  
 -static void protocol_http_header(void)
 -{
 -	if (get_protocol_version_config() > 0) {
 -		struct strbuf protocol_header = STRBUF_INIT;
 -
 -		strbuf_addf(&protocol_header, GIT_PROTOCOL_HEADER ": version=%d",
 -			    get_protocol_version_config());
 -
 -
 -		extra_http_headers = curl_slist_append(extra_http_headers,
 -						       protocol_header.buf);
 -		strbuf_release(&protocol_header);
 -	}
 -}
 -
  void http_init(struct remote *remote, const char *url, int proactive_auth)
  {
  	char *low_speed_limit;
@@@ -1002,6 -1018,8 +1005,6 @@@
  	if (remote)
  		var_override(&http_proxy_authmethod, remote->http_proxy_authmethod);
  
 -	protocol_http_header();
 -
  	pragma_header = curl_slist_append(http_copy_default_headers(),
  		"Pragma: no-cache");
  	no_pragma_header = curl_slist_append(http_copy_default_headers(),
@@@ -1245,14 -1263,14 +1248,14 @@@ static struct fill_chain *fill_cfg
  
  void add_fill_function(void *data, int (*fill)(void *))
  {
 -	struct fill_chain *new = xmalloc(sizeof(*new));
 +	struct fill_chain *new_fill = xmalloc(sizeof(*new_fill));
  	struct fill_chain **linkp = &fill_cfg;
 -	new->data = data;
 -	new->fill = fill;
 -	new->next = NULL;
 +	new_fill->data = data;
 +	new_fill->fill = fill;
 +	new_fill->next = NULL;
  	while (*linkp)
  		linkp = &(*linkp)->next;
 -	*linkp = new;
 +	*linkp = new_fill;
  }
  
  void fill_active_slots(void)
@@@ -1774,14 -1792,6 +1777,14 @@@ static int http_request(const char *url
  
  	headers = curl_slist_append(headers, buf.buf);
  
 +	/* Add additional headers here */
 +	if (options && options->extra_headers) {
 +		const struct string_list_item *item;
 +		for_each_string_list_item(item, options->extra_headers) {
 +			headers = curl_slist_append(headers, item->string);
 +		}
 +	}
 +
  	curl_easy_setopt(slot->curl, CURLOPT_URL, url);
  	curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, headers);
  	curl_easy_setopt(slot->curl, CURLOPT_ENCODING, "gzip");
@@@ -2227,7 -2237,7 +2230,7 @@@ struct http_object_request *new_http_ob
  	unsigned char *sha1)
  {
  	char *hex = sha1_to_hex(sha1);
 -	const char *filename;
 +	struct strbuf filename = STRBUF_INIT;
  	char prevfile[PATH_MAX];
  	int prevlocal;
  	char prev_buf[PREV_BUF_SIZE];
@@@ -2239,15 -2249,14 +2242,15 @@@
  	hashcpy(freq->sha1, sha1);
  	freq->localfile = -1;
  
 -	filename = sha1_file_name(sha1);
 +	sha1_file_name(&filename, sha1);
  	snprintf(freq->tmpfile, sizeof(freq->tmpfile),
 -		 "%s.temp", filename);
 +		 "%s.temp", filename.buf);
  
 -	snprintf(prevfile, sizeof(prevfile), "%s.prev", filename);
 +	snprintf(prevfile, sizeof(prevfile), "%s.prev", filename.buf);
  	unlink_or_warn(prevfile);
  	rename(freq->tmpfile, prevfile);
  	unlink_or_warn(freq->tmpfile);
 +	strbuf_release(&filename);
  
  	if (freq->localfile != -1)
  		error("fd leakage in start: %d", freq->localfile);
@@@ -2362,7 -2371,6 +2365,7 @@@ void process_http_object_request(struc
  int finish_http_object_request(struct http_object_request *freq)
  {
  	struct stat st;
 +	struct strbuf filename = STRBUF_INIT;
  
  	close(freq->localfile);
  	freq->localfile = -1;
@@@ -2388,10 -2396,8 +2391,10 @@@
  		unlink_or_warn(freq->tmpfile);
  		return -1;
  	}
 -	freq->rename =
 -		finalize_object_file(freq->tmpfile, sha1_file_name(freq->sha1));
 +
 +	sha1_file_name(&filename, freq->sha1);
 +	freq->rename = finalize_object_file(freq->tmpfile, filename.buf);
 +	strbuf_release(&filename);
  
  	return freq->rename;
  }