gitweb.git
Merge branch 'vs/submodule-clone-nested-submodules... Junio C Hamano Wed, 21 Dec 2016 22:55:02 +0000 (14:55 -0800)

Merge branch 'vs/submodule-clone-nested-submodules-alternates'

"git clone --reference $there --recurse-submodules $super" has been
taught to guess repositories usable as references for submodules of
$super that are embedded in $there while making a clone of the
superproject borrow objects from $there; extend the mechanism to
also allow submodules of these submodules to borrow repositories
embedded in these clones of the submodules embedded in the clone of
the superproject.

* vs/submodule-clone-nested-submodules-alternates:
submodule--helper: set alternateLocation for cloned submodules

Merge branch 'nd/shallow-fixup'Junio C Hamano Wed, 21 Dec 2016 22:55:01 +0000 (14:55 -0800)

Merge branch 'nd/shallow-fixup'

Code cleanup in shallow boundary computation.

* nd/shallow-fixup:
shallow.c: remove useless code
shallow.c: bit manipulation tweaks
shallow.c: avoid theoretical pointer wrap-around
shallow.c: make paint_alloc slightly more robust
shallow.c: stop abusing COMMIT_SLAB_SIZE for paint_info's memory pools
shallow.c: rename fields in paint_info to better express their purposes

Merge branch 'sb/sequencer-abort-safety'Junio C Hamano Wed, 21 Dec 2016 22:55:01 +0000 (14:55 -0800)

Merge branch 'sb/sequencer-abort-safety'

Unlike "git am --abort", "git cherry-pick --abort" moved HEAD back
to where cherry-pick started while picking multiple changes, when
the cherry-pick stopped to ask for help from the user, and the user
did "git reset --hard" to a different commit in order to re-attempt
the operation.

* sb/sequencer-abort-safety:
Revert "sequencer: remove useless get_dir() function"
sequencer: remove useless get_dir() function
sequencer: make sequencer abort safer
t3510: test that cherry-pick --abort does not unsafely change HEAD
am: change safe_to_abort()'s not rewinding error into a warning
am: fix filename in safe_to_abort() error message

Second batch for 2.12Junio C Hamano Mon, 19 Dec 2016 22:50:31 +0000 (14:50 -0800)

Second batch for 2.12

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'kh/tutorial-grammofix'Junio C Hamano Mon, 19 Dec 2016 22:45:41 +0000 (14:45 -0800)

Merge branch 'kh/tutorial-grammofix'

* kh/tutorial-grammofix:
doc: omit needless "for"
doc: make the intent of sentence clearer
doc: add verb in front of command to run
doc: add articles (grammar)

Merge branch 'da/mergetool-xxdiff-hotkey'Junio C Hamano Mon, 19 Dec 2016 22:45:41 +0000 (14:45 -0800)

Merge branch 'da/mergetool-xxdiff-hotkey'

The way to specify hotkeys to "xxdiff" that is used by "git
mergetool" has been modernized to match recent versions of xxdiff.

* da/mergetool-xxdiff-hotkey:
mergetools: fix xxdiff hotkeys

Merge branch 'lr/doc-fix-cet'Junio C Hamano Mon, 19 Dec 2016 22:45:41 +0000 (14:45 -0800)

Merge branch 'lr/doc-fix-cet'

* lr/doc-fix-cet:
date-formats.txt: Typo fix

Merge branch 'sb/t3600-cleanup'Junio C Hamano Mon, 19 Dec 2016 22:45:39 +0000 (14:45 -0800)

Merge branch 'sb/t3600-cleanup'

Code cleanup.

* sb/t3600-cleanup:
t3600: slightly modernize style
t3600: remove useless redirect

Merge branch 'jc/pull-rebase-ff'Junio C Hamano Mon, 19 Dec 2016 22:45:38 +0000 (14:45 -0800)

Merge branch 'jc/pull-rebase-ff'

"git pull --rebase", when there is no new commits on our side since
we forked from the upstream, should be able to fast-forward without
invoking "git rebase", but it didn't.

* jc/pull-rebase-ff:
pull: fast-forward "pull --rebase=true"

Merge branch 'ld/p4-worktree'Junio C Hamano Mon, 19 Dec 2016 22:45:37 +0000 (14:45 -0800)

Merge branch 'ld/p4-worktree'

"git p4" didn't interact with the internal of .git directory
correctly in the modern "git-worktree"-enabled world.

* ld/p4-worktree:
git-p4: support git worktrees

Merge branch 'jk/make-tags-find-sources-tweak'Junio C Hamano Mon, 19 Dec 2016 22:45:37 +0000 (14:45 -0800)

Merge branch 'jk/make-tags-find-sources-tweak'

Update the procedure to generate "tags" for developer support.

* jk/make-tags-find-sources-tweak:
Makefile: exclude contrib from FIND_SOURCE_FILES
Makefile: match shell scripts in FIND_SOURCE_FILES
Makefile: exclude test cruft from FIND_SOURCE_FILES
Makefile: reformat FIND_SOURCE_FILES

Merge branch 'js/normalize-path-copy-ceil'Junio C Hamano Mon, 19 Dec 2016 22:45:37 +0000 (14:45 -0800)

Merge branch 'js/normalize-path-copy-ceil'

A pathname that begins with "//" or "\\" on Windows is special but
path normalization logic was unaware of it.

* js/normalize-path-copy-ceil:
normalize_path_copy(): fix pushing to //server/share/dir on Windows

Merge branch 'bb/unicode-9.0'Junio C Hamano Mon, 19 Dec 2016 22:45:36 +0000 (14:45 -0800)

Merge branch 'bb/unicode-9.0'

The character width table has been updated to match Unicode 9.0

* bb/unicode-9.0:
unicode_width.h: update the width tables to Unicode 9.0
update_unicode.sh: remove the plane filter
update_unicode.sh: automatically download newer definition files
update_unicode.sh: pin the uniset repo to a known good commit
update_unicode.sh: remove an unnecessary subshell level
update_unicode.sh: move it into contrib/update-unicode

Merge branch 'jk/readme-gmane-is-no-more'Junio C Hamano Mon, 19 Dec 2016 22:45:35 +0000 (14:45 -0800)

Merge branch 'jk/readme-gmane-is-no-more'

* jk/readme-gmane-is-no-more:
README: replace gmane link with public-inbox

Merge branch 'jc/lock-report-on-error'Junio C Hamano Mon, 19 Dec 2016 22:45:35 +0000 (14:45 -0800)

Merge branch 'jc/lock-report-on-error'

Git 2.11 had a minor regression in "merge --ff-only" that competed
with another process that simultanously attempted to update the
index. We used to explain what went wrong with an error message,
but the new code silently failed. The error message has been
resurrected.

* jc/lock-report-on-error:
lockfile: LOCK_REPORT_ON_ERROR
hold_locked_index(): align error handling with hold_lockfile_for_update()
wt-status: implement opportunisitc index update correctly

Merge branch 'jk/xdiff-drop-xdl-fast-hash'Junio C Hamano Mon, 19 Dec 2016 22:45:35 +0000 (14:45 -0800)

Merge branch 'jk/xdiff-drop-xdl-fast-hash'

Retire the "fast hash" that had disastrous performance issues in
some corner cases.

