gitweb.git
Merge branch 'jb/diff-no-index-no-abbrev' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:30 +0000 (14:49 -0800)

Merge branch 'jb/diff-no-index-no-abbrev' into maint

"git diff --no-index" did not take "--no-abbrev" option.

* jb/diff-no-index-no-abbrev:
diff: handle --no-abbrev in no-index case

Merge branch 'jk/stash-disable-renames-internally'... Junio C Hamano Tue, 17 Jan 2017 22:49:30 +0000 (14:49 -0800)

Merge branch 'jk/stash-disable-renames-internally' into maint

When diff.renames configuration is on (and with Git 2.9 and later,
it is enabled by default, which made it worse), "git stash"
misbehaved if a file is removed and another file with a very
similar content is added.

* jk/stash-disable-renames-internally:
stash: prefer plumbing over git-diff

Merge branch 'jk/http-walker-limit-redirect' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:29 +0000 (14:49 -0800)

Merge branch 'jk/http-walker-limit-redirect' into maint

Update the error messages from the dumb-http client when it fails
to obtain loose objects; we used to give sensible error message
only upon 404 but we now forbid unexpected redirects that needs to
be reported with something sensible.

* jk/http-walker-limit-redirect:
http-walker: complain about non-404 loose object errors
http: treat http-alternates like redirects
http: make redirects more obvious
remote-curl: rename shadowed options variable
http: always update the base URL for redirects
http: simplify update_url_from_redirect

Merge branch 'jc/renormalize-merge-kill-safer-crlf... Junio C Hamano Tue, 17 Jan 2017 22:49:28 +0000 (14:49 -0800)

Merge branch 'jc/renormalize-merge-kill-safer-crlf' into maint

Fix a corner case in merge-recursive regression that crept in
during 2.10 development cycle.

* jc/renormalize-merge-kill-safer-crlf:
convert: git cherry-pick -Xrenormalize did not work
merge-recursive: handle NULL in add_cacheinfo() correctly
cherry-pick: demonstrate a segmentation fault

Merge branch 'ls/p4-empty-file-on-lfs' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:27 +0000 (14:49 -0800)

Merge branch 'ls/p4-empty-file-on-lfs' into maint

"git p4" LFS support was broken when LFS stores an empty blob.

* ls/p4-empty-file-on-lfs:
git-p4: fix empty file processing for large file system backend GitLFS

Merge branch 'da/mergetool-trust-exit-code' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:27 +0000 (14:49 -0800)

Merge branch 'da/mergetool-trust-exit-code' into maint

mergetool.<tool>.trustExitCode configuration variable did not apply
to built-in tools, but now it does.

* da/mergetool-trust-exit-code:
mergetools/vimdiff: trust Vim's exit code
mergetool: honor mergetool.$tool.trustExitCode for built-in tools

Merge branch 'nd/worktree-list-fixup' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:27 +0000 (14:49 -0800)

Merge branch 'nd/worktree-list-fixup' into maint

The output from "git worktree list" was made in readdir() order,
and was unstable.

* nd/worktree-list-fixup:
worktree list: keep the list sorted
worktree.c: get_worktrees() takes a new flag argument
get_worktrees() must return main worktree as first item even on error
worktree: reorder an if statement
worktree.c: zero new 'struct worktree' on allocation

Merge branch 'bw/push-dry-run' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:27 +0000 (14:49 -0800)

Merge branch 'bw/push-dry-run' into maint

"git push --dry-run --recurse-submodule=on-demand" wasn't
"--dry-run" in the submodules.

* bw/push-dry-run:
push: fix --dry-run to not push submodules
push: --dry-run updates submodules when --recurse-submodules=on-demand

Merge branch 'hv/submodule-not-yet-pushed-fix' into... Junio C Hamano Tue, 17 Jan 2017 22:49:26 +0000 (14:49 -0800)

Merge branch 'hv/submodule-not-yet-pushed-fix' into maint

The code in "git push" to compute if any commit being pushed in the
superproject binds a commit in a submodule that hasn't been pushed
out was overly inefficient, making it unusable even for a small
project that does not have any submodule but have a reasonable
number of refs.

* hv/submodule-not-yet-pushed-fix:
submodule_needs_pushing(): explain the behaviour when we cannot answer
batch check whether submodule needs pushing into one call
serialize collection of refs that contain submodule changes
serialize collection of changed submodules

Merge branch 'dt/empty-submodule-in-merge' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:26 +0000 (14:49 -0800)

Merge branch 'dt/empty-submodule-in-merge' into maint

An empty directory in a working tree that can simply be nuked used
to interfere while merging or cherry-picking a change to create a
submodule directory there, which has been fixed..

* dt/empty-submodule-in-merge:
submodules: allow empty working-tree dirs in merge/cherry-pick

Merge branch 'jk/rev-parse-symbolic-parents-fix' into... Junio C Hamano Tue, 17 Jan 2017 22:49:26 +0000 (14:49 -0800)

Merge branch 'jk/rev-parse-symbolic-parents-fix' into maint

"git rev-parse --symbolic" failed with a more recent notation like
"HEAD^-1" and "HEAD^!".

* jk/rev-parse-symbolic-parents-fix:
rev-parse: fix parent shorthands with --symbolic

Merge branch 'js/mingw-isatty' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:25 +0000 (14:49 -0800)

Merge branch 'js/mingw-isatty' into maint

Update the isatty() emulation for Windows by updating the previous
hack that depended on internals of (older) MSVC runtime.

* js/mingw-isatty:
mingw: replace isatty() hack
mingw: fix colourization on Cygwin pseudo terminals
mingw: adjust is_console() to work with stdin
mingw: intercept isatty() to handle /dev/null as Git expects it

Merge branch 'bb/unicode-9.0' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:25 +0000 (14:49 -0800)

Merge branch 'bb/unicode-9.0' into maint

The character width table has been updated to match Unicode 9.0

* bb/unicode-9.0:
unicode_width.h: update the width tables to Unicode 9.0
update_unicode.sh: remove the plane filter
update_unicode.sh: automatically download newer definition files
update_unicode.sh: pin the uniset repo to a known good commit
update_unicode.sh: remove an unnecessary subshell level
update_unicode.sh: move it into contrib/update-unicode

Merge branch 'ls/travis-update-p4-and-lfs' into maintJunio C Hamano Tue, 17 Jan 2017 22:49:24 +0000 (14:49 -0800)

Merge branch 'ls/travis-update-p4-and-lfs' into maint

The default Travis-CI configuration specifies newer P4 and GitLFS.

* ls/travis-update-p4-and-lfs:
travis-ci: update P4 to 16.2 and GitLFS to 1.5.2 in Linux build

mingw: replace isatty() hackJeff Hostetler Thu, 22 Dec 2016 17:09:23 +0000 (18:09 +0100)

mingw: replace isatty() hack

Git for Windows has carried a patch that depended on internals
of MSVC runtime, but it does not work correctly with recent MSVC
runtime. A replacement was written originally for compiling
with VC++. The patch in this message is a backport of that
replacement, and it also fixes the previous attempt to make
isatty() tell that /dev/null is *not* an interactive terminal.

