1. 21 Mar, 2017 1 commit
  2. 16 Mar, 2017 10 commits
    • Junio C Hamano's avatar
      Preparing for 2.12.1 · 7c9c2f8c
      Junio C Hamano authored
      Signed-off-by: default avatarJunio C Hamano <[email protected]>
      7c9c2f8c
    • Junio C Hamano's avatar
      Merge branch 'js/realpath-pathdup-fix' into maint · 2846ef3e
      Junio C Hamano authored
      Git v2.12 was shipped with an embarrassing breakage where various
      operations that verify paths given from the user stopped dying when
      seeing an issue, and instead later triggering segfault.
      ... and then to down to 'maint'.
      
      * js/realpath-pathdup-fix:
        real_pathdup(): fix callsites that wanted it to die on error
        t1501: demonstrate NULL pointer access with invalid GIT_WORK_TREE
      2846ef3e
    • Junio C Hamano's avatar
      Merge branch 'mm/two-more-xstrfmt' into maint · f989ac27
      Junio C Hamano authored
      Code clean-up and a string truncation fix.
      
      * mm/two-more-xstrfmt:
        bisect_next_all: convert xsnprintf to xstrfmt
        stop_progress_msg: convert xsnprintf to xstrfmt
      f989ac27
    • Junio C Hamano's avatar
      Merge branch 'vn/line-log-memcpy-size-fix' into maint · 3d0449de
      Junio C Hamano authored
      The command-line parsing of "git log -L" copied internal data
      structures using incorrect size on ILP32 systems.
      
      * vn/line-log-memcpy-size-fix:
        line-log: use COPY_ARRAY to fix mis-sized memcpy
      3d0449de
    • Junio C Hamano's avatar
      Merge branch 'ax/line-log-range-merge-fix' into maint · c5bd9e5a
      Junio C Hamano authored
      The code to parse "git log -L..." command line was buggy when there
      are many ranges specified with -L; overrun of the allocated buffer
      has been fixed.
      
      * ax/line-log-range-merge-fix:
        line-log.c: prevent crash during union of too many ranges
      c5bd9e5a
    • Junio C Hamano's avatar
      Merge branch 'jk/add-i-patch-do-prompt' into maint · abe62a40
      Junio C Hamano authored
      The patch subcommand of "git add -i" was meant to have paths
      selection prompt just like other subcommand, unlike "git add -p"
      directly jumps to hunk selection.  Recently, this was broken and
      "add -i" lost the paths selection dialog, but it now has been
      fixed.
      
      * jk/add-i-patch-do-prompt:
        add--interactive: fix missing file prompt for patch mode with "-i"
      abe62a40
    • Junio C Hamano's avatar
      Merge branch 'jt/http-base-url-update-upon-redirect' into maint · 68e12d7d
      Junio C Hamano authored
      When a redirected http transport gets an error during the
      redirected request, we ignored the error we got from the server,
      and ended up giving a not-so-useful error message.
      
      * jt/http-base-url-update-upon-redirect:
        http: attempt updating base URL only if no error
      68e12d7d
    • Junio C Hamano's avatar
      Merge branch 'js/travis-32bit-linux' into maint · 8e87cbc7
      Junio C Hamano authored
      Add 32-bit Linux variant to the set of platforms to be tested with
      Travis CI.
      
      * js/travis-32bit-linux:
        Travis: also test on 32-bit Linux
      8e87cbc7
    • Junio C Hamano's avatar
      Merge branch 'jh/mingw-openssl-sha1' into maint · 890d7650
      Junio C Hamano authored
      Windows port wants to use OpenSSL's implementation of SHA-1
      routines, so let them.
      
      * jh/mingw-openssl-sha1:
        mingw: use OpenSSL's SHA-1 routines
      890d7650
    • Junio C Hamano's avatar
      Merge branch 'jk/http-auth' into maint · d880bfd9
      Junio C Hamano authored
      Reduce authentication round-trip over HTTP when the server supports
      just a single authentication method.
      