* jk/xdiff-drop-xdl-fast-hash:
xdiff: drop XDL_FAST_HASH

Merge branch 'nd/rebase-forget'Junio C Hamano Mon, 19 Dec 2016 22:45:35 +0000 (14:45 -0800)

Merge branch 'nd/rebase-forget'

"git rebase" learned "--quit" option, which allows a user to
remove the metadata left by an earlier "git rebase" that was
manually aborted without using "git rebase --abort".

* nd/rebase-forget:
rebase: add --quit to cleanup rebase, leave everything else untouched

Merge branch 'jk/trailers-placeholder-in-pretty'Junio C Hamano Mon, 19 Dec 2016 22:45:34 +0000 (14:45 -0800)

Merge branch 'jk/trailers-placeholder-in-pretty'

In addition to %(subject), %(body), "log --pretty=format:..."
learned a new placeholder %(trailers).

* jk/trailers-placeholder-in-pretty:
ref-filter: add support to display trailers as part of contents
pretty: add %(trailers) format for displaying trailers of a commit message

Merge branch 'ak/commit-only-allow-empty'Junio C Hamano Mon, 19 Dec 2016 22:45:34 +0000 (14:45 -0800)

Merge branch 'ak/commit-only-allow-empty'

"git commit --allow-empty --only" (no pathspec) with dirty index
ought to be an acceptable way to create a new commit that does not
change any paths, but it was forbidden, perhaps because nobody
needed it so far.

* ak/commit-only-allow-empty:
commit: remove 'Clever' message for --only --amend
commit: make --only --allow-empty work without paths

Merge branch 'da/difftool-dir-diff-fix'Junio C Hamano Mon, 19 Dec 2016 22:45:33 +0000 (14:45 -0800)

Merge branch 'da/difftool-dir-diff-fix'

"git difftool --dir-diff" had a minor regression when started from
a subdirectory, which has been fixed.

* da/difftool-dir-diff-fix:
difftool: fix dir-diff index creation when in a subdirectory

Merge branch 'jb/diff-no-index-no-abbrev'Junio C Hamano Mon, 19 Dec 2016 22:45:33 +0000 (14:45 -0800)

Merge branch 'jb/diff-no-index-no-abbrev'

"git diff --no-index" did not take "--no-abbrev" option.

* jb/diff-no-index-no-abbrev:
diff: handle --no-abbrev in no-index case

Merge branch 'rj/git-version-gen-do-not-force-abbrev'Junio C Hamano Mon, 19 Dec 2016 22:45:33 +0000 (14:45 -0800)

Merge branch 'rj/git-version-gen-do-not-force-abbrev'

A minor build update.

* rj/git-version-gen-do-not-force-abbrev:
GIT-VERSION-GEN: do not force abbreviation length used by 'describe'

Merge branch 'jk/stash-disable-renames-internally'Junio C Hamano Mon, 19 Dec 2016 22:45:33 +0000 (14:45 -0800)

Merge branch 'jk/stash-disable-renames-internally'

When diff.renames configuration is on (and with Git 2.9 and later,
it is enabled by default, which made it worse), "git stash"
misbehaved if a file is removed and another file with a very
similar content is added.

* jk/stash-disable-renames-internally:
stash: prefer plumbing over git-diff

Merge branch 'jk/http-walker-limit-redirect'Junio C Hamano Mon, 19 Dec 2016 22:45:32 +0000 (14:45 -0800)

Merge branch 'jk/http-walker-limit-redirect'

Update the error messages from the dumb-http client when it fails
to obtain loose objects; we used to give sensible error message
only upon 404 but we now forbid unexpected redirects that needs to
be reported with something sensible.

* jk/http-walker-limit-redirect:
http-walker: complain about non-404 loose object errors

Merge branch 'jk/http-walker-limit-redirect-2.9'Junio C Hamano Mon, 19 Dec 2016 22:45:31 +0000 (14:45 -0800)

Merge branch 'jk/http-walker-limit-redirect-2.9'

Transport with dumb http can be fooled into following foreign URLs
that the end user does not intend to, especially with the server
side redirects and http-alternates mechanism, which can lead to
security issues. Tighten the redirection and make it more obvious
to the end user when it happens.

* jk/http-walker-limit-redirect-2.9:
http: treat http-alternates like redirects
http: make redirects more obvious
remote-curl: rename shadowed options variable
http: always update the base URL for redirects
http: simplify update_url_from_redirect

Merge branch 'nd/for-each-ref-ignore-case'Junio C Hamano Mon, 19 Dec 2016 22:45:31 +0000 (14:45 -0800)

Merge branch 'nd/for-each-ref-ignore-case'

"git branch --list" and friends learned "--ignore-case" option to
optionally sort branches and tags case insensitively.

* nd/for-each-ref-ignore-case:
tag, branch, for-each-ref: add --ignore-case for sorting and filtering

Merge branch 'sb/unpack-trees-grammofix'Junio C Hamano Mon, 19 Dec 2016 22:45:31 +0000 (14:45 -0800)

Merge branch 'sb/unpack-trees-grammofix'

* sb/unpack-trees-grammofix:
unpack-trees: fix grammar for untracked files in directories

Merge branch 'ls/travis-update-p4-and-lfs'Junio C Hamano Mon, 19 Dec 2016 22:45:30 +0000 (14:45 -0800)

Merge branch 'ls/travis-update-p4-and-lfs'

The default Travis-CI configuration specifies newer P4 and GitLFS.

* ls/travis-update-p4-and-lfs:
travis-ci: update P4 to 16.2 and GitLFS to 1.5.2 in Linux build

Merge branch 'ls/t0021-fixup'Junio C Hamano Mon, 19 Dec 2016 22:45:30 +0000 (14:45 -0800)

Merge branch 'ls/t0021-fixup'

* ls/t0021-fixup:
t0021: minor filter process test cleanup

Merge branch 'ah/grammos'Junio C Hamano Mon, 19 Dec 2016 22:45:30 +0000 (14:45 -0800)

Merge branch 'ah/grammos'

A few messages have been fixed for their grammatical errors.

* ah/grammos:
clone,fetch: explain the shallow-clone option a little more clearly
receive-pack: improve English grammar of denyCurrentBranch message
bisect: improve English grammar of not-ancestors message

Merge branch 'jc/renormalize-merge-kill-safer-crlf'Junio C Hamano Mon, 19 Dec 2016 22:45:30 +0000 (14:45 -0800)

Merge branch 'jc/renormalize-merge-kill-safer-crlf'

Fix a corner case in merge-recursive regression that crept in
during 2.10 development cycle.

* jc/renormalize-merge-kill-safer-crlf:
convert: git cherry-pick -Xrenormalize did not work
merge-recursive: handle NULL in add_cacheinfo() correctly
cherry-pick: demonstrate a segmentation fault

Merge branch 'jt/use-trailer-api-in-commands'Junio C Hamano Mon, 19 Dec 2016 22:45:29 +0000 (14:45 -0800)

Merge branch 'jt/use-trailer-api-in-commands'

Commands that operate on a log message and add lines to the trailer
blocks, such as "format-patch -s", "cherry-pick (-x|-s)", and
"commit -s", have been taught to use the logic of and share the
code with "git interpret-trailer".

