gitweb.git
imap-send: handle missing response codes gracefullyRené Scharfe Thu, 2 Nov 2017 17:27:05 +0000 (18:27 +0100)

imap-send: handle missing response codes gracefully

Response codes are optional. Exit parse_response_code() early if it's
passed a NULL string, indicating that we reached the end of the reply.
This avoids dereferencing said NULL pointer.

Noticed-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

imap-send: handle NULL return of next_arg()René Scharfe Wed, 1 Nov 2017 17:03:20 +0000 (18:03 +0100)

imap-send: handle NULL return of next_arg()

next_arg() returns NULL if it runs out of arguments. Most call sites
already handle that gracefully. Check in the remaining cases as well.
Replace the NULL pointer with an empty string at the bottom of
get_cmd_result() -- it's nicely reported as an unexpected response a
few lines down. Error out explicitly at the remaining sites.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Git 2.12.5 v2.12.5Junio C Hamano Fri, 22 Sep 2017 05:47:41 +0000 (14:47 +0900)

Git 2.12.5

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Sync with 2.11.4Junio C Hamano Fri, 22 Sep 2017 05:45:30 +0000 (14:45 +0900)

Sync with 2.11.4

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Git 2.11.4 v2.11.4Junio C Hamano Fri, 22 Sep 2017 05:44:45 +0000 (14:44 +0900)

Git 2.11.4

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Sync with 2.10.5Junio C Hamano Fri, 22 Sep 2017 05:43:13 +0000 (14:43 +0900)

Sync with 2.10.5

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Git 2.10.5 v2.10.5Junio C Hamano Fri, 22 Sep 2017 05:42:22 +0000 (14:42 +0900)

Git 2.10.5

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'jk/safe-pipe-capture' into maint-2.10Junio C Hamano Fri, 22 Sep 2017 05:34:34 +0000 (14:34 +0900)

Merge branch 'jk/safe-pipe-capture' into maint-2.10

Merge branch 'jk/cvsimport-quoting' into maint-2.10Junio C Hamano Fri, 22 Sep 2017 05:34:34 +0000 (14:34 +0900)

Merge branch 'jk/cvsimport-quoting' into maint-2.10

Merge branch 'jc/cvsserver' into maint-2.10Junio C Hamano Fri, 22 Sep 2017 05:34:34 +0000 (14:34 +0900)

Merge branch 'jc/cvsserver' into maint-2.10

Merge branch 'jk/git-shell-drop-cvsserver' into maint... Junio C Hamano Fri, 22 Sep 2017 05:34:34 +0000 (14:34 +0900)

Merge branch 'jk/git-shell-drop-cvsserver' into maint-2.10

cvsimport: shell-quote variable used in backticksJeff King Mon, 11 Sep 2017 14:24:26 +0000 (10:24 -0400)

cvsimport: shell-quote variable used in backticks

We run `git rev-parse` though the shell, and quote its
argument only with single-quotes. This prevents most
metacharacters from being a problem, but misses the obvious
case when $name itself has single-quotes in it. We can fix
this by applying the usual shell-quoting formula.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

archimport: use safe_pipe_capture for user inputJeff King Mon, 11 Sep 2017 14:24:11 +0000 (10:24 -0400)

archimport: use safe_pipe_capture for user input

Refnames can contain shell metacharacters which need to be
passed verbatim to sub-processes. Using safe_pipe_capture
skips the shell entirely.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

shell: drop git-cvsserver support by defaultJeff King Mon, 11 Sep 2017 15:27:51 +0000 (11:27 -0400)

shell: drop git-cvsserver support by default

The git-cvsserver script is old and largely unmaintained
these days. But git-shell allows untrusted users to run it
out of the box, significantly increasing its attack surface.

Let's drop it from git-shell's list of internal handlers so
that it cannot be run by default. This is not backwards
compatible. But given the age and development activity on
CVS-related parts of Git, this is likely to impact very few
users, while helping many more (i.e., anybody who runs
git-shell and had no intention of supporting CVS).

There's no configuration mechanism in git-shell for us to
add a boolean and flip it to "off". But there is a mechanism
for adding custom commands, and adding CVS support here is
fairly trivial. Let's document it to give guidance to
anybody who really is still running cvsserver.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

cvsserver: use safe_pipe_capture for `constant commands... Junio C Hamano Mon, 11 Sep 2017 05:45:54 +0000 (14:45 +0900)

cvsserver: use safe_pipe_capture for `constant commands` as well

This is not strictly necessary, but it is a good code hygiene.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

cvsserver: use safe_pipe_capture instead of backticksjoernchen Mon, 11 Sep 2017 05:45:09 +0000 (14:45 +0900)

cvsserver: use safe_pipe_capture instead of backticks

This makes the script pass arguments that are derived from end-user
input in safer way when invoking subcommands.

