gitweb.git
ewah_read_mmap: bounds-check mmap readsJeff King Fri, 15 Jun 2018 03:31:13 +0000 (23:31 -0400)

ewah_read_mmap: bounds-check mmap reads

The on-disk ewah format tells us how big the ewah data is,
and we blindly read that much from the buffer without
considering whether the mmap'd data is long enough, which
can lead to out-of-bound reads.

Let's make sure we have data available before reading it,
both for the ewah header/footer as well as for the bit data
itself. In particular:

- keep our ptr/len pair in sync as we move through the
buffer, and check it before each read

- check the size for integer overflow (this should be
impossible on 64-bit, as the size is given as a 32-bit
count of 8-byte words, but is possible on a 32-bit
system)

- return the number of bytes read as an ssize_t instead of
an int, again to prevent integer overflow

- compute the return value using a pointer difference;
this should yield the same result as the existing code,
but makes it more obvious that we got our computations
right

The included test is far from comprehensive, as it just
picks a static point at which to truncate the generated
bitmap. But in practice this will hit in the middle of an
ewah and make sure we're at least exercising this code.

Reported-by: Luat Nguyen <root@l4w.io>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Git 2.16.4 v2.16.4Junio C Hamano Tue, 22 May 2018 05:18:51 +0000 (14:18 +0900)

Git 2.16.4

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Sync with Git 2.15.2Junio C Hamano Tue, 22 May 2018 05:18:06 +0000 (14:18 +0900)

Sync with Git 2.15.2

* maint-2.15:
Git 2.15.2
Git 2.14.4
Git 2.13.7
verify_path: disallow symlinks in .gitmodules
update-index: stat updated files earlier
verify_dotfile: mention case-insensitivity in comment
verify_path: drop clever fallthrough
skip_prefix: add case-insensitive variant
is_{hfs,ntfs}_dotgitmodules: add tests
is_ntfs_dotgit: match other .git files
is_hfs_dotgit: match other .git files
is_ntfs_dotgit: use a size_t for traversing string
submodule-config: verify submodule names as paths

Git 2.15.2 v2.15.2Junio C Hamano Tue, 22 May 2018 05:15:59 +0000 (14:15 +0900)

Git 2.15.2

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Sync with Git 2.14.4Junio C Hamano Tue, 22 May 2018 05:15:14 +0000 (14:15 +0900)

Sync with Git 2.14.4

* maint-2.14:
Git 2.14.4
Git 2.13.7
verify_path: disallow symlinks in .gitmodules
update-index: stat updated files earlier
verify_dotfile: mention case-insensitivity in comment
verify_path: drop clever fallthrough
skip_prefix: add case-insensitive variant
is_{hfs,ntfs}_dotgitmodules: add tests
is_ntfs_dotgit: match other .git files
is_hfs_dotgit: match other .git files
is_ntfs_dotgit: use a size_t for traversing string
submodule-config: verify submodule names as paths

Git 2.14.4 v2.14.4Junio C Hamano Tue, 22 May 2018 05:12:02 +0000 (14:12 +0900)

Git 2.14.4

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Sync with Git 2.13.7Junio C Hamano Tue, 22 May 2018 05:10:49 +0000 (14:10 +0900)

Sync with Git 2.13.7

* maint-2.13:
Git 2.13.7
verify_path: disallow symlinks in .gitmodules
update-index: stat updated files earlier
verify_dotfile: mention case-insensitivity in comment
verify_path: drop clever fallthrough
skip_prefix: add case-insensitive variant
is_{hfs,ntfs}_dotgitmodules: add tests
is_ntfs_dotgit: match other .git files
is_hfs_dotgit: match other .git files
is_ntfs_dotgit: use a size_t for traversing string
submodule-config: verify submodule names as paths

Git 2.13.7 v2.13.7Junio C Hamano Tue, 22 May 2018 04:50:36 +0000 (13:50 +0900)

Git 2.13.7

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'jk/submodule-fix-loose' into maint-2.13Junio C Hamano Tue, 22 May 2018 04:48:26 +0000 (13:48 +0900)

Merge branch 'jk/submodule-fix-loose' into maint-2.13

* jk/submodule-fix-loose:
verify_path: disallow symlinks in .gitmodules
update-index: stat updated files earlier
verify_dotfile: mention case-insensitivity in comment
verify_path: drop clever fallthrough
skip_prefix: add case-insensitive variant
is_{hfs,ntfs}_dotgitmodules: add tests
is_ntfs_dotgit: match other .git files
is_hfs_dotgit: match other .git files
is_ntfs_dotgit: use a size_t for traversing string
submodule-config: verify submodule names as paths

verify_path: disallow symlinks in .gitmodulesJeff King Sat, 5 May 2018 00:03:35 +0000 (20:03 -0400)

verify_path: disallow symlinks in .gitmodules

There are a few reasons it's not a good idea to make
.gitmodules a symlink, including:

1. It won't be portable to systems without symlinks.

2. It may behave inconsistently, since Git may look at
this file in the index or a tree without bothering to
resolve any symbolic links. We don't do this _yet_, but
the config infrastructure is there and it's planned for
the future.

With some clever code, we could make (2) work. And some
people may not care about (1) if they only work on one
platform. But there are a few security reasons to simply
disallow it:

a. A symlinked .gitmodules file may circumvent any fsck
checks of the content.

b. Git may read and write from the on-disk file without
sanity checking the symlink target. So for example, if
you link ".gitmodules" to "../oops" and run "git
submodule add", we'll write to the file "oops" outside
the repository.

Again, both of those are problems that _could_ be solved
with sufficient code, but given the complications in (1) and
(2), we're better off just outlawing it explicitly.

Note the slightly tricky call to verify_path() in
update-index's update_one(). There we may not have a mode if
we're not updating from the filesystem (e.g., we might just
be removing the file). Passing "0" as the mode there works
fine; since it's not a symlink, we'll just skip the extra
checks.

Signed-off-by: Jeff King <peff@peff.net>

update-index: stat updated files earlierJeff King Mon, 14 May 2018 15:00:56 +0000 (11:00 -0400)

update-index: stat updated files earlier

In the update_one(), we check verify_path() on the proposed
path before doing anything else. In preparation for having
verify_path() look at the file mode, let's stat the file
earlier, so we can check the mode accurately.

This is made a bit trickier by the fact that this function
only does an lstat in a few code paths (the ones that flow
down through process_path()). So we can speculatively do the
lstat() here and pass the results down, and just use a dummy
mode for cases where we won't actually be updating the index
from the filesystem.

Signed-off-by: Jeff King <peff@peff.net>

verify_dotfile: mention case-insensitivity in commentJeff King Tue, 15 May 2018 13:56:50 +0000 (09:56 -0400)

verify_dotfile: mention case-insensitivity in comment

We're more restrictive than we need to be in matching ".GIT"
on case-sensitive filesystems; let's make a note that this
is intentional.