* jt/use-trailer-api-in-commands:
sequencer: use trailer's trailer layout
trailer: have function to describe trailer layout
trailer: avoid unnecessary splitting on lines
commit: make ignore_non_trailer take buf/len
trailer: be stricter in parsing separators

First batch for 2.12Junio C Hamano Fri, 16 Dec 2016 23:30:13 +0000 (15:30 -0800)

First batch for 2.12

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'ls/p4-retry-thrice'Junio C Hamano Fri, 16 Dec 2016 23:27:50 +0000 (15:27 -0800)

Merge branch 'ls/p4-retry-thrice'

* ls/p4-retry-thrice:
git-p4: add config to retry p4 commands; retry 3 times by default

Merge branch 'ls/p4-empty-file-on-lfs'Junio C Hamano Fri, 16 Dec 2016 23:27:49 +0000 (15:27 -0800)

Merge branch 'ls/p4-empty-file-on-lfs'

"git p4" LFS support was broken when LFS stores an empty blob.

* ls/p4-empty-file-on-lfs:
git-p4: fix empty file processing for large file system backend GitLFS

Merge branch 'ld/p4-update-shelve'Junio C Hamano Fri, 16 Dec 2016 23:27:49 +0000 (15:27 -0800)

Merge branch 'ld/p4-update-shelve'

* ld/p4-update-shelve:
git-p4: support updating an existing shelved changelist

Merge branch 'vk/p4-submit-shelve'Junio C Hamano Fri, 16 Dec 2016 23:27:49 +0000 (15:27 -0800)

Merge branch 'vk/p4-submit-shelve'

* vk/p4-submit-shelve:
git-p4: allow submit to create shelved changelists.

Merge branch 'da/mergetool-trust-exit-code'Junio C Hamano Fri, 16 Dec 2016 23:27:49 +0000 (15:27 -0800)

Merge branch 'da/mergetool-trust-exit-code'

mergetool.<tool>.trustExitCode configuration variable did not apply
to built-in tools, but now it does.

* da/mergetool-trust-exit-code:
mergetools/vimdiff: trust Vim's exit code
mergetool: honor mergetool.$tool.trustExitCode for built-in tools

Merge branch 'ak/lazy-prereq-mktemp'Junio C Hamano Fri, 16 Dec 2016 23:27:49 +0000 (15:27 -0800)

Merge branch 'ak/lazy-prereq-mktemp'

Test code clean-up.

* ak/lazy-prereq-mktemp:
t7610: clean up foo.XXXXXX tmpdir

Merge branch 'nd/worktree-list-fixup'Junio C Hamano Fri, 16 Dec 2016 23:27:48 +0000 (15:27 -0800)

Merge branch 'nd/worktree-list-fixup'

The output from "git worktree list" was made in readdir() order,
and was unstable.

* nd/worktree-list-fixup:
worktree list: keep the list sorted
worktree.c: get_worktrees() takes a new flag argument
get_worktrees() must return main worktree as first item even on error
worktree: reorder an if statement
worktree.c: zero new 'struct worktree' on allocation

Merge branch 'nd/qsort-in-merge-recursive'Junio C Hamano Fri, 16 Dec 2016 23:27:48 +0000 (15:27 -0800)

Merge branch 'nd/qsort-in-merge-recursive'

Code simplification.

* nd/qsort-in-merge-recursive:
merge-recursive.c: use string_list_sort instead of qsort

Merge branch 'bw/push-dry-run'Junio C Hamano Fri, 16 Dec 2016 23:27:48 +0000 (15:27 -0800)

Merge branch 'bw/push-dry-run'

"git push --dry-run --recurse-submodule=on-demand" wasn't
"--dry-run" in the submodules.

* bw/push-dry-run:
push: fix --dry-run to not push submodules
push: --dry-run updates submodules when --recurse-submodules=on-demand

Merge branch 'hv/submodule-not-yet-pushed-fix'Junio C Hamano Fri, 16 Dec 2016 23:27:47 +0000 (15:27 -0800)

Merge branch 'hv/submodule-not-yet-pushed-fix'

The code in "git push" to compute if any commit being pushed in the
superproject binds a commit in a submodule that hasn't been pushed
out was overly inefficient, making it unusable even for a small
project that does not have any submodule but have a reasonable
number of refs.

* hv/submodule-not-yet-pushed-fix:
submodule_needs_pushing(): explain the behaviour when we cannot answer
batch check whether submodule needs pushing into one call
serialize collection of refs that contain submodule changes
serialize collection of changed submodules

Merge branch 'dt/empty-submodule-in-merge'Junio C Hamano Fri, 16 Dec 2016 23:27:47 +0000 (15:27 -0800)

Merge branch 'dt/empty-submodule-in-merge'

An empty directory in a working tree that can simply be nuked used
to interfere while merging or cherry-picking a change to create a
submodule directory there, which has been fixed..

* dt/empty-submodule-in-merge:
submodules: allow empty working-tree dirs in merge/cherry-pick

Merge branch 'jk/rev-parse-symbolic-parents-fix'Junio C Hamano Fri, 16 Dec 2016 23:27:47 +0000 (15:27 -0800)

Merge branch 'jk/rev-parse-symbolic-parents-fix'

"git rev-parse --symbolic" failed with a more recent notation like
"HEAD^-1" and "HEAD^!".

* jk/rev-parse-symbolic-parents-fix:
rev-parse: fix parent shorthands with --symbolic

normalize_path_copy(): fix pushing to //server/share... Johannes Sixt Wed, 14 Dec 2016 19:37:38 +0000 (20:37 +0100)

normalize_path_copy(): fix pushing to //server/share/dir on Windows

normalize_path_copy() is not prepared to keep the double-slash of a
//server/share/dir kind of path, but treats it like a regular POSIX
style path and transforms it to /server/share/dir.

The bug manifests when 'git push //server/share/dir master' is run,
because tmp_objdir_add_as_alternate() uses the path in normalized
form when it registers the quarantine object database via
link_alt_odb_entries(). Needless to say that the directory cannot be
accessed using the wrongly normalized path.

Fix it by skipping all of the root part, not just a potential drive
prefix. offset_1st_component takes care of this, see the
implementation in compat/mingw.c::mingw_offset_1st_component().

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

README: replace gmane link with public-inboxJeff King Thu, 15 Dec 2016 14:17:19 +0000 (09:17 -0500)

README: replace gmane link with public-inbox

The general status and future of gmane is unclear at this
point, but certainly it does not seem to be carrying
gmane.comp.version-control.git at all anymore. Let's point
to public-inbox.org, which seems to be the favored archive
on the list these days (and which uses message-ids in its
URLs, making the links somewhat future-proof).

Reported-by: Chiel ten Brinke <ctenbrinke@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Revert "sequencer: remove useless get_dir() function"Junio C Hamano Wed, 14 Dec 2016 22:56:46 +0000 (14:56 -0800)

Revert "sequencer: remove useless get_dir() function"

This reverts commit 39784cd3620cc47415c9010ec58a9616f040125c.

The function had only one caller when the "remove useless" was
written, but another topic will soon make heavy use of it and more
importantly the function will return different paths depending on
the value in opts.

Makefile: exclude contrib from FIND_SOURCE_FILESJeff King Wed, 14 Dec 2016 14:32:35 +0000 (09:32 -0500)

Makefile: exclude contrib from FIND_SOURCE_FILES

When you're working on the git project, you're unlikely to
care about random bits in contrib/ (e.g., you would not want
to jump to the copy of xmalloc in the wincred credential
helper). Nobody has really complained because there are
relatively few C files in contrib.

