Navigation:
Browse pkgsrc
(this page)| 2023-01-18 16:44:25 by Juraj Lutter | Files touched by this commit (2) |
Log message:
Git 2.39.1 release notes
========================
This maintenance releass is to address the security issues
identified as CVE-2022-41903 and CVE-2022-23521.
* CVE-2022-41903:
git log has the ability to display commits using an arbitrary
format with its --format specifiers. This functionality is also
exposed to git archive via the export-subst gitattribute.
When processing the padding operators (e.g., %<(, %<|(, %>(,
%>>(, or %><( ), an integer overflow can occur in
pretty.c::format_and_pad_commit() where a size_t is improperly
stored as an int, and then added as an offset to a subsequent
memcpy() call.
This overflow can be triggered directly by a user running a
command which invokes the commit formatting machinery (e.g., git
log --format=...). It may also be triggered indirectly through
git archive via the export-subst mechanism, which expands format
specifiers inside of files within the repository during a git
archive.
This integer overflow can result in arbitrary heap writes, which
may result in remote code execution.
* CVE-2022-23521:
gitattributes are a mechanism to allow defining attributes for
paths. These attributes can be defined by adding a `.gitattributes`
file to the repository, which contains a set of file patterns and
the attributes that should be set for paths matching this pattern.
When parsing gitattributes, multiple integer overflows can occur
when there is a huge number of path patterns, a huge number of
attributes for a single pattern, or when the declared attribute
names are huge.
These overflows can be triggered via a crafted `.gitattributes` file
that may be part of the commit history. Git silently splits lines
longer than 2KB when parsing gitattributes from a file, but not when
parsing them from the index. Consequentially, the failure mode
depends on whether the file exists in the working tree, the index or
both.
This integer overflow can result in arbitrary heap reads and writes,
which may result in remote code execution.
Full release notes can be found at:
https://github.com/git/git/blob/master/Documentation/RelNotes/2.39.1.txt
https://github.com/git/git/blob/master/Documentation/RelNotes/2.30.7.txt
|
2022-12-19 11:04:34 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message:
git: updated to 2.39.0
Git v2.39 Release Notes
=======================
UI, Workflows & Features
------------------------
* "git grep" learned to expand the sparse-index more lazily and on
demand in a sparse checkout.
* By default, use of fsmonitor on a repository on networked
filesystem is disabled. Add knobs to make it workable on macOS.
* After checking out a "branch" that is a symbolic-ref that points at
another branch, "git symbolic-ref HEAD" reports the underlying
branch, not the symbolic-ref the user gave checkout as argument.
The command learned the "--no-recurse" option to stop after
dereferencing a symbolic-ref only once.
* "git branch --edit-description @{-1}" is now a way to edit branch
description of the branch you were on before switching to the
current branch.
* "git merge-tree --stdin" is a new way to request a series of merges
and report the merge results.
* "git shortlog" learned to group by the "format" string.
* A new "--include-whitespace" option is added to "git \
patch-id", and
existing bugs in the internal patch-id logic that did not match
what "git patch-id" produces have been corrected.
* Enable gc.cruftpacks by default for those who opt into
feature.experimental setting.
* "git repack" learns to send cruft objects out of the way into
packfiles outside the repository.
* 'scalar reconfigure -a' is taught to automatically remove
scalar.repo entires which no longer exist.
* Redact headers from cURL's h2h3 module in GIT_CURL_VERBOSE and
others.
* 'git maintenance register' is taught to write configuration to an
arbitrary path, and 'git for-each-repo' is taught to expand tilde
characters in paths.
* When creating new notes, the template used to get a stray empty
newline, which has been removed.
* "git receive-pack" used to use all the local refs as the boundary for
checking connectivity of the data "git push" sent, but now it uses
only the refs that it advertised to the pusher. In a repository with
the .hideRefs configuration, this reduces the resources needed to
perform the check.
* With '--recurse-submodules=on-demand', all submodules are
recursively pushed.
Performance, Internal Implementation, Development Support etc.
--------------------------------------------------------------
* With a bit of header twiddling, use the native regexp library on
macOS instead of the compat/ one.
* Prepare for GNU [ef]grep that throw warning of their uses.
* Sources related to fuzz testing have been moved down to their own
directory.
* Most credential helpers ignored unknown entries in a credential
description, but a few died upon seeing them. The latter were
taught to ignore them, too
* "scalar unregister" in a repository that is already been
unregistered reported an error.
* Remove error detection from a function that fetches from promisor
remotes, and make it die when such a fetch fails to bring all the
requested objects, to give an early failure to various operations.
* Update CodingGuidelines to clarify what features to use and avoid
in C99.
* Avoid false-positive from LSan whose assumption may be broken with
higher optimization levels.
* Enable address and undefined sanitizer tasks at GitHub Actions CI.
* More UNUSED annotation to help using -Wunused option with the
compiler.
(merge 4b992f0a24 jk/unused-anno-more later to maint).
* Rewrite a deep recursion in the skipping negotiator to use a loop
with on-heap prio queue to avoid stack wastage.
* Add documentation for message IDs in fsck error messages.
* Define the logical elements of a "bundle list", data structure to
store them in-core, format to transfer them, and code to parse
them.
* The role the security mailing list plays in an embargoed release
has been documented.
* Two new facilities, "timer" and "counter", are introduced \
to the
trace2 API.
* Code simplification by using strvec_pushf() instead of building an
argument in a separate strbuf.
* Make sure generated dependency file is stably sorted to help
developers debugging their build issues.
* The glossary entries for "commit-graph file" and "reachability
bitmap" have been added.
* Various tests exercising the transfer.credentialsInUrl
configuration are taught to avoid making requests which require
resolving localhost to reduce CI-flakiness.
* A redundant diagnostic message is dropped from test_path_is_missing().
* Simplify the run-command API.
* Update the actions/github-script dependency in CI to avoid a
deprecation warning.
* Progress on being able to initialize a rev_info struct with a
macro.
* Add trace2 counters to the region to clear skip worktree bits in a
sparse checkout.
* Modernize test script to avoid "test -f" and friends.
* Avoid calling 'cache_tree_update()' when doing so would be
redundant.
* Update the credential-cache documentation to provide a more
realistic example.
* Makefile comments updates and reordering to clarify knobs used to
choose SHA implementations.
* A design document for sparse-checkout's future directions has been
added.
* Teach chainlint.pl to annotate the original test definition instead
of the token stream.
* "make coccicheck" is time consuming. It has been made to run more
incrementally.
* `parse_object()` has been hardened to check for the existence of a
suspected blob object.
* The build procedure has been adjusted to GNUmake version 4.4, which
made some changes to how pattern rule with multiple targets are
handled.
Fixes since v2.38
-----------------
* The codepath that reads from the index v4 had unaligned memory
accesses, which has been corrected.
* Fix messages incorrectly marked for translation.
* "git fsck" failed to release contents of tree objects already used
from the memory, which has been fixed.
* "git clone" did not like to see the "--bare" and the \
"--origin"
options used together without a good reason.
* "git remote rename" failed to rename a remote without fetch
refspec, which has been corrected.
* Documentation on various Boolean GIT_* environment variables have
been clarified.
* "git rebase -i" can mistakenly attempt to apply a fixup to a commit
itself, which has been corrected.
* "git multi-pack-index repack/expire" used to repack unreachable
cruft into a new pack, which have been corrected.
* In read-only repositories, "git merge-tree" tried to come up with a
merge result tree object, which it failed (which is not wrong) and
led to a segfault (which is bad), which has been corrected.
* Force C locale while running tests around httpd to make sure we can
find expected error messages in the log.
* Fix a logic in "mailinfo -b" that miscomputed the length of a
substring, which lead to an out-of-bounds access.
* The codepath to sign learned to report errors when it fails to read
from "ssh-keygen".
* Code clean-up that results in plugging a leak.
* "GIT_EDITOR=: git branch --edit-description" resulted in failure,
which has been corrected.
* The code to clean temporary object directories (used for
quarantine) tried to remove them inside its signal handler, which
was a no-no.
* Update comment in the Makefile about the RUNTIME_PREFIX config knob.
* Clarify that "the sentence after <area>: prefix does not begin with
a capital letter" rule applies only to the commit title.
* "git branch --edit-description" on an unborn branch misleadingly
said that no such branch exists, which has been corrected.
* Work around older clang that warns against C99 zero initialization
syntax for struct.
* Giving "--invert-grep" and "--all-match" without \
"--grep" to the
"git log" command resulted in an attempt to access grep pattern
expression structure that has not been allocated, which has been
corrected.
(merge db84376f98 ab/grep-simplify-extended-expression later to maint).
* "git diff rev^!" did not show combined diff to go to the rev from
its parents.
(merge a79c6b6081 rs/diff-caret-bang-with-parents later to maint).
* Allow configuration files in "protected" scopes to include other
configuration files.
(merge ecec57b3c9 gc/bare-repo-discovery later to maint).
* Give a bit more diversity to macOS CI by using sha1dc in one of the
jobs (the other one tests Apple Common Crypto).
(merge 1ad5c3df35 jc/ci-osx-with-sha1dc later to maint).
* A bugfix with tracing support in midx codepath
(merge e9c3839944 tb/midx-bitmap-selection-fix later to maint).
* When geometric repacking feature is in use together with the
--pack-kept-objects option, we lost packs marked with .keep files.
(merge 197443e80a tb/save-keep-pack-during-geometric-repack later to maint).
* Move a global variable added as a hack during regression fixes to
its proper place in the API.
(merge 0b0ab95f17 ab/run-hook-api-cleanup later to maint).
* Update to build procedure with VS using CMake/CTest.
(merge c858750b41 js/cmake-updates later to maint).
* The short-help text shown by "git cmd -h" and the synopsis text
shown at the beginning of "git help cmd" have been made more
consistent.
* When creating a multi-pack bitmap, remove per-pack bitmap files
unconditionally as they will never be consulted.
(merge 55d902cd61 tb/remove-unused-pack-bitmap later to maint).
* Fix a longstanding syntax error in Git.pm error codepath.
* "git diff --stat" etc. were invented back when everything was ASCII
and strlen() was a way to measure the display width of a string;
adjust them to compute the display width assuming UTF-8 pathnames.
(merge ce8529b2bb tb/diffstat-with-utf8-strwidth later to maint).
* "git branch --edit-description" can exit with status -1 which is
not a good practice; it learned to use 1 as everybody else instead.
* "git apply" limits its input to a bit less than 1 GiB.
* Merging a branch with directory renames into a branch that changes
the directory to a symlink was mishandled by the ort merge
strategy, which has been corrected.
* A bugfix to "git subtree" in its split and merge features.
* Fix some bugs in the reflog messages when rebasing and changes the
reflog messages of "rebase --apply" to match "rebase \
--merge" with
the aim of making the reflog easier to parse.
* "git rebase --keep-base" used to discard the commits that are
already cherry-picked to the upstream, even when "keep-base" meant
that the base, on top of which the history is being rebuilt, does
not yet include these cherry-picked commits. The --keep-base
option now implies --reapply-cherry-picks and --no-fork-point
options.
* The way "git repack" created temporary files when it received a
signal was prone to deadlocking, which has been corrected.
* Various tests exercising the transfer.credentialsInUrl
configuration are taught to avoid making requests which require
resolving localhost to reduce CI-flakiness.
* The adjust_shared_perm() helper function learned to refrain from
setting the "g+s" bit on directories when it is not necessary.
* "git archive" mistakenly complained twice about a missing
executable, which has been corrected.
* Fix a bug where `git branch -d` did not work on an orphaned HEAD.
* `git rebase --update-refs` would delete references when all
`update-ref` commands in the sequencer were removed, which has been
corrected.
* Fix a regression in the bisect-helper which mistakenly treats
arguments to the command given to 'git bisect run' as arguments to
the helper.
* Correct an error where `git rebase` would mistakenly use a branch or
tag named "refs/rewritten/xyz" when missing a rebase label.
* Assorted fixes of parsing end-user input as integers.
(merge 14770cf0de pw/config-int-parse-fixes later to maint).
* "git prune" may try to iterate over .git/objects/pack for trash
files to remove in it, and loudly fail when the directory is
missing, which is not necessary. The command has been taught to
ignore such a failure.
(merge 6974765352 ew/prune-with-missing-objects-pack later to maint).
* Add one more candidate directory that may house httpd modules while
running tests.
(merge 1c7dc23d41 es/locate-httpd-module-location-in-test later to maint).
* A handful of leaks in the line-log machinery have been plugged.
* The format of a line in /proc/cpuinfo that describes a CPU on s390x
looked different from everybody else, and the code in chainlint.pl
failed to parse it.
(merge 1f51b77f4f ah/chainlint-cpuinfo-parse-fix later to maint).
* Adjust the GitHub CI to newer ubuntu release.
(merge 0d3507f3e7 jx/ci-ubuntu-fix later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge 413bc6d20a ds/cmd-main-reorder later to maint).
(merge 8d2863e4ed nw/t1002-cleanup later to maint).
(merge 7c2dc122f9 rs/list-objects-filter-leakfix later to maint).
(merge 288fcb1c94 zk/push-use-bitmaps later to maint).
(merge 42db324c0f km/merge-recursive-typofix later to maint).
|
| 2022-12-12 23:03:23 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: git: updated to 2.38.2 Git 2.38.2 Release Notes ======================== This is to backport various fixes accumulated during the development towards Git 2.39, the next feature release. Fixes since v2.38.1 ------------------- * Update CodingGuidelines to clarify what features to use and avoid in C99. * The codepath that reads from the index v4 had unaligned memory accesses, which has been corrected. * "git remote rename" failed to rename a remote without fetch refspec, which has been corrected. * "git clone" did not like to see the "--bare" and the \ "--origin" options used together without a good reason. * Fix messages incorrectly marked for translation. * "git fsck" failed to release contents of tree objects already used from the memory, which has been fixed. * "git rebase -i" can mistakenly attempt to apply a fixup to a commit itself, which has been corrected. * In read-only repositories, "git merge-tree" tried to come up with a merge result tree object, which it failed (which is not wrong) and led to a segfault (which is bad), which has been corrected. * Force C locale while running tests around httpd to make sure we can find expected error messages in the log. * Fix a logic in "mailinfo -b" that miscomputed the length of a substring, which lead to an out-of-bounds access. * The codepath to sign learned to report errors when it fails to read from "ssh-keygen". * "GIT_EDITOR=: git branch --edit-description" resulted in failure, which has been corrected. * Documentation on various Boolean GIT_* environment variables have been clarified. * "git multi-pack-index repack/expire" used to repack unreachable cruft into a new pack, which have been corrected. * The code to clean temporary object directories (used for quarantine) tried to remove them inside its signal handler, which was a no-no. * "git branch --edit-description" on an unborh branch misleadingly said that no such branch exists, which has been corrected. * GitHub CI settings have been adjusted to recent reality, merging and cherry-picking necessary topics that have been prepared for Git 2.39. * `git rebase --update-refs` would delete references when all `update-ref` commands in the sequencer were removed, which has been corrected. Also contains various documentation updates and code clean-ups. |
| 2022-10-19 09:54:52 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: git: updated to 2.38.1 Git v2.38.1 Release Notes ========================= This release merges the security fix that appears in v2.30.6; see the release notes for that version for details. |
| 2022-10-07 12:10:05 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message:
git: updated to 2.38.0
Git v2.38 Release Notes
=======================
UI, Workflows & Features
* "git remote show [-n] frotz" now pays attention to negative
pathspec.
* "git push" sometimes performs poorly when reachability bitmaps are
used, even in a repository where other operations are helped by
bitmaps. The push.useBitmaps configuration variable is introduced
to allow disabling use of reachability bitmaps only for "git push".
* "git grep -m<max-hits>" is a way to limit the hits shown per file.
* "git merge-tree" learned a new mode where it takes two commits and
computes a tree that would result in the merge commit, if the
histories leading to these two commits were to be merged.
* "git mv A B" in a sparsely populated working tree can be asked to
move a path between directories that are "in cone" (i.e. expected
to be materialized in the working tree) and "out of cone"
(i.e. expected to be hidden). The handling of such cases has been
improved.
* Earlier, HTTP transport clients learned to tell the server side
what locale they are in by sending Accept-Language HTTP header, but
this was done only for some requests but not others.
* Introduce a safe.barerepository configuration variable that
allows users to forbid discovery of bare repositories.
* Various messages that come from the pack-bitmap codepaths have been
tweaked.
* "git rebase -i" learns to update branches whose tip appear in the
rebased range with "--update-refs" option.
* "git ls-files" learns the "--format" option to tweak its \
output.
* "git cat-file" learned an option to use the mailmap when showing
commit and tag objects.
* When "git merge" finds that it cannot perform a merge, it should
restore the working tree to the state before the command was
initiated, but in some corner cases it didn't.
* Operating modes like "--batch" of "git cat-file" command \
learned to
take NUL-terminated input, instead of one-item-per-line.
* "git rm" has become more aware of the sparse-index feature.
* "git rev-list --disk-usage" learned to take an optional value
"human" to show the reported value in human-readable format, like
"3.40MiB".
* The "diagnose" feature to create a zip archive for diagnostic
material has been lifted from "scalar" and made into a feature of
"git bugreport".
* The namespaces used by "log --decorate" from "refs/" \
hierarchy by
default has been tightened.
* "git rev-list --ancestry-path=C A..B" is a natural extension of
"git rev-list A..B"; instead of choosing a subset of A..B to those
that have ancestry relationship with A, it lets a subset with
ancestry relationship with C.
* "scalar" now enables built-in fsmonitor on enlisted repositories,
when able.
* The bash prompt (in contrib/) learned to optionally indicate when
the index is unmerged.
* "git clone" command learned the "--bundle-uri" option to \
coordinate
with hosting sites the use of pre-prepared bundle files.
* "git range-diff" learned to honor pathspec argument if given.
* "git format-patch --from=<ident>" can be told to add an in-body
"From:" line even for commits that are authored by the given
<ident> with "--force-in-body-from" option.
* The built-in fsmonitor refuses to work on a network mounted
repositories; a configuration knob for users to override this has
been introduced.
* The "scalar" addition from Microsoft is now part of the core Git
installation.
Performance, Internal Implementation, Development Support etc.
* Collection of what is referenced by objects in promisor packs have
been optimized to inspect these objects in the in-pack order.
* Introduce a helper to see if a branch is already being worked on
(hence should not be newly checked out in a working tree), which
performs much better than the existing find_shared_symref() to
replace many uses of the latter.
* Teach "git archive" to (optionally and then by default) avoid
spawning an external "gzip" process when creating \
".tar.gz" (and
".tgz") archives.
* Allow large objects read from a packstream to be streamed into a
loose object file straight, without having to keep it in-core as a
whole.
* Further preparation to turn git-submodule.sh into a builtin
continues.
* Apply Coccinelle rule to turn raw memmove() into MOVE_ARRAY() cpp
macro, which would improve maintainability and readability.
* Teach "make all" to build gitweb as well.
* Tweak tests so that they still work when the "git init" template
did not create .git/info directory.
* Add Coccinelle rules to detect the pattern of initializing and then
finalizing a structure without using it in between at all, which
happens after code restructuring and the compilers fail to
recognize as an unused variable.
* The code to convert between GPG trust level strings and internal
constants we use to represent them have been cleaned up.
* Support for libnettle as SHA256 implementation has been added.
* The way "git multi-pack" uses parse-options API has been improved.
* A Coccinelle rule (in contrib/) to encourage use of COPY_ARRAY
macro has been improved.
* API tweak to make it easier to run fuzz testing on commit-graph parser.
* Omit fsync-related trace2 entries when their values are all zero.
* The codepath to write multi-pack index has been taught to release a
large chunk of memory that holds an array of objects in the packs,
as soon as it is done with the array, to reduce memory consumption.
* Add a level of redirection to array allocation API in xdiff part,
to make it easier to share with the libgit2 project.
* "git fetch" client logs the partial clone filter used in the trace2
output.
* The "bundle URI" design gets documented.
* The common ancestor negotiation exchange during a "git fetch"
session now leaves trace log.
* Test portability improvements.
(merge 4d1d843be7 mt/rot13-in-c later to maint).
* The "subcommand" mode is introduced to parse-options API and update
the command line parser of Git commands with subcommands.
* The pack bitmap file gained a bitmap-lookup table to speed up
locating the necessary bitmap for a given commit.
* The assembly version of SHA-1 implementation for PPC has been
removed.
* The server side that responds to "git fetch" and "git clone"
request has been optimized by allowing it to send objects in its
object store without recomputing and validating the object names.
* Annotate function parameters that are not used (but cannot be
removed for structural reasons), to prepare us to later compile
with -Wunused warning turned on.
* Share the text used to explain configuration variables used by "git
<subcmd>" in "git help <subcmd>" with the text \
from "git help config".
* "git mv A B" in a sparsely populated working tree can be asked to
move a path from a directory that is "in cone" to another directory
that is "out of cone". Handling of such a case has been improved.
* The chainlint script for our tests has been revamped.
Fixes since v2.37
-----------------
* Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
correctly record a removed file to the index, which was fixed.
* Certain diff options are currently ignored when combined-diff is
shown; mark them as incompatible with the feature.
* Adjust technical/bitmap-format to be formatted by AsciiDoc, and
add some missing information to the documentation.
* Fixes for tests when the source directory has unusual characters in
its path, e.g. whitespaces, double-quotes, etc.
* "git mktree --missing" lazily fetched objects that are missing from
the local object store, which was totally unnecessary for the purpose
of creating the tree object(s) from its input.
* Give _() markings to fatal/warning/usage: labels that are shown in
front of these messages.
* References to commands-to-be-typed-literally in "git rebase"
documentation mark-up have been corrected.
* In a non-bare repository, the behavior of Git when the
core.worktree configuration variable points at a directory that has
a repository as its subdirectory, regressed in Git 2.27 days.
* Recent update to vimdiff layout code has been made more robust
against different end-user vim settings.
* Plug various memory leaks, both in the main code and in test-tool
commands.
* Fixes a long-standing corner case bug around directory renames in
the merge-ort strategy.
* The resolve-undo information in the index was not protected against
GC, which has been corrected.
* A corner case bug where lazily fetching objects from a promisor
remote resulted in infinite recursion has been corrected.
* "git clone" from a repository with some ref whose HEAD is unborn
did not set the HEAD in the resulting repository correctly, which
has been corrected.
* An earlier attempt to plug leaks placed a clean-up label to jump to
at a bogus place, which as been corrected.
* Variable quoting fix in the vimdiff driver of "git mergetool"
* "git shortlog -n" relied on the underlying qsort() to be stable,
which shouldn't have. Fixed.
* A fix for a regression in test framework.
* mkstemp() emulation on Windows has been improved.
* Add missing documentation for "include" and "includeIf" \
features in
"git config" file format, which incidentally teaches the command
line completion to include them in its offerings.
* Avoid "white/black-list" in documentation and code comments.
* Workaround for a compiler warning against use of die() in
osx-keychain (in contrib/).
* Workaround for a false positive compiler warning.
* "git p4" working on UTF-16 files on Windows did not implement
CRLF-to-LF conversion correctly, which has been corrected.
* "git p4" did not handle non-ASCII client name well, which has been
corrected.
* "rerere-train" script (in contrib/) used to honor commit.gpgSign
while recreating the throw-away merges.
* "git checkout" miscounted the paths it updated, which has been
corrected.
* Fix for a bug that makes write-tree to fail to write out a
non-existent index as a tree, introduced in 2.37.
* There was a bug in the codepath to upgrade generation information
in commit-graph from v1 to v2 format, which has been corrected.
* Gitweb had legacy URL shortener that is specific to the way
projects hosted on kernel.org used to (but no longer) work, which
has been removed.
* Fix build procedure for Windows that uses CMake so that it can pick
up the shell interpreter from local installation location.
* Conditionally allow building Python interpreter on Windows
* Fix to lstat() emulation on Windows.
* Older gcc with -Wall complains about the universal zero initializer
"struct s = { 0 };" idiom, which makes developers' lives
inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The
build procedure has been tweaked to help these compilers.
* Plug memory leaks in the failure code path in the "merge-ort" merge
strategy backend.
* "git symbolic-ref symref non..sen..se" is now diagnosed as an error.
* A follow-up fix to a fix for a regression in 2.36 around hooks.
* Avoid repeatedly running getconf to ask libc version in the test
suite, and instead just as it once per script.
* Platform-specific code that determines if a directory is OK to use
as a repository has been taught to report more details, especially
on Windows.
* "vimdiff3" regression fix.
* "git fsck" reads mode from tree objects but canonicalizes the mode
before passing it to the logic to check object sanity, which has
hid broken tree objects from the checking logic. This has been
corrected, but to help existing projects with broken tree objects
that they cannot fix retroactively, the severity of anomalies this
code detects has been demoted to "info" for now.
* Fixes to sparse index compatibility work for "reset" and \
"checkout"
commands.
* An earlier optimization discarded a tree-object buffer that is
still in use, which has been corrected.
* Fix deadlocks between main Git process and subprocess spawned via
the pipe_command() API, that can kill "git add -p" that was
reimplemented in C recently.
* The sequencer machinery translated messages left in the reflog by
mistake, which has been corrected.
* xcalloc(), imitating calloc(), takes "number of elements of the
array", and "size of a single element", in this order. A call that
does not follow this ordering has been corrected.
* The preload-index codepath made copies of pathspec to give to
multiple threads, which were left leaked.
* Update the version of Ubuntu used for GitHub Actions CI from 18.04
to 22.04.
* The auto-stashed local changes created by "git merge --autostash"
was mixed into a conflicted state left in the working tree, which
has been corrected.
* Multi-pack index got corrupted when preferred pack changed from one
pack to another in a certain way, which has been corrected.
(merge 99e4d084ff tb/midx-with-changing-preferred-pack-fix later to maint).
* The clean-up of temporary files created via mks_tempfile_dt() was
racy and attempted to unlink() the leading directory when signals
are involved, which has been corrected.
(merge babe2e0559 rs/tempfile-cleanup-race-fix later to maint).
* FreeBSD portability fix for "git maintenance" that spawns \
"crontab"
to schedule tasks.
(merge ee69e7884e bc/gc-crontab-fix later to maint).
* Those who use diff-so-fancy as the diff-filter noticed a regression
or two in the code that parses the diff output in the built-in
version of "add -p", which has been corrected.
(merge 0a101676e5 js/add-p-diff-parsing-fix later to maint).
* Segfault fix-up to an earlier fix to the topic to teach "git reset"
and "git checkout" work better in a sparse checkout.
(merge 037f8ea6d9 vd/sparse-reset-checkout-fixes later to maint).
* "git diff --no-index A B" managed its the pathnames of its two
input files rather haphazardly, sometimes leaking them. The
command line argument processing has been straightened out to clean
it up.
(merge 2b43dd0eb5 rs/diff-no-index-cleanup later to maint).
* "git rev-list --verify-objects" ought to inspect the contents of
objects and notice corrupted ones, but it didn't when the commit
graph is in use, which has been corrected.
(merge b27ccae34b jk/rev-list-verify-objects-fix later to maint).
* More fixes to "add -p"
(merge 64ec8efb83 js/builtin-add-p-portability-fix later to maint).
* The parser in the script interface to parse-options in "git
rev-parse" has been updated to diagnose a bogus input correctly.
(merge f20b9c36d0 ow/rev-parse-parseopt-fix later to maint).
* The code that manages list-object-filter structure, used in partial
clones, leaked the instances, which has been plugged.
(merge 66eede4a37 jk/plug-list-object-filter-leaks later to maint).
* Fix another UI regression in the reimplemented "add -p".
(merge f6f0ee247f rs/add-p-worktree-mode-prompt-fix later to maint).
* "git fetch" over protocol v2 sent an incorrect ref prefix request
to the server and made "git pull" with configured fetch refspec
that does not cover the remote branch to merge with fail, which has
been corrected.
(merge 49ca2fba39 jk/proto-v2-ref-prefix-fix later to maint).
* A result from opendir() was leaking in the commit-graph expiration
codepath, which has been plugged.
(merge 12f1ae5324 ml/commit-graph-expire-dir-leak-fix later to maint).
* Just like we have coding guidelines, we now have guidelines for
reviewers.
(merge e01b851923 vd/doc-reviewing-guidelines later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge 77b9e85c0f vd/fix-perf-tests later to maint).
(merge 0682bc43f5 jk/test-crontab-fixes later to maint).
(merge b46dd1726c cc/doc-trailer-whitespace-rules later to maint).
|
| 2022-09-01 09:47:28 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
git: updated to 2.37.3
Git 2.37.3 Release Notes
========================
This primarily is to backport various fixes accumulated on the 'master'
front since 2.37.2.
Fixes since v2.37.2
-------------------
* The build procedure for Windows that uses CMake has been updated to
pick up the shell interpreter from local installation location.
* Conditionally allow building Python interpreter on Windows
* Fix to lstat() emulation on Windows.
* Older gcc with -Wall complains about the universal zero initializer
"struct s = { 0 };" idiom, which makes developers' lives
inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The
build procedure has been tweaked to help these compilers.
* Plug memory leaks in the failure code path in the "merge-ort" merge
strategy backend.
* Avoid repeatedly running getconf to ask libc version in the test
suite, and instead just as it once per script.
* Platform-specific code that determines if a directory is OK to use
as a repository has been taught to report more details, especially
on Windows.
* "vimdiff3" regression has been corrected.
* "git fsck" reads mode from tree objects but canonicalizes the mode
before passing it to the logic to check object sanity, which has
hid broken tree objects from the checking logic. This has been
corrected, but to help exiting projects with broken tree objects
that they cannot fix retroactively, the severity of anomalies this
code detects has been demoted to "info" for now.