      * jk/http-auth:
        http: add an "auto" mode for http.emptyauth
        http: restrict auth methods to what the server advertises
      d880bfd9
  3. 08 Mar, 2017 2 commits
  4. 06 Mar, 2017 2 commits
    • Vegard Nossum's avatar
      line-log: use COPY_ARRAY to fix mis-sized memcpy · 07f546cd
      Vegard Nossum authored
      This memcpy meant to get the sizeof a "struct range", not a
      "range_set", as the former is what our array holds. Rather
      than swap out the types, let's convert this site to
      COPY_ARRAY, which avoids the problem entirely (and confirms
      that the src and dst types match).
      
      Note for curiosity's sake that this bug doesn't trigger on
      I32LP64 systems, but does on ILP32 systems. The mistaken
      "struct range_set" has two ints and a pointer. That's 16
      bytes on LP64, or 12 on ILP32. The correct "struct range"
      type has two longs, which is also 16 on LP64, but only 8 on
      ILP32.
      
      Likewise an IL32P64 system would experience the bug.
      Signed-off-by: default avatarJeff King <[email protected]>
      Signed-off-by: default avatarVegard Nossum <[email protected]>
      Signed-off-by: default avatarJunio C Hamano <[email protected]>
      07f546cd
    • Johannes Schindelin's avatar
      Travis: also test on 32-bit Linux · 88dedd5e
      Johannes Schindelin authored
      When Git v2.9.1 was released, it had a bug that showed only on Windows
      and on 32-bit systems: our assumption that `unsigned long` can hold
      64-bit values turned out to be wrong.
      
      This could have been caught earlier if we had a Continuous Testing
      set up that includes a build and test run on 32-bit Linux.
      
      Let's do this (and take care of the Windows build later). This patch
      asks Travis CI to install a Docker image with 32-bit libraries and then
      goes on to build and test Git using this 32-bit setup.
      Signed-off-by: Johannes Schindelin's avatarJohannes Schindelin <[email protected]>
      Signed-off-by: default avatarLars Schneider <[email protected]>
      Signed-off-by: default avatarJunio C Hamano <[email protected]>
      88dedd5e
  5. 03 Mar, 2017 1 commit
    • Allan Xavier's avatar
      line-log.c: prevent crash during union of too many ranges · aaae0bf7
      Allan Xavier authored
      The existing implementation of range_set_union does not correctly
      reallocate memory, leading to a heap overflow when it attempts to union
      more than 24 separate line ranges.
      
      For struct range_set *out to grow correctly it must have out->nr set to
      the current size of the buffer when it is passed to range_set_grow.
      However, the existing implementation of range_set_union only updates
      out->nr at the end of the function, meaning that it is always zero
      before this. This results in range_set_grow never growing the buffer, as
      well as some of the union logic itself being incorrect as !out->nr is
      always true.
      
      The reason why 24 is the limit is that the first allocation of size 1
      ends up allocating a buffer of size 24 (due to the call to alloc_nr in
      ALLOC_GROW). This goes some way to explain why this hasn't been
      caught before.
      
      Fix the problem by correctly updating out->nr after reallocating the
      range_set. As this results in out->nr containing the same value as the
      variable o, replace o with out->nr as well.
      
      Finally, add a new test to help prevent the problem reoccurring in the
      future. Thanks to Vegard Nossum for writing the test.
      Signed-off-by: default avatarAllan Xavier <[email protected]>
      Reviewed-by: default avatarJeff King <[email protected]>
      Signed-off-by: default avatarJunio C Hamano <[email protected]>
      aaae0bf7
  6. 02 Mar, 2017 1 commit
    • Jeff King's avatar
      add--interactive: fix missing file prompt for patch mode with "-i" · c852bd54
      Jeff King authored
      When invoked as "git add -i", each menu interactive menu
      option prompts the user to select a list of files. This
      includes the "patch" option, which gets the list before
      starting the hunk-selection loop.
      
      As "git add -p", it behaves differently, and jumps straight
      to the hunk selection loop.
      
      Since 0539d5e6 (i18n: add--interactive: mark patch prompt
      for translation, 2016-12-14), the "add -i" case mistakenly
      jumps to straight to the hunk-selection loop. Prior to that
      commit the distinction between the two cases was managed by
      the $patch_mode variable. That commit used $patch_mode for
      something else, and moved the old meaning to the "$cmd"
      variable.  But it forgot to update the $patch_mode check
      inside patch_update_cmd() which controls the file-list
      behavior.
      
      The simplest fix would be to change that line to check $cmd.
      But while we're here, let's use a less obscure name for this
      flag: $patch_mode_only, a boolean which tells whether we are
      in full-interactive mode or only in patch-mode.
      Reported-by: default avatarHenrik Grubbström <[email protected]>
      Signed-off-by: default avatarJeff King <[email protected]>
      Signed-off-by: default avatarJunio C Hamano <[email protected]>
      c852bd54
  7. 28 Feb, 2017 1 commit
    • Jonathan Tan's avatar
      http: attempt updating base URL only if no error · 8e27391a
      Jonathan Tan authored
      http.c supports HTTP redirects of the form
      
        http://foo/info/refs?service=git-upload-pack
        -> http://anything
        -> http://bar/info/refs?service=git-upload-pack
      
      (that is to say, as long as the Git part of the path and the query
      string is preserved in the final redirect destination, the intermediate
      steps can have any URL). However, if one of the intermediate steps
      results in an HTTP exception, a confusing "unable to update url base
      from redirection" message is printed instead of a Curl error message
      with the HTTP exception code.
      
      This was introduced by 2 commits. Commit c93c92f3 ("http: update base
      URLs when we see redirects", 2013-09-28) introduced a best-effort
      optimization that required checking if only the "base" part of the URL
      differed between the initial request and the final redirect destination,
      but it performed the check before any HTTP status checking was done. If
      something went wrong, the normal code path was still followed, so this
      did not cause any confusing error messages until commit 6628eb41 ("http:
      always update the base URL for redirects", 2016-12-06), which taught
      http to die if the non-"base" part of the URL differed.
      
      Therefore, teach http to check the HTTP status before attempting to
      check if only the "base" part of the URL differed. This commit teaches
      http_request_reauth to return early without updating options->base_url
      upon an error; the only invoker of this function that passes a non-NULL
      "options" is remote-curl.c (through "http_get_strbuf"), which only uses
      options->base_url for an informational message in the situations that
      this commit cares about (that is, when the return value is not HTTP_OK).
      
      The included test checks that the redirect scheme at the beginning of
      this commit message works, and that returning a 502 in the middle of the
      redirect scheme produces the correct result. Note that this is different
      from the test in commit 6628eb41 ("http: always update the base URL for
      redirects", 2016-12-06) in that this commit tests that a Git-shaped URL
      (http://.../info/refs?service=git-upload-pack) works, whereas commit
      6628eb41 tests that a non-Git-shaped URL
      (http://.../info/refs/foo?service=git-upload-pack) does not work (even
      though Git is processing that URL) and is an error that is fatal, not
      silently swallowed.
      Signed-off-by: default avatarJonathan Tan <[email protected]>
      Acked-by: default avatarJeff King <[email protected]>
      Signed-off-by: default avatarJunio C Hamano <[email protected]>
      8e27391a
  8. 27 Feb, 2017 1 commit
    • Jeff King's avatar
      http: add an "auto" mode for http.emptyauth · 40a18fc7
      Jeff King authored
      This variable needs to be specified to make some types of
      non-basic authentication work, but ideally this would just
      work out of the box for everyone.
      
      However, simply setting it to "1" by default introduces an
      extra round-trip for cases where it _isn't_ useful. We end
      up sending a bogus empty credential that the server rejects.
      
      Instead, let's introduce an automatic mode, that works like
      this:
      
        1. We won't try to send the bogus credential on the first
           request. We'll wait to get an HTTP 401, as usual.
      
        2. After seeing an HTTP 401, the empty-auth hack will kick
           in only when we know there is an auth method available
           that might make use of it (i.e., something besides
           "Basic" or "Digest").
      
      That should make it work out of the box, without incurring
      any extra round-trips for people hitting Basic-only servers.
      
      This _does_ incur an extra round-trip if you really want to
      use "Basic" but your server advertises other methods (the
      emptyauth hack will kick in but fail, and then Git will
      actually ask for a password).
      
      The auto mode may incur an extra round-trip over setting
      http.emptyauth=true, because part of the emptyauth hack is
      to feed this blank password to curl even before we've made a
      single request.
      Helped-by: Johannes Schindelin's avatarJohannes Schindelin <[email protected]>
      Signed-off-by: default avatarJeff King <[email protected]>
      Signed-off-by: default avatarJunio C Hamano <[email protected]>
      40a18fc7
  9. 24 Feb, 2017 11 commits
  10. 23 Feb, 2017 2 commits
    • Jeff King's avatar
      http: restrict auth methods to what the server advertises · 840398fe
      Jeff King authored
      By default, we tell curl to use CURLAUTH_ANY, which does not
      limit its set of auth methods. However, this results in an
      extra round-trip to the server when authentication is
      required. After we've fed the credential to curl, it wants
      to probe the server to find its list of available methods
      before sending an Authorization header.
      
      We can shortcut this by limiting our http_auth_methods by
      what the server told us it supports. In some cases (such as
      when the server only supports Basic), that lets curl skip
      the extra probe request.
      
      The end result should look the same to the user, but you can
      use GIT_TRACE_CURL to verify the sequence of requests:
      
        GIT_TRACE_CURL=1 \
        git ls-remote https://example.com/repo.git \
        2>&1 >/dev/null |
        egrep '(Send|Recv) header: (GET|HTTP|Auth)'
      
      Before this patch, hitting a Basic-only server like
      github.com results in:
      
        Send header: GET /repo.git/info/refs?service=git-upload-pack HTTP/1.1
        Recv header: HTTP/1.1 401 Authorization Required
        Send header: GET /repo.git/info/refs?service=git-upload-pack HTTP/1.1
        Recv header: HTTP/1.1 401 Authorization Required
        Send header: GET /repo.git/info/refs?service=git-upload-pack HTTP/1.1
        Send header: Authorization: Basic <redacted>
        Recv header: HTTP/1.1 200 OK
      
      And after:
      
        Send header: GET /repo.git/info/refs?service=git-upload-pack HTTP/1.1
        Recv header: HTTP/1.1 401 Authorization Required
        Send header: GET /repo.git/info/refs?service=git-upload-pack HTTP/1.1
        Send header: Authorization: Basic <redacted>
        Recv header: HTTP/1.1 200 OK
      
      The possible downsides are:
      
        - This only helps for a Basic-only server; for a server
          with multiple auth options, curl may still send a probe
          request to see which ones are available (IOW, there's no
          way to say "don't probe, I already know what the server
          will say").
      
        - The http_auth_methods variable is global, so this will
          apply to all further requests. That's acceptable for
          Git's usage of curl, though, which also treats the
          credentials as global. I.e., in any given program
          invocation we hit only one conceptual server (we may be
          redirected at the outset, but in that case that's whose
          auth_avail field we'd see).
      Signed-off-by: default avatarJeff King <[email protected]>
      Signed-off-by: default avatarJunio C Hamano <[email protected]>
      840398fe
    • Vasco Almeida's avatar
      e06cdf12
  11. 22 Feb, 2017 3 commits
  12. 21 Feb, 2017 3 commits
  13. 20 Feb, 2017 2 commits