Now that we're matching shell scripts, too, we get quite a
few more hits, especially in the obsolete contrib/examples
directory. Looking for usage() should turn up the one in
git-sh-setup, not in some long-dead version of git-clone.

Let's just exclude all of contrib. Any specific projects
there which are big enough to want tags can generate them
separately.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Makefile: match shell scripts in FIND_SOURCE_FILESJeff King Wed, 14 Dec 2016 14:29:44 +0000 (09:29 -0500)

Makefile: match shell scripts in FIND_SOURCE_FILES

We feed FIND_SOURCE_FILES to ctags to help developers
navigate to particular functions, but we only feed C source
code. The same feature can be helpful when working with
shell scripts (especially the test suite). Modern versions
of ctags know how to parse shell scripts; we just need to
feed the filenames to it.

This patch specifically avoids including the individual test
scripts themselves. Those are unlikely to be of interest,
and there are a lot of them to process. It does pick up
test-lib.sh and test-lib-functions.sh.

Note that our negative pathspec already excludes the
individual scripts for the ls-files case, but we need to
loosen the `find` rule to match it.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Makefile: exclude test cruft from FIND_SOURCE_FILESJeff King Wed, 14 Dec 2016 14:28:04 +0000 (09:28 -0500)

Makefile: exclude test cruft from FIND_SOURCE_FILES

The test directory may contain three types of files that
match our patterns:

1. Helper programs in t/helper.

2. Sample data files (e.g., t/t4051/hello.c).

3. Untracked cruft in trash directories and t/perf/build.

We want to match (1), but not the other two, as they just
clutter up the list.

For the ls-files method, we can drop (2) with a negative
pathspec. We do not have to care about (3), since ls-files
will not list untracked files.

For `find`, we can match both cases with `-prune` patterns.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Makefile: reformat FIND_SOURCE_FILESJeff King Wed, 14 Dec 2016 14:26:55 +0000 (09:26 -0500)

Makefile: reformat FIND_SOURCE_FILES

As we add to this in future commits, the formatting is going
to make it harder and harder to read. Let's write it more as
we would in a shell script, putting each logical block on
its own line.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

unicode_width.h: update the width tables to Unicode 9.0Beat Bolli Tue, 13 Dec 2016 23:31:44 +0000 (00:31 +0100)

unicode_width.h: update the width tables to Unicode 9.0

Rerunning update-unicode.sh that we fixed in the previous commits
produces these new tables.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: remove the plane filterBeat Bolli Tue, 13 Dec 2016 23:31:43 +0000 (00:31 +0100)

update_unicode.sh: remove the plane filter

The uniset upstream has accepted my patches that eliminate the Unicode
plane offsets from the output in '--32' mode.

Remove the corresponding filter in update_unicode.sh.

This also fixes the issue that the plane offsets were not removed from
the second uniset call.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: automatically download newer definit... Beat Bolli Tue, 13 Dec 2016 23:31:42 +0000 (00:31 +0100)

update_unicode.sh: automatically download newer definition files

Checking just for the unicode data files' existence is not sufficient;
we should also download them if a newer version exists on the Unicode
consortium's servers. Option -N of wget does this nicely for us.

Reviewed-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: pin the uniset repo to a known good... Beat Bolli Tue, 13 Dec 2016 23:31:41 +0000 (00:31 +0100)

update_unicode.sh: pin the uniset repo to a known good commit

The uniset upstream has added more commits that for example change the
hexadecimal output in '--32' mode to decimal. Let's pin the repo to a
commit that still outputs the width tables in the format we want.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: remove an unnecessary subshell levelBeat Bolli Tue, 13 Dec 2016 23:31:40 +0000 (00:31 +0100)

update_unicode.sh: remove an unnecessary subshell level

After the move into contrib/update-unicode, we no longer create the
unicode directory to have a clean working folder. Instead, the directory
of the script is used. This means that the subshell can be removed.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: move it into contrib/update-unicodeBeat Bolli Tue, 13 Dec 2016 23:31:39 +0000 (00:31 +0100)

update_unicode.sh: move it into contrib/update-unicode

As it's used only by a tiny minority of the Git developer population,
this script does not belong into the main Git source directory.

Move it into contrib/ and adjust the paths to account for the new
location.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

git-p4: support git worktreesLuke Diamand Tue, 13 Dec 2016 21:51:28 +0000 (21:51 +0000)

git-p4: support git worktrees

git-p4 would attempt to find the git directory using
its own specific code, which did not know about git
worktrees.

Rework it to use "git rev-parse --git-dir" instead.

Add test cases for worktree usage and specifying
git directory via --git-dir and $GIT_DIR.

Signed-off-by: Luke Diamand <luke@diamand.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Early fixes for 2.11.x seriesJunio C Hamano Tue, 13 Dec 2016 22:13:17 +0000 (14:13 -0800)

Early fixes for 2.11.x series

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'ew/svn-fixes'Junio C Hamano Tue, 13 Dec 2016 22:09:27 +0000 (14:09 -0800)

Merge branch 'ew/svn-fixes'

* ew/svn-fixes:
git-svn: document useLogAuthor and addAuthorFrom config keys
git-svn: allow "0" in SVN path components

Merge branch 'js/mingw-isatty'Junio C Hamano Tue, 13 Dec 2016 22:09:27 +0000 (14:09 -0800)

Merge branch 'js/mingw-isatty'

We often decide if a session is interactive by checking if the
standard I/O streams are connected to a TTY, but isatty() emulation
on Windows incorrectly returned true if it is used on NUL (i.e. an
equivalent to /dev/null). This has been fixed.

* js/mingw-isatty:
mingw: intercept isatty() to handle /dev/null as Git expects it

t3600: slightly modernize styleStefan Beller Mon, 12 Dec 2016 23:54:55 +0000 (15:54 -0800)

t3600: slightly modernize style

Remove the space between redirection and file name.
Also remove unnecessary invocations of subshells, such as

(cd submod &&
echo X >untracked
) &&

as there is no point of having the shell for functional purposes.
In case of a single Git command use the `-C` option to let Git cd into
the directory.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

date-formats.txt: Typo fixLuis Ressel Mon, 12 Dec 2016 16:45:02 +0000 (17:45 +0100)

date-formats.txt: Typo fix

Last time I checked, I was living in the UTC+01:00 time zone. UTC+02:00
would be Central European _Summer_ Time.

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

git-svn: document useLogAuthor and addAuthorFrom config... Eric Wong Sun, 11 Dec 2016 00:06:46 +0000 (00:06 +0000)

git-svn: document useLogAuthor and addAuthorFrom config keys

We've always supported these config keys in git-svn,
so document them so users won't have to respecify them
on every invocation.

Reported-by: Juergen Kosel <juergen.kosel@gmx.de>
Signed-off-by: Eric Wong <e@80x24.org>

git-svn: allow "0" in SVN path componentsEric Wong Wed, 30 Nov 2016 00:45:41 +0000 (00:45 +0000)

git-svn: allow "0" in SVN path components

Blindly checking a path component for falsiness is unwise, as
"0" is false to Perl, but a valid pathname component for SVN
(or any filesystem).

Found via random code reading.

