Log message:
git: Split Perl-dependent scripts into new git-perlscripts package.

This way:
- devel/git still installs everything it used to.
- devel/git-base can be built without Perl.

Log message:
git: updated to 2.41.0

Git v2.41 Release Notes
=======================

UI, Workflows & Features

 * Allow information carried on the WWW-Authenticate header to be
   passed to the credential helpers.

 * A new "fetch.hideRefs" option can be used to exclude specified refs
   from "rev-list --objects --stdin --not --all" traversal for
   checking object connectivity, most useful when there are many
   unrelated histories in a single repository.

 * "git push" has been taught to allow deletion of refs with one-level
   names to help repairing a repository who acquired such a ref by
   mistake.  In general, we don't encourage use of such a ref, and
   creation or update to such a ref is rejected as before.

 * Allow "git bisect reset" to check out the original branch when the
   branch is already checked out in a different worktree linked to the
   same repository.

 * A few subcommands have been taught to stop users from working on a
   branch that is being used in another worktree linked to the same
   repository.

 * "git format-patch" learned to write a log-message only output file
   for empty commits.

 * "git format-patch" honors the src/dst prefixes set to nonstandard
   values with configuration variables like "diff.noprefix", causing
   receiving end of the patch that expects the standard -p1 format to
   break.  "format-patch" has been taught to ignore end-user configuration
   and always use the standard prefixes.

   This is a backward compatibility breaking change.

 * Lift the limitation that colored prompts can only be used with
   PROMPT_COMMAND mode.

 * "git blame --contents=<file> <rev> -- <path>" \ 
used to be forbidden,
   but now it finds the origins of lines starting at <file> contents
   through the history that leads to <rev>.

 * "git pack-redundant" gave a warning when run, as the command has
   outlived its usefulness long ago and is nominated for future
   removal.  Now we escalate to give an error.

 * "git clone" from an empty repository learned to propagate the
   choice of the hash algorithm from the source repository to the
   newly created repository over any one of the v0/v1/v2 protocol.

 * "git mergetool" and "git difftool" learns a new configuration
   guiDefault to optionally favor configured guitool over non-gui-tool
   automatically when $DISPLAY is set.

 * "git branch -d origin/master" would say "no such branch", \ 
but it is
   likely a missed "-r" if refs/remotes/origin/master exists.  The
   command has been taught to give such a hint in its error message.

 * Clean-up of the code path that deals with merge strategy option
   handling in "git rebase".

 * "git clone --local" stops copying from an original repository that
   has symbolic links inside its $GIT_DIR; an error message when that
   happens has been updated.

 * The "--format=..." option of "git for-each-ref", \ 
"git branch", and
   "git tag" commands learn "--omit-empty" to hide refs whose
   formatting results in an empty string from the output.

 * The sendemail-validate validate hook learned to pass the total
   number of input files and where in the sequence each invocation is
   via environment variables.

 * When "gc" needs to retain unreachable objects, packing them into
   cruft packs (instead of exploding them into loose object files) has
   been offered as a more efficient option for some time.  Now the use
   of cruft packs has been made the default and no longer considered
   an experimental feature.

 * The output given by "git blame" that attributes a line to contents
   taken from the file specified by the "--contents" option shows it
   differently from a line attributed to the working tree file.

 * "git send-email" learned to give the e-mail headers to the validate
   hook by passing an extra argument from the command line.

 * The credential subsystem learns to help OAuth framework.

 * The titles of manual pages used to be chomped at an unreasonably
   short limit, which has been removed.

 * Error messages given when working on an unborn branch that is
   checked out in another worktree have been improved.

 * The documentation was misleading about the interaction between
   GIT_DEFAULT_HASH and "git clone", which has been clarified to
   stress that the variable is to be ignored by the command.

 * "git send-email" learned "--header-cmd=<cmd>" that \ 
can inject
   arbitrary e-mail header lines to the outgoing messages.

 * "git fsck" learned to detect bit-flip breakages in the reachability
   bitmap files.

 * The "--stdin" option of "git name-rev" has been replaced with
   the "--annotate-stdin" option more than a year ago.  We stop
   advertising it in the "git name-rev -h" output.

 * "git push --all" gained an alias "git push --branches".

 * "git fetch" learned the "--porcelain" option that emits \ 
what it did
   in a machine-parseable format.

 * "git --attr-source=<tree> cmd $args" is a new way to have any
   command to read attributes not from the working tree but from the
   given tree object.

Performance, Internal Implementation, Development Support etc.

 * Code clean-up to clarify directory traversal API.

 * Code clean-up to clarify the rule that "git-compat-util.h" must be
   the first to be included.

 * More work towards -Wunused.

 * Instead of forcing each command to choose to honor GPG related
   configuration variables, make the subsystem lazily initialize
   itself.

 * Remove workaround for ancient versions of DocBook to make it work
   correctly with groff, which has not been necessary since docbook
   1.76 from 2010.

 * Code clean-up to include and/or uninclude parse-options.h file as
   needed.

 * The code path that reports what "git fetch" did to each ref has
   been cleaned up.

 * Assorted config API updates.

 * A few configuration variables to tell the cURL library that
   different types of ssl-cert and ssl-key are in use have been added.

 * Split key function and data structure definitions out of cache.h to
   new header files and adjust the users.

 * "git fetch --all" does not have to download and handle the same
   bundleURI over and over, which has been corrected.

 * "git sparse-checkout" command learns a debugging aid for the sparse
   rule definitions.

 * "git write-tree" learns to work better with sparse-index.

 * The on-disk reverse index that allows mapping from the pack offset
   to the object name for the object stored at the offset has been
   enabled by default.

 * "git fsck" learned to validate the on-disk pack reverse index files.

 * strtok() and strtok_r() are banned in this codebase.