* Fixes to sparse index compatibility work for "reset" and \
"checkout"
commands.
* Documentation for "git add --renormalize" has been improved.
Also contains other minor documentation updates and code clean-ups.
|
| 2022-08-12 10:06:23 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: git: updated to 2.37.2 Git 2.37.2 Release Notes ======================== This primarily is to backport various fixes accumulated on the 'master' front since 2.37.1. Fixes since v2.37.1 ------------------- * "git shortlog -n" relied on the underlying qsort() to be stable, which shouldn't have. Fixed. * Variable quoting fix in the vimdiff driver of "git mergetool". * An earlier attempt to plug leaks placed a clean-up label to jump to at a bogus place, which as been corrected. * Fixes a long-standing corner case bug around directory renames in the merge-ort strategy. * Recent update to vimdiff layout code has been made more robust against different end-user vim settings. * In a non-bare repository, the behavior of Git when the core.worktree configuration variable points at a directory that has a repository as its subdirectory, regressed in Git 2.27 days. * References to commands-to-be-typed-literally in "git rebase" documentation mark-up have been corrected. * Give _() markings to fatal/warning/usage: labels that are shown in front of these messages. * "git mktree --missing" lazily fetched objects that are missing from the local object store, which was totally unnecessary for the purpose of creating the tree object(s) from its input. * Fixes for tests when the source directory has unusual characters in its path, e.g. whitespaces, double-quotes, etc. * Adjust technical/bitmap-format to be formatted by AsciiDoc, and add some missing information to the documentation. * Certain diff options are currently ignored when combined-diff is shown; mark them as incompatible with the feature. * "git clone" from a repository with some ref whose HEAD is unborn did not set the HEAD in the resulting repository correctly, which has been corrected. * mkstemp() emulation on Windows has been improved. * Add missing documentation for "include" and "includeIf" \ features in "git config" file format, which incidentally teaches the command line completion to include them in its offerings. * Avoid "white/black-list" in documentation and code comments. * Workaround for a compiler warning against use of die() in osx-keychain (in contrib/). * Workaround for a false positive compiler warning. * The resolve-undo information in the index was not protected against GC, which has been corrected. * A corner case bug where lazily fetching objects from a promisor remote resulted in infinite recursion has been corrected. * "git p4" working on UTF-16 files on Windows did not implement CRLF-to-LF conversion correctly, which has been corrected. * "git p4" did not handle non-ASCII client name well, which has been corrected. * "rerere-train" script (in contrib/) used to honor commit.gpgSign while recreating the throw-away merges. * "git checkout" miscounted the paths it updated, which has been corrected. * Fix for a bug that makes write-tree to fail to write out a non-existent index as a tree, introduced in 2.37. * There was a bug in the codepath to upgrade generation information in commit-graph from v1 to v2 format, which has been corrected. Also contains minor documentation updates and code clean-ups. |
| 2022-07-14 12:55:37 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: git: updated to 2.37.1 Git 2.37.1 Release Notes ======================== This release merges up the fixes that appear in v2.30.5, v2.31.4, v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the security issue CVE-2022-29187; see the release notes for these versions for details. Fixes since Git 2.37 -------------------- * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't correctly record a removed file to the index, which is an old regression but has become widely known because the C version has become the default in the latest release. * Fix for CVS-2022-29187. |
| 2022-07-06 13:54:00 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message:
git: updated to 2.37.0
Git v2.37 Release Notes
=======================
UI, Workflows & Features
* "vimdiff[123]" mergetool drivers have been reimplemented with a
more generic layout mechanism.
* "git -v" and "git -h" are now understood as "git \
--version" and
"git --help".
* The temporary files fed to external diff command are now generated
inside a new temporary directory under the same basename.
* "git log --since=X" will stop traversal upon seeing a commit that
is older than X, but there may be commits behind it that is younger
than X when the commit was created with a faulty clock. A new
option is added to keep digging without stopping, and instead
filter out commits with timestamp older than X.
* "git -c branch.autosetupmerge=simple branch $A $B" will set the $B
as $A's upstream only when $A and $B shares the same name, and "git
-c push.default=simple" on branch $A would push to update the
branch $A at the remote $B came from. Also more places use the
sole remote, if exists, before defaulting to 'origin'.
* A new doc has been added that lists tips for tools to work with
Git's codebase.
* "git remote -v" now shows the list-objects-filter used during
fetching from the remote, if available.
* With the new http.curloptResolve configuration, the CURLOPT_RESOLVE
mechanism that allows cURL based applications to use pre-resolved
IP addresses for the requests is exposed to the scripts.
* "git add -i" was rewritten in C some time ago and has been in
testing; the reimplementation is now exposed to general public by
default.
* Deprecate non-cone mode of the sparse-checkout feature.
* Introduce a filesystem-dependent mechanism to optimize the way the
bits for many loose object files are ensured to hit the disk
platter.
* The "do not remove the directory the user started Git in" logic,
when Git cannot tell where that directory is, is disabled. Earlier
we refused to run in such a case.
* A mechanism to pack unreachable objects into a "cruft pack",
instead of ejecting them into loose form to be reclaimed later, has
been introduced.
* Update the doctype written in gitweb output to xhtml5.
* The "transfer.credentialsInURL" configuration variable controls what
happens when a URL with embedded login credential is used on either
"fetch" or "push". Credentials are currently only detected in
`remote.<name>.url` config, not `remote.<name>.pushurl`.
* "git revert" learns "--reference" option to use more \
human-readable
reference to the commit it reverts in the message template it
prepares for the user.
* Various error messages that talk about the removal of
"--preserve-merges" in "rebase" have been strengthened, \
and "rebase
--abort" learned to get out of a state that was left by an earlier
use of the option.
Performance, Internal Implementation, Development Support etc.
* The performance of the "untracked cache" feature has been improved
when "--untracked-files=<mode>" and \
"status.showUntrackedFiles"
are combined.
* "git stash" works better with sparse index entries.
* "git show :<path>" learned to work better with the sparse-index
feature.
* Introduce and apply coccinelle rule to discourage an explicit
comparison between a pointer and NULL, and applies the clean-up to
the maintenance track.
* Preliminary code refactoring around transport and bundle code.
* "sparse-checkout" learns to work better with the sparse-index
feature.
* A workflow change for translators are being proposed. git.pot is
no longer version controlled and it is local responsibility of
translators to generate it.
* Plug the memory leaks from the trickiest API of all, the revision
walker.
* Rename .env_array member to .env in the child_process structure.
* The fsmonitor--daemon handles even more corner cases when
watching filesystem events.
* A new bug() and BUG_if_bug() API is introduced to make it easier to
uniformly log "detect multiple bugs and abort in the end" pattern.
Fixes since v2.36
-----------------
* "git submodule update" without pathspec should silently skip an
uninitialized submodule, but it started to become noisy by mistake.
(merge 4f1ccef87c gc/submodule-update-part2 later to maint).
* "diff-tree --stdin" has been broken for about a year, but 2.36
release broke it even worse by breaking running the command with
<pathspec>, which in turn broke "gitk" and got noticed. This has
been corrected by aligning its behaviour to that of "log".
(merge f8781bfda3 jc/diff-tree-stdin-fix later to maint).
* Regression fix for 2.36 where "git name-rev" started to sometimes
reference strings after they are freed.
(merge 45a14f578e rs/name-rev-fix-free-after-use later to maint).
* "git show <commit1> <commit2>... -- <pathspec>" \
lost the pathspec
when showing the second and subsequent commits, which has been
corrected.
(merge 5cdb38458e jc/show-pathspec-fix later to maint).
* "git fast-export -- <pathspec>" lost the pathspec when showing the
second and subsequent commits, which has been corrected.
(merge d1c25272f5 rs/fast-export-pathspec-fix later to maint).
* "git format-patch <args> -- <pathspec>" lost the \
pathspec when
showing the second and subsequent commits, which has been
corrected.
(merge 91f8f7e46f rs/format-patch-pathspec-fix later to maint).
* "git clone --origin X" leaked piece of memory that held value read
from the clone.defaultRemoteName configuration variable, which has
been plugged.
(merge 6dfadc8981 jc/clone-remote-name-leak-fix later to maint).
* Get rid of a bogus and over-eager coccinelle rule.
(merge 08bdd3a185 jc/cocci-xstrdup-or-null-fix later to maint).
* The path taken by "git multi-pack-index" command from the end user
was compared with path internally prepared by the tool without first
normalizing, which lead to duplicated paths not being noticed,
which has been corrected.
(merge 11f9e8de3d ds/midx-normalize-pathname-before-comparison later to maint).
* Correct choices of C compilers used in various CI jobs.
(merge 3506cae04f ab/cc-package-fixes later to maint).
* Various cleanups to "git p4".
(merge 4ff0108d9e jh/p4-various-fixups later to maint).
* The progress meter of "git blame" was showing incorrect numbers
when processing only parts of the file.
(merge e5f5d7d42e ea/progress-partial-blame later to maint).
* "git rebase --keep-base <upstream> <branch-to-rebase>" \
computed the
commit to rebase onto incorrectly, which has been corrected.
(merge 9e5ebe9668 ah/rebase-keep-base-fix later to maint).
* Fix a leak of FILE * in an error codepath.
(merge c0befa0c03 kt/commit-graph-plug-fp-leak-on-error later to maint).
* Avoid problems from interaction between malloc_check and address
sanitizer.
(merge 067109a5e7 pw/test-malloc-with-sanitize-address later to maint).
* The commit summary shown after making a commit is matched to what
is given in "git status" not to use the break-rewrite heuristics.
(merge 84792322ed rs/commit-summary-wo-break-rewrite later to maint).
* Update a few end-user facing messages around EOL conversion.
(merge c970d30c2c ah/convert-warning-message later to maint).
* Trace2 documentation updates.
(merge a6c80c313c js/trace2-doc-fixes later to maint).
* Build procedure fixup.
(merge 1fbfd96f50 mg/detect-compiler-in-c-locale later to maint).
* "git pull" without "--recurse-submodules=<arg>" made
submodule.recurse take precedence over fetch.recurseSubmodules by
mistake, which has been corrected.
(merge 5819417365 gc/pull-recurse-submodules later to maint).
* "git bisect" was too silent before it is ready to start computing
the actual bisection, which has been corrected.
(merge f11046e6de cd/bisect-messages-from-pre-flight-states later to maint).
* macOS CI jobs have been occasionally flaky due to tentative version
skew between perforce and the homebrew packager. Instead of
failing the whole CI job, just let it skip the p4 tests when this
happens.
(merge f15e00b463 cb/ci-make-p4-optional later to maint).
* A bit of test framework fixes with a few fixes to issues found by
valgrind.
(merge 7c898554d7 ab/valgrind-fixes later to maint).
* "git archive --add-file=<path>" picked up the raw permission bits
from the path and propagated to zip output in some cases, without
normalization, which has been corrected (tar output did not have
this issue).
(merge 6a61661967 jc/archive-add-file-normalize-mode later to maint).
* "make coverage-report" without first running "make \
coverage" did
not produce any meaningful result, which has been corrected.
(merge 96ddfecc5b ep/coverage-report-wants-test-to-have-run later to maint).
* The "--current" option of "git show-branch" should have \
been made
incompatible with the "--reflog" mode, but this was not enforced,
which has been corrected.
(merge 41c64ae0e7 jc/show-branch-g-current later to maint).
* "git fetch" unnecessarily failed when an unexpected optional
section appeared in the output, which has been corrected.
(merge 7709acf7be jt/fetch-peek-optional-section later to maint).
* The way "git fetch" without "--update-head-ok" ensures \
that HEAD in
no worktree points at any ref being updated was too wasteful, which
has been optimized a bit.
(merge f7400da800 os/fetch-check-not-current-branch later to maint).
* "git fetch --recurse-submodules" from multiple remotes (either from
a remote group, or "--all") used to make one extra "git \
fetch" in
the submodules, which has been corrected.
(merge 0353c68818 jc/avoid-redundant-submodule-fetch later to maint).
* With a recent update to refuse access to repositories of other
people by default, "sudo make install" and "sudo git describe"
stopped working, which has been corrected.
(merge 6b11e3d52e cb/path-owner-check-with-sudo-plus later to maint).
* The tests that ensured merges stop when interfering local changes
are present did not make sure that local changes are preserved; now
they do.
(merge 4b317450ce jc/t6424-failing-merge-preserve-local-changes later to maint).
* Some real problems noticed by gcc 12 have been fixed, while false
positives have been worked around.
* Update the version of FreeBSD image used in Cirrus CI.
(merge c58bebd4c6 pb/use-freebsd-12.3-in-cirrus-ci later to maint).
* The multi-pack-index code did not protect the packfile it is going
to depend on from getting removed while in use, which has been
corrected.
(merge 4090511e40 tb/midx-race-in-pack-objects later to maint).
* Teach "git repack --geometric" work better with \
"--keep-pack" and
avoid corrupting the repository when packsize limit is used.
(merge 66731ff921 tb/geom-repack-with-keep-and-max later to maint).
* The documentation on the interaction between "--add-file" and
"--prefix" options of "git archive" has been improved.
(merge a75910602a rs/document-archive-prefix later to maint).
* A git subcommand like "git add -p" spawns a separate git process
while relaying its command line arguments. A pathspec with only
negative elements was mistakenly passed with an empty string, which
has been corrected.
(merge b02fdbc80a jc/all-negative-pathspec later to maint).
* With a more targeted workaround in http.c in another topic, we may
be able to lift this blanket "GCC12 dangling-pointer warning is
broken and unsalvageable" workaround.
(merge 419141e495 cb/buggy-gcc-12-workaround later to maint).
* A misconfigured 'branch..remote' led to a bug in configuration
parsing.
(merge f1dfbd9ee0 gc/zero-length-branch-config-fix later to maint).
* "git -c diff.submodule=log range-diff" did not show anything for
submodules that changed in the ranges being compared, and
"git -c diff.submodule=diff range-diff" did not work correctly.
Fix this by including the "--submodule=short" output
unconditionally to be compared.
* In Git 2.36 we revamped the way how hooks are invoked. One change
that is end-user visible is that the output of a hook is no longer
directly connected to the standard output of "git" that spawns the
hook, which was noticed post release. This is getting corrected.
(merge a082345372 ab/hooks-regression-fix later to maint).
* Updating the graft information invalidates the list of parents of
in-core commit objects that used to be in the graft file.
* "git show-ref --heads" (and "--tags") still iterated over \
all the
refs only to discard refs outside the specified area, which has
been corrected.
(merge c0c9d35e27 tb/show-ref-optim later to maint).
* Remove redundant copying (with index v3 and older) or possible
over-reading beyond end of mmapped memory (with index v4) has been
corrected.
(merge 6d858341d2 zh/read-cache-copy-name-entry-fix later to maint).
* Sample watchman interface hook sometimes failed to produce
correctly formatted JSON message, which has been corrected.
(merge 134047b500 sn/fsmonitor-missing-clock later to maint).
* Use-after-free (with another forget-to-free) fix.
(merge 323822c72b ab/remote-free-fix later to maint).
* Remove a coccinelle rule that is no longer relevant.
(merge b1299de4a1 jc/cocci-cleanup later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge e6b2582da3 cm/reftable-0-length-memset later to maint).
(merge 0b75e5bf22 ab/misc-cleanup later to maint).
(merge 52e1ab8a76 ea/rebase-code-simplify later to maint).
(merge 756d15923b sg/safe-directory-tests-and-docs later to maint).
(merge d097a23bfa ds/do-not-call-bug-on-bad-refs later to maint).
(merge c36c27e75c rs/t7812-pcre2-ws-bug-test later to maint).
(merge 1da312742d gf/unused-includes later to maint).
(merge 465b30a92d pb/submodule-recurse-mode-enum later to maint).
(merge 82b28c4ed8 km/t3501-use-test-helpers later to maint).
(merge 72315e431b sa/t1011-use-helpers later to maint).
(merge 95b3002201 cg/vscode-with-gdb later to maint).
(merge fbe5f6b804 tk/p4-utf8-bom later to maint).
(merge 17f273ffba tk/p4-with-explicity-sync later to maint).
(merge 944db25c60 kf/p4-multiple-remotes later to maint).
(merge b014cee8de jc/update-ozlabs-url later to maint).
(merge 4ec5008062 pb/ggg-in-mfc-doc later to maint).
(merge af845a604d tb/receive-pack-code-cleanup later to maint).
(merge 2acf4cf001 js/ci-gcc-12-fixes later to maint).
(merge 05e280c0a6 jc/http-clear-finished-pointer later to maint).
(merge 8c49d704ef fh/transport-push-leakfix later to maint).
(merge 1d232d38bd tl/ls-tree-oid-only later to maint).
(merge db7961e6a6 gc/document-config-worktree-scope later to maint).
(merge ce18a30bb7 fs/ssh-default-key-command-doc later to maint).
|
| 2022-05-09 14:00:16 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: git: updated to 2.36.1 Git v2.36.1 Release Notes ========================= Fixes since v2.36 ----------------- * "git submodule update" without pathspec should silently skip an uninitialized submodule, but it started to become noisy by mistake. * "diff-tree --stdin" has been broken for about a year, but 2.36 release broke it even worse by breaking running the command with <pathspec>, which in turn broke "gitk" and got noticed. This has been corrected by aligning its behaviour to that of "log". * Regression fix for 2.36 where "git name-rev" started to sometimes reference strings after they are freed. * "git show <commit1> <commit2>... -- <pathspec>" \ lost the pathspec when showing the second and subsequent commits, which has been corrected. * "git fast-export -- <pathspec>" lost the pathspec when showing the second and subsequent commits, which has been corrected. * "git format-patch <args> -- <pathspec>" lost the \ pathspec when showing the second and subsequent commits, which has been corrected. * Get rid of a bogus and over-eager coccinelle rule. * Correct choices of C compilers used in various CI jobs. Also contains minor documentation updates and code clean-ups. |
New packages: