diff options
Diffstat (limited to 'Documentation/RelNotes')
114 files changed, 8042 insertions, 9 deletions
diff --git a/Documentation/RelNotes/1.6.0.3.txt b/Documentation/RelNotes/1.6.0.3.txt index ae05778..ad36c0f 100644 --- a/Documentation/RelNotes/1.6.0.3.txt +++ b/Documentation/RelNotes/1.6.0.3.txt @@ -50,7 +50,7 @@ Fixes since v1.6.0.2 if the working tree is currently dirty. * "git for-each-ref --format=%(subject)" fixed for commits with no - no newline in the message body. + newline in the message body. * "git remote" fixed to protect printf from user input. diff --git a/Documentation/RelNotes/1.6.2.txt b/Documentation/RelNotes/1.6.2.txt index 980adfb..166d73c 100644 --- a/Documentation/RelNotes/1.6.2.txt +++ b/Documentation/RelNotes/1.6.2.txt @@ -10,7 +10,7 @@ To ease the transition plan, the receiving repository of such a push running this release will issue a big warning when the configuration variable is missing. Please refer to: - http://git.or.cz/gitwiki/GitFaq#non-bare + https://archive.kernel.org/oldwiki/git.wiki.kernel.org/index.php/GitFaq.html#non-bare https://lore.kernel.org/git/7vbptlsuyv.fsf@gitster.siamese.dyndns.org/ for more details on the reason why this change is needed and the diff --git a/Documentation/RelNotes/1.6.3.txt b/Documentation/RelNotes/1.6.3.txt index 4bcff94..bbf177f 100644 --- a/Documentation/RelNotes/1.6.3.txt +++ b/Documentation/RelNotes/1.6.3.txt @@ -10,7 +10,7 @@ To ease the transition plan, the receiving repository of such a push running this release will issue a big warning when the configuration variable is missing. Please refer to: - http://git.or.cz/gitwiki/GitFaq#non-bare + https://archive.kernel.org/oldwiki/git.wiki.kernel.org/index.php/GitFaq.html#non-bare https://lore.kernel.org/git/7vbptlsuyv.fsf@gitster.siamese.dyndns.org/ for more details on the reason why this change is needed and the diff --git a/Documentation/RelNotes/1.6.4.txt b/Documentation/RelNotes/1.6.4.txt index a2a34b4..0fccfb0 100644 --- a/Documentation/RelNotes/1.6.4.txt +++ b/Documentation/RelNotes/1.6.4.txt @@ -10,7 +10,7 @@ To ease the transition plan, the receiving repository of such a push running this release will issue a big warning when the configuration variable is missing. Please refer to: - http://git.or.cz/gitwiki/GitFaq#non-bare + https://archive.kernel.org/oldwiki/git.wiki.kernel.org/index.php/GitFaq.html#non-bare https://lore.kernel.org/git/7vbptlsuyv.fsf@gitster.siamese.dyndns.org/ for more details on the reason why this change is needed and the diff --git a/Documentation/RelNotes/1.6.5.txt b/Documentation/RelNotes/1.6.5.txt index 6c7f7da..79cb1b2 100644 --- a/Documentation/RelNotes/1.6.5.txt +++ b/Documentation/RelNotes/1.6.5.txt @@ -21,7 +21,7 @@ To ease the transition plan, the receiving repository of such a push running this release will issue a big warning when the configuration variable is missing. Please refer to: - http://git.or.cz/gitwiki/GitFaq#non-bare + https://archive.kernel.org/oldwiki/git.wiki.kernel.org/index.php/GitFaq.html#non-bare https://lore.kernel.org/git/7vbptlsuyv.fsf@gitster.siamese.dyndns.org/ for more details on the reason why this change is needed and the diff --git a/Documentation/RelNotes/1.6.6.txt b/Documentation/RelNotes/1.6.6.txt index 3ed1e01..88b86a8 100644 --- a/Documentation/RelNotes/1.6.6.txt +++ b/Documentation/RelNotes/1.6.6.txt @@ -63,7 +63,7 @@ users will fare this time. Please refer to: - http://git.or.cz/gitwiki/GitFaq#non-bare + https://archive.kernel.org/oldwiki/git.wiki.kernel.org/index.php/GitFaq.html#non-bare https://lore.kernel.org/git/7vbptlsuyv.fsf@gitster.siamese.dyndns.org/ for more details on the reason why this change is needed and the diff --git a/Documentation/RelNotes/1.8.4.txt b/Documentation/RelNotes/1.8.4.txt index 255e185..2e75299 100644 --- a/Documentation/RelNotes/1.8.4.txt +++ b/Documentation/RelNotes/1.8.4.txt @@ -365,7 +365,7 @@ details). (merge 2fbd4f9 mh/maint-lockfile-overflow later to maint). * Invocations of "git checkout" used internally by "git rebase" were - counted as "checkout", and affected later "git checkout -" to the + counted as "checkout", and affected later "git checkout -", which took the user to an unexpected place. (merge 3bed291 rr/rebase-checkout-reflog later to maint). diff --git a/Documentation/RelNotes/2.17.6.txt b/Documentation/RelNotes/2.17.6.txt new file mode 100644 index 0000000..2f181e8 --- /dev/null +++ b/Documentation/RelNotes/2.17.6.txt @@ -0,0 +1,16 @@ +Git v2.17.6 Release Notes +========================= + +This release addresses the security issues CVE-2021-21300. + +Fixes since v2.17.5 +------------------- + + * CVE-2021-21300: + On case-insensitive file systems with support for symbolic links, + if Git is configured globally to apply delay-capable clean/smudge + filters (such as Git LFS), Git could be fooled into running + remote code during a clone. + +Credit for finding and fixing this vulnerability goes to Matheus +Tavares, helped by Johannes Schindelin. diff --git a/Documentation/RelNotes/2.18.5.txt b/Documentation/RelNotes/2.18.5.txt new file mode 100644 index 0000000..dfb1de4 --- /dev/null +++ b/Documentation/RelNotes/2.18.5.txt @@ -0,0 +1,6 @@ +Git v2.18.5 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6 to address +the security issue CVE-2021-21300; see the release notes for that +version for details. diff --git a/Documentation/RelNotes/2.19.6.txt b/Documentation/RelNotes/2.19.6.txt new file mode 100644 index 0000000..bcca6cd --- /dev/null +++ b/Documentation/RelNotes/2.19.6.txt @@ -0,0 +1,6 @@ +Git v2.19.6 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6 and +v2.18.5 to address the security issue CVE-2021-21300; see the +release notes for these versions for details. diff --git a/Documentation/RelNotes/2.20.5.txt b/Documentation/RelNotes/2.20.5.txt new file mode 100644 index 0000000..1dfb784 --- /dev/null +++ b/Documentation/RelNotes/2.20.5.txt @@ -0,0 +1,6 @@ +Git v2.20.5 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5 +and v2.19.6 to address the security issue CVE-2021-21300; see +the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.21.4.txt b/Documentation/RelNotes/2.21.4.txt new file mode 100644 index 0000000..0089dd6 --- /dev/null +++ b/Documentation/RelNotes/2.21.4.txt @@ -0,0 +1,6 @@ +Git v2.21.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5, +v2.19.6 and v2.20.5 to address the security issue CVE-2021-21300; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.22.5.txt b/Documentation/RelNotes/2.22.5.txt new file mode 100644 index 0000000..6b280d9 --- /dev/null +++ b/Documentation/RelNotes/2.22.5.txt @@ -0,0 +1,7 @@ +Git v2.22.5 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, +v2.18.5, v2.19.6, v2.20.5 and v2.21.4 to address the security +issue CVE-2021-21300; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.23.4.txt b/Documentation/RelNotes/2.23.4.txt new file mode 100644 index 0000000..6e5424d --- /dev/null +++ b/Documentation/RelNotes/2.23.4.txt @@ -0,0 +1,7 @@ +Git v2.23.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5, +v2.19.6, v2.20.5, v2.21.4 and v2.22.5 to address the security +issue CVE-2021-21300; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.24.4.txt b/Documentation/RelNotes/2.24.4.txt new file mode 100644 index 0000000..4e216ee --- /dev/null +++ b/Documentation/RelNotes/2.24.4.txt @@ -0,0 +1,7 @@ +Git v2.24.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5, +v2.19.6, v2.20.5, v2.21.4, v2.22.5 and v2.23.4 to address the +security issue CVE-2021-21300; see the release notes for these +versions for details. diff --git a/Documentation/RelNotes/2.25.5.txt b/Documentation/RelNotes/2.25.5.txt new file mode 100644 index 0000000..fcb9566 --- /dev/null +++ b/Documentation/RelNotes/2.25.5.txt @@ -0,0 +1,7 @@ +Git v2.25.5 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5, +v2.19.6, v2.20.5, v2.21.4, v2.22.5, v2.23.4 and v2.24.4 to address +the security issue CVE-2021-21300; see the release notes for +these versions for details. diff --git a/Documentation/RelNotes/2.26.3.txt b/Documentation/RelNotes/2.26.3.txt new file mode 100644 index 0000000..4111c38 --- /dev/null +++ b/Documentation/RelNotes/2.26.3.txt @@ -0,0 +1,7 @@ +Git v2.26.3 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5, +v2.19.6, v2.20.5, v2.21.4, v2.22.5, v2.23.4, v2.24.4 and v2.25.5 +to address the security issue CVE-2021-21300; see the release +notes for these versions for details. diff --git a/Documentation/RelNotes/2.27.1.txt b/Documentation/RelNotes/2.27.1.txt new file mode 100644 index 0000000..a1e08a9 --- /dev/null +++ b/Documentation/RelNotes/2.27.1.txt @@ -0,0 +1,7 @@ +Git v2.27.1 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5, +v2.19.6, v2.20.5, v2.21.4, v2.22.5, v2.23.4, v2.24.4, v2.25.5 +and v2.26.3 to address the security issue CVE-2021-21300; see +the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.28.1.txt b/Documentation/RelNotes/2.28.1.txt new file mode 100644 index 0000000..8484c82 --- /dev/null +++ b/Documentation/RelNotes/2.28.1.txt @@ -0,0 +1,7 @@ +Git v2.28.1 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5, +v2.19.6, v2.20.5, v2.21.4, v2.22.5, v2.23.4, v2.24.4, v2.25.5, +v2.26.3 and v2.27.1 to address the security issue CVE-2021-21300; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.29.0.txt b/Documentation/RelNotes/2.29.0.txt index 06025e8..1f41302 100644 --- a/Documentation/RelNotes/2.29.0.txt +++ b/Documentation/RelNotes/2.29.0.txt @@ -19,6 +19,109 @@ UI, Workflows & Features configurable to selectively allow or reject object filtering specification used for partial cloning. + * Stop when "sendmail.*" configuration variables are defined, which + could be a mistaken attempt to define "sendemail.*" variables. + + * The existing backends for "git mergetool" based on variants of vim + have been refactored and then support for "nvim" has been added. + + * "git bisect" learns the "--first-parent" option to find the first + breakage along the first-parent chain. + + * "git log --first-parent -p" showed patches only for single-parent + commits on the first-parent chain; the "--first-parent" option has + been made to imply "-m". Use "--no-diff-merges" to restore the + previous behaviour to omit patches for merge commits. + + * The commit labels used to explain each side of conflicted hunks + placed by the sequencer machinery have been made more readable by + humans. + + * The "--batch-size" option of "git multi-pack-index repack" command + is now used to specify that very small packfiles are collected into + one until the total size roughly exceeds it. + + * The recent addition of SHA-256 support is marked as experimental in + the documentation. + + * "git fetch" learned --no-write-fetch-head option to avoid writing + the FETCH_HEAD file. + + * Command line completion (in contrib/) usually omits redundant, + deprecated and/or dangerous options from its output; it learned to + optionally include all of them. + + * The output from the "diff" family of the commands had abbreviated + object names of blobs involved in the patch, but its length was not + affected by the --abbrev option. Now it is. + + * "git worktree" gained a "repair" subcommand to help users recover + after moving the worktrees or repository manually without telling + Git. Also, "git init --separate-git-dir" no longer corrupts + administrative data related to linked worktrees. + + * The "--format=" option to the "for-each-ref" command and friends + learned a few more tricks, e.g. the ":short" suffix that applies to + "objectname" now also can be used for "parent", "tree", etc. + + * "git worktree add" learns that the "-d" is a synonym to "--detach" + option to create a new worktree without being on a branch. + + * "format-patch --range-diff=<prev> <origin>..HEAD" has been taught + not to ignore <origin> when <prev> is a single version. + + * "add -p" now allows editing paths that were only added in intent. + + * The 'meld' backend of the "git mergetool" learned to give the + underlying 'meld' the '--auto-merge' option, which would help + reduce the amount of text that requires manual merging. + + * "git for-each-ref" and friends that list refs used to allow only + one --merged or --no-merged to filter them; they learned to take + combination of both kind of filtering. + + * "git maintenance", a "git gc"'s big brother, has been introduced to + take care of more repository maintenance tasks, not limited to the + object database cleaning. + + * "git receive-pack" that accepts requests by "git push" learned to + outsource most of the ref updates to the new "proc-receive" hook. + + * "git push" that wants to be atomic and wants to send push + certificate learned not to prepare and sign the push certificate + when it fails the local check (hence due to atomicity it is known + that no certificate is needed). + + * "git commit-graph write" learned to limit the number of bloom + filters that are computed from scratch with the --max-new-filters + option. + + * The transport protocol v2 has become the default again. + + * The installation procedure learned to optionally omit "git-foo" + executable files for each 'foo' built-in subcommand, which are only + required by old timers that still rely on the age old promise that + prepending "git --exec-path" output to PATH early in their script + will keep the "git-foo" calls they wrote working. + + * The command line completion (in contrib/) learned that "git restore + -s <TAB>" is often followed by a refname. + + * "git shortlog" has been taught to group commits by the contents of + the trailer lines, like "Reviewed-by:", "Coauthored-by:", etc. + + * "git archive" learns the "--add-file" option to include untracked + files into a snapshot from a tree-ish. + + * "git fetch" and "git push" support negative refspecs. + + * "git format-patch" learns to take "whenAble" as a possible value + for the format.useAutoBase configuration variable to become no-op + when the automatically computed base does not make sense. + + * Credential helpers are now allowed to terminate lines with CRLF + line ending, as well as LF line ending. + Performance, Internal Implementation, Development Support etc. @@ -52,14 +155,82 @@ Performance, Internal Implementation, Development Support etc. to a certain degree. It has been renamed to "strvec" to reduce the barrier to adoption. - * The final leg of SHA-256 transition. + * The final leg of SHA-256 transition plus doc updates. Note that + there is no interoperability between SHA-1 and SHA-256 + repositories yet. * CMake support to build with MSVC for Windows bypassing the Makefile. + * A new helper function has_object() has been introduced to make it + easier to mark object existence checks that do and don't want to + trigger lazy fetches, and a few such checks are converted using it. + + * A no-op replacement function implemented as a C preprocessor macro + does not perform as good a job as one implemented as a "static + inline" function in catching errors in parameters; replace the + former with the latter in <git-compat-util.h> header. + + * Test framework update. + (merge d572f52a64 es/test-cmp-typocatcher later to maint). + + * Updates to "git merge" tests, in preparation for a new merge + strategy backend. + + * midx and commit-graph files now use the byte defined in their file + format specification for identifying the hash function used for + object names. + + * The FETCH_HEAD is now always read from the filesystem regardless of + the ref backend in use, as its format is much richer than the + normal refs, and written directly by "git fetch" as a plain file.. + + * An unused binary has been discarded, and a bunch of commands + have been turned into built-in. + + * A handful of places in in-tree code still relied on being able to + execute the git subcommands, especially built-ins, in "git-foo" + form, which have been corrected. + + * When a packfile is removed by "git repack", multi-pack-index gets + cleared; the code was taught to do so less aggressively by first + checking if the midx actually refers to a pack that no longer + exists. + + * Internal API clean-up to handle two options "diff-index" and "log" + have, which happen to share the same short form, more sensibly. + + * The "add -i/-p" machinery has been written in C but it is not used + by default yet. It is made default to those who are participating + in feature.experimental experiment. + + * Allow maintainers to tweak $(TAR) invocations done while making + distribution tarballs. + + * "git index-pack" learned to resolve deltified objects with greater + parallelism. + + * "diff-highlight" (in contrib/) had a logic to flush its output upon + seeing a blank line but the way it detected a blank line was broken. + + * The logic to skip testing on the tagged commit and the tag itself + was not quite consistent which led to failure of Windows test + tasks. It has been revamped to consistently skip revisions that + have already been tested, based on the tree object of the revision. + Fixes since v2.28 ----------------- + * The "mediawiki" remote backend which lives in contrib/mw-to-git/ + and is not built with git by default, had an RCE bug allowing a + malicious MediaWiki server operator to inject arbitrary commands + for execution by a cloning client. This has been fixed. + + The bug was discovered and reported by Joern Schneeweisz of GitLab + to the git-security mailing list. Its practical impact due to the + obscurity of git-remote-mediawiki was deemed small enough to forgo + a dedicated security release. + * "git clone --separate-git-dir=$elsewhere" used to stomp on the contents of the existing directory $elsewhere, which has been taught to fail when $elsewhere is not an empty directory. @@ -102,6 +273,211 @@ Fixes since v2.28 * Doc cleanup around "worktree". (merge dc9c144be5 es/worktree-doc-cleanups later to maint). + * The "git blame --first-parent" option was not documented, but now + it is. + (merge 11bc12ae1e rp/blame-first-parent-doc later to maint). + + * The logic to find the ref transaction hook script attempted to + cache the path to the found hook without realizing that it needed + to keep a copied value, as the API it used returned a transitory + buffer space. This has been corrected. + (merge 09b2aa30c9 ps/ref-transaction-hook later to maint). + + * Recent versions of "git diff-files" shows a diff between the index + and the working tree for "intent-to-add" paths as a "new file" + patch; "git apply --cached" should be able to take "git diff-files" + and should act as an equivalent to "git add" for the path, but the + command failed to do so for such a path. + (merge 4c025c667e rp/apply-cached-with-i-t-a later to maint). + + * "git diff [<tree-ish>] $path" for a $path that is marked with i-t-a + bit was not showing the mode bits from the working tree. + (merge cb0dd22b82 rp/ita-diff-modefix later to maint). + + * Ring buffer with size 4 used for bin-hex translation resulted in a + wrong object name in the sequencer's todo output, which has been + corrected. + (merge 5da69c0dac ak/sequencer-fix-find-uniq-abbrev later to maint). + + * When given more than one target line ranges, "git blame -La,b + -Lc,d" was over-eager to coalesce groups of original lines and + showed incorrect results, which has been corrected. + (merge c2ebaa27d6 jk/blame-coalesce-fix later to maint). + + * The regexp to identify the function boundary for FORTRAN programs + has been updated. + (merge 75c3b6b2e8 pb/userdiff-fortran-update later to maint). + + * A few end-user facing messages have been updated to be + hash-algorithm agnostic. + (merge 4279000d3e jc/object-names-are-not-sha-1 later to maint). + + * "unlink" emulation on MinGW has been optimized. + (merge 680e0b4524 jh/mingw-unlink later to maint). + + * The purpose of "git init --separate-git-dir" is to initialize a + new project with the repository separate from the working tree, + or, in the case of an existing project, to move the repository + (the .git/ directory) out of the working tree. It does not make + sense to use --separate-git-dir with a bare repository for which + there is no working tree, so disallow its use with bare + repositories. + (merge ccf236a23a es/init-no-separate-git-dir-in-bare later to maint). + + * "ls-files -o" mishandled the top-level directory of another git + working tree that hangs in the current git working tree. + (merge ab282aa548 en/dir-nonbare-embedded later to maint). + + * Fix some incorrect UNLEAK() annotations. + (merge 3e19816dc0 jk/unleak-fixes later to maint). + + * Use more buffered I/O where we used to call many small write(2)s. + (merge a698d67b08 rs/more-buffered-io later to maint). + + * The patch-id computation did not ignore the "incomplete last line" + marker like whitespaces. + (merge 82a62015a7 rs/patch-id-with-incomplete-line later to maint). + + * Updates into a lazy/partial clone with a submodule did not work + well with transfer.fsckobjects set. + + * The parser for "git for-each-ref --format=..." was too loose when + parsing the "%(trailers...)" atom, and forgot that "trailers" and + "trailers:<modifiers>" are the only two allowed forms, which has + been corrected. + (merge 2c22e102f8 hv/ref-filter-trailers-atom-parsing-fix later to maint). + + * Long ago, we decided to use 3 threads by default when running the + index-pack task in parallel, which has been adjusted a bit upwards. + (merge fbff95b67f jk/index-pack-w-more-threads later to maint). + + * "git restore/checkout --no-overlay" with wildcarded pathspec + mistakenly removed matching paths in subdirectories, which has been + corrected. + (merge bfda204ade rs/checkout-no-overlay-pathspec-fix later to maint). + + * The description of --cached/--index options in "git apply --help" + has been updated. + (merge d064702be3 rp/apply-cached-doc later to maint). + + * Feeding "$ZERO_OID" to "git log --ignore-missing --stdin", and + running "git log --ignore-missing $ZERO_OID" fell back to start + digging from HEAD; it has been corrected to become a no-op, like + "git log --tags=no-tag-matches-this-pattern" does. + (merge 04a0e98515 jk/rev-input-given-fix later to maint). + + * Various callers of run_command API have been modernized. + (merge afbdba391e jc/run-command-use-embedded-args later to maint). + + * List of options offered and accepted by "git add -i/-p" were + inconsistent, which have been corrected. + (merge ce910287e7 pw/add-p-allowed-options-fix later to maint). + + * "git diff --stat -w" showed 0-line changes for paths whose changes + were only whitespaces, which was not intuitive. We now omit such + paths from the stat output. + (merge 1cf3d5db9b mr/diff-hide-stat-wo-textual-change later to maint). + + * It was possible for xrealloc() to send a non-NULL pointer that has + been freed, which has been fixed. + (merge 6479ea4a8a jk/xrealloc-avoid-use-after-free later to maint). + + * "git status" has trouble showing where it came from by interpreting + reflog entries that record certain events, e.g. "checkout @{u}", and + gives a hard/fatal error. Even though it inherently is impossible + to give a correct answer because the reflog entries lose some + information (e.g. "@{u}" does not record what branch the user was + on hence which branch 'the upstream' needs to be computed, and even + if the record were available, the relationship between branches may + have changed), at least hide the error and allow "status" to show its + output. + + * "git status --short" quoted a path with SP in it when tracked, but + not those that are untracked, ignored or unmerged. They are all + shown quoted consistently. + + * "git diff/show" on a change that involves a submodule used to read + the information on commits in the submodule from a wrong repository + and gave a wrong information when the commit-graph is involved. + (merge 85a1ec2c32 mf/submodule-summary-with-correct-repository later to maint). + + * Unlike "git config --local", "git config --worktree" did not fail + early and cleanly when started outside a git repository. + (merge 378fe5fc3d mt/config-fail-nongit-early later to maint). + + * There is a logic to estimate how many objects are in the + repository, which is meant to run once per process invocation, but + it ran every time the estimated value was requested. + (merge 67bb65de5d jk/dont-count-existing-objects-twice later to maint). + + * "git remote set-head" that failed still said something that hints + the operation went through, which was misleading. + (merge 5a07c6c3c2 cs/don-t-pretend-a-failed-remote-set-head-succeeded later to maint). + + * "git fetch --all --ipv4/--ipv6" forgot to pass the protocol options + to instances of the "git fetch" that talk to individual remotes, + which has been corrected. + (merge 4e735c1326 ar/fetch-ipversion-in-all later to maint). + + * The "unshelve" subcommand of "git p4" incorrectly used commit^N + where it meant to say commit~N to name the Nth generation + ancestor, which has been corrected. + (merge 0acbf5997f ld/p4-unshelve-fix later to maint). + + * "git clone" that clones from SHA-1 repository, while + GIT_DEFAULT_HASH set to use SHA-256 already, resulted in an + unusable repository that half-claims to be SHA-256 repository + with SHA-1 objects and refs. This has been corrected. + + * Adjust sample hooks for hash algorithm other than SHA-1. + (merge d8d3d632f4 dl/zero-oid-in-hooks later to maint). + + * "git range-diff" showed incorrect diffstat, which has been + corrected. + + * Earlier we taught "git pull" to warn when the user does not say the + histories need to be merged, rebased or accepts only fast- + forwarding, but the warning triggered for those who have set the + pull.ff configuration variable. + (merge 54200cef86 ah/pull later to maint). + + * Compilation fix around type punning. + (merge 176380fd11 jk/drop-unaligned-loads later to maint). + + * "git blame --ignore-rev/--ignore-revs-file" failed to validate + their input are valid revision, and failed to take into account + that the user may want to give an annotated tag instead of a + commit, which has been corrected. + (merge 610e2b9240 jc/blame-ignore-fix later to maint). + + * "git bisect start X Y", when X and Y are not valid committish + object names, should take X and Y as pathspec, but didn't. + (merge 73c6de06af cc/bisect-start-fix later to maint). + + * The explanation of the "scissors line" has been clarified. + (merge 287416dba6 eg/mailinfo-doc-scissors later to maint). + + * A race that leads to an access to a free'd data was corrected in + the codepath that reads pack files. + (merge bda959c476 mt/delta-base-cache-races later to maint). + + * in_merge_bases_many(), a way to see if a commit is reachable from + any commit in a set of commits, was totally broken when the + commit-graph feature was in use, which has been corrected. + (merge 8791bf1841 ds/in-merge-bases-many-optim-bug later to maint). + + * "git submodule update --quiet" did not squelch underlying "rebase" + and "pull" commands. + (merge 3ad0401e9e td/submodule-update-quiet later to maint). + + * The lazy fetching done internally to make missing objects available + in a partial clone incorrectly made permanent damage to the partial + clone filter in the repository, which has been corrected. + + * "log -c --find-object=X" did not work well to find a merge that + involves a change to an object X from only one parent. + (merge 957876f17d jk/diff-cc-oidfind-fix later to maint). + * Other code cleanup, docfix, build fix, etc. (merge 84544f2ea3 sk/typofixes later to maint). (merge b17f411ab5 ar/help-guides-doc later to maint). @@ -115,3 +491,24 @@ Fixes since v2.28 (merge 7d23ff818f rs/bisect-oid-to-hex-fix later to maint). (merge de20baf2c9 ny/notes-doc-sample-update later to maint). (merge f649aaaf82 so/rev-parser-errormessage-fix later to maint). + (merge 6103d58b7f bc/sha-256-cvs-svn-updates later to maint). + (merge ac900fddb7 ma/stop-progress-null-fix later to maint). + (merge e767963ab6 rs/upload-pack-sigchain-fix later to maint). + (merge a831908599 rs/preserve-merges-unused-code-removal later to