Signed-off-by: Jeff King <peff@peff.net>

verify_path: drop clever fallthroughJeff King Sun, 13 May 2018 17:00:23 +0000 (13:00 -0400)

verify_path: drop clever fallthrough

We check ".git" and ".." in the same switch statement, and
fall through the cases to share the end-of-component check.
While this saves us a line or two, it makes modifying the
function much harder. Let's just write it out.

Signed-off-by: Jeff King <peff@peff.net>

skip_prefix: add case-insensitive variantJeff King Sun, 13 May 2018 16:57:14 +0000 (12:57 -0400)

skip_prefix: add case-insensitive variant

We have the convenient skip_prefix() helper, but if you want
to do case-insensitive matching, you're stuck doing it by
hand. We could add an extra parameter to the function to
let callers ask for this, but the function is small and
somewhat performance-critical. Let's just re-implement it
for the case-insensitive version.

Signed-off-by: Jeff King <peff@peff.net>

is_{hfs,ntfs}_dotgitmodules: add testsJohannes Schindelin Sat, 12 May 2018 20:16:51 +0000 (22:16 +0200)

is_{hfs,ntfs}_dotgitmodules: add tests

This tests primarily for NTFS issues, but also adds one example of an
HFS+ issue.

Thanks go to Congyi Wu for coming up with the list of examples where
NTFS would possibly equate the filename with `.gitmodules`.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Jeff King <peff@peff.net>

is_ntfs_dotgit: match other .git filesJohannes Schindelin Fri, 11 May 2018 14:03:54 +0000 (16:03 +0200)

is_ntfs_dotgit: match other .git files

When we started to catch NTFS short names that clash with .git, we only
looked for GIT~1. This is sufficient because we only ever clone into an
empty directory, so .git is guaranteed to be the first subdirectory or
file in that directory.

However, even with a fresh clone, .gitmodules is *not* necessarily the
first file to be written that would want the NTFS short name GITMOD~1: a
malicious repository can add .gitmodul0000 and friends, which sorts
before `.gitmodules` and is therefore checked out *first*. For that
reason, we have to test not only for ~1 short names, but for others,
too.

It's hard to just adapt the existing checks in is_ntfs_dotgit(): since
Windows 2000 (i.e., in all Windows versions still supported by Git),
NTFS short names are only generated in the <prefix>~<number> form up to
number 4. After that, a *different* prefix is used, calculated from the
long file name using an undocumented, but stable algorithm.

For example, the short name of .gitmodules would be GITMOD~1, but if it
is taken, and all of ~2, ~3 and ~4 are taken, too, the short name
GI7EBA~1 will be used. From there, collisions are handled by
incrementing the number, shortening the prefix as needed (until ~9999999
is reached, in which case NTFS will not allow the file to be created).

We'd also want to handle .gitignore and .gitattributes, which suffer
from a similar problem, using the fall-back short names GI250A~1 and
GI7D29~1, respectively.

To accommodate for that, we could reimplement the hashing algorithm, but
it is just safer and simpler to provide the known prefixes. This
algorithm has been reverse-engineered and described at
https://usn.pw/blog/gen/2015/06/09/filenames/, which is defunct but
still available via https://web.archive.org/.

These can be recomputed by running the following Perl script:

-- snip --
use warnings;
use strict;

sub compute_short_name_hash ($) {
my $checksum = 0;
foreach (split('', $_[0])) {
$checksum = ($checksum * 0x25 + ord($_)) & 0xffff;
}

$checksum = ($checksum * 314159269) & 0xffffffff;
$checksum = 1 + (~$checksum & 0x7fffffff) if ($checksum & 0x80000000);
$checksum -= (($checksum * 1152921497) >> 60) * 1000000007;

return scalar reverse sprintf("%x", $checksum & 0xffff);
}

print compute_short_name_hash($ARGV[0]);
-- snap --

E.g., running that with the argument ".gitignore" will
result in "250a" (which then becomes "gi250a" in the code).

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Jeff King <peff@peff.net>

is_hfs_dotgit: match other .git filesJeff King Wed, 2 May 2018 19:23:45 +0000 (15:23 -0400)

is_hfs_dotgit: match other .git files

Both verify_path() and fsck match ".git", ".GIT", and other
variants specific to HFS+. Let's allow matching other
special files like ".gitmodules", which we'll later use to
enforce extra restrictions via verify_path() and fsck.

Signed-off-by: Jeff King <peff@peff.net>

is_ntfs_dotgit: use a size_t for traversing stringJeff King Sun, 13 May 2018 16:09:42 +0000 (12:09 -0400)

is_ntfs_dotgit: use a size_t for traversing string

We walk through the "name" string using an int, which can
wrap to a negative value and cause us to read random memory
before our array (e.g., by creating a tree with a name >2GB,
since "int" is still 32 bits even on most 64-bit platforms).
Worse, this is easy to trigger during the fsck_tree() check,
which is supposed to be protecting us from malicious
garbage.

Note one bit of trickiness in the existing code: we
sometimes assign -1 to "len" at the end of the loop, and
then rely on the "len++" in the for-loop's increment to take
it back to 0. This is still legal with a size_t, since
assigning -1 will turn into SIZE_MAX, which then wraps
around to 0 on increment.

Signed-off-by: Jeff King <peff@peff.net>

submodule-config: verify submodule names as pathsJeff King Mon, 30 Apr 2018 07:25:25 +0000 (03:25 -0400)

submodule-config: verify submodule names as paths

Submodule "names" come from the untrusted .gitmodules file,
but we blindly append them to $GIT_DIR/modules to create our
on-disk repo paths. This means you can do bad things by
putting "../" into the name (among other things).

Let's sanity-check these names to avoid building a path that
can be exploited. There are two main decisions:

1. What should the allowed syntax be?

It's tempting to reuse verify_path(), since submodule
names typically come from in-repo paths. But there are
two reasons not to:

a. It's technically more strict than what we need, as
we really care only about breaking out of the
$GIT_DIR/modules/ hierarchy. E.g., having a
submodule named "foo/.git" isn't actually
dangerous, and it's possible that somebody has
manually given such a funny name.

b. Since we'll eventually use this checking logic in
fsck to prevent downstream repositories, it should
be consistent across platforms. Because
verify_path() relies on is_dir_sep(), it wouldn't
block "foo\..\bar" on a non-Windows machine.

2. Where should we enforce it? These days most of the
.gitmodules reads go through submodule-config.c, so
I've put it there in the reading step. That should
cover all of the C code.

We also construct the name for "git submodule add"
inside the git-submodule.sh script. This is probably
not a big deal for security since the name is coming
from the user anyway, but it would be polite to remind
them if the name they pick is invalid (and we need to
expose the name-checker to the shell anyway for our
test scripts).