Reported-by: joernchen <joernchen@phenoelit.de>
Signed-off-by: joernchen <joernchen@phenoelit.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

cvsserver: move safe_pipe_capture() to the main packageJunio C Hamano Mon, 11 Sep 2017 05:44:24 +0000 (14:44 +0900)

cvsserver: move safe_pipe_capture() to the main package

As a preparation for replacing `command` with a call to this
function from outside GITCVS::updater package, move it to the main
package.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Git 2.12.4 v2.12.4Junio C Hamano Sun, 30 Jul 2017 22:06:06 +0000 (15:06 -0700)

Git 2.12.4

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge tag 'v2.11.3' into maint-2.12Junio C Hamano Sun, 30 Jul 2017 22:04:22 +0000 (15:04 -0700)

Merge tag 'v2.11.3' into maint-2.12

Git 2.11.3

Merge branch 'jk/lib-proto-disable-cleanup' into maint... Junio C Hamano Sun, 30 Jul 2017 22:03:21 +0000 (15:03 -0700)

Merge branch 'jk/lib-proto-disable-cleanup' into maint-2.12

Git 2.11.3 v2.11.3Junio C Hamano Sun, 30 Jul 2017 22:02:37 +0000 (15:02 -0700)

Git 2.11.3

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge tag 'v2.10.4' into maint-2.11Junio C Hamano Sun, 30 Jul 2017 22:01:31 +0000 (15:01 -0700)

Merge tag 'v2.10.4' into maint-2.11

Git 2.10.4

Git 2.10.4 v2.10.4Junio C Hamano Sun, 30 Jul 2017 22:00:04 +0000 (15:00 -0700)

Git 2.10.4

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge tag 'v2.9.5' into maint-2.10Junio C Hamano Sun, 30 Jul 2017 21:57:33 +0000 (14:57 -0700)

Merge tag 'v2.9.5' into maint-2.10

Git 2.9.5

Git 2.9.5 v2.9.5Junio C Hamano Sun, 30 Jul 2017 21:53:25 +0000 (14:53 -0700)

Git 2.9.5

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge tag 'v2.8.6' into maint-2.9Junio C Hamano Sun, 30 Jul 2017 21:52:14 +0000 (14:52 -0700)

Merge tag 'v2.8.6' into maint-2.9

Git 2.8.6

Git 2.8.6 v2.8.6Junio C Hamano Sun, 30 Jul 2017 21:49:08 +0000 (14:49 -0700)

Git 2.8.6

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge tag 'v2.7.6' into maint-2.8Junio C Hamano Sun, 30 Jul 2017 21:46:43 +0000 (14:46 -0700)

Merge tag 'v2.7.6' into maint-2.8

Git 2.7.6

Git 2.7.6 v2.7.6Junio C Hamano Sun, 30 Jul 2017 21:45:13 +0000 (14:45 -0700)

Git 2.7.6

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'jk/ssh-funny-url' into maint-2.7Junio C Hamano Fri, 28 Jul 2017 23:11:54 +0000 (16:11 -0700)

Merge branch 'jk/ssh-funny-url' into maint-2.7

connect: reject paths that look like command line optionsJeff King Fri, 28 Jul 2017 19:28:55 +0000 (15:28 -0400)

connect: reject paths that look like command line options

If we get a repo path like "-repo.git", we may try to invoke
"git-upload-pack -repo.git". This is going to fail, since
upload-pack will interpret it as a set of bogus options. But
let's reject this before we even run the sub-program, since
we would not want to allow any mischief with repo names that
actually are real command-line options.

You can still ask for such a path via git-daemon, but there's no
security problem there, because git-daemon enters the repo itself
and then passes "." on the command line.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

connect: reject dashed arguments for proxy commandsJeff King Fri, 28 Jul 2017 19:26:50 +0000 (15:26 -0400)

connect: reject dashed arguments for proxy commands

If you have a GIT_PROXY_COMMAND configured, we will run it
with the host/port on the command-line. If a URL contains a
mischievous host like "--foo", we don't know how the proxy
command may handle it. It's likely to break, but it may also
do something dangerous and unwanted (technically it could
even do something useful, but that seems unlikely).

We should err on the side of caution and reject this before
we even run the command.

