./devel/git-base, GIT Tree History Storage Tool (base package)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.28.0nb1, Package name: git-base-2.28.0nb1, Maintainer: pkgsrc-users

Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.

Git is easy to learn and has a tiny footprint with lightning fast
performance. It outclasses SCM tools like Subversion, CVS, Perforce,
and ClearCase with features like cheap local branching, convenient
staging areas, and multiple workflows.

This package contains only the git program (and subcommands). It does
not contain man pages or the tk-based repository browser.


Required to run:
[www/curl] [lang/perl5] [security/openssl] [security/p5-Authen-SASL] [mail/p5-Email-Valid] [mail/p5-MailTools] [devel/p5-Error] [mail/p5-Net-SMTP-SSL] [devel/pcre2]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 29a70cd3e7bccbbc4233e9c948b036e0b7b6d46a
RMD160: e67938072b14b8be06e562666a66a1a5d659fbb9
Filesize: 5974.227 KB

Version history: (Expand)


CVS history: (Expand)


   2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) | Package updated
Log message:
*: bump PKGREVISION for perl-5.32.
   2020-07-29 09:47:51 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
git: updated to 2.28.0

Git 2.28 Release Notes
======================

Updates since v2.27
-------------------

Backward compatibility notes

 * "fetch.writeCommitGraph" is deemed to be still a bit too risky and
   is no longer part of the "feature.experimental" set.

UI, Workflows & Features

 * The commands in the "diff" family learned to honor \ 
"diff.relative"
   configuration variable.

 * The check in "git fsck" to ensure that the tree objects are sorted
   still had corner cases it missed unsorted entries.

 * The interface to redact sensitive information in the trace output
   has been simplified.

 * The command line completion (in contrib/) learned to complete
   options that the "git switch" command takes.

 * "git diff" used to take arguments in random and nonsense range
   notation, e.g. "git diff A..B C", "git diff A..B C...D", etc.,
   which has been cleaned up.

 * "git diff-files" has been taught to say paths that are marked as
   intent-to-add are new files, not modified from an empty blob.

 * "git status" learned to report the status of sparse checkout.

 * "git difftool" has trouble dealing with paths added to the index
   with the intent-to-add bit.

 * "git fast-export --anonymize" learned to take customized mapping to
   allow its users to tweak its output more usable for debugging.

 * The command line completion support (in contrib/) used to be
   prepared to work with "set -u" but recent changes got a bit more
   sloppy.  This has been corrected.

 * "git gui" now allows opening work trees from the start-up dialog.

Performance, Internal Implementation, Development Support etc.

 * Code optimization for a common case.
   (merge 8777616e4d an/merge-single-strategy-optim later to maint).

 * We've adopted a convention that any on-stack structure can be
   initialized to have zero values in all fields with "= { 0 }",
   even when the first field happens to be a pointer, but sparse
   complained that a null pointer should be spelled NULL for a long
   time.  Start using -Wno-universal-initializer option to squelch
   it (the latest sparse has it on by default).

 * "git log -L..." now takes advantage of the "which paths are touched
   by this commit?" info stored in the commit-graph system.

 * As FreeBSD is not the only platform whose regexp library reports
   a REG_ILLSEQ error when fed invalid UTF-8, add logic to detect that
   automatically and skip the affected tests.

 * "git bugreport" learns to report what shell is in use.

 * Support for GIT_CURL_VERBOSE has been rewritten in terms of
   GIT_TRACE_CURL.

 * Preliminary clean-ups around refs API, plus file format
   specification documentation for the reftable backend.

 * Workaround breakage in MSVC build, where "curl-config --cflags"
   gives settings appropriate for GCC build.

 * Code clean-up of "git clean" resulted in a fix of recent
   performance regression.

 * Code clean-up in the codepath that serves "git fetch" continues.

 * "git merge-base --is-ancestor" is taught to take advantage of the
   commit graph.

 * Rewrite of parts of the scripted "git submodule" Porcelain command
   continues; this time it is "git submodule set-branch" subcommand's
   turn.

 * The "fetch/clone" protocol has been updated to allow the server to
   instruct the clients to grab pre-packaged packfile(s) in addition
   to the packed object data coming over the wire.

 * A misdesigned strbuf_write_fd() function has been retired.

 * SHA-256 migration work continues, including CVS/SVN interface.

 * A few fields in "struct commit" that do not have to always be
   present have been moved to commit slabs.

 * API cleanup for get_worktrees()

 * By renumbering object flag bits, "struct object" managed to lose
   bloated inter-field padding.

 * The name of the primary branch in existing repositories, and the
   default name used for the first branch in newly created
   repositories, is made configurable, so that we can eventually wean
   ourselves off of the hardcoded 'master'.

 * The effort to avoid using test_must_fail on non-git command continues.

 * In 2.28-rc0, we corrected a bug that some repository extensions are
   honored by mistake even in a version 0 repositories (these
   configuration variables in extensions.* namespace were supposed to
   have special meaning in repositories whose version numbers are 1 or
   higher), but this was a bit too big a change.  The behaviour in
   recent versions of Git where certain extensions.* were honored by
   mistake even in version 0 repositories has been restored.

Fixes since v2.27
-----------------

 * The "--prepare-p4-only" option of "git p4" is supposed to stop
   after replaying one changeset, but kept going (by mistake?)

 * The error message from "git checkout -b foo -t bar baz" was
   confusing.

 * Some repositories in the wild have commits that record nonsense
   committer timezone (e.g. rails.git); "git fast-import" learned an
   option to pass these nonsense timestamps intact to allow recreating
   existing repositories as-is.
   (merge d42a2fb72f en/fast-import-looser-date later to maint).

 * The command line completion script (in contrib/) tried to complete
   "git stash -p" as if it were "git stash push -p", but it \ 
was too
   aggressive and also affected "git stash show -p", which has been
   corrected.
   (merge fffd0cf520 vs/complete-stash-show-p-fix later to maint).

 * On-the-wire protocol v2 easily falls into a deadlock between the
   remote-curl helper and the fetch-pack process when the server side
   prematurely throws an error and disconnects.  The communication has
   been updated to make it more robust.

 * "git checkout -p" did not handle a newly added path at all.
   (merge 2c8bd8471a js/checkout-p-new-file later to maint).

 * The code to parse "git bisect start" command line was lax in
   validating the arguments.
   (merge 4d9005ff5d cb/bisect-helper-parser-fix later to maint).

 * Reduce memory usage during "diff --quiet" in a worktree with too
   many stat-unmatched paths.
   (merge d2d7fbe129 jk/diff-memuse-optim-with-stat-unmatch later to maint).

 * The reflog entries for "git clone" and "git fetch" did not
   anonymize the URL they operated on.
   (merge 46da295a77 js/reflog-anonymize-for-clone-and-fetch later to maint).

 * The behaviour of "sparse-checkout" in the state "git clone
   --no-checkout" left was changed accidentally in 2.27, which has
   been corrected.

 * Use of negative pathspec, while collecting paths including
   untracked ones in the working tree, was broken.

 * The same worktree directory must be registered only once, but
   "git worktree move" allowed this invariant to be violated, which
   has been corrected.
   (merge 810382ed37 es/worktree-duplicate-paths later to maint).

 * The effect of sparse checkout settings on submodules is documented.
   (merge e7d7c73249 en/sparse-with-submodule-doc later to maint).

 * Code clean-up around "git branch" with a minor bugfix.
   (merge dc44639904 dl/branch-cleanup later to maint).

 * A branch name used in a test has been clarified to match what is
   going on.
   (merge 08dc26061f pb/t4014-unslave later to maint).

 * An in-code comment in "git diff" has been updated.
   (merge c592fd4c83 dl/diff-usage-comment-update later to maint).

 * The documentation and some tests have been adjusted for the recent
   renaming of "pu" branch to "seen".
   (merge 6dca5dbf93 js/pu-to-seen later to maint).

 * The code to push changes over "dumb" HTTP had a bad interaction
   with the commit reachability code due to incorrect allocation of
   object flag bits, which has been corrected.
   (merge 64472d15e9 bc/http-push-flagsfix later to maint).

 * "git send-email --in-reply-to=<msg>" did not use the In-Reply-To:
   header with the value given from the command line, and let it be
   overridden by the value on In-Reply-To: header in the messages
   being sent out (if exists).
   (merge f9f60d7066 ra/send-email-in-reply-to-from-command-line-wins later to \ 
maint).

 * "git log -Lx,y:path --before=date" lost track of where the range
   should be because it didn't take the changes made by the youngest
   commits that are omitted from the output into account.

 * When "fetch.writeCommitGraph" configuration is set in a shallow
   repository and a fetch moves the shallow boundary, we wrote out
   broken commit-graph files that do not match the reality, which has
   been corrected.

 * "git checkout" failed to catch an error from fstat() after updating
   a path in the working tree.
   (merge 35e6e212fd mt/entry-fstat-fallback-fix later to maint).

 * When an aliased command, whose output is piped to a pager by git,
   gets killed by a signal, the pager got into a funny state, which
   has been corrected (again).
   (merge c0d73a59c9 ta/wait-on-aliased-commands-upon-signal later to maint).

 * The code to produce progress output from "git commit-graph --write"
   had a few breakages, which have been fixed.

 * Other code cleanup, docfix, build fix, etc.
   (merge 2c31a7aa44 jx/pkt-line-doc-count-fix later to maint).
   (merge d63ae31962 cb/t5608-cleanup later to maint).
   (merge 788db145c7 dl/t-readme-spell-git-correctly later to maint).
   (merge 45a87a83bb dl/python-2.7-is-the-floor-version later to maint).
   (merge b75a219904 es/advertise-contribution-doc later to maint).
   (merge 0c9a4f638a rs/pull-leakfix later to maint).
   (merge d546fe2874 rs/commit-reach-leakfix later to maint).
   (merge 087bf5409c mk/pb-pretty-email-without-domain-part-fix later to maint).
   (merge 5f4ee57ad9 es/worktree-code-cleanup later to maint).
   (merge 0172f7834a cc/cat-file-usage-update later to maint).
   (merge 81de0c01cf ma/rebase-doc-typofix later to maint).
   2020-06-03 16:06:48 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
git: updated to 2.27.0

Git 2.27 Release Notes
======================

Updates since v2.26
-------------------

Backward compatibility notes

 * When "git describe C" finds that commit C is pointed by a signed or
   annotated tag, which records T as its tagname in the object, the
   command gives T as its answer.  Even if the user renames or moves
   such a tag from its natural location in the "refs/tags/" hierarchy,
   "git describe C" would still give T as the answer, but in such a
   case "git show T^0" would no longer work as expected.  There may be
   nothing at "refs/tags/T" or even worse there may be a different tag
   instead.

   Starting from this version, "git describe" will always use the
   "long" version, as if the "--long" option were given, \ 
when giving
   its output based on such a misplaced tag to work around the problem.

 * "git pull" issues a warning message until the pull.rebase
   configuration variable is explicitly given, which some existing
   users may find annoying---those who prefer not to rebase need to
   set the variable to false to squelch the warning.

 * The transport protocol version 2, which was promoted to the default
   in Git 2.26 release, turned out to have some remaining rough edges,
   so it has been demoted from the default.

UI, Workflows & Features

 * A handful of options to configure SSL when talking to proxies have
   been added.

 * Smudge/clean conversion filters are now given more information
   (e.g. the object of the tree-ish in which the blob being converted
   appears, in addition to its path, which has already been given).

 * When "git describe C" finds an annotated tag with tagname A to be
   the best name to explain commit C, and the tag is stored in a
   "wrong" place in the refs/tags hierarchy, e.g. refs/tags/B, the
   command gave a warning message but used A (not B) to describe C.
   If C is exactly at the tag, the describe output would be "A", but
   "git rev-parse A^0" would not be equal as "git rev-parse \ 
C^0".  The
   behavior of the command has been changed to use the "long" form
   i.e. A-0-gOBJECTNAME, which is correctly interpreted by rev-parse.

 * "git pull" learned to warn when no pull.rebase configuration
   exists, and neither --[no-]rebase nor --ff-only is given (which
   would result a merge).

 * "git p4" learned four new hooks and also "--no-verify" \ 
option to
   bypass them (and the existing "p4-pre-submit" hook).

 * "git pull" shares many options with underlying "git \ 
fetch", but
   some of them were not documented and some of those that would make
   sense to pass down were not passed down.

 * "git rebase" learned the "--no-gpg-sign" option to countermand
   commit.gpgSign the user may have.

 * The output from "git format-patch" uses RFC 2047 encoding for
   non-ASCII letters on From: and Subject: headers, so that it can
   directly be fed to e-mail programs.  A new option has been added
   to produce these headers in raw.

 * "git log" learned "--show-pulls" that helps pathspec limited
   history views; a merge commit that takes the whole change from a
   side branch, which is normally omitted from the output, is shown
   in addition to the commits that introduce real changes.

 * The interactive input from various codepaths are consolidated and
   any prompt possibly issued earlier are fflush()ed before we read.

 * Allow "git rebase" to reapply all local commits, even if the may be
   already in the upstream, without checking first.

 * The 'pack.useSparse' configuration variable now defaults to 'true',
   enabling an optimization that has been experimental since Git 2.21.

 * "git rebase" happens to call some hooks meant for \ 
"checkout" and
   "commit" by this was not a designed behaviour than historical
   accident.  This has been documented.

 * "git merge" learns the "--autostash" option.

 * "sparse-checkout" UI improvements.

 * "git update-ref --stdin" learned a handful of new verbs to let the
   user control ref update transactions more explicitly, which helps
   as an ingredient to implement two-phase commit-style atomic
   ref-updates across multiple repositories.

 * "git commit-graph write" learned different ways to write out split
   files.

 * Introduce an extension to the commit-graph to make it efficient to
   check for the paths that were modified at each commit using Bloom
   filters.

 * The approxidate parser learns to parse seconds with fraction and
   ignore fractional part.

 * The userdiff patterns for Markdown documents have been added.

 * The sparse-checkout patterns have been forbidden from excluding all
   paths, leaving an empty working tree, for a long time.  This
   limitation has been lifted.

 * "git restore --staged --worktree" now defaults to take the contents
   out of "HEAD", instead of erring out.

 * "git p4" learned to recover from a (broken) state where a directory
   and a file are recorded at the same path in the Perforce repository
   the same way as their clients do.

 * "git multi-pack-index repack" has been taught to honor some
   repack.* configuration variables.

Performance, Internal Implementation, Development Support etc.

 * The advise API has been revamped to allow more systematic enumeration of
   advice knobs in the future.

 * SHA-256 transition continues.

 * The code to interface with GnuPG has been refactored.

 * "git stash" has kept an escape hatch to use the scripted version
   for a few releases, which got stale.  It has been removed.

 * Enable tests that require GnuPG on Windows.

 * Minor test usability improvement.

 * Trace2 enhancement to allow logging of the environment variables.

 * Test clean-up continues.

 * Perf-test update.

 * A Windows-specific test element has been made more robust against
   misuse from both user's environment and programmer's errors.

 * Various tests have been updated to work around issues found with
   shell utilities that come with busybox etc.

 * The config API made mixed uses of int and size_t types to represent
   length of various pieces of text it parsed, which has been updated
   to use the correct type (i.e. size_t) throughout.

 * The "--decorate-refs" and "--decorate-refs-exclude" \ 
options "git
   log" takes have learned a companion configuration variable
   log.excludeDecoration that sits at the lowest priority in the
   family.

 * A new CI job to build and run test suite on linux with musl libc
   has been added.

 * Update the CI configuration to use GitHub Actions, retiring the one
   based on Azure Pipelines.

 * The directory traversal code had redundant recursive calls which
   made its performance characteristics exponential with respect to
   the depth of the tree, which was corrected.

 * "git blame" learns to take advantage of the \ 
"changed-paths" Bloom
   filter stored in the commit-graph file.

 * The "bugreport" tool has been added.

 * The object walk with object filter "--filter=tree:0" can now take
   advantage of the pack bitmap when available.

 * Instead of always building all branches at GitHub via Actions,
   users can specify which branches to build.

 * Codepaths that show progress meter have been taught to also use the
   start_progress() and the stop_progress() calls as a "region" to be
   traced.

 * Instead of downloading Windows SDK for CI jobs for windows builds
   from an external site (wingit.blob.core.windows.net), use the one
   created in the windows-build job, to work around quota issues at
   the external site.
   2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624)
Log message:
revbump after updating security/nettle
   2020-05-12 21:04:53 by Roland Illig | Files touched by this commit (1)
Log message:
devel/git-base: git-sh-setup.sh doesn't contain "cd -P" anymore
   2020-05-06 16:05:09 by Adam Ciarcinski | Files touched by this commit (591) | Package updated
Log message:
revbump after boost update
   2020-04-20 22:03:32 by Leonardo Taccari | Files touched by this commit (2) | Package updated
Log message:
git: Update to 2.26.2

Changes:
2.26.2
------
This release is to address the security issue: CVE-2020-11008

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.
   2020-04-14 20:27:31 by Leonardo Taccari | Files touched by this commit (2) | Package updated
Log message:
git: Update to 2.26.1

Changes:
2.26.1
------
This release is to address the security issue: CVE-2020-5260

 * With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for
   a wrong host.  The attack has been made impossible by forbidding
   a newline character in any value passed via the credential
   protocol.

Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.