This patch issues a warning when reading .gitmodules
and just ignores the related config entry completely.
This will generally end up producing a sensible error,
as it works the same as a .gitmodules file which is
missing a submodule entry (so "submodule update" will
barf, but "git clone --recurse-submodules" will print
an error but not abort the clone.

There is one minor oddity, which is that we print the
warning once per malformed config key (since that's how
the config subsystem gives us the entries). So in the
new test, for example, the user would see three
warnings. That's OK, since the intent is that this case
should never come up outside of malicious repositories
(and then it might even benefit the user to see the
message multiple times).

Credit for finding this vulnerability and the proof of
concept from which the test script was adapted goes to
Etienne Stalmans.

Signed-off-by: Jeff King <peff@peff.net>

Git 2.16.3 v2.16.3Junio C Hamano Thu, 22 Mar 2018 21:24:45 +0000 (14:24 -0700)

Git 2.16.3

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'ms/non-ascii-ticks' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:25 +0000 (14:24 -0700)

Merge branch 'ms/non-ascii-ticks' into maint

Doc markup fix.

* ms/non-ascii-ticks:
Documentation/gitsubmodules.txt: avoid non-ASCII apostrophes

Merge branch 'jk/cached-commit-buffer' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:25 +0000 (14:24 -0700)

Merge branch 'jk/cached-commit-buffer' into maint

Code clean-up.

* jk/cached-commit-buffer:
revision: drop --show-all option
commit: drop uses of get_cached_commit_buffer()

Merge branch 'sm/mv-dry-run-update' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:25 +0000 (14:24 -0700)

Merge branch 'sm/mv-dry-run-update' into maint

Code clean-up.

* sm/mv-dry-run-update:
mv: remove unneeded 'if (!show_only)'
t7001: add test case for --dry-run

Merge branch 'tg/worktree-create-tracking' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:24 +0000 (14:24 -0700)

Merge branch 'tg/worktree-create-tracking' into maint

Hotfix for a recent topic.

* tg/worktree-create-tracking:
git-worktree.txt: fix indentation of example and text of 'add' command
git-worktree.txt: fix missing ")" typo

Merge branch 'gs/test-unset-xdg-cache-home' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:24 +0000 (14:24 -0700)

Merge branch 'gs/test-unset-xdg-cache-home' into maint

Test update.

* gs/test-unset-xdg-cache-home:
test-lib.sh: unset XDG_CACHE_HOME

Merge branch 'sb/status-doc-fix' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:23 +0000 (14:24 -0700)

Merge branch 'sb/status-doc-fix' into maint

Docfix.

* sb/status-doc-fix:
Documentation/git-status: clarify status table for porcelain mode

Merge branch 'rd/typofix' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:22 +0000 (14:24 -0700)

Merge branch 'rd/typofix' into maint

Typofix.

* rd/typofix:
Correct mispellings of ".gitmodule" to ".gitmodules"
t/: correct obvious typo "detahced"

Merge branch 'bp/fsmonitor' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:21 +0000 (14:24 -0700)

Merge branch 'bp/fsmonitor' into maint

Doc update for a recently added feature.

* bp/fsmonitor:
fsmonitor: update documentation to remove reference to invalid config settings

Merge branch 'bc/doc-interpret-trailers-grammofix'... Junio C Hamano Thu, 22 Mar 2018 21:24:21 +0000 (14:24 -0700)

Merge branch 'bc/doc-interpret-trailers-grammofix' into maint

Docfix.

* bc/doc-interpret-trailers-grammofix:
docs/interpret-trailers: fix agreement error

Merge branch 'sg/doc-test-must-fail-args' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:19 +0000 (14:24 -0700)

Merge branch 'sg/doc-test-must-fail-args' into maint

Devdoc update.

* sg/doc-test-must-fail-args:
t: document 'test_must_fail ok=<signal-name>'

Merge branch 'rj/sparse-updates' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:19 +0000 (14:24 -0700)

Merge branch 'rj/sparse-updates' into maint

Devtool update.

* rj/sparse-updates:
Makefile: suppress a sparse warning for pack-revindex.c
config.mak.uname: remove SPARSE_FLAGS setting for cygwin

Merge branch 'jk/gettext-poison' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:18 +0000 (14:24 -0700)

Merge branch 'jk/gettext-poison' into maint

Test updates.

* jk/gettext-poison:
git-sh-i18n: check GETTEXT_POISON before USE_GETTEXT_SCHEME
t0205: drop redundant test

Merge branch 'nd/ignore-glob-doc-update' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:18 +0000 (14:24 -0700)

Merge branch 'nd/ignore-glob-doc-update' into maint

Doc update.

* nd/ignore-glob-doc-update:
gitignore.txt: elaborate shell glob syntax

Merge branch 'rs/cocci-strbuf-addf-to-addstr' into... Junio C Hamano Thu, 22 Mar 2018 21:24:17 +0000 (14:24 -0700)

Merge branch 'rs/cocci-strbuf-addf-to-addstr' into maint

* rs/cocci-strbuf-addf-to-addstr:
cocci: simplify check for trivial format strings

Merge branch 'jc/worktree-add-short-help' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:17 +0000 (14:24 -0700)

Merge branch 'jc/worktree-add-short-help' into maint

Error message fix.

* jc/worktree-add-short-help:
worktree: say that "add" takes an arbitrary commit in short-help

Merge branch 'tz/doc-show-defaults-to-head' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:17 +0000 (14:24 -0700)

Merge branch 'tz/doc-show-defaults-to-head' into maint

Doc update.

* tz/doc-show-defaults-to-head:
doc: mention 'git show' defaults to HEAD

Merge branch 'nd/shared-index-fix' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:16 +0000 (14:24 -0700)

Merge branch 'nd/shared-index-fix' into maint

Code clean-up.

* nd/shared-index-fix:
read-cache: don't write index twice if we can't write shared index
read-cache.c: move tempfile creation/cleanup out of write_shared_index
read-cache.c: change type of "temp" in write_shared_index()

Merge branch 'jc/mailinfo-cleanup-fix' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:16 +0000 (14:24 -0700)

Merge branch 'jc/mailinfo-cleanup-fix' into maint

Corner case bugfix.

* jc/mailinfo-cleanup-fix:
mailinfo: avoid segfault when can't open files

Merge branch 'rb/hashmap-h-compilation-fix' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:15 +0000 (14:24 -0700)

Merge branch 'rb/hashmap-h-compilation-fix' into maint

Code clean-up.

* rb/hashmap-h-compilation-fix:
hashmap.h: remove unused variable

Merge branch 'rs/describe-unique-abbrev' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:14 +0000 (14:24 -0700)

Merge branch 'rs/describe-unique-abbrev' into maint

Code clean-up.

