diff options
Diffstat (limited to 'Documentation/RelNotes')
25 files changed, 885 insertions, 14 deletions
diff --git a/Documentation/RelNotes/2.30.3.txt b/Documentation/RelNotes/2.30.3.txt new file mode 100644 index 0000000..31b2a4d --- /dev/null +++ b/Documentation/RelNotes/2.30.3.txt @@ -0,0 +1,24 @@ +Git v2.30.2 Release Notes +========================= + +This release addresses the security issue CVE-2022-24765. + +Fixes since v2.30.2 +------------------- + + * Build fix on Windows. + + * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories. + + * CVE-2022-24765: + On multi-user machines, Git users might find themselves + unexpectedly in a Git worktree, e.g. when another user created a + repository in `C:\.git`, in a mounted network drive or in a + scratch space. Merely having a Git-aware prompt that runs `git + status` (or `git diff`) and navigating to a directory which is + supposedly not a Git worktree, or opening such a directory in an + editor or IDE such as VS Code or Atom, will potentially run + commands defined by that other user. + +Credit for finding this vulnerability goes to 俞晨东; The fix was +authored by Johannes Schindelin. diff --git a/Documentation/RelNotes/2.30.4.txt b/Documentation/RelNotes/2.30.4.txt new file mode 100644 index 0000000..4eedb74 --- /dev/null +++ b/Documentation/RelNotes/2.30.4.txt @@ -0,0 +1,21 @@ +Git v2.30.4 Release Notes +========================= + +This release contains minor fix-ups for the changes that went into +Git 2.30.3, which was made to address CVE-2022-24765. + + * The code that was meant to parse the new `safe.directory` + configuration variable was not checking what configuration + variable was being fed to it, which has been corrected. + + * '*' can be used as the value for the `safe.directory` variable to + signal that the user considers that any directory is safe. + + + +Derrick Stolee (2): + t0033: add tests for safe.directory + setup: opt-out of check with safe.directory=* + +Matheus Valadares (1): + setup: fix safe.directory key not being checked diff --git a/Documentation/RelNotes/2.30.5.txt b/Documentation/RelNotes/2.30.5.txt new file mode 100644 index 0000000..5191cab --- /dev/null +++ b/Documentation/RelNotes/2.30.5.txt @@ -0,0 +1,12 @@ +Git v2.30.5 Release Notes +========================= + +This release contains minor fix-ups for the changes that went into +Git 2.30.3 and 2.30.4, addressing CVE-2022-29187. + + * The safety check that verifies a safe ownership of the Git + worktree is now extended to also cover the ownership of the Git + directory (and the `.git` file, if there is any). + +Carlo Marcelo Arenas Belón (1): + setup: tighten ownership checks post CVE-2022-24765 diff --git a/Documentation/RelNotes/2.31.2.txt b/Documentation/RelNotes/2.31.2.txt new file mode 100644 index 0000000..aa13a5b --- /dev/null +++ b/Documentation/RelNotes/2.31.2.txt @@ -0,0 +1,6 @@ +Git v2.31.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3 to address +the security issue CVE-2022-24765; see the release notes for that +version for details. diff --git a/Documentation/RelNotes/2.31.3.txt b/Documentation/RelNotes/2.31.3.txt new file mode 100644 index 0000000..ca143ab --- /dev/null +++ b/Documentation/RelNotes/2.31.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.31.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.31.3. diff --git a/Documentation/RelNotes/2.31.4.txt b/Documentation/RelNotes/2.31.4.txt new file mode 100644 index 0000000..97a91fd --- /dev/null +++ b/Documentation/RelNotes/2.31.4.txt @@ -0,0 +1,6 @@ +Git v2.31.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5 to address +the security issue CVE-2022-29187; see the release notes for that +version for details. diff --git a/Documentation/RelNotes/2.32.1.txt b/Documentation/RelNotes/2.32.1.txt new file mode 100644 index 0000000..7dcca13 --- /dev/null +++ b/Documentation/RelNotes/2.32.1.txt @@ -0,0 +1,6 @@ +Git v2.32.1 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3 and +v2.31.2 to address the security issue CVE-2022-24765; see the +release notes for these versions for details. diff --git a/Documentation/RelNotes/2.32.2.txt b/Documentation/RelNotes/2.32.2.txt new file mode 100644 index 0000000..cf49695 --- /dev/null +++ b/Documentation/RelNotes/2.32.2.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.32.2.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.32.2. diff --git a/Documentation/RelNotes/2.32.3.txt b/Documentation/RelNotes/2.32.3.txt new file mode 100644 index 0000000..583fabe --- /dev/null +++ b/Documentation/RelNotes/2.32.3.txt @@ -0,0 +1,6 @@ +Git v2.32.3 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5 and +v2.31.4 to address the security issue CVE-2022-29187; see the +release notes for these versions for details. diff --git a/Documentation/RelNotes/2.33.2.txt b/Documentation/RelNotes/2.33.2.txt new file mode 100644 index 0000000..e504489 --- /dev/null +++ b/Documentation/RelNotes/2.33.2.txt @@ -0,0 +1,15 @@ +Git v2.33.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3, v2.31.2 +and v2.32.1 to address the security issue CVE-2022-24765; see +the release notes for these versions for details. + +In addition, it contains the following fixes: + + * Squelch over-eager warning message added during this cycle. + + * A bug in "git rebase -r" has been fixed. + + * One CI task based on Fedora image noticed a not-quite-kosher + construct recently, which has been corrected. diff --git a/Documentation/RelNotes/2.33.3.txt b/Documentation/RelNotes/2.33.3.txt new file mode 100644 index 0000000..e2bada1 --- /dev/null +++ b/Documentation/RelNotes/2.33.