The hostname check matches the one we do in a similar
circumstance for ssh. The port check is not present for ssh,
but there it's not necessary because the syntax is "-p
<port>", and there's no ambiguity on the parsing side.

It's not clear whether you can actually get a negative port
to the proxy here or not. Doing:

git fetch git://remote:-1234/repo.git

keeps the "-1234" as part of the hostname, with the default
port of 9418. But it's a good idea to keep this check close
to the point of running the command to make it clear that
there's no way to circumvent it (and at worst it serves as a
belt-and-suspenders check).

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

connect: factor out "looks like command line option... Jeff King Fri, 28 Jul 2017 19:25:45 +0000 (15:25 -0400)

connect: factor out "looks like command line option" check

We reject hostnames that start with a dash because they may
be confused for command-line options. Let's factor out that
notion into a helper function, as we'll use it in more
places. And while it's simple now, it's not clear if some
systems might need more complex logic to handle all cases.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t5813: add test for hostname starting with dashJeff King Fri, 28 Jul 2017 19:23:32 +0000 (15:23 -0400)

t5813: add test for hostname starting with dash

Per the explanation in the previous patch, this should be
(and is) rejected.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

connect: reject ssh hostname that begins with a dashJunio C Hamano Wed, 26 Jul 2017 17:24:20 +0000 (10:24 -0700)

connect: reject ssh hostname that begins with a dash

When commands like "git fetch" talk with ssh://$rest_of_URL/, the
code splits $rest_of_URL into components like host, port, etc., and
then spawns the underlying "ssh" program by formulating argv[] array
that has:

- the path to ssh command taken from GIT_SSH_COMMAND, etc.

- dashed options like '-batch' (for Tortoise), '-p <port>' as
needed.

- ssh_host, which is supposed to be the hostname parsed out of
$rest_of_URL.

- then the command to be run on the other side, e.g. git
upload-pack.

If the ssh_host ends up getting '-<anything>', the argv[] that is
used to spawn the command becomes something like:

{ "ssh", "-p", "22", "-<anything>", "command", "to", "run", NULL }

which obviously is bogus, but depending on the actual value of
"<anything>", will make "ssh" parse and use it as an option.

Prevent this by forbidding ssh_host that begins with a "-".

Noticed-by: Joern Schneeweisz of Recurity Labs
Reported-by: Brian at GitLab
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t/lib-proto-disable: restore protocol.allow after confi... Jeff King Fri, 28 Jul 2017 21:47:48 +0000 (17:47 -0400)

t/lib-proto-disable: restore protocol.allow after config tests

The tests for protocol.allow actually set that variable in
the on-disk config, run a series of tests, and then never
clean up after themselves. This means that whatever tests we
run after have protocol.allow=never, which may influence
their results.

In most cases we either exit after running these tests, or
do another round of test_proto(). In the latter case, this happens to
work because:

1. Tests of the GIT_ALLOW_PROTOCOL environment variable
override the config.

2. Tests of the specific config "protocol.foo.allow"
override the protocol.allow config.

3. The next round of protocol.allow tests start off by
setting the config to a known value.

However, it's a land-mine waiting to trap somebody adding
new tests to one of the t581x test scripts. Let's make sure
we clean up after ourselves.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Git 2.12.3 v2.12.3Junio C Hamano Fri, 5 May 2017 04:33:22 +0000 (13:33 +0900)

Git 2.12.3

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'maint-2.11' into maintJunio C Hamano Fri, 5 May 2017 04:31:40 +0000 (13:31 +0900)

Merge branch 'maint-2.11' into maint

Git 2.11.2 v2.11.2Junio C Hamano Fri, 5 May 2017 04:29:43 +0000 (13:29 +0900)

Git 2.11.2

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'maint-2.10' into maint-2.11Junio C Hamano Fri, 5 May 2017 04:26:31 +0000 (13:26 +0900)

Merge branch 'maint-2.10' into maint-2.11

Git 2.10.3 v2.10.3Junio C Hamano Fri, 5 May 2017 04:24:10 +0000 (13:24 +0900)

Git 2.10.3

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'maint-2.9' into maint-2.10Junio C Hamano Fri, 5 May 2017 04:21:52 +0000 (13:21 +0900)

Merge branch 'maint-2.9' into maint-2.10

Git 2.9.4 v2.9.4Junio C Hamano Fri, 5 May 2017 04:18:23 +0000 (13:18 +0900)

Git 2.9.4

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'maint-2.8' into maint-2.9Junio C Hamano Fri, 5 May 2017 04:13:48 +0000 (13:13 +0900)