* rs/describe-unique-abbrev:
describe: use strbuf_add_unique_abbrev() for adding short hashes

Merge branch 'ks/submodule-doc-updates' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:13 +0000 (14:24 -0700)

Merge branch 'ks/submodule-doc-updates' into maint

Doc updates.

* ks/submodule-doc-updates:
Doc/git-submodule: improve readability and grammar of a sentence
Doc/gitsubmodules: make some changes to improve readability and syntax

Merge branch 'cl/t9001-cleanup' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:13 +0000 (14:24 -0700)

Merge branch 'cl/t9001-cleanup' into maint

Test clean-up.

* cl/t9001-cleanup:
t9001: use existing helper in send-email test

Merge branch 'bw/oidmap-autoinit' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:12 +0000 (14:24 -0700)

Merge branch 'bw/oidmap-autoinit' into maint

Code clean-up.

* bw/oidmap-autoinit:
oidmap: ensure map is initialized

Merge branch 'sg/test-i18ngrep' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:12 +0000 (14:24 -0700)

Merge branch 'sg/test-i18ngrep' into maint

Test fixes.

* sg/test-i18ngrep:
t: make 'test_i18ngrep' more informative on failure
t: validate 'test_i18ngrep's parameters
t: move 'test_i18ncmp' and 'test_i18ngrep' to 'test-lib-functions.sh'
t5536: let 'test_i18ngrep' read the file without redirection
t5510: consolidate 'grep' and 'test_i18ngrep' patterns
t4001: don't run 'git status' upstream of a pipe
t6022: don't run 'git merge' upstream of a pipe
t5812: add 'test_i18ngrep's missing filename parameter
t5541: add 'test_i18ngrep's missing filename parameter

Merge branch 'jt/fsck-code-cleanup' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:12 +0000 (14:24 -0700)

Merge branch 'jt/fsck-code-cleanup' into maint

Plug recently introduced leaks in fsck.

* jt/fsck-code-cleanup:
fsck: fix leak when traversing trees

Merge branch 'ew/svn-branch-segfault-fix' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:11 +0000 (14:24 -0700)

Merge branch 'ew/svn-branch-segfault-fix' into maint

Workaround for segfault with more recent versions of SVN.

* ew/svn-branch-segfault-fix:
git-svn: control destruction order to avoid segfault

Merge branch 'nd/list-merge-strategy' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:11 +0000 (14:24 -0700)

Merge branch 'nd/list-merge-strategy' into maint

Completion of "git merge -s<strategy>" (in contrib/) did not work
well in non-C locale.

* nd/list-merge-strategy:
completion: fix completing merge strategies on non-C locales

Merge branch 'jk/daemon-fixes' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:10 +0000 (14:24 -0700)

Merge branch 'jk/daemon-fixes' into maint

Assorted fixes to "git daemon".

* jk/daemon-fixes:
daemon: fix length computation in newline stripping
t/lib-git-daemon: add network-protocol helpers
daemon: handle NULs in extended attribute string
daemon: fix off-by-one in logging extended attributes
t/lib-git-daemon: record daemon log
t5570: use ls-remote instead of clone for interp tests

Merge branch 'tg/split-index-fixes' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:10 +0000 (14:24 -0700)

Merge branch 'tg/split-index-fixes' into maint

The split-index mode had a few corner case bugs fixed.

* tg/split-index-fixes:
travis: run tests with GIT_TEST_SPLIT_INDEX
split-index: don't write cache tree with null oid entries
read-cache: fix reading the shared index for other repos

Merge branch 'mr/packed-ref-store-fix' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:10 +0000 (14:24 -0700)

Merge branch 'mr/packed-ref-store-fix' into maint

Crash fix for a corner case where an error codepath tried to unlock
what it did not acquire lock on.

* mr/packed-ref-store-fix:
files_initial_transaction_commit(): only unlock if locked

Merge branch 'jt/http-redact-cookies' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:09 +0000 (14:24 -0700)

Merge branch 'jt/http-redact-cookies' into maint

The http tracing code, often used to debug connection issues,
learned to redact potentially sensitive information from its output
so that it can be more safely sharable.

* jt/http-redact-cookies:
http: support omitting data from traces
http: support cookie redaction when tracing

Merge branch 'nd/diff-flush-before-warning' into maintJunio C Hamano Thu, 22 Mar 2018 21:24:09 +0000 (14:24 -0700)

Merge branch 'nd/diff-flush-before-warning' into maint

Avoid showing a warning message in the middle of a line of "git
diff" output.

* nd/diff-flush-before-warning:
diff.c: flush stdout before printing rename warnings

Merge branch 'sg/travis-build-during-script-phase'... Junio C Hamano Thu, 22 Mar 2018 21:24:08 +0000 (14:24 -0700)

Merge branch 'sg/travis-build-during-script-phase' into maint

Build the executable in 'script' phase in Travis CI integration, to
follow the established practice, rather than during 'before_script'
phase. This allows the CI categorize the failures better ('failed'
is project's fault, 'errored' is build environment's).

* sg/travis-build-during-script-phase:
travis-ci: build Git during the 'script' phase

Merge branch 'ys/bisect-object-id-missing-conversion... Junio C Hamano Tue, 27 Feb 2018 18:43:55 +0000 (10:43 -0800)

Merge branch 'ys/bisect-object-id-missing-conversion-fix' into maint

Fix for a commented-out code to adjust it to a rather old API change.

* ys/bisect-object-id-missing-conversion-fix:
bisect: debug: convert struct object to object_id

Merge branch 'sb/submodule-update-reset-fix' into maintJunio C Hamano Tue, 27 Feb 2018 18:43:54 +0000 (10:43 -0800)

Merge branch 'sb/submodule-update-reset-fix' into maint

When resetting the working tree files recursively, the working tree
of submodules are now also reset to match.

* sb/submodule-update-reset-fix:
submodule: submodule_move_head omits old argument in forced case
unpack-trees: oneway_merge to update submodules
t/lib-submodule-update.sh: fix test ignoring ignored files in submodules
t/lib-submodule-update.sh: clarify test

Merge branch 'ab/commit-m-with-fixup' into maintJunio C Hamano Tue, 27 Feb 2018 18:43:54 +0000 (10:43 -0800)

Merge branch 'ab/commit-m-with-fixup' into maint

"git commit --fixup" did not allow "-m<message>" option to be used
at the same time; allow it to annotate resulting commit with more
text.

* ab/commit-m-with-fixup:
commit: add support for --fixup <commit> -m"<extra message>"
commit doc: document that -c, -C, -F and --fixup with -m error

Merge branch 'nd/ita-wt-renames-in-status' into maintJunio C Hamano Tue, 27 Feb 2018 18:39:34 +0000 (10:39 -0800)

Merge branch 'nd/ita-wt-renames-in-status' into maint

"git status" after moving a path in the working tree (hence making
it appear "removed") and then adding with the -N option (hence
making that appear "added") detected it as a rename, but did not
report the old and new pathnames correctly.