Signed-off-by: Jeff Hostetler <jeffhost@microsoft.com>
Tested-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mingw: fix colourization on Cygwin pseudo terminalsAlan Davies Thu, 22 Dec 2016 17:09:18 +0000 (18:09 +0100)

mingw: fix colourization on Cygwin pseudo terminals

Git only colours the output and uses pagination if isatty() returns 1.
MSYS2 and Cygwin emulate pseudo terminals via named pipes, meaning that
isatty() returns 0.

f7f90e0f4f (mingw: make isatty() recognize MSYS2's pseudo terminals
(/dev/pty*), 2016-04-27) fixed this for MSYS2 terminals, but not for
Cygwin.

The named pipes that Cygwin and MSYS2 use are very similar. MSYS2 PTY pipes
are called 'msys-*-pty*' and Cygwin uses 'cygwin-*-pty*'. This commit
modifies the existing check to allow both MSYS2 and Cygwin PTY pipes to be
identified as TTYs.

Note that pagination is still broken when running Git for Windows from
within Cygwin, as MSYS2's less.exe is spawned (and does not like to
interact with Cygwin's PTY).

This partially fixes https://github.com/git-for-windows/git/issues/267

Signed-off-by: Alan Davies <alan.n.davies@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mingw: adjust is_console() to work with stdinJohannes Schindelin Thu, 22 Dec 2016 17:08:57 +0000 (18:08 +0100)

mingw: adjust is_console() to work with stdin

When determining whether a handle corresponds to a *real* Win32 Console
(as opposed to, say, a character device such as /dev/null), we use the
GetConsoleOutputBufferInfo() function as a tell-tale.

However, that does not work for *input* handles associated with a
console. Let's just use the GetConsoleMode() function for input handles,
and since it does not work on output handles fall back to the previous
method for those.

This patch prepares for using is_console() instead of my previous
misguided attempt in cbb3f3c9b1 (mingw: intercept isatty() to handle
/dev/null as Git expects it, 2016-12-11) that broke everything on
Windows.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

unicode_width.h: update the width tables to Unicode 9.0Beat Bolli Tue, 13 Dec 2016 23:31:44 +0000 (00:31 +0100)

unicode_width.h: update the width tables to Unicode 9.0

Rerunning update-unicode.sh that we fixed in the previous commits
produces these new tables.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: remove the plane filterBeat Bolli Tue, 13 Dec 2016 23:31:43 +0000 (00:31 +0100)

update_unicode.sh: remove the plane filter

The uniset upstream has accepted my patches that eliminate the Unicode
plane offsets from the output in '--32' mode.

Remove the corresponding filter in update_unicode.sh.

This also fixes the issue that the plane offsets were not removed from
the second uniset call.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: automatically download newer definit... Beat Bolli Tue, 13 Dec 2016 23:31:42 +0000 (00:31 +0100)

update_unicode.sh: automatically download newer definition files

Checking just for the unicode data files' existence is not sufficient;
we should also download them if a newer version exists on the Unicode
consortium's servers. Option -N of wget does this nicely for us.

Reviewed-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: pin the uniset repo to a known good... Beat Bolli Tue, 13 Dec 2016 23:31:41 +0000 (00:31 +0100)

update_unicode.sh: pin the uniset repo to a known good commit

The uniset upstream has added more commits that for example change the
hexadecimal output in '--32' mode to decimal. Let's pin the repo to a
commit that still outputs the width tables in the format we want.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: remove an unnecessary subshell levelBeat Bolli Tue, 13 Dec 2016 23:31:40 +0000 (00:31 +0100)

update_unicode.sh: remove an unnecessary subshell level

After the move into contrib/update-unicode, we no longer create the
unicode directory to have a clean working folder. Instead, the directory
of the script is used. This means that the subshell can be removed.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

update_unicode.sh: move it into contrib/update-unicodeBeat Bolli Tue, 13 Dec 2016 23:31:39 +0000 (00:31 +0100)

update_unicode.sh: move it into contrib/update-unicode

As it's used only by a tiny minority of the Git developer population,
this script does not belong into the main Git source directory.

Move it into contrib/ and adjust the paths to account for the new
location.

Signed-off-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mingw: intercept isatty() to handle /dev/null as Git... Johannes Schindelin Sun, 11 Dec 2016 11:16:57 +0000 (12:16 +0100)

mingw: intercept isatty() to handle /dev/null as Git expects it

When Git's source code calls isatty(), it really asks whether the
respective file descriptor is connected to an interactive terminal.

Windows' _isatty() function, however, determines whether the file
descriptor is associated with a character device. And NUL, Windows'
equivalent of /dev/null, is a character device.

Which means that for years, Git mistakenly detected an associated
interactive terminal when being run through the test suite, which
almost always redirects stdin, stdout and stderr to /dev/null.

This bug only became obvious, and painfully so, when the new
bisect--helper entered the `pu` branch and made the automatic build & test
time out because t6030 was waiting for an answer.

For details, see

https://msdn.microsoft.com/en-us/library/f4s0ddew.aspx

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff: handle --no-abbrev in no-index caseJack Bates Tue, 6 Dec 2016 16:56:14 +0000 (09:56 -0700)

diff: handle --no-abbrev in no-index case

There are two different places where the --no-abbrev option is parsed,
and two different places where SHA-1s are abbreviated. We normally parse
--no-abbrev with setup_revisions(), but in the no-index case, "git diff"
calls diff_opt_parse() directly, and diff_opt_parse() didn't handle
--no-abbrev until now. (It did handle --abbrev, however.) We normally
abbreviate SHA-1s with find_unique_abbrev(), but commit 4f03666 ("diff:
handle sha1 abbreviations outside of repository, 2016-10-20) recently
introduced a special case when you run "git diff" outside of a
repository.

setup_revisions() does also call diff_opt_parse(), but not for --abbrev
or --no-abbrev, which it handles itself. setup_revisions() sets
rev_info->abbrev, and later copies that to diff_options->abbrev. It
handles --no-abbrev by setting abbrev to zero. (This change doesn't
touch that.)

Setting abbrev to zero was broken in the outside-of-a-repository special
case, which until now resulted in a truly zero-length SHA-1, rather than
taking zero to mean do not abbreviate. The only way to trigger this bug,
however, was by running "git diff --raw" without either the --abbrev or
--no-abbrev options, because 1) without --raw it doesn't respect abbrev
(which is bizarre, but has been that way forever), 2) we silently clamp
--abbrev=0 to MINIMUM_ABBREV, and 3) --no-abbrev wasn't handled until
now.

The outside-of-a-repository case is one of three no-index cases. The
other two are when one of the files you're comparing is outside of the
repository you're in, and the --no-index option.

Signed-off-by: Jack Bates <jack@nottheoilrig.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

stash: prefer plumbing over git-diffJeff King Tue, 6 Dec 2016 20:25:21 +0000 (15:25 -0500)

stash: prefer plumbing over git-diff

When creating a stash, we need to look at the diff between
the working tree and HEAD, and do so using the git-diff
porcelain. Because git-diff enables porcelain config like
renames by default, this causes at least one problem. The
--name-only format will not mention the source side of a
rename, meaning we will fail to stash a deletion that is
part of a rename.