Signed-off-by: Eric Wong <e@80x24.org>

submodule--helper: set alternateLocation for cloned... Vitaly "_Vi" Shukela Thu, 8 Dec 2016 01:38:14 +0000 (04:38 +0300)

submodule--helper: set alternateLocation for cloned submodules

In 31224cbdc7 (clone: recursive and reference option triggers
submodule alternates, 2016-08-17) a mechanism was added to
have submodules referenced. It did not address _nested_
submodules, however.

This patch makes all not just the root repository, but also
all submodules (recursively) have submodule.alternateLocation
and submodule.alternateErrorStrategy configured, making Git
search for possible alternates for nested submodules as well.

As submodule's alternate target does not end in .git/objects
(rather .git/modules/qqqqqq/objects), this alternate target
path restriction for in add_possible_reference_from_superproject
relates from "*.git/objects" to just */objects".

New tests have been added to t7408-submodule-reference.

Signed-off-by: Vitaly _Vi Shukela <vi0oss@gmail.com>
Reviewed-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mergetools: fix xxdiff hotkeysDavid Aguilar Sat, 10 Dec 2016 02:14:21 +0000 (18:14 -0800)

mergetools: fix xxdiff hotkeys

xxdiff was using a mix of "Ctrl-<key>" and "Ctrl+<key>" hotkeys.
The dashed "-" form is not accepted by newer xxdiff versions.
Use the plus "+" form only.

Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mingw: intercept isatty() to handle /dev/null as Git... Johannes Schindelin Sun, 11 Dec 2016 11:16:57 +0000 (12:16 +0100)

mingw: intercept isatty() to handle /dev/null as Git expects it

When Git's source code calls isatty(), it really asks whether the
respective file descriptor is connected to an interactive terminal.

Windows' _isatty() function, however, determines whether the file
descriptor is associated with a character device. And NUL, Windows'
equivalent of /dev/null, is a character device.

Which means that for years, Git mistakenly detected an associated
interactive terminal when being run through the test suite, which
almost always redirects stdin, stdout and stderr to /dev/null.

This bug only became obvious, and painfully so, when the new
bisect--helper entered the `pu` branch and made the automatic build & test
time out because t6030 was waiting for an answer.

For details, see

https://msdn.microsoft.com/en-us/library/f4s0ddew.aspx

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

ref-filter: add support to display trailers as part... Jacob Keller Sat, 19 Nov 2016 00:58:15 +0000 (16:58 -0800)

ref-filter: add support to display trailers as part of contents

Add %(trailers) and %(contents:trailers) to display the trailers as
interpreted by trailer_info_get. Update documentation and add a test for
the new feature.

Signed-off-by: Jacob Keller <jacob.keller@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

pretty: add %(trailers) format for displaying trailers... Jacob Keller Sat, 19 Nov 2016 00:58:14 +0000 (16:58 -0800)

pretty: add %(trailers) format for displaying trailers of a commit message

Recent patches have expanded on the trailers.c code and we have the
builtin commant git-interpret-trailers which can be used to add or
modify trailer lines. However, there is no easy way to simply display
the trailers of a commit message.

Add support for %(trailers) format modifier which will use the
trailer_info_get() calls to read trailers in an identical way as git
interpret-trailers does. Use a long format option instead of a short
name so that future work can more easily unify ref-filter and pretty
formats.

Add documentation and tests for the same.

Signed-off-by: Jacob Keller <jacob.keller@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

rebase: add --quit to cleanup rebase, leave everything... Nguyễn Thái Ngọc Duy Sat, 12 Nov 2016 02:00:41 +0000 (09:00 +0700)

rebase: add --quit to cleanup rebase, leave everything else untouched

There are occasions when you decide to abort an in-progress rebase and
move on to do something else but you forget to do "git rebase --abort"
first. Or the rebase has been in progress for so long you forgot about
it. By the time you realize that (e.g. by starting another rebase)
it's already too late to retrace your steps. The solution is normally

rm -r .git/<some rebase dir>

and continue with your life. But there could be two different
directories for <some rebase dir> (and it obviously requires some
knowledge of how rebase works), and the ".git" part could be much
longer if you are not at top-dir, or in a linked worktree. And
"rm -r" is very dangerous to do in .git, a mistake in there could
destroy object database or other important data.

Provide "git rebase --quit" for this use case, mimicking a precedent
that is "git cherry-pick --quit".

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

doc: omit needless "for"Kristoffer Haugsbakk Fri, 9 Dec 2016 15:51:12 +0000 (16:51 +0100)

doc: omit needless "for"

What was intended was perhaps "... plumbing does for you" ("you" added), but
simply omitting the word "for" is more terse and gets the intended point across
just as well, if not more so.

I originally went with the approach of writing "for you", but Junio C
Hamano suggested this approach instead.

Signed-off-by: Kristoffer Haugsbakk <kristoffer.haugsbakk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

doc: make the intent of sentence clearerKristoffer Haugsbakk Fri, 9 Dec 2016 15:51:11 +0000 (16:51 +0100)

doc: make the intent of sentence clearer

By adding the word "just", which might have been accidentally omitted.

Adding the word "just" makes it clear that the point is to *not* do an
octopus merge simply because you *can* do it. In other words, you
should have a reason for doing it beyond simply having two (seemingly)
independent commits that you need to merge into another branch, since
it's not always the best approach.

The previous sentence made it look more like it was trying to say that
you shouldn't do an octopus merge *because* you can do an octopus merge.
Although this interpretation doesn't make sense and the rest of the
paragraph makes the intended meaning clear, this adjustment should make
the intent of the sentence more immediately clear to the reader.

Signed-off-by: Kristoffer Haugsbakk <kristoffer.haugsbakk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

doc: add verb in front of command to runKristoffer Haugsbakk Fri, 9 Dec 2016 15:51:10 +0000 (16:51 +0100)

doc: add verb in front of command to run

Instead of using the command 'git clone' as a verb, use "run" as the
verb indicating the action of executing the command 'git clone'.

Signed-off-by: Kristoffer Haugsbakk <kristoffer.haugsbakk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

doc: add articles (grammar)Kristoffer Haugsbakk Fri, 9 Dec 2016 15:51:09 +0000 (16:51 +0100)

doc: add articles (grammar)

Add definite and indefinite articles in three places where they were
missing.

- Use "the" in front of a directory name
- Use "the" in front of "style of cooperation"
- Use an indefinite article in front of "CVS background"

Signed-off-by: Kristoffer Haugsbakk <kristoffer.haugsbakk@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

sequencer: remove useless get_dir() functionStephan Beyer Wed, 7 Dec 2016 21:51:33 +0000 (22:51 +0100)

sequencer: remove useless get_dir() function

This function is used only once, for the removal of the
directory. It is not used for the creation of the directory nor
anywhere else.

Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

sequencer: make sequencer abort saferStephan Beyer Wed, 7 Dec 2016 21:51:32 +0000 (22:51 +0100)

sequencer: make sequencer abort safer

In contrast to "git am --abort", a sequencer abort did not check
whether the current HEAD is the one that is expected. This can lead
to loss of work (when not spotted and resolved using reflog before
the garbage collector chimes in).

This behavior is now changed by mimicking "git am --abort". The
abortion is done but HEAD is not changed when the current HEAD is
not the expected HEAD.

A new file "sequencer/abort-safety" is added to save the expected
HEAD.