* nd/ita-wt-renames-in-status:
wt-status.c: handle worktree renames
wt-status.c: rename rename-related fields in wt_status_change_data
wt-status.c: catch unhandled diff status codes
wt-status.c: coding style fix
Use DIFF_DETECT_RENAME for detect_rename assignments
t2203: test status output with porcelain v2 format

Documentation/gitsubmodules.txt: avoid non-ASCII apostr... Motoki Seki Thu, 22 Feb 2018 08:52:25 +0000 (08:52 +0000)

Documentation/gitsubmodules.txt: avoid non-ASCII apostrophes

In gitsubmodules.txt, a few non-ASCII apostrophes are used to spell
possessive, e.g. "submodule's". These unfortunately are not
rendered at https://git-scm.com/docs/gitsubmodules correctly by the
renderer used there.

Use ASCII apostrophes instead to work around the problem. It also
is good to be consistent, as there are possessives spelled with
ASCII apostrophes.

Signed-off-by: Motoki Seki <marmot.motoki@gmail.com>
Acked-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

revision: drop --show-all optionJeff King Wed, 21 Feb 2018 23:27:24 +0000 (18:27 -0500)

revision: drop --show-all option

This was an undocumented debugging aid that does not seem to
have come in handy in the past decade, judging from its lack
of mentions on the mailing list.

Let's drop it in the name of simplicity. This is morally a
revert of 3131b71301 (Add "--show-all" revision walker flag
for debugging, 2008-02-09), but note that I did leave in the
mapping of UNINTERESTING to "^" in get_revision_mark(). I
don't think this would be possible to trigger with the
current code, but it's the only sensible marker.

We'll skip the usual deprecation period because this was
explicitly a debugging aid that was never documented.

Signed-off-by: Jeff King <peff@peff.net>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

commit: drop uses of get_cached_commit_buffer()Jeff King Wed, 21 Feb 2018 23:13:38 +0000 (18:13 -0500)

commit: drop uses of get_cached_commit_buffer()

The "--show-all" revision option shows UNINTERESTING
commits. Some of these commits may be unparsed when we try
to show them (since we may or may not need to walk their
parents to fulfill the request).

Commit 3131b71301 (Add "--show-all" revision walker flag for
debugging, 2008-02-09) resolved this by just skipping
pretty-printing for commits without their object contents
cached, saying:

Because we now end up listing commits we may not even have been parsed
at all "show_log" and "show_commit" need to protect against commits
that don't have a commit buffer entry.

That was the easy fix to avoid the pretty-printer segfaulting,
but:

1. It doesn't work for all formats. E.g., --oneline
prints the oid for each such commit but not a trailing
newline, leading to jumbled output.

2. It only affects some commits, depending on whether we
happened to parse them or not (so if they were at the
tip of an UNINTERESTING starting point, or if we
happened to traverse over them, you'd see more data).

3. It unncessarily ties the decision to show the verbose
header to whether the commit buffer was cached. That
makes it harder to change the logic around caching
(e.g., if we could traverse without actually loading
the full commit objects).

These days it's safe to feed such a commit to the
pretty-print code. Since be5c9fb904 (logmsg_reencode: lazily
load missing commit buffers, 2013-01-26), we'll load it on
demand in such a case. So let's just always show the verbose
headers.

This does change the behavior of plumbing, but:

a. The --show-all option was explicitly introduced as a
debugging aid, and was never documented (and has rarely
even been mentioned on the list by git devs).

b. Avoiding the commits was already not deterministic due
to (2) above. So the caller might have seen full
headers for these commits anyway, and would need to be
prepared for it.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

git-worktree.txt: fix indentation of example and text... Eric Sunshine Fri, 16 Feb 2018 20:44:52 +0000 (15:44 -0500)

git-worktree.txt: fix indentation of example and text of 'add' command

When 4e85333197 (worktree: make add <path> <branch> dwim, 2017-11-26)
added an example command in a literal code block, it neglected to
insert a mandatory "+" line before the block. This omission resulted
in both the literal code block and the (existing) paragraph following
the block to be outdented, even though they should be indented under
the 'add' sub-command along with the rest of the text pertaining to
that command. Furthermore, the mandatory "+" line separating the code
block from the following text got rendered as a leading character on
the line ("+ If <commit-ish>...") rather than being treated as a
formatting directive.

Fix these problems by adding the missing "+" line before the example
code block.

Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

git-worktree.txt: fix missing ")" typoEric Sunshine Fri, 16 Feb 2018 20:44:51 +0000 (15:44 -0500)

git-worktree.txt: fix missing ")" typo

Add the closing ")" to a parenthetical phrase introduced by 4e85333197
(worktree: make add <path> <branch> dwim, 2017-11-26).

While at it, add a missing ":" at the end of the same sentence since
it precedes an example literal command block.

Reported-by: Mike Nordell <tamlin.thefirst@gmail.com>
Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

test-lib.sh: unset XDG_CACHE_HOMEGenki Sky Fri, 16 Feb 2018 02:46:04 +0000 (21:46 -0500)

test-lib.sh: unset XDG_CACHE_HOME

git respects XDG_CACHE_HOME for the credential cache. So, we should
unset XDG_CACHE_HOME for the test environment, lest a user's custom one
cause failure in the test.

For example, t/t0301-credential-cache.sh expects a default directory
to be used if it hasn't explicitly set XDG_CACHE_HOME.

Signed-off-by: Genki Sky <sky@genki.is>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Git 2.16.2 v2.16.2Junio C Hamano Thu, 15 Feb 2018 23:21:23 +0000 (15:21 -0800)

Git 2.16.2

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Merge branch 'ab/doc-cat-file-e-still-shows-errors... Junio C Hamano Thu, 15 Feb 2018 23:18:15 +0000 (15:18 -0800)

Merge branch 'ab/doc-cat-file-e-still-shows-errors' into maint

Doc update.

* ab/doc-cat-file-e-still-shows-errors:
cat-file doc: document that -e will return some output

Merge branch 'as/read-tree-prefix-doc-fix' into maintJunio C Hamano Thu, 15 Feb 2018 23:18:14 +0000 (15:18 -0800)

Merge branch 'as/read-tree-prefix-doc-fix' into maint

Doc update.

* as/read-tree-prefix-doc-fix:
doc/read-tree: remove obsolete remark

Merge branch 'nd/add-i-ignore-submodules' into maintJunio C Hamano Thu, 15 Feb 2018 23:18:13 +0000 (15:18 -0800)

Merge branch 'nd/add-i-ignore-submodules' into maint

"git add -p" was taught to ignore local changes to submodules as
they do not interfere with the partial addition of regular changes
anyway.

* nd/add-i-ignore-submodules:
add--interactive: ignore submodule changes except HEAD

Merge branch 'tg/stash-with-pathspec-fix' into maintJunio C Hamano Thu, 15 Feb 2018 23:18:13 +0000 (15:18 -0800)

Merge branch 'tg/stash-with-pathspec-fix' into maint

"git stash -- <pathspec>" incorrectly blew away untracked files in
the directory that matched the pathspec, which has been corrected.

* tg/stash-with-pathspec-fix:
stash: don't delete untracked files that match pathspec

Merge branch 'jk/abort-clone-with-existing-dest' into... Junio C Hamano Thu, 15 Feb 2018 23:18:12 +0000 (15:18 -0800)

Merge branch 'jk/abort-clone-with-existing-dest' into maint

"git clone $there $here" is allowed even when here directory exists
as long as it is an empty directory, but the command incorrectly
removed it upon a failure of the operation.

* jk/abort-clone-with-existing-dest:
clone: do not clean up directories we didn't create
clone: factor out dir_exists() helper
t5600: modernize style
t5600: fix outdated comment about unborn HEAD

Merge branch 'jc/merge-symlink-ours-theirs' into maintJunio C Hamano Thu, 15 Feb 2018 23:18:12 +0000 (15:18 -0800)

Merge branch 'jc/merge-symlink-ours-theirs' into maint

"git merge -Xours/-Xtheirs" learned to use our/their version when
resolving a conflicting updates to a symbolic link.

* jc/merge-symlink-ours-theirs:
merge: teach -Xours/-Xtheirs to symbolic link merge

Merge branch 'rs/lose-leak-pending' into maintJunio C Hamano Thu, 15 Feb 2018 23:18:11 +0000 (15:18 -0800)

Merge branch 'rs/lose-leak-pending' into maint

API clean-up around revision traversal.

* rs/lose-leak-pending:
commit: remove unused function clear_commit_marks_for_object_array()
revision: remove the unused flag leak_pending
checkout: avoid using the rev_info flag leak_pending
bundle: avoid using the rev_info flag leak_pending
bisect: avoid using the rev_info flag leak_pending
object: add clear_commit_marks_all()
ref-filter: use clear_commit_marks_many() in do_merge_filter()
commit: use clear_commit_marks_many() in remove_redundant()
commit: avoid allocation in clear_commit_marks_many()

Merge branch 'jm/svn-pushmergeinfo-fix' into maintJunio C Hamano Thu, 15 Feb 2018 23:18:11 +0000 (15:18 -0800)

Merge branch 'jm/svn-pushmergeinfo-fix' into maint

"git svn dcommit" did not take into account the fact that a
svn+ssh:// URL with a username@ (typically used for pushing) refers
to the same SVN repository without the username@ and failed when
svn.pushmergeinfo option is set.

* jm/svn-pushmergeinfo-fix:
git-svn: fix svn.pushmergeinfo handling of svn+ssh usernames.

Merge branch 'dk/describe-all-output-fix' into maintJunio C Hamano Thu, 15 Feb 2018 23:18:10 +0000 (15:18 -0800)

Merge branch 'dk/describe-all-output-fix' into maint

An old regression in "git describe --all $annotated_tag^0" has been
fixed.

* dk/describe-all-output-fix:
describe: prepend "tags/" when describing tags with embedded name

Merge branch 'ab/perf-grep-threads' into maintJunio C Hamano Thu, 15 Feb 2018 23:18:09 +0000 (15:18 -0800)

Merge branch 'ab/perf-grep-threads' into maint

More perf tests for threaded grep

* ab/perf-grep-threads:
perf: amend the grep tests to test grep.threads

Documentation/git-status: clarify status table for... Stefan Beller Thu, 15 Feb 2018 00:18:12 +0000 (16:18 -0800)

Documentation/git-status: clarify status table for porcelain mode

It is possible to have the output ' A' from 'git status --porcelain'
by adding a file using the '--intend-to-add' flag. Make this clear by
adding the pattern in the table of the documentation.

However the mode 'DM' (deleted in the index, modified in the working tree)
is not possible in the non-merge case in which the file only shows
as 'D ' (and adding it back to the worktree would show an additional line
of an '??' untracked file). It is also not possible in the merge case as
then the mode involves a 'U' on one side of the merge.
Remove that pattern.

Reported-by: Ross Light <light@google.com>
Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Correct mispellings of ".gitmodule" to ".gitmodules"Robert P. J. Day Wed, 14 Feb 2018 00:09:31 +0000 (19:09 -0500)

Correct mispellings of ".gitmodule" to ".gitmodules"

There are a small number of misspellings, ".gitmodule", scattered
throughout the code base, correct them ... no apparent functional
changes.

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t/: correct obvious typo "detahced"Robert P. J. Day Wed, 14 Feb 2018 09:08:01 +0000 (04:08 -0500)

t/: correct obvious typo "detahced"

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

fsmonitor: update documentation to remove reference... Ben Peart Wed, 14 Feb 2018 15:41:30 +0000 (10:41 -0500)

fsmonitor: update documentation to remove reference to invalid config settings

Remove the reference to setting core.fsmonitor to `true` (or `false`) as those
are not valid settings.

Signed-off-by: Ben Peart <benpeart@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

docs/interpret-trailers: fix agreement errorbrian m. carlson Tue, 13 Feb 2018 02:23:52 +0000 (02:23 +0000)

docs/interpret-trailers: fix agreement error

In the description of git interpret-trailers, we describe "a group…of
lines" that have certain characteristics. Ensure both options
describing this group use a singular verb for parallelism.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

Makefile: suppress a sparse warning for pack-revindex.cRamsay Jones Mon, 12 Feb 2018 00:21:02 +0000 (00:21 +0000)

Makefile: suppress a sparse warning for pack-revindex.c

Sparse has, for a long time, been issuing the following warning against
the pack-revindex.c file:

SP pack-revindex.c
pack-revindex.c:64:23: warning: memset with byte count of 262144

This results from a unconditional check, with a hard-coded limit, which
is really only appropriate for the kernel source code. (The check is for
a 'large' byte count in a call to memcpy(), memset(), copy_from_user()
and copy_to_user() functions).

A recent release of sparse (v0.5.1) has introduced some options to allow
this check to be turned off (-Wno-memcpy-max-count) or to specify the
actual limit used (-fmemcpy-max-count=COUNT), rather than a hard-coded
limit of 100000.

In order to suppress the warning, add a target for pack-revindex.sp that
adds the '-Wno-memcpy-max-count' option to the SPARSE_FLAGS variable.

