Log message:
git: updated to 2.40.0

Git v2.40 Release Notes
=======================

UI, Workflows & Features

 * "merge-tree" learns a new `--merge-base` option.

 * "git jump" (in contrib/) learned to present the "quickfix \ 
list" to
   its standard output (instead of letting it consumed by the editor
   it invokes), and learned to also drive emacs/emacsclient.

 * "git var UNKNOWN_VARIABLE" and "git var VARIABLE" with \ 
the variable
   given an empty value used to behave identically.  Now the latter
   just gives an empty output, while the former still gives an error
   message.

 * Introduce a case insensitive mode to the Bash completion helpers.

 * The advice message given by "git status" when it takes long time to
   enumerate untracked paths has been updated.

 * Just like "git var GIT_EDITOR" abstracts the complex logic to
   choose which editor gets used behind it, "git var" now give support
   to GIT_SEQUENCE_EDITOR.

 * "git format-patch" learned to honor format.mboxrd even when sending
   patches to the standard output stream,

 * 'cat-file' gains mailmap support for its '--batch-check' and '-s'
   options.

 * Conditionally skip the pre-applypatch and applypatch-msg hooks when
   applying patches with 'git am'.

 * Introduce an optional configuration to allow the trailing hash that
   protects the index file from bit flipping.

 * "git check-attr" learned to take an optional tree-ish to read the
   .gitattributes file from.

 * "scalar" learned to give progress bar.

 * "grep -P" learned to use Unicode Character Property to grok
   character classes when processing \b and \w etc.

 * "git rebase" often ignored incompatible options instead of
   complaining, which has been corrected.

 * "scalar" warns but continues when its periodic maintenance
   feature cannot be enabled.

 * The bundle-URI subsystem adds support for creation-token heuristics
   to help incremental fetches.

 * Userdiff regexp update for Java language.

 * "git fetch --jobs=0" used to hit a BUG(), which has been corrected
   to use the available CPUs.

 * An invalid label or ref in the "rebase -i" todo file used to
   trigger an runtime error. SUch an error is now diagnosed while the
   todo file is parsed.

 * The "diff" drivers specified by the "diff" attribute \ 
attached to
   paths can now specify which algorithm (e.g. histogram) to use.

 * "git range-diff" learned --abbrev=<num> option.

 * "git archive HEAD^{tree}" records the paths with the current
   timestamp in the archive, making it harder to obtain a stable
   output.  The command learned the --mtime option to specify an
   arbitrary timestamp (e.g. --mtime="@0 +0000" for the epoch).

 * The credential subsystem learned that a password may have an
   explicit expiration.

 * The format.attach configuration variable lacked a way to override a
   value defined in a lower-priority configuration file (e.g. the
   system one) by redefining it in a higher-priority configuration
   file.  Now, setting format.attach to an empty string means show the
   patch inline in the e-mail message, without using MIME attachment.

   This is a backward incompatible change.

Performance, Internal Implementation, Development Support etc.

 * `git bisect` becomes a builtin.

 * The pack-bitmap machinery is taught to log the paths of redundant
   bitmap(s) to trace2 instead of stderr.

 * Use the SHA1DC implementation on macOS, just like other platforms,
   by default.

 * Even in a repository with promisor remote, it is useless to
   attempt to lazily attempt fetching an object that is expected to be
   commit, because no "filter" mode omits commit objects.  Take
   advantage of this assumption to fail fast on errors.

 * Stop using "git --super-prefix" and narrow the scope of its use to
   the submodule--helper.

 * Stop running win+VS build by default.

 * CI updates.  We probably want a clean-up to move the long shell
   script embedded in yaml file into a separate file, but that can
   come later.

 * Use `git diff --no-index` as a test_cmp on Windows.

   We'd probably need to revisit "do we really want to, and have to,
   lose CRLF vs LF?" later, at which time we may be able to further
   clean this up by replacing "git diff --no-index" with "diff \ 
-u".

 * Avoid unnecessary builds in CI, with settings configured in
   ci-config.

 * Plug leaks in sequencer subsystem and its users.

 * In-tree .gitattributes update to match the way we recommend our
   users to mark a file as text.
   (merge 1f34e0cd3d po/attributes-text later to maint).

 * Finally retire the scripted "git add -p/-i" implementation and have
   everybody use the one reimplemented in C.

Fixes since v2.39
-----------------

 * Various leak fixes.

 * Fix a bug where `pack-objects` would not respect multiple `--filter`
   arguments when invoked directly.
   (merge d4f7036887 rs/multi-filter-args later to maint).

 * Make fsmonitor more robust to avoid the flakiness seen in t7527.
   (merge 6692d45477 jh/t7527-unflake-by-forcing-cookie later to maint).

 * Stop using deprecated macOS API in fsmonitor.
   (merge b0226007f0 jh/fsmonitor-darwin-modernize later to maint).

 * Redefining system functions for a few functions did not follow our
   usual "implement git_foo() and #define foo(args) git_foo(args)"
   pattern, which has broken build for some folks.

 * The way the diff machinery prepares the options array for the
   parse_options API has been refactored to avoid resource leaks.
   (merge 189e97bc4b rs/diff-parseopts later to maint).

 * Correct pthread API usage.
   (merge 786e67611d sx/pthread-error-check-fix later to maint).

 * The code to auto-correct a misspelt subcommand unnecessarily called
   into git_default_config() from the early config codepath, which was
   a no-no.  This has bee corrected.
   (merge 0918d08887 sg/help-autocorrect-config-fix later to maint).

 * "git http-fetch" (which is rarely used) forgot to identify itself
   in the trace2 output.
   (merge 7abb43cbc8 jt/http-fetch-trace2-report-name later to maint).