We could fix that case by passing --no-renames, but this is
a symptom of a larger problem. We should be using the
diff-index plumbing here, which does not have renames
enabled by default, and also does not respect any
potentially confusing config options.

Reported-by: Matthew Patey <matthew.patey2167@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

http-walker: complain about non-404 loose object errorsJeff King Tue, 6 Dec 2016 18:25:39 +0000 (13:25 -0500)

http-walker: complain about non-404 loose object errors

Since commit 17966c0a6 (http: avoid disconnecting on 404s
for loose objects, 2016-07-11), we turn off curl's
FAILONERROR option and instead manually deal with failing
HTTP codes.

However, the logic to do so only recognizes HTTP 404 as a
failure. This is probably the most common result, but if we
were to get another code, the curl result remains CURLE_OK,
and we treat it as success. We still end up detecting the
failure when we try to zlib-inflate the object (which will
fail), but instead of reporting the HTTP error, we just
claim that the object is corrupt.

Instead, let's catch anything in the 300's or above as an
error (300's are redirects which are not an error at the
HTTP level, but are an indication that we've explicitly
disabled redirects, so we should treat them as such; we
certainly don't have the resulting object content).

Note that we also fill in req->errorstr, which we didn't do
before. Without FAILONERROR, curl will not have filled this
in, and it will remain a blank string. This never mattered
for the 404 case, because in the logic below we hit the
"missing_target()" branch and print nothing. But for other
errors, we'd want to say _something_, if only to fill in the
blank slot in the error message.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'ew/http-walker' into jk/http-walker-limit... Junio C Hamano Tue, 6 Dec 2016 20:40:41 +0000 (12:40 -0800)

Merge branch 'ew/http-walker' into jk/http-walker-limit-redirect

* ew/http-walker:
list: avoid incompatibility with *BSD sys/queue.h
http-walker: reduce O(n) ops with doubly-linked list
http: avoid disconnecting on 404s for loose objects
http-walker: remove unused parameter from fetch_object

http: treat http-alternates like redirectsJeff King Tue, 6 Dec 2016 18:24:45 +0000 (13:24 -0500)

http: treat http-alternates like redirects

The previous commit made HTTP redirects more obvious and
tightened up the default behavior. However, there's another
way for a server to ask a git client to fetch arbitrary
content: by having an http-alternates file (or a regular
alternates file, which is used as a backup).

Similar to the HTTP redirect case, a malicious server can
claim to have refs pointing at object X, return a 404 when
the client asks for X, but point to some other URL via
http-alternates, which the client will transparently fetch.
The end result is that it looks from the user's perspective
like the objects came from the malicious server, as the
other URL is not mentioned at all.

Worse, because we feed the new URL to curl ourselves, the
usual protocol restrictions do not kick in (neither curl's
default of disallowing file://, nor the protocol
whitelisting in f4113cac0 (http: limit redirection to
protocol-whitelist, 2015-09-22).

Let's apply the same rules here as we do for HTTP redirects.
Namely:

- unless http.followRedirects is set to "always", we will
not follow remote redirects from http-alternates (or
alternates) at all

- set CURLOPT_PROTOCOLS alongside CURLOPT_REDIR_PROTOCOLS
restrict ourselves to a known-safe set and respect any
user-provided whitelist.

- mention alternate object stores on stderr so that the
user is aware another source of objects may be involved

The first item may prove to be too restrictive. The most
common use of alternates is to point to another path on the
same server. While it's possible for a single-server
redirect to be an attack, it takes a fairly obscure setup
(victim and evil repository on the same host, host speaks
dumb http, and evil repository has access to edit its own
http-alternates file).

So we could make the checks more specific, and only cover
cross-server redirects. But that means parsing the URLs
ourselves, rather than letting curl handle them. This patch
goes for the simpler approach. Given that they are only used
with dumb http, http-alternates are probably pretty rare.
And there's an escape hatch: the user can allow redirects on
a specific server by setting http.<url>.followRedirects to
"always".

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

http: make redirects more obviousJeff King Tue, 6 Dec 2016 18:24:41 +0000 (13:24 -0500)

http: make redirects more obvious

We instruct curl to always follow HTTP redirects. This is
convenient, but it creates opportunities for malicious
servers to create confusing situations. For instance,
imagine Alice is a git user with access to a private
repository on Bob's server. Mallory runs her own server and
wants to access objects from Bob's repository.

Mallory may try a few tricks that involve asking Alice to
clone from her, build on top, and then push the result:

1. Mallory may simply redirect all fetch requests to Bob's
server. Git will transparently follow those redirects
and fetch Bob's history, which Alice may believe she
got from Mallory. The subsequent push seems like it is
just feeding Mallory back her own objects, but is
actually leaking Bob's objects. There is nothing in
git's output to indicate that Bob's repository was
involved at all.

The downside (for Mallory) of this attack is that Alice
will have received Bob's entire repository, and is
likely to notice that when building on top of it.

2. If Mallory happens to know the sha1 of some object X in
Bob's repository, she can instead build her own history
that references that object. She then runs a dumb http
server, and Alice's client will fetch each object
individually. When it asks for X, Mallory redirects her
to Bob's server. The end result is that Alice obtains
objects from Bob, but they may be buried deep in
history. Alice is less likely to notice.

Both of these attacks are fairly hard to pull off. There's a
social component in getting Mallory to convince Alice to
work with her. Alice may be prompted for credentials in
accessing Bob's repository (but not always, if she is using
a credential helper that caches). Attack (1) requires a
certain amount of obliviousness on Alice's part while making
a new commit. Attack (2) requires that Mallory knows a sha1
in Bob's repository, that Bob's server supports dumb http,
and that the object in question is loose on Bob's server.

But we can probably make things a bit more obvious without
any loss of functionality. This patch does two things to
that end.

First, when we encounter a whole-repo redirect during the
initial ref discovery, we now inform the user on stderr,
making attack (1) much more obvious.

Second, the decision to follow redirects is now
configurable. The truly paranoid can set the new
http.followRedirects to false to avoid any redirection
entirely. But for a more practical default, we will disallow
redirects only after the initial ref discovery. This is
enough to thwart attacks similar to (2), while still
allowing the common use of redirects at the repository
level. Since c93c92f30 (http: update base URLs when we see
redirects, 2013-09-28) we re-root all further requests from
the redirect destination, which should generally mean that
no further redirection is necessary.

As an escape hatch, in case there really is a server that
needs to redirect individual requests, the user can set
http.followRedirects to "true" (and this can be done on a
per-server basis via http.*.followRedirects config).

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

remote-curl: rename shadowed options variableJeff King Tue, 6 Dec 2016 18:24:38 +0000 (13:24 -0500)

remote-curl: rename shadowed options variable

The discover_refs() function has a local "options" variable
to hold the http_get_options we pass to http_get_strbuf().
But this shadows the global "struct options" that holds our
program-level options, which cannot be accessed from this
function.