 * The detect-compilers script to help auto-tweaking the build system
   had trouble working with compilers whose version number has extra
   suffixes.  The script has been taught that certain suffixes (like
   "-win32" in "gcc 10-win32") can be safely stripped as \ 
they share
   the same features and bugs with the version without the suffix.

 * ctype tests have been taught to test EOF, too.

 * The implementation of credential helpers used fgets() over fixed
   size buffers to read protocol messages, causing the remainder of
   the folded long line to trigger unexpected behaviour, which has
   been corrected.

 * The implementation of the default "negotiator", used to find common
   ancestor over the network for object tranfer, used to be recursive;
   it was updated to be iterative to conserve stackspace usage.

 * Our custom callout formatter is no longer used in the documentation
   formatting toolchain, as the upstream default ones give better
   output these days.

 * The tracing mechanism learned to notice and report when
   auto-discovered bare repositories are being used, as allowing so
   without explicitly stating the user intends to do so (with setting
   GIT_DIR for example) can be used with social engineering as an
   attack vector.

 * "git diff-files" learned not to expand sparse-index unless needed.

Fixes since v2.40
-----------------

 * "git fsck" learned to check the index files in other worktrees,
   just like "git gc" honors them as anchoring points.
   (merge 8d3e7eac52 jk/fsck-indices-in-worktrees later to maint).

 * Fix a segfaulting loop.  The function and its caller may need
   further clean-up.
   (merge c5773dc078 ew/commit-reach-clean-up-flags-fix later to maint).

 * "git restore" supports options like "--ours" that are only
   meaningful during a conflicted merge, but these options are only
   meaningful when updating the working tree files.  These options are
   marked to be incompatible when both "--staged" and \ 
"--worktree" are
   in effect.
   (merge ee8a88826a ak/restore-both-incompatible-with-conflicts later to maint).

 * Simplify UI to control progress meter given by "git bundle" command.
   (merge 8b95521edb jk/bundle-progress later to maint).

 * "git bundle" learned that "-" is a common way to say that \ 
the input
   comes from the standard input and/or the output goes to the
   standard output.  It used to work only for output and only from the
   root level of the working tree.
   (merge 0bbe10313e jk/bundle-use-dash-for-stdfiles later to maint).

 * Once we start running, we assumed that the list of alternate object
   databases would never change.  Hook into the machinery used to
   update the list of packfiles during runtime to update this list as
   well.
   (merge e2d003dbed ds/reprepare-alternates-when-repreparing-packfiles later to \ 
maint).

 * The code to parse "git rebase -X<opt>" was not prepared to see an
   unparsable option string, which has been corrected.
   (merge 15a4cc912e ab/fix-strategy-opts-parsing later to maint).

 * "git add -p" while the index is unmerged sometimes failed to parse
   the diff output it internally produces and died, which has been
   corrected.
   (merge 28d1122f9c jk/add-p-unmerged-fix later to maint).

 * Fix for a "ls-files --format="%(path)" that produced nonsense
   output, which was a bug in 2.38.
   (merge cfb62dd006 aj/ls-files-format-fix later to maint).

 * "git receive-pack" that responds to "git push" requests \ 
failed to
   clean a stale lockfile when killed in the middle, which has been
   corrected.
   (merge c55c30669c ps/receive-pack-unlock-before-die later to maint).

 * "git rev-parse --quiet foo@{u}", or anything that asks @{u} to be
   parsed with GET_OID_QUIETLY option, did not quietly fail, which has
   been corrected.
   (merge dfbfdc521d fc/oid-quietly-parse-upstream later to maint).

 * Transports that do not support protocol v2 did not correctly fall
   back to protocol v0 under certain conditions, which has been
   corrected.
   (merge eaa0fd6584 jk/fix-proto-downgrade-to-v0 later to maint).

 * time(2) on glib 2.31+, especially on Linux, goes out of sync with
   higher resolution timers used for gettimeofday(2) and by the
   filesystem.  Replace all calls to it with a git_time() wrapper and
   (merge 370ddcbc89 pe/time-use-gettimeofday later to maint).

 * Code clean-up to use designated initializers in parse-options API.
   (merge 353e6d4554 sg/parse-options-h-initializers later to maint).

 * A recent-ish change to allow unicode character classes to be used
   with "grep -P" triggered a JIT bug in older pcre2 libraries.
   The problematic change in Git built with these older libraries has
   been disabled to work around the bug.
   (merge 14b9a04479 mk/workaround-pcre-jit-ucp-bug later to maint).

 * The wildmatch library code unlearns exponential behaviour it
   acquired some time ago since it was borrowed from rsync.
   (merge 3dc0b7f0dc pw/wildmatch-fixes later to maint).

 * The index files can become corrupt under certain conditions when
   the split-index feature is in use, especially together with
   fsmonitor, which have been corrected.
   (merge 061dd722dc js/split-index-fixes later to maint).

 * Document what the pathname-looking strings in "rev-list --object"
   output are for and what they mean.
   (merge 15364d2a3c jk/document-rev-list-object-name later to maint).

 * Fix unnecessary truncation of generation numbers used in-core.
   (merge d3af1c193d ps/ahead-behind-truncation-fix later to maint).

 * Code clean-up around the use of the_repository.
   (merge 4a93b899c1 ab/remove-implicit-use-of-the-repository later to maint).

 * Consistently spell "Message-ID" as such, not "Message-Id".
   (merge ba4324c4e1 jc/spell-id-in-both-caps-in-message-id later to maint).

 * Correct use of an uninitialized structure member.
   (merge dc12ee77ab jx/cap-object-info-uninitialized-fix later to maint).

 * Tests had a few places where we ignored PERL_PATH and blindly used
   /usr/bin/perl, which have been corrected.
   (merge c1917156a0 jk/use-perl-path-consistently later to maint).

 * Documentation mark-up fix.
   (merge 78b6369e67 la/mfc-markup-fix later to maint).