Merge branch 'maint-2.8' into maint-2.9

Git 2.8.5 v2.8.5Junio C Hamano Fri, 5 May 2017 04:08:54 +0000 (13:08 +0900)

Git 2.8.5

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'maint-2.7' into maint-2.8Junio C Hamano Fri, 5 May 2017 04:05:03 +0000 (13:05 +0900)

Merge branch 'maint-2.7' into maint-2.8

Git 2.7.5 v2.7.5Junio C Hamano Fri, 5 May 2017 04:03:40 +0000 (13:03 +0900)

Git 2.7.5

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'maint-2.6' into maint-2.7Junio C Hamano Fri, 5 May 2017 03:59:16 +0000 (12:59 +0900)

Merge branch 'maint-2.6' into maint-2.7

Git 2.6.7 v2.6.7Junio C Hamano Fri, 5 May 2017 03:56:19 +0000 (12:56 +0900)

Git 2.6.7

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'maint-2.5' into maint-2.6Junio C Hamano Fri, 5 May 2017 03:52:26 +0000 (12:52 +0900)

Merge branch 'maint-2.5' into maint-2.6

Git 2.5.6 v2.5.6Junio C Hamano Fri, 5 May 2017 03:49:00 +0000 (12:49 +0900)

Git 2.5.6

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'maint-2.4' into maint-2.5Junio C Hamano Fri, 5 May 2017 03:46:53 +0000 (12:46 +0900)

Merge branch 'maint-2.4' into maint-2.5

Git 2.4.12 v2.4.12Junio C Hamano Fri, 5 May 2017 03:25:09 +0000 (12:25 +0900)

Git 2.4.12

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'jk/shell-no-repository-that-begins-with... Junio C Hamano Fri, 5 May 2017 03:17:55 +0000 (12:17 +0900)

Merge branch 'jk/shell-no-repository-that-begins-with-dash' into maint-2.4

* jk/shell-no-repository-that-begins-with-dash:
shell: disallow repo names beginning with dash

shell: disallow repo names beginning with dashJeff King Sat, 29 Apr 2017 12:36:44 +0000 (08:36 -0400)

shell: disallow repo names beginning with dash

When a remote server uses git-shell, the client side will
connect to it like:

ssh server "git-upload-pack 'foo.git'"

and we literally exec ("git-upload-pack", "foo.git"). In
early versions of upload-pack and receive-pack, we took a
repository argument and nothing else. But over time they
learned to accept dashed options. If the user passes a
repository name that starts with a dash, the results are
confusing at best (we complain of a bogus option instead of
a non-existent repository) and malicious at worst (the user
can start an interactive pager via "--help").

We could pass "--" to the sub-process to make sure the
user's argument is interpreted as a branch name. I.e.:

git-upload-pack -- -foo.git

But adding "--" automatically would make us inconsistent
with a normal shell (i.e., when git-shell is not in use),
where "-foo.git" would still be an error. For that case, the
client would have to specify the "--", but they can't do so
reliably, as existing versions of git-shell do not allow
more than a single argument.

The simplest thing is to simply disallow "-" at the start of
the repo name argument. This hasn't worked either with or
without git-shell since version 1.0.0, and nobody has
complained.

Note that this patch just applies to do_generic_cmd(), which
runs upload-pack, receive-pack, and upload-archive. There
are two other types of commands that git-shell runs:

- do_cvs_cmd(), but this already restricts the argument to
be the literal string "server"

- admin-provided commands in the git-shell-commands
directory. We'll pass along arbitrary arguments there,
so these commands could have similar problems. But these
commands might actually understand dashed arguments, so
we cannot just block them here. It's up to the writer of
the commands to make sure they are safe. With great
power comes great responsibility.

Reported-by: Timo Schmid <tschmid@ernw.de>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Prepare for 2.12.3Junio C Hamano Tue, 28 Mar 2017 20:54:14 +0000 (13:54 -0700)

Prepare for 2.12.3

Merge branch 'km/config-grammofix' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:29 +0000 (13:52 -0700)

Merge branch 'km/config-grammofix' into maint

Doc update.

* km/config-grammofix:
doc/config: grammar fixes for core.{editor,commentChar}

Merge branch 'sb/t3600-rephrase' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:29 +0000 (13:52 -0700)

Merge branch 'sb/t3600-rephrase' into maint

A test retitling.

* sb/t3600-rephrase:
t3600: rename test to describe its functionality

Merge branch 'sb/submodule-update-initial-runs-custom... Junio C Hamano Tue, 28 Mar 2017 20:52:29 +0000 (13:52 -0700)

Merge branch 'sb/submodule-update-initial-runs-custom-script' into maint

A test fix.