The new behavior is only active when --abort is invoked on multiple
picks. The problem does not occur for the single-pick case because
it is handled differently.

Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t3510: test that cherry-pick --abort does not unsafely... Stephan Beyer Wed, 7 Dec 2016 21:51:31 +0000 (22:51 +0100)

t3510: test that cherry-pick --abort does not unsafely change HEAD

Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

commit: remove 'Clever' message for --only --amendAndreas Krey Fri, 9 Dec 2016 04:10:21 +0000 (05:10 +0100)

commit: remove 'Clever' message for --only --amend

The behavior is now documented; more importantly, rewarding the user
with a "Wow, you are clever" praise afterwards is not an effective
way to advertise the feature--at that point the user already knows.

Signed-off-by: Andreas Krey <a.krey@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff: handle --no-abbrev in no-index caseJack Bates Tue, 6 Dec 2016 16:56:14 +0000 (09:56 -0700)

diff: handle --no-abbrev in no-index case

There are two different places where the --no-abbrev option is parsed,
and two different places where SHA-1s are abbreviated. We normally parse
--no-abbrev with setup_revisions(), but in the no-index case, "git diff"
calls diff_opt_parse() directly, and diff_opt_parse() didn't handle
--no-abbrev until now. (It did handle --abbrev, however.) We normally
abbreviate SHA-1s with find_unique_abbrev(), but commit 4f03666 ("diff:
handle sha1 abbreviations outside of repository, 2016-10-20) recently
introduced a special case when you run "git diff" outside of a
repository.

setup_revisions() does also call diff_opt_parse(), but not for --abbrev
or --no-abbrev, which it handles itself. setup_revisions() sets
rev_info->abbrev, and later copies that to diff_options->abbrev. It
handles --no-abbrev by setting abbrev to zero. (This change doesn't
touch that.)

Setting abbrev to zero was broken in the outside-of-a-repository special
case, which until now resulted in a truly zero-length SHA-1, rather than
taking zero to mean do not abbreviate. The only way to trigger this bug,
however, was by running "git diff --raw" without either the --abbrev or
--no-abbrev options, because 1) without --raw it doesn't respect abbrev
(which is bizarre, but has been that way forever), 2) we silently clamp
--abbrev=0 to MINIMUM_ABBREV, and 3) --no-abbrev wasn't handled until
now.

The outside-of-a-repository case is one of three no-index cases. The
other two are when one of the files you're comparing is outside of the
repository you're in, and the --no-index option.

Signed-off-by: Jack Bates <jack@nottheoilrig.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

difftool: fix dir-diff index creation when in a subdire... David Aguilar Wed, 7 Dec 2016 10:16:08 +0000 (02:16 -0800)

difftool: fix dir-diff index creation when in a subdirectory

9ec26e7977 (difftool: fix argument handling in subdirs, 2016-07-18)
corrected how path arguments are handled in a subdirectory, but
it introduced a regression in how entries outside of the
subdirectory are handled by dir-diff.

When preparing the right-side of the diff we only include the
changed paths in the temporary area.

The left side of the diff is constructed from a temporary
index that is built from the same set of changed files, but it
was being constructed from within the subdirectory. This is a
problem because the indexed paths are toplevel-relative, and
thus they were not getting added to the index.

Teach difftool to chdir to the toplevel of the repository before
preparing its temporary indexes. This ensures that all of the
toplevel-relative paths are valid.

Add test cases to more thoroughly exercise this scenario.

Reported-by: Frank Becker <fb@mooflu.com>
Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

am: change safe_to_abort()'s not rewinding error into... Stephan Beyer Wed, 7 Dec 2016 21:51:30 +0000 (22:51 +0100)

am: change safe_to_abort()'s not rewinding error into a warning

The error message tells the user that something went terribly wrong
and the --abort could not be performed. But the --abort is performed,
only without rewinding. By simply changing the error into a warning,
we indicate the user that she must not try something like
"git am --abort --force", instead she just has to check the HEAD.

Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

am: fix filename in safe_to_abort() error messageStephan Beyer Wed, 7 Dec 2016 21:51:29 +0000 (22:51 +0100)

am: fix filename in safe_to_abort() error message

Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shallow.c: remove useless codeNguyễn Thái Ngọc Duy Tue, 6 Dec 2016 12:53:39 +0000 (19:53 +0700)

shallow.c: remove useless code

Some context before we talk about the removed code.

This paint_down() is part of step 6 of 58babff (shallow.c: the 8 steps
to select new commits for .git/shallow - 2013-12-05). When we fetch from
a shallow repository, we need to know if one of the new/updated refs
needs new "shallow commits" in .git/shallow (because we don't have
enough history of those refs) and which one.

The question at step 6 is, what (new) shallow commits are required in
other to maintain reachability throughout the repository _without_
cutting our history short? To answer, we mark all commits reachable from
existing refs with UNINTERESTING ("rev-list --not --all"), mark shallow
commits with BOTTOM, then for each new/updated refs, walk through the
commit graph until we either hit UNINTERESTING or BOTTOM, marking the
ref on the commit as we walk.

After all the walking is done, we check the new shallow commits. If we
have not seen any new ref marked on a new shallow commit, we know all
new/updated refs are reachable using just our history and .git/shallow.
The shallow commit in question is not needed and can be thrown away.

So, the code.

The loop here (to walk through commits) is basically

1. get one commit from the queue
2. ignore if it's SEEN or UNINTERESTING
3. mark it
4. go through all the parents and..
5a. mark it if it's never marked before
5b. put it back in the queue

What we do in this patch is drop step 5a because it is not
necessary. The commit being marked at 5a is put back on the queue, and
will be marked at step 3 at the next iteration. The only case it will
not be marked is when the commit is already marked UNINTERESTING (5a
does not check this), which will be ignored at step 2.

But we don't care about refs marking on UNINTERESTING. We care about the
marking on _shallow commits_ that are not reachable from our current
history (and having UNINTERESTING on it means it's reachable). So it's
ok for an UNINTERESTING not to be ref-marked.

Reported-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shallow.c: bit manipulation tweaksRasmus Villemoes Tue, 6 Dec 2016 12:53:38 +0000 (19:53 +0700)

shallow.c: bit manipulation tweaks

First of all, 1 << 31 is technically undefined behaviour, so let's just
use an unsigned literal.

If i is 'signed int' and gcc doesn't know that i is positive, gcc
generates code to compute the C99-mandated values of "i / 32" and "i %
32", which is a lot more complicated than simple a simple shifts/mask.

The only caller of paint_down actually passes an "unsigned int" value,
but the prototype of paint_down causes (completely well-defined)
conversion to signed int, and gcc has no way of knowing that the
converted value is non-negative. Just make the id parameter unsigned.

In update_refstatus, the change in generated code is much smaller,
presumably because gcc is smart enough to see that i starts as 0 and is
only incremented, so it is allowed (per the UD of signed overflow) to
assume that i is always non-negative. But let's just help less smart
compilers generate good code anyway.

Signed-off-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shallow.c: avoid theoretical pointer wrap-aroundRasmus Villemoes Tue, 6 Dec 2016 12:53:37 +0000 (19:53 +0700)

shallow.c: avoid theoretical pointer wrap-around

The expression info->free+size is technically undefined behaviour in
exactly the case we want to test for. Moreover, the compiler is likely
to translate the expression to

(unsigned long)info->free + size > (unsigned long)info->end

where there's at least a theoretical chance that the LHS could wrap
around 0, giving a false negative.