 * Doc toolchain update to remove old workaround for AsciiDoc.
   (merge 8806120de6 fc/remove-header-workarounds-for-asciidoc later to maint).

 * The userdiff regexp patterns for various filetypes that are built
   into the system have been updated to avoid triggering regexp errors
   from UTF-8 aware regex engines.
   (merge be39144954 rs/userdiff-multibyte-regex later to maint).

 * The approxidate() API has been simplified by losing an extra
   function that did the same thing as another one.
   (merge 8a7f0b666f rs/remove-approxidate-relative later to maint).

 * Code clean-up to replace a hardcoded constant with a CPP macro.
   (merge c870de6502 rs/get-tar-commit-id-use-defined-const later to maint).

 * Doc build simplification.
   (merge 9a09ed3229 fc/doc-stop-using-manversion later to maint).

 * "git archive" run from a subdirectory mishandled attributes and
   paths outside the current directory.
   (merge 92b1dd1b9e rs/archive-from-subdirectory-fixes later to maint).

 * The code to parse capability list for v0 on-wire protocol fell into
   an infinite loop when a capability appears multiple times, which
   has been corrected.

 * Geometric repacking ("git repack --geometric=<n>") in a repository
   that borrows from an alternate object database had various corner
   case bugs, which have been corrected.
   (merge d85cd18777 ps/fix-geom-repack-with-alternates later to maint).

 * The "%GT" placeholder for the "--format" option of \ 
"git log" and
   friends caused BUG() to trigger on a commit signed with an unknown
   key, which has been corrected.
   (merge 7891e46585 jk/gpg-trust-level-fix later to maint).

 * The completion script used to use bare "read" without the "-r"
   option to read the contents of various state files, which risked
   getting confused with backslashes in them.  This has been
   corrected.
   (merge 197152098a ek/completion-use-read-r-to-read-literally later to maint).

 * A small API fix to the ort merge strategy backend.
   (merge 000c4ceca7 en/ort-finalize-after-0-merges-fix later to maint).

 * The commit object parser has been taught to be a bit more lenient
   to parse timestamps on the author/committer line with a malformed
   author/committer ident.
   (merge 90ef0f14eb jk/parse-commit-with-malformed-ident later to maint).

 * Retitle a test script with an overly narrow name.
   (merge 8bb19c14fb ob/t3501-retitle later to maint).

 * Doc update to clarify how text and eol attributes interact to
   specify the end-of-line conversion.
   (merge 6696077ace ah/doc-attributes-text later to maint).

 * Gitk updates from GfW project.
   (merge 99e70f3077 js/gitk-fixes-from-gfw later to maint).

 * "git diff --dirstat" leaked memory, which has been plugged.
   (merge 83973981eb jc/dirstat-plug-leaks later to maint).

 * "git merge-tree" reads the basic configuration, which can be used
    by git forges to disable replace-refs feature.
   (merge b6551feadf ds/merge-tree-use-config later to maint).

 * A few bugs in the sequencer machinery that results in miscounting
   the steps have been corrected.
   (merge 170eea9750 js/rebase-count-fixes later to maint).

 * Other code cleanup, docfix, build fix, etc.
   (merge f7111175df as/doc-markup-fix later to maint).
   (merge 90ff7c9898 fc/test-aggregation-clean-up later to maint).
   (merge 9b0c7f308a jc/am-doc-refer-to-format-patch later to maint).
   (merge b10cbdac4c bb/unicode-width-table-15 later to maint).
   (merge 3457b50e8c ab/retire-scripted-add-p later to maint).
   (merge d52fcf493b ds/p2000-fix-grep-sparse later to maint).
   (merge ec063d2591 ss/hashmap-typofix later to maint).
   (merge 1aaed69d11 rs/archive-mtime later to maint).
   (merge 2da2cc9b28 ob/rollback-after-commit-lock-failure later to maint).
   (merge 54dbd0933b ob/sequencer-save-head-simplify later to maint).
   (merge a93cbe8d78 ar/test-cleanup-unused-file-creation later to maint).
   (merge cc48ddd937 jk/chainlint-fixes later to maint).
   (merge 4833b08426 ow/ref-format-remove-unused-member later to maint).
   (merge d0ea2ca1cf dw/doc-submittingpatches-grammofix later to maint).
   (merge fd72637423 ar/t2024-checkout-output-fix later to maint).
   (merge d45cbe3fe0 ob/sequencer-i18n-fix later to maint).
   (merge b734fe49fd ob/messages-capitalize-exception later to maint).
   (merge ad353d7e77 ma/gittutorial-fixes later to maint).
   (merge a5855fd8d4 ar/test-cleanup-unused-file-creation-part2 later to maint).
   (merge 0c5308af30 sd/doc-gitignore-and-rm-cached later to maint).
   (merge cbb83daeaf kh/doc-interpret-trailers-updates later to maint).
   (merge 3d77fbb664 ar/config-count-tests-updates later to maint).
   (merge b7cf25c8f4 jc/t9800-fix-use-of-show-s-raw later to maint).

Log message:
git: updated to 2.40.1

Git v2.40.1 Release Notes
=========================

This release merges up the fix that appears in v2.30.9, v2.31.8,
v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5
and v2.39.3 to address the security issues CVE-2023-25652,
CVE-2023-25815, and CVE-2023-29007; see the release notes for these
versions for details.

Log message:
revbump after textproc/icu update

Log message:
git: updated to 2.40.0

Git v2.40 Release Notes
=======================

UI, Workflows & Features

 * "merge-tree" learns a new `--merge-base` option.

 * "git jump" (in contrib/) learned to present the "quickfix \ 
list" to
   its standard output (instead of letting it consumed by the editor
   it invokes), and learned to also drive emacs/emacsclient.

 * "git var UNKNOWN_VARIABLE" and "git var VARIABLE" with \ 
the variable
   given an empty value used to behave identically.  Now the latter
   just gives an empty output, while the former still gives an error
   message.

 * Introduce a case insensitive mode to the Bash completion helpers.

 * The advice message given by "git status" when it takes long time to
   enumerate untracked paths has been updated.

 * Just like "git var GIT_EDITOR" abstracts the complex logic to
   choose which editor gets used behind it, "git var" now give support
   to GIT_SEQUENCE_EDITOR.

 * "git format-patch" learned to honor format.mboxrd even when sending
   patches to the standard output stream,

 * 'cat-file' gains mailmap support for its '--batch-check' and '-s'
   options.

 * Conditionally skip the pre-applypatch and applypatch-msg hooks when
   applying patches with 'git am'.

 * Introduce an optional configuration to allow the trailing hash that
   protects the index file from bit flipping.

 * "git check-attr" learned to take an optional tree-ish to read the
   .gitattributes file from.

 * "scalar" learned to give progress bar.

 * "grep -P" learned to use Unicode Character Property to grok
   character classes when processing \b and \w etc.

 * "git rebase" often ignored incompatible options instead of
   complaining, which has been corrected.

 * "scalar" warns but continues when its periodic maintenance
   feature cannot be enabled.

 * The bundle-URI subsystem adds support for creation-token heuristics
   to help incremental fetches.

 * Userdiff regexp update for Java language.

 * "git fetch --jobs=0" used to hit a BUG(), which has been corrected
   to use the available CPUs.

 * An invalid label or ref in the "rebase -i" todo file used to
   trigger an runtime error. SUch an error is now diagnosed while the
   todo file is parsed.

 * The "diff" drivers specified by the "diff" attribute \ 
attached to
   paths can now specify which algorithm (e.g. histogram) to use.

 * "git range-diff" learned --abbrev=<num> option.

 * "git archive HEAD^{tree}" records the paths with the current
   timestamp in the archive, making it harder to obtain a stable
   output.  The command learned the --mtime option to specify an
   arbitrary timestamp (e.g. --mtime="@0 +0000" for the epoch).

 * The credential subsystem learned that a password may have an
   explicit expiration.

 * The format.attach configuration variable lacked a way to override a
   value defined in a lower-priority configuration file (e.g. the
   system one) by redefining it in a higher-priority configuration
   file.  Now, setting format.attach to an empty string means show the
   patch inline in the e-mail message, without using MIME attachment.

   This is a backward incompatible change.

Performance, Internal Implementation, Development Support etc.

 * `git bisect` becomes a builtin.

 * The pack-bitmap machinery is taught to log the paths of redundant
   bitmap(s) to trace2 instead of stderr.

 * Use the SHA1DC implementation on macOS, just like other platforms,
   by default.

 * Even in a repository with promisor remote, it is useless to
   attempt to lazily attempt fetching an object that is expected to be
   commit, because no "filter" mode omits commit objects.  Take
   advantage of this assumption to fail fast on errors.

 * Stop using "git --super-prefix" and narrow the scope of its use to
   the submodule--helper.

 * Stop running win+VS build by default.

 * CI updates.  We probably want a clean-up to move the long shell
   script embedded in yaml file into a separate file, but that can
   come later.

 * Use `git diff --no-index` as a test_cmp on Windows.

   We'd probably need to revisit "do we really want to, and have to,
   lose CRLF vs LF?" later, at which time we may be able to further
   clean this up by replacing "git diff --no-index" with "diff \ 
-u".

 * Avoid unnecessary builds in CI, with settings configured in
   ci-config.

 * Plug leaks in sequencer subsystem and its users.

 * In-tree .gitattributes update to match the way we recommend our
   users to mark a file as text.
   (merge 1f34e0cd3d po/attributes-text later to maint).

 * Finally retire the scripted "git add -p/-i" implementation and have
   everybody use the one reimplemented in C.

Fixes since v2.39
-----------------

 * Various leak fixes.

 * Fix a bug where `pack-objects` would not respect multiple `--filter`
   arguments when invoked directly.
   (merge d4f7036887 rs/multi-filter-args later to maint).

 * Make fsmonitor more robust to avoid the flakiness seen in t7527.
   (merge 6692d45477 jh/t7527-unflake-by-forcing-cookie later to maint).

 * Stop using deprecated macOS API in fsmonitor.
   (merge b0226007f0 jh/fsmonitor-darwin-modernize later to maint).

 * Redefining system functions for a few functions did not follow our
   usual "implement git_foo() and #define foo(args) git_foo(args)"
   pattern, which has broken build for some folks.

 * The way the diff machinery prepares the options array for the
   parse_options API has been refactored to avoid resource leaks.
   (merge 189e97bc4b rs/diff-parseopts later to maint).

 * Correct pthread API usage.
   (merge 786e67611d sx/pthread-error-check-fix later to maint).

 * The code to auto-correct a misspelt subcommand unnecessarily called
   into git_default_config() from the early config codepath, which was
   a no-no.  This has bee corrected.
   (merge 0918d08887 sg/help-autocorrect-config-fix later to maint).

 * "git http-fetch" (which is rarely used) forgot to identify itself
   in the trace2 output.
   (merge 7abb43cbc8 jt/http-fetch-trace2-report-name later to maint).

 * The output from "git diff --stat" on an unmerged path lost the
   terminating LF in Git 2.39, which has been corrected.
   (merge 209d9cb011 pg/diff-stat-unmerged-regression-fix later to maint).

 * "git pull -v --recurse-submodules" attempted to pass "-v" \ 
down to
   underlying "git submodule update", which did not understand the
   request and barfed, which has been corrected.
   (merge 6f65f84766 ss/pull-v-recurse-fix later to maint).

 * When given a pattern that matches an empty string at the end of a
   line, the code to parse the "git diff" line-ranges fell into an
   infinite loop, which has been corrected.

 * Fix the sequence to fsync $GIT_DIR/packed-refs file that forgot to
   flush its output to the disk..

 * Fix to a small regression in 2.38 days.

 * "git diff --relative" did not mix well with "git diff \ 
--ext-diff",
   which has been corrected.

 * The logic to see if we are using the "cone" mode by checking the
   sparsity patterns has been tightened to avoid mistaking a pattern
   that names a single file as specifying a cone.

 * Deal with a few deprecation warning from cURL library.

 * Doc update for environment variables set when hooks are invoked.

 * Document ORIG_HEAD a bit more.

 * "git ls-tree --format='%(path) %(path)' $tree $path" showed the
   path three times, which has been corrected.

 * Remove "git env--helper" and demote it to a test-tool subcommand.
   (merge 4a1baacd46 ab/test-env-helper later to maint).

 * Newer regex library macOS stopped enabling GNU-like enhanced BRE,
   where '\(A\|B\)' works as alternation, unless explicitly asked with
   the REG_ENHANCED flag.  "git grep" now can be compiled to do so, to
   retain the old behaviour.

 * Pthread emulation on Win32 leaked thread handle when a thread is
   joined.
   (merge 238a9dfe86 sk/win32-close-handle-upon-pthread-join later to maint).

 * "git send-email -v 3" used to be expanded to "git send-email
   --validate 3" when the user meant to pass them down to
   "format-patch", which has been corrected.
   (merge 8774aa56ad km/send-email-with-v-reroll-count later to maint).

 * Document that "branch -f <branch>" disables only the safety to
   avoid recreating an existing branch.

 * "git fetch <group>", when "<group>" of \ 
remotes lists the same
   remote twice, unnecessarily failed when parallel fetching was
   enabled, which has been corrected.
   (merge 06a668cb90 cw/fetch-remote-group-with-duplication later to maint).

 * Clarify how "checkout -b/-B" and "git branch [-f]" are \ 
similar but
   different in the documentation.

 * "git hash-object" now checks that the resulting object is well
   formed with the same code as "git fsck".
   (merge 8e4309038f jk/hash-object-fsck later to maint).

 * Improve the error message given when private key is not loaded in
   the ssh agent in the codepath to sign with an ssh key.
   (merge dce7b31126 as/ssh-signing-improve-key-missing-error later to maint).

 * Adjust "git request-pull" to strip embedded signature from signed
   tags to notice non-PGP signatures.
   (merge a9cad02538 gm/request-pull-with-non-pgp-signed-tags later to maint).

 * Remove support for MSys, which now lags way behind MSys2.
   (merge 2987407f3c hj/remove-msys-support later to maint).

 * Fix use of CreateThread() API call made early in the windows
   start-up code.
   (merge 592bcab61b sk/winansi-createthread-fix later to maint).

 * "git pack-objects" learned to release delta-island bitmap data when
   it is done using it, saving peak heap memory usage.
   (merge 647982bb71 ew/free-island-marks later to maint).

 * In an environment where dynamically generated code is prohibited to
   run (e.g. SELinux), failure to JIT pcre patterns is expected.  Fall
   back to interpreted execution in such a case.
   (merge 50b6ad55b0 cb/grep-fallback-failing-jit later to maint).

 * "git name-rev" heuristics update.
   (merge b2182a8730 en/name-rev-make-taggerdate-much-less-important later to maint).

 * Remove more remaining uses of macros that relies on the_index
   singleton instance without explicitly spelling it out.

 * Remove unnecessary explicit sizing of strbuf.
   (merge 93ea118bed rs/cache-tree-strbuf-growth-fix later to maint).

 * Doc update.
   (merge d9ec3b0dc0 jk/doc-ls-remote-matching later to maint).

 * Error messages given upon a signature verification failure used to
   discard the errors from underlying gpg program, which has been
   corrected.
   (merge ad6b320756 js/gpg-errors later to maint).

 * Update --date=default documentation.
   (merge 9deef088ae rd/doc-default-date-format later to maint).

 * A test helper had a single write(2) of 256kB, which was too big for
   some platforms (e.g. NonStop), which has been corrected by using
   xwrite() wrapper appropriately.
   (merge 58eab6ff13 jc/genzeros-avoid-raw-write later to maint).

 * sscanf(3) used in "git symbolic-ref --short" implementation found
   to be not working reliably on macOS in UTF-8 locales.  Rewrite the
   code to avoid sscanf() altogether to work it around.
   (merge 613bef56b8 jk/shorten-unambiguous-ref-wo-sscanf later to maint).

 * Various fix-ups on HTTP tests.
   (merge 8f2146dbf1 jk/http-test-fixes later to maint).

 * Fixes to code that parses the todo file used in "rebase -i".
   (merge 666b6e1135 pw/rebase-i-parse-fix later to maint).

 * Test library clean-up.
   (merge c600a91c94 ar/test-lib-remove-stale-comment later to maint).

 * Other code cleanup, docfix, build fix, etc.
   (merge 4eb1ccecd4 dh/mingw-ownership-check-typofix later to maint).
   (merge f95526419b ar/typofix-gitattributes-doc later to maint).
   (merge 27875aeec9 km/doc-branch-start-point later to maint).
   (merge 35c194dc57 es/t1509-root-fixes later to maint).
   (merge 7b341645e3 pw/ci-print-failure-name-fix later to maint).
   (merge bcb71d45bf jx/t1301-updates later to maint).
   (merge ebdc46c242 jc/doc-diff-patch.txt later to maint).
   (merge a87a20cbb4 ar/test-cleanup later to maint).
   (merge f5156f1885 ar/bisect-doc-update later to maint).
   (merge fca2d86c97 jk/interop-error later to maint).
   (merge cf4936ed74 tl/ls-tree-code-clean-up later to maint).
   (merge dcb47e52b0 en/t6426-todo-cleanup later to maint).
   (merge 5b8db44bdd jc/format-patch-v-unleak later to maint).
   (merge 590b636737 jk/hash-object-literally-fd-leak later to maint).
   (merge 5458ba0a4d tb/t0003-invoke-dd-more-portably later to maint).
   (merge 70661d288b ar/markup-em-dash later to maint).
   (merge e750951e74 en/ls-files-doc-update later to maint).
   (merge 4f542975d1 mh/doc-credential-cache-only-in-core later to maint).
   (merge 3a2ebaebc7 gc/index-format-doc later to maint).
   (merge b08edf709d jk/httpd-test-updates later to maint).
   (merge d85e9448dd wl/new-command-doc later to maint).
   (merge d912a603ed kf/t5000-modernise later to maint).
   (merge e65b868d07 rs/size-t-fixes later to maint).
   (merge 3eb1e1ca9a ab/config-h-remove-unused later to maint).
   (merge d390e08076 cw/doc-pushurl-vs-url later to maint).
   (merge 567342fc77 rs/ctype-test later to maint).
   (merge d35d8f2e7a ap/t2015-style-update later to maint).

Log message:
git: updated to 2.39.2

Git v2.39.2 Release Notes
=========================

This release merges up the fixes that appear in v2.30.8, v2.31.7,
v2.32.6, v2.33.7, v2.34.7, v2.35.7, v2.36.5, v2.37.6 and v2.38.4
to address the security issues CVE-2023-22490 and CVE-2023-23946;
see the release notes for these versions for details.

Log message:
Git 2.39.1 release notes
========================

This maintenance releass is to address the security issues
identified as CVE-2022-41903 and CVE-2022-23521.

 * CVE-2022-41903:

   git log has the ability to display commits using an arbitrary
   format with its --format specifiers. This functionality is also
   exposed to git archive via the export-subst gitattribute.

   When processing the padding operators (e.g., %<(, %<|(, %>(,
   %>>(, or %><( ), an integer overflow can occur in
   pretty.c::format_and_pad_commit() where a size_t is improperly
   stored as an int, and then added as an offset to a subsequent
   memcpy() call.

   This overflow can be triggered directly by a user running a
   command which invokes the commit formatting machinery (e.g., git
   log --format=...). It may also be triggered indirectly through
   git archive via the export-subst mechanism, which expands format
   specifiers inside of files within the repository during a git
   archive.

   This integer overflow can result in arbitrary heap writes, which
   may result in remote code execution.

* CVE-2022-23521:

    gitattributes are a mechanism to allow defining attributes for
    paths. These attributes can be defined by adding a `.gitattributes`
    file to the repository, which contains a set of file patterns and
    the attributes that should be set for paths matching this pattern.

    When parsing gitattributes, multiple integer overflows can occur
    when there is a huge number of path patterns, a huge number of
    attributes for a single pattern, or when the declared attribute
    names are huge.

    These overflows can be triggered via a crafted `.gitattributes` file
    that may be part of the commit history. Git silently splits lines
    longer than 2KB when parsing gitattributes from a file, but not when
    parsing them from the index. Consequentially, the failure mode
    depends on whether the file exists in the working tree, the index or
    both.

    This integer overflow can result in arbitrary heap reads and writes,
    which may result in remote code execution.

Full release notes can be found at:
https://github.com/git/git/blob/master/Documentation/RelNotes/2.39.1.txt
https://github.com/git/git/blob/master/Documentation/RelNotes/2.30.7.txt

Log message:
git: updated to 2.39.0

Git v2.39 Release Notes
=======================

UI, Workflows & Features
------------------------

 * "git grep" learned to expand the sparse-index more lazily and on
   demand in a sparse checkout.

 * By default, use of fsmonitor on a repository on networked
   filesystem is disabled. Add knobs to make it workable on macOS.

 * After checking out a "branch" that is a symbolic-ref that points at
   another branch, "git symbolic-ref HEAD" reports the underlying
   branch, not the symbolic-ref the user gave checkout as argument.
   The command learned the "--no-recurse" option to stop after
   dereferencing a symbolic-ref only once.

 * "git branch --edit-description @{-1}" is now a way to edit branch
   description of the branch you were on before switching to the
   current branch.

 * "git merge-tree --stdin" is a new way to request a series of merges
   and report the merge results.

 * "git shortlog" learned to group by the "format" string.

 * A new "--include-whitespace" option is added to "git \ 
patch-id", and
   existing bugs in the internal patch-id logic that did not match
   what "git patch-id" produces have been corrected.

 * Enable gc.cruftpacks by default for those who opt into
   feature.experimental setting.

 * "git repack" learns to send cruft objects out of the way into
   packfiles outside the repository.

 * 'scalar reconfigure -a' is taught to automatically remove
   scalar.repo entires which no longer exist.

 * Redact headers from cURL's h2h3 module in GIT_CURL_VERBOSE and
   others.

 * 'git maintenance register' is taught to write configuration to an
   arbitrary path, and 'git for-each-repo' is taught to expand tilde
   characters in paths.

 * When creating new notes, the template used to get a stray empty
   newline, which has been removed.

 * "git receive-pack" used to use all the local refs as the boundary for
   checking connectivity of the data "git push" sent, but now it uses
   only the refs that it advertised to the pusher. In a repository with
   the .hideRefs configuration, this reduces the resources needed to
   perform the check.

 * With '--recurse-submodules=on-demand', all submodules are
   recursively pushed.

Performance, Internal Implementation, Development Support etc.
--------------------------------------------------------------

 * With a bit of header twiddling, use the native regexp library on
   macOS instead of the compat/ one.

 * Prepare for GNU [ef]grep that throw warning of their uses.

 * Sources related to fuzz testing have been moved down to their own
   directory.

 * Most credential helpers ignored unknown entries in a credential
   description, but a few died upon seeing them.  The latter were
   taught to ignore them, too

 * "scalar unregister" in a repository that is already been
   unregistered reported an error.

 * Remove error detection from a function that fetches from promisor
   remotes, and make it die when such a fetch fails to bring all the
   requested objects, to give an early failure to various operations.

 * Update CodingGuidelines to clarify what features to use and avoid
   in C99.

 * Avoid false-positive from LSan whose assumption may be broken with
   higher optimization levels.

 * Enable address and undefined sanitizer tasks at GitHub Actions CI.

 * More UNUSED annotation to help using -Wunused option with the
   compiler.
   (merge 4b992f0a24 jk/unused-anno-more later to maint).

 * Rewrite a deep recursion in the skipping negotiator to use a loop
   with on-heap prio queue to avoid stack wastage.

 * Add documentation for message IDs in fsck error messages.

 * Define the logical elements of a "bundle list", data structure to
   store them in-core, format to transfer them, and code to parse
   them.

 * The role the security mailing list plays in an embargoed release
   has been documented.

 * Two new facilities, "timer" and "counter", are introduced \ 
to the
   trace2 API.

 * Code simplification by using strvec_pushf() instead of building an
   argument in a separate strbuf.

 * Make sure generated dependency file is stably sorted to help
   developers debugging their build issues.

 * The glossary entries for "commit-graph file" and "reachability
   bitmap" have been added.

 * Various tests exercising the transfer.credentialsInUrl
   configuration are taught to avoid making requests which require
   resolving localhost to reduce CI-flakiness.

 * A redundant diagnostic message is dropped from test_path_is_missing().

 * Simplify the run-command API.

 * Update the actions/github-script dependency in CI to avoid a
   deprecation warning.

 * Progress on being able to initialize a rev_info struct with a
   macro.

 * Add trace2 counters to the region to clear skip worktree bits in a
   sparse checkout.

 * Modernize test script to avoid "test -f" and friends.

 * Avoid calling 'cache_tree_update()' when doing so would be
   redundant.

 * Update the credential-cache documentation to provide a more
   realistic example.

 * Makefile comments updates and reordering to clarify knobs used to
   choose SHA implementations.

 * A design document for sparse-checkout's future directions has been
   added.

 * Teach chainlint.pl to annotate the original test definition instead
   of the token stream.

 * "make coccicheck" is time consuming. It has been made to run more
   incrementally.

 * `parse_object()` has been hardened to check for the existence of a
   suspected blob object.

 * The build procedure has been adjusted to GNUmake version 4.4, which
   made some changes to how pattern rule with multiple targets are
   handled.

Fixes since v2.38
-----------------

 * The codepath that reads from the index v4 had unaligned memory
   accesses, which has been corrected.

 * Fix messages incorrectly marked for translation.

 * "git fsck" failed to release contents of tree objects already used
   from the memory, which has been fixed.

 * "git clone" did not like to see the "--bare" and the \ 
"--origin"
   options used together without a good reason.

 * "git remote rename" failed to rename a remote without fetch
   refspec, which has been corrected.

 * Documentation on various Boolean GIT_* environment variables have
   been clarified.

 * "git rebase -i" can mistakenly attempt to apply a fixup to a commit
   itself, which has been corrected.

 * "git multi-pack-index repack/expire" used to repack unreachable
   cruft into a new pack, which have been corrected.

 * In read-only repositories, "git merge-tree" tried to come up with a
   merge result tree object, which it failed (which is not wrong) and
   led to a segfault (which is bad), which has been corrected.

 * Force C locale while running tests around httpd to make sure we can
   find expected error messages in the log.

 * Fix a logic in "mailinfo -b" that miscomputed the length of a
   substring, which lead to an out-of-bounds access.

 * The codepath to sign learned to report errors when it fails to read
   from "ssh-keygen".

 * Code clean-up that results in plugging a leak.

 * "GIT_EDITOR=: git branch --edit-description" resulted in failure,
   which has been corrected.

 * The code to clean temporary object directories (used for
   quarantine) tried to remove them inside its signal handler, which
   was a no-no.

 * Update comment in the Makefile about the RUNTIME_PREFIX config knob.

 * Clarify that "the sentence after <area>: prefix does not begin with
   a capital letter" rule applies only to the commit title.

 * "git branch --edit-description" on an unborn branch misleadingly
   said that no such branch exists, which has been corrected.

 * Work around older clang that warns against C99 zero initialization
   syntax for struct.

 * Giving "--invert-grep" and "--all-match" without \ 
"--grep" to the
   "git log" command resulted in an attempt to access grep pattern
   expression structure that has not been allocated, which has been
   corrected.
   (merge db84376f98 ab/grep-simplify-extended-expression later to maint).

 * "git diff rev^!" did not show combined diff to go to the rev from
   its parents.
   (merge a79c6b6081 rs/diff-caret-bang-with-parents later to maint).

 * Allow configuration files in "protected" scopes to include other
   configuration files.
   (merge ecec57b3c9 gc/bare-repo-discovery later to maint).

 * Give a bit more diversity to macOS CI by using sha1dc in one of the
   jobs (the other one tests Apple Common Crypto).
   (merge 1ad5c3df35 jc/ci-osx-with-sha1dc later to maint).

 * A bugfix with tracing support in midx codepath
   (merge e9c3839944 tb/midx-bitmap-selection-fix later to maint).

 * When geometric repacking feature is in use together with the
   --pack-kept-objects option, we lost packs marked with .keep files.
   (merge 197443e80a tb/save-keep-pack-during-geometric-repack later to maint).

 * Move a global variable added as a hack during regression fixes to
   its proper place in the API.
   (merge 0b0ab95f17 ab/run-hook-api-cleanup later to maint).

 * Update to build procedure with VS using CMake/CTest.
   (merge c858750b41 js/cmake-updates later to maint).

 * The short-help text shown by "git cmd -h" and the synopsis text
   shown at the beginning of "git help cmd" have been made more
   consistent.

 * When creating a multi-pack bitmap, remove per-pack bitmap files
   unconditionally as they will never be consulted.
   (merge 55d902cd61 tb/remove-unused-pack-bitmap later to maint).

 * Fix a longstanding syntax error in Git.pm error codepath.

 * "git diff --stat" etc. were invented back when everything was ASCII
   and strlen() was a way to measure the display width of a string;
   adjust them to compute the display width assuming UTF-8 pathnames.
   (merge ce8529b2bb tb/diffstat-with-utf8-strwidth later to maint).

 * "git branch --edit-description" can exit with status -1 which is
   not a good practice; it learned to use 1 as everybody else instead.

 * "git apply" limits its input to a bit less than 1 GiB.

 * Merging a branch with directory renames into a branch that changes
   the directory to a symlink was mishandled by the ort merge
   strategy, which has been corrected.

 * A bugfix to "git subtree" in its split and merge features.

 * Fix some bugs in the reflog messages when rebasing and changes the
   reflog messages of "rebase --apply" to match "rebase \ 
--merge" with
   the aim of making the reflog easier to parse.

 * "git rebase --keep-base" used to discard the commits that are
   already cherry-picked to the upstream, even when "keep-base" meant
   that the base, on top of which the history is being rebuilt, does
   not yet include these cherry-picked commits.  The --keep-base
   option now implies --reapply-cherry-picks and --no-fork-point
   options.

 * The way "git repack" created temporary files when it received a
   signal was prone to deadlocking, which has been corrected.

 * Various tests exercising the transfer.credentialsInUrl
   configuration are taught to avoid making requests which require
   resolving localhost to reduce CI-flakiness.

 * The adjust_shared_perm() helper function learned to refrain from
   setting the "g+s" bit on directories when it is not necessary.

 * "git archive" mistakenly complained twice about a missing
   executable, which has been corrected.

 * Fix a bug where `git branch -d` did not work on an orphaned HEAD.

 * `git rebase --update-refs` would delete references when all
   `update-ref` commands in the sequencer were removed, which has been
   corrected.

 * Fix a regression in the bisect-helper which mistakenly treats
   arguments to the command given to 'git bisect run' as arguments to
   the helper.

 * Correct an error where `git rebase` would mistakenly use a branch or
   tag named "refs/rewritten/xyz" when missing a rebase label.

 * Assorted fixes of parsing end-user input as integers.
   (merge 14770cf0de pw/config-int-parse-fixes later to maint).

 * "git prune" may try to iterate over .git/objects/pack for trash
   files to remove in it, and loudly fail when the directory is
   missing, which is not necessary.  The command has been taught to
   ignore such a failure.
   (merge 6974765352 ew/prune-with-missing-objects-pack later to maint).

 * Add one more candidate directory that may house httpd modules while
   running tests.
   (merge 1c7dc23d41 es/locate-httpd-module-location-in-test later to maint).

 * A handful of leaks in the line-log machinery have been plugged.

 * The format of a line in /proc/cpuinfo that describes a CPU on s390x
   looked different from everybody else, and the code in chainlint.pl
   failed to parse it.
   (merge 1f51b77f4f ah/chainlint-cpuinfo-parse-fix later to maint).

 * Adjust the GitHub CI to newer ubuntu release.
   (merge 0d3507f3e7 jx/ci-ubuntu-fix later to maint).

 * Other code cleanup, docfix, build fix, etc.
   (merge 413bc6d20a ds/cmd-main-reorder later to maint).
   (merge 8d2863e4ed nw/t1002-cleanup later to maint).
   (merge 7c2dc122f9 rs/list-objects-filter-leakfix later to maint).
   (merge 288fcb1c94 zk/push-use-bitmaps later to maint).
   (merge 42db324c0f km/merge-recursive-typofix later to maint).

Log message:
git: updated to 2.38.2

Git 2.38.2 Release Notes
========================

This is to backport various fixes accumulated during the development
towards Git 2.39, the next feature release.

Fixes since v2.38.1
-------------------

 * Update CodingGuidelines to clarify what features to use and avoid
   in C99.

 * The codepath that reads from the index v4 had unaligned memory
   accesses, which has been corrected.

 * "git remote rename" failed to rename a remote without fetch
   refspec, which has been corrected.

 * "git clone" did not like to see the "--bare" and the \ 
"--origin"
   options used together without a good reason.

 * Fix messages incorrectly marked for translation.

 * "git fsck" failed to release contents of tree objects already used
   from the memory, which has been fixed.

 * "git rebase -i" can mistakenly attempt to apply a fixup to a commit
   itself, which has been corrected.

 * In read-only repositories, "git merge-tree" tried to come up with a
   merge result tree object, which it failed (which is not wrong) and
   led to a segfault (which is bad), which has been corrected.

 * Force C locale while running tests around httpd to make sure we can
   find expected error messages in the log.

 * Fix a logic in "mailinfo -b" that miscomputed the length of a
   substring, which lead to an out-of-bounds access.

 * The codepath to sign learned to report errors when it fails to read
   from "ssh-keygen".

 * "GIT_EDITOR=: git branch --edit-description" resulted in failure,
   which has been corrected.

 * Documentation on various Boolean GIT_* environment variables have
   been clarified.

 * "git multi-pack-index repack/expire" used to repack unreachable
   cruft into a new pack, which have been corrected.

 * The code to clean temporary object directories (used for
   quarantine) tried to remove them inside its signal handler, which
   was a no-no.

 * "git branch --edit-description" on an unborh branch misleadingly
   said that no such branch exists, which has been corrected.

 * GitHub CI settings have been adjusted to recent reality, merging
   and cherry-picking necessary topics that have been prepared for Git
   2.39.

 * `git rebase --update-refs` would delete references when all `update-ref`
   commands in the sequencer were removed, which has been corrected.

Also contains various documentation updates and code clean-ups.

Log message:
*: bump PKGREVISION for libunistring shlib major bump