Let's give the local one a more descriptive name so we can
tell the two apart.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

http: always update the base URL for redirectsJeff King Tue, 6 Dec 2016 18:24:35 +0000 (13:24 -0500)

http: always update the base URL for redirects

If a malicious server redirects the initial ref
advertisement, it may be able to leak sha1s from other,
unrelated servers that the client has access to. For
example, imagine that Alice is a git user, she has access to
a private repository on a server hosted by Bob, and Mallory
runs a malicious server and wants to find out about Bob's
private repository.

Mallory asks Alice to clone an unrelated repository from her
over HTTP. When Alice's client contacts Mallory's server for
the initial ref advertisement, the server issues an HTTP
redirect for Bob's server. Alice contacts Bob's server and
gets the ref advertisement for the private repository. If
there is anything to fetch, she then follows up by asking
the server for one or more sha1 objects. But who is the
server?

If it is still Mallory's server, then Alice will leak the
existence of those sha1s to her.

Since commit c93c92f30 (http: update base URLs when we see
redirects, 2013-09-28), the client usually rewrites the base
URL such that all further requests will go to Bob's server.
But this is done by textually matching the URL. If we were
originally looking for "http://mallory/repo.git/info/refs",
and we got pointed at "http://bob/other.git/info/refs", then
we know that the right root is "http://bob/other.git".

If the redirect appears to change more than just the root,
we punt and continue to use the original server. E.g.,
imagine the redirect adds a URL component that Bob's server
will ignore, like "http://bob/other.git/info/refs?dummy=1".

We can solve this by aborting in this case rather than
silently continuing to use Mallory's server. In addition to
protecting from sha1 leakage, it's arguably safer and more
sane to refuse a confusing redirect like that in general.
For example, part of the motivation in c93c92f30 is
avoiding accidentally sending credentials over clear http,
just to get a response that says "try again over https". So
even in a non-malicious case, we'd prefer to err on the side
of caution.

The downside is that it's possible this will break a
legitimate but complicated server-side redirection scheme.
The setup given in the newly added test does work, but it's
convoluted enough that we don't need to care about it. A
more plausible case would be a server which redirects a
request for "info/refs?service=git-upload-pack" to just
"info/refs" (because it does not do smart HTTP, and for some
reason really dislikes query parameters). Right now we
would transparently downgrade to dumb-http, but with this
patch, we'd complain (and the user would have to set
GIT_SMART_HTTP=0 to fetch).

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

http: simplify update_url_from_redirectJeff King Tue, 6 Dec 2016 18:24:29 +0000 (13:24 -0500)

http: simplify update_url_from_redirect

This function looks for a common tail between what we asked
for and where we were redirected to, but it open-codes the
comparison. We can avoid some confusing subtractions by
using strip_suffix_mem().

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

git-p4: fix empty file processing for large file system... Lars Schneider Sun, 4 Dec 2016 16:03:37 +0000 (17:03 +0100)

git-p4: fix empty file processing for large file system backend GitLFS

If git-p4 tried to store an empty file in GitLFS then it crashed while
parsing the pointer file:

oid = re.search(r'^oid \w+:(\w+)', pointerFile, re.MULTILINE).group(1)
AttributeError: 'NoneType' object has no attribute 'group'

This happens because GitLFS does not create a pointer file for an empty
file. Teach git-p4 this behavior to fix the problem and add a test case.

Signed-off-by: Lars Schneider <larsxschneider@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

travis-ci: update P4 to 16.2 and GitLFS to 1.5.2 in... Lars Schneider Sun, 4 Dec 2016 13:52:41 +0000 (14:52 +0100)

travis-ci: update P4 to 16.2 and GitLFS to 1.5.2 in Linux build

Update Travis-CI dependencies to the latest available versions in
Linux build.

Signed-off-by: Lars Schneider <larsxschneider@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Sync with maint-2.10Junio C Hamano Mon, 5 Dec 2016 19:25:47 +0000 (11:25 -0800)

Sync with maint-2.10

* maint-2.10:
preparing for 2.10.3

preparing for 2.10.3Junio C Hamano Mon, 5 Dec 2016 19:25:02 +0000 (11:25 -0800)

preparing for 2.10.3

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'jk/common-main' into maint-2.10Junio C Hamano Mon, 5 Dec 2016 19:24:17 +0000 (11:24 -0800)

Merge branch 'jk/common-main' into maint-2.10

* jk/common-main:
common-main: stop munging argv[0] path
git-compat-util: move content inside ifdef/endif guards

convert: git cherry-pick -Xrenormalize did not workTorsten Bögershausen Wed, 30 Nov 2016 17:02:32 +0000 (18:02 +0100)

convert: git cherry-pick -Xrenormalize did not work

Working with a repo that used to be all CRLF. At some point it
was changed to all LF, with `text=auto` in .gitattributes.
Trying to cherry-pick a commit from before the switchover fails:

$ git cherry-pick -Xrenormalize <commit>
fatal: CRLF would be replaced by LF in [path]

Commit 65237284 "unify the "auto" handling of CRLF" introduced
a regression:

Whenever crlf_action is CRLF_TEXT_XXX and not CRLF_AUTO_XXX,
SAFE_CRLF_RENORMALIZE was feed into check_safe_crlf(). This is
wrong because here everything else than SAFE_CRLF_WARN is treated as
SAFE_CRLF_FAIL.

Call check_safe_crlf() only if checksafe is SAFE_CRLF_WARN or
SAFE_CRLF_FAIL.

Reported-by: Eevee (Lexy Munroe) <eevee@veekun.com>
Signed-off-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'tb/t0027-raciness-fix' into jc/renormaliz... Junio C Hamano Thu, 1 Dec 2016 18:34:42 +0000 (10:34 -0800)

Merge branch 'tb/t0027-raciness-fix' into jc/renormalize-merge-kill-safer-crlf

* tb/t0027-raciness-fix:
convert: Correct NNO tests and missing `LF will be replaced by CRLF`

Merge branch 'tk/diffcore-delta-remove-unused' into... Junio C Hamano Tue, 29 Nov 2016 21:28:03 +0000 (13:28 -0800)

Merge branch 'tk/diffcore-delta-remove-unused' into maint

Code cleanup.

* tk/diffcore-delta-remove-unused:
diffcore-delta: remove unused parameter to diffcore_count_changes()

Merge branch 'jk/create-branch-remove-unused-param... Junio C Hamano Tue, 29 Nov 2016 21:28:02 +0000 (13:28 -0800)

Merge branch 'jk/create-branch-remove-unused-param' into maint

Code clean-up.

* jk/create-branch-remove-unused-param:
create_branch: drop unused "head" parameter

Merge branch 'nd/worktree-lock' into maintJunio C Hamano Tue, 29 Nov 2016 21:28:02 +0000 (13:28 -0800)

Merge branch 'nd/worktree-lock' into maint

Typofix.

* nd/worktree-lock:
git-worktree.txt: fix typo "to"/"two", and add comma

Merge branch 'ps/common-info-doc' into maintJunio C Hamano Tue, 29 Nov 2016 21:28:01 +0000 (13:28 -0800)

Merge branch 'ps/common-info-doc' into maint

Doc fix.