Signed-off-by: Ramsay Jones <ramsay@ramsayjones.plus.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

config.mak.uname: remove SPARSE_FLAGS setting for cygwinRamsay Jones Mon, 12 Feb 2018 00:20:08 +0000 (00:20 +0000)

config.mak.uname: remove SPARSE_FLAGS setting for cygwin

Since commit f66450ae9 ("cygwin: Remove the Win32 l/stat() implementation",
2013-06-22), the cygwin build has not used the WIN32 API/header files.
This means that the '-isystem /usr/include/w32api' option to sparse is
no longer necessary (to allow sparse to find the WIN32 header files).
In addition, the '-Wno-one-bit-signed-bitfield' option can be removed,
since the warning suppressed by that option was only provoked by a WIN32
header file.

Signed-off-by: Ramsay Jones <ramsay@ramsayjones.plus.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t: document 'test_must_fail ok=<signal-name>'SZEDER Gábor Fri, 9 Feb 2018 02:42:33 +0000 (03:42 +0100)

t: document 'test_must_fail ok=<signal-name>'

Since 'test_might_fail' is implemented as a thin wrapper around
'test_must_fail', it also accepts the same options. Mention this in
the docs as well.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t: make 'test_i18ngrep' more informative on failureSZEDER Gábor Thu, 8 Feb 2018 15:56:56 +0000 (16:56 +0100)

t: make 'test_i18ngrep' more informative on failure

When 'test_i18ngrep' can't find the expected pattern, it exits
completely silently; when its negated form does find the pattern that
shouldn't be there, it prints the matching line(s) but otherwise exits
without any error message. This leaves the developer puzzled about
what could have gone wrong.

Make 'test_i18ngrep' more informative on failure by printing an error
message including the invoked 'grep' command and the contents of the
file it had to scan through.

Note that this "dump the scanned file" part is not quite perfect, as
it dumps only the file specified as the function's last positional
parameter, thus assuming that there is only a single file parameter.
I think that's a reasonable assumption to make, one that holds true in
the current code base. And even if someone were to scan multiple
files at once in the future, the worst thing that could happen is that
the verbose error message won't include the contents of all those
files, only the last one. Alas, we can't really do any better than
this, because checking whether the other positional parameters match a
filename can result in false positives: 't3400-rebase.sh' and
't3404-rebase-interactive.sh' contain one test each, where the
'test_i18ngrep's pattern verbatimly matches a file in the trash
directory.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t: validate 'test_i18ngrep's parametersSZEDER Gábor Thu, 8 Feb 2018 15:56:55 +0000 (16:56 +0100)

t: validate 'test_i18ngrep's parameters

Some of the previous patches in this series fixed bogus
'test_i18ngrep' invocations:

- Two invocations where the tested git command's standard output is
directly piped into 'test_i18ngrep'. While convenient, this is an
antipattern, because the pipe hides the git command's exit code,
and the test could continue even if the command exited with error.

- Two invocations that had neither a filename parameter nor anything
piped into their standard input, yet both managed to remain
unnoticed for years. A third similarly bogus invocation is
currently lurking in 'pu' for a couple of weeks now.

Prevent similar mistakes in the future by validating 'test_i18ngrep's
parameters requiring that

- The last parameter names an existing file to be read, effectively
forbidding piping into 'test_i18ngrep'.

Note that this change will also forbid cases where 'test_i18ngrep'
would legitimately read its standard input, e.g. when its standard
input is redirected from a file, or when a git command's standard
output is first written to an intermediate file, which is then
preprocessed by a non-git command before the results are piped
into 'test_i18ngrep'. See two of the previous patches for the
only such cases we had in our test suite. However, reliably
preventing the piping antipattern is arguably more important than
supporting these cases, which can be easily worked around by
opening the file directly or using an intermediate file anyway.

- There are at least two parameters, not including the optional '!'
to negate the pattern. This ought to catch corner cases when
'test_i18ngrep' looks for the name of an existing file on its
standard input; the above check would miss this case becase the
filename as pattern would be the last parameter.

Note that this is not quite perfect, as it doesn't account for any
'grep --options' given as parameters. However, doing so would be
far too complicated, considering that patterns can start with
dashes as well, and in the majority of the cases we don't use any
such options anyway.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t: move 'test_i18ncmp' and 'test_i18ngrep' to 'test... SZEDER Gábor Thu, 8 Feb 2018 15:56:54 +0000 (16:56 +0100)

t: move 'test_i18ncmp' and 'test_i18ngrep' to 'test-lib-functions.sh'

Both 'test_i18ncmp' and 'test_i18ngrep' helper functions are supposed
to be called from our test scripts, so they should be in
'test-lib-functions.sh'.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t5536: let 'test_i18ngrep' read the file without redire... SZEDER Gábor Thu, 8 Feb 2018 15:56:53 +0000 (16:56 +0100)

t5536: let 'test_i18ngrep' read the file without redirection

Redirecting 'test_i18ngrep's standard input from a file will interfere
with the linting that will be added in a later patch.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t5510: consolidate 'grep' and 'test_i18ngrep' patternsSZEDER Gábor Thu, 8 Feb 2018 15:56:52 +0000 (16:56 +0100)

t5510: consolidate 'grep' and 'test_i18ngrep' patterns

One of the tests in 't5510-fetch.sh' checks the output of 'git fetch'
using 'test_i18ngrep', and while doing so it prefilters the output
with 'grep' before piping the result into 'test_i18ngrep'.

This prefiltering is unnecessary, with the appropriate pattern
'test_i18ngrep' can do it all by itself. Furthermore, piping data
into 'test_i18ngrep' will interfere with the linting that will be
added in a later patch.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t4001: don't run 'git status' upstream of a pipeSZEDER Gábor Thu, 8 Feb 2018 15:56:51 +0000 (16:56 +0100)

t4001: don't run 'git status' upstream of a pipe

The primary purpose of three tests in 't4001-diff-rename.sh' is to
check rename detection in 'git status', but all three do so by running
'git status' upstream of a pipe, hiding its exit code. Consequently,
the test could continue even if 'git status' exited with error.

Use an intermediate file between 'git status' and 'test_i18ngrep' to
catch a potential failure of the former.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t6022: don't run 'git merge' upstream of a pipeSZEDER Gábor Thu, 8 Feb 2018 15:56:50 +0000 (16:56 +0100)

t6022: don't run 'git merge' upstream of a pipe

The primary purpose of 't6022-merge-rename.sh' is to test 'git merge',
but one of the tests runs it upstream of a pipe, hiding its exit code.
Consequently, the test could continue even if 'git merge' exited with
error.

Use an intermediate file between 'git merge' and 'test_i18ngrep' to
catch a potential failure of the former.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t5812: add 'test_i18ngrep's missing filename parameterSZEDER Gábor Thu, 8 Feb 2018 15:56:49 +0000 (16:56 +0100)

t5812: add 'test_i18ngrep's missing filename parameter

The second 'test_i18ngrep' invocation in the test 'curl redirects
respect whitelist' is missing its filename parameter. This has
remained unnoticed since its introduction in f4113cac0 (http: limit
redirection to protocol-whitelist, 2015-09-22), because it would only
cause the test to fail if Git was built with a sufficiently old
libcurl version. The test's two ||-chained 'test_i18ngrep'
invocations are supposed to check that either one of the two patterns
is present in 'git clone's error message. As it happens, the first
invocation covers the error message from any reasonably up-to-date
libcurl, thus the second invocation, the one without the filename
parameter, isn't executed at all. Apparently no one has run the test
suite's httpd tests with such an old libcurl in the last 2+ years, or
at least they haven't bothered to notify us about the failed test.

Fix this by consolidating the two patterns into a single extended
regexp, eliminating the need for an ||-chained second 'test_i18ngrep'
invocation.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t5541: add 'test_i18ngrep's missing filename parameterSZEDER Gábor Thu, 8 Feb 2018 15:56:48 +0000 (16:56 +0100)

t5541: add 'test_i18ngrep's missing filename parameter

The test 'push --no-progress silences progress but not status' runs
'test_i18ngrep' without specifying a filename parameter. This has
remained unnoticed since its introduction in e304aeba2 (t5541: test
more combinations of --progress, 2012-05-01), because that
'test_i18ngrep' is supposed to check that the given pattern is not
present in its input, and of course it won't find that pattern if its
input is empty (as it comes from /dev/null). This also means that
this test could miss a potential breakage of 'git push --no-progress'.

Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

git-sh-i18n: check GETTEXT_POISON before USE_GETTEXT_SCHEMEJeff King Tue, 6 Feb 2018 08:44:56 +0000 (03:44 -0500)

git-sh-i18n: check GETTEXT_POISON before USE_GETTEXT_SCHEME

Running "make NO_GETTEXT=1 GETTEXT_POISON=1" currently fails
t0205.

While it might seem nonsensical at first glance to both
poison and disable gettext, it's useful to be able to do a
poison test-run on a system that doesn't have gettext at
all. And it works fine for C programs; the problem is only
with the shell code.

The issue is that we check the baked-in USE_GETTEXT_SCHEME
value before GETTEXT_POISON. And when NO_GETTEXT is set, the
Makefile sets USE_GETTEXT_SCHEME to "fallthrough".

So one fix would be to have the Makefile just set
USE_GETTEXT_SCHEME to "poison" if GETTEXT_POISON is set.
But there are two problems with that:

1. USE_GETTEXT_SCHEME is actually a user-facing knob, so
conceivably somebody could override it with:

make USE_GETTEXT_SCHEME=gnu GETTEXT_POISON=1

which would do the wrong thing (though that's much less
likely than them having the variable set in their
config.mak and just overriding GETTEXT_POISON on the
command-line for a one-off test).

2. We don't actually bake GETTEXT_POISON in to the shell
library like we do for the C code. It checks
$GIT_GETTEXT_POISON at runtime, which is set up by the
test suite. So it makes sense to put the fix in the
runtime code, too, which would cover something like:

GIT_GETTEXT_POISON=foo git foo

It's not likely that people use the poison code outside
of running the test suite, but it's easy enough to make
this case work.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t0205: drop redundant testJeff King Tue, 6 Feb 2018 08:43:19 +0000 (03:43 -0500)

t0205: drop redundant test

We check that a shell variable is non-empty, and then we
check that it's equal to a particular value. Just checking
the latter covers both cases.

I suspect the original was trying to give better output when
the test fails, but using "-x" covers that these days.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

mv: remove unneeded 'if (!show_only)'Stefan Moch Sun, 31 Dec 2017 19:11:56 +0000 (20:11 +0100)

mv: remove unneeded 'if (!show_only)'

Commit a127331cd (mv: allow moving nested submodules,
2016-04-19), introduced

if (show_only) continue;

in this for-loop before

if (!show_only)

which became redundant, because it is now always true.

Signed-off-by: Stefan Moch <stefanmoch@mail.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t7001: add test case for --dry-runStefan Moch Sun, 31 Dec 2017 19:11:55 +0000 (20:11 +0100)

t7001: add test case for --dry-run

Make sure that "git mv --dry-run" does not move file.

Signed-off-by: Stefan Moch <stefanmoch@mail.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

cocci: simplify check for trivial format stringsRené Scharfe Thu, 1 Feb 2018 18:56:34 +0000 (19:56 +0100)

cocci: simplify check for trivial format strings

353d84c537 (coccicheck: make transformation for strbuf_addf(sb, "...")
more precise) added a check to avoid transforming calls with format
strings which contain percent signs, as that would change the result.
It uses embedded Python code for that. Simplify this rule by using the
regular expression matching operator instead.

Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

gitignore.txt: elaborate shell glob syntaxDuy Nguyen Thu, 1 Feb 2018 09:59:15 +0000 (16:59 +0700)

gitignore.txt: elaborate shell glob syntax

`fnmatch(3)` is a great mention if the intended audience is
programmers. For normal users it's probably better to spell out what
a shell glob is.

This paragraph is updated to roughly tell (or remind) what the main
wildcards are supposed to do. All the details are still hidden away
behind the `fnmatch(3)` wall because bringing the whole specification
here may be too much.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

git-svn: control destruction order to avoid segfaultEric Wong Mon, 29 Jan 2018 23:11:07 +0000 (23:11 +0000)

git-svn: control destruction order to avoid segfault

It seems necessary to control destruction ordering to avoid a
segfault with SVN 1.9.5 when using "git svn branch". I've also
reported the problem against libsvn-perl to Debian [Bug #888791],
but releasing the SVN::Client instance can be beneficial anyways to
save memory.

ref: https://bugs.debian.org/888791
Tested-by: Todd Zullinger <tmz@pobox.com>
Reported-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Eric Wong <e@80x24.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

doc: mention 'git show' defaults to HEADTodd Zullinger Sun, 28 Jan 2018 19:16:07 +0000 (14:16 -0500)

doc: mention 'git show' defaults to HEAD

When 'git show' is called without any object it defaults to HEAD. This
has been true since d4ed9793fd ("Simplify common default options setup
for built-in log family.", 2006-04-16).

The SYNOPSIS suggests that the object argument is required. Clarify
that it is not required and note the default.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

completion: fix completing merge strategies on non... Duy Nguyen Fri, 26 Jan 2018 01:31:42 +0000 (08:31 +0700)

completion: fix completing merge strategies on non-C locales

The anchor string "Available strategies are:" is translatable so
__git_list_merge_strategies may fail to collect available strategies
from 'git merge' on non-C locales. Force C locale on this command.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>