* sb/submodule-update-initial-runs-custom-script:
t7406: correct test case for submodule-update initial population

Merge branch 'jk/quote-env-path-list-component' into... Junio C Hamano Tue, 28 Mar 2017 20:52:28 +0000 (13:52 -0700)

Merge branch 'jk/quote-env-path-list-component' into maint

A test fix.

* jk/quote-env-path-list-component:
t5615: fix a here-doc syntax error

Merge branch 'rs/update-hook-optim' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:28 +0000 (13:52 -0700)

Merge branch 'rs/update-hook-optim' into maint

Code clean-up.

* rs/update-hook-optim:
receive-pack: simplify run_update_post_hook()

Merge branch 'rs/shortlog-cleanup' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:27 +0000 (13:52 -0700)

Merge branch 'rs/shortlog-cleanup' into maint

Code clean-up.

* rs/shortlog-cleanup:
shortlog: don't set after_subject to an empty string

Merge branch 'rs/path-name-safety-cleanup' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:27 +0000 (13:52 -0700)

Merge branch 'rs/path-name-safety-cleanup' into maint

Code clean-up.

* rs/path-name-safety-cleanup:
revision: remove declaration of path_name()

Merge branch 'rs/http-push-cleanup' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:26 +0000 (13:52 -0700)

Merge branch 'rs/http-push-cleanup' into maint

Code clean-up.

* rs/http-push-cleanup:
http-push: don't check return value of lookup_unknown_object()

Merge branch 'sb/wt-status-cleanup' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:26 +0000 (13:52 -0700)

Merge branch 'sb/wt-status-cleanup' into maint

Code clean-up.

* sb/wt-status-cleanup:
wt-status: simplify by using for_each_string_list_item

Merge branch 'jk/pack-name-cleanups' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:25 +0000 (13:52 -0700)

Merge branch 'jk/pack-name-cleanups' into maint

Code clean-up.

* jk/pack-name-cleanups:
index-pack: make pointer-alias fallbacks safer
replace snprintf with odb_pack_name()
odb_pack_keep(): stop generating keepfile name
sha1_file.c: make pack-name helper globally accessible
move odb_* declarations out of git-compat-util.h

Merge branch 'jk/rev-parse-cleanup' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:25 +0000 (13:52 -0700)

Merge branch 'jk/rev-parse-cleanup' into maint

Code clean-up.

* jk/rev-parse-cleanup:
rev-parse: simplify parsing of ref options
rev-parse: add helper for parsing "--foo/--foo="
rev-parse: use skip_prefix when parsing options

Merge branch 'rs/blame-code-cleanup' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:25 +0000 (13:52 -0700)

Merge branch 'rs/blame-code-cleanup' into maint

Code clean-up.

* rs/blame-code-cleanup:
blame: move blame_entry duplication to add_blame_entry()

Merge branch 'st/verify-tag' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:24 +0000 (13:52 -0700)

Merge branch 'st/verify-tag' into maint

A few unterminated here documents in tests were fixed, which in
turn revealed incorrect expectations the tests make. These tests
have been updated.

* st/verify-tag:
t7004, t7030: fix here-doc syntax errors

Merge branch 'js/regexec-buf' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:24 +0000 (13:52 -0700)

Merge branch 'js/regexec-buf' into maint

Fix for potential segv introduced in v2.11.0 and later (also
v2.10.2).

* js/regexec-buf:
pickaxe: fix segfault with '-S<...> --pickaxe-regex'

Merge branch 'jk/execv-dashed-external' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:23 +0000 (13:52 -0700)

Merge branch 'jk/execv-dashed-external' into maint

Fix for NO_PTHREADS build.

* jk/execv-dashed-external:
run-command: fix segfault when cleaning forked async process

Merge branch 'ew/http-alternates-as-redirects-warning... Junio C Hamano Tue, 28 Mar 2017 20:52:23 +0000 (13:52 -0700)

Merge branch 'ew/http-alternates-as-redirects-warning' into maint

Recent versions of Git treats http alternates (used in dumb http
transport) just like HTTP redirects and requires the client to
enable following it, due to security concerns. But we forgot to
give a warning when we decide not to honor the alternates.

* ew/http-alternates-as-redirects-warning:
http: release strbuf on disabled alternates
http: inform about alternates-as-redirects behavior

Merge branch 'dp/filter-branch-prune-empty' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:22 +0000 (13:52 -0700)

Merge branch 'dp/filter-branch-prune-empty' into maint

"git filter-branch --prune-empty" drops a single-parent commit that
becomes a no-op, but did not drop a root commit whose tree is empty.