This might as well be written using pointer subtraction avoiding these
issues.

Signed-off-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shallow.c: make paint_alloc slightly more robustNguyễn Thái Ngọc Duy Tue, 6 Dec 2016 12:53:36 +0000 (19:53 +0700)

shallow.c: make paint_alloc slightly more robust

paint_alloc() allocates a big block of memory and splits it into
smaller, fixed size, chunks of memory whenever it's called. Each chunk
contains enough bits to present all "new refs" [1] in a fetch from a
shallow repository.

We do not check if the new "big block" is smaller than the requested
memory chunk though. If it happens, we'll happily pass back a memory
region smaller than expected. Which will lead to problems eventually.

A normal fetch may add/update a dozen new refs. Let's stay on the
"reasonably extreme" side and say we need 16k refs (or bits from
paint_alloc's perspective). Each chunk of memory would be 2k, much
smaller than the memory pool (512k).

So, normally, the under-allocation situation should never happen. A bad
guy, however, could make a fetch that adds more than 4m new/updated refs
to this code which results in a memory chunk larger than pool size.
Check this case and abort.

Noticed-by: Rasmus Villemoes <rv@rasmusvillemoes.dk>
Reviewed-by: Jeff King <peff@peff.net>
[1] Details are in commit message of 58babff (shallow.c: the 8 steps to
select new commits for .git/shallow - 2013-12-05), step 6.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shallow.c: stop abusing COMMIT_SLAB_SIZE for paint_info... Nguyễn Thái Ngọc Duy Tue, 6 Dec 2016 12:53:35 +0000 (19:53 +0700)

shallow.c: stop abusing COMMIT_SLAB_SIZE for paint_info's memory pools

We need to allocate a "big" block of memory in paint_alloc(). The exact
size does not really matter. But the pool size has no relation with
commit-slab. Stop using that macro here.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shallow.c: rename fields in paint_info to better expres... Nguyễn Thái Ngọc Duy Tue, 6 Dec 2016 12:53:34 +0000 (19:53 +0700)

shallow.c: rename fields in paint_info to better express their purposes

paint_alloc() is basically malloc(), tuned for allocating a fixed number
of bits on every call without worrying about freeing any individual
allocation since all will be freed at the end. It does it by allocating
a big block of memory every time it runs out of "free memory". "slab" is
a poor choice of name, at least poorer than "pool".

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

lockfile: LOCK_REPORT_ON_ERRORJunio C Hamano Wed, 7 Dec 2016 18:56:26 +0000 (10:56 -0800)

lockfile: LOCK_REPORT_ON_ERROR

The "libify sequencer" topic stopped passing the die_on_error option
to hold_locked_index(), and this lost an error message from "git
merge --ff-only $commit" when there are competing updates in
progress.

The command still exits with a non-zero status, but that is not of
much help for an interactive user. The last thing the command says
is "Updating $from..$to". We used to follow it with a big error
message that makes it clear that "merge --ff-only" did not succeed.

What is sad is that we should have noticed this regression while
reviewing the change. It was clear that the update to the
checkout_fast_forward() function made a failing hold_locked_index()
silent, but the only caller of the checkout_fast_forward() function
had this comment:

if (checkout_fast_forward(from, to, 1))
- exit(128); /* the callee should have complained already */
+ return -1; /* the callee should have complained already */

which clearly contradicted the assumption X-<.

Add a new option LOCK_REPORT_ON_ERROR that can be passed instead of
LOCK_DIE_ON_ERROR to the hold_lock*() family of functions and teach
checkout_fast_forward() to use it to fix this regression.

After going thourgh all calls to hold_lock*() family of functions
that used to pass LOCK_DIE_ON_ERROR but were modified to pass 0 in
the "libify sequencer" topic "git show --first-parent 2a4062a4a8",
it appears that this is the only one that has become silent. Many
others used to give detailed report that talked about "there may be
competing Git process running" but with the series merged they now
only give a single liner "Unable to lock ...", some of which may
have to be tweaked further, but at least they say something, unlike
the one this patch fixes.

Reported-by: Robbie Iannucci <iannucci@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

hold_locked_index(): align error handling with hold_loc... Junio C Hamano Wed, 7 Dec 2016 18:33:54 +0000 (10:33 -0800)

hold_locked_index(): align error handling with hold_lockfile_for_update()

Callers of the hold_locked_index() function pass 0 when they want to
prepare to write a new version of the index file without wishing to
die or emit an error message when the request fails (e.g. somebody
else already held the lock), and pass 1 when they want the call to
die upon failure.

This option is called LOCK_DIE_ON_ERROR by the underlying lockfile
API, and the hold_locked_index() function translates the paramter to
LOCK_DIE_ON_ERROR when calling the hold_lock_file_for_update().

Replace these hardcoded '1' with LOCK_DIE_ON_ERROR and stop
translating. Callers other than the ones that are replaced with
this change pass '0' to the function; no behaviour change is
intended with this patch.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

Among the callers of hold_locked_index() that passes 0:

- diff.c::refresh_index_quietly() at the end of "git diff" is an
opportunistic update; it leaks the lockfile structure but it is
just before the program exits and nobody should care.

- builtin/describe.c::cmd_describe(),
builtin/commit.c::cmd_status(),
sequencer.c::read_and_refresh_cache() are all opportunistic
updates and they are OK.

- builtin/update-index.c::cmd_update_index() takes a lock upfront
but we may end up not needing to update the index (i.e. the
entries may be fully up-to-date), in which case we do not need to
issue an error upon failure to acquire the lock. We do diagnose
and die if we indeed need to update, so it is OK.

- wt-status.c::require_clean_work_tree() IS BUGGY. It asks
silence, does not check the returned value. Compare with
callsites like cmd_describe() and cmd_status() to notice that it
is wrong to call update_index_if_able() unconditionally.

wt-status: implement opportunisitc index update correctlyJunio C Hamano Wed, 7 Dec 2016 19:11:26 +0000 (11:11 -0800)

wt-status: implement opportunisitc index update correctly

The require_clean_work_tree() function calls hold_locked_index()
with die_on_error=0 to signal that it is OK if it fails to obtain
the lock, but unconditionally calls update_index_if_able(), which
will try to write into fd=-1.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

stash: prefer plumbing over git-diffJeff King Tue, 6 Dec 2016 20:25:21 +0000 (15:25 -0500)

stash: prefer plumbing over git-diff

When creating a stash, we need to look at the diff between
the working tree and HEAD, and do so using the git-diff
porcelain. Because git-diff enables porcelain config like
renames by default, this causes at least one problem. The
--name-only format will not mention the source side of a
rename, meaning we will fail to stash a deletion that is
part of a rename.

We could fix that case by passing --no-renames, but this is
a symptom of a larger problem. We should be using the
diff-index plumbing here, which does not have renames
enabled by default, and also does not respect any
potentially confusing config options.

Reported-by: Matthew Patey <matthew.patey2167@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

xdiff: drop XDL_FAST_HASHJeff King Thu, 1 Dec 2016 04:52:43 +0000 (23:52 -0500)

xdiff: drop XDL_FAST_HASH

The xdiff code hashes every line of both sides of a diff,
and then compares those hashes to find duplicates. The
overall performance depends both on how fast we can compute
the hashes, but also on how many hash collisions we see.