maint). + (merge 6dfefe70a9 jb/commit-graph-doc-fix later to maint). + (merge 847b37271e pb/set-url-docfix later to maint). + (merge 748f733d54 mt/checkout-entry-dead-code-removal later to maint). + (merge ce820cbd58 dl/subtree-docs later to maint). + (merge 55fe225dde jk/leakfix later to maint). + (merge ee22a29215 so/pretty-abbrev-doc later to maint). + (merge 3100fd5588 jc/post-checkout-doc later to maint). + (merge 17bae89476 pb/doc-external-diff-env later to maint). + (merge 27ed6ccc12 jk/worktree-check-clean-leakfix later to maint). + (merge 1302badd16 ea/blame-use-oideq later to maint). + (merge e6d5a11fed al/t3200-back-on-a-branch later to maint). + (merge 324efcf6b6 pw/add-p-leakfix later to maint). + (merge 1c6ffb546b jk/add-i-fixes later to maint). + (merge e40e936551 cd/commit-graph-doc later to maint). + (merge 0512eabd91 jc/sequencer-stopped-sha-simplify later to maint). + (merge d01141de5a so/combine-diff-simplify later to maint). + (merge 3be01e5ab1 sn/fast-import-doc later to maint). diff --git a/Documentation/RelNotes/2.29.1.txt b/Documentation/RelNotes/2.29.1.txt new file mode 100644 index 0000000..295ee21 --- /dev/null +++ b/Documentation/RelNotes/2.29.1.txt @@ -0,0 +1,11 @@ +Git v2.29.1 Release Notes +========================= + +This is to fix the build procedure change in 2.28 where we failed to +install a few programs that should be installed in /usr/bin (namely, +receive-pack, upload-archive and upload-pack) when the non-default +SKIP_DASHED_BUILT_INS installation option is in effect. + +A minor glitch in a non-default installation may usually not deserve +a hotfix, but I know Git for Windows ship binaries built with this +option, so let's make an exception. diff --git a/Documentation/RelNotes/2.29.2.txt b/Documentation/RelNotes/2.29.2.txt new file mode 100644 index 0000000..632b5b5 --- /dev/null +++ b/Documentation/RelNotes/2.29.2.txt @@ -0,0 +1,12 @@ +Git v2.29.2 Release Notes +========================= + +This release is primarily to fix brown-paper-bag breakages in the +2.29.0 release. + +Fixes since v2.29.1 +------------------- + + * In 2.29, "--committer-date-is-author-date" option of "rebase" and + "am" subcommands lost the e-mail address by mistake, which has been + corrected. diff --git a/Documentation/RelNotes/2.29.3.txt b/Documentation/RelNotes/2.29.3.txt new file mode 100644 index 0000000..e10eedb --- /dev/null +++ b/Documentation/RelNotes/2.29.3.txt @@ -0,0 +1,8 @@ +Git v2.29.3 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, +v2.18.5, v2.19.6, v2.20.5, v2.21.4, v2.22.5, v2.23.4, v2.24.4, +v2.25.5, v2.26.3, v2.27.1 and v2.28.1 to address the security +issue CVE-2021-21300; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.30.0.txt b/Documentation/RelNotes/2.30.0.txt new file mode 100644 index 0000000..c2f1dc7 --- /dev/null +++ b/Documentation/RelNotes/2.30.0.txt @@ -0,0 +1,401 @@ +Git 2.30 Release Notes +====================== + +Updates since v2.29 +------------------- + +UI, Workflows & Features + + * Userdiff for PHP update. + + * Userdiff for Rust update. + + * Userdiff for CSS update. + + * The command line completion script (in contrib/) learned that "git + stash show" takes the options "git diff" takes. + + * "git worktree list" now shows if each worktree is locked. This + possibly may open us to show other kinds of states in the future. + + * "git maintenance", an extended big brother of "git gc", continues + to evolve. + + * "git push --force-with-lease[=<ref>]" can easily be misused to lose + commits unless the user takes good care of their own "git fetch". + A new option "--force-if-includes" attempts to ensure that what is + being force-pushed was created after examining the commit at the + tip of the remote ref that is about to be force-replaced. + + * "git clone" learned clone.defaultremotename configuration variable + to customize what nickname to use to call the remote the repository + was cloned from. + + * "git checkout" learned to use checkout.guess configuration variable + and enable/disable its "--[no-]guess" option accordingly. + + * "git resurrect" script (in contrib/) learned that the object names + may be longer than 40-hex depending on the hash function in use. + + * "git diff A...B" learned "git diff --merge-base A B", which is a + longer short-hand to say the same thing. + + * A sample 'push-to-checkout' hook, that performs the same as + what the built-in default action does, has been added. + + * "git diff" family of commands learned the "-I<regex>" option to + ignore hunks whose changed lines all match the given pattern. + + * The userdiff pattern learned to identify the function definition in + POSIX shells and bash. + + * "git checkout-index" did not consistently signal an error with its + exit status, but now it does. + + * A commit and tag object may have CR at the end of each and + every line (you can create such an object with hash-object or + using --cleanup=verbatim to decline the default clean-up + action), but it would make it impossible to have a blank line + to separate the title from the body of the message. We are now + more lenient and accept a line with lone CR on it as a blank line, + too. + + * Exit codes from "git remote add" etc. were not usable by scripted + callers, but now they are. + + * "git archive" now allows compression level higher than "-9" + when generating tar.gz output. + + * Zsh autocompletion (in contrib/) update. + + * The maximum length of output filenames "git format-patch" creates + has become configurable (used to be capped at 64). + + * "git rev-parse" learned the "--end-of-options" to help scripts to + safely take a parameter that is supposed to be a revision, e.g. + "git rev-parse --verify -q --end-of-options $rev". + + * The command line completion script (in contrib/) learned to expand + commands that are alias of alias. + + * "git update-ref --stdin" learns to take multiple transactions in a + single session. + + * Various subcommands of "git config" that take value_regex + learned the "--literal-value" option to take the value_regex option + as a literal string. + + * The transport layer was taught to optionally exchange the session + ID assigned by the trace2 subsystem during fetch/push transactions. + + * "git imap-send" used to ignore configuration variables like + core.askpass; this has been corrected. + + * "git $cmd $args", when $cmd is not a recognised subcommand, by + default tries to see if $cmd is a typo of an existing subcommand + and optionally executes the corrected command if there is only one + possibility, depending on the setting of help.autocorrect; the + users can now disable the whole thing, including the cycles spent + to find a likely typo, by setting the configuration variable to + 'never'. + + * "@" sometimes worked (e.g. "git push origin @:there") as a part of + a refspec element, but "git push origin @" did not work, which has + been corrected. + + +Performance, Internal Implementation, Development Support etc. + + * Use "git archive" more to produce the release tarball. + + * GitHub Actions automated test improvement to skip tests on a tree + identical to what has already been tested. + + * Test-coverage for running commit-graph task "git maintenance" has + been extended. + + * Our test scripts can be told to run only individual pieces while + skipping others with the "--run=..." option; they were taught to + take a substring of test title, in addition to numbers, to name the + test pieces to run. + + * Adjust tests so that they won't scream when the default initial + branch name is different from 'master'. + + * Rewriting "git bisect" in C continues. + + * More preliminary tests have been added to document desired outcomes + of various "directory rename" situations. + + * Micro clean-up of a couple of test scripts. + + * "git diff" and other commands that share the same machinery to + compare with working tree files have been taught to take advantage + of the fsmonitor data when available. + + * The code to detect premature EOF in the sideband demultiplexer has + been cleaned up. + + * "git fetch --depth=<n>" over the stateless RPC / smart HTTP + transport handled EOF from the client poorly at the server end. + + * A specialization of hashmap that uses a string as key has been + introduced. Hopefully it will see wider use over time. + + * "git bisect start/next" in a large span of history spends a lot of + time trying to come up with exactly the half-way point; this can be + optimized by stopping when we see a commit that is close enough to + the half-way point. + + * A lazily defined test prerequisite can now be defined in terms of + another lazily defined test prerequisite. + + * Expectation for the original contributor after responding to a + review comment to use the explanation in a patch update has been + described. + + * Multiple "credential-store" backends can race to lock the same + file, causing everybody else but one to fail---reattempt locking + with some timeout to reduce the rate of the failure. + + * "git-parse-remote" shell script library outlived its usefulness. + + * Like die() and error(), a call to warning() will also trigger a + trace2 event. + + * Use of non-reentrant localtime() has been removed. + + * Non-reentrant time-related library functions and ctime/asctime with + awkward calling interfaces are banned from the codebase. + + +Fixes since v2.29 +----------------- + + * In 2.29, "--committer-date-is-author-date" option of "rebase" and + "am" subcommands lost the e-mail address by mistake, which has been + corrected. + (merge 5f35edd9d7 jk/committer-date-is-author-date-fix later to maint). + + * "git checkout -p A...B [-- <path>]" did not work, even though the + same command without "-p" correctly used the merge-base between + commits A and B. + (merge 35166b1fb5 dl/checkout-p-merge-base later to maint). + + * The side-band status report can be sent at the same time as the + primary payload multiplexed, but the demultiplexer on the receiving + end incorrectly split a single status report into two, which has + been corrected. + (merge 712b0377db js/avoid-split-sideband-message later to maint). + + * "git fast-import" wasted a lot of memory when many marks were in use. + (merge 3f018ec716 jk/fast-import-marks-alloc-fix later to maint). + + * A test helper "test_cmp A B" was taught to diagnose missing files A + or B as a bug in test, but some tests legitimately wanted to notice + a failure to even create file B as an error, in addition to leaving + the expected result in it, and were misdiagnosed as a bug. This + has been corrected. + (merge 262d5ad5a5 es/test-cmp-typocatcher later to maint). + + * When "git commit-graph" detects the same commit recorded more than + once while it is merging the layers, it used to die. The code now + ignores all but one of them and continues. + (merge 85102ac71b ds/commit-graph-merging-fix later to maint). + + * The meaning of a Signed-off-by trailer can vary from project to + project; this and also what it means to this project has been + clarified in the documentation. + (merge 3abd4a67d9 bk/sob-dco later to maint). + + * "git credential' didn't honor the core.askPass configuration + variable (among other things), which has been corrected. + (merge 567ad2c0f9 tk/credential-config later to maint). + + * Dev support to catch a tentative definition of a variable in our C + code as an error. + (merge 5539183622 jk/no-common later to maint). + + * "git rebase --rebase-merges" did not correctly pass --gpg-sign + command line option to underlying "git merge" when replaying a merge + using non-default merge strategy or when replaying an octopus merge + (because replaying a two-head merge with the default strategy was + done in a separate codepath, the problem did not trigger for most + users), which has been corrected. + (merge 43ad4f2eca sc/sequencer-gpg-octopus later to maint). + + * "git apply -R" did not handle patches that touch the same path + twice correctly, which has been corrected. This is most relevant + in a patch that changes a path from a regular file to a symbolic + link (and vice versa). + (merge b0f266de11 jt/apply-reverse-twice later to maint). + + * A recent oid->hash conversion missed one spot, breaking "git svn". + (merge 03bb366de4 bc/svn-hash-oid-fix later to maint). + + * The documentation on the "--abbrev=<n>" option did not say the + output may be longer than "<n>" hexdigits, which has been + clarified. + (merge cda34e0d0c jc/abbrev-doc later to maint). + + * "git p4" now honors init.defaultBranch configuration. + (merge 1b09d1917f js/p4-default-branch later to maint). + + * Recently the format of an internal state file "rebase -i" uses has + been tightened up for consistency, which would hurt those who start + "rebase -i" with old git and then continue with new git. Loosen + the reader side a bit (which we may want to tighten again in a year + or so). + (merge c779386182 jc/sequencer-stopped-sha-simplify later to maint). + + * The code to see if "git stash drop" can safely remove refs/stash + has been made more careful. + (merge 4f44c5659b rs/empty-reflog-check-fix later to maint). + + * "git log -L<range>:<path>" is documented to take no pathspec, but + this was not enforced by the command line option parser, which has + been corrected. + (merge 39664cb0ac jc/line-log-takes-no-pathspec later to maint). + + * "git format-patch --output=there" did not work as expected and + instead crashed. The option is now supported. + (merge dc1672dd10 jk/format-patch-output later to maint). + + * Define ARM64 compiled with MSVC to be little-endian. + (merge 0c038fc65a dg/bswap-msvc later to maint). + + * "git rebase -i" did not store ORIG_HEAD correctly. + (merge 8843302307 pw/rebase-i-orig-head later to maint). + + * "git blame -L :funcname -- path" did not work well for a path for + which a userdiff driver is defined. + + * "make DEVELOPER=1 sparse" used to run sparse and let it emit + warnings; now such warnings will cause an error. + (merge 521dc56270 jc/sparse-error-for-developer-build later to maint). + + * "git blame --ignore-revs-file=<file>" learned to ignore a + non-existent object name in the input, instead of complaining. + (merge c714d05875 jc/blame-ignore-fix later to maint). + + * Running "git diff" while allowing external diff in a state with + unmerged paths used to segfault, which has been corrected. + (merge d66851806f jk/diff-release-filespec-fix later to maint). + + * Build configuration cleanup. + (merge b990f02fd8 ab/config-mak-uname-simplify later to maint). + + * Fix regression introduced when nvimdiff support in mergetool was added. + (merge 12026f46e7 pd/mergetool-nvimdiff later to maint). + + * The exchange between receive-pack and proc-receive hook did not + carefully check for errors. + + * The code was not prepared to deal with pack .idx file that is + larger than 4GB. + (merge 81c4c5cf2e jk/4gb-idx later to maint). + + * Since jgit does not yet work with SHA-256 repositories, mark the + tests that use it not to run unless we are testing with ShA-1 + repositories. + (merge ea699b4adc sg/t5310-jgit-wants-sha1 later to maint). + + * Config parser fix for "git notes". + (merge 45fef1599a na/notes-displayref-is-not-boolean later to maint). + + * Move a definition of compatibility wrapper from cache.h to + git-compat-util.h + (merge a76b138daa hn/sleep-millisec-decl later to maint). + + * Error message fix. + (merge eaf5341538 km/stash-error-message-fix later to maint). + + * "git pull --rebase --recurse-submodules" checked for local changes + in a wrong range and failed to run correctly when it should. + (merge 5176f20ffe pb/pull-rebase-recurse-submodules later to maint). + + * "git push" that is killed may leave a pack-objects process behind, + still computing to find a good compression, wasting cycles. This + has been corrected. + (merge 8b59935114 jk/stop-pack-objects-when-push-is-killed later to maint). + + * "git fetch" that is killed may leave a pack-objects process behind, + still computing to find a good compression, wasting cycles. This + has been corrected. + (merge 309a4028e7 jk/stop-pack-objects-when-fetch-is-killed later to maint). + + * "git add -i" failed to honor custom colors configured to show + patches, which has been corrected. + (merge 96386faa03 js/add-i-color-fix later to maint). + + * Processes that access packdata while the .idx file gets removed + (e.g. while repacking) did not fail or fall back gracefully as they + could. + (merge 506ec2fbda tb/idx-midx-race-fix later to maint). + + * "git apply" adjusted the permission bits of working-tree files and + directories according to core.sharedRepository setting by mistake and + for a long time, which has been corrected. + (merge eb3c027e17 mt/do-not-use-scld-in-working-tree later to maint). + + * "fetch-pack" could pass NULL pointer to unlink(2) when it sees an + invalid filename; the error checking has been tightened to make + this impossible. + (merge 6031af387e rs/fetch-pack-invalid-lockfile later to maint). + + * "git maintenance run/start/stop" needed to be run in a repository + to hold the lockfile they use, but didn't make sure they are + actually in a repository, which has been corrected. + + * The glossary described a branch as an "active" line of development, + which is misleading---a stale and non-moving branch is still a + branch. + (merge eef1ceabd8 so/glossary-branch-is-not-necessarily-active later to maint). + + * Newer versions of xsltproc can assign IDs in HTML documents it + generates in a consistent manner. Use the feature to help format + HTML version of the user manual reproducibly. + (merge 3569e11d69 ae/doc-reproducible-html later to maint). + + * Tighten error checking in the codepath that responds to "git fetch". + (merge d43a21bdbb jk/check-config-parsing-error-in-upload-pack later to maint). + + * "git pack-redundant" when there is only one packfile used to crash, + which has been corrected. + (merge 0696232390 jx/pack-redundant-on-single-pack later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge 3e0a5dc9af cc/doc-filter-branch-typofix later to maint). + (merge 32c83afc2c cw/ci-ghwf-check-ws-errors later to maint). + (merge 5eb2ed691b rs/tighten-callers-of-deref-tag later to maint). + (merge 6db29ab213 jk/fast-import-marks-cleanup later to maint). + (merge e5cf6d3df4 nk/dir-c-comment-update later to maint). + (merge 5710dcce74 jk/report-fn-typedef later to maint). + (merge 9a82db1056 en/sequencer-rollback-lock-cleanup later to maint). + (merge 4e1bee9a99 js/t7006-cleanup later to maint). + (merge f5bcde6c58 es/tutorial-mention-asciidoc-early later to maint). + (merge 714d491af0 so/format-patch-doc-on-default-diff-format later to maint). + (merge 0795df4b9b rs/clear-commit-marks-in-repo later to maint). + (merge 9542d56379 sd/prompt-local-variable later to maint). + (merge 06d43fad18 rs/pack-write-hashwrite-simplify later to maint). + (merge b7e20b4373 mc/typofix later to maint). + (merge f6bcd9a8a4 js/test-whitespace-fixes later to maint). + (merge 53b67a801b js/test-file-size later to maint). + (merge 970909c2a7 rs/hashwrite-be64 later to maint). + (merge 5a923bb1f0 ma/list-object-filter-opt-msgfix later to maint). + (merge 1c3e412916 rs/archive-plug-leak-refname later to maint). + (merge d44e5267ea rs/plug-diff-cache-leak later to maint). + (merge 793c1464d3 ab/gc-keep-base-option later to maint). + (merge b86339b12b mt/worktree-error-message-fix later to maint). + (merge e01ae2a4a7 js/pull-rebase-use-advise later to maint). + (merge e63d774242 sn/config-doc-typofix later to maint). + (merge 08e9df2395 jk/multi-line-indent-style-fix later to maint). + (merge e66590348a da/vs-build-iconv-fix later to maint). + (merge 7fe07275be js/cmake-extra-built-ins-fix later to maint). + (merge 633eebe142 jb/midx-doc-update later to maint). + (merge 5885367e8f jh/index-v2-doc-on-fsmn later to maint). + (merge 14639a4779 jc/compat-util-setitimer-fix later to maint). + (merge 56f56ac50b ab/unreachable-break later to maint). + (merge 731d578b4f rb/nonstop-config-mak-uname-update later to maint). + (merge f4698738f9 es/perf-export-fix later to maint). + (merge 773c694142 nk/refspecs-negative-fix later to maint). diff --git a/Documentation/RelNotes/2.30.1.txt b/Documentation/RelNotes/2.30.1.txt new file mode 100644 index 0000000..249ef14 --- /dev/null +++ b/Documentation/RelNotes/2.30.1.txt @@ -0,0 +1,55 @@ +Git v2.30.1 Release Notes +========================= + +This release is primarily to merge fixes accumulated on the 'master' +front to prepare for 2.31 release that are still relevant to 2.30.x +maintenance track. + +Fixes since v2.30 +----------------- + + * "git fetch --recurse-submodules" failed to update a submodule + when it has an uninitialized (hence of no interest to the user) + sub-submodule, which has been corrected. + + * Command line error of "git rebase" are diagnosed earlier. + + * "git stash" did not work well in a sparsely checked out working + tree. + + * Some tests expect that "ls -l" output has either '-' or 'x' for + group executable bit, but setgid bit can be inherited from parent + directory and make these fields 'S' or 's' instead, causing test + failures. + + * "git for-each-repo --config=<var> <cmd>" should not run <cmd> for + any repository when the configuration variable <var> is not defined + even once. + + * "git mergetool --tool-help" was broken in 2.29 and failed to list + all the available tools. + + * Fix for procedure to building CI test environment for mac. + + * Newline characters in the host and path part of git:// URL are + now forbidden. + + * When more than one commit with the same patch ID appears on one + side, "git log --cherry-pick A...B" did not exclude them all when a + commit with the same patch ID appears on the other side. Now it + does. + + * Documentation for "git fsck" lost stale bits that has become + incorrect. + + * Doc for packfile URI feature has been clarified. + + * The implementation of "git branch --sort" wrt the detached HEAD + display has always been hacky, which has been cleaned up. + + * Our setting of GitHub CI test jobs were a bit too eager to give up + once there is even one failure found. Tweak the knob to allow + other jobs keep running even when we see a failure, so that we can + find more failures in a single run. + +Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.30.2.txt b/Documentation/RelNotes/2.30.2.txt new file mode 100644 index 0000000..bada398 --- /dev/null +++ b/Documentation/RelNotes/2.30.2.txt @@ -0,0 +1,8 @@ +Git v2.30.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.17.6, v2.18.5, +v2.19.6, v2.20.5, v2.21.4, v2.22.5, v2.23.4, v2.24.4, v2.25.5, +v2.26.3, v2.27.1, v2.28.1 and v2.29.3 to address the security +issue CVE-2021-21300; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.30.3.txt b/Documentation/RelNotes/2.30.3.txt new file mode 100644 index 0000000..31b2a4d --- /dev/null +++ b/Documentation/RelNotes/2.30.3.txt @@ -0,0 +1,24 @@ +Git v2.30.2 Release Notes +========================= + +This release addresses the security issue CVE-2022-24765. + +Fixes since v2.30.2 +------------------- + + * Build fix on Windows. + + * Fix `GIT_CEILING_DIRECTORIES` with Windows-style root directories. + + * CVE-2022-24765: + On multi-user machines, Git users might find themselves + unexpectedly in a Git worktree, e.g. when another user created a + repository in `C:\.git`, in a mounted network drive or in a + scratch space. Merely having a Git-aware prompt that runs `git + status` (or `git diff`) and navigating to a directory which is + supposedly not a Git worktree, or opening such a directory in an + editor or IDE such as VS Code or Atom, will potentially run + commands defined by that other user. + +Credit for finding this vulnerability goes to 俞晨东; The fix was +authored by Johannes Schindelin. diff --git a/Documentation/RelNotes/2.30.4.txt b/Documentation/RelNotes/2.30.4.txt new file mode 100644 index 0000000..4eedb74 --- /dev/null +++ b/Documentation/RelNotes/2.30.4.txt @@ -0,0 +1,21 @@ +Git v2.30.4 Release Notes +========================= + +This release contains minor fix-ups for the changes that went into +Git 2.30.3, which was made to address CVE-2022-24765. + + * The code that was meant to parse the new `safe.directory` + configuration variable was not checking what configuration + variable was being fed to it, which has been corrected. + + * '*' can be used as the value for the `safe.directory` variable to + signal that the user considers that any directory is safe. + + + +Derrick Stolee (2): + t0033: add tests for safe.directory + setup: opt-out of check with safe.directory=* + +Matheus Valadares (1): + setup: fix safe.directory key not being checked diff --git a/Documentation/RelNotes/2.30.5.txt b/Documentation/RelNotes/2.30.5.txt new file mode 100644 index 0000000..5191cab --- /dev/null +++ b/Documentation/RelNotes/2.30.5.txt @@ -0,0 +1,12 @@ +Git v2.30.5 Release Notes +========================= + +This release contains minor fix-ups for the changes that went into +Git 2.30.3 and 2.30.4, addressing CVE-2022-29187. + + * The safety check that verifies a safe ownership of the Git + worktree is now extended to also cover the ownership of the Git + directory (and the `.git` file, if there is any). + +Carlo Marcelo Arenas Belón (1): + setup: tighten ownership checks post CVE-2022-24765 diff --git a/Documentation/RelNotes/2.30.6.txt b/Documentation/RelNotes/2.30.6.txt new file mode 100644 index 0000000..d649071 --- /dev/null +++ b/Documentation/RelNotes/2.30.6.txt @@ -0,0 +1,60 @@ +Git v2.30.6 Release Notes +========================= + +This release addresses the security issues CVE-2022-39253 and +CVE-2022-39260. + +Fixes since v2.30.5 +------------------- + + * CVE-2022-39253: + When relying on the `--local` clone optimization, Git dereferences + symbolic links in the source repository before creating hardlinks + (or copies) of the dereferenced link in the destination repository. + This can lead to surprising behavior where arbitrary files are + present in a repository's `$GIT_DIR` when cloning from a malicious + repository. + + Git will no longer dereference symbolic links via the `--local` + clone mechanism, and will instead refuse to clone repositories that + have symbolic links present in the `$GIT_DIR/objects` directory. + + Additionally, the value of `protocol.file.allow` is changed to be + "user" by default. + + * CVE-2022-39260: + An overly-long command string given to `git shell` can result in + overflow in `split_cmdline()`, leading to arbitrary heap writes and + remote code execution when `git shell` is exposed and the directory + `$HOME/git-shell-commands` exists. + + `git shell` is taught to refuse interactive commands that are + longer than 4MiB in size. `split_cmdline()` is hardened to reject + inputs larger than 2GiB. + +Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The +fix was authored by Taylor Blau, with help from Johannes Schindelin. + +Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. +The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. + + +Jeff King (2): + shell: add basic tests + shell: limit size of interactive commands + +Kevin Backhouse (1): + alias.c: reject too-long cmdline strings in split_cmdline() + +Taylor Blau (11): + builtin/clone.c: disallow `--local` clones with symlinks + t/lib-submodule-update.sh: allow local submodules + t/t1NNN: allow local submodules + t/2NNNN: allow local submodules + t/t3NNN: allow local submodules + t/t4NNN: allow local submodules + t/t5NNN: allow local submodules + t/t6NNN: allow local submodules + t/t7NNN: allow local submodules + t/t9NNN: allow local submodules + transport: make `protocol.file.allow` be "user" by default diff --git a/Documentation/RelNotes/2.30.7.txt b/Documentation/RelNotes/2.30.7.txt new file mode 100644 index 0000000..285beed --- /dev/null +++ b/Documentation/RelNotes/2.30.7.txt @@ -0,0 +1,86 @@ +Git v2.30.7 Release Notes +========================= + +This release addresses the security issues CVE-2022-41903 and +CVE-2022-23521. + + +Fixes since v2.30.6 +------------------- + + * CVE-2022-41903: + + git log has the ability to display commits using an arbitrary + format with its --format specifiers. This functionality is also + exposed to git archive via the export-subst gitattribute. + + When processing the padding operators (e.g., %<(, %<|(, %>(, + %>>(, or %><( ), an integer overflow can occur in + pretty.c::format_and_pad_commit() where a size_t is improperly + stored as an int, and then added as an offset to a subsequent + memcpy() call. + + This overflow can be triggered directly by a user running a + command which invokes the commit formatting machinery (e.g., git + log --format=...). It may also be triggered indirectly through + git archive via the export-subst mechanism, which expands format + specifiers inside of files within the repository during a git + archive. + + This integer overflow can result in arbitrary heap writes, which + may result in remote code execution. + +* CVE-2022-23521: + + gitattributes are a mechanism to allow defining attributes for + paths. These attributes can be defined by adding a `.gitattributes` + file to the repository, which contains a set of file patterns and + the attributes that should be set for paths matching this pattern. + + When parsing gitattributes, multiple integer overflows can occur + when there is a huge number of path patterns, a huge number of + attributes for a single pattern, or when the declared attribute + names are huge. + + These overflows can be triggered via a crafted `.gitattributes` file + that may be part of the commit history. Git silently splits lines + longer than 2KB when parsing gitattributes from a file, but not when + parsing them from the index. Consequentially, the failure mode + depends on whether the file exists in the working tree, the index or + both. + + This integer overflow can result in arbitrary heap reads and writes, + which may result in remote code execution. + +Credit for finding CVE-2022-41903 goes to Joern Schneeweisz of GitLab. +An initial fix was authored by Markus Vervier of X41 D-Sec. Credit for +finding CVE-2022-23521 goes to Markus Vervier and Eric Sesterhenn of X41 +D-Sec. This work was sponsored by OSTIF. + +The proposed fixes have been polished and extended to cover additional +findings by Patrick Steinhardt of GitLab, with help from others on the +Git security mailing list. + +Patrick Steinhardt (21): + attr: fix overflow when upserting attribute with overly long name + attr: fix out-of-bounds read with huge attribute names + attr: fix integer overflow when parsing huge attribute names + attr: fix out-of-bounds write when parsing huge number of attributes + attr: fix out-of-bounds read with unreasonable amount of patterns + attr: fix integer overflow with more than INT_MAX macros + attr: harden allocation against integer overflows + attr: fix silently splitting up lines longer than 2048 bytes + attr: ignore attribute lines exceeding 2048 bytes + attr: ignore overly large gitattributes files + pretty: fix out-of-bounds write caused by integer overflow + pretty: fix out-of-bounds read when left-flushing with stealing + pretty: fix out-of-bounds read when parsing invalid padding format + pretty: fix adding linefeed when placeholder is not expanded + pretty: fix integer overflow in wrapping format + utf8: fix truncated string lengths in `utf8_strnwidth()` + utf8: fix returning negative string width + utf8: fix overflow when returning string width + utf8: fix checking for glyph width in `strbuf_utf8_replace()` + utf8: refactor `strbuf_utf8_replace` to not rely on preallocated buffer + pretty: restrict input lengths for padding and wrapping formats + diff --git a/Documentation/RelNotes/2.30.8.txt b/Documentation/RelNotes/2.30.8.txt new file mode 100644 index 0000000..5ed3efb --- /dev/null +++ b/Documentation/RelNotes/2.30.8.txt @@ -0,0 +1,51 @@ +Git v2.30.8 Release Notes +========================= + +This release addresses the security issues CVE-2023-22490 and +CVE-2023-23946. + + +Fixes since v2.30.7 +------------------- + + * CVE-2023-22490: + + Using a specially-crafted repository, Git can be tricked into using + its local clone optimization even when using a non-local transport. + Though Git will abort local clones whose source $GIT_DIR/objects + directory contains symbolic links (c.f., CVE-2022-39253), the objects + directory itself may still be a symbolic link. + + These two may be combined to include arbitrary files based on known + paths on the victim's filesystem within the malicious repository's + working copy, allowing for data exfiltration in a similar manner as + CVE-2022-39253. + + * CVE-2023-23946: + + By feeding a crafted input to "git apply", a path outside the + working tree can be overwritten as the user who is running "git + apply". + + * A mismatched type in `attr.c::read_attr_from_index()` which could + cause Git to errantly reject attributes on Windows and 32-bit Linux + has been corrected. + +Credit for finding CVE-2023-22490 goes to yvvdwf, and the fix was +developed by Taylor Blau, with additional help from others on the +Git security mailing list. + +Credit for finding CVE-2023-23946 goes to Joern Schneeweisz, and the +fix was developed by Patrick Steinhardt. + + +Johannes Schindelin (1): + attr: adjust a mismatched data type + +Patrick Steinhardt (1): + apply: fix writing behind newly created symbolic links + +Taylor Blau (3): + t5619: demonstrate clone_local() with ambiguous transport + clone: delay picking a transport until after get_repo_path() + dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS diff --git a/Documentation/RelNotes/2.30.9.txt b/Documentation/RelNotes/2.30.9.txt new file mode 100644 index 0000000..708d626 --- /dev/null +++ b/Documentation/RelNotes/2.30.9.txt @@ -0,0 +1,43 @@ +Git v2.30.9 Release Notes +========================= + +This release addresses the security issues CVE-2023-25652, +CVE-2023-25815, and CVE-2023-29007. + + +Fixes since v2.30.8 +------------------- + + * CVE-2023-25652: + + By feeding specially crafted input to `git apply --reject`, a + path outside the working tree can be overwritten with partially + controlled contents (corresponding to the rejected hunk(s) from + the given patch). + + * CVE-2023-25815: + + When Git is compiled with runtime prefix support and runs without + translated messages, it still used the gettext machinery to + display messages, which subsequently potentially looked for + translated messages in unexpected places. This allowed for + malicious placement of crafted messages. + + * CVE-2023-29007: + + When renaming or deleting a section from a configuration file, + certain malicious configuration values may be misinterpreted as + the beginning of a new configuration section, leading to arbitrary + configuration injection. + +Credit for finding CVE-2023-25652 goes to Ry0taK, and the fix was +developed by Taylor Blau, Junio C Hamano and Johannes Schindelin, +with the help of Linus Torvalds. + +Credit for finding CVE-2023-25815 goes to Maxime Escourbiac and +Yassine BENGANA of Michelin, and the fix was developed by Johannes +Schindelin. + +Credit for finding CVE-2023-29007 goes to André Baptista and VÃtor Pinho +of Ethiack, and the fix was developed by Taylor Blau, and Johannes +Schindelin, with help from Jeff King, and Patrick Steinhardt. diff --git a/Documentation/RelNotes/2.31.0.txt b/Documentation/RelNotes/2.31.0.txt new file mode 100644 index 0000000..cf0c7d8 --- /dev/null +++ b/Documentation/RelNotes/2.31.0.txt @@ -0,0 +1,365 @@ +Git 2.31 Release Notes +====================== + +Updates since v2.30 +------------------- + +Backward incompatible and other important changes + + * The "pack-redundant" command, which has been left stale with almost + unusable performance issues, now warns loudly when it gets used, as + we no longer want to recommend its use (instead just "repack -d" + instead). + + * The development community has adopted Contributor Covenant v2.0 to + update from v1.4 that we have been using. + + * The support for deprecated PCRE1 library has been dropped. + + * Fixes for CVE-2021-21300 in Git 2.30.2 (and earlier) is included. + + +UI, Workflows & Features + + * The "--format=%(trailers)" mechanism gets enhanced to make it + easier to design output for machine consumption. + + * When a user does not tell "git pull" to use rebase or merge, the + command gives a loud message telling a user to choose between + rebase or merge but creates a merge anyway, forcing users who would + want to rebase to redo the operation. Fix an early part of this + problem by tightening the condition to give the message---there is + no reason to stop or force the user to choose between rebase or + merge if the history fast-forwards. + + * The configuration variable 'core.abbrev' can be set to 'no' to + force no abbreviation regardless of the hash algorithm. + + * "git rev-parse" can be explicitly told to give output as absolute + or relative path with the `--path-format=(absolute|relative)` option. + + * Bash completion (in contrib/) update to make it easier for + end-users to add completion for their custom "git" subcommands. + + * "git maintenance" learned to drive scheduled maintenance on + platforms whose native scheduling methods are not 'cron'. + + * After expiring a reflog and making a single commit, the reflog for + the branch would record a single entry that knows both @{0} and + @{1}, but we failed to answer "what commit were we on?", i.e. @{1} + + * "git bundle" learns "--stdin" option to read its refs from the + standard input. Also, it now does not lose refs whey they point + at the same object. + + * "git log" learned a new "--diff-merges=<how>" option. + + * "git ls-files" can and does show multiple entries when the index is + unmerged, which is a source for confusion unless -s/-u option is in + use. A new option --deduplicate has been introduced. + + * `git worktree list` now annotates worktrees as prunable, shows + locked and prunable attributes in --porcelain mode, and gained + a --verbose option. + + * "git clone" tries to locally check out the branch pointed at by + HEAD of the remote repository after it is done, but the protocol + did not convey the information necessary to do so when copying an + empty repository. The protocol v2 learned how to do so. + + * There are other ways than ".." for a single token to denote a + "commit range", namely "<rev>^!" and "<rev>^-<n>", but "git + range-diff" did not understand them. + + * The "git range-diff" command learned "--(left|right)-only" option + to show only one side of the compared range. + + * "git mergetool" feeds three versions (base, local and remote) of + a conflicted path unmodified. The command learned to optionally + prepare these files with unconflicted parts already resolved. + + * The .mailmap is documented to be read only from the root level of a + working tree, but a stray file in a bare repository also was read + by accident, which has been corrected. + + * "git maintenance" tool learned a new "pack-refs" maintenance task. + + * The error message given when a configuration variable that is + expected to have a boolean value has been improved. + + * Signed commits and tags now allow verification of objects, whose + two object names (one in SHA-1, the other in SHA-256) are both + signed. + + * "git rev-list" command learned "--disk-usage" option. + + * "git {diff,log} --{skip,rotate}-to=<path>" allows the user to + discard diff output for early paths or move them to the end of the + output. + + * "git difftool" learned "--skip-to=<path>" option to restart an + interrupted session from an arbitrary path. + + * "git grep" has been tweaked to be limited to the sparse checkout + paths. + + * "git rebase --[no-]fork-point" gained a configuration variable + rebase.forkPoint so that users do not have to keep specifying a + non-default setting. + + +Performance, Internal Implementation, Development Support etc. + + * A 3-year old test that was not testing anything useful has been + corrected. + + * Retire more names with "sha1" in it. + + * The topological walk codepath is covered by new trace2 stats. + + * Update the Code-of-conduct to version 2.0 from the upstream (we've + been using version 1.4). + + * "git mktag" validates its input using its own rules before writing + a tag object---it has been updated to share the logic with "git + fsck". + + * Two new ways to feed configuration variable-value pairs via + environment variables have been introduced, and the way + GIT_CONFIG_PARAMETERS encodes variable/value pairs has been tweaked + to make it more robust. + + * Tests have been updated so that they do not to get affected by the + name of the default branch "git init" creates. + + * "git fetch" learns to treat ref updates atomically in all-or-none + fashion, just like "git push" does, with the new "--atomic" option. + + * The peel_ref() API has been replaced with peel_iterated_oid(). + + * The .use_shell flag in struct child_process that is passed to + run_command() API has been clarified with a bit more documentation. + + * Document, clean-up and optimize the code around the cache-tree + extension in the index. + + * The ls-refs protocol operation has been optimized to narrow the + sub-hierarchy of refs/ it walks to produce response. + + * When removing many branches and tags, the code used to do so one + ref at a time. There is another API it can use to delete multiple + refs, and it makes quite a lot of performance difference when the + refs are packed. + + * The "pack-objects" command needs to iterate over all the tags when + automatic tag following is enabled, but it actually iterated over + all refs and then discarded everything outside "refs/tags/" + hierarchy, which was quite wasteful. + + * A perf script was made more portable. + + * Our setting of GitHub CI test jobs were a bit too eager to give up + once there is even one failure found. Tweak the knob to allow + other jobs keep running even when we see a failure, so that we can + find more failures in a single run. + + * We've carried compatibility codepaths for compilers without + variadic macros for quite some time, but the world may be ready for + them to be removed. Force compilation failure on exotic platforms + where variadic macros are not available to find out who screams in + such a way that we can easily revert if it turns out that the world + is not yet ready. + + * Code clean-up to ensure our use of hashtables using object names as + keys use the "struct object_id" objects, not the raw hash values. + + * Lose the debugging aid that may have been useful in the past, but + no longer is, in the "grep" codepaths. + + * Some pretty-format specifiers do not need the data in commit object + (e.g. "%H"), but we were over-eager to load and parse it, which has + been made even lazier. + + * Get rid of "GETTEXT_POISON" support altogether, which may or may + not be controversial. + + * Introduce an on-disk file to record revindex for packdata, which + traditionally was always created on the fly and only in-core. + + * The commit-graph learned to use corrected commit dates instead of + the generation number to help topological revision traversal. + + * Piecemeal of rewrite of "git bisect" in C continues. + + * When a pager spawned by us exited, the trace log did not record its + exit status correctly, which has been corrected. + + * Removal of GIT_TEST_GETTEXT_POISON continues. + + * The code to implement "git merge-base --independent" was poorly + done and was kept from the very beginning of the feature. + + * Preliminary changes to fsmonitor integration. + + * Performance improvements for rename detection. + + * The common code to deal with "chunked file format" that is shared + by the multi-pack-index and commit-graph files have been factored + out, to help codepaths for both filetypes to become more robust. + + * The approach to "fsck" the incoming objects in "index-pack" is + attractive for performance reasons (we have them already in core, + inflated and ready to be inspected), but fundamentally cannot be + applied fully when we receive more than one pack stream, as a tree + object in one pack may refer to a blob object in another pack as + ".gitmodules", when we want to inspect blobs that are used as + ".gitmodules" file, for example. Teach "index-pack" to emit + objects that must be inspected later and check them in the calling + "fetch-pack" process. + + * The logic to handle "trailer" related placeholders in the + "--format=" mechanisms in the "log" family and "for-each-ref" + family is getting unified. + + * Raise the buffer size used when writing the index file out from + (obviously too small) 8kB to (clearly sufficiently large) 128kB. + + * It is reported that open() on some platforms (e.g. macOS Big Sur) + can return EINTR even though our timers are set up with SA_RESTART. + A workaround has been implemented and enabled for macOS to rerun + open() transparently from the caller when this happens. + + +Fixes since v2.30 +----------------- + + * Diagnose command line error of "git rebase" early. + + * Clean up option descriptions in "git cmd --help". + + * "git stash" did not work well in a sparsely checked out working + tree. + + * Some tests expect that "ls -l" output has either '-' or 'x' for + group executable bit, but setgid bit can be inherited from parent + directory and make these fields 'S' or 's' instead, causing test + failures. + + * "git for-each-repo --config=<var> <cmd>" should not run <cmd> for + any repository when the configuration variable <var> is not defined + even once. + + * Fix 2.29 regression where "git mergetool --tool-help" fails to list + all the available tools. + + * Fix for procedure to building CI test environment for mac. + + * The implementation of "git branch --sort" wrt the detached HEAD + display has always been hacky, which has been cleaned up. + + * Newline characters in the host and path part of git:// URL are + now forbidden. + + * "git diff" showed a submodule working tree with untracked cruft as + "Submodule commit <objectname>-dirty", but a natural expectation is + that the "-dirty" indicator would align with "git describe --dirty", + which does not consider having untracked files in the working tree + as source of dirtiness. The inconsistency has been fixed. + + * When more than one commit with the same patch ID appears on one + side, "git log --cherry-pick A...B" did not exclude them all when a + commit with the same patch ID appears on the other side. Now it + does. + + * Documentation for "git fsck" lost stale bits that has become + incorrect. + + * Doc fix for packfile URI feature. + + * When "git rebase -i" processes "fixup" insn, there is no reason to + clean up the commit log message, but we did the usual stripspace + processing. This has been corrected. + (merge f7d42ceec5 js/rebase-i-commit-cleanup-fix later to maint). + + * Fix in passing custom args from "git clone" to "upload-pack" on the + other side. + (merge ad6b5fefbd jv/upload-pack-filter-spec-quotefix later to maint). + + * The command line completion (in contrib/) completed "git branch -d" + with branch names, but "git branch -D" offered tagnames in addition, + which has been corrected. "git branch -M" had the same problem. + (merge 27dc071b9a jk/complete-branch-force-delete later to maint). + + * When commands are started from a subdirectory, they may have to + compare the path to the subdirectory (called prefix and found out + from $(pwd)) with the tracked paths. On macOS, $(pwd) and + readdir() yield decomposed path, while the tracked paths are + usually normalized to the precomposed form, causing mismatch. This + has been fixed by taking the same approach used to normalize the + command line arguments. + (merge 5c327502db tb/precompose-prefix-too later to maint). + + * Even though invocations of "die()" were logged to the trace2 + system, "BUG()"s were not, which has been corrected. + (merge 0a9dde4a04 jt/trace2-BUG later to maint). + + * "git grep --untracked" is meant to be "let's ALSO find in these + files on the filesystem" when looking for matches in the working + tree files, and does not make any sense if the primary search is + done against the index, or the tree objects. The "--cached" and + "--untracked" options have been marked as mutually incompatible. + (merge 0c5d83b248 mt/grep-cached-untracked later to maint). + + * Fix "git fsck --name-objects" which apparently has not been used by + anybody who is motivated enough to report breakage. + (merge e89f89361c js/fsck-name-objects-fix later to maint). + + * Avoid individual tests in t5411 from getting affected by each other + by forcing them to use separate output files during the test. + (merge 822ee894f6 jx/t5411-unique-filenames later to maint). + + * Test to make sure "git rev-parse one-thing one-thing" gives + the same thing twice (when one-thing is --since=X). + (merge a5cdca4520 ew/rev-parse-since-test later to maint). + + * When certain features (e.g. grafts) used in the repository are + incompatible with the use of the commit-graph, we used to silently + turned commit-graph off; we now tell the user what we are doing. + (merge c85eec7fc3 js/commit-graph-warning later to maint). + + * Objects that lost references can be pruned away, even when they + have notes attached to it (and these notes will become dangling, + which in turn can be pruned with "git notes prune"). This has been + clarified in the documentation. + (merge fa9ab027ba mz/doc-notes-are-not-anchors later to maint). + + * The error codepath around the "--temp/--prefix" feature of "git + checkout-index" has been improved. + (merge 3f7ba60350 mt/checkout-index-corner-cases later to maint). + + * The "git maintenance register" command had trouble registering bare + repositories, which had been corrected. + + * A handful of multi-word configuration variable names in + documentation that are spelled in all lowercase have been corrected + to use the more canonical camelCase. + (merge 7dd0eaa39c dl/doc-config-camelcase later to maint). + + * "git push $there --delete ''" should have been diagnosed as an + error, but instead turned into a matching push, which has been + corrected. + (merge 20e416409f jc/push-delete-nothing later to maint). + + * Test script modernization. + (merge 488acf15df sv/t7001-modernize later to maint). + + * An under-allocation for the untracked cache data has been corrected. + (merge 6347d649bc jh/untracked-cache-fix later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge e3f5da7e60 sg/t7800-difftool-robustify later to maint). + (merge 9d336655ba js/doc-proto-v2-response-end later to maint). + (merge 1b5b8cf072 jc/maint-column-doc-typofix later to maint). + (merge 3a837b58e3 cw/pack-config-doc later to maint). + (merge 01168a9d89 ug/doc-commit-approxidate later to maint). + (merge b865734760 js/params-vs-args later to maint). diff --git a/Documentation/RelNotes/2.31.1.txt b/Documentation/RelNotes/2.31.1.txt new file mode 100644 index 0000000..f9b06b8 --- /dev/null +++ b/Documentation/RelNotes/2.31.1.txt @@ -0,0 +1,27 @@ +Git 2.31.1 Release Notes +======================== + +Fixes since v2.31 +----------------- + + * The fsmonitor interface read from its input without making sure + there is something to read from. This bug is new in 2.31 + timeframe. + + * The data structure used by fsmonitor interface was not properly + duplicated during an in-core merge, leading to use-after-free etc. + + * "git bisect" reimplemented more in C during 2.30 timeframe did not + take an annotated tag as a good/bad endpoint well. This regression + has been corrected. + + * Fix macros that can silently inject unintended null-statements. + + * CALLOC_ARRAY() macro replaces many uses of xcalloc(). + + * Update insn in Makefile comments to run fuzz-all target. + + * Fix a corner case bug in "git mv" on case insensitive systems, + which was introduced in 2.29 timeframe. + +Also contains various documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.31.2.txt b/Documentation/RelNotes/2.31.2.txt new file mode 100644 index 0000000..aa13a5b --- /dev/null +++ b/Documentation/RelNotes/2.31.2.txt @@ -0,0 +1,6 @@ +Git v2.31.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3 to address +the security issue CVE-2022-24765; see the release notes for that +version for details. diff --git a/Documentation/RelNotes/2.31.3.txt b/Documentation/RelNotes/2.31.3.txt new file mode 100644 index 0000000..ca143ab --- /dev/null +++ b/Documentation/RelNotes/2.31.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.31.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.31.3. diff --git a/Documentation/RelNotes/2.31.4.txt b/Documentation/RelNotes/2.31.4.txt new file mode 100644 index 0000000..97a91fd --- /dev/null +++ b/Documentation/RelNotes/2.31.4.txt @@ -0,0 +1,6 @@ +Git v2.31.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5 to address +the security issue CVE-2022-29187; see the release notes for that +version for details. diff --git a/Documentation/RelNotes/2.31.5.txt b/Documentation/RelNotes/2.31.5.txt new file mode 100644 index 0000000..0d87e6e --- /dev/null +++ b/Documentation/RelNotes/2.31.5.txt @@ -0,0 +1,5 @@ +Git v2.31.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.31.6.txt b/Documentation/RelNotes/2.31.6.txt new file mode 100644 index 0000000..425a518 --- /dev/null +++ b/Documentation/RelNotes/2.31.6.txt @@ -0,0 +1,5 @@ +Git v2.31.6 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.31.7.txt b/Documentation/RelNotes/2.31.7.txt new file mode 100644 index 0000000..dd44d5b --- /dev/null +++ b/Documentation/RelNotes/2.31.7.txt @@ -0,0 +1,6 @@ +Git v2.31.7 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8 to +address the security issues CVE-2023-22490 and CVE-2023-23946; +see the release notes for that version for details. diff --git a/Documentation/RelNotes/2.31.8.txt b/Documentation/RelNotes/2.31.8.txt new file mode 100644 index 0000000..0aa3080 --- /dev/null +++ b/Documentation/RelNotes/2.31.8.txt @@ -0,0 +1,6 @@ +Git v2.31.8 Release Notes +========================= + +This release merges the fixes that appear in v2.30.9 to address the +security issues CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007; +see the release notes for that version for details. diff --git a/Documentation/RelNotes/2.32.0.txt b/Documentation/RelNotes/2.32.0.txt new file mode 100644 index 0000000..87d56fa --- /dev/null +++ b/Documentation/RelNotes/2.32.0.txt @@ -0,0 +1,416 @@ +Git 2.32 Release Notes +====================== + +Backward compatibility notes +---------------------------- + + * ".gitattributes", ".gitignore", and ".mailmap" files that are + symbolic links are ignored. + + * "git apply --3way" used to first attempt a straight application, + and only fell back to the 3-way merge algorithm when the stright + application failed. Starting with this version, the command will + first try the 3-way merge algorithm and only when it fails (either + resulting with conflict or the base versions of blobs are missing), + falls back to the usual patch application. + + +Updates since v2.31 +------------------- + +UI, Workflows & Features + + * It does not make sense to make ".gitattributes", ".gitignore" and + ".mailmap" symlinks, as they are supposed to be usable from the + object store (think: bare repositories where HEAD:.mailmap etc. are + used). When these files are symbolic links, we used to read the + contents of the files pointed by them by mistake, which has been + corrected. + + * "git stash show" learned to optionally show untracked part of the + stash. + + * "git log --format='...'" learned "%(describe)" placeholder. + + * "git repack" so far has been only capable of repacking everything + under the sun into a single pack (or split by size). A cleverer + strategy to reduce the cost of repacking a repository has been + introduced. + + * The http codepath learned to let the credential layer to cache the + password used to unlock a certificate that has successfully been + used. + + * "git commit --fixup=<commit>", which was to tweak the changes made + to the contents while keeping the original log message intact, + learned "--fixup=(amend|reword):<commit>", that can be used to + tweak both the message and the contents, and only the message, + respectively. + + * "git send-email" learned to honor the core.hooksPath configuration. + + * "git format-patch -v<n>" learned to allow a reroll count that is + not an integer. + + * "git commit" learned "--trailer <key>[=<value>]" option; together + with the interpret-trailers command, this will make it easier to + support custom trailers. + + * "git clone --reject-shallow" option fails the clone as soon as we + notice that we are cloning from a shallow repository. + + * A configuration variable has been added to force tips of certain + refs to be given a reachability bitmap. + + * "gitweb" learned "e-mail privacy" feature to redact strings that + look like e-mail addresses on various pages. + + * "git apply --3way" has always been "to fall back to 3-way merge + only when straight application fails". Swap the order of falling + back so that 3-way is always attempted first (only when the option + is given, of course) and then straight patch application is used as + a fallback when it fails. + + * "git apply" now takes "--3way" and "--cached" at the same time, and + work and record results only in the index. + + * The command line completion (in contrib/) has learned that + CHERRY_PICK_HEAD is a possible pseudo-ref. + + * Userdiff patterns for "Scheme" has been added. + + * "git log" learned "--diff-merges=<style>" option, with an + associated configuration variable log.diffMerges. + + * "git log --format=..." placeholders learned %ah/%ch placeholders to + request the --date=human output. + + * Replace GIT_CONFIG_NOSYSTEM mechanism to decline from reading the + system-wide configuration file with GIT_CONFIG_SYSTEM that lets + users specify from which file to read the system-wide configuration + (setting it to an empty file would essentially be the same as + setting NOSYSTEM), and introduce GIT_CONFIG_GLOBAL to override the + per-user configuration in $HOME/.gitconfig. + + * "git add" and "git rm" learned not to touch those paths that are + outside of sparse checkout. + + * "git rev-list" learns the "--filter=object:type=<type>" option, + which can be used to exclude objects of the given kind from the + packfile generated by pack-objects. + + * The command line completion (in contrib/) for "git stash" has been + updated. + + * "git subtree" updates. + + * It is now documented that "format-patch" skips merges. + + * Options to "git pack-objects" that take numeric values like + --window and --depth should not accept negative values; the input + validation has been tightened. + + * The way the command line specified by the trailer.<token>.command + configuration variable receives the end-user supplied value was + both error prone and misleading. An alternative to achieve the + same goal in a safer and more intuitive way has been added, as + the trailer.<token>.cmd configuration variable, to replace it. + + * "git add -i --dry-run" does not dry-run, which was surprising. The + combination of options has taught to error out. + + * "git push" learns to discover common ancestor with the receiving + end over protocol v2. This will hopefully make "git push" as + efficient as "git fetch" in avoiding objects from getting + transferred unnecessarily. + + * "git mailinfo" (hence "git am") learned the "--quoted-cr" option to + control how lines ending with CRLF wrapped in base64 or qp are + handled. + + +Performance, Internal Implementation, Development Support etc. + + * Rename detection rework continues. + + * GIT_TEST_FAIL_PREREQS is a mechanism to skip test pieces with + prerequisites to catch broken tests that depend on the side effects + of optional pieces, but did not work at all when negative + prerequisites were involved. + (merge 27d578d904 jk/fail-prereq-testfix later to maint). + + * "git diff-index" codepath has been taught to trust fsmonitor status + to reduce number of lstat() calls. + (merge 7e5aa13d2c nk/diff-index-fsmonitor later to maint). + + * Reorganize Makefile to allow building git.o and other essential + objects without extra stuff needed only for testing. + + * Preparatory API changes for parallel checkout. + + * A simple IPC interface gets introduced to build services like + fsmonitor on top. + + * Fsck API clean-up. + + * SECURITY.md that is facing individual contributors and end users + has been introduced. Also a procedure to follow when preparing + embargoed releases has been spelled out. + (merge 09420b7648 js/security-md later to maint). + + * Optimize "rev-list --use-bitmap-index --objects" corner case that + uses negative tags as the stopping points. + + * CMake update for vsbuild. + + * An on-disk reverse-index to map the in-pack location of an object + back to its object name across multiple packfiles is introduced. + + * Generate [ec]tags under $(QUIET_GEN). + + * Clean-up codepaths that implements "git send-email --validate" + option and improves the message from it. + + * The last remnant of gettext-poison has been removed. + + * The test framework has been taught to optionally turn the default + merge strategy to "ort" throughout the system where we use + three-way merges internally, like cherry-pick, rebase etc., + primarily to enhance its test coverage (the strategy has been + available as an explicit "-s ort" choice). + + * A bit of code clean-up and a lot of test clean-up around userdiff + area. + + * Handling of "promisor packs" that allows certain objects to be + missing and lazily retrievable has been optimized (a bit). + + * When packet_write() fails, we gave an extra error message + unnecessarily, which has been corrected. + + * The checkout machinery has been taught to perform the actual + write-out of the files in parallel when able. + + * Show errno in the trace output in the error codepath that calls + read_raw_ref method. + + * Effort to make the command line completion (in contrib/) safe with + "set -u" continues. + + * Tweak a few tests for "log --format=..." that show timestamps in + various formats. + + * The reflog expiry machinery has been taught to emit trace events. + + * Over-the-wire protocol learns a new request type to ask for object + sizes given a list of object names. + + +Fixes since v2.31 +----------------- + + * The fsmonitor interface read from its input without making sure + there is something to read from. This bug is new in 2.31 + timeframe. + + * The data structure used by fsmonitor interface was not properly + duplicated during an in-core merge, leading to use-after-free etc. + + * "git bisect" reimplemented more in C during 2.30 timeframe did not + take an annotated tag as a good/bad endpoint well. This regression + has been corrected. + + * Fix macros that can silently inject unintended null-statements. + + * CALLOC_ARRAY() macro replaces many uses of xcalloc(). + + * Update insn in Makefile comments to run fuzz-all target. + + * Fix a corner case bug in "git mv" on case insensitive systems, + which was introduced in 2.29 timeframe. + + * We had a code to diagnose and die cleanly when a required + clean/smudge filter is missing, but an assert before that + unnecessarily fired, hiding the end-user facing die() message. + (merge 6fab35f748 mt/cleanly-die-upon-missing-required-filter later to maint). + + * Update C code that sets a few configuration variables when a remote + is configured so that it spells configuration variable names in the + canonical camelCase. + (merge 0f1da600e6 ab/remote-write-config-in-camel-case later to maint). + + * A new configuration variable has been introduced to allow choosing + which version of the generation number gets used in the + commit-graph file. + (merge 702110aac6 ds/commit-graph-generation-config later to maint). + + * Perf test update to work better in secondary worktrees. + (merge 36e834abc1 jk/perf-in-worktrees later to maint). + + * Updates to memory allocation code around the use of pcre2 library. + (merge c1760352e0 ab/grep-pcre2-allocfix later to maint). + + * "git -c core.bare=false clone --bare ..." would have segfaulted, + which has been corrected. + (merge 75555676ad bc/clone-bare-with-conflicting-config later to maint). + + * When "git checkout" removes a path that does not exist in the + commit it is checking out, it wasn't careful enough not to follow + symbolic links, which has been corrected. + (merge fab78a0c3d mt/checkout-remove-nofollow later to maint). + + * A few option description strings started with capital letters, + which were corrected. + (merge 5ee90326dc cc/downcase-opt-help later to maint). + + * Plug or annotate remaining leaks that trigger while running the + very basic set of tests. + (merge 68ffe095a2 ah/plugleaks later to maint). + + * The hashwrite() API uses a buffering mechanism to avoid calling + write(2) too frequently. This logic has been refactored to be + easier to understand. + (merge ddaf1f62e3 ds/clarify-hashwrite later to maint). + + * "git cherry-pick/revert" with or without "--[no-]edit" did not spawn + the editor as expected (e.g. "revert --no-edit" after a conflict + still asked to edit the message), which has been corrected. + (merge 39edfd5cbc en/sequencer-edit-upon-conflict-fix later to maint). + + * "git daemon" has been tightened against systems that take backslash + as directory separator. + (merge 9a7f1ce8b7 rs/daemon-sanitize-dir-sep later to maint). + + * A NULL-dereference bug has been corrected in an error codepath in + "git for-each-ref", "git branch --list" etc. + (merge c685450880 jk/ref-filter-segfault-fix later to maint). + + * Streamline the codepath to fix the UTF-8 encoding issues in the + argv[] and the prefix on macOS. + (merge c7d0e61016 tb/precompose-prefix-simplify later to maint). + + * The command-line completion script (in contrib/) had a couple of + references that would have given a warning under the "-u" (nounset) + option. + (merge c5c0548d79 vs/completion-with-set-u later to maint). + + * When "git pack-objects" makes a literal copy of a part of existing + packfile using the reachability bitmaps, its update to the progress + meter was broken. + (merge 8e118e8490 jk/pack-objects-bitmap-progress-fix later to maint). + + * The dependencies for config-list.h and command-list.h were broken + when the former was split out of the latter, which has been + corrected. + (merge 56550ea718 sg/bugreport-fixes later to maint). + + * "git push --quiet --set-upstream" was not quiet when setting the + upstream branch configuration, which has been corrected. + (merge f3cce896a8 ow/push-quiet-set-upstream later to maint). + + * The prefetch task in "git maintenance" assumed that "git fetch" + from any remote would fetch all its local branches, which would + fetch too much if the user is interested in only a subset of + branches there. + (merge 32f67888d8 ds/maintenance-prefetch-fix later to maint). + + * Clarify that pathnames recorded in Git trees are most often (but + not necessarily) encoded in UTF-8. + (merge 9364bf465d ab/pathname-encoding-doc later to maint). + + * "git --config-env var=val cmd" weren't accepted (only + --config-env=var=val was). + (merge c331551ccf ps/config-env-option-with-separate-value later to maint). + + * When the reachability bitmap is in effect, the "do not lose + recently created objects and those that are reachable from them" + safety to protect us from races were disabled by mistake, which has + been corrected. + (merge 2ba582ba4c jk/prune-with-bitmap-fix later to maint). + + * Cygwin pathname handling fix. + (merge bccc37fdc7 ad/cygwin-no-backslashes-in-paths later to maint). + + * "git rebase --[no-]reschedule-failed-exec" did not work well with + its configuration variable, which has been corrected. + (merge e5b32bffd1 ab/rebase-no-reschedule-failed-exec later to maint). + + * Portability fix for command line completion script (in contrib/). + (merge f2acf763e2 si/zsh-complete-comment-fix later to maint). + + * "git repack -A -d" in a partial clone unnecessarily loosened + objects in promisor pack. + + * "git bisect skip" when custom words are used for new/old did not + work, which has been corrected. + + * A few variants of informational message "Already up-to-date" has + been rephrased. + (merge ad9322da03 js/merge-already-up-to-date-message-reword later to maint). + + * "git submodule update --quiet" did not propagate the quiet option + down to underlying "git fetch", which has been corrected. + (merge 62af4bdd42 nc/submodule-update-quiet later to maint). + + * Document that our test can use "local" keyword. + (merge a84fd3bcc6 jc/test-allows-local later to maint). + + * The word-diff mode has been taught to work better with a word + regexp that can match an empty string. + (merge 0324e8fc6b pw/word-diff-zero-width-matches later to maint). + + * "git p4" learned to find branch points more efficiently. + (merge 6b79818bfb jk/p4-locate-branch-point-optim later to maint). + + * When "git update-ref -d" removes a ref that is packed, it left + empty directories under $GIT_DIR/refs/ for + (merge 5f03e5126d wc/packed-ref-removal-cleanup later to maint). + + * "git clean" and "git ls-files -i" had confusion around working on + or showing ignored paths inside an ignored directory, which has + been corrected. + (merge b548f0f156 en/dir-traversal later to maint). + + * The handling of "%(push)" formatting element of "for-each-ref" and + friends was broken when the same codepath started handling + "%(push:<what>)", which has been corrected. + (merge 1e1c4c5eac zh/ref-filter-push-remote-fix later to maint). + + * The bash prompt script (in contrib/) did not work under "set -u". + (merge 5c0cbdb107 en/prompt-under-set-u later to maint). + + * The "chainlint" feature in the test framework is a handy way to + catch common mistakes in writing new tests, but tends to get + expensive. An knob to selectively disable it has been introduced + to help running tests that the developer has not modified. + (merge 2d86a96220 jk/test-chainlint-softer later to maint). + + * The "rev-parse" command did not diagnose the lack of argument to + "--path-format" option, which was introduced in v2.31 era, which + has been corrected. + (merge 99fc555188 wm/rev-parse-path-format-wo-arg later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge f451960708 dl/cat-file-doc-cleanup later to maint). + (merge 12604a8d0c sv/t9801-test-path-is-file-cleanup later to maint). + (merge ea7e63921c jr/doc-ignore-typofix later to maint). + (merge 23c781f173 ps/update-ref-trans-hook-doc later to maint). + (merge 42efa1231a jk/filter-branch-sha256 later to maint). + (merge 4c8e3dca6e tb/push-simple-uses-branch-merge-config later to maint). + (merge 6534d436a2 bs/asciidoctor-installation-hints later to maint). + (merge 47957485b3 ab/read-tree later to maint). + (merge 2be927f3d1 ab/diff-no-index-tests later to maint). + (merge 76593c09bb ab/detox-gettext-tests later to maint). + (merge 28e29ee38b jc/doc-format-patch-clarify later to maint). + (merge fc12b6fdde fm/user-manual-use-preface later to maint). + (merge dba94e3a85 cc/test-helper-bloom-usage-fix later to maint). + (merge 61a7660516 hn/reftable-tables-doc-update later to maint). + (merge 81ed96a9b2 jt/fetch-pack-request-fix later to maint). + (merge 151b6c2dd7 jc/doc-do-not-capitalize-clarification later to maint). + (merge 9160068ac6 js/access-nul-emulation-on-windows later to maint). + (merge 7a14acdbe6 po/diff-patch-doc later to maint). + (merge f91371b948 pw/patience-diff-clean-up later to maint). + (merge 3a7f0908b6 mt/clean-clean later to maint). + (merge d4e2d15a8b ab/streaming-simplify later to maint). + (merge 0e59f7ad67 ah/merge-ort-i18n later to maint). + (merge e6f68f62e0 ls/typofix later to maint). diff --git a/Documentation/RelNotes/2.32.1.txt b/Documentation/RelNotes/2.32.1.txt new file mode 100644 index 0000000..7dcca13 --- /dev/null +++ b/Documentation/RelNotes/2.32.1.txt @@ -0,0 +1,6 @@ +Git v2.32.1 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3 and +v2.31.2 to address the security issue CVE-2022-24765; see the +release notes for these versions for details. diff --git a/Documentation/RelNotes/2.32.2.txt b/Documentation/RelNotes/2.32.2.txt new file mode 100644 index 0000000..cf49695 --- /dev/null +++ b/Documentation/RelNotes/2.32.2.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.32.2.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.32.2. diff --git a/Documentation/RelNotes/2.32.3.txt b/Documentation/RelNotes/2.32.3.txt new file mode 100644 index 0000000..583fabe --- /dev/null +++ b/Documentation/RelNotes/2.32.3.txt @@ -0,0 +1,6 @@ +Git v2.32.3 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5 and +v2.31.4 to address the security issue CVE-2022-29187; see the +release notes for these versions for details. diff --git a/Documentation/RelNotes/2.32.4.txt b/Documentation/RelNotes/2.32.4.txt new file mode 100644 index 0000000..76c67b2 --- /dev/null +++ b/Documentation/RelNotes/2.32.4.txt @@ -0,0 +1,5 @@ +Git v2.32.4 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.32.5.txt b/Documentation/RelNotes/2.32.5.txt new file mode 100644 index 0000000..a8cad1a --- /dev/null +++ b/Documentation/RelNotes/2.32.5.txt @@ -0,0 +1,8 @@ +Git v2.32.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. + +In addition, included are additional code for "git fsck" to check +for questionable .gitattributes files. diff --git a/Documentation/RelNotes/2.32.6.txt b/Documentation/RelNotes/2.32.6.txt new file mode 100644 index 0000000..fd65961 --- /dev/null +++ b/Documentation/RelNotes/2.32.6.txt @@ -0,0 +1,6 @@ +Git v2.32.6 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8 and v2.31.7 +to address the security issues CVE-2023-22490 and CVE-2023-23946; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.32.7.txt b/Documentation/RelNotes/2.32.7.txt new file mode 100644 index 0000000..7bb3538 --- /dev/null +++ b/Documentation/RelNotes/2.32.7.txt @@ -0,0 +1,7 @@ +Git v2.32.7 Release Notes +========================= + +This release merges the fixes that appear in v2.30.9 and v2.31.8 to +address the security issues CVE-2023-25652, CVE-2023-25815, and +CVE-2023-29007; see the release notes for these versions for +details. diff --git a/Documentation/RelNotes/2.33.0.txt b/Documentation/RelNotes/2.33.0.txt new file mode 100644 index 0000000..893c18b --- /dev/null +++ b/Documentation/RelNotes/2.33.0.txt @@ -0,0 +1,279 @@ +Git 2.33 Release Notes +====================== + +Updates since Git 2.32 +---------------------- + +UI, Workflows & Features + + * "git send-email" learned the "--sendmail-cmd" command line option + and the "sendemail.sendmailCmd" configuration variable, which is a + more sensible approach than the current way of repurposing the + "smtp-server" that is meant to name the server to instead name the + command to talk to the server. + + * The userdiff pattern for C# learned the token "record". + + * "git rev-list" learns to omit the "commit <object-name>" header + lines from the output with the `--no-commit-header` option. + + * "git worktree add --lock" learned to record why the worktree is + locked with a custom message. + + +Performance, Internal Implementation, Development Support etc. + + * The code to handle the "--format" option in "for-each-ref" and + friends made too many string comparisons on %(atom)s used in the + format string, which has been corrected by converting them into + enum when the format string is parsed. + + * Use the hashfile API in the codepath that writes the index file to + reduce code duplication. + + * Repeated rename detections in a sequence of mergy operations have + been optimized out for the 'ort' merge strategy. + + * Preliminary clean-up of tests before the main reftable changes + hits the codebase. + + * The backend for "diff -G/-S" has been updated to use pcre2 engine + when available. + + * Use ".DELETE_ON_ERROR" pseudo target to simplify our Makefile. + + * Code cleanup around struct_type_init() functions. + + * "git send-email" optimization. + + * GitHub Actions / CI update. + (merge 0dc787a9f2 js/ci-windows-update later to maint). + + * Object accesses in repositories with many alternate object store + have been optimized. + + * "git log" has been optimized not to waste cycles to load ref + decoration data that may not be needed. + + * Many "printf"-like helper functions we have have been annotated + with __attribute__() to catch placeholder/parameter mismatches. + + * Tests that cover protocol bits have been updated and helpers + used there have been consolidated. + + * The CI gained a new job to run "make sparse" check. + + * "git status" codepath learned to work with sparsely populated index + without hydrating it fully. + + * A guideline for gender neutral documentation has been added. + + * Documentation on "git diff -l<n>" and diff.renameLimit have been + updated, and the defaults for these limits have been raised. + + * The completion support used to offer alternate spelling of options + that exist only for compatibility, which has been corrected. + + * "TEST_OUTPUT_DIRECTORY=there make test" failed to work, which has + been corrected. + + * "git bundle" gained more test coverage. + + * "git read-tree" had a codepath where blobs are fetched one-by-one + from the promisor remote, which has been corrected to fetch in bulk. + + * Rewrite of "git submodule" in C continues. + + * "git checkout" and "git commit" learn to work without unnecessarily + expanding sparse indexes. + + +Fixes since v2.32 +----------------- + + * We historically rejected a very short string as an author name + while accepting a patch e-mail, which has been loosened. + (merge 72ee47ceeb ef/mailinfo-short-name later to maint). + + * The parallel checkout codepath did not initialize object ID field + used to talk to the worker processes in a futureproof way. + + * Rewrite code that triggers undefined behaviour warning. + (merge aafa5df0df jn/size-t-casted-to-off-t-fix later to maint). + + * The description of "fast-forward" in the glossary has been updated. + (merge e22f2daed0 ry/clarify-fast-forward-in-glossary later to maint). + + * Recent "git clone" left a temporary directory behind when the + transport layer returned an failure. + (merge 6aacb7d861 jk/clone-clean-upon-transport-error later to maint). + + * "git fetch" over protocol v2 left its side of the socket open after + it finished speaking, which unnecessarily wasted the resource on + the other side. + (merge ae1a7eefff jk/fetch-pack-v2-half-close-early later to maint). + + * The command line completion (in contrib/) learned that "git diff" + takes the "--anchored" option. + (merge d1e7c2cac9 tb/complete-diff-anchored later to maint). + + * "git-svn" tests assumed that "locale -a", which is used to pick an + available UTF-8 locale, is available everywhere. A knob has been + introduced to allow testers to specify a suitable locale to use. + (merge 482c962de4 dd/svn-test-wo-locale-a later to maint). + + * Update "git subtree" to work better on Windows. + (merge 77f37de39f js/subtree-on-windows-fix later to maint). + + * Remove multimail from contrib/ + (merge f74d11471f js/no-more-multimail later to maint). + + * Make the codebase MSAN clean. + (merge 4dbc55e87d ah/uninitialized-reads-fix later to maint). + + * Work around inefficient glob substitution in older versions of bash + by rewriting parts of a test. + (merge eb87c6f559 jx/t6020-with-older-bash later to maint). + + * Avoid duplicated work while building reachability bitmaps. + (merge aa9ad6fee5 jk/bitmap-tree-optim later to maint). + + * We broke "GIT_SKIP_TESTS=t?000" to skip certain tests in recent + update, which got fixed. + + * The side-band demultiplexer that is used to display progress output + from the remote end did not clear the line properly when the end of + line hits at a packet boundary, which has been corrected. + + * Some test scripts assumed that readlink(1) was universally + installed and available, which is not the case. + (merge 7c0afdf23c jk/test-without-readlink-1 later to maint). + + * Recent update to completion script (in contrib/) broke those who + use the __git_complete helper to define completion to their custom + command. + (merge cea232194d fw/complete-cmd-idx-fix later to maint). + + * Output from some of our tests were affected by the width of the + terminal that they were run in, which has been corrected by + exporting a fixed value in the COLUMNS environment. + (merge c49a177bec ab/fix-columns-to-80-during-tests later to maint). + + * On Windows, mergetool has been taught to find kdiff3.exe just like + it finds winmerge.exe. + (merge 47eb4c6890 ms/mergetools-kdiff3-on-windows later to maint). + + * When we cannot figure out how wide the terminal is, we use a + fallback value of 80 ourselves (which cannot be avoided), but when + we run the pager, we export it in COLUMNS, which forces the pager + to use the hardcoded value, even when the pager is perfectly + capable to figure it out itself. Stop exporting COLUMNS when we + fall back on the hardcoded default value for our own use. + (merge 9b6e2c8b98 js/stop-exporting-bogus-columns later to maint). + + * "git cat-file --batch-all-objects"" misbehaved when "--batch" is in + use and did not ask for certain object traits. + (merge ee02ac6164 zh/cat-file-batch-fix later to maint). + + * Some code and doc clarification around "git push". + + * The "union" conflict resultion variant misbehaved when used with + binary merge driver. + (merge 382b601acd jk/union-merge-binary later to maint). + + * Prevent "git p4" from failing to submit changes to binary file. + (merge 54662d5958 dc/p4-binary-submit-fix later to maint). + + * "git grep --and -e foo" ought to have been diagnosed as an error + but instead segfaulted, which has been corrected. + (merge fe7fe62d8d rs/grep-parser-fix later to maint). + + * The merge code had funny interactions between content based rename + detection and directory rename detection. + (merge 3585d0ea23 en/merge-dir-rename-corner-case-fix later to maint). + + * When rebuilding the multi-pack index file reusing an existing one, + we used to blindly trust the existing file and ended up carrying + corrupted data into the updated file, which has been corrected. + (merge f89ecf7988 tb/midx-use-checksum later to maint). + + * Update the location of system-side configuration file on Windows. + (merge e355307692 js/gfw-system-config-loc-fix later to maint). + + * Code recently added to support common ancestry negotiation during + "git push" did not sanity check its arguments carefully enough. + (merge eff40457a4 ab/fetch-negotiate-segv-fix later to maint). + + * Update the documentation not to assume users are of certain gender + and adds to guidelines to do so. + (merge 46a237f42f ds/gender-neutral-doc later to maint). + + * "git commit --allow-empty-message" won't abort the operation upon + an empty message, but the hint shown in the editor said otherwise. + (merge 6f70f00b4f hj/commit-allow-empty-message later to maint). + + * The code that gives an error message in "git multi-pack-index" when + no subcommand is given tried to print a NULL pointer as a strong, + which has been corrected. + (merge 88617d11f9 tb/reverse-midx later to maint). + + * CI update. + (merge a066a90db6 js/ci-check-whitespace-updates later to maint). + + * Documentation fix for "git pull --rebase=no". + (merge d3236becec fc/pull-no-rebase-merges-theirs-into-ours later to maint). + + * A race between repacking and using pack bitmaps has been corrected. + (merge dc1daacdcc jk/check-pack-valid-before-opening-bitmap later to maint). + + * The local changes stashed by "git merge --autostash" were lost when + the merge failed in certain ways, which has been corrected. + + * Windows rmdir() equivalent behaves differently from POSIX ones in + that when used on a symbolic link that points at a directory, the + target directory gets removed, which has been corrected. + (merge 3e7d4888e5 tb/mingw-rmdir-symlink-to-directory later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge bfe35a6165 ah/doc-describe later to maint). + (merge f302c1e4aa jc/clarify-revision-range later to maint). + (merge 3127ff90ea tl/fix-packfile-uri-doc later to maint). + (merge a84216c684 jk/doc-color-pager later to maint). + (merge 4e0a64a713 ab/trace2-squelch-gcc-warning later to maint). + (merge 225f7fa847 ps/rev-list-object-type-filter later to maint). + (merge 5317dfeaed dd/honor-users-tar-in-tests later to maint). + (merge ace6d8e3d6 tk/partial-clone-repack-doc later to maint). + (merge 7ba68e0cf1 js/trace2-discard-event-docfix later to maint). + (merge 8603c419d3 fc/doc-default-to-upstream-config later to maint). + (merge 1d72b604ef jk/revision-squelch-gcc-warning later to maint). + (merge abcb66c614 ar/typofix later to maint). + (merge 9853830787 ah/graph-typofix later to maint). + (merge aac578492d ab/config-hooks-path-testfix later to maint). + (merge 98c7656a18 ar/more-typofix later to maint). + (merge 6fb9195f6c jk/doc-max-pack-size later to maint). + (merge 4184cbd635 ar/mailinfo-memcmp-to-skip-prefix later to maint). + (merge 91d2347033 ar/doc-libera-chat-in-my-first-contrib later to maint). + (merge 338abb0f04 ab/cmd-foo-should-return later to maint). + (merge 546096a5cb ab/xdiff-bug-cleanup later to maint). + (merge b7b793d1e7 ab/progress-cleanup later to maint). + (merge d94f9b8e90 ba/object-info later to maint). + (merge 52ff891c03 ar/test-code-cleanup later to maint). + (merge a0538e5c8b dd/document-log-decorate-default later to maint). + (merge ce24797d38 mr/cmake later to maint). + (merge 9eb542f2ee ab/pre-auto-gc-hook-test later to maint). + (merge 9fffc38583 bk/doc-commit-typofix later to maint). + (merge 1cf823d8f0 ks/submodule-cleanup later to maint). + (merge ebbf5d2b70 js/config-mak-windows-pcre-fix later to maint). + (merge 617480d75b hn/refs-iterator-peel-returns-boolean later to maint). + (merge 6a24cc71ed ar/submodule-helper-include-cleanup later to maint). + (merge 5632e838f8 rs/khash-alloc-cleanup later to maint). + (merge b1d87fbaf1 jk/typofix later to maint). + (merge e04170697a ab/gitignore-discovery-doc later to maint). + (merge 8232a0ff48 dl/packet-read-response-end-fix later to maint). + (merge eb448631fb dl/diff-merge-base later to maint). + (merge c510928a25 hn/refs-debug-empty-prefix later to maint). + (merge ddcb189d9d tb/bitmap-type-filter-comment-fix later to maint). + (merge 878b399734 pb/submodule-recurse-doc later to maint). + (merge 734283855f jk/config-env-doc later to maint). + (merge 482e1488a9 ab/getcwd-test later to maint). + (merge f0b922473e ar/doc-markup-fix later to maint). diff --git a/Documentation/RelNotes/2.33.1.txt b/Documentation/RelNotes/2.33.1.txt new file mode 100644 index 0000000..b71738e --- /dev/null +++ b/Documentation/RelNotes/2.33.1.txt @@ -0,0 +1,138 @@ +Git 2.33.1 Release Notes +======================== + +This primarily is to backport various fixes accumulated during the +development towards Git 2.34, the next feature release. + + +Fixes since v2.33 +----------------- + + * The unicode character width table (used for output alignment) has + been updated. + + * Input validation of "git pack-objects --stdin-packs" has been + corrected. + + * Bugfix for common ancestor negotiation recently introduced in "git + push" codepath. + + * "git pull" had various corner cases that were not well thought out + around its --rebase backend, e.g. "git pull --ff-only" did not stop + but went ahead and rebased when the history on other side is not a + descendant of our history. The series tries to fix them up. + + * "git apply" miscounted the bytes and failed to read to the end of + binary hunks. + + * "git range-diff" code clean-up. + + * "git commit --fixup" now works with "--edit" again, after it was + broken in v2.32. + + * Use upload-artifacts v1 (instead of v2) for 32-bit linux, as the + new version has a blocker bug for that architecture. + + * Checking out all the paths from HEAD during the last conflicted + step in "git rebase" and continuing would cause the step to be + skipped (which is expected), but leaves MERGE_MSG file behind in + $GIT_DIR and confuses the next "git commit", which has been + corrected. + + * Various bugs in "git rebase -r" have been fixed. + + * mmap() imitation used to call xmalloc() that dies upon malloc() + failure, which has been corrected to just return an error to the + caller to be handled. + + * "git diff --relative" segfaulted and/or produced incorrect result + when there are unmerged paths. + + * The delayed checkout code path in "git checkout" etc. were chatty + even when --quiet and/or --no-progress options were given. + + * "git branch -D <branch>" used to refuse to remove a broken branch + ref that points at a missing commit, which has been corrected. + + * Build update for Apple clang. + + * The parser for the "--nl" option of "git column" has been + corrected. + + * "git upload-pack" which runs on the other side of "git fetch" + forgot to take the ref namespaces into account when handling + want-ref requests. + + * The sparse-index support can corrupt the index structure by storing + a stale and/or uninitialized data, which has been corrected. + + * Buggy tests could damage repositories outside the throw-away test + area we created. We now by default export GIT_CEILING_DIRECTORIES + to limit the damage from such a stray test. + + * Even when running "git send-email" without its own threaded + discussion support, a threading related header in one message is + carried over to the subsequent message to result in an unwanted + threading, which has been corrected. + + * The output from "git fast-export", when its anonymization feature + is in use, showed an annotated tag incorrectly. + + * Recent "diff -m" changes broke "gitk", which has been corrected. + + * "git maintenance" scheduler fix for macOS. + + * A pathname in an advice message has been made cut-and-paste ready. + + * The "git apply -3" code path learned not to bother the lower level + merge machinery when the three-way merge can be trivially resolved + without the content level merge. + + * The code that optionally creates the *.rev reverse index file has + been optimized to avoid needless computation when it is not writing + the file out. + + * "git range-diff -I... <range> <range>" segfaulted, which has been + corrected. + + * The order in which various files that make up a single (conceptual) + packfile has been reevaluated and straightened up. This matters in + correctness, as an incomplete set of files must not be shown to a + running Git. + + * The "mode" word is useless in a call to open(2) that does not + create a new file. Such a call in the files backend of the ref + subsystem has been cleaned up. + + * "git update-ref --stdin" failed to flush its output as needed, + which potentially led the conversation to a deadlock. + + * When "git am --abort" fails to abort correctly, it still exited + with exit status of 0, which has been corrected. + + * Correct nr and alloc members of strvec struct to be of type size_t. + + * "git stash", where the tentative change involves changing a + directory to a file (or vice versa), was confused, which has been + corrected. + + * "git clone" from a repository whose HEAD is unborn into a bare + repository didn't follow the branch name the other side used, which + is corrected. + + * "git cvsserver" had a long-standing bug in its authentication code, + which has finally been corrected (it is unclear and is a separate + question if anybody is seriously using it, though). + + * "git difftool --dir-diff" mishandled symbolic links. + + * Sensitive data in the HTTP trace were supposed to be redacted, but + we failed to do so in HTTP/2 requests. + + * "make clean" has been updated to remove leftover .depend/ + directories, even when it is not told to use them to compute header + dependencies. + + * Protocol v0 clients can get stuck parsing a malformed feature line. + +Also contains various documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.33.2.txt b/Documentation/RelNotes/2.33.2.txt new file mode 100644 index 0000000..e504489 --- /dev/null +++ b/Documentation/RelNotes/2.33.2.txt @@ -0,0 +1,15 @@ +Git v2.33.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3, v2.31.2 +and v2.32.1 to address the security issue CVE-2022-24765; see +the release notes for these versions for details. + +In addition, it contains the following fixes: + + * Squelch over-eager warning message added during this cycle. + + * A bug in "git rebase -r" has been fixed. + + * One CI task based on Fedora image noticed a not-quite-kosher + construct recently, which has been corrected. diff --git a/Documentation/RelNotes/2.33.3.txt b/Documentation/RelNotes/2.33.3.txt new file mode 100644 index 0000000..e2bada1 --- /dev/null +++ b/Documentation/RelNotes/2.33.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.33.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.33.3. diff --git a/Documentation/RelNotes/2.33.4.txt b/Documentation/RelNotes/2.33.4.txt new file mode 100644 index 0000000..a145cc2 --- /dev/null +++ b/Documentation/RelNotes/2.33.4.txt @@ -0,0 +1,6 @@ +Git v2.33.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, v2.31.4 +and v2.32.3 to address the security issue CVE-2022-29187; see +the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.33.5.txt b/Documentation/RelNotes/2.33.5.txt new file mode 100644 index 0000000..a636526 --- /dev/null +++ b/Documentation/RelNotes/2.33.5.txt @@ -0,0 +1,5 @@ +Git v2.33.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.33.6.txt b/Documentation/RelNotes/2.33.6.txt new file mode 100644 index 0000000..b63e4e6 --- /dev/null +++ b/Documentation/RelNotes/2.33.6.txt @@ -0,0 +1,5 @@ +Git v2.33.6 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.33.7.txt b/Documentation/RelNotes/2.33.7.txt new file mode 100644 index 0000000..078a837 --- /dev/null +++ b/Documentation/RelNotes/2.33.7.txt @@ -0,0 +1,7 @@ +Git v2.33.7 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7 +and v2.32.6 to address the security issues CVE-2023-22490 and +CVE-2023-23946; see the release notes for these versions for +details. diff --git a/Documentation/RelNotes/2.33.8.txt b/Documentation/RelNotes/2.33.8.txt new file mode 100644 index 0000000..d8cf4c7 --- /dev/null +++ b/Documentation/RelNotes/2.33.8.txt @@ -0,0 +1,7 @@ +Git v2.33.8 Release Notes +========================= + +This release merges the fixes that appear in v2.30.9, v2.31.8 and +v2.32.7 to address the security issues CVE-2023-25652, +CVE-2023-25815, and CVE-2023-29007; see the release notes for these +versions for details. diff --git a/Documentation/RelNotes/2.34.0.txt b/Documentation/RelNotes/2.34.0.txt new file mode 100644 index 0000000..75d4fdf --- /dev/null +++ b/Documentation/RelNotes/2.34.0.txt @@ -0,0 +1,438 @@ +Git 2.34 Release Notes +====================== + +Updates since Git 2.33 +---------------------- + +Backward compatibility notes + + * The "--preserve-merges" option of "git rebase" has been removed. + + +UI, Workflows & Features + + * Pathname expansion (like "~username/") learned a way to specify a + location relative to Git installation (e.g. its $sharedir which is + $(prefix)/share), with "%(prefix)". + + * The `ort` strategy is used instead of `recursive` as the default + merge strategy. + + * The userdiff pattern for "java" language has been updated. + + * "git rebase" by default skips changes that are equivalent to + commits that are already in the history the branch is rebased onto; + give messages when this happens to let the users be aware of + skipped commits, and also teach them how to tell "rebase" to keep + duplicated changes. + + * The advice message that "git cherry-pick" gives when it asks + conflicted replay of a commit to be resolved by the end user has + been updated. + + * After "git clone --recurse-submodules", all submodules are cloned + but they are not by default recursed into by other commands. With + submodule.stickyRecursiveClone configuration set, submodule.recurse + configuration is set to true in a repository created by "clone" + with "--recurse-submodules" option. + + * The logic for auto-correction of misspelt subcommands learned to go + interactive when the help.autocorrect configuration variable is set + to 'prompt'. + + * "git maintenance" scheduler learned to use systemd timers as a + possible backend. + + * "git diff --submodule=diff" showed failure from run_command() when + trying to run diff inside a submodule, when the user manually + removes the submodule directory. + + * "git bundle unbundle" learned to show progress display. + + * In cone mode, the sparse-index code path learned to remove ignored + files (like build artifacts) outside the sparse cone, allowing the + entire directory outside the sparse cone to be removed, which is + especially useful when the sparse patterns change. + + * Taking advantage of the CGI interface, http-backend has been + updated to enable protocol v2 automatically when the other side + asks for it. + + * The credential-cache helper has been adjusted to Windows. + + * The error in "git help no-such-git-command" is handled better. + + * The unicode character width table (used for output alignment) has + been updated. + + * The ref iteration code used to optionally allow dangling refs to be + shown, which has been tightened up. + + * "git add", "git mv", and "git rm" have been adjusted to avoid + updating paths outside of the sparse-checkout definition unless + the user specifies a "--sparse" option. + + * "git repack" has been taught to generate multi-pack reachability + bitmaps. + + * "git fsck" has been taught to report mismatch between expected and + actual types of an object better. + + * In addition to GnuPG, ssh public crypto can be used for object and + push-cert signing. Note that this feature cannot be used with + ssh-keygen from OpenSSH 8.7, whose support for it is broken. Avoid + using it unless you update to OpenSSH 8.8. + + * "git log --grep=string --author=name" learns to highlight hits just + like "git grep string" does. + + + +Performance, Internal Implementation, Development Support etc. + + * "git bisect" spawned "git show-branch" only to pretty-print the + title of the commit after checking out the next version to be + tested; this has been rewritten in C. + + * "git add" can work better with the sparse index. + + * Support for ancient versions of cURL library (pre 7.19.4) has been + dropped. + + * A handful of tests that assumed implementation details of files + backend for refs have been cleaned up. + + * trace2 logs learned to show parent process name to see in what + context Git was invoked. + + * Loading of ref tips to prepare for common ancestry negotiation in + "git fetch-pack" has been optimized by taking advantage of the + commit graph when available. + + * Remind developers that the userdiff patterns should be kept simple + and permissive, assuming that the contents they apply are always + syntactically correct. + + * The current implementation of GIT_TEST_FAIL_PREREQS is broken in + that checking for the lack of a prerequisite would not work. Avoid + the use of "if ! test_have_prereq X" in a test script. + + * The revision traversal API has been optimized by taking advantage + of the commit-graph, when available, to determine if a commit is + reachable from any of the existing refs. + + * "git fetch --quiet" optimization to avoid useless computation of + info that will never be displayed. + + * Callers from older advice_config[] based API has been updated to + use the newer advice_if_enabled() and advice_enabled() API. + + * Teach "test_pause" and "debug" helpers to allow using the HOME and + TERM environment variables the user usually uses. + + * "make INSTALL_STRIP=-s install" allows the installation step to use + "install -s" to strip the binaries as they get installed. + + * Code that handles large number of refs in the "git fetch" code + path has been optimized. + + * The reachability bitmap file used to be generated only for a single + pack, but now we've learned to generate bitmaps for history that + span across multiple packfiles. + + * The code to make "git grep" recurse into submodules has been + updated to migrate away from the "add submodule's object store as + an alternate object store" mechanism (which is suboptimal). + + * The tracing of process ancestry information has been enhanced. + + * Reduce number of write(2) system calls while sending the + ref advertisement. + + * Update the build procedure to use the "-pedantic" build when + DEVELOPER makefile macro is in effect. + + * Large part of "git submodule add" gets rewritten in C. + + * The run-command API has been updated so that the callers can easily + ask the file descriptors open for packfiles to be closed immediately + before spawning commands that may trigger auto-gc. + + * An oddball OPTION_ARGUMENT feature has been removed from the + parse-options API. + + * The mergesort implementation used to sort linked list has been + optimized. + + * Remove external declaration of functions that no longer exist. + + * "git multi-pack-index write --bitmap" learns to propagate the + hashcache from original bitmap to resulting bitmap. + + * CI learns to run the leak sanitizer builds. + + * "git grep --recurse-submodules" takes trees and blobs from the + submodule repository, but the textconv settings when processing a + blob from the submodule is not taken from the submodule repository. + A test is added to demonstrate the issue, without fixing it. + + * Teach "git help -c" into helping the command line completion of + configuration variables. + + * When "git cmd -h" shows more than one line of usage text (e.g. + the cmd subcommand may take sub-sub-command), parse-options API + learned to align these lines, even across i18n/l10n. + + * Prevent "make sparse" from running for the source files that + haven't been modified. + + * The code path to write a new version of .midx multi-pack index files + has learned to release the mmaped memory holding the current + version of .midx before removing them from the disk, as some + platforms do not allow removal of a file that still has mapping. + + * A new feature has been added to abort early in the test framework. + + +Fixes since v2.33 +----------------- + + * Input validation of "git pack-objects --stdin-packs" has been + corrected. + + * Bugfix for common ancestor negotiation recently introduced in "git + push" code path. + + * "git pull" had various corner cases that were not well thought out + around its --rebase backend, e.g. "git pull --ff-only" did not stop + but went ahead and rebased when the history on other side is not a + descendant of our history. The series tries to fix them up. + + * "git apply" miscounted the bytes and failed to read to the end of + binary hunks. + + * "git range-diff" code clean-up. + + * "git commit --fixup" now works with "--edit" again, after it was + broken in v2.32. + + * Use upload-artifacts v1 (instead of v2) for 32-bit linux, as the + new version has a blocker bug for that architecture. + + * Checking out all the paths from HEAD during the last conflicted + step in "git rebase" and continuing would cause the step to be + skipped (which is expected), but leaves MERGE_MSG file behind in + $GIT_DIR and confuses the next "git commit", which has been + corrected. + + * Various bugs in "git rebase -r" have been fixed. + + * mmap() imitation used to call xmalloc() that dies upon malloc() + failure, which has been corrected to just return an error to the + caller to be handled. + + * "git diff --relative" segfaulted and/or produced incorrect result + when there are unmerged paths. + + * The delayed checkout code path in "git checkout" etc. were chatty + even when --quiet and/or --no-progress options were given. + + * "git branch -D <branch>" used to refuse to remove a broken branch + ref that points at a missing commit, which has been corrected. + + * Build update for Apple clang. + + * The parser for the "--nl" option of "git column" has been + corrected. + + * "git upload-pack" which runs on the other side of "git fetch" + forgot to take the ref namespaces into account when handling + want-ref requests. + + * The sparse-index support can corrupt the index structure by storing + a stale and/or uninitialized data, which has been corrected. + + * Buggy tests could damage repositories outside the throw-away test + area we created. We now by default export GIT_CEILING_DIRECTORIES + to limit the damage from such a stray test. + + * Even when running "git send-email" without its own threaded + discussion support, a threading related header in one message is + carried over to the subsequent message to result in an unwanted + threading, which has been corrected. + + * The output from "git fast-export", when its anonymization feature + is in use, showed an annotated tag incorrectly. + + * Recent "diff -m" changes broke "gitk", which has been corrected. + + * The "git apply -3" code path learned not to bother the lower level + merge machinery when the three-way merge can be trivially resolved + without the content level merge. This fixes a regression caused by + recent "-3way first and fall back to direct application" change. + + * The code that optionally creates the *.rev reverse index file has + been optimized to avoid needless computation when it is not writing + the file out. + + * "git range-diff -I... <range> <range>" segfaulted, which has been + corrected. + + * The order in which various files that make up a single (conceptual) + packfile has been reevaluated and straightened up. This matters in + correctness, as an incomplete set of files must not be shown to a + running Git. + + * The "mode" word is useless in a call to open(2) that does not + create a new file. Such a call in the files backend of the ref + subsystem has been cleaned up. + + * "git update-ref --stdin" failed to flush its output as needed, + which potentially led the conversation to a deadlock. + + * When "git am --abort" fails to abort correctly, it still exited + with exit status of 0, which has been corrected. + + * Correct nr and alloc members of strvec struct to be of type size_t. + + * "git stash", where the tentative change involves changing a + directory to a file (or vice versa), was confused, which has been + corrected. + + * "git clone" from a repository whose HEAD is unborn into a bare + repository didn't follow the branch name the other side used, which + is corrected. + + * "git cvsserver" had a long-standing bug in its authentication code, + which has finally been corrected (it is unclear and is a separate + question if anybody is seriously using it, though). + + * "git difftool --dir-diff" mishandled symbolic links. + + * Sensitive data in the HTTP trace were supposed to be redacted, but + we failed to do so in HTTP/2 requests. + + * "make clean" has been updated to remove leftover .depend/ + directories, even when it is not told to use them to compute header + dependencies. + + * Protocol v0 clients can get stuck parsing a malformed feature line. + + * A few kinds of changes "git status" can show were not documented. + (merge d2a534c515 ja/doc-status-types-and-copies later to maint). + + * The mergesort implementation used to sort linked list has been + optimized. + (merge c90cfc225b rs/mergesort later to maint). + + * An editor session launched during a Git operation (e.g. during 'git + commit') can leave the terminal in a funny state. The code path + has updated to save the terminal state before, and restore it + after, it spawns an editor. + (merge 3d411afabc cm/save-restore-terminal later to maint). + + * "git cat-file --batch" with the "--batch-all-objects" option is + supposed to iterate over all the objects found in a repository, but + it used to translate these object names using the replace mechanism, + which defeats the point of enumerating all objects in the repository. + This has been corrected. + (merge bf972896d7 jk/cat-file-batch-all-wo-replace later to maint). + + * Recent sparse-index work broke safety against attempts to add paths + with trailing slashes to the index, which has been corrected. + (merge c8ad9d04c6 rs/make-verify-path-really-verify-again later to maint). + + * The "--color-lines" and "--color-by-age" options of "git blame" + have been missing, which are now documented. + (merge 8c32856133 bs/doc-blame-color-lines later to maint). + + * The PATH used in CI job may be too wide and let incompatible dlls + to be grabbed, which can cause the build&test to fail. Tighten it. + (merge 7491ef6198 js/windows-ci-path-fix later to maint). + + * Avoid performance measurements from getting ruined by gc and other + housekeeping pauses interfering in the middle. + (merge be79131a53 rs/disable-gc-during-perf-tests later to maint). + + * Stop "git add --dry-run" from creating new blob and tree objects. + (merge e578d0311d rs/add-dry-run-without-objects later to maint). + + * "git commit" gave duplicated error message when the object store + was unwritable, which has been corrected. + (merge 4ef91a2d79 ab/fix-commit-error-message-upon-unwritable-object-store later to maint). + + * Recent sparse-index addition, namely any use of index_name_pos(), + can expand sparse index entries and breaks any code that walks + cache-tree or existing index entries. One such instance of such a + breakage has been corrected. + + * The xxdiff difftool backend can exit with status 128, which the + difftool-helper that launches the backend takes as a significant + failure, when it is not significant at all. Work it around. + (merge 571f4348dd da/mergetools-special-case-xxdiff-exit-128 later to maint). + + * Improve test framework around unwritable directories. + (merge 5d22e18965 ab/test-cleanly-recreate-trash-directory later to maint). + + * "git push" client talking to an HTTP server did not diagnose the + lack of the final status report from the other side correctly, + which has been corrected. + (merge c5c3486f38 jk/http-push-status-fix later to maint). + + * Update "git archive" documentation and give explicit mention on the + compression level for both zip and tar.gz format. + (merge c4b208c309 bs/archive-doc-compression-level later to maint). + + * Drop "git sparse-checkout" from the list of common commands. + (merge 6a9a50a8af sg/sparse-index-not-that-common-a-command later to maint). + + * "git branch -c/-m new old" was not described to copy config, which + has been corrected. + (merge 8252ec300e jc/branch-copy-doc later to maint). + + * Squelch over-eager warning message added during this cycle. + + * Fix long-standing shell syntax error in the completion script. + (merge 46b0585286 re/completion-fix-test-equality later to maint). + + * Teach "git commit-graph" command not to allow using replace objects + at all, as we do not use the commit-graph at runtime when we see + object replacement. + (merge 095d112f8c ab/ignore-replace-while-working-on-commit-graph later to maint). + + * "git pull --no-verify" did not affect the underlying "git merge". + (merge 47bfdfb3fd ar/fix-git-pull-no-verify later to maint). + + * One CI task based on Fedora image noticed a not-quite-kosher + construct recently, which has been corrected. + + * "git pull --ff-only" and "git pull --rebase --ff-only" should make + it a no-op to attempt pulling from a remote that is behind us, but + instead the command errored out by saying it was impossible to + fast-forward, which may technically be true, but not a useful thing + to diagnose as an error. This has been corrected. + (merge 361cb52383 jc/fix-pull-ff-only-when-already-up-to-date later to maint). + + * The way Cygwin emulates a unix-domain socket, on top of which the + simple-ipc mechanism is implemented, can race with the program on + the other side that wants to use the socket, and briefly make it + appear as a regular file before lstat(2) starts reporting it as a + socket. We now have a workaround on the side that connects to a + unix domain socket. + + * Other code cleanup, docfix, build fix, etc. + (merge f188160be9 ab/bundle-remove-verbose-option later to maint). + (merge 8c6b4332b4 rs/close-pack-leakfix later to maint). + (merge 51b04c05b7 bs/difftool-msg-tweak later to maint). + (merge dd20e4a6db ab/make-compdb-fix later to maint). + (merge 6ffb990dc4 os/status-docfix later to maint). + (merge 100c2da2d3 rs/p3400-lose-tac later to maint). + (merge 76f3b69896 tb/aggregate-ignore-leading-whitespaces later to maint). + (merge 6e4fd8bfcd tz/doc-link-to-bundle-format-fix later to maint). + (merge f6c013dfa1 jc/doc-commit-header-continuation-line later to maint). + (merge ec9a37d69b ab/pkt-line-cleanup later to maint). + (merge 8650c6298c ab/fix-make-lint-docs later to maint). + (merge 1c720357ce ab/test-lib-diff-cleanup later to maint). + (merge 6b615dbece ks/submodule-add-message-fix later to maint). + (merge 203eb8381a jc/doc-format-patch-clarify-auto-base later to maint). + (merge 559664c792 ab/test-lib later to maint). diff --git a/Documentation/RelNotes/2.34.1.txt b/Documentation/RelNotes/2.34.1.txt new file mode 100644 index 0000000..ad404e9 --- /dev/null +++ b/Documentation/RelNotes/2.34.1.txt @@ -0,0 +1,23 @@ +Git v2.34.1 Release Notes +========================= + +This release is primarily to fix a handful of regressions in Git 2.34. + +Fixes since v2.34 +----------------- + + * "git grep" looking in a blob that has non-UTF8 payload was + completely broken when linked with certain versions of PCREv2 + library in the latest release. + + * "git pull" with any strategy when the other side is behind us + should succeed as it is a no-op, but doesn't. + + * An earlier change in 2.34.0 caused JGit application (that abused + GIT_EDITOR mechanism when invoking "git config") to get stuck with + a SIGTTOU signal; it has been reverted. + + * An earlier change that broke .gitignore matching has been reverted. + + * SubmittingPatches document gained a syntactically incorrect mark-up, + which has been corrected. diff --git a/Documentation/RelNotes/2.34.2.txt b/Documentation/RelNotes/2.34.2.txt new file mode 100644 index 0000000..0c32cd8 --- /dev/null +++ b/Documentation/RelNotes/2.34.2.txt @@ -0,0 +1,6 @@ +Git v2.34.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3, v2.31.2, +v2.32.1 and v2.33.2 to address the security issue CVE-2022-24765; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.34.3.txt b/Documentation/RelNotes/2.34.3.txt new file mode 100644 index 0000000..10f6171 --- /dev/null +++ b/Documentation/RelNotes/2.34.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.34.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.34.3. diff --git a/Documentation/RelNotes/2.34.4.txt b/Documentation/RelNotes/2.34.4.txt new file mode 100644 index 0000000..2a6b223 --- /dev/null +++ b/Documentation/RelNotes/2.34.4.txt @@ -0,0 +1,6 @@ +Git v2.34.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3 and v2.33.4 to address the security issue CVE-2022-29187; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.34.5.txt b/Documentation/RelNotes/2.34.5.txt new file mode 100644 index 0000000..0e89992 --- /dev/null +++ b/Documentation/RelNotes/2.34.5.txt @@ -0,0 +1,5 @@ +Git v2.34.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.34.6.txt b/Documentation/RelNotes/2.34.6.txt new file mode 100644 index 0000000..b32080d --- /dev/null +++ b/Documentation/RelNotes/2.34.6.txt @@ -0,0 +1,5 @@ +Git v2.34.6 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.34.7.txt b/Documentation/RelNotes/2.34.7.txt new file mode 100644 index 0000000..88898ad --- /dev/null +++ b/Documentation/RelNotes/2.34.7.txt @@ -0,0 +1,7 @@ +Git v2.34.7 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6 and v2.33.7 to address the security issues CVE-2023-22490 +and CVE-2023-23946; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.34.8.txt b/Documentation/RelNotes/2.34.8.txt new file mode 100644 index 0000000..2b5bd7d --- /dev/null +++ b/Documentation/RelNotes/2.34.8.txt @@ -0,0 +1,7 @@ +Git v2.34.8 Release Notes +========================= + +This release merges the fixes that appear in v2.30.9, v2.31.8, +v2.32.7 and v2.33.8 to address the security issues CVE-2023-25652, +CVE-2023-25815, and CVE-2023-29007; see the release notes for these +versions for details. diff --git a/Documentation/RelNotes/2.35.0.txt b/Documentation/RelNotes/2.35.0.txt new file mode 100644 index 0000000..d69b50d --- /dev/null +++ b/Documentation/RelNotes/2.35.0.txt @@ -0,0 +1,412 @@ +Git 2.35 Release Notes +====================== + +Updates since Git 2.34 +---------------------- + +Backward compatibility warts + + * "_" is now treated as any other URL-valid characters in an URL when + matching the per-URL configuration variable names. + + * The color palette used by "git grep" has been updated to match that + of GNU grep. + + +Note to those who build from the source + + * You may need to define NO_UNCOMPRESS2 Makefile macro if you build + with zlib older than 1.2.9. + + * If your compiler cannot grok C99, the build will fail. See the + instruction at the beginning of git-compat-util.h if this happens + to you. + + +UI, Workflows & Features + + * "git status --porcelain=v2" now show the number of stash entries + with --show-stash like the normal output does. + + * "git stash" learned the "--staged" option to stash away what has + been added to the index (and nothing else). + + * "git var GIT_DEFAULT_BRANCH" is a way to see what name is used for + the newly created branch if "git init" is run. + + * Various operating modes of "git reset" have been made to work + better with the sparse index. + + * "git submodule deinit" for a submodule whose .git metadata + directory is embedded in its working tree refused to work, until + the submodule gets converted to use the "absorbed" form where the + metadata directory is stored in superproject, and a gitfile at the + top-level of the working tree of the submodule points at it. The + command is taught to convert such submodules to the absorbed form + as needed. + + * The completion script (in contrib/) learns that the "--date" + option of commands from the "git log" family takes "human" and + "auto" as valid values. + + * "Zealous diff3" style of merge conflict presentation has been added. + + * The "git log --format=%(describe)" placeholder has been extended to + allow passing selected command-line options to the underlying "git + describe" command. + + * "default" and "reset" have been added to our color palette. + + * The cryptographic signing using ssh keys can specify literal keys + for keytypes whose name do not begin with the "ssh-" prefix by + using the "key::" prefix mechanism (e.g. "key::ecdsa-sha2-nistp256"). + + * "git fetch" without the "--update-head-ok" option ought to protect + a checked out branch from getting updated, to prevent the working + tree that checks it out to go out of sync. The code was written + before the use of "git worktree" got widespread, and only checked + the branch that was checked out in the current worktree, which has + been updated. + + * "git name-rev" has been tweaked to give output that is shorter and + easier to understand. + + * "git apply" has been taught to ignore a message without a patch + with the "--allow-empty" option. It also learned to honor the + "--quiet" option given from the command line. + + * The "init" and "set" subcommands in "git sparse-checkout" have been + unified for a better user experience and performance. + + * Many git commands that deal with working tree files try to remove a + directory that becomes empty (i.e. "git switch" from a branch that + has the directory to another branch that does not would attempt + remove all files in the directory and the directory itself). This + drops users into an unfamiliar situation if the command was run in + a subdirectory that becomes subject to removal due to the command. + The commands have been taught to keep an empty directory if it is + the directory they were started in to avoid surprising users. + + * "git am" learns "--empty=(stop|drop|keep)" option to tweak what is + done to a piece of e-mail without a patch in it. + + * The default merge message prepared by "git merge" records the name + of the current branch; the name can be overridden with a new option + to allow users to pretend a merge is made on a different branch. + + * The way "git p4" shows file sizes in its output has been updated to + use human-readable units. + + * "git -c branch.autosetupmerge=inherit branch new old" makes "new" + to have the same upstream as the "old" branch, instead of marking + "old" itself as its upstream. + + +Performance, Internal Implementation, Development Support etc. + + * The use of errno as a means to carry the nature of error in the ref + API implementation has been reworked and reduced. + + * Teach and encourage first-time contributors to this project to + state the base commit when they submit their topic. + + * The command line completion for "git send-email" options have been + tweaked to make it easier to keep it in sync with the command itself. + + * Ensure that the sparseness of the in-core index matches the + index.sparse configuration specified by the repository immediately + after the on-disk index file is read. + + * Code clean-up to eventually allow information on remotes defined + for an arbitrary repository to be read. + + * Build optimization. + + * Tighten code for testing pack-bitmap. + + * Weather balloon to break people with compilers that do not support + C99. + + * The "reftable" backend for the refs API, without integrating into + the refs subsystem, has been added. + + * More tests are marked as leak-free. + + * The test framework learns to list unsatisfied test prerequisites, + and optionally error out when prerequisites that are expected to be + satisfied are not. + + * The default setting for trace2 event nesting was too low to cause + test failures, which is worked around by bumping it up in the test + framework. + + * Drop support for TravisCI and update test workflows at GitHub. + + * Many tests that used to need GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME + mechanism to force "git" to use 'master' as the default name for + the initial branch no longer need it; the use of the mechanism from + them have been removed. + + * Allow running our tests while disabling fsync. + + * Document the parameters given to the reflog entry iterator callback + functions. + (merge e6e94f34b2 jc/reflog-iterator-callback-doc later to maint). + + * The test helper for refs subsystem learned to write bogus and/or + nonexistent object name to refs to simulate error situations we + want to test Git in. + + * "diff --histogram" optimization. + + * Weather balloon to find compilers that do not grok variable + declaration in the for() loop. + + * diff and blame commands have been taught to work better with sparse + index. + + * The chainlint test script linter in the test suite has been updated. + + * The DEVELOPER=yes build uses -std=gnu99 now. + + * "git format-patch" uses a single rev_info instance and then exits. + Mark the structure with UNLEAK() macro to squelch leak sanitizer. + + * New interface into the tmp-objdir API to help in-core use of the + quarantine feature. + + * Broken &&-chains in the test scripts have been corrected. + + * The RCS keyword substitution in "git p4" used to be done assuming + that the contents are UTF-8 text, which can trigger decoding + errors. We now treat the contents as a bytestring for robustness + and correctness. + + * The conditions to choose different definitions of the FLEX_ARRAY + macro for vendor compilers has been simplified to make it easier to + maintain. + + * Correctness and performance update to "diff --color-moved" feature. + + * "git upload-pack" (the other side of "git fetch") used a 8kB buffer + but most of its payload came on 64kB "packets". The buffer size + has been enlarged so that such a packet fits. + + * "git fetch" and "git pull" are now declared sparse-index clean. + Also "git ls-files" learns the "--sparse" option to help debugging. + + * Similar message templates have been consolidated so that + translators need to work on fewer number of messages. + + +Fixes since v2.34 +----------------- + + * "git grep" looking in a blob that has non-UTF8 payload was + completely broken when linked with certain versions of PCREv2 + library in the latest release. + + * Other code cleanup, docfix, build fix, etc. + + * "git pull" with any strategy when the other side is behind us + should succeed as it is a no-op, but doesn't. + + * An earlier change in 2.34.0 caused JGit application (that abused + GIT_EDITOR mechanism when invoking "git config") to get stuck with + a SIGTTOU signal; it has been reverted. + + * An earlier change that broke .gitignore matching has been reverted. + + * Things like "git -c branch.sort=bogus branch new HEAD", i.e. the + operation modes of the "git branch" command that do not need the + sort key information, no longer errors out by seeing a bogus sort + key. + (merge 98e7ab6d42 jc/fix-ref-sorting-parse later to maint). + + * The compatibility implementation for unsetenv(3) were written to + mimic ancient, non-POSIX, variant seen in an old glibc; it has been + changed to return an integer to match the more modern era. + (merge a38989bd5b jc/unsetenv-returns-an-int later to maint). + + * The clean/smudge conversion code path has been prepared to better + work on platforms where ulong is narrower than size_t. + (merge 596b5e77c9 mc/clean-smudge-with-llp64 later to maint). + + * Redact the path part of packfile URI that appears in the trace output. + (merge 0ba558ffb1 if/redact-packfile-uri later to maint). + + * CI has been taught to catch some Unicode directional formatting + sequence that can be used in certain mischief. + (merge 0e7696c64d js/ci-no-directional-formatting later to maint). + + * The "--date=format:<strftime>" gained a workaround for the lack of + system support for a non-local timezone to handle "%s" placeholder. + (merge 9b591b9403 jk/strbuf-addftime-seconds-since-epoch later to maint). + + * The "merge" subcommand of "git jump" (in contrib/) silently ignored + pathspec and other parameters. + (merge 67ba13e5a4 jk/jump-merge-with-pathspec later to maint). + + * The code to decode the length of packed object size has been + corrected. + (merge 34de5b8eac jt/pack-header-lshift-overflow later to maint). + + * The advice message given by "git pull" when the user hasn't made a + choice between merge and rebase still said that the merge is the + default, which no longer is the case. This has been corrected. + (merge 71076d0edd ah/advice-pull-has-no-preference-between-rebase-and-merge later to maint). + + * "git fetch", when received a bad packfile, can fail with SIGPIPE. + This wasn't wrong per-se, but we now detect the situation and fail + in a more predictable way. + (merge 2a4aed42ec jk/fetch-pack-avoid-sigpipe-to-index-pack later to maint). + + * The function to cull a child process and determine the exit status + had two separate code paths for normal callers and callers in a + signal handler, and the latter did not yield correct value when the + child has caught a signal. The handling of the exit status has + been unified for these two code paths. An existing test with + flakiness has also been corrected. + (merge 5263e22cba jk/t7006-sigpipe-tests-fix later to maint). + + * When a non-existent program is given as the pager, we tried to + reuse an uninitialized child_process structure and crashed, which + has been fixed. + (merge f917f57f40 em/missing-pager later to maint). + + * The single-key-input mode in "git add -p" had some code to handle + keys that generate a sequence of input via ReadKey(), which did not + handle end-of-file correctly, which has been fixed. + (merge fc8a8126df cb/add-p-single-key-fix later to maint). + + * "git rebase -x" added an unnecessary 'exec' instructions before + 'noop', which has been corrected. + (merge cc9dcdee61 en/rebase-x-fix later to maint). + + * When the "git push" command is killed while the receiving end is + trying to report what happened to the ref update proposals, the + latter used to die, due to SIGPIPE. The code now ignores SIGPIPE + to increase our chances to run the post-receive hook after it + happens. + (merge d34182b9e3 rj/receive-pack-avoid-sigpipe-during-status-reporting later to maint). + + * "git worktree add" showed "Preparing worktree" message to the + standard output stream, but when it failed, the message from die() + went to the standard error stream. Depending on the order the + stdio streams are flushed at the program end, this resulted in + confusing output. It has been corrected by sending all the chatty + messages to the standard error stream. + (merge b50252484f es/worktree-chatty-to-stderr later to maint). + + * Coding guideline document has been updated to clarify what goes to + standard error in our system. + (merge e258eb4800 es/doc-stdout-vs-stderr later to maint). + + * The sparse-index/sparse-checkout feature had a bug in its use of + the matching code to determine which path is in or outside the + sparse checkout patterns. + (merge 8c5de0d265 ds/sparse-deep-pattern-checkout-fix later to maint). + + * "git rebase -x" by mistake started exporting the GIT_DIR and + GIT_WORK_TREE environment variables when the command was rewritten + in C, which has been corrected. + (merge 434e0636db en/rebase-x-wo-git-dir-env later to maint). + + * When "git log" implicitly enabled the "decoration" processing + without being explicitly asked with "--decorate" option, it failed + to read and honor the settings given by the "--decorate-refs" + option. + + * "git fetch --set-upstream" did not check if there is a current + branch, leading to a segfault when it is run on a detached HEAD, + which has been corrected. + (merge 17baeaf82d ab/fetch-set-upstream-while-detached later to maint). + + * Among some code paths that ask an yes/no question, only one place + gave a prompt that looked different from the others, which has been + updated to match what the others create. + (merge 0fc8ed154c km/help-prompt-fix later to maint). + + * "git log --invert-grep --author=<name>" used to exclude commits + written by the given author, but now "--invert-grep" only affects + the matches made by the "--grep=<pattern>" option. + (merge 794c000267 rs/log-invert-grep-with-headers later to maint). + + * "git grep --perl-regexp" failed to match UTF-8 characters with + wildcard when the pattern consists only of ASCII letters, which has + been corrected. + (merge 32e3e8bc55 rs/pcre2-utf later to maint). + + * Certain sparse-checkout patterns that are valid in non-cone mode + led to segfault in cone mode, which has been corrected. + + * Use of certain "git rev-list" options with "git fast-export" + created nonsense results (the worst two of which being "--reverse" + and "--invert-grep --grep=<foo>"). The use of "--first-parent" is + made to behave a bit more sensible than before. + (merge 726a228dfb ws/fast-export-with-revision-options later to maint). + + * Perf tests were run with end-user's shell, but it has been + corrected to use the shell specified by $TEST_SHELL_PATH. + (merge 9ccab75608 ja/perf-use-specified-shell later to maint). + + * Fix dependency rules to generate hook-list.h header file. + (merge d3fd1a6667 ab/makefile-hook-list-dependency-fix later to maint). + + * "git stash" by default triggers its "push" action, but its + implementation also made "git stash -h" to show short help only for + "git stash push", which has been corrected. + (merge ca7990cea5 ab/do-not-limit-stash-help-to-push later to maint). + + * "git apply --3way" bypasses the attempt to do a three-way + application in more cases to address the regression caused by the + recent change to use direct application as a fallback. + (merge 34d607032c jz/apply-3-corner-cases later to maint). + + * Fix performance-releated bug in "git subtree" (in contrib/). + (merge 3ce8888fb4 jl/subtree-check-parents-argument-passing-fix later to maint). + + * Extend the guidance to choose the base commit to build your work + on, and hint/nudge contributors to read others' changes. + (merge fdfae830f8 jc/doc-submitting-patches-choice-of-base later to maint). + + * A corner case bug in the ort merge strategy has been corrected. + (merge d30126c20d en/merge-ort-renorm-with-rename-delete-conflict-fix later to maint). + + * "git stash apply" forgot to attempt restoring untracked files when + it failed to restore changes to tracked ones. + (merge 71cade5a0b en/stash-df-fix later to maint). + + * Calling dynamically loaded functions on Windows has been corrected. + (merge 4a9b204920 ma/windows-dynload-fix later to maint). + + * Some lockfile code called free() in signal-death code path, which + has been corrected. + (merge 58d4d7f1c5 ps/lockfile-cleanup-fix later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge 74db416c9c cw/protocol-v2-doc-fix later to maint). + (merge f9b2b6684d ja/doc-cleanup later to maint). + (merge 7d1b866778 jc/fix-first-object-walk later to maint). + (merge 538ac74604 js/trace2-avoid-recursive-errors later to maint). + (merge 152923b132 jk/t5319-midx-corruption-test-deflake later to maint). + (merge 9081a421a6 ab/checkout-branch-info-leakfix later to maint). + (merge 42c456ff81 rs/mergesort later to maint). + (merge ad506e6780 tl/midx-docfix later to maint). + (merge bf5b83fd8a hk/ci-checkwhitespace-commentfix later to maint). + (merge 49f1eb3b34 jk/refs-g11-workaround later to maint). + (merge 7d3fc7df70 jt/midx-doc-fix later to maint). + (merge 7b089120d9 hn/create-reflog-simplify later to maint). + (merge 9e12400da8 cb/mingw-gmtime-r later to maint). + (merge 0bf0de6cc7 tb/pack-revindex-on-disk-cleanup later to maint). + (merge 2c68f577fc ew/cbtree-remove-unused-and-broken-cb-unlink later to maint). + (merge eafd6e7e55 ab/die-with-bug later to maint). + (merge 91028f7659 jc/grep-patterntype-default-doc later to maint). + (merge 47ca93d071 ds/repack-fixlets later to maint). + (merge e6a9bc0c60 rs/t4202-invert-grep-test-fix later to maint). + (merge deb5407a42 gh/gpg-doc-markup-fix later to maint). + (merge 999bba3e0b rs/daemon-plug-leak later to maint). + (merge 786eb1ba39 js/l10n-mention-ngettext-early-in-readme later to maint). + (merge 2f12b31b74 ab/makefile-msgfmt-wo-stats later to maint). + (merge 0517f591ca fs/gpg-unknown-key-test-fix later to maint). + (merge 97d6fb5a1f ma/header-dup-cleanup later to maint). diff --git a/Documentation/RelNotes/2.35.1.txt b/Documentation/RelNotes/2.35.1.txt new file mode 100644 index 0000000..726ba25 --- /dev/null +++ b/Documentation/RelNotes/2.35.1.txt @@ -0,0 +1,6 @@ +Git v2.35.1 Release Notes +========================= + +Git 2.35 shipped with a regression that broke use of "rebase" and +"stash" in a secondary worktree. This maintenance release ought to +fix it. diff --git a/Documentation/RelNotes/2.35.2.txt b/Documentation/RelNotes/2.35.2.txt new file mode 100644 index 0000000..290bfa9 --- /dev/null +++ b/Documentation/RelNotes/2.35.2.txt @@ -0,0 +1,7 @@ +Git v2.35.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.3, +v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security +issue CVE-2022-24765; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.35.3.txt b/Documentation/RelNotes/2.35.3.txt new file mode 100644 index 0000000..5458ba3 --- /dev/null +++ b/Documentation/RelNotes/2.35.3.txt @@ -0,0 +1,4 @@ +Git Documentation/RelNotes/2.35.3.txt Release Notes +========================= + +This release merges up the fixes that appear in v2.35.3. diff --git a/Documentation/RelNotes/2.35.4.txt b/Documentation/RelNotes/2.35.4.txt new file mode 100644 index 0000000..47abd5a --- /dev/null +++ b/Documentation/RelNotes/2.35.4.txt @@ -0,0 +1,7 @@ +Git v2.35.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, +v2.31.4, v2.32.3, v2.33.4 and v2.34.4 to address the security +issue CVE-2022-29187; see the release notes for these versions +for details. diff --git a/Documentation/RelNotes/2.35.5.txt b/Documentation/RelNotes/2.35.5.txt new file mode 100644 index 0000000..e19cc48 --- /dev/null +++ b/Documentation/RelNotes/2.35.5.txt @@ -0,0 +1,5 @@ +Git v2.35.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.35.6.txt b/Documentation/RelNotes/2.35.6.txt new file mode 100644 index 0000000..e7ca57b --- /dev/null +++ b/Documentation/RelNotes/2.35.6.txt @@ -0,0 +1,5 @@ +Git v2.35.6 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.35.7.txt b/Documentation/RelNotes/2.35.7.txt new file mode 100644 index 0000000..42baabf --- /dev/null +++ b/Documentation/RelNotes/2.35.7.txt @@ -0,0 +1,7 @@ +Git v2.35.7 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7 and v2.34.7 to address the security issues +CVE-2023-22490 and CVE-2023-23946; see the release notes for +these versions for details. diff --git a/Documentation/RelNotes/2.35.8.txt b/Documentation/RelNotes/2.35.8.txt new file mode 100644 index 0000000..3c9c094 --- /dev/null +++ b/Documentation/RelNotes/2.35.8.txt @@ -0,0 +1,7 @@ +Git v2.35.8 Release Notes +========================= + +This release merges the fixes that appear in v2.30.9, v2.31.8, +v2.32.7, v2.33.8 and v2.34.8 to address the security issues +CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007; see the release +notes for these versions for details. diff --git a/Documentation/RelNotes/2.36.0.txt b/Documentation/RelNotes/2.36.0.txt new file mode 100644 index 0000000..e477fba --- /dev/null +++ b/Documentation/RelNotes/2.36.0.txt @@ -0,0 +1,429 @@ +Git 2.36 Release Notes +====================== + +Updates since Git 2.35 +---------------------- + +Backward compatibility warts + + * "git name-rev --stdin" has been deprecated and issues a warning + when used; use "git name-rev --annotate-stdin" instead. + + * "git clone --filter=... --recurse-submodules" only makes the + top-level a partial clone, while submodules are fully cloned. This + behaviour is changed to pass the same filter down to the submodules. + + * With the fixes for CVE-2022-24765 that are common with versions of + Git 2.30.4, 2.31.3, 2.32.2, 2.33.3, 2.34.3, and 2.35.3, Git has + been taught not to recognise repositories owned by other users, in + order to avoid getting affected by their config files and hooks. + You can list the path to the safe/trusted repositories that may be + owned by others on a multi-valued configuration variable + `safe.directory` to override this behaviour, or use '*' to declare + that you trust anything. + + +Note to those who build from the source + + * Since Git 2.31, our source assumed that the compiler you use to + build Git supports variadic macros, with an easy-to-use escape + hatch to allow compilation without variadic macros with an request + to report that you had to use the escape hatch to the list. + Because we haven't heard from anybody who actually needed to use + the escape hatch, it has been removed, making support of variadic + macros a hard requirement. + + +UI, Workflows & Features + + * Assorted updates to "git cat-file", especially "-h". + + * The command line completion (in contrib/) learns to complete + arguments to give to "git sparse-checkout" command. + + * "git log --remerge-diff" shows the difference from mechanical merge + result and the result that is actually recorded in a merge commit. + + * "git log" and friends learned an option --exclude-first-parent-only + to propagate UNINTERESTING bit down only along the first-parent + chain, just like --first-parent option shows commits that lack the + UNINTERESTING bit only along the first-parent chain. + + * The command line completion script (in contrib/) learned to + complete all Git subcommands, including the ones that are normally + hidden, when GIT_COMPLETION_SHOW_ALL_COMMANDS is used. + + * "git branch" learned the "--recurse-submodules" option. + + * A user can forget to make a script file executable before giving + it to "git bisect run". In such a case, all tests will exit with + 126 or 127 error codes, even on revisions that are marked as good. + Try to recognize this situation and stop iteration early. + + * When "index-pack" dies due to incoming data exceeding the maximum + allowed input size, include the value of the limit in the error + message. + + * The error message given by "git switch HEAD~4" has been clarified + to suggest the "--detach" option that is required. + + * In sparse-checkouts, files mis-marked as missing from the working tree + could lead to later problems. Such files were hard to discover, and + harder to correct. Automatically detecting and correcting the marking + of such files has been added to avoid these problems. + + * "git cat-file" learns "--batch-command" mode, which is a more + flexible interface than the existing "--batch" or "--batch-check" + modes, to allow different kinds of inquiries made. + + * The level of verbose output from the ort backend during inner merge + has been aligned to that of the recursive backend. + + * "git remote rename A B", depending on the number of remote-tracking + refs involved, takes long time renaming them. The command has been + taught to show progress bar while making the user wait. + + * Bundle file format gets extended to allow a partial bundle, + filtered by similar criteria you would give when making a + partial/lazy clone. + + * A new built-in userdiff driver for kotlin has been added. + + * "git repack" learned a new configuration to disable triggering of + age-old "update-server-info" command, which is rarely useful these + days. + + * "git stash" does not allow subcommands it internally runs as its + implementation detail, except for "git reset", to emit messages; + now "git reset" part has also been squelched. + + * "git ls-tree" learns "--oid-only" option, similar to "--name-only", + and more generalized "--format" option. + + * "git fetch --refetch" learned to fetch everything without telling + the other side what we already have, which is useful when you + cannot trust what you have in the local object store. + + * "git branch" gives hint when branch tracking cannot be established + because fetch refspecs from multiple remote repositories overlap. + + * "git worktree list --porcelain" did not c-quote pathnames and lock + reasons with unsafe bytes correctly, which is worked around by + introducing NUL terminated output format with "-z". + + +Performance, Internal Implementation, Development Support etc. + + * "git apply" (ab)used the util pointer of the string-list to keep + track of how each symbolic link needs to be handled, which has been + simplified by using strset. + + * Fix a hand-rolled alloca() imitation that may have violated + alignment requirement of data being sorted in compatibility + implementation of qsort_s() and stable qsort(). + + * Use the parse-options API in "git reflog" command. + + * The conditional inclusion mechanism of configuration files using + "[includeIf <condition>]" learns to base its decision on the + URL of the remote repository the repository interacts with. + (merge 399b198489 jt/conditional-config-on-remote-url later to maint). + + * "git name-rev --stdin" does not behave like usual "--stdin" at + all. Start the process of renaming it to "--annotate-stdin". + (merge a2585719b3 jc/name-rev-stdin later to maint). + + * "git update-index", "git checkout-index", and "git clean" are + taught to work better with the sparse checkout feature. + + * Use an internal call to reset_head() helper function instead of + spawning "git checkout" in "rebase", and update code paths that are + involved in the change. + + * Messages "ort" merge backend prepares while dealing with conflicted + paths were unnecessarily confusing since it did not differentiate + inner merges and outer merges. + + * Small modernization of the rerere-train script (in contrib/). + + * Use designated initializers we started using in mid 2017 in more + parts of the codebase that are relatively quiescent. + + * Improve failure case behaviour of xdiff library when memory + allocation fails. + + * General clean-up in reftable implementation, including + clarification of the API documentation, tightening the code to + honor documented length limit, etc. + + * Remove the escape hatch we added when we introduced the weather + balloon to use variadic macros unconditionally, to make it official + that we now have a hard dependency on the feature. + + * Makefile refactoring with a bit of suffixes rule stripping to + optimize the runtime overhead. + + * "git stash drop" is reimplemented as an internal call to + reflog_delete() function, instead of invoking "git reflog delete" + via run_command() API. + + * Count string_list items in size_t, not "unsigned int". + + * The single-key interactive operation used by "git add -p" has been + made more robust. + + * Remove unneeded <meta http-equiv=content-type...> from gitweb + output. + + * "git name-rev" learned to use the generation numbers when setting + the lower bound of searching commits used to explain the revision, + when available, instead of committer time. + + * Replace core.fsyncObjectFiles with two new configuration variables, + core.fsync and core.fsyncMethod. + + * Updates to refs traditionally weren't fsync'ed, but we can + configure using core.fsync variable to do so. + + * "git reflog" command now uses parse-options API to parse its + command line options. + + +Fixes since v2.35 +----------------- + + * "rebase" and "stash" in secondary worktrees are broken in + Git 2.35.0, which has been corrected. + + * "git pull --rebase" ignored the rebase.autostash configuration + variable when the remote history is a descendant of our history, + which has been corrected. + (merge 3013d98d7a pb/pull-rebase-autostash-fix later to maint). + + * "git update-index --refresh" has been taught to deal better with + racy timestamps (just like "git status" already does). + (merge 2ede073fd2 ms/update-index-racy later to maint). + + * Avoid tests that are run under GIT_TRACE2 set from failing + unnecessarily. + (merge 944d808e42 js/test-unset-trace2-parents later to maint). + + * The merge-ort misbehaved when merge.renameLimit configuration is + set too low and failed to find all renames. + (merge 9ae39fef7f en/merge-ort-restart-optim-fix later to maint). + + * We explain that revs come first before the pathspec among command + line arguments, but did not spell out that dashed options come + before other args, which has been corrected. + (merge c11f95010c tl/doc-cli-options-first later to maint). + + * "git add -p" rewritten in C regressed hunk splitting in some cases, + which has been corrected. + (merge 7008ddc645 pw/add-p-hunk-split-fix later to maint). + + * "git fetch --negotiate-only" is an internal command used by "git + push" to figure out which part of our history is missing from the + other side. It should never recurse into submodules even when + fetch.recursesubmodules configuration variable is set, nor it + should trigger "gc". The code has been tightened up to ensure it + only does common ancestry discovery and nothing else. + (merge de4eaae63a gc/fetch-negotiate-only-early-return later to maint). + + * The code path that verifies signatures made with ssh were made to + work better on a system with CRLF line endings. + (merge caeef01ea7 fs/ssh-signing-crlf later to maint). + + * "git sparse-checkout init" failed to write into $GIT_DIR/info + directory when the repository was created without one, which has + been corrected to auto-create it. + (merge 7f44842ac1 jt/sparse-checkout-leading-dir-fix later to maint). + + * Cloning from a repository that does not yet have any branches or + tags but has other refs resulted in a "remote transport reported + error", which has been corrected. + (merge dccea605b6 jt/clone-not-quite-empty later to maint). + + * Mark in various places in the code that the sparse index and the + split index features are mutually incompatible. + (merge 451b66c533 js/sparse-vs-split-index later to maint). + + * Update the logic to compute alignment requirement for our mem-pool. + (merge e38bcc66d8 jc/mem-pool-alignment later to maint). + + * Pick a better random number generator and use it when we prepare + temporary filenames. + (merge 47efda967c bc/csprng-mktemps later to maint). + + * Update the contributor-facing documents on proposed log messages. + (merge cdba0295b0 jc/doc-log-messages later to maint). + + * When "git fetch --prune" failed to prune the refs it wanted to + prune, the command issued error messages but exited with exit + status 0, which has been corrected. + (merge c9e04d905e tg/fetch-prune-exit-code-fix later to maint). + + * Problems identified by Coverity in the reftable code have been + corrected. + (merge 01033de49f hn/reftable-coverity-fixes later to maint). + + * A bug that made multi-pack bitmap and the object order out-of-sync, + making the .midx data corrupt, has been fixed. + (merge f8b60cf99b tb/midx-bitmap-corruption-fix later to maint). + + * The build procedure has been taught to notice older version of zlib + and enable our replacement uncompress2() automatically. + (merge 07564773c2 ab/auto-detect-zlib-compress2 later to maint). + + * Interaction between fetch.negotiationAlgorithm and + feature.experimental configuration variables has been corrected. + (merge 714edc620c en/fetch-negotiation-default-fix later to maint). + + * "git diff --diff-filter=aR" is now parsed correctly. + (merge 75408ca949 js/diff-filter-negation-fix later to maint). + + * When "git subtree" wants to create a merge, it used "git merge" and + let it be affected by end-user's "merge.ff" configuration, which + has been corrected. + (merge 9158a3564a tk/subtree-merge-not-ff-only later to maint). + + * Unlike "git apply", "git patch-id" did not handle patches with + hunks that has only 1 line in either preimage or postimage, which + has been corrected. + (merge 757e75c81e jz/patch-id-hunk-header-parsing-fix later to maint). + + * "receive-pack" checks if it will do any ref updates (various + conditions could reject a push) before received objects are taken + out of the temporary directory used for quarantine purposes, so + that a push that is known-to-fail will not leave crufts that a + future "gc" needs to clean up. + (merge 5407764069 cb/clear-quarantine-early-on-all-ref-update-errors later to maint). + + * When there is no object to write .bitmap file for, "git + multi-pack-index" triggered an error, instead of just skipping, + which has been corrected. + (merge eb57277ba3 tb/midx-no-bitmap-for-no-objects later to maint). + + * "git cmd -h" outside a repository should error out cleanly for many + commands, but instead it hit a BUG(), which has been corrected. + (merge 87ad07d735 js/short-help-outside-repo-fix later to maint). + + * "working tree" and "per-worktree ref" were in glossary, but + "worktree" itself wasn't, which has been corrected. + (merge 2df5387ed0 jc/glossary-worktree later to maint). + + * L10n support for a few error messages. + (merge 3d3c23b3a7 bs/forbid-i18n-of-protocol-token-in-fetch-pack later to maint). + + * Test modernization. + (merge d4fe066e4b sy/t0001-use-path-is-helper later to maint). + + * "git log --graph --graph" used to leak a graph structure, and there + was no way to countermand "--graph" that appear earlier on the + command line. A "--no-graph" option has been added and resource + leakage has been plugged. + + * Error output given in response to an ambiguous object name has been + improved. + (merge 3a73c1dfaf ab/ambiguous-object-name later to maint). + + * "git sparse-checkout" wants to work with per-worktree configuration, + but did not work well in a worktree attached to a bare repository. + (merge 3ce1138272 ds/sparse-checkout-requires-per-worktree-config later to maint). + + * Setting core.untrackedCache to true failed to add the untracked + cache extension to the index. + + * Workaround we have for versions of PCRE2 before their version 10.36 + were in effect only for their versions newer than 10.36 by mistake, + which has been corrected. + (merge 97169fc361 rs/pcre-invalid-utf8-fix-fix later to maint). + + * Document Taylor as a new member of Git PLC at SFC. Welcome. + (merge e8d56ca863 tb/coc-plc-update later to maint). + + * "git checkout -b branch/with/multi/level/name && git stash" only + recorded the last level component of the branch name, which has + been corrected. + + * Check the return value from parse_tree_indirect() to turn segfaults + into calls to die(). + (merge 8d2eaf649a gc/parse-tree-indirect-errors later to maint). + + * Newer version of GPGSM changed its output in a backward + incompatible way to break our code that parses its output. It also + added more processes our tests need to kill when cleaning up. + Adjustments have been made to accommodate these changes. + (merge b0b70d54c4 fs/gpgsm-update later to maint). + + * The untracked cache newly computed weren't written back to the + on-disk index file when there is no other change to the index, + which has been corrected. + + * "git config -h" did not describe the "--type" option correctly. + (merge 5445124fad mf/fix-type-in-config-h later to maint). + + * The way generation number v2 in the commit-graph files are + (not) handled has been corrected. + (merge 6dbf4b8172 ds/commit-graph-gen-v2-fixes later to maint). + + * The method to trigger malloc check used in our tests no longer work + with newer versions of glibc. + (merge baedc59543 ep/test-malloc-check-with-glibc-2.34 later to maint). + + * When "git fetch --recurse-submodules" grabbed submodule commits + that would be needed to recursively check out newly fetched commits + in the superproject, it only paid attention to submodules that are + in the current checkout of the superproject. We now do so for all + submodules that have been run "git submodule init" on. + + * "git rebase $base $non_branch_commit", when $base is an ancestor or + the $non_branch_commit, modified the current branch, which has been + corrected. + + * When "shallow" information is updated, we forgot to update the + in-core equivalent, which has been corrected. + + * When creating a loose object file, we didn't report the exact + filename of the file we failed to fsync, even though the + information was readily available, which has been corrected. + + * "git am" can read from the standard input when no mailbox is given + on the command line, but the end-user gets no indication when it + happens, making Git appear stuck. + (merge 7b20af6a06 jc/mailsplit-warn-on-tty later to maint). + + * "git mv" failed to refresh the cached stat information for the + entry it moved. + (merge b7f9130a06 vd/mv-refresh-stat later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge cfc5cf428b jc/find-header later to maint). + (merge 40e7cfdd46 jh/p4-fix-use-of-process-error-exception later to maint). + (merge 727e6ea350 jh/p4-spawning-external-commands-cleanup later to maint). + (merge 0a6adc26e2 rs/grep-expr-cleanup later to maint). + (merge 4ed7dfa713 po/readme-mention-contributor-hints later to maint). + (merge 6046f7a91c en/plug-leaks-in-merge later to maint). + (merge 8c591dbfce bc/clarify-eol-attr later to maint). + (merge 518e15db74 rs/parse-options-lithelp-help later to maint). + (merge cbac0076ef gh/doc-typos later to maint). + (merge ce14de03db ab/no-errno-from-resolve-ref-unsafe later to maint). + (merge 2826ffad8c rc/negotiate-only-typofix later to maint). + (merge 0f03f04c5c en/sparse-checkout-leakfix later to maint). + (merge 74f3390dde sy/diff-usage-typofix later to maint). + (merge 45d0212a71 ll/doc-mktree-typofix later to maint). + (merge e9b272e4c1 js/no-more-legacy-stash later to maint). + (merge 6798b08e84 ab/do-not-hide-failures-in-git-dot-pm later to maint). + (merge 9325285df4 po/doc-check-ignore-markup-fix later to maint). + (merge cd26cd6c7c sy/modernize-t-lib-read-tree-m-3way later to maint). + (merge d17294a05e ab/hash-object-leakfix later to maint). + (merge b8403129d3 jd/t0015-modernize later to maint). + (merge 332acc248d ds/mailmap later to maint). + (merge 04bf052eef ab/grep-patterntype later to maint). + (merge 6ee36364eb ab/diff-free-more later to maint). + (merge 63a36017fe nj/read-tree-doc-reffix later to maint). + (merge eed36fce38 sm/no-git-in-upstream-of-pipe-in-tests later to maint). + (merge c614beb933 ep/t6423-modernize later to maint). + (merge 57be9c6dee ab/reflog-prep-fix later to maint). + (merge 5327d8982a js/in-place-reverse-in-sequencer later to maint). + (merge 2e2c0be51e dp/worktree-repair-in-usage later to maint). + (merge 6563706568 jc/coding-guidelines-decl-in-for-loop later to maint). diff --git a/Documentation/RelNotes/2.36.1.txt b/Documentation/RelNotes/2.36.1.txt new file mode 100644 index 0000000..a961709 --- /dev/null +++ b/Documentation/RelNotes/2.36.1.txt @@ -0,0 +1,33 @@ +Git v2.36.1 Release Notes +========================= + +Fixes since v2.36 +----------------- + + * "git submodule update" without pathspec should silently skip an + uninitialized submodule, but it started to become noisy by mistake. + + * "diff-tree --stdin" has been broken for about a year, but 2.36 + release broke it even worse by breaking running the command with + <pathspec>, which in turn broke "gitk" and got noticed. This has + been corrected by aligning its behaviour to that of "log". + + * Regression fix for 2.36 where "git name-rev" started to sometimes + reference strings after they are freed. + + * "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec + when showing the second and subsequent commits, which has been + corrected. + + * "git fast-export -- <pathspec>" lost the pathspec when showing the + second and subsequent commits, which has been corrected. + + * "git format-patch <args> -- <pathspec>" lost the pathspec when + showing the second and subsequent commits, which has been + corrected. + + * Get rid of a bogus and over-eager coccinelle rule. + + * Correct choices of C compilers used in various CI jobs. + +Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.36.2.txt b/Documentation/RelNotes/2.36.2.txt new file mode 100644 index 0000000..958f5b4 --- /dev/null +++ b/Documentation/RelNotes/2.36.2.txt @@ -0,0 +1,56 @@ +Git v2.36.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3, v2.33.4, v2.34.4 and v2.35.4 to address the security +issue CVE-2022-29187; see the release notes for these versions +for details. + +Apart from that, this maintenance release is primarily to merge down +updates to the build and CI procedures from the 'master' front, in +order to ensure that we can cut healthy maintenance releases in the +future. It also contains a handful of small and trivially-correct +bugfixes. + +Fixes since v2.36.1 +------------------- + + * Fixes real problems noticed by gcc 12 and works around false + positives. + + * Update URL to the gitk repository. + + * The "--current" option of "git show-branch" should have been made + incompatible with the "--reflog" mode, but this was not enforced, + which has been corrected. + + * "git archive --add-file=<path>" picked up the raw permission bits + from the path and propagated to zip output in some cases, without + normalization, which has been corrected (tar output did not have + this issue). + + * A bit of test framework fixes with a few fixes to issues found by + valgrind. + + * macOS CI jobs have been occasionally flaky due to tentative version + skew between perforce and the homebrew packager. Instead of + failing the whole CI job, just let it skip the p4 tests when this + happens. + + * The commit summary shown after making a commit is matched to what + is given in "git status" not to use the break-rewrite heuristics. + + * Avoid problems from interaction between malloc_check and address + sanitizer. + + * "git rebase --keep-base <upstream> <branch-to-rebase>" computed the + commit to rebase onto incorrectly, which has been corrected. + + * The path taken by "git multi-pack-index" command from the end user + was compared with path internally prepared by the tool withut first + normalizing, which lead to duplicated paths not being noticed, + which has been corrected. + + * "git clone --origin X" leaked piece of memory that held value read + from the clone.defaultRemoteName configuration variable, which has + been plugged. diff --git a/Documentation/RelNotes/2.36.3.txt b/Documentation/RelNotes/2.36.3.txt new file mode 100644 index 0000000..56db77b --- /dev/null +++ b/Documentation/RelNotes/2.36.3.txt @@ -0,0 +1,5 @@ +Git v2.36.3 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.36.4.txt b/Documentation/RelNotes/2.36.4.txt new file mode 100644 index 0000000..58fb93a --- /dev/null +++ b/Documentation/RelNotes/2.36.4.txt @@ -0,0 +1,5 @@ +Git v2.36.4 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.36.5.txt b/Documentation/RelNotes/2.36.5.txt new file mode 100644 index 0000000..8a098c7 --- /dev/null +++ b/Documentation/RelNotes/2.36.5.txt @@ -0,0 +1,7 @@ +Git v2.36.5 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7, v2.34.7 and v2.35.7 to address the security +issues CVE-2023-22490 and CVE-2023-23946; see the release notes +for these versions for details. diff --git a/Documentation/RelNotes/2.36.6.txt b/Documentation/RelNotes/2.36.6.txt new file mode 100644 index 0000000..e1edebc --- /dev/null +++ b/Documentation/RelNotes/2.36.6.txt @@ -0,0 +1,7 @@ +Git v2.36.6 Release Notes +========================= + +This release merges the fixes that appear in v2.30.9, v2.31.8, +v2.32.7, v2.33.8, v2.34.8 and v2.35.8 to address the security issues +CVE-2023-25652, CVS-2023-25815, and CVE-2023-29007; see the release +notes for these versions for details. diff --git a/Documentation/RelNotes/2.37.0.txt b/Documentation/RelNotes/2.37.0.txt new file mode 100644 index 0000000..99dc7e3 --- /dev/null +++ b/Documentation/RelNotes/2.37.0.txt @@ -0,0 +1,337 @@ +Git v2.37 Release Notes +======================= + +UI, Workflows & Features + + * "vimdiff[123]" mergetool drivers have been reimplemented with a + more generic layout mechanism. + + * "git -v" and "git -h" are now understood as "git --version" and + "git --help". + + * The temporary files fed to external diff command are now generated + inside a new temporary directory under the same basename. + + * "git log --since=X" will stop traversal upon seeing a commit that + is older than X, but there may be commits behind it that is younger + than X when the commit was created with a faulty clock. A new + option is added to keep digging without stopping, and instead + filter out commits with timestamp older than X. + + * "git -c branch.autosetupmerge=simple branch $A $B" will set the $B + as $A's upstream only when $A and $B shares the same name, and "git + -c push.default=simple" on branch $A would push to update the + branch $A at the remote $B came from. Also more places use the + sole remote, if exists, before defaulting to 'origin'. + + * A new doc has been added that lists tips for tools to work with + Git's codebase. + + * "git remote -v" now shows the list-objects-filter used during + fetching from the remote, if available. + + * With the new http.curloptResolve configuration, the CURLOPT_RESOLVE + mechanism that allows cURL based applications to use pre-resolved + IP addresses for the requests is exposed to the scripts. + + * "git add -i" was rewritten in C some time ago and has been in + testing; the reimplementation is now exposed to general public by + default. + + * Deprecate non-cone mode of the sparse-checkout feature. + + * Introduce a filesystem-dependent mechanism to optimize the way the + bits for many loose object files are ensured to hit the disk + platter. + + * The "do not remove the directory the user started Git in" logic, + when Git cannot tell where that directory is, is disabled. Earlier + we refused to run in such a case. + + * A mechanism to pack unreachable objects into a "cruft pack", + instead of ejecting them into loose form to be reclaimed later, has + been introduced. + + * Update the doctype written in gitweb output to xhtml5. + + * The "transfer.credentialsInURL" configuration variable controls what + happens when a URL with embedded login credential is used on either + "fetch" or "push". Credentials are currently only detected in + `remote.<name>.url` config, not `remote.<name>.pushurl`. + + * "git revert" learns "--reference" option to use more human-readable + reference to the commit it reverts in the message template it + prepares for the user. + + * Various error messages that talk about the removal of + "--preserve-merges" in "rebase" have been strengthened, and "rebase + --abort" learned to get out of a state that was left by an earlier + use of the option. + + +Performance, Internal Implementation, Development Support etc. + + * The performance of the "untracked cache" feature has been improved + when "--untracked-files=<mode>" and "status.showUntrackedFiles" + are combined. + + * "git stash" works better with sparse index entries. + + * "git show :<path>" learned to work better with the sparse-index + feature. + + * Introduce and apply coccinelle rule to discourage an explicit + comparison between a pointer and NULL, and applies the clean-up to + the maintenance track. + + * Preliminary code refactoring around transport and bundle code. + + * "sparse-checkout" learns to work better with the sparse-index + feature. + + * A workflow change for translators are being proposed. git.pot is + no longer version controlled and it is local responsibility of + translators to generate it. + + * Plug the memory leaks from the trickiest API of all, the revision + walker. + + * Rename .env_array member to .env in the child_process structure. + + * The fsmonitor--daemon handles even more corner cases when + watching filesystem events. + + * A new bug() and BUG_if_bug() API is introduced to make it easier to + uniformly log "detect multiple bugs and abort in the end" pattern. + + +Fixes since v2.36 +----------------- + + * "git submodule update" without pathspec should silently skip an + uninitialized submodule, but it started to become noisy by mistake. + (merge 4f1ccef87c gc/submodule-update-part2 later to maint). + + * "diff-tree --stdin" has been broken for about a year, but 2.36 + release broke it even worse by breaking running the command with + <pathspec>, which in turn broke "gitk" and got noticed. This has + been corrected by aligning its behaviour to that of "log". + (merge f8781bfda3 jc/diff-tree-stdin-fix later to maint). + + * Regression fix for 2.36 where "git name-rev" started to sometimes + reference strings after they are freed. + (merge 45a14f578e rs/name-rev-fix-free-after-use later to maint). + + * "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec + when showing the second and subsequent commits, which has been + corrected. + (merge 5cdb38458e jc/show-pathspec-fix later to maint). + + * "git fast-export -- <pathspec>" lost the pathspec when showing the + second and subsequent commits, which has been corrected. + (merge d1c25272f5 rs/fast-export-pathspec-fix later to maint). + + * "git format-patch <args> -- <pathspec>" lost the pathspec when + showing the second and subsequent commits, which has been + corrected. + (merge 91f8f7e46f rs/format-patch-pathspec-fix later to maint). + + * "git clone --origin X" leaked piece of memory that held value read + from the clone.defaultRemoteName configuration variable, which has + been plugged. + (merge 6dfadc8981 jc/clone-remote-name-leak-fix later to maint). + + * Get rid of a bogus and over-eager coccinelle rule. + (merge 08bdd3a185 jc/cocci-xstrdup-or-null-fix later to maint). + + * The path taken by "git multi-pack-index" command from the end user + was compared with path internally prepared by the tool without first + normalizing, which lead to duplicated paths not being noticed, + which has been corrected. + (merge 11f9e8de3d ds/midx-normalize-pathname-before-comparison later to maint). + + * Correct choices of C compilers used in various CI jobs. + (merge 3506cae04f ab/cc-package-fixes later to maint). + + * Various cleanups to "git p4". + (merge 4ff0108d9e jh/p4-various-fixups later to maint). + + * The progress meter of "git blame" was showing incorrect numbers + when processing only parts of the file. + (merge e5f5d7d42e ea/progress-partial-blame later to maint). + + * "git rebase --keep-base <upstream> <branch-to-rebase>" computed the + commit to rebase onto incorrectly, which has been corrected. + (merge 9e5ebe9668 ah/rebase-keep-base-fix later to maint). + + * Fix a leak of FILE * in an error codepath. + (merge c0befa0c03 kt/commit-graph-plug-fp-leak-on-error later to maint). + + * Avoid problems from interaction between malloc_check and address + sanitizer. + (merge 067109a5e7 pw/test-malloc-with-sanitize-address later to maint). + + * The commit summary shown after making a commit is matched to what + is given in "git status" not to use the break-rewrite heuristics. + (merge 84792322ed rs/commit-summary-wo-break-rewrite later to maint). + + * Update a few end-user facing messages around EOL conversion. + (merge c970d30c2c ah/convert-warning-message later to maint). + + * Trace2 documentation updates. + (merge a6c80c313c js/trace2-doc-fixes later to maint). + + * Build procedure fixup. + (merge 1fbfd96f50 mg/detect-compiler-in-c-locale later to maint). + + * "git pull" without "--recurse-submodules=<arg>" made + submodule.recurse take precedence over fetch.recurseSubmodules by + mistake, which has been corrected. + (merge 5819417365 gc/pull-recurse-submodules later to maint). + + * "git bisect" was too silent before it is ready to start computing + the actual bisection, which has been corrected. + (merge f11046e6de cd/bisect-messages-from-pre-flight-states later to maint). + + * macOS CI jobs have been occasionally flaky due to tentative version + skew between perforce and the homebrew packager. Instead of + failing the whole CI job, just let it skip the p4 tests when this + happens. + (merge f15e00b463 cb/ci-make-p4-optional later to maint). + + * A bit of test framework fixes with a few fixes to issues found by + valgrind. + (merge 7c898554d7 ab/valgrind-fixes later to maint). + + * "git archive --add-file=<path>" picked up the raw permission bits + from the path and propagated to zip output in some cases, without + normalization, which has been corrected (tar output did not have + this issue). + (merge 6a61661967 jc/archive-add-file-normalize-mode later to maint). + + * "make coverage-report" without first running "make coverage" did + not produce any meaningful result, which has been corrected. + (merge 96ddfecc5b ep/coverage-report-wants-test-to-have-run later to maint). + + * The "--current" option of "git show-branch" should have been made + incompatible with the "--reflog" mode, but this was not enforced, + which has been corrected. + (merge 41c64ae0e7 jc/show-branch-g-current later to maint). + + * "git fetch" unnecessarily failed when an unexpected optional + section appeared in the output, which has been corrected. + (merge 7709acf7be jt/fetch-peek-optional-section later to maint). + + * The way "git fetch" without "--update-head-ok" ensures that HEAD in + no worktree points at any ref being updated was too wasteful, which + has been optimized a bit. + (merge f7400da800 os/fetch-check-not-current-branch later to maint). + + * "git fetch --recurse-submodules" from multiple remotes (either from + a remote group, or "--all") used to make one extra "git fetch" in + the submodules, which has been corrected. + (merge 0353c68818 jc/avoid-redundant-submodule-fetch later to maint). + + * With a recent update to refuse access to repositories of other + people by default, "sudo make install" and "sudo git describe" + stopped working, which has been corrected. + (merge 6b11e3d52e cb/path-owner-check-with-sudo-plus later to maint). + + * The tests that ensured merges stop when interfering local changes + are present did not make sure that local changes are preserved; now + they do. + (merge 4b317450ce jc/t6424-failing-merge-preserve-local-changes later to maint). + + * Some real problems noticed by gcc 12 have been fixed, while false + positives have been worked around. + + * Update the version of FreeBSD image used in Cirrus CI. + (merge c58bebd4c6 pb/use-freebsd-12.3-in-cirrus-ci later to maint). + + * The multi-pack-index code did not protect the packfile it is going + to depend on from getting removed while in use, which has been + corrected. + (merge 4090511e40 tb/midx-race-in-pack-objects later to maint). + + * Teach "git repack --geometric" work better with "--keep-pack" and + avoid corrupting the repository when packsize limit is used. + (merge 66731ff921 tb/geom-repack-with-keep-and-max later to maint). + + * The documentation on the interaction between "--add-file" and + "--prefix" options of "git archive" has been improved. + (merge a75910602a rs/document-archive-prefix later to maint). + + * A git subcommand like "git add -p" spawns a separate git process + while relaying its command line arguments. A pathspec with only + negative elements was mistakenly passed with an empty string, which + has been corrected. + (merge b02fdbc80a jc/all-negative-pathspec later to maint). + + * With a more targeted workaround in http.c in another topic, we may + be able to lift this blanket "GCC12 dangling-pointer warning is + broken and unsalvageable" workaround. + (merge 419141e495 cb/buggy-gcc-12-workaround later to maint). + + * A misconfigured 'branch..remote' led to a bug in configuration + parsing. + (merge f1dfbd9ee0 gc/zero-length-branch-config-fix later to maint). + + * "git -c diff.submodule=log range-diff" did not show anything for + submodules that changed in the ranges being compared, and + "git -c diff.submodule=diff range-diff" did not work correctly. + Fix this by including the "--submodule=short" output + unconditionally to be compared. + + * In Git 2.36 we revamped the way how hooks are invoked. One change + that is end-user visible is that the output of a hook is no longer + directly connected to the standard output of "git" that spawns the + hook, which was noticed post release. This is getting corrected. + (merge a082345372 ab/hooks-regression-fix later to maint). + + * Updating the graft information invalidates the list of parents of + in-core commit objects that used to be in the graft file. + + * "git show-ref --heads" (and "--tags") still iterated over all the + refs only to discard refs outside the specified area, which has + been corrected. + (merge c0c9d35e27 tb/show-ref-optim later to maint). + + * Remove redundant copying (with index v3 and older) or possible + over-reading beyond end of mmapped memory (with index v4) has been + corrected. + (merge 6d858341d2 zh/read-cache-copy-name-entry-fix later to maint). + + * Sample watchman interface hook sometimes failed to produce + correctly formatted JSON message, which has been corrected. + (merge 134047b500 sn/fsmonitor-missing-clock later to maint). + + * Use-after-free (with another forget-to-free) fix. + (merge 323822c72b ab/remote-free-fix later to maint). + + * Remove a coccinelle rule that is no longer relevant. + (merge b1299de4a1 jc/cocci-cleanup later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge e6b2582da3 cm/reftable-0-length-memset later to maint). + (merge 0b75e5bf22 ab/misc-cleanup later to maint). + (merge 52e1ab8a76 ea/rebase-code-simplify later to maint). + (merge 756d15923b sg/safe-directory-tests-and-docs later to maint). + (merge d097a23bfa ds/do-not-call-bug-on-bad-refs later to maint). + (merge c36c27e75c rs/t7812-pcre2-ws-bug-test later to maint). + (merge 1da312742d gf/unused-includes later to maint). + (merge 465b30a92d pb/submodule-recurse-mode-enum later to maint). + (merge 82b28c4ed8 km/t3501-use-test-helpers later to maint). + (merge 72315e431b sa/t1011-use-helpers later to maint). + (merge 95b3002201 cg/vscode-with-gdb later to maint). + (merge fbe5f6b804 tk/p4-utf8-bom later to maint). + (merge 17f273ffba tk/p4-with-explicity-sync later to maint). + (merge 944db25c60 kf/p4-multiple-remotes later to maint). + (merge b014cee8de jc/update-ozlabs-url later to maint). + (merge 4ec5008062 pb/ggg-in-mfc-doc later to maint). + (merge af845a604d tb/receive-pack-code-cleanup later to maint). + (merge 2acf4cf001 js/ci-gcc-12-fixes later to maint). + (merge 05e280c0a6 jc/http-clear-finished-pointer later to maint). + (merge 8c49d704ef fh/transport-push-leakfix later to maint). + (merge 1d232d38bd tl/ls-tree-oid-only later to maint). + (merge db7961e6a6 gc/document-config-worktree-scope later to maint). + (merge ce18a30bb7 fs/ssh-default-key-command-doc later to maint). diff --git a/Documentation/RelNotes/2.37.1.txt b/Documentation/RelNotes/2.37.1.txt new file mode 100644 index 0000000..8460932 --- /dev/null +++ b/Documentation/RelNotes/2.37.1.txt @@ -0,0 +1,17 @@ +Git 2.37.1 Release Notes +======================== + +This release merges up the fixes that appear in v2.30.5, v2.31.4, +v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the +security issue CVE-2022-29187; see the release notes for these +versions for details. + +Fixes since Git 2.37 +-------------------- + + * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't + correctly record a removed file to the index, which is an old + regression but has become widely known because the C version has + become the default in the latest release. + + * Fix for CVS-2022-29187. diff --git a/Documentation/RelNotes/2.37.2.txt b/Documentation/RelNotes/2.37.2.txt new file mode 100644 index 0000000..d82b29e --- /dev/null +++ b/Documentation/RelNotes/2.37.2.txt @@ -0,0 +1,88 @@ +Git 2.37.2 Release Notes +======================== + +This primarily is to backport various fixes accumulated on the 'master' +front since 2.37.1. + +Fixes since v2.37.1 +------------------- + + * "git shortlog -n" relied on the underlying qsort() to be stable, + which shouldn't have. Fixed. + + * Variable quoting fix in the vimdiff driver of "git mergetool". + + * An earlier attempt to plug leaks placed a clean-up label to jump to + at a bogus place, which as been corrected. + + * Fixes a long-standing corner case bug around directory renames in + the merge-ort strategy. + + * Recent update to vimdiff layout code has been made more robust + against different end-user vim settings. + + * In a non-bare repository, the behavior of Git when the + core.worktree configuration variable points at a directory that has + a repository as its subdirectory, regressed in Git 2.27 days. + + * References to commands-to-be-typed-literally in "git rebase" + documentation mark-up have been corrected. + + * Give _() markings to fatal/warning/usage: labels that are shown in + front of these messages. + + * "git mktree --missing" lazily fetched objects that are missing from + the local object store, which was totally unnecessary for the purpose + of creating the tree object(s) from its input. + + * Fixes for tests when the source directory has unusual characters in + its path, e.g. whitespaces, double-quotes, etc. + + * Adjust technical/bitmap-format to be formatted by AsciiDoc, and + add some missing information to the documentation. + + * Certain diff options are currently ignored when combined-diff is + shown; mark them as incompatible with the feature. + + * "git clone" from a repository with some ref whose HEAD is unborn + did not set the HEAD in the resulting repository correctly, which + has been corrected. + + * mkstemp() emulation on Windows has been improved. + + * Add missing documentation for "include" and "includeIf" features in + "git config" file format, which incidentally teaches the command + line completion to include them in its offerings. + + * Avoid "white/black-list" in documentation and code comments. + + * Workaround for a compiler warning against use of die() in + osx-keychain (in contrib/). + + * Workaround for a false positive compiler warning. + + * The resolve-undo information in the index was not protected against + GC, which has been corrected. + + * A corner case bug where lazily fetching objects from a promisor + remote resulted in infinite recursion has been corrected. + + * "git p4" working on UTF-16 files on Windows did not implement + CRLF-to-LF conversion correctly, which has been corrected. + + * "git p4" did not handle non-ASCII client name well, which has been + corrected. + + * "rerere-train" script (in contrib/) used to honor commit.gpgSign + while recreating the throw-away merges. + + * "git checkout" miscounted the paths it updated, which has been + corrected. + + * Fix for a bug that makes write-tree to fail to write out a + non-existent index as a tree, introduced in 2.37. + + * There was a bug in the codepath to upgrade generation information + in commit-graph from v1 to v2 format, which has been corrected. + +Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.37.3.txt b/Documentation/RelNotes/2.37.3.txt new file mode 100644 index 0000000..d66689e --- /dev/null +++ b/Documentation/RelNotes/2.37.3.txt @@ -0,0 +1,46 @@ +Git 2.37.3 Release Notes +======================== + +This primarily is to backport various fixes accumulated on the 'master' +front since 2.37.2. + +Fixes since v2.37.2 +------------------- + + * The build procedure for Windows that uses CMake has been updated to + pick up the shell interpreter from local installation location. + + * Conditionally allow building Python interpreter on Windows + + * Fix to lstat() emulation on Windows. + + * Older gcc with -Wall complains about the universal zero initializer + "struct s = { 0 };" idiom, which makes developers' lives + inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The + build procedure has been tweaked to help these compilers. + + * Plug memory leaks in the failure code path in the "merge-ort" merge + strategy backend. + + * Avoid repeatedly running getconf to ask libc version in the test + suite, and instead just as it once per script. + + * Platform-specific code that determines if a directory is OK to use + as a repository has been taught to report more details, especially + on Windows. + + * "vimdiff3" regression has been corrected. + + * "git fsck" reads mode from tree objects but canonicalizes the mode + before passing it to the logic to check object sanity, which has + hid broken tree objects from the checking logic. This has been + corrected, but to help exiting projects with broken tree objects + that they cannot fix retroactively, the severity of anomalies this + code detects has been demoted to "info" for now. + + * Fixes to sparse index compatibility work for "reset" and "checkout" + commands. + + * Documentation for "git add --renormalize" has been improved. + +Also contains other minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.37.4.txt b/Documentation/RelNotes/2.37.4.txt new file mode 100644 index 0000000..e42a5c1 --- /dev/null +++ b/Documentation/RelNotes/2.37.4.txt @@ -0,0 +1,65 @@ +Git 2.37.4 Release Notes +======================== + +This primarily is to backport various fixes accumulated on the 'master' +front since 2.37.3, and also includes the same security fixes as in +v2.30.6. + +Fixes since v2.37.3 +------------------- + + * CVE-2022-39253: + When relying on the `--local` clone optimization, Git dereferences + symbolic links in the source repository before creating hardlinks + (or copies) of the dereferenced link in the destination repository. + This can lead to surprising behavior where arbitrary files are + present in a repository's `$GIT_DIR` when cloning from a malicious + repository. + + Git will no longer dereference symbolic links via the `--local` + clone mechanism, and will instead refuse to clone repositories that + have symbolic links present in the `$GIT_DIR/objects` directory. + + Additionally, the value of `protocol.file.allow` is changed to be + "user" by default. + + Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. + The fix was authored by Taylor Blau, with help from Johannes + Schindelin. + + * CVE-2022-39260: + An overly-long command string given to `git shell` can result in + overflow in `split_cmdline()`, leading to arbitrary heap writes and + remote code execution when `git shell` is exposed and the directory + `$HOME/git-shell-commands` exists. + + `git shell` is taught to refuse interactive commands that are + longer than 4MiB in size. `split_cmdline()` is hardened to reject + inputs larger than 2GiB. + + Credit for finding CVE-2022-39260 goes to Kevin Backhouse of + GitHub. The fix was authored by Kevin Backhouse, Jeff King, and + Taylor Blau. + + * An earlier optimization discarded a tree-object buffer that is + still in use, which has been corrected. + + * Fix deadlocks between main Git process and subprocess spawned via + the pipe_command() API, that can kill "git add -p" that was + reimplemented in C recently. + + * xcalloc(), imitating calloc(), takes "number of elements of the + array", and "size of a single element", in this order. A call that + does not follow this ordering has been corrected. + + * The preload-index codepath made copies of pathspec to give to + multiple threads, which were left leaked. + + * Update the version of Ubuntu used for GitHub Actions CI from 18.04 + to 22.04. + + * The auto-stashed local changes created by "git merge --autostash" + was mixed into a conflicted state left in the working tree, which + has been corrected. + +Also contains other minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.37.5.txt b/Documentation/RelNotes/2.37.5.txt new file mode 100644 index 0000000..faa1447 --- /dev/null +++ b/Documentation/RelNotes/2.37.5.txt @@ -0,0 +1,5 @@ +Git v2.37.5 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.37.6.txt b/Documentation/RelNotes/2.37.6.txt new file mode 100644 index 0000000..51dc149 --- /dev/null +++ b/Documentation/RelNotes/2.37.6.txt @@ -0,0 +1,7 @@ +Git v2.37.6 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7, v2.34.7, v2.35.7 and v2.36.5 to address the +security issues CVE-2023-22490 and CVE-2023-23946; see the release +notes for these versions for details. diff --git a/Documentation/RelNotes/2.37.7.txt b/Documentation/RelNotes/2.37.7.txt new file mode 100644 index 0000000..4b8165f --- /dev/null +++ b/Documentation/RelNotes/2.37.7.txt @@ -0,0 +1,7 @@ +Git v2.37.7 Release Notes +========================= + +This release merges up the fix that appears in v2.30.9, v2.31.8, +v2.32.7, v2.33.8, v2.34.8, v2.35.8 and v2.36.6 to address the +security issues CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.38.0.txt b/Documentation/RelNotes/2.38.0.txt new file mode 100644 index 0000000..870581f --- /dev/null +++ b/Documentation/RelNotes/2.38.0.txt @@ -0,0 +1,404 @@ +Git v2.38 Release Notes +======================= + +UI, Workflows & Features + + * "git remote show [-n] frotz" now pays attention to negative + pathspec. + + * "git push" sometimes performs poorly when reachability bitmaps are + used, even in a repository where other operations are helped by + bitmaps. The push.useBitmaps configuration variable is introduced + to allow disabling use of reachability bitmaps only for "git push". + + * "git grep -m<max-hits>" is a way to limit the hits shown per file. + + * "git merge-tree" learned a new mode where it takes two commits and + computes a tree that would result in the merge commit, if the + histories leading to these two commits were to be merged. + + * "git mv A B" in a sparsely populated working tree can be asked to + move a path between directories that are "in cone" (i.e. expected + to be materialized in the working tree) and "out of cone" + (i.e. expected to be hidden). The handling of such cases has been + improved. + + * Earlier, HTTP transport clients learned to tell the server side + what locale they are in by sending Accept-Language HTTP header, but + this was done only for some requests but not others. + + * Introduce a safe.barerepository configuration variable that + allows users to forbid discovery of bare repositories. + + * Various messages that come from the pack-bitmap codepaths have been + tweaked. + + * "git rebase -i" learns to update branches whose tip appear in the + rebased range with "--update-refs" option. + + * "git ls-files" learns the "--format" option to tweak its output. + + * "git cat-file" learned an option to use the mailmap when showing + commit and tag objects. + + * When "git merge" finds that it cannot perform a merge, it should + restore the working tree to the state before the command was + initiated, but in some corner cases it didn't. + + * Operating modes like "--batch" of "git cat-file" command learned to + take NUL-terminated input, instead of one-item-per-line. + + * "git rm" has become more aware of the sparse-index feature. + + * "git rev-list --disk-usage" learned to take an optional value + "human" to show the reported value in human-readable format, like + "3.40MiB". + + * The "diagnose" feature to create a zip archive for diagnostic + material has been lifted from "scalar" and made into a feature of + "git bugreport". + + * The namespaces used by "log --decorate" from "refs/" hierarchy by + default has been tightened. + + * "git rev-list --ancestry-path=C A..B" is a natural extension of + "git rev-list A..B"; instead of choosing a subset of A..B to those + that have ancestry relationship with A, it lets a subset with + ancestry relationship with C. + + * "scalar" now enables built-in fsmonitor on enlisted repositories, + when able. + + * The bash prompt (in contrib/) learned to optionally indicate when + the index is unmerged. + + * "git clone" command learned the "--bundle-uri" option to coordinate + with hosting sites the use of pre-prepared bundle files. + + * "git range-diff" learned to honor pathspec argument if given. + + * "git format-patch --from=<ident>" can be told to add an in-body + "From:" line even for commits that are authored by the given + <ident> with "--force-in-body-from" option. + + * The built-in fsmonitor refuses to work on a network mounted + repositories; a configuration knob for users to override this has + been introduced. + + * The "scalar" addition from Microsoft is now part of the core Git + installation. + + +Performance, Internal Implementation, Development Support etc. + + * Collection of what is referenced by objects in promisor packs have + been optimized to inspect these objects in the in-pack order. + + * Introduce a helper to see if a branch is already being worked on + (hence should not be newly checked out in a working tree), which + performs much better than the existing find_shared_symref() to + replace many uses of the latter. + + * Teach "git archive" to (optionally and then by default) avoid + spawning an external "gzip" process when creating ".tar.gz" (and + ".tgz") archives. + + * Allow large objects read from a packstream to be streamed into a + loose object file straight, without having to keep it in-core as a + whole. + + * Further preparation to turn git-submodule.sh into a builtin + continues. + + * Apply Coccinelle rule to turn raw memmove() into MOVE_ARRAY() cpp + macro, which would improve maintainability and readability. + + * Teach "make all" to build gitweb as well. + + * Tweak tests so that they still work when the "git init" template + did not create .git/info directory. + + * Add Coccinelle rules to detect the pattern of initializing and then + finalizing a structure without using it in between at all, which + happens after code restructuring and the compilers fail to + recognize as an unused variable. + + * The code to convert between GPG trust level strings and internal + constants we use to represent them have been cleaned up. + + * Support for libnettle as SHA256 implementation has been added. + + * The way "git multi-pack" uses parse-options API has been improved. + + * A Coccinelle rule (in contrib/) to encourage use of COPY_ARRAY + macro has been improved. + + * API tweak to make it easier to run fuzz testing on commit-graph parser. + + * Omit fsync-related trace2 entries when their values are all zero. + + * The codepath to write multi-pack index has been taught to release a + large chunk of memory that holds an array of objects in the packs, + as soon as it is done with the array, to reduce memory consumption. + + * Add a level of redirection to array allocation API in xdiff part, + to make it easier to share with the libgit2 project. + + * "git fetch" client logs the partial clone filter used in the trace2 + output. + + * The "bundle URI" design gets documented. + + * The common ancestor negotiation exchange during a "git fetch" + session now leaves trace log. + + * Test portability improvements. + (merge 4d1d843be7 mt/rot13-in-c later to maint). + + * The "subcommand" mode is introduced to parse-options API and update + the command line parser of Git commands with subcommands. + + * The pack bitmap file gained a bitmap-lookup table to speed up + locating the necessary bitmap for a given commit. + + * The assembly version of SHA-1 implementation for PPC has been + removed. + + * The server side that responds to "git fetch" and "git clone" + request has been optimized by allowing it to send objects in its + object store without recomputing and validating the object names. + + * Annotate function parameters that are not used (but cannot be + removed for structural reasons), to prepare us to later compile + with -Wunused warning turned on. + + * Share the text used to explain configuration variables used by "git + <subcmd>" in "git help <subcmd>" with the text from "git help config". + + * "git mv A B" in a sparsely populated working tree can be asked to + move a path from a directory that is "in cone" to another directory + that is "out of cone". Handling of such a case has been improved. + + * The chainlint script for our tests has been revamped. + + +Fixes since v2.37 +----------------- + + * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't + correctly record a removed file to the index, which was fixed. + + * Certain diff options are currently ignored when combined-diff is + shown; mark them as incompatible with the feature. + + * Adjust technical/bitmap-format to be formatted by AsciiDoc, and + add some missing information to the documentation. + + * Fixes for tests when the source directory has unusual characters in + its path, e.g. whitespaces, double-quotes, etc. + + * "git mktree --missing" lazily fetched objects that are missing from + the local object store, which was totally unnecessary for the purpose + of creating the tree object(s) from its input. + + * Give _() markings to fatal/warning/usage: labels that are shown in + front of these messages. + + * References to commands-to-be-typed-literally in "git rebase" + documentation mark-up have been corrected. + + * In a non-bare repository, the behavior of Git when the + core.worktree configuration variable points at a directory that has + a repository as its subdirectory, regressed in Git 2.27 days. + + * Recent update to vimdiff layout code has been made more robust + against different end-user vim settings. + + * Plug various memory leaks, both in the main code and in test-tool + commands. + + * Fixes a long-standing corner case bug around directory renames in + the merge-ort strategy. + + * The resolve-undo information in the index was not protected against + GC, which has been corrected. + + * A corner case bug where lazily fetching objects from a promisor + remote resulted in infinite recursion has been corrected. + + * "git clone" from a repository with some ref whose HEAD is unborn + did not set the HEAD in the resulting repository correctly, which + has been corrected. + + * An earlier attempt to plug leaks placed a clean-up label to jump to + at a bogus place, which as been corrected. + + * Variable quoting fix in the vimdiff driver of "git mergetool" + + * "git shortlog -n" relied on the underlying qsort() to be stable, + which shouldn't have. Fixed. + + * A fix for a regression in test framework. + + * mkstemp() emulation on Windows has been improved. + + * Add missing documentation for "include" and "includeIf" features in + "git config" file format, which incidentally teaches the command + line completion to include them in its offerings. + + * