./devel/git-base, GIT Tree History Storage Tool (base package)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.27.0, Package name: git-base-2.27.0, Maintainer: pkgsrc-users

Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.

Git is easy to learn and has a tiny footprint with lightning fast
performance. It outclasses SCM tools like Subversion, CVS, Perforce,
and ClearCase with features like cheap local branching, convenient
staging areas, and multiple workflows.

This package contains only the git program (and subcommands). It does
not contain man pages or the tk-based repository browser.


Required to run:
[www/curl] [lang/perl5] [security/openssl] [security/p5-Authen-SASL] [mail/p5-Email-Valid] [mail/p5-MailTools] [devel/p5-Error] [mail/p5-Net-SMTP-SSL] [devel/pcre2]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 996c0be58e901deb4ef9d0145e7bf98cdf6a0fb3
RMD160: 3c8a83b565afefea9e5bf401e69d6b60acd18dcb
Filesize: 5932.262 KB

Version history: (Expand)


CVS history: (Expand)


   2020-06-03 16:06:48 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
git: updated to 2.27.0

Git 2.27 Release Notes
======================

Updates since v2.26
-------------------

Backward compatibility notes

 * When "git describe C" finds that commit C is pointed by a signed or
   annotated tag, which records T as its tagname in the object, the
   command gives T as its answer.  Even if the user renames or moves
   such a tag from its natural location in the "refs/tags/" hierarchy,
   "git describe C" would still give T as the answer, but in such a
   case "git show T^0" would no longer work as expected.  There may be
   nothing at "refs/tags/T" or even worse there may be a different tag
   instead.

   Starting from this version, "git describe" will always use the
   "long" version, as if the "--long" option were given, \ 
when giving
   its output based on such a misplaced tag to work around the problem.

 * "git pull" issues a warning message until the pull.rebase
   configuration variable is explicitly given, which some existing
   users may find annoying---those who prefer not to rebase need to
   set the variable to false to squelch the warning.

 * The transport protocol version 2, which was promoted to the default
   in Git 2.26 release, turned out to have some remaining rough edges,
   so it has been demoted from the default.

UI, Workflows & Features

 * A handful of options to configure SSL when talking to proxies have
   been added.

 * Smudge/clean conversion filters are now given more information
   (e.g. the object of the tree-ish in which the blob being converted
   appears, in addition to its path, which has already been given).

 * When "git describe C" finds an annotated tag with tagname A to be
   the best name to explain commit C, and the tag is stored in a
   "wrong" place in the refs/tags hierarchy, e.g. refs/tags/B, the
   command gave a warning message but used A (not B) to describe C.
   If C is exactly at the tag, the describe output would be "A", but
   "git rev-parse A^0" would not be equal as "git rev-parse \ 
C^0".  The
   behavior of the command has been changed to use the "long" form
   i.e. A-0-gOBJECTNAME, which is correctly interpreted by rev-parse.

 * "git pull" learned to warn when no pull.rebase configuration
   exists, and neither --[no-]rebase nor --ff-only is given (which
   would result a merge).

 * "git p4" learned four new hooks and also "--no-verify" \ 
option to
   bypass them (and the existing "p4-pre-submit" hook).

 * "git pull" shares many options with underlying "git \ 
fetch", but
   some of them were not documented and some of those that would make
   sense to pass down were not passed down.

 * "git rebase" learned the "--no-gpg-sign" option to countermand
   commit.gpgSign the user may have.

 * The output from "git format-patch" uses RFC 2047 encoding for
   non-ASCII letters on From: and Subject: headers, so that it can
   directly be fed to e-mail programs.  A new option has been added
   to produce these headers in raw.

 * "git log" learned "--show-pulls" that helps pathspec limited
   history views; a merge commit that takes the whole change from a
   side branch, which is normally omitted from the output, is shown
   in addition to the commits that introduce real changes.

 * The interactive input from various codepaths are consolidated and
   any prompt possibly issued earlier are fflush()ed before we read.

 * Allow "git rebase" to reapply all local commits, even if the may be
   already in the upstream, without checking first.

 * The 'pack.useSparse' configuration variable now defaults to 'true',
   enabling an optimization that has been experimental since Git 2.21.

 * "git rebase" happens to call some hooks meant for \ 
"checkout" and
   "commit" by this was not a designed behaviour than historical
   accident.  This has been documented.

 * "git merge" learns the "--autostash" option.

 * "sparse-checkout" UI improvements.

 * "git update-ref --stdin" learned a handful of new verbs to let the
   user control ref update transactions more explicitly, which helps
   as an ingredient to implement two-phase commit-style atomic
   ref-updates across multiple repositories.

 * "git commit-graph write" learned different ways to write out split
   files.

 * Introduce an extension to the commit-graph to make it efficient to
   check for the paths that were modified at each commit using Bloom
   filters.

 * The approxidate parser learns to parse seconds with fraction and
   ignore fractional part.

 * The userdiff patterns for Markdown documents have been added.

 * The sparse-checkout patterns have been forbidden from excluding all
   paths, leaving an empty working tree, for a long time.  This
   limitation has been lifted.

 * "git restore --staged --worktree" now defaults to take the contents
   out of "HEAD", instead of erring out.

 * "git p4" learned to recover from a (broken) state where a directory
   and a file are recorded at the same path in the Perforce repository
   the same way as their clients do.

 * "git multi-pack-index repack" has been taught to honor some
   repack.* configuration variables.

Performance, Internal Implementation, Development Support etc.

 * The advise API has been revamped to allow more systematic enumeration of
   advice knobs in the future.

 * SHA-256 transition continues.

 * The code to interface with GnuPG has been refactored.

 * "git stash" has kept an escape hatch to use the scripted version
   for a few releases, which got stale.  It has been removed.

 * Enable tests that require GnuPG on Windows.

 * Minor test usability improvement.

 * Trace2 enhancement to allow logging of the environment variables.

 * Test clean-up continues.

 * Perf-test update.

 * A Windows-specific test element has been made more robust against
   misuse from both user's environment and programmer's errors.

 * Various tests have been updated to work around issues found with
   shell utilities that come with busybox etc.

 * The config API made mixed uses of int and size_t types to represent
   length of various pieces of text it parsed, which has been updated
   to use the correct type (i.e. size_t) throughout.

 * The "--decorate-refs" and "--decorate-refs-exclude" \ 
options "git
   log" takes have learned a companion configuration variable
   log.excludeDecoration that sits at the lowest priority in the
   family.

 * A new CI job to build and run test suite on linux with musl libc
   has been added.

 * Update the CI configuration to use GitHub Actions, retiring the one
   based on Azure Pipelines.

 * The directory traversal code had redundant recursive calls which
   made its performance characteristics exponential with respect to
   the depth of the tree, which was corrected.

 * "git blame" learns to take advantage of the \ 
"changed-paths" Bloom
   filter stored in the commit-graph file.

 * The "bugreport" tool has been added.

 * The object walk with object filter "--filter=tree:0" can now take
   advantage of the pack bitmap when available.

 * Instead of always building all branches at GitHub via Actions,
   users can specify which branches to build.

 * Codepaths that show progress meter have been taught to also use the
   start_progress() and the stop_progress() calls as a "region" to be
   traced.

 * Instead of downloading Windows SDK for CI jobs for windows builds
   from an external site (wingit.blob.core.windows.net), use the one
   created in the windows-build job, to work around quota issues at
   the external site.
   2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624)
Log message:
revbump after updating security/nettle
   2020-05-12 21:04:53 by Roland Illig | Files touched by this commit (1)
Log message:
devel/git-base: git-sh-setup.sh doesn't contain "cd -P" anymore
   2020-05-06 16:05:09 by Adam Ciarcinski | Files touched by this commit (591) | Package updated
Log message:
revbump after boost update
   2020-04-20 22:03:32 by Leonardo Taccari | Files touched by this commit (2) | Package updated
Log message:
git: Update to 2.26.2

Changes:
2.26.2
------
This release is to address the security issue: CVE-2020-11008

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.
   2020-04-14 20:27:31 by Leonardo Taccari | Files touched by this commit (2) | Package updated
Log message:
git: Update to 2.26.1

Changes:
2.26.1
------
This release is to address the security issue: CVE-2020-5260

 * With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for
   a wrong host.  The attack has been made impossible by forbidding
   a newline character in any value passed via the credential
   protocol.

Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.
   2020-04-02 09:46:42 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
git: updated to 2.26.0

Git 2.26 Release Notes
======================

Updates since v2.25
-------------------

Backward compatibility notes

 * "git rebase" uses a different backend that is based on the 'merge'
   machinery by default.  There are a few known differences in the
   behaviour from the traditional machinery based on patch+apply.

   If your workflow is negatively affected by this change, please
   report it to git@vger.kernel.org so that we can take a look into
   it.  After doing so, you can set the 'rebase.backend' configuration
   variable to 'apply', in order to use the old default behaviour in
   the meantime.

UI, Workflows & Features

 * Sample credential helper for using .netrc has been updated to work
   out of the box.

 * gpg.minTrustLevel configuration variable has been introduced to
   tell various signature verification codepaths the required minimum
   trust level.

 * The command line completion (in contrib/) learned to complete
   subcommands and arguments to "git worktree".

 * Disambiguation logic to tell revisions and pathspec apart has been
   tweaked so that backslash-escaped glob special characters do not
   count in the "wildcards are pathspec" rule.

 * One effect of specifying where the GIT_DIR is (either with the
   environment variable, or with the "git --git-dir=<where> cmd"
   option) is to disable the repository discovery.  This has been
   placed a bit more stress in the documentation, as new users often
   get confused.

 * Two help messages given when "git add" notices the user gave it
   nothing to add have been updated to use advise() API.

 * A new version of fsmonitor-watchman hook has been introduced, to
   avoid races.

 * "git config" learned to show in which "scope", in \ 
addition to in
   which file, each config setting comes from.

 * The basic 7 colors learned the brighter counterparts
   (e.g. "brightred").

 * "git sparse-checkout" learned a new "add" subcommand.

 * A configuration element used for credential subsystem can now use
   wildcard pattern to specify for which set of URLs the entry
   applies.

 * "git clone --recurse-submodules --single-branch" now uses the same
   single-branch option when cloning the submodules.

 * "git rm" and "git stash" learns the new \ 
"--pathspec-from-file"
   option.

 * "git am --show-current-patch" is a way to show the piece of e-mail
   for the stopped step, which is not suitable to directly feed "git
   apply" (it is designed to be a good "git am" input).  It learned a
   new option to show only the patch part.

 * Handling of conflicting renames in merge-recursive have further
   been made consistent with how existing codepaths try to mimic what
   is done to add/add conflicts.

Performance, Internal Implementation, Development Support etc.

 * Tell .editorconfig that in this project, *.txt files are indented
   with tabs.

 * The test-lint machinery knew to check "VAR=VAL shell_function"
   construct, but did not check "VAR= shell_function", which has been
   corrected.

 * Replace "git config --bool" calls with "git config \ 
--type=bool" in
   sample templates.

 * The effort to move "git-add--interactive" to C continues.

 * Improve error message generation for "git submodule add".

 * Preparation of test scripts for the day when the object names will
   use SHA-256 continues.

 * Warn programmers about pretend_object_file() that allows the code
   to tentatively use in-core objects.

 * The way "git pack-objects" reuses objects stored in existing pack
   to generate its result has been improved.

 * The transport protocol version 2 becomes the default one.

 * Traditionally, we avoided threaded grep while searching in objects
   (as opposed to files in the working tree) as accesses to the object
   layer is not thread-safe.  This limitation is getting lifted.

 * "git rebase -i" (and friends) used to unnecessarily check out the
   tip of the branch to be rebased, which has been corrected.

 * A low-level API function get_oid(), that accepts various ways to
   name an object, used to issue end-user facing error messages
   without l10n, which has been updated to be translatable.

 * Unneeded connectivity check is now disabled in a partial clone when
   fetching into it.

 * Some rough edges in the sparse-checkout feature, especially around
   the cone mode, have been cleaned up.

 * The diff-* plumbing family of subcommands now pay attention to the
   diff.wsErrorHighlight configuration, which has been ignored before;
   this allows "git add -p" to also show the whitespace problems to
   the end user.

 * Some codepaths were given a repository instance as a parameter to
   work in the repository, but passed the_repository instance to its
   callees, which has been cleaned up (somewhat).

 * Memory footprint and performance of "git name-rev" has been
   improved.

 * The object reachability bitmap machinery and the partial cloning
   machinery were not prepared to work well together, because some
   object-filtering criteria that partial clones use inherently rely
   on object traversal, but the bitmap machinery is an optimization
   to bypass that object traversal.  There however are some cases
   where they can work together, and they were taught about them.

 * "git rebase" has learned to use the merge backend (i.e. the
   machinery that drives "rebase -i") by default, while allowing
   "--apply" option to use the "apply" backend (e.g. the moral
   equivalent of "format-patch piped to am").  The rebase.backend
   configuration variable can be set to customize.

 * Underlying machinery of "git bisect--helper" is being refactored
   into pieces that are more easily reused.

Fixes since v2.25
-----------------

 * "git commit" gives output similar to "git status" when \ 
there is
   nothing to commit, but without honoring the advise.statusHints
   configuration variable, which has been corrected.

 * has_object_file() said "no" given an object registered to the
   system via pretend_object_file(), making it inconsistent with
   read_object_file(), causing lazy fetch to attempt fetching an
   empty tree from promisor remotes.

 * Complete an update to tutorial that encourages "git switch" over
   "git checkout" that was done only half-way.

 * C pedantry ;-) fix.

 * The code that tries to skip over the entries for the paths in a
   single directory using the cache-tree was not careful enough
   against corrupt index file.

 * Reduce unnecessary round-trip when running "ls-remote" over the
   stateless RPC mechanism.

 * "git restore --staged" did not correctly update the cache-tree
   structure, resulting in bogus trees to be written afterwards, which
   has been corrected.

 * The code recently added to move to the entry beyond the ones in the
   same directory in the index in the sparse-cone mode did not count
   the number of entries to skip over incorrectly, which has been
   corrected.

 * Rendering by "git log --graph" of ancestry lines leading to a merge
   commit were made suboptimal to waste vertical space a bit with a
   recent update, which has been corrected.

 * Work around test breakages caused by custom regex engine used in
   libasan, when address sanitizer is used with more recent versions
   of gcc and clang.

 * Minor bugfixes to "git add -i" that has recently been rewritten in C.

 * "git fetch --refmap=" option has got a better documentation.

 * "git checkout X" did not correctly fail when X is not a local
   branch but could name more than one remote-tracking branches
   (i.e. to be dwimmed as the starting point to create a corresponding
   local branch), which has been corrected.
   (merge fa74180d08 am/checkout-file-and-ref-ref-ambiguity later to maint).

 * Corner case bugs in "git clean" that stems from a (necessarily for
   performance reasons) awkward calling convention in the directory
   enumeration API has been corrected.

 * A fetch that is told to recursively fetch updates in submodules
   inevitably produces reams of output, and it becomes hard to spot
   error messages.  The command has been taught to enumerate
   submodules that had errors at the end of the operation.
   (merge 0222540827 es/fetch-show-failed-submodules-atend later to maint).

 * The "--recurse-submodules" option of various subcommands did not
   work well when run in an alternate worktree, which has been
   corrected.

 * Futureproofing a test not to depend on the current implementation
   detail.

 * Running "git rm" on a submodule failed unnecessarily when
   .gitmodules is only cache-dirty, which has been corrected.

 * C pedantry ;-) fix.

 * "git grep --no-index" should not get affected by the contents of
   the .gitmodules file but when "--recurse-submodules" is given or
   the "submodule.recurse" variable is set, it did.  Now these
   settings are ignored in the "--no-index" mode.

 * Technical details of the bundle format has been documented.

 * Unhelpful warning messages during documentation build have been squelched.

 * "git rebase -i" identifies existing commits in its todo file with
   their abbreviated object name, which could become ambiguous as it
   goes to create new commits, and has a mechanism to avoid ambiguity
   in the main part of its execution.  A few other cases however were
   not covered by the protection against ambiguity, which has been
   corrected.

 * Allow the rebase.missingCommitsCheck configuration to kick in when
   "rebase --edit-todo" and "rebase --continue" restarts the \ 
procedure.
   (merge 5a5445d878 ag/edit-todo-drop-check later to maint).

 * The way "git submodule status" reports an initialized but not yet
   populated submodule has not been reimplemented correctly when a
   part of the "git submodule" command was rewritten in C, which has
   been corrected.
   (merge f38c92452d pk/status-of-uncloned-submodule later to maint).

 * The code to automatically shrink the fan-out in the notes tree had
   an off-by-one bug, which has been killed.

 * The index-pack code now diagnoses a bad input packstream that
   records the same object twice when it is used as delta base; the
   code used to declare a software bug when encountering such an
   input, but it is an input error.

 * The code to compute the commit-graph has been taught to use a more
   robust way to tell if two object directories refer to the same
   thing.
   (merge a7df60cac8 tb/commit-graph-object-dir later to maint).

 * "git remote rename X Y" needs to adjust configuration variables
   (e.g. branch.<name>.remote) whose value used to be X to Y.
   branch.<name>.pushRemote is now also updated.

 * Update to doc-diff.

 * Doc markup fix.

 * "git check-ignore" did not work when the given path is explicitly
   marked as not ignored with a negative entry in the .gitignore file.

 * The merge-recursive machinery failed to refresh the cache entry for
   a merge result in a couple of places, resulting in an unnecessary
   merge failure, which has been fixed.

 * Fix for a bug revealed by a recent change to make the protocol v2
   the default.

 * In rare cases "git worktree add <path>" could think that \ 
<path>
   was already a registered worktree even when it wasn't and refuse
   to add the new worktree. This has been corrected.
   (merge bb69b3b009 es/worktree-avoid-duplication-fix later to maint).

 * "git push" should stop from updating a branch that is checked out
   when receive.denyCurrentBranch configuration is set, but it failed
   to pay attention to checkouts in secondary worktrees.  This has
   been corrected.
   (merge 4d864895a2 hv/receive-denycurrent-everywhere later to maint).

 * "git rebase BASE BRANCH" rebased/updated the tip of BRANCH and
   checked it out, even when the BRANCH is checked out in a different
   worktree.  This has been corrected.
   (merge b5cabb4a96 es/do-not-let-rebase-switch-to-protected-branch later to maint).

 * "git describe" in a repository with multiple root commits sometimes
   gave up looking for the best tag to describe a given commit with
   too early, which has been adjusted.

 * "git merge signed-tag" while lacking the public key started to say
   "No signature", which was utterly wrong.  This regression has been
   reverted.

 * MinGW's poll() emulation has been improved.

 * "git show" and others gave an object name in raw format in its
   error output, which has been corrected to give it in hex.

 * "git fetch" over HTTP walker protocol did not show any progress
   output.  We inherently do not know how much work remains, but still
   we can show something not to bore users.
   (merge 7655b4119d rs/show-progress-in-dumb-http-fetch later to maint).

 * Both "git ls-remote -h" and "git grep -h" give short \ 
usage help,
   like any other Git subcommand, but it is not unreasonable to expect
   that the former would behave the same as "git ls-remote --head"
   (there is no other sensible behaviour for the latter).  The
   documentation has been updated in an attempt to clarify this.
   2020-03-19 23:30:30 by Roland Illig | Files touched by this commit (2)
Log message:
devel/git-base: fix typo in patch