The idea of XDL_FAST_HASH is to speed up the hash
computation. But the generated hashes have worse collision
behavior. This means that in some cases it speeds diffs up
(running "git log -p" on git.git improves by ~8% with it),
but in others it can slow things down. One pathological case
saw over a 100x slowdown[1].

There may be a better hash function that covers both
properties, but in the meantime we are better off with the
original hash. It's slightly slower in the common case, but
it has fewer surprising pathological cases.

[1] http://public-inbox.org/git/20141222041944.GA441@peff.net/

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

http-walker: complain about non-404 loose object errorsJeff King Tue, 6 Dec 2016 18:25:39 +0000 (13:25 -0500)

http-walker: complain about non-404 loose object errors

Since commit 17966c0a6 (http: avoid disconnecting on 404s
for loose objects, 2016-07-11), we turn off curl's
FAILONERROR option and instead manually deal with failing
HTTP codes.

However, the logic to do so only recognizes HTTP 404 as a
failure. This is probably the most common result, but if we
were to get another code, the curl result remains CURLE_OK,
and we treat it as success. We still end up detecting the
failure when we try to zlib-inflate the object (which will
fail), but instead of reporting the HTTP error, we just
claim that the object is corrupt.

Instead, let's catch anything in the 300's or above as an
error (300's are redirects which are not an error at the
HTTP level, but are an indication that we've explicitly
disabled redirects, so we should treat them as such; we
certainly don't have the resulting object content).

Note that we also fill in req->errorstr, which we didn't do
before. Without FAILONERROR, curl will not have filled this
in, and it will remain a blank string. This never mattered
for the 404 case, because in the logic below we hit the
"missing_target()" branch and print nothing. But for other
errors, we'd want to say _something_, if only to fill in the
blank slot in the error message.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'ew/http-walker' into jk/http-walker-limit... Junio C Hamano Tue, 6 Dec 2016 20:40:41 +0000 (12:40 -0800)

Merge branch 'ew/http-walker' into jk/http-walker-limit-redirect

* ew/http-walker:
list: avoid incompatibility with *BSD sys/queue.h
http-walker: reduce O(n) ops with doubly-linked list
http: avoid disconnecting on 404s for loose objects
http-walker: remove unused parameter from fetch_object

http: treat http-alternates like redirectsJeff King Tue, 6 Dec 2016 18:24:45 +0000 (13:24 -0500)

http: treat http-alternates like redirects

The previous commit made HTTP redirects more obvious and
tightened up the default behavior. However, there's another
way for a server to ask a git client to fetch arbitrary
content: by having an http-alternates file (or a regular
alternates file, which is used as a backup).

Similar to the HTTP redirect case, a malicious server can
claim to have refs pointing at object X, return a 404 when
the client asks for X, but point to some other URL via
http-alternates, which the client will transparently fetch.
The end result is that it looks from the user's perspective
like the objects came from the malicious server, as the
other URL is not mentioned at all.

Worse, because we feed the new URL to curl ourselves, the
usual protocol restrictions do not kick in (neither curl's
default of disallowing file://, nor the protocol
whitelisting in f4113cac0 (http: limit redirection to
protocol-whitelist, 2015-09-22).

Let's apply the same rules here as we do for HTTP redirects.
Namely:

- unless http.followRedirects is set to "always", we will
not follow remote redirects from http-alternates (or
alternates) at all

- set CURLOPT_PROTOCOLS alongside CURLOPT_REDIR_PROTOCOLS
restrict ourselves to a known-safe set and respect any
user-provided whitelist.

- mention alternate object stores on stderr so that the
user is aware another source of objects may be involved

The first item may prove to be too restrictive. The most
common use of alternates is to point to another path on the
same server. While it's possible for a single-server
redirect to be an attack, it takes a fairly obscure setup
(victim and evil repository on the same host, host speaks
dumb http, and evil repository has access to edit its own
http-alternates file).

So we could make the checks more specific, and only cover
cross-server redirects. But that means parsing the URLs
ourselves, rather than letting curl handle them. This patch
goes for the simpler approach. Given that they are only used
with dumb http, http-alternates are probably pretty rare.
And there's an escape hatch: the user can allow redirects on
a specific server by setting http.<url>.followRedirects to
"always".

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

http: make redirects more obviousJeff King Tue, 6 Dec 2016 18:24:41 +0000 (13:24 -0500)

http: make redirects more obvious

We instruct curl to always follow HTTP redirects. This is
convenient, but it creates opportunities for malicious
servers to create confusing situations. For instance,
imagine Alice is a git user with access to a private
repository on Bob's server. Mallory runs her own server and
wants to access objects from Bob's repository.

Mallory may try a few tricks that involve asking Alice to
clone from her, build on top, and then push the result:

1. Mallory may simply redirect all fetch requests to Bob's
server. Git will transparently follow those redirects
and fetch Bob's history, which Alice may believe she
got from Mallory. The subsequent push seems like it is
just feeding Mallory back her own objects, but is
actually leaking Bob's objects. There is nothing in
git's output to indicate that Bob's repository was
involved at all.

The downside (for Mallory) of this attack is that Alice
will have received Bob's entire repository, and is
likely to notice that when building on top of it.

2. If Mallory happens to know the sha1 of some object X in
Bob's repository, she can instead build her own history
that references that object. She then runs a dumb http
server, and Alice's client will fetch each object
individually. When it asks for X, Mallory redirects her
to Bob's server. The end result is that Alice obtains
objects from Bob, but they may be buried deep in
history. Alice is less likely to notice.

Both of these attacks are fairly hard to pull off. There's a
social component in getting Mallory to convince Alice to
work with her. Alice may be prompted for credentials in
accessing Bob's repository (but not always, if she is using
a credential helper that caches). Attack (1) requires a
certain amount of obliviousness on Alice's part while making
a new commit. Attack (2) requires that Mallory knows a sha1
in Bob's repository, that Bob's server supports dumb http,
and that the object in question is loose on Bob's server.

But we can probably make things a bit more obvious without
any loss of functionality. This patch does two things to
that end.

First, when we encounter a whole-repo redirect during the
initial ref discovery, we now inform the user on stderr,
making attack (1) much more obvious.

Second, the decision to follow redirects is now
configurable. The truly paranoid can set the new
http.followRedirects to false to avoid any redirection
entirely. But for a more practical default, we will disallow
redirects only after the initial ref discovery. This is
enough to thwart attacks similar to (2), while still
allowing the common use of redirects at the repository
level. Since c93c92f30 (http: update base URLs when we see
redirects, 2013-09-28) we re-root all further requests from
the redirect destination, which should generally mean that
no further redirection is necessary.

As an escape hatch, in case there really is a server that
needs to redirect individual requests, the user can set
http.followRedirects to "true" (and this can be done on a
per-server basis via http.*.followRedirects config).

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

remote-curl: rename shadowed options variableJeff King Tue, 6 Dec 2016 18:24:38 +0000 (13:24 -0500)

remote-curl: rename shadowed options variable

The discover_refs() function has a local "options" variable
to hold the http_get_options we pass to http_get_strbuf().
But this shadows the global "struct options" that holds our
program-level options, which cannot be accessed from this
function.

Let's give the local one a more descriptive name so we can
tell the two apart.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>