* ps/common-info-doc:
doc: fix location of 'info/' with $GIT_COMMON_DIR

Merge branch 'rs/cocci' into maintJunio C Hamano Tue, 29 Nov 2016 21:28:00 +0000 (13:28 -0800)

Merge branch 'rs/cocci' into maint

Improve the rule to convert "unsigned char [20]" into "struct
object_id *" in contrib/coccinelle/

* rs/cocci:
cocci: avoid self-references in object_id transformations

Merge branch 'nd/test-helpers' into maintJunio C Hamano Tue, 29 Nov 2016 21:28:00 +0000 (13:28 -0800)

Merge branch 'nd/test-helpers' into maint

Update to the test framework made in 2.9 timeframe broke running
the tests under valgrind, which has been fixed.

* nd/test-helpers:
valgrind: support test helpers

Merge branch 'sc/fmt-merge-msg-doc-markup-fix' into... Junio C Hamano Tue, 29 Nov 2016 21:27:59 +0000 (13:27 -0800)

Merge branch 'sc/fmt-merge-msg-doc-markup-fix' into maint

Documentation fix.

* sc/fmt-merge-msg-doc-markup-fix:
Documentation/fmt-merge-msg: fix markup in example

Merge branch 'rs/commit-pptr-simplify' into maintJunio C Hamano Tue, 29 Nov 2016 21:27:59 +0000 (13:27 -0800)

Merge branch 'rs/commit-pptr-simplify' into maint

Code simplification.

* rs/commit-pptr-simplify:
commit: simplify building parents list

Merge branch 'jk/rebase-config-insn-fmt-docfix' into... Junio C Hamano Tue, 29 Nov 2016 21:27:58 +0000 (13:27 -0800)

Merge branch 'jk/rebase-config-insn-fmt-docfix' into maint

Documentation fix.

* jk/rebase-config-insn-fmt-docfix:
doc: fix missing "::" in config list

Merge branch 'ak/pre-receive-hook-template-modefix... Junio C Hamano Tue, 29 Nov 2016 21:27:57 +0000 (13:27 -0800)

Merge branch 'ak/pre-receive-hook-template-modefix' into maint

A trivial clean-up to a recently graduated topic.

* ak/pre-receive-hook-template-modefix:
pre-receive.sample: mark it executable

Merge branch 'ls/macos-update' into maintJunio C Hamano Tue, 29 Nov 2016 21:27:56 +0000 (13:27 -0800)

Merge branch 'ls/macos-update' into maint

Portability update and workaround for builds on recent Mac OS X.

* ls/macos-update:
travis-ci: disable GIT_TEST_HTTPD for macOS
Makefile: set NO_OPENSSL on macOS by default

Merge branch 'as/merge-attr-sleep' into maintJunio C Hamano Tue, 29 Nov 2016 21:27:56 +0000 (13:27 -0800)

Merge branch 'as/merge-attr-sleep' into maint

Fix for a racy false-positive test failure.

* as/merge-attr-sleep:
t6026: clarify the point of "kill $(cat sleep.pid)"
t6026: ensure that long-running script really is
Revert "t6026-merge-attr: don't fail if sleep exits early"
Revert "t6026-merge-attr: ensure that the merge driver was called"
t6026-merge-attr: ensure that the merge driver was called
t6026-merge-attr: don't fail if sleep exits early

Merge branch 'ak/sh-setup-dot-source-i18n-fix' into... Junio C Hamano Tue, 29 Nov 2016 21:27:56 +0000 (13:27 -0800)

Merge branch 'ak/sh-setup-dot-source-i18n-fix' into maint

Recent update to git-sh-setup (a library of shell functions that
are used by our in-tree scripted Porcelain commands) included
another shell library git-sh-i18n without specifying where it is,
relying on the $PATH. This has been fixed to be more explicit by
prefixing $(git --exec-path) output in front.

* ak/sh-setup-dot-source-i18n-fix:
git-sh-setup: be explicit where to dot-source git-sh-i18n from.

Merge branch 'jk/daemon-path-ok-check-truncation' into... Junio C Hamano Tue, 29 Nov 2016 21:27:55 +0000 (13:27 -0800)

Merge branch 'jk/daemon-path-ok-check-truncation' into maint

"git daemon" used fixed-length buffers to turn URL to the
repository the client asked for into the server side directory
path, using snprintf() to avoid overflowing these buffers, but
allowed possibly truncated paths to the directory. This has been
tightened to reject such a request that causes overlong path to be
required to serve.

* jk/daemon-path-ok-check-truncation:
daemon: detect and reject too-long paths

Merge branch 'rs/ring-buffer-wraparound' into maintJunio C Hamano Tue, 29 Nov 2016 21:27:55 +0000 (13:27 -0800)

Merge branch 'rs/ring-buffer-wraparound' into maint

The code that we have used for the past 10+ years to cycle
4-element ring buffers turns out to be not quite portable in
theoretical world.

* rs/ring-buffer-wraparound:
hex: make wraparound of the index into ring-buffer explicit

Merge branch 'mm/send-email-cc-cruft-after-address... Junio C Hamano Tue, 29 Nov 2016 21:27:54 +0000 (13:27 -0800)

Merge branch 'mm/send-email-cc-cruft-after-address' into maint

"git send-email" attempts to pick up valid e-mails from the
trailers, but people in real world write non-addresses there, like
"Cc: Stable <add@re.ss> # 4.8+", which broke the output depending
on the availability and vintage of Mail::Address perl module.

* mm/send-email-cc-cruft-after-address:
Git.pm: add comment pointing to t9000
t9000-addresses: update expected results after fix
parse_mailboxes: accept extra text after <...> address

Merge branch 'cp/completion-negative-refs' into maintJunio C Hamano Tue, 29 Nov 2016 21:27:53 +0000 (13:27 -0800)

Merge branch 'cp/completion-negative-refs' into maint

The command-line completion script (in contrib/) learned to
complete "git cmd ^mas<HT>" to complete the negative end of
reference to "git cmd ^master".

* cp/completion-negative-refs:
completion: support excluding refs

Merge branch 'jc/am-read-author-file' into maintJunio C Hamano Tue, 29 Nov 2016 21:27:53 +0000 (13:27 -0800)

Merge branch 'jc/am-read-author-file' into maint

Extract a small helper out of the function that reads the authors
script file "git am" internally uses.
This by itself is not useful until a second caller appears in the
future for "rebase -i" helper.

* jc/am-read-author-file:
am: refactor read_author_script()

Git 2.11 v2.11.0Junio C Hamano Tue, 29 Nov 2016 20:23:07 +0000 (12:23 -0800)

Git 2.11

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'jk/common-main'Junio C Hamano Tue, 29 Nov 2016 20:22:13 +0000 (12:22 -0800)

Merge branch 'jk/common-main'

Fix for a small regression in a topic already in 'master'.

* jk/common-main:
common-main: stop munging argv[0] path

Merge tag 'l10n-2.11.0-rnd3.1' of git://github.com... Junio C Hamano Tue, 29 Nov 2016 19:36:11 +0000 (11:36 -0800)

Merge tag 'l10n-2.11.0-rnd3.1' of git://github.com/git-l10n/git-po

l10n-2.11.0-rnd3.1: update ru and ca translations

* tag 'l10n-2.11.0-rnd3.1' of git://github.com/git-l10n/git-po:
l10n: ru.po: update Russian translation
l10n: ca.po: update translation

common-main: stop munging argv[0] pathJeff King Sun, 27 Nov 2016 04:31:13 +0000 (23:31 -0500)

common-main: stop munging argv[0] path

Since 650c44925 (common-main: call git_extract_argv0_path(),
2016-07-01), the argv[0] that is seen in cmd_main() of
individual programs is always the basename of the
executable, as common-main strips off the full path. This
can produce confusing results for git-daemon, which wants to
re-exec itself.

For instance, if the program was originally run as
"/usr/lib/git/git-daemon", it will try just re-execing
"git-daemon", which will find the first instance in $PATH.
If git's exec-path has not been prepended to $PATH, we may
find the git-daemon from a different version (or no
git-daemon at all).

Normally this isn't a problem. Git commands are run as "git
daemon", the git wrapper puts the exec-path at the front of
$PATH, and argv[0] is already "daemon" anyway. But running
git-daemon via its full exec-path, while not really a
recommended method, did work prior to 650c44925. Let's make
it work again.

The real goal of 650c44925 was not to munge argv[0], but to
reliably set the argv0_path global. The only reason it
munges at all is that one caller, the git.c wrapper,
piggy-backed on that computation to find the command
basename. Instead, let's leave argv[0] untouched in
common-main, and have git.c do its own basename computation.

While we're at it, let's drop the return value from
git_extract_argv0_path(). It was only ever used in this one
callsite, and its dual purposes is what led to this
confusion in the first place.

Note that by changing the interface, the compiler can
confirm for us that there are no other callers storing the
return value. But the compiler can't tell us whether any of
the cmd_main() functions (besides git.c) were relying on the
basename munging. However, we can observe that prior to
650c44925, no other cmd_main() functions did that munging,
and no new cmd_main() functions have been introduced since
then. So we can't be regressing any of those cases.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mergetools/vimdiff: trust Vim's exit codeDavid Aguilar Tue, 29 Nov 2016 09:38:20 +0000 (01:38 -0800)

mergetools/vimdiff: trust Vim's exit code

Allow vimdiff users to signal that they do not want to use the
result of a merge by exiting with ":cquit", which tells Vim to
exit with an error code.

This is better than the current behavior because it allows users
to directly flag that the merge is bad, using a standard Vim
feature, rather than relying on a timestamp heuristic that is
unforgiving to users that save in-progress merge files.

The original behavior can be restored by configuring
mergetool.vimdiff.trustExitCode to false.

Reported-by: Dun Peal <dunpealer@gmail.com>
Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mergetool: honor mergetool.$tool.trustExitCode for... David Aguilar Tue, 29 Nov 2016 09:38:07 +0000 (01:38 -0800)

mergetool: honor mergetool.$tool.trustExitCode for built-in tools

Built-in merge tools contain a hard-coded assumption about
whether or not a tool's exit code can be trusted to determine
the success or failure of a merge. Tools whose exit codes are
not trusted contain calls to check_unchanged() in their
merge_cmd() functions.

A problem with this is that the trustExitCode configuration is
not honored for built-in tools.

Teach built-in tools to honor the trustExitCode configuration.
Extend run_merge_cmd() so that it is responsible for calling
check_unchanged() when a tool's exit code cannot be trusted.
Remove check_unchanged() calls from scriptlets since they are no
longer responsible for calling it.

When no configuration is present, exit_code_trustable() is
checked to see whether the exit code should be trusted.
The default implementation returns false.

Tools whose exit codes can be trusted override
exit_code_trustable() to true.

Reported-by: Dun Peal <dunpealer@gmail.com>
Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'russian-l10n' of https://github.com/DJm00... Jiang Xin Tue, 29 Nov 2016 13:19:43 +0000 (21:19 +0800)

Merge branch 'russian-l10n' of https://github.com/DJm00n/git-po-ru

* 'russian-l10n' of https://github.com/DJm00n/git-po-ru:
l10n: ru.po: update Russian translation

l10n: ru.po: update Russian translationDimitriy Ryazantcev Tue, 29 Nov 2016 09:33:07 +0000 (11:33 +0200)

l10n: ru.po: update Russian translation

Signed-off-by: Dimitriy Ryazantcev <dimitriy.ryazantcev@gmail.com>

l10n: ca.po: update translationAlex Henrie Tue, 29 Nov 2016 03:06:25 +0000 (20:06 -0700)

l10n: ca.po: update translation

Signed-off-by: Alex Henrie <alexhenrie24@gmail.com>

RelNotes: spelling and phrasing fixupsMarc Branchaud Thu, 24 Nov 2016 16:59:00 +0000 (11:59 -0500)

RelNotes: spelling and phrasing fixups

Signed-off-by: Marc Branchaud <marcnarc@xiplink.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge tag 'l10n-2.11.0-rnd3' of git://github.com/git... Junio C Hamano Mon, 28 Nov 2016 23:28:04 +0000 (15:28 -0800)

Merge tag 'l10n-2.11.0-rnd3' of git://github.com/git-l10n/git-po

l10n-2.11.0-rnd3

* tag 'l10n-2.11.0-rnd3' of git://github.com/git-l10n/git-po:
l10n: de.po: translate 210 new messages
l10n: fix unmatched single quote in error message

worktree list: keep the list sortedNguyễn Thái Ngọc Duy Mon, 28 Nov 2016 09:36:56 +0000 (16:36 +0700)

worktree list: keep the list sorted

It makes it easier to write tests for. But it should also be good for
the user since locating a worktree by eye would be easier once they
notice this.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

worktree.c: get_worktrees() takes a new flag argumentNguyễn Thái Ngọc Duy Mon, 28 Nov 2016 09:36:55 +0000 (16:36 +0700)

worktree.c: get_worktrees() takes a new flag argument

This is another no-op patch, in preparation for get_worktrees() to do
optional things, like sorting.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

get_worktrees() must return main worktree as first... Nguyễn Thái Ngọc Duy Mon, 28 Nov 2016 09:36:54 +0000 (16:36 +0700)

get_worktrees() must return main worktree as first item even on error

This is required by git-worktree.txt, stating that the main worktree is
the first line (especially in --porcelain mode when we can't just change
behavior at will).

There's only one case when get_worktrees() may skip main worktree, when
parse_ref() fails. Update the code so that we keep first item as main
worktree and return something sensible in this case:

- In user-friendly mode, since we're not constraint by anything,
returning "(error)" should do the job (we already show "(detached
HEAD)" which is not machine-friendly). Actually errors should be
printed on stderr by parse_ref() (*)

- In plumbing mode, we do not show neither 'bare', 'detached' or
'branch ...', which is possible by the format description if I read
it right.

Careful readers may realize that when the local variable "head_ref" in
get_main_worktree() is emptied, add_head_info() will do nothing to
wt->head_sha1. But that's ok because head_sha1 is zero-ized in the
previous patch.