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.33.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.33.3. diff --git a/Documentation/RelNotes/2.33.4.txt b/Documentation/RelNotes/2.33.4.txt new file mode 100644 index 0000000..a145cc2 --- /dev/null +++ b/Documentation/RelNotes/2.33.4.txt @@ -0,0 +1,6 @@ +Git v2.33.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, v2.31.4 +and v2.32.3 to address the security issue CVE-2022-29187; see +the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.34.2.txt b/Documentation/RelNotes/2.34.2.txt new file mode 100644 index 0000000..0c32cd8 --- /dev/null +++ b/Documentation/RelNotes/2.34.2.txt @@ -0,0 +1,6 @@ +Git v2.34.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3, v2.31.2, +v2.32.1 and v2.33.2 to address the security issue CVE-2022-24765; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.34.3.txt b/Documentation/RelNotes/2.34.3.txt new file mode 100644 index 0000000..10f6171 --- /dev/null +++ b/Documentation/RelNotes/2.34.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.34.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.34.3. diff --git a/Documentation/RelNotes/2.34.4.txt b/Documentation/RelNotes/2.34.4.txt new file mode 100644 index 0000000..2a6b223 --- /dev/null +++ b/Documentation/RelNotes/2.34.4.txt @@ -0,0 +1,6 @@ +Git v2.34.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3 and v2.33.4 to address the security issue CVE-2022-29187; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.35.2.txt b/Documentation/RelNotes/2.35.2.txt new file mode 100644 index 0000000..290bfa9 --- /dev/null +++ b/Documentation/RelNotes/2.35.2.txt @@ -0,0 +1,7 @@ +Git v2.35.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3, +v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security +issue CVE-2022-24765; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.35.3.txt b/Documentation/RelNotes/2.35.3.txt new file mode 100644 index 0000000..5458ba3 --- /dev/null +++ b/Documentation/RelNotes/2.35.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.35.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.35.3. diff --git a/Documentation/RelNotes/2.35.4.txt b/Documentation/RelNotes/2.35.4.txt new file mode 100644 index 0000000..47abd5a --- /dev/null +++ b/Documentation/RelNotes/2.35.4.txt @@ -0,0 +1,7 @@ +Git v2.35.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, +v2.31.4, v2.32.3, v2.33.4 and v2.34.4 to address the security +issue CVE-2022-29187; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.36.0.txt b/Documentation/RelNotes/2.36.0.txt index 721b5d2..e477fba 100644 --- a/Documentation/RelNotes/2.36.0.txt +++ b/Documentation/RelNotes/2.36.0.txt @@ -13,6 +13,15 @@ Backward compatibility warts top-level a partial clone, while submodules are fully cloned. This behaviour is changed to pass the same filter down to the submodules. + * With the fixes for CVE-2022-24765 that are common with versions of + Git 2.30.4, 2.31.3, 2.32.2, 2.33.3, 2.34.3, and 2.35.3, Git has + been taught not to recognise repositories owned by other users, in + order to avoid getting affected by their config files and hooks. + You can list the path to the safe/trusted repositories that may be + owned by others on a multi-valued configuration variable + `safe.directory` to override this behaviour, or use '*' to declare + that you trust anything. + Note to those who build from the source @@ -46,10 +55,10 @@ UI, Workflows & Features * "git branch" learned the "--recurse-submodules" option. - * A not-so-common mistake is to write a script to feed "git bisect - run" without making it executable, in which case all tests will - exit with 126 or 127 error codes, even on revisions that are marked - as good. Try to recognize this situation and stop iteration early. + * A user can forget to make a script file executable before giving + it to "git bisect run". In such a case, all tests will exit with + 126 or 127 error codes, even on revisions that are marked as good. + Try to recognize this situation and stop iteration early. * When "index-pack" dies due to incoming data exceeding the maximum allowed input size, include the value of the limit in the error @@ -84,6 +93,24 @@ UI, Workflows & Features age-old "update-server-info" command, which is rarely useful these days. + * "git stash" does not allow subcommands it internally runs as its + implementation detail, except for "git reset", to emit messages; + now "git reset" part has also been squelched. + + * "git ls-tree" learns "--oid-only" option, similar to "--name-only", + and more generalized "--format" option. + + * "git fetch --refetch" learned to fetch everything without telling + the other side what we already have, which is useful when you + cannot trust what you have in the local object store. + + * "git branch" gives hint when branch tracking cannot be established + because fetch refspecs from multiple remote repositories overlap. + + * "git worktree list --porcelain" did not c-quote pathnames and lock + reasons with unsafe bytes correctly, which is worked around by + introducing NUL terminated output format with "-z". + Performance, Internal Implementation, Development Support etc. @@ -158,6 +185,9 @@ Performance, Internal Implementation, Development Support etc. * Updates to refs traditionally weren't fsync'ed, but we can configure using core.fsync variable to do so. + * "git reflog" command now uses parse-options API to parse its + command line options. + Fixes since v2.35 ----------------- @@ -268,12 +298,6 @@ Fixes since v2.35 future "gc" needs to clean up. (merge 5407764069 cb/clear-quarantine-early-on-all-ref-update-errors later to maint). - * Because a deletion of ref would need to remove it from both the - loose ref store and the packed ref store, a delete-ref operation - that logically removes one ref may end up invoking ref-transaction - hook twice, which has been corrected. - (merge 2ed1b64ebd ps/avoid-unnecessary-hook-invocation-with-packed-refs later to maint). - * When there is no object to write .bitmap file for, "git multi-pack-index" triggered an error, instead of just skipping, which has been corrected. @@ -321,10 +345,6 @@ Fixes since v2.35 recorded the last level component of the branch name, which has been corrected. - * "git fetch" can make two separate fetches, but ref updates coming - from them were in two separate ref transactions under "--atomic", - which has been corrected. - * Check the return value from parse_tree_indirect() to turn segfaults into calls to die(). (merge 8d2eaf649a gc/parse-tree-indirect-errors later to maint). @@ -356,6 +376,26 @@ Fixes since v2.35 in the current checkout of the superproject. We now do so for all submodules that have been run "git submodule init" on. + * "git rebase $base $non_branch_commit", when $base is an ancestor or + the $non_branch_commit, modified the current branch, which has been + corrected. + + * When "shallow" information is updated, we forgot to update the + in-core equivalent, which has been corrected. + + * When creating a loose object file, we didn't report the exact + filename of the file we failed to fsync, even though the + information was readily available, which has been corrected. + + * "git am" can read from the standard input when no mailbox is given + on the command line, but the end-user gets no indication when it + happens, making Git appear stuck. + (merge 7b20af6a06 jc/mailsplit-warn-on-tty later to maint). + + * "git mv" failed to refresh the cached stat information for the + entry it moved. + (merge b7f9130a06 vd/mv-refresh-stat later to maint). + * Other code cleanup, docfix, build fix, etc. (merge cfc5cf428b jc/find-header later to maint). (merge 40e7cfdd46 jh/p4-fix-use-of-process-error-exception later to maint). @@ -385,3 +425,5 @@ Fixes since v2.35 (merge c614beb933 ep/t6423-modernize later to maint). (merge 57be9c6dee ab/reflog-prep-fix later to maint). (merge 5327d8982a js/in-place-reverse-in-sequencer later to maint). + (merge 2e2c0be51e dp/worktree-repair-in-usage later to maint). + (merge 6563706568 jc/coding-guidelines-decl-in-for-loop later to maint). diff --git a/Documentation/RelNotes/2.36.1.txt b/Documentation/RelNotes/2.36.1.txt new file mode 100644 index 0000000..a961709 --- /dev/null +++ b/Documentation/RelNotes/2.36.1.txt @@ -0,0 +1,33 @@ +Git v2.36.1 Release Notes +========================= + +Fixes since v2.36 +----------------- + + * "git submodule update" without pathspec should silently skip an + uninitialized submodule, but it started to become noisy by mistake. + + * "diff-tree --stdin" has been broken for about a year, but 2.36 + release broke it even worse by breaking running the command with + <pathspec>, which in turn broke "gitk" and got noticed. This has + been corrected by aligning its behaviour to that of "log". + + * Regression fix for 2.36 where "git name-rev" started to sometimes + reference strings after they are freed. + + * "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec + when showing the second and subsequent commits, which has been + corrected. + + * "git fast-export -- <pathspec>" lost the pathspec when showing the + second and subsequent commits, which has been corrected. + + * "git format-patch <args> -- <pathspec>" lost the pathspec when + showing the second and subsequent commits, which has been + corrected. + + * Get rid of a bogus and over-eager coccinelle rule. + + * Correct choices of C compilers used in various CI jobs. + +Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.36.2.txt b/Documentation/RelNotes/2.36.2.txt new file mode 100644 index 0000000..958f5b4 --- /dev/null +++ b/Documentation/RelNotes/2.36.2.txt @@ -0,0 +1,56 @@ +Git v2.36.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3, v2.33.4, v2.34.4 and v2.35.4 to address the security +issue CVE-2022-29187; see the release notes for these versions +for details. + +Apart from that, this maintenance release is primarily to merge down +updates to the build and CI procedures from the 'master' front, in +order to ensure that we can cut healthy maintenance releases in the +future. It also contains a handful of small and trivially-correct +bugfixes. + +Fixes since v2.36.1 +------------------- + + * Fixes real problems noticed by gcc 12 and works around false + positives. + + * Update URL to the gitk repository. + + * The "--current" option of "git show-branch" should have been made + incompatible with the "--reflog" mode, but this was not enforced, + which has been corrected. + + * "git archive --add-file=<path>" picked up the raw permission bits + from the path and propagated to zip output in some cases, without + normalization, which has been corrected (tar output did not have + this issue). + + * A bit of test framework fixes with a few fixes to issues found by + valgrind. + + * macOS CI jobs have been occasionally flaky due to tentative version + skew between perforce and the homebrew packager. Instead of + failing the whole CI job, just let it skip the p4 tests when this + happens. + + * The commit summary shown after making a commit is matched to what + is given in "git status" not to use the break-rewrite heuristics. + + * Avoid problems from interaction between malloc_check and address + sanitizer. + + * "git rebase --keep-base <upstream> <branch-to-rebase>" computed the + commit to rebase onto incorrectly, which has been corrected. + + * The path taken by "git multi-pack-index" command from the end user + was compared with path internally prepared by the tool withut first + normalizing, which lead to duplicated paths not being noticed, + which has been corrected. + + * "git clone --origin X" leaked piece of memory that held value read + from the clone.defaultRemoteName configuration variable, which has + been plugged. diff --git a/Documentation/RelNotes/2.37.0.txt b/Documentation/RelNotes/2.37.0.txt new file mode 100644 index 0000000..99dc7e3 --- /dev/null +++ b/Documentation/RelNotes/2.37.0.txt @@ -0,0 +1,337 @@ +Git v2.37 Release Notes +======================= + +UI, Workflows & Features + + * "vimdiff[123]" mergetool drivers have been reimplemented with a + more generic layout mechanism. + + * "git -v" and "git -h" are now understood as "git --version" and + "git --help". + + * The temporary files fed to external diff command are now generated + inside a new temporary directory under the same basename. + + * "git log --since=X" will stop traversal upon seeing a commit that + is older than X, but there may be commits behind it that is younger + than X when the commit was created with a faulty clock. A new + option is added to keep digging without stopping, and instead + filter out commits with timestamp older than X. + + * "git -c branch.autosetupmerge=simple branch $A $B" will set the $B + as $A's upstream only when $A and $B shares the same name, and "git + -c push.default=simple" on branch $A would push to update the + branch $A at the remote $B came from. Also more places use the + sole remote, if exists, before defaulting to 'origin'. + + * A new doc has been added that lists tips for tools to work with + Git's codebase. + + * "git remote -v" now shows the list-objects-filter used during + fetching from the remote, if available. + + * With the new http.curloptResolve configuration, the CURLOPT_RESOLVE + mechanism that allows cURL based applications to use pre-resolved + IP addresses for the requests is exposed to the scripts. + + * "git add -i" was rewritten in C some time ago and has been in + testing; the reimplementation is now exposed to general public by + default. + + * Deprecate non-cone mode of the sparse-checkout feature. + + * Introduce a filesystem-dependent mechanism to optimize the way the + bits for many loose object files are ensured to hit the disk + platter. + + * The "do not remove the directory the user started Git in" logic, + when Git cannot tell where that directory is, is disabled. Earlier + we refused to run in such a case. + + * A mechanism to pack unreachable objects into a "cruft pack", + instead of ejecting them into loose form to be reclaimed later, has + been introduced. + + * Update the doctype written in gitweb output to xhtml5. + + * The "transfer.credentialsInURL" configuration variable controls what + happens when a URL with embedded login credential is used on either + "fetch" or "push". Credentials are currently only detected in + `remote.<name>.url` config, not `remote.<name>.pushurl`. + + * "git revert" learns "--reference" option to use more human-readable + reference to the commit it reverts in the message template it + prepares for the user. + + * Various error messages that talk about the removal of + "--preserve-merges" in "rebase" have been strengthened, and "rebase + --abort" learned to get out of a state that was left by an earlier + use of the option. + + +Performance, Internal Implementation, Development Support etc. + + * The performance of the "untracked cache" feature has been improved + when "--untracked-files=<mode>" and "status.showUntrackedFiles" + are combined. + + * "git stash" works better with sparse index entries. + + * "git show :<path>" learned to work better with the sparse-index + feature. + + * Introduce and apply coccinelle rule to discourage an explicit + comparison between a pointer and NULL, and applies the clean-up to + the maintenance track. + + * Preliminary code refactoring around transport and bundle code. + + * "sparse-checkout" learns to work better with the sparse-index + feature. + + * A workflow change for translators are being proposed. git.pot is + no longer version controlled and it is local responsibility of + translators to generate it. + + * Plug the memory leaks from the trickiest API of all, the revision + walker. + + * Rename .env_array member to .env in the child_process structure. + + * The fsmonitor--daemon handles even more corner cases when + watching filesystem events. + + * A new bug() and BUG_if_bug() API is introduced to make it easier to + uniformly log "detect multiple bugs and abort in the end" pattern. + + +Fixes since v2.36 +----------------- + + * "git submodule update" without pathspec should silently skip an + uninitialized submodule, but it started to become noisy by mistake. + (merge 4f1ccef87c gc/submodule-update-part2 later to maint). + + * "diff-tree --stdin" has been broken for about a year, but 2.36 + release broke it even worse by breaking running the command with + <pathspec>, which in turn broke "gitk" and got noticed. This has + been corrected by aligning its behaviour to that of "log". + (merge f8781bfda3 jc/diff-tree-stdin-fix later to maint). + + * Regression fix for 2.36 where "git name-rev" started to sometimes + reference strings after they are freed. + (merge 45a14f578e rs/name-rev-fix-free-after-use later to maint). + + * "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec + when showing the second and subsequent commits, which has been + corrected. + (merge 5cdb38458e jc/show-pathspec-fix later to maint). + + * "git fast-export -- <pathspec>" lost the pathspec when showing the + second and subsequent commits, which has been corrected. + (merge d1c25272f5 rs/fast-export-pathspec-fix later to maint). + + * "git format-patch <args> -- <pathspec>" lost the pathspec when + showing the second and subsequent commits, which has been + corrected. + (merge 91f8f7e46f rs/format-patch-pathspec-fix later to maint). + + * "git clone --origin X" leaked piece of memory that held value read + from the clone.defaultRemoteName configuration variable, which has + been plugged. + (merge 6dfadc8981 jc/clone-remote-name-leak-fix later to maint). + + * Get rid of a bogus and over-eager coccinelle rule. + (merge 08bdd3a185 jc/cocci-xstrdup-or-null-fix later to maint). + + * The path taken by "git multi-pack-index" command from the end user + was compared with path internally prepared by the tool without first + normalizing, which lead to duplicated paths not being noticed, + which has been corrected. + (merge 11f9e8de3d ds/midx-normalize-pathname-before-comparison later to maint). + + * Correct choices of C compilers used in various CI jobs. + (merge 3506cae04f ab/cc-package-fixes later to maint). + + * Various cleanups to "git p4". + (merge 4ff0108d9e jh/p4-various-fixups later to maint). + + * The progress meter of "git blame" was showing incorrect numbers + when processing only parts of the file. + (merge e5f5d7d42e ea/progress-partial-blame later to maint). + + * "git rebase --keep-base <upstream> <branch-to-rebase>" computed the + commit to rebase onto incorrectly, which has been corrected. + (merge 9e5ebe9668 ah/rebase-keep-base-fix later to maint). + + * Fix a leak of FILE * in an error codepath. + (merge c0befa0c03 kt/commit-graph-plug-fp-leak-on-error later to maint). + + * Avoid problems from interaction between malloc_check and address + sanitizer. + (merge 067109a5e7 pw/test-malloc-with-sanitize-address later to maint). + + * The commit summary shown after making a commit is matched to what + is given in "git status" not to use the break-rewrite heuristics. + (merge 84792322ed rs/commit-summary-wo-break-rewrite later to maint). + + * Update a few end-user facing messages around EOL conversion. + (merge c970d30c2c ah/convert-warning-message later to maint). + + * Trace2 documentation updates. + (merge a6c80c313c js/trace2-doc-fixes later to maint). + + * Build procedure fixup. + (merge 1fbfd96f50 mg/detect-compiler-in-c-locale later to maint). + + * "git pull" without "--recurse-submodules=<arg>" made + submodule.recurse take precedence over fetch.recurseSubmodules by + mistake, which has been corrected. + (merge 5819417365 gc/pull-recurse-submodules later to maint). + + * "git bisect" was too silent before it is ready to start computing + the actual bisection, which has been corrected. + (merge f11046e6de cd/bisect-messages-from-pre-flight-states later to maint). + + * macOS CI jobs have been occasionally flaky due to tentative version + skew between perforce and the homebrew packager. Instead of + failing the whole CI job, just let it skip the p4 tests when this + happens. + (merge f15e00b463 cb/ci-make-p4-optional later to maint). + + * A bit of test framework fixes with a few fixes to issues found by + valgrind. + (merge 7c898554d7 ab/valgrind-fixes later to maint). + + * "git archive --add-file=<path>" picked up the raw permission bits + from the path and propagated to zip output in some cases, without + normalization, which has been corrected (tar output did not have + this issue). + (merge 6a61661967 jc/archive-add-file-normalize-mode later to maint). + + * "make coverage-report" without first running "make coverage" did + not produce any meaningful result, which has been corrected. + (merge 96ddfecc5b ep/coverage-report-wants-test-to-have-run later to maint). + + * The "--current" option of "git show-branch" should have been made + incompatible with the "--reflog" mode, but this was not enforced, + which has been corrected. + (merge 41c64ae0e7 jc/show-branch-g-current later to maint). + + * "git fetch" unnecessarily failed when an unexpected optional + section appeared in the output, which has been corrected. + (merge 7709acf7be jt/fetch-peek-optional-section later to maint). + + * The way "git fetch" without "--update-head-ok" ensures that HEAD in + no worktree points at any ref being updated was too wasteful, which + has been optimized a bit. + (merge f7400da800 os/fetch-check-not-current-branch later to maint). + + * "git fetch --recurse-submodules" from multiple remotes (either from + a remote group, or "--all") used to make one extra "git fetch" in + the submodules, which has been corrected. + (merge 0353c68818 jc/avoid-redundant-submodule-fetch later to maint). + + * With a recent update to refuse access to repositories of other + people by default, "sudo make install" and "sudo git describe" + stopped working, which has been corrected. + (merge 6b11e3d52e cb/path-owner-check-with-sudo-plus later to maint). + + * The tests that ensured merges stop when interfering local changes + are present did not make sure that local changes are preserved; now + they do. + (merge 4b317450ce jc/t6424-failing-merge-preserve-local-changes later to maint). + + * Some real problems noticed by gcc 12 have been fixed, while false + positives have been worked around. + + * Update the version of FreeBSD image used in Cirrus CI. + (merge c58bebd4c6 pb/use-freebsd-12.3-in-cirrus-ci later to maint). + + * The multi-pack-index code did not protect the packfile it is going + to depend on from getting removed while in use, which has been + corrected. + (merge 4090511e40 tb/midx-race-in-pack-objects later to maint). + + * Teach "git repack --geometric" work better with "--keep-pack" and + avoid corrupting the repository when packsize limit is used. + (merge 66731ff921 tb/geom-repack-with-keep-and-max later to maint). + + * The documentation on the interaction between "--add-file" and + "--prefix" options of "git archive" has been improved. + (merge a75910602a rs/document-archive-prefix later to maint). + + * A git subcommand like "git add -p" spawns a separate git process + while relaying its command line arguments. A pathspec with only + negative elements was mistakenly passed with an empty string, which + has been corrected. + (merge b02fdbc80a jc/all-negative-pathspec later to maint). + + * With a more targeted workaround in http.c in another topic, we may + be able to lift this blanket "GCC12 dangling-pointer warning is + broken and unsalvageable" workaround. + (merge 419141e495 cb/buggy-gcc-12-workaround later to maint). + + * A misconfigured 'branch..remote' led to a bug in configuration + parsing. + (merge f1dfbd9ee0 gc/zero-length-branch-config-fix later to maint). + + * "git -c diff.submodule=log range-diff" did not show anything for + submodules that changed in the ranges being compared, and + "git -c diff.submodule=diff range-diff" did not work correctly. + Fix this by including the "--submodule=short" output + unconditionally to be compared. + + * In Git 2.36 we revamped the way how hooks are invoked. One change + that is end-user visible is that the output of a hook is no longer + directly connected to the standard output of "git" that spawns the + hook, which was noticed post release. This is getting corrected. + (merge a082345372 ab/hooks-regression-fix later to maint). + + * Updating the graft information invalidates the list of parents of + in-core commit objects that used to be in the graft file. + + * "git show-ref --heads" (and "--tags") still iterated over all the + refs only to discard refs outside the specified area, which has + been corrected. + (merge c0c9d35e27 tb/show-ref-optim later to maint). + + * Remove redundant copying (with index v3 and older) or possible + over-reading beyond end of mmapped memory (with index v4) has been + corrected. + (merge 6d858341d2 zh/read-cache-copy-name-entry-fix later to maint). + + * Sample watchman interface hook sometimes failed to produce + correctly formatted JSON message, which has been corrected. + (merge 134047b500 sn/fsmonitor-missing-clock later to maint). + + * Use-after-free (with another forget-to-free) fix. + (merge 323822c72b ab/remote-free-fix later to maint). + + * Remove a coccinelle rule that is no longer relevant. + (merge b1299de4a1 jc/cocci-cleanup later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge e6b2582da3 cm/reftable-0-length-memset later to maint). + (merge 0b75e5bf22 ab/misc-cleanup later to maint). + (merge 52e1ab8a76 ea/rebase-code-simplify later to maint). + (merge 756d15923b sg/safe-directory-tests-and-docs later to maint). + (merge d097a23bfa ds/do-not-call-bug-on-bad-refs later to maint). + (merge c36c27e75c rs/t7812-pcre2-ws-bug-test later to maint). + (merge 1da312742d gf/unused-includes later to maint). + (merge 465b30a92d pb/submodule-recurse-mode-enum later to maint). + (merge 82b28c4ed8 km/t3501-use-test-helpers later to maint). + (merge 72315e431b sa/t1011-use-helpers later to maint). + (merge 95b3002201 cg/vscode-with-gdb later to maint). + (merge fbe5f6b804 tk/p4-utf8-bom later to maint). + (merge 17f273ffba tk/p4-with-explicity-sync later to maint). + (merge 944db25c60 kf/p4-multiple-remotes later to maint). + (merge b014cee8de jc/update-ozlabs-url later to maint). + (merge 4ec5008062 pb/ggg-in-mfc-doc later to maint). + (merge af845a604d tb/receive-pack-code-cleanup later to maint). + (merge 2acf4cf001 js/ci-gcc-12-fixes later to maint). + (merge 05e280c0a6 jc/http-clear-finished-pointer later to maint). + (merge 8c49d704ef fh/transport-push-leakfix later to maint). + (merge 1d232d38bd tl/ls-tree-oid-only later to maint). + (merge db7961e6a6 gc/document-config-worktree-scope later to maint). + (merge ce18a30bb7 fs/ssh-default-key-command-doc later to maint). diff --git a/Documentation/RelNotes/2.37.1.txt b/Documentation/RelNotes/2.37.1.txt new file mode 100644 index 0000000..8460932 --- /dev/null +++ b/Documentation/RelNotes/2.37.1.txt @@ -0,0 +1,17 @@ +Git 2.37.1 Release Notes +======================== + +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the +security issue CVE-2022-29187; see the release notes for these +versions for details. + +Fixes since Git 2.37 +-------------------- + + * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't + correctly record a removed file to the index, which is an old + regression but has become widely known because the C version has + become the default in the latest release. + + * Fix for CVS-2022-29187. diff --git a/Documentation/RelNotes/2.37.2.txt b/Documentation/RelNotes/2.37.2.txt new file mode 100644 index 0000000..d4acf9e --- /dev/null +++ b/Documentation/RelNotes/2.37.2.txt @@ -0,0 +1,47 @@ +Git 2.37.2 Release Notes +======================== + +This primarily is to backport various fixes accumulated on the 'master' +front since 2.37.1. + +Fixes since v2.37.1 +------------------- + + * "git shortlog -n" relied on the underlying qsort() to be stable, + which shouldn't have. Fixed. + + * Variable quoting fix in the vimdiff driver of "git mergetool". + + * An earlier attempt to plug leaks placed a clean-up label to jump to + at a bogus place, which as been corrected. + + * Fixes a long-standing corner case bug around directory renames in + the merge-ort strategy. + + * Recent update to vimdiff layout code has been made more robust + against different end-user vim settings. + + * In a non-bare repository, the behavior of Git when the + core.worktree configuration variable points at a directory that has + a repository as its subdirectory, regressed in Git 2.27 days. + + * References to commands-to-be-typed-literally in "git rebase" + documentation mark-up have been corrected. + + * Give _() markings to fatal/warning/usage: labels that are shown in + front of these messages. + + * "git mktree --missing" lazily fetched objects that are missing from + the local object store, which was totally unnecessary for the purpose + of creating the tree object(s) from its input. + + * Fixes for tests when the source directory has unusual characters in + its path, e.g. whitespaces, double-quotes, etc. + + * Adjust technical/bitmap-format to be formatted by AsciiDoc, and + add some missing information to the documentation. + + * Certain diff options are currently ignored when combined-diff is + shown; mark them as incompatible with the feature. + +Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.38.0.txt b/Documentation/RelNotes/2.38.0.txt new file mode 100644 index 0000000..66e278b --- /dev/null +++ b/Documentation/RelNotes/2.38.0.txt @@ -0,0 +1,191 @@ +Git v2.38 Release Notes +======================= + +UI, Workflows & Features + + * "git remote show [-n] frotz" now pays attention to negative + pathspec. + + * "git push" sometimes perform poorly when reachability bitmaps are + used, even in a repository where other operations are helped by + bitmaps. The push.useBitmaps configuration variable is introduced + to allow disabling use of reachability bitmaps only for "git push". + + * "git grep -m<max-hits>" is a way to limit the hits shown per file. + + * "git merge-tree" learned a new mode where it takes two commits and + computes a tree that would result in the merge commit, if the + histories leading to these two commits were to be merged. + + * "git mv A B" in a sparsely populated working tree can be asked to + move a path between directories that are "in cone" (i.e. expected + to be materialized in the working tree) and "out of cone" + (i.e. expected to be hidden). The handling of such cases has been + improved. + + * Earlier, HTTP transport clients learned to tell the server side + what locale they are in by sending Accept-Language HTTP header, but + this was done only for some requests but not others. + + * Introduce a discovery.barerepository configuration variable that + allows users to forbid discovery of bare repositories. + + * Various messages that come from the pack-bitmap codepaths have been + tweaked. + + * "git rebase -i" learns to update branches whose tip appear in the + rebased range with "--update-refs" option. + + +Performance, Internal Implementation, Development Support etc. + + * Collection of what is referenced by objects in promisor packs have + been optimized to inspect these objects in the in-pack order. + + * Introduce a helper to see if a branch is already being worked on + (hence should not be newly checked out in a working tree), which + performs much better than the existing find_shared_symref() to + replace many uses of the latter. + + * Teach "git archive" to (optionally and then by default) avoid + spawning an external "gzip" process when creating ".tar.gz" (and + ".tgz") archives. + + * Allow large objects read from a packstream to be streamed into a + loose object file straight, without having to keep it in-core as a + whole. + + * Further preparation to turn git-submodule.sh into a builtin + continues. + + * Apply Coccinelle rule to turn raw memmove() into MOVE_ARRAY() cpp + macro, which would improve maintainability and readability. + + * Teach "make all" to build gitweb as well. + + * Tweak tests so that they still work when the "git init" template + did not create .git/info directory. + + * Add Coccinelle rules to detect the pattern of initializing and then + finalizing a structure without using it in between at all, which + happens after code restructuring and the compilers fail to + recognize as an unused variable. + + * The code to convert between GPG trust level strings and internal + constants we use to represent them have been cleaned up. + + * Support for libnettle as SHA256 implementation has been added. + + * The way "git multi-pack" uses parse-options API has been improved. + + * A coccinelle rule (in contrib/) to encourage use of COPY_ARRAY + macro has been improved. + + * API tweak to make it easier to run fuzz testing on commit-graph parser. + + * Omit fsync-related trace2 entries when their values are all zero. + + +Fixes since v2.37 +----------------- + + * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't + correctly record a removed file to the index, which was fixed. + + * Certain diff options are currently ignored when combined-diff is + shown; mark them as incompatible with the feature. + + * Adjust technical/bitmap-format to be formatted by AsciiDoc, and + add some missing information to the documentation. + + * Fixes for tests when the source directory has unusual characters in + its path, e.g. whitespaces, double-quotes, etc. + + * "git mktree --missing" lazily fetched objects that are missing from + the local object store, which was totally unnecessary for the purpose + of creating the tree object(s) from its input. + + * Give _() markings to fatal/warning/usage: labels that are shown in + front of these messages. + + * References to commands-to-be-typed-literally in "git rebase" + documentation mark-up have been corrected. + + * In a non-bare repository, the behavior of Git when the + core.worktree configuration variable points at a directory that has + a repository as its subdirectory, regressed in Git 2.27 days. + + * Recent update to vimdiff layout code has been made more robust + against different end-user vim settings. + + * Plug various memory leaks. + (merge ece3974ba6 ab/leakfix later to maint). + + * Plug various memory leaks in test-tool commands. + (merge f40a693450 ab/test-tool-leakfix later to maint). + + * Fixes a long-standing corner case bug around directory renames in + the merge-ort strategy. + + * The resolve-undo information in the index was not protected against + GC, which has been corrected. + (merge e0ad13977a jc/resolve-undo later to maint). + + * A corner case bug where lazily fetching objects from a promisor + remote resulted in infinite recursion has been corrected. + (merge cb88b37cb9 hx/lookup-commit-in-graph-fix later to maint). + + * "git clone" from a repository with some ref whose HEAD is unborn + did not set the HEAD in the resulting repository correctly, which + has been corrected. + (merge daf7898abb jk/clone-unborn-confusion later to maint). + + * An earlier attempt to plug leaks placed a clean-up label to jump to + at a bogus place, which as been corrected. + + * Variable quoting fix in the vimdiff driver of "git mergetool" + + * "git shortlog -n" relied on the underlying qsort() to be stable, + which shouldn't have. Fixed. + + * A fix for a regression in test framework. + + * mkstemp() emulation on Windows has been improved. + (merge ae25974de3 rs/mingw-tighten-mkstemp later to maint). + + * Add missing documentation for "include" and "includeIf" features in + "git config" file format, which incidentally teaches the command + line completion to include them in its offerings. + (merge 07aed58017 mb/config-document-include later to maint). + + * Avoid "white/black-list" in documentation and code comments. + (merge f5adaa5cc3 ds/doc-wo-whitelist later to maint). + + * Workaround for a compiler warning against use of die() in + osx-keychain (in contrib/). + (merge f2fc531585 ld/osx-keychain-usage-fix later to maint). + + * Workaround for a false positive compiler warning. + (merge b4f52f09ae ds/win-syslog-compiler-fix later to maint). + + * "git p4" working on UTF-16 files on Windows did not implement + CRLF-to-LF conversion correctly, which has been corrected. + (merge 4d35f74421 mb/p4-utf16-crlf later to maint). + + * "git p4" did not handle non-ASCII client name well, which has been + corrected. + (merge d205483695 kk/p4-client-name-encoding-fix later to maint). + + * "rerere-train" script (in contrib/) used to honor commit.gpgSign + while recreating the throw-away merges. + (merge cc391fc886 cl/rerere-train-with-no-sign later to maint). + + * "git checkout" miscounted the paths it updated, which has been + corrected. + (merge 611c7785e8 mt/checkout-count-fix later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge a700395eaf ma/t4200-update later to maint). + (merge ae436f283c ma/sparse-checkout-cone-doc-fix later to maint). + (merge a10f6e2bda sg/index-format-doc-update later to maint). + (merge ce5f07983d mt/pkt-line-comment-tweak later to maint). |