 * The output from "git diff --stat" on an unmerged path lost the
   terminating LF in Git 2.39, which has been corrected.
   (merge 209d9cb011 pg/diff-stat-unmerged-regression-fix later to maint).

 * "git pull -v --recurse-submodules" attempted to pass "-v" \ 
down to
   underlying "git submodule update", which did not understand the
   request and barfed, which has been corrected.
   (merge 6f65f84766 ss/pull-v-recurse-fix later to maint).

 * When given a pattern that matches an empty string at the end of a
   line, the code to parse the "git diff" line-ranges fell into an
   infinite loop, which has been corrected.

 * Fix the sequence to fsync $GIT_DIR/packed-refs file that forgot to
   flush its output to the disk..

 * Fix to a small regression in 2.38 days.

 * "git diff --relative" did not mix well with "git diff \ 
--ext-diff",
   which has been corrected.

 * The logic to see if we are using the "cone" mode by checking the
   sparsity patterns has been tightened to avoid mistaking a pattern
   that names a single file as specifying a cone.

 * Deal with a few deprecation warning from cURL library.

 * Doc update for environment variables set when hooks are invoked.

 * Document ORIG_HEAD a bit more.

 * "git ls-tree --format='%(path) %(path)' $tree $path" showed the
   path three times, which has been corrected.

 * Remove "git env--helper" and demote it to a test-tool subcommand.
   (merge 4a1baacd46 ab/test-env-helper later to maint).

 * Newer regex library macOS stopped enabling GNU-like enhanced BRE,
   where '\(A\|B\)' works as alternation, unless explicitly asked with
   the REG_ENHANCED flag.  "git grep" now can be compiled to do so, to
   retain the old behaviour.

 * Pthread emulation on Win32 leaked thread handle when a thread is
   joined.
   (merge 238a9dfe86 sk/win32-close-handle-upon-pthread-join later to maint).

 * "git send-email -v 3" used to be expanded to "git send-email
   --validate 3" when the user meant to pass them down to
   "format-patch", which has been corrected.
   (merge 8774aa56ad km/send-email-with-v-reroll-count later to maint).

 * Document that "branch -f <branch>" disables only the safety to
   avoid recreating an existing branch.

 * "git fetch <group>", when "<group>" of \ 
remotes lists the same
   remote twice, unnecessarily failed when parallel fetching was
   enabled, which has been corrected.
   (merge 06a668cb90 cw/fetch-remote-group-with-duplication later to maint).

 * Clarify how "checkout -b/-B" and "git branch [-f]" are \ 
similar but
   different in the documentation.

 * "git hash-object" now checks that the resulting object is well
   formed with the same code as "git fsck".
   (merge 8e4309038f jk/hash-object-fsck later to maint).

 * Improve the error message given when private key is not loaded in
   the ssh agent in the codepath to sign with an ssh key.
   (merge dce7b31126 as/ssh-signing-improve-key-missing-error later to maint).

 * Adjust "git request-pull" to strip embedded signature from signed
   tags to notice non-PGP signatures.
   (merge a9cad02538 gm/request-pull-with-non-pgp-signed-tags later to maint).

 * Remove support for MSys, which now lags way behind MSys2.
   (merge 2987407f3c hj/remove-msys-support later to maint).

 * Fix use of CreateThread() API call made early in the windows
   start-up code.
   (merge 592bcab61b sk/winansi-createthread-fix later to maint).

 * "git pack-objects" learned to release delta-island bitmap data when
   it is done using it, saving peak heap memory usage.
   (merge 647982bb71 ew/free-island-marks later to maint).

 * In an environment where dynamically generated code is prohibited to
   run (e.g. SELinux), failure to JIT pcre patterns is expected.  Fall
   back to interpreted execution in such a case.
   (merge 50b6ad55b0 cb/grep-fallback-failing-jit later to maint).

 * "git name-rev" heuristics update.
   (merge b2182a8730 en/name-rev-make-taggerdate-much-less-important later to maint).

 * Remove more remaining uses of macros that relies on the_index
   singleton instance without explicitly spelling it out.

 * Remove unnecessary explicit sizing of strbuf.
   (merge 93ea118bed rs/cache-tree-strbuf-growth-fix later to maint).

 * Doc update.
   (merge d9ec3b0dc0 jk/doc-ls-remote-matching later to maint).

 * Error messages given upon a signature verification failure used to
   discard the errors from underlying gpg program, which has been
   corrected.
   (merge ad6b320756 js/gpg-errors later to maint).

 * Update --date=default documentation.
   (merge 9deef088ae rd/doc-default-date-format later to maint).

 * A test helper had a single write(2) of 256kB, which was too big for
   some platforms (e.g. NonStop), which has been corrected by using
   xwrite() wrapper appropriately.
   (merge 58eab6ff13 jc/genzeros-avoid-raw-write later to maint).

 * sscanf(3) used in "git symbolic-ref --short" implementation found
   to be not working reliably on macOS in UTF-8 locales.  Rewrite the
   code to avoid sscanf() altogether to work it around.
   (merge 613bef56b8 jk/shorten-unambiguous-ref-wo-sscanf later to maint).

 * Various fix-ups on HTTP tests.
   (merge 8f2146dbf1 jk/http-test-fixes later to maint).

 * Fixes to code that parses the todo file used in "rebase -i".
   (merge 666b6e1135 pw/rebase-i-parse-fix later to maint).

 * Test library clean-up.
   (merge c600a91c94 ar/test-lib-remove-stale-comment later to maint).

 * Other code cleanup, docfix, build fix, etc.
   (merge 4eb1ccecd4 dh/mingw-ownership-check-typofix later to maint).
   (merge f95526419b ar/typofix-gitattributes-doc later to maint).
   (merge 27875aeec9 km/doc-branch-start-point later to maint).
   (merge 35c194dc57 es/t1509-root-fixes later to maint).
   (merge 7b341645e3 pw/ci-print-failure-name-fix later to maint).
   (merge bcb71d45bf jx/t1301-updates later to maint).
   (merge ebdc46c242 jc/doc-diff-patch.txt later to maint).
   (merge a87a20cbb4 ar/test-cleanup later to maint).
   (merge f5156f1885 ar/bisect-doc-update later to maint).
   (merge fca2d86c97 jk/interop-error later to maint).
   (merge cf4936ed74 tl/ls-tree-code-clean-up later to maint).
   (merge dcb47e52b0 en/t6426-todo-cleanup later to maint).
   (merge 5b8db44bdd jc/format-patch-v-unleak later to maint).
   (merge 590b636737 jk/hash-object-literally-fd-leak later to maint).
   (merge 5458ba0a4d tb/t0003-invoke-dd-more-portably later to maint).
   (merge 70661d288b ar/markup-em-dash later to maint).
   (merge e750951e74 en/ls-files-doc-update later to maint).
   (merge 4f542975d1 mh/doc-credential-cache-only-in-core later to maint).
   (merge 3a2ebaebc7 gc/index-format-doc later to maint).
   (merge b08edf709d jk/httpd-test-updates later to maint).
   (merge d85e9448dd wl/new-command-doc later to maint).
   (merge d912a603ed kf/t5000-modernise later to maint).
   (merge e65b868d07 rs/size-t-fixes later to maint).
   (merge 3eb1e1ca9a ab/config-h-remove-unused later to maint).
   (merge d390e08076 cw/doc-pushurl-vs-url later to maint).
   (merge 567342fc77 rs/ctype-test later to maint).
   (merge d35d8f2e7a ap/t2015-style-update later to maint).

Log message:
git: updated to 2.39.2

Git v2.39.2 Release Notes
=========================

This release merges up the fixes that appear in v2.30.8, v2.31.7,
v2.32.6, v2.33.7, v2.34.7, v2.35.7, v2.36.5, v2.37.6 and v2.38.4
to address the security issues CVE-2023-22490 and CVE-2023-23946;
see the release notes for these versions for details.

Log message:
Git 2.39.1 release notes
========================

This maintenance releass is to address the security issues
identified as CVE-2022-41903 and CVE-2022-23521.

 * CVE-2022-41903:

   git log has the ability to display commits using an arbitrary
   format with its --format specifiers. This functionality is also
   exposed to git archive via the export-subst gitattribute.

   When processing the padding operators (e.g., %<(, %<|(, %>(,
   %>>(, or %><( ), an integer overflow can occur in
   pretty.c::format_and_pad_commit() where a size_t is improperly
   stored as an int, and then added as an offset to a subsequent
   memcpy() call.

   This overflow can be triggered directly by a user running a
   command which invokes the commit formatting machinery (e.g., git
   log --format=...). It may also be triggered indirectly through
   git archive via the export-subst mechanism, which expands format
   specifiers inside of files within the repository during a git
   archive.

   This integer overflow can result in arbitrary heap writes, which
   may result in remote code execution.

* CVE-2022-23521:

    gitattributes are a mechanism to allow defining attributes for
    paths. These attributes can be defined by adding a `.gitattributes`
    file to the repository, which contains a set of file patterns and
    the attributes that should be set for paths matching this pattern.

    When parsing gitattributes, multiple integer overflows can occur
    when there is a huge number of path patterns, a huge number of
    attributes for a single pattern, or when the declared attribute
    names are huge.

    These overflows can be triggered via a crafted `.gitattributes` file
    that may be part of the commit history. Git silently splits lines
    longer than 2KB when parsing gitattributes from a file, but not when
    parsing them from the index. Consequentially, the failure mode
    depends on whether the file exists in the working tree, the index or
    both.

    This integer overflow can result in arbitrary heap reads and writes,
    which may result in remote code execution.

Full release notes can be found at:
https://github.com/git/git/blob/master/Documentation/RelNotes/2.39.1.txt
https://github.com/git/git/blob/master/Documentation/RelNotes/2.30.7.txt

Log message:
git: updated to 2.39.0

Git v2.39 Release Notes
=======================

UI, Workflows & Features
------------------------

 * "git grep" learned to expand the sparse-index more lazily and on
   demand in a sparse checkout.

 * By default, use of fsmonitor on a repository on networked
   filesystem is disabled. Add knobs to make it workable on macOS.

 * After checking out a "branch" that is a symbolic-ref that points at
   another branch, "git symbolic-ref HEAD" reports the underlying
   branch, not the symbolic-ref the user gave checkout as argument.
   The command learned the "--no-recurse" option to stop after
   dereferencing a symbolic-ref only once.

 * "git branch --edit-description @{-1}" is now a way to edit branch
   description of the branch you were on before switching to the
   current branch.

 * "git merge-tree --stdin" is a new way to request a series of merges
   and report the merge results.

 * "git shortlog" learned to group by the "format" string.

 * A new "--include-whitespace" option is added to "git \ 
patch-id", and
   existing bugs in the internal patch-id logic that did not match
   what "git patch-id" produces have been corrected.

 * Enable gc.cruftpacks by default for those who opt into
   feature.experimental setting.

 * "git repack" learns to send cruft objects out of the way into
   packfiles outside the repository.

 * 'scalar reconfigure -a' is taught to automatically remove
   scalar.repo entires which no longer exist.

 * Redact headers from cURL's h2h3 module in GIT_CURL_VERBOSE and
   others.

 * 'git maintenance register' is taught to write configuration to an
   arbitrary path, and 'git for-each-repo' is taught to expand tilde
   characters in paths.

 * When creating new notes, the template used to get a stray empty
   newline, which has been removed.

 * "git receive-pack" used to use all the local refs as the boundary for
   checking connectivity of the data "git push" sent, but now it uses
   only the refs that it advertised to the pusher. In a repository with
   the .hideRefs configuration, this reduces the resources needed to
   perform the check.

 * With '--recurse-submodules=on-demand', all submodules are
   recursively pushed.

Performance, Internal Implementation, Development Support etc.
--------------------------------------------------------------

 * With a bit of header twiddling, use the native regexp library on
   macOS instead of the compat/ one.

 * Prepare for GNU [ef]grep that throw warning of their uses.

 * Sources related to fuzz testing have been moved down to their own
   directory.

 * Most credential helpers ignored unknown entries in a credential
   description, but a few died upon seeing them.  The latter were
   taught to ignore them, too

 * "scalar unregister" in a repository that is already been
   unregistered reported an error.

 * Remove error detection from a function that fetches from promisor
   remotes, and make it die when such a fetch fails to bring all the
   requested objects, to give an early failure to various operations.

 * Update CodingGuidelines to clarify what features to use and avoid
   in C99.

 * Avoid false-positive from LSan whose assumption may be broken with
   higher optimization levels.

 * Enable address and undefined sanitizer tasks at GitHub Actions CI.

 * More UNUSED annotation to help using -Wunused option with the
   compiler.
   (merge 4b992f0a24 jk/unused-anno-more later to maint).

 * Rewrite a deep recursion in the skipping negotiator to use a loop
   with on-heap prio queue to avoid stack wastage.

 * Add documentation for message IDs in fsck error messages.

 * Define the logical elements of a "bundle list", data structure to
   store them in-core, format to transfer them, and code to parse
   them.

 * The role the security mailing list plays in an embargoed release
   has been documented.

 * Two new facilities, "timer" and "counter", are introduced \ 
to the
   trace2 API.

 * Code simplification by using strvec_pushf() instead of building an
   argument in a separate strbuf.

 * Make sure generated dependency file is stably sorted to help
   developers debugging their build issues.

 * The glossary entries for "commit-graph file" and "reachability
   bitmap" have been added.

 * Various tests exercising the transfer.credentialsInUrl
   configuration are taught to avoid making requests which require
   resolving localhost to reduce CI-flakiness.

 * A redundant diagnostic message is dropped from test_path_is_missing().

 * Simplify the run-command API.

 * Update the actions/github-script dependency in CI to avoid a
   deprecation warning.

 * Progress on being able to initialize a rev_info struct with a
   macro.

 * Add trace2 counters to the region to clear skip worktree bits in a
   sparse checkout.

 * Modernize test script to avoid "test -f" and friends.

 * Avoid calling 'cache_tree_update()' when doing so would be
   redundant.

 * Update the credential-cache documentation to provide a more
   realistic example.

 * Makefile comments updates and reordering to clarify knobs used to
   choose SHA implementations.

 * A design document for sparse-checkout's future directions has been
   added.

 * Teach chainlint.pl to annotate the original test definition instead
   of the token stream.

 * "make coccicheck" is time consuming. It has been made to run more
   incrementally.

 * `parse_object()` has been hardened to check for the existence of a
   suspected blob object.

 * The build procedure has been adjusted to GNUmake version 4.4, which
   made some changes to how pattern rule with multiple targets are
   handled.

Fixes since v2.38
-----------------

 * The codepath that reads from the index v4 had unaligned memory
   accesses, which has been corrected.

 * Fix messages incorrectly marked for translation.

 * "git fsck" failed to release contents of tree objects already used
   from the memory, which has been fixed.

 * "git clone" did not like to see the "--bare" and the \ 
"--origin"
   options used together without a good reason.

 * "git remote rename" failed to rename a remote without fetch
   refspec, which has been corrected.

 * Documentation on various Boolean GIT_* environment variables have
   been clarified.

 * "git rebase -i" can mistakenly attempt to apply a fixup to a commit
   itself, which has been corrected.

 * "git multi-pack-index repack/expire" used to repack unreachable
   cruft into a new pack, which have been corrected.

 * In read-only repositories, "git merge-tree" tried to come up with a
   merge result tree object, which it failed (which is not wrong) and
   led to a segfault (which is bad), which has been corrected.

 * Force C locale while running tests around httpd to make sure we can
   find expected error messages in the log.

 * Fix a logic in "mailinfo -b" that miscomputed the length of a
   substring, which lead to an out-of-bounds access.

 * The codepath to sign learned to report errors when it fails to read
   from "ssh-keygen".

 * Code clean-up that results in plugging a leak.

 * "GIT_EDITOR=: git branch --edit-description" resulted in failure,
   which has been corrected.

 * The code to clean temporary object directories (used for
   quarantine) tried to remove them inside its signal handler, which
   was a no-no.

 * Update comment in the Makefile about the RUNTIME_PREFIX config knob.

 * Clarify that "the sentence after <area>: prefix does not begin with
   a capital letter" rule applies only to the commit title.

 * "git branch --edit-description" on an unborn branch misleadingly
   said that no such branch exists, which has been corrected.

 * Work around older clang that warns against C99 zero initialization
   syntax for struct.

 * Giving "--invert-grep" and "--all-match" without \ 
"--grep" to the
   "git log" command resulted in an attempt to access grep pattern
   expression structure that has not been allocated, which has been
   corrected.
   (merge db84376f98 ab/grep-simplify-extended-expression later to maint).

 * "git diff rev^!" did not show combined diff to go to the rev from
   its parents.
   (merge a79c6b6081 rs/diff-caret-bang-with-parents later to maint).

 * Allow configuration files in "protected" scopes to include other
   configuration files.
   (merge ecec57b3c9 gc/bare-repo-discovery later to maint).

 * Give a bit more diversity to macOS CI by using sha1dc in one of the
   jobs (the other one tests Apple Common Crypto).
   (merge 1ad5c3df35 jc/ci-osx-with-sha1dc later to maint).

 * A bugfix with tracing support in midx codepath
   (merge e9c3839944 tb/midx-bitmap-selection-fix later to maint).

 * When geometric repacking feature is in use together with the
   --pack-kept-objects option, we lost packs marked with .keep files.
   (merge 197443e80a tb/save-keep-pack-during-geometric-repack later to maint).

 * Move a global variable added as a hack during regression fixes to
   its proper place in the API.
   (merge 0b0ab95f17 ab/run-hook-api-cleanup later to maint).

 * Update to build procedure with VS using CMake/CTest.
   (merge c858750b41 js/cmake-updates later to maint).

 * The short-help text shown by "git cmd -h" and the synopsis text
   shown at the beginning of "git help cmd" have been made more
   consistent.

 * When creating a multi-pack bitmap, remove per-pack bitmap files
   unconditionally as they will never be consulted.
   (merge 55d902cd61 tb/remove-unused-pack-bitmap later to maint).

 * Fix a longstanding syntax error in Git.pm error codepath.

 * "git diff --stat" etc. were invented back when everything was ASCII
   and strlen() was a way to measure the display width of a string;
   adjust them to compute the display width assuming UTF-8 pathnames.
   (merge ce8529b2bb tb/diffstat-with-utf8-strwidth later to maint).

 * "git branch --edit-description" can exit with status -1 which is
   not a good practice; it learned to use 1 as everybody else instead.

 * "git apply" limits its input to a bit less than 1 GiB.

 * Merging a branch with directory renames into a branch that changes
   the directory to a symlink was mishandled by the ort merge
   strategy, which has been corrected.

 * A bugfix to "git subtree" in its split and merge features.

 * Fix some bugs in the reflog messages when rebasing and changes the
   reflog messages of "rebase --apply" to match "rebase \ 
--merge" with
   the aim of making the reflog easier to parse.

 * "git rebase --keep-base" used to discard the commits that are
   already cherry-picked to the upstream, even when "keep-base" meant
   that the base, on top of which the history is being rebuilt, does
   not yet include these cherry-picked commits.  The --keep-base
   option now implies --reapply-cherry-picks and --no-fork-point
   options.

 * The way "git repack" created temporary files when it received a
   signal was prone to deadlocking, which has been corrected.

 * Various tests exercising the transfer.credentialsInUrl
   configuration are taught to avoid making requests which require
   resolving localhost to reduce CI-flakiness.

 * The adjust_shared_perm() helper function learned to refrain from
   setting the "g+s" bit on directories when it is not necessary.

 * "git archive" mistakenly complained twice about a missing
   executable, which has been corrected.

 * Fix a bug where `git branch -d` did not work on an orphaned HEAD.

 * `git rebase --update-refs` would delete references when all
   `update-ref` commands in the sequencer were removed, which has been
   corrected.

 * Fix a regression in the bisect-helper which mistakenly treats
   arguments to the command given to 'git bisect run' as arguments to
   the helper.

 * Correct an error where `git rebase` would mistakenly use a branch or
   tag named "refs/rewritten/xyz" when missing a rebase label.

 * Assorted fixes of parsing end-user input as integers.
   (merge 14770cf0de pw/config-int-parse-fixes later to maint).

 * "git prune" may try to iterate over .git/objects/pack for trash
   files to remove in it, and loudly fail when the directory is
   missing, which is not necessary.  The command has been taught to
   ignore such a failure.
   (merge 6974765352 ew/prune-with-missing-objects-pack later to maint).

 * Add one more candidate directory that may house httpd modules while
   running tests.
   (merge 1c7dc23d41 es/locate-httpd-module-location-in-test later to maint).

 * A handful of leaks in the line-log machinery have been plugged.

 * The format of a line in /proc/cpuinfo that describes a CPU on s390x
   looked different from everybody else, and the code in chainlint.pl
   failed to parse it.
   (merge 1f51b77f4f ah/chainlint-cpuinfo-parse-fix later to maint).

 * Adjust the GitHub CI to newer ubuntu release.
   (merge 0d3507f3e7 jx/ci-ubuntu-fix later to maint).

 * Other code cleanup, docfix, build fix, etc.
   (merge 413bc6d20a ds/cmd-main-reorder later to maint).
   (merge 8d2863e4ed nw/t1002-cleanup later to maint).
   (merge 7c2dc122f9 rs/list-objects-filter-leakfix later to maint).
   (merge 288fcb1c94 zk/push-use-bitmaps later to maint).
   (merge 42db324c0f km/merge-recursive-typofix later to maint).

Log message:
git: updated to 2.38.2

Git 2.38.2 Release Notes
========================

This is to backport various fixes accumulated during the development
towards Git 2.39, the next feature release.

Fixes since v2.38.1
-------------------

 * Update CodingGuidelines to clarify what features to use and avoid
   in C99.

 * The codepath that reads from the index v4 had unaligned memory
   accesses, which has been corrected.

 * "git remote rename" failed to rename a remote without fetch
   refspec, which has been corrected.

 * "git clone" did not like to see the "--bare" and the \ 
"--origin"
   options used together without a good reason.

 * Fix messages incorrectly marked for translation.

 * "git fsck" failed to release contents of tree objects already used
   from the memory, which has been fixed.

 * "git rebase -i" can mistakenly attempt to apply a fixup to a commit
   itself, which has been corrected.

 * In read-only repositories, "git merge-tree" tried to come up with a
   merge result tree object, which it failed (which is not wrong) and
   led to a segfault (which is bad), which has been corrected.

 * Force C locale while running tests around httpd to make sure we can
   find expected error messages in the log.

 * Fix a logic in "mailinfo -b" that miscomputed the length of a
   substring, which lead to an out-of-bounds access.

 * The codepath to sign learned to report errors when it fails to read
   from "ssh-keygen".

 * "GIT_EDITOR=: git branch --edit-description" resulted in failure,
   which has been corrected.

 * Documentation on various Boolean GIT_* environment variables have
   been clarified.

 * "git multi-pack-index repack/expire" used to repack unreachable
   cruft into a new pack, which have been corrected.

 * The code to clean temporary object directories (used for
   quarantine) tried to remove them inside its signal handler, which
   was a no-no.

 * "git branch --edit-description" on an unborh branch misleadingly
   said that no such branch exists, which has been corrected.

 * GitHub CI settings have been adjusted to recent reality, merging
   and cherry-picking necessary topics that have been prepared for Git
   2.39.

 * `git rebase --update-refs` would delete references when all `update-ref`
   commands in the sequencer were removed, which has been corrected.

Also contains various documentation updates and code clean-ups.

Log message:
git: updated to 2.38.1

Git v2.38.1 Release Notes
=========================

This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.

Log message:
git: updated to 2.38.0

Git v2.38 Release Notes
=======================

UI, Workflows & Features

 * "git remote show [-n] frotz" now pays attention to negative
   pathspec.

 * "git push" sometimes performs poorly when reachability bitmaps are
   used, even in a repository where other operations are helped by
   bitmaps.  The push.useBitmaps configuration variable is introduced
   to allow disabling use of reachability bitmaps only for "git push".

 * "git grep -m<max-hits>" is a way to limit the hits shown per file.

 * "git merge-tree" learned a new mode where it takes two commits and
   computes a tree that would result in the merge commit, if the
   histories leading to these two commits were to be merged.

 * "git mv A B" in a sparsely populated working tree can be asked to
   move a path between directories that are "in cone" (i.e. expected
   to be materialized in the working tree) and "out of cone"
   (i.e. expected to be hidden).  The handling of such cases has been
   improved.

 * Earlier, HTTP transport clients learned to tell the server side
   what locale they are in by sending Accept-Language HTTP header, but
   this was done only for some requests but not others.

 * Introduce a safe.barerepository configuration variable that
   allows users to forbid discovery of bare repositories.

 * Various messages that come from the pack-bitmap codepaths have been
   tweaked.

 * "git rebase -i" learns to update branches whose tip appear in the
   rebased range with "--update-refs" option.

 * "git ls-files" learns the "--format" option to tweak its \ 
output.

 * "git cat-file" learned an option to use the mailmap when showing
   commit and tag objects.

 * When "git merge" finds that it cannot perform a merge, it should
   restore the working tree to the state before the command was
   initiated, but in some corner cases it didn't.

 * Operating modes like "--batch" of "git cat-file" command \ 
learned to
   take NUL-terminated input, instead of one-item-per-line.

 * "git rm" has become more aware of the sparse-index feature.

 * "git rev-list --disk-usage" learned to take an optional value
   "human" to show the reported value in human-readable format, like
   "3.40MiB".

 * The "diagnose" feature to create a zip archive for diagnostic
   material has been lifted from "scalar" and made into a feature of
   "git bugreport".

 * The namespaces used by "log --decorate" from "refs/" \ 
hierarchy by
   default has been tightened.

 * "git rev-list --ancestry-path=C A..B" is a natural extension of
   "git rev-list A..B"; instead of choosing a subset of A..B to those
   that have ancestry relationship with A, it lets a subset with
   ancestry relationship with C.

 * "scalar" now enables built-in fsmonitor on enlisted repositories,
   when able.

 * The bash prompt (in contrib/) learned to optionally indicate when
   the index is unmerged.

 * "git clone" command learned the "--bundle-uri" option to \ 
coordinate
   with hosting sites the use of pre-prepared bundle files.

 * "git range-diff" learned to honor pathspec argument if given.

 * "git format-patch --from=<ident>" can be told to add an in-body
   "From:" line even for commits that are authored by the given
   <ident> with "--force-in-body-from" option.

 * The built-in fsmonitor refuses to work on a network mounted
   repositories; a configuration knob for users to override this has
   been introduced.

 * The "scalar" addition from Microsoft is now part of the core Git
   installation.

Performance, Internal Implementation, Development Support etc.

 * Collection of what is referenced by objects in promisor packs have
   been optimized to inspect these objects in the in-pack order.

 * Introduce a helper to see if a branch is already being worked on
   (hence should not be newly checked out in a working tree), which
   performs much better than the existing find_shared_symref() to
   replace many uses of the latter.

 * Teach "git archive" to (optionally and then by default) avoid
   spawning an external "gzip" process when creating \ 
".tar.gz" (and
   ".tgz") archives.

 * Allow large objects read from a packstream to be streamed into a
   loose object file straight, without having to keep it in-core as a
   whole.

 * Further preparation to turn git-submodule.sh into a builtin
   continues.

 * Apply Coccinelle rule to turn raw memmove() into MOVE_ARRAY() cpp
   macro, which would improve maintainability and readability.

 * Teach "make all" to build gitweb as well.

 * Tweak tests so that they still work when the "git init" template
   did not create .git/info directory.

 * Add Coccinelle rules to detect the pattern of initializing and then
   finalizing a structure without using it in between at all, which
   happens after code restructuring and the compilers fail to
   recognize as an unused variable.

 * The code to convert between GPG trust level strings and internal
   constants we use to represent them have been cleaned up.

 * Support for libnettle as SHA256 implementation has been added.

 * The way "git multi-pack" uses parse-options API has been improved.

 * A Coccinelle rule (in contrib/) to encourage use of COPY_ARRAY
   macro has been improved.

 * API tweak to make it easier to run fuzz testing on commit-graph parser.

 * Omit fsync-related trace2 entries when their values are all zero.

 * The codepath to write multi-pack index has been taught to release a
   large chunk of memory that holds an array of objects in the packs,
   as soon as it is done with the array, to reduce memory consumption.

 * Add a level of redirection to array allocation API in xdiff part,
   to make it easier to share with the libgit2 project.

 * "git fetch" client logs the partial clone filter used in the trace2
   output.

 * The "bundle URI" design gets documented.

 * The common ancestor negotiation exchange during a "git fetch"
   session now leaves trace log.

 * Test portability improvements.
   (merge 4d1d843be7 mt/rot13-in-c later to maint).

 * The "subcommand" mode is introduced to parse-options API and update
   the command line parser of Git commands with subcommands.

 * The pack bitmap file gained a bitmap-lookup table to speed up
   locating the necessary bitmap for a given commit.

 * The assembly version of SHA-1 implementation for PPC has been
   removed.

 * The server side that responds to "git fetch" and "git clone"
   request has been optimized by allowing it to send objects in its
   object store without recomputing and validating the object names.

 * Annotate function parameters that are not used (but cannot be
   removed for structural reasons), to prepare us to later compile
   with -Wunused warning turned on.

 * Share the text used to explain configuration variables used by "git
   <subcmd>" in "git help <subcmd>" with the text \ 
from "git help config".

 * "git mv A B" in a sparsely populated working tree can be asked to
   move a path from a directory that is "in cone" to another directory
   that is "out of cone".  Handling of such a case has been improved.

 * The chainlint script for our tests has been revamped.

Fixes since v2.37
-----------------

 * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
   correctly record a removed file to the index, which was fixed.

 * Certain diff options are currently ignored when combined-diff is
   shown; mark them as incompatible with the feature.

 * Adjust technical/bitmap-format to be formatted by AsciiDoc, and
   add some missing information to the documentation.

 * Fixes for tests when the source directory has unusual characters in
   its path, e.g. whitespaces, double-quotes, etc.

 * "git mktree --missing" lazily fetched objects that are missing from
   the local object store, which was totally unnecessary for the purpose
   of creating the tree object(s) from its input.

 * Give _() markings to fatal/warning/usage: labels that are shown in
   front of these messages.

 * References to commands-to-be-typed-literally in "git rebase"
   documentation mark-up have been corrected.

 * In a non-bare repository, the behavior of Git when the
   core.worktree configuration variable points at a directory that has
   a repository as its subdirectory, regressed in Git 2.27 days.

 * Recent update to vimdiff layout code has been made more robust
   against different end-user vim settings.

 * Plug various memory leaks, both in the main code and in test-tool
   commands.

 * Fixes a long-standing corner case bug around directory renames in
   the merge-ort strategy.

 * The resolve-undo information in the index was not protected against
   GC, which has been corrected.

 * A corner case bug where lazily fetching objects from a promisor
   remote resulted in infinite recursion has been corrected.

 * "git clone" from a repository with some ref whose HEAD is unborn
   did not set the HEAD in the resulting repository correctly, which
   has been corrected.

 * An earlier attempt to plug leaks placed a clean-up label to jump to
   at a bogus place, which as been corrected.

 * Variable quoting fix in the vimdiff driver of "git mergetool"

 * "git shortlog -n" relied on the underlying qsort() to be stable,
   which shouldn't have.  Fixed.

 * A fix for a regression in test framework.

 * mkstemp() emulation on Windows has been improved.

 * Add missing documentation for "include" and "includeIf" \ 
features in
   "git config" file format, which incidentally teaches the command
   line completion to include them in its offerings.

 * Avoid "white/black-list" in documentation and code comments.

 * Workaround for a compiler warning against use of die() in
   osx-keychain (in contrib/).

 * Workaround for a false positive compiler warning.

 * "git p4" working on UTF-16 files on Windows did not implement
   CRLF-to-LF conversion correctly, which has been corrected.

 * "git p4" did not handle non-ASCII client name well, which has been
   corrected.

 * "rerere-train" script (in contrib/) used to honor commit.gpgSign
   while recreating the throw-away merges.

 * "git checkout" miscounted the paths it updated, which has been
   corrected.

 * Fix for a bug that makes write-tree to fail to write out a
   non-existent index as a tree, introduced in 2.37.

 * There was a bug in the codepath to upgrade generation information
   in commit-graph from v1 to v2 format, which has been corrected.

 * Gitweb had legacy URL shortener that is specific to the way
   projects hosted on kernel.org used to (but no longer) work, which
   has been removed.

 * Fix build procedure for Windows that uses CMake so that it can pick
   up the shell interpreter from local installation location.

 * Conditionally allow building Python interpreter on Windows

 * Fix to lstat() emulation on Windows.

 * Older gcc with -Wall complains about the universal zero initializer
   "struct s = { 0 };" idiom, which makes developers' lives
   inconvenient (as -Werror is enabled by DEVELOPER=YesPlease).  The
   build procedure has been tweaked to help these compilers.

 * Plug memory leaks in the failure code path in the "merge-ort" merge
   strategy backend.

 * "git symbolic-ref symref non..sen..se" is now diagnosed as an error.

 * A follow-up fix to a fix for a regression in 2.36 around hooks.

 * Avoid repeatedly running getconf to ask libc version in the test
   suite, and instead just as it once per script.

 * Platform-specific code that determines if a directory is OK to use
   as a repository has been taught to report more details, especially
   on Windows.

 * "vimdiff3" regression fix.

 * "git fsck" reads mode from tree objects but canonicalizes the mode
   before passing it to the logic to check object sanity, which has
   hid broken tree objects from the checking logic.  This has been
   corrected, but to help existing projects with broken tree objects
   that they cannot fix retroactively, the severity of anomalies this
   code detects has been demoted to "info" for now.

 * Fixes to sparse index compatibility work for "reset" and \ 
"checkout"
   commands.

 * An earlier optimization discarded a tree-object buffer that is
   still in use, which has been corrected.

 * Fix deadlocks between main Git process and subprocess spawned via
   the pipe_command() API, that can kill "git add -p" that was
   reimplemented in C recently.

 * The sequencer machinery translated messages left in the reflog by
   mistake, which has been corrected.

 * xcalloc(), imitating calloc(), takes "number of elements of the
   array", and "size of a single element", in this order.  A call that
   does not follow this ordering has been corrected.

 * The preload-index codepath made copies of pathspec to give to
   multiple threads, which were left leaked.

 * Update the version of Ubuntu used for GitHub Actions CI from 18.04
   to 22.04.

 * The auto-stashed local changes created by "git merge --autostash"
   was mixed into a conflicted state left in the working tree, which
   has been corrected.

 * Multi-pack index got corrupted when preferred pack changed from one
   pack to another in a certain way, which has been corrected.
   (merge 99e4d084ff tb/midx-with-changing-preferred-pack-fix later to maint).

 * The clean-up of temporary files created via mks_tempfile_dt() was
   racy and attempted to unlink() the leading directory when signals
   are involved, which has been corrected.
   (merge babe2e0559 rs/tempfile-cleanup-race-fix later to maint).

 * FreeBSD portability fix for "git maintenance" that spawns \ 
"crontab"
   to schedule tasks.
   (merge ee69e7884e bc/gc-crontab-fix later to maint).

 * Those who use diff-so-fancy as the diff-filter noticed a regression
   or two in the code that parses the diff output in the built-in
   version of "add -p", which has been corrected.
   (merge 0a101676e5 js/add-p-diff-parsing-fix later to maint).

 * Segfault fix-up to an earlier fix to the topic to teach "git reset"
   and "git checkout" work better in a sparse checkout.
   (merge 037f8ea6d9 vd/sparse-reset-checkout-fixes later to maint).

 * "git diff --no-index A B" managed its the pathnames of its two
   input files rather haphazardly, sometimes leaking them.  The
   command line argument processing has been straightened out to clean
   it up.
   (merge 2b43dd0eb5 rs/diff-no-index-cleanup later to maint).

 * "git rev-list --verify-objects" ought to inspect the contents of
   objects and notice corrupted ones, but it didn't when the commit
   graph is in use, which has been corrected.
   (merge b27ccae34b jk/rev-list-verify-objects-fix later to maint).

 * More fixes to "add -p"
   (merge 64ec8efb83 js/builtin-add-p-portability-fix later to maint).

 * The parser in the script interface to parse-options in "git
   rev-parse" has been updated to diagnose a bogus input correctly.
   (merge f20b9c36d0 ow/rev-parse-parseopt-fix later to maint).

 * The code that manages list-object-filter structure, used in partial
   clones, leaked the instances, which has been plugged.
   (merge 66eede4a37 jk/plug-list-object-filter-leaks later to maint).

 * Fix another UI regression in the reimplemented "add -p".
   (merge f6f0ee247f rs/add-p-worktree-mode-prompt-fix later to maint).

 * "git fetch" over protocol v2 sent an incorrect ref prefix request
   to the server and made "git pull" with configured fetch refspec
   that does not cover the remote branch to merge with fail, which has
   been corrected.
   (merge 49ca2fba39 jk/proto-v2-ref-prefix-fix later to maint).

 * A result from opendir() was leaking in the commit-graph expiration
   codepath, which has been plugged.
   (merge 12f1ae5324 ml/commit-graph-expire-dir-leak-fix later to maint).

 * Just like we have coding guidelines, we now have guidelines for
   reviewers.
   (merge e01b851923 vd/doc-reviewing-guidelines later to maint).

 * Other code cleanup, docfix, build fix, etc.
   (merge 77b9e85c0f vd/fix-perf-tests later to maint).
   (merge 0682bc43f5 jk/test-crontab-fixes later to maint).
   (merge b46dd1726c cc/doc-trailer-whitespace-rules later to maint).

Log message:
git: updated to 2.37.3

Git 2.37.3 Release Notes
========================

This primarily is to backport various fixes accumulated on the 'master'
front since 2.37.2.

Fixes since v2.37.2
-------------------

 * The build procedure for Windows that uses CMake has been updated to
   pick up the shell interpreter from local installation location.

 * Conditionally allow building Python interpreter on Windows

 * Fix to lstat() emulation on Windows.

 * Older gcc with -Wall complains about the universal zero initializer
   "struct s = { 0 };" idiom, which makes developers' lives
   inconvenient (as -Werror is enabled by DEVELOPER=YesPlease).  The
   build procedure has been tweaked to help these compilers.

 * Plug memory leaks in the failure code path in the "merge-ort" merge
   strategy backend.

 * Avoid repeatedly running getconf to ask libc version in the test
   suite, and instead just as it once per script.

 * Platform-specific code that determines if a directory is OK to use
   as a repository has been taught to report more details, especially
   on Windows.

 * "vimdiff3" regression has been corrected.

 * "git fsck" reads mode from tree objects but canonicalizes the mode
   before passing it to the logic to check object sanity, which has
   hid broken tree objects from the checking logic.  This has been
   corrected, but to help exiting projects with broken tree objects
   that they cannot fix retroactively, the severity of anomalies this
   code detects has been demoted to "info" for now.

 * Fixes to sparse index compatibility work for "reset" and \ 
"checkout"
   commands.

 * Documentation for "git add --renormalize" has been improved.

Also contains other minor documentation updates and code clean-ups.