(*) Well, it does not. But it's supposed to be a stop gap implementation
until we can reuse refs code to parse "ref: " stuff in HEAD, from
resolve_refs_unsafe(). Now may be the time since refs refactoring is
mostly done.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

worktree: reorder an if statementNguyễn Thái Ngọc Duy Mon, 28 Nov 2016 09:36:53 +0000 (16:36 +0700)

worktree: reorder an if statement

This is no-op. But it helps reduce diff noise in the next patch.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

merge-recursive: handle NULL in add_cacheinfo() correctlyJohannes Schindelin Sat, 26 Nov 2016 12:48:06 +0000 (13:48 +0100)

merge-recursive: handle NULL in add_cacheinfo() correctly

1335d76e45 ("merge: avoid "safer crlf" during recording of merge
results", 2016-07-08) tried to split make_cache_entry() call made
with CE_MATCH_REFRESH into a call to make_cache_entry() without one,
followed by a call to add_cache_entry(), refresh_cache() and another
add_cache_entry() as needed. However the conversion was botched in
that it forgot that refresh_cache() can return NULL, which was
handled correctly in make_cache_entry() but in the updated code.

This fixes https://github.com/git-for-windows/git/issues/952

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

cherry-pick: demonstrate a segmentation faultJohannes Schindelin Sat, 26 Nov 2016 12:48:02 +0000 (13:48 +0100)

cherry-pick: demonstrate a segmentation fault

In https://github.com/git-for-windows/git/issues/952, a complicated
scenario was described that leads to a segmentation fault in
cherry-pick.

It boils down to a certain code path involving a renamed file that is
dirty, for which `refresh_cache_entry()` returns `NULL`, and that
`NULL` not being handled properly.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

l10n: de.po: translate 210 new messagesRalf Thielow Wed, 2 Nov 2016 17:51:08 +0000 (18:51 +0100)

l10n: de.po: translate 210 new messages

Translate 210 new messages came from git.pot update in fda7b09
(l10n: git.pot: v2.11.0 round 1 (209 new, 53 removed)) and c091ffb
(l10n: git.pot: v2.11.0 round 2 (1 new, 1 removed)).

Signed-off-by: Ralf Thielow <ralf.thielow@gmail.com>

l10n: fix unmatched single quote in error messageJiang Xin Sun, 20 Nov 2016 12:26:17 +0000 (20:26 +0800)

l10n: fix unmatched single quote in error message

Translate one message introduced by commit:

* 358718064b i18n: fix unmatched single quote in error message

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>

Git 2.11-rc3 v2.11.0-rc3Junio C Hamano Wed, 23 Nov 2016 19:24:59 +0000 (11:24 -0800)

Git 2.11-rc3

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'jc/setup-cleanup-fix'Junio C Hamano Wed, 23 Nov 2016 19:23:17 +0000 (11:23 -0800)

Merge branch 'jc/setup-cleanup-fix'

"git archive" and "git mailinfo" stopped reading from local
configuration file with a recent update.

* jc/setup-cleanup-fix:
archive: read local configuration
mailinfo: read local configuration

Merge branch 'jt/trailer-with-cruft'Junio C Hamano Wed, 23 Nov 2016 19:23:17 +0000 (11:23 -0800)

Merge branch 'jt/trailer-with-cruft'

Doc update.

* jt/trailer-with-cruft:
doc: mention user-configured trailers

Merge branch 'js/rebase-i-commentchar-fix'Junio C Hamano Wed, 23 Nov 2016 19:23:17 +0000 (11:23 -0800)

Merge branch 'js/rebase-i-commentchar-fix'

"git rebase -i" did not work well with core.commentchar
configuration variable for two reasons, both of which have been
fixed.

* js/rebase-i-commentchar-fix:
rebase -i: handle core.commentChar=auto
stripspace: respect repository config
rebase -i: highlight problems with core.commentchar

Merge branch 'jc/for-each-ref-head-segfault-fix'Junio C Hamano Wed, 23 Nov 2016 19:23:16 +0000 (11:23 -0800)

Merge branch 'jc/for-each-ref-head-segfault-fix'

Using a %(HEAD) placeholder in "for-each-ref --format=" option
caused the command to segfault when on an unborn branch.

* jc/for-each-ref-head-segfault-fix:
for-each-ref: do not segv with %(HEAD) on an unborn branch

worktree.c: zero new 'struct worktree' on allocationNguyễn Thái Ngọc Duy Tue, 22 Nov 2016 10:00:44 +0000 (17:00 +0700)

worktree.c: zero new 'struct worktree' on allocation

This keeps things a bit simpler when we add more fields, knowing that
default values are always zero.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

push: fix --dry-run to not push submodulesBrandon Williams Thu, 17 Nov 2016 18:46:04 +0000 (10:46 -0800)

push: fix --dry-run to not push submodules

Teach push to respect the --dry-run option when configured to
recursively push submodules 'on-demand'. This is done by passing the
--dry-run flag to the child process which performs a push for a
submodules when performing a dry-run.

In order to preserve good user experience, the additional check for
unpushed submodules is skipped during a dry-run when
--recurse-submodules=on-demand. The check is skipped because the submodule
pushes were performed as dry-runs and this check would always fail as the
submodules would still need to be pushed.

Signed-off-by: Brandon Williams <bmwill@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

push: --dry-run updates submodules when --recurse-submo... Brandon Williams Thu, 17 Nov 2016 18:46:03 +0000 (10:46 -0800)

push: --dry-run updates submodules when --recurse-submodules=on-demand

This patch adds a test to illustrate how push run with --dry-run doesn't
actually perform a dry-run when push is configured to push submodules
on-demand. Instead all submodules which need to be pushed are actually
pushed to their remotes while any updates for the superproject are
performed as a dry-run. This is a bug and not the intended behaviour of
a dry-run.

Signed-off-by: Brandon Williams <bmwill@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge tag 'l10n-2.11.0-rnd2' of git://github.com/git... Junio C Hamano Tue, 22 Nov 2016 22:16:06 +0000 (14:16 -0800)

Merge tag 'l10n-2.11.0-rnd2' of git://github.com/git-l10n/git-po

l10n-2.11.0-rnd2

* tag 'l10n-2.11.0-rnd2' of git://github.com/git-l10n/git-po:
l10n: Fixed typo of git fetch-pack command
l10n: git.pot: v2.11.0 round 2 (1 new, 1 removed)
l10n: zh_CN: for git v2.11.0 l10n round 1
l10n: pt_PT: update Portuguese translation
l10n: fr.po fix grammar mistakes
l10n: fr.po v2.11.0_rnd1
l10n: sv.po: Update Swedish translation (2913t0f0u)
l10n: vi.po: Updated translation to v2.11.0 (2913t)
l10n: ko.po: Update Korean translation
l10n: git.pot: v2.11.0 round 1 (209 new, 53 removed)
l10n: ru.po: update Russian translation

Merge branch 'js/prepare-sequencer'Junio C Hamano Tue, 22 Nov 2016 22:15:38 +0000 (14:15 -0800)

Merge branch 'js/prepare-sequencer'

Fix for an error message string.

* js/prepare-sequencer:
i18n: fix unmatched single quote in error message

archive: read local configurationJunio C Hamano Tue, 22 Nov 2016 21:37:04 +0000 (13:37 -0800)

archive: read local configuration

Since b9605bc4f2 ("config: only read .git/config from configured
repos", 2016-09-12), we do not read from ".git/config" unless we
know we are in a repository. "git archive" however didn't do the
repository discovery and instead relied on the old behaviour.

Teach the command to run a "gentle" version of repository discovery
so that local configuration variables are honoured.

[jc: stole tests from peff]
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mailinfo: read local configurationJunio C Hamano Tue, 22 Nov 2016 21:13:16 +0000 (13:13 -0800)

mailinfo: read local configuration

Since b9605bc4f2 ("config: only read .git/config from configured
repos", 2016-09-12), we do not read from ".git/config" unless we
know we are in a repository. "git mailinfo" however didn't do the
repository discovery and instead relied on the old behaviour. This
was mostly OK because it was merely run as a helper program by other
porcelain scripts that first chdir's up to the root of the working
tree.

Teach the command to run a "gentle" version of repository discovery
so that local configuration variables like mailinfo.scissors are
honoured.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

l10n: Fixed typo of git fetch-pack commandJiang Xin Tue, 22 Nov 2016 14:24:59 +0000 (22:24 +0800)

l10n: Fixed typo of git fetch-pack command

Git 2.11.0-rc2 introduced one small l10n update, and this commit fixed
the affected translations all in one batch.

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>

l10n: git.pot: v2.11.0 round 2 (1 new, 1 removed)Jiang Xin Tue, 22 Nov 2016 14:22:59 +0000 (22:22 +0800)

l10n: git.pot: v2.11.0 round 2 (1 new, 1 removed)

Generate po/git.pot from v2.11.0-rc2 for git v2.11.0 l10n round 2.

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>

Merge branch 'master' of git://github.com/git-l10n... Jiang Xin Tue, 22 Nov 2016 14:08:47 +0000 (22:08 +0800)

Merge branch 'master' of git://github.com/git-l10n/git-po

* 'master' of git://github.com/git-l10n/git-po:
l10n: zh_CN: for git v2.11.0 l10n round 1
l10n: pt_PT: update Portuguese translation
l10n: fr.po fix grammar mistakes
l10n: fr.po v2.11.0_rnd1
l10n: sv.po: Update Swedish translation (2913t0f0u)
l10n: vi.po: Updated translation to v2.11.0 (2913t)
l10n: ko.po: Update Korean translation
l10n: git.pot: v2.11.0 round 1 (209 new, 53 removed)
l10n: ru.po: update Russian translation

doc: mention user-configured trailersJonathan Tan Mon, 21 Nov 2016 20:47:21 +0000 (12:47 -0800)

doc: mention user-configured trailers

In commit 1462450 ("trailer: allow non-trailers in trailer block",
2016-10-21), functionality was added (and tested [1]) to allow
non-trailer lines in trailer blocks, as long as those blocks contain at
least one Git-generated or user-configured trailer, and consists of at
least 25% trailers. The documentation was updated to mention this new
functionality, but did not mention "user-configured trailer".

Further update the documentation to also mention "user-configured
trailer".

[1] "with non-trailer lines mixed with a configured trailer" in
t/t7513-interpret-trailers.sh

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

rebase -i: handle core.commentChar=autoJohannes Schindelin Mon, 21 Nov 2016 14:18:29 +0000 (15:18 +0100)

rebase -i: handle core.commentChar=auto

When 84c9dc2 (commit: allow core.commentChar=auto for character auto
selection, 2014-05-17) extended the core.commentChar functionality to
allow for the value 'auto', it forgot that rebase -i was already taught to
handle core.commentChar, and in turn forgot to let rebase -i handle that
new value gracefully.

Reported by Taufiq Hoven.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

stripspace: respect repository configJohannes Schindelin Mon, 21 Nov 2016 14:18:24 +0000 (15:18 +0100)

stripspace: respect repository config

The way "git stripspace" reads the configuration was not quite
kosher, in that the code forgot to probe for a possibly existing
repository (note: stripspace is designed to be usable outside the
repository as well). It read .git/config only when it was run from
the top-level of the working tree by accident. A recent change
b9605bc4f2 ("config: only read .git/config from configured repos",
2016-09-12) stopped reading the repository-local configuration file
".git/config" unless the repository discovery process is done, so
that .git/config is never read even when run from the top-level,
exposing the old bug more.

When rebasing interactively with a commentChar defined in the
current repository's config, the help text at the bottom of the edit
script potentially used an incorrect comment character. This was not
only funny-looking, but also resulted in tons of warnings like this
one:

Warning: the command isn't recognized in the following line
- #

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

rebase -i: highlight problems with core.commentcharJohannes Schindelin Mon, 21 Nov 2016 14:18:05 +0000 (15:18 +0100)

rebase -i: highlight problems with core.commentchar

The interactive rebase does not currently play well with
core.commentchar. Let's add some tests to highlight those problems
that will be fixed in the remainder of the series.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

i18n: fix unmatched single quote in error messageJiang Xin Sun, 20 Nov 2016 12:26:17 +0000 (20:26 +0800)

i18n: fix unmatched single quote in error message

Fixed unmatched single quote introduced by commit:

* f56fffef9a sequencer: teach write_message() to append an optional LF

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
Acked-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

l10n: zh_CN: for git v2.11.0 l10n round 1Jiang Xin Thu, 27 Oct 2016 13:53:37 +0000 (21:53 +0800)

l10n: zh_CN: for git v2.11.0 l10n round 1

Update 209 translations (2913t0f0u) for git v2.11.0-rc0.

Signed-off-by: Jiang Xin <worldhello.net@gmail.com>

for-each-ref: do not segv with %(HEAD) on an unborn... Junio C Hamano Fri, 18 Nov 2016 23:21:12 +0000 (15:21 -0800)

for-each-ref: do not segv with %(HEAD) on an unborn branch

The code to flip between "*" and " " prefixes depending on what
branch is checked out used in --format='%(HEAD)' did not consider
that HEAD may resolve to an unborn branch and dereferenced a NULL.

This will become a lot easier to trigger as the codepath will be
used to reimplement "git branch [--list]" in the future.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

submodules: allow empty working-tree dirs in merge... David Turner Mon, 7 Nov 2016 18:31:31 +0000 (13:31 -0500)

submodules: allow empty working-tree dirs in merge/cherry-pick

When a submodule is being merged or cherry-picked into a working
tree that already contains a corresponding empty directory, do not
record a conflict.

One situation where this bug appears is:

- Commit 1 adds a submodule
- Commit 2 removes that submodule and re-adds it into a subdirectory
(sub1 to sub1/sub1).
- Commit 3 adds an unrelated file.

Now the user checks out commit 1 (first deinitializing the submodule),
and attempts to cherry-pick commit 3. Previously, this would fail,
because the incoming submodule sub1/sub1 would falsely conflict with
the empty sub1 directory.

This patch ignores the empty sub1 directory, fixing the bug. We only
ignore the empty directory if the object being emplaced is a
submodule, which expects an empty directory.

Signed-off-by: David Turner <dturner@twosigma.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>