* dp/filter-branch-prune-empty:
p7000: add test for filter-branch with --prune-empty
filter-branch: fix --prune-empty on parentless commits
t7003: ensure --prune-empty removes entire branch when applicable
t7003: ensure --prune-empty can prune root commit

Merge branch 'mm/fetch-show-error-message-on-unadvertis... Junio C Hamano Tue, 28 Mar 2017 20:52:22 +0000 (13:52 -0700)

Merge branch 'mm/fetch-show-error-message-on-unadvertised-object' into maint

"git fetch" that requests a commit by object name, when the other
side does not allow such an request, failed without much
explanation.

* mm/fetch-show-error-message-on-unadvertised-object:
fetch-pack: add specific error for fetching an unadvertised object
fetch_refs_via_pack: call report_unmatched_refs
fetch-pack: move code to report unmatched refs to a function

Merge branch 'jk/interpret-branch-name' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:22 +0000 (13:52 -0700)

Merge branch 'jk/interpret-branch-name' into maint

"git branch @" created refs/heads/@ as a branch, and in general the
code that handled @{-1} and @{upstream} was a bit too loose in
disambiguating.

* jk/interpret-branch-name:
checkout: restrict @-expansions when finding branch
strbuf_check_ref_format(): expand only local branches
branch: restrict @-expansions when deleting
t3204: test git-branch @-expansion corner cases
interpret_branch_name: allow callers to restrict expansions
strbuf_branchname: add docstring
strbuf_branchname: drop return value
interpret_branch_name: move docstring to header file
interpret_branch_name(): handle auto-namelen for @{-1}

Merge branch 'ab/cond-skip-tests' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:21 +0000 (13:52 -0700)

Merge branch 'ab/cond-skip-tests' into maint

A few tests were run conditionally under (rare) conditions where
they cannot be run (like running cvs tests under 'root' account).

* ab/cond-skip-tests:
gitweb tests: skip tests when we don't have Time::HiRes
gitweb tests: change confusing "skip_all" phrasing
cvs tests: skip tests that call "cvs commit" when running as root

Merge branch 'jk/ident-empty' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:21 +0000 (13:52 -0700)

Merge branch 'jk/ident-empty' into maint

user.email that consists of only cruft chars should consistently
error out, but didn't.

* jk/ident-empty:
ident: do not ignore empty config name/email
ident: reject all-crud ident name
ident: handle NULL email when complaining of empty name
ident: mark error messages for translation

Merge branch 'jk/delta-chain-limit' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:20 +0000 (13:52 -0700)

Merge branch 'jk/delta-chain-limit' into maint

"git repack --depth=<n>" for a long time busted the specified depth
when reusing delta from existing packs. This has been corrected.

* jk/delta-chain-limit:
pack-objects: convert recursion to iteration in break_delta_chain()
pack-objects: enforce --depth limit in reused deltas

Merge branch 'sg/test-with-stdin' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:20 +0000 (13:52 -0700)

Merge branch 'sg/test-with-stdin' into maint

Teach the "debug" helper used in the test framework that allows a
command to run under "gdb" to make the session interactive.

* sg/test-with-stdin:
tests: make the 'test_pause' helper work in non-verbose mode
tests: create an interactive gdb session with the 'debug' helper

Merge branch 'jk/interop-test' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:20 +0000 (13:52 -0700)

Merge branch 'jk/interop-test' into maint

Picking two versions of Git and running tests to make sure the
older one and the newer one interoperate happily has now become
possible.

* jk/interop-test:
t/interop: add test of old clients against modern git-daemon
t: add an interoperability test harness

Merge branch 'jt/perf-updates' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:19 +0000 (13:52 -0700)

Merge branch 'jt/perf-updates' into maint

The t/perf performance test suite was not prepared to test not so
old versions of Git, but now it covers versions of Git that are not
so ancient.

* jt/perf-updates:
t/perf: add fallback for pre-bin-wrappers versions of git
t/perf: use $MODERN_GIT for all repo-copying steps
t/perf: export variable used in other blocks

Merge branch 'rs/strbuf-add-real-path' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:19 +0000 (13:52 -0700)

Merge branch 'rs/strbuf-add-real-path' into maint

An helper function to make it easier to append the result from
real_path() to a strbuf has been added.

* rs/strbuf-add-real-path:
strbuf: add strbuf_add_real_path()
cocci: use ALLOC_ARRAY

Merge branch 'jk/parse-config-key-cleanup' into maintJunio C Hamano Tue, 28 Mar 2017 20:52:18 +0000 (13:52 -0700)

Merge branch 'jk/parse-config-key-cleanup' into maint

The "parse_config_key()" API function has been cleaned up.

* jk/parse-config-key-cleanup:
parse_hide_refs_config: tell parse_config_key we don't want a subsection
parse_config_key: allow matching single-level config
parse_config_key: use skip_prefix instead of starts_with
refs: parse_hide_refs_config to use parse_config_key

Git 2.12.2 v2.12.2Junio C Hamano Fri, 24 Mar 2017 19:59:15 +0000 (12:59 -0700)

Git 2.12.2

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'ab/doc-no-option-notation-fix' into maintJunio C Hamano Fri, 24 Mar 2017 19:57:55 +0000 (12:57 -0700)

Merge branch 'ab/doc-no-option-notation-fix' into maint

Doc fix.

* ab/doc-no-option-notation-fix:
doc: change erroneous --[no]-whatever into --[no-]whatever

Merge branch 'ab/push-default-doc-fix' into maintJunio C Hamano Fri, 24 Mar 2017 19:57:54 +0000 (12:57 -0700)

Merge branch 'ab/push-default-doc-fix' into maint

Doc fix.

* ab/push-default-doc-fix:
push: mention "push.default=tracking" in the documentation

Merge branch 'nd/commit-hook-doc-fix' into maintJunio C Hamano Fri, 24 Mar 2017 19:57:54 +0000 (12:57 -0700)

Merge branch 'nd/commit-hook-doc-fix' into maint

Doc fix.

* nd/commit-hook-doc-fix:
git-commit.txt: list post-rewrite in HOOKS section

Merge branch 'jc/config-case-cmdline-take-2' into maintJunio C Hamano Fri, 24 Mar 2017 19:57:54 +0000 (12:57 -0700)

Merge branch 'jc/config-case-cmdline-take-2' into maint

The code to parse "git -c VAR=VAL cmd" and set configuration
variable for the duration of cmd had two small bugs, which have
been fixed.
This supersedes jc/config-case-cmdline topic that has been discarded.

* jc/config-case-cmdline-take-2:
config: use git_config_parse_key() in git_config_parse_parameter()
config: move a few helper functions up

Merge branch 'jk/grep-no-index-fix' into maintJunio C Hamano Fri, 24 Mar 2017 19:57:53 +0000 (12:57 -0700)

Merge branch 'jk/grep-no-index-fix' into maint

The code to parse the command line "git grep <patterns>... <rev>
[[--] <pathspec>...]" has been cleaned up, and a handful of bugs
have been fixed (e.g. we used to check "--" if it is a rev).

* jk/grep-no-index-fix:
grep: treat revs the same for --untracked as for --no-index
grep: do not diagnose misspelt revs with --no-index
grep: avoid resolving revision names in --no-index case
grep: fix "--" rev/pathspec disambiguation
grep: re-order rev-parsing loop
grep: do not unnecessarily query repo for "--"
grep: move thread initialization a little lower

Merge branch 'jn/remote-helpers-with-git-dir' into... Junio C Hamano Fri, 24 Mar 2017 19:57:53 +0000 (12:57 -0700)

Merge branch 'jn/remote-helpers-with-git-dir' into maint

"git ls-remote" and "git archive --remote" are designed to work
without being in a directory under Git's control. However, recent
updates revealed that we randomly look into a directory called
.git/ without actually doing necessary set-up when working in a
repository. Stop doing so.

* jn/remote-helpers-with-git-dir:
remote helpers: avoid blind fall-back to ".git" when setting GIT_DIR
remote: avoid reading $GIT_DIR config in non-repo

Merge branch 'sb/submodule-config-parse-ignore-fix... Junio C Hamano Fri, 24 Mar 2017 19:57:52 +0000 (12:57 -0700)

Merge branch 'sb/submodule-config-parse-ignore-fix' into maint

Code to read submodule.<name>.ignore config did not state the
variable name correctly when giving an error message diagnosing
misconfiguration.

* sb/submodule-config-parse-ignore-fix:
submodule-config: correct error reporting for invalid ignore value

Merge branch 'jk/push-deadlock-regression-fix' into... Junio C Hamano Fri, 24 Mar 2017 19:57:52 +0000 (12:57 -0700)

Merge branch 'jk/push-deadlock-regression-fix' into maint

"git push" had a handful of codepaths that could lead to a deadlock
when unexpected error happened, which has been fixed.

* jk/push-deadlock-regression-fix:
send-pack: report signal death of pack-objects
send-pack: read "unpack" status even on pack-objects failure
send-pack: improve unpack-status error messages
send-pack: use skip_prefix for parsing unpack status
send-pack: extract parsing of "unpack" response
receive-pack: fix deadlock when we cannot create tmpdir

mailmap: use Michael J Gruber's new addressMichael J Gruber Fri, 24 Mar 2017 14:01:36 +0000 (15:01 +0100)

mailmap: use Michael J Gruber's new address

Map both old addresses to the new, hopefully more permanent one.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Michael J Gruber <git@grubix.eu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t7004, t7030: fix here-doc syntax errorsSantiago Torres Thu, 23 Mar 2017 22:28:47 +0000 (18:28 -0400)

t7004, t7030: fix here-doc syntax errors

Jan Palus noticed that some here-doc are spelled incorrectly,
resulting the entire remainder of the test snippet being slurped
into the "expect" file as if it were data, e.g. in this sequence

cat >expect <<EOF &&
... expectation ...
EOF
git $cmd_being_tested >actual &&
test_cmp expect actual

the last command of the test is "cat" that sends everything to
'expect' and succeeds.

Fixing these issues in t7004 and t7030 reveals that "git tag -v"
and "git verify-tag" with their --format option do not work as the
test was expecting originally. Instead of showing both valid tags
and tags with incorrect signatures on their output, tags that do not
pass verification are omitted from the output. Another breakage that
is uncovered is that these tests must be restricted to environment
where gpg is available.

Arguably, that is a safer behaviour, and because the format
specifiers like %(tag) do not have a way to show if the signature
verifies correctly, the command with the --format option cannot be
used to get a list of tags annotated with their signature validity
anyway.

For now, let's fix the here-doc syntax, update the expectation to
match the reality, and update the test prerequisite.

Maybe later when we extend the --format language available to "git
tag -v" and "git verify-tag" to include things like "%(gpg:status)",
we may want to change the behaviour so that piping a list of tag
names into

xargs git verify-tag --format='%(gpg:status) %(tag)'

becomes a good way to produce such a list, but that is a separate
topic.

Noticed-by: Jan Palus <jan.palus@gmail.com>
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Santiago Torres <santiago@nyu.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

doc/config: grammar fixes for core.{editor,commentChar}Kyle Meyer Thu, 23 Mar 2017 17:32:16 +0000 (13:32 -0400)

doc/config: grammar fixes for core.{editor,commentChar}

Signed-off-by: Kyle Meyer <kyle@kyleam.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t7406: correct test case for submodule-update initial... Junio C Hamano Wed, 22 Mar 2017 22:12:07 +0000 (15:12 -0700)

t7406: correct test case for submodule-update initial population

There are three issues with the test:

* The syntax of the here-doc was wrong, such that the entire test was
sucked into the here-doc, which is why the test succeeded.

* The variable $submodulesha1 was not expanded as it was inside a quoted
here text. We do not want to quote EOF marker for this.

* The redirection from the git command to the output file for comparison
was wrong as the -C operator from git doesn't apply to the redirect path.
Also we're interested in stderr of that command.

Noticed-by: Jan Palus <jan.palus@gmail.com>
Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t5615: fix a here-doc syntax errorJunio C Hamano Wed, 22 Mar 2017 19:56:43 +0000 (12:56 -0700)

t5615: fix a here-doc syntax error

This came as part of jk/quote-env-path-list-component and was merged
to 2.11.1 and later.

Noticed-by: Jan Palus <jan.palus@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t3600: rename test to describe its functionalityStefan Beller Tue, 21 Mar 2017 21:08:02 +0000 (14:08 -0700)

t3600: rename test to describe its functionality

This was an oversight in 55856a35b2 (rm: absorb a submodules git dir
before deletion, 2016-12-27), as the body of the test changed without
adapting the test subject.

Signed-off-by: Stefan Beller <sbeller@google.com>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Prepare for 2.12.2Junio C Hamano Tue, 21 Mar 2017 22:04:12 +0000 (15:04 -0700)

Prepare for 2.12.2

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'jh/send-email-one-cc' into maintJunio C Hamano Tue, 21 Mar 2017 22:03:30 +0000 (15:03 -0700)

Merge branch 'jh/send-email-one-cc' into maint

"Cc:" on the trailer part does not have to conform to RFC strictly,
unlike in the e-mail header. "git send-email" has been updated to
ignore anything after '>' when picking addresses, to allow non-address
cruft like " # stable 4.4" after the address.

* jh/send-email-one-cc:
send-email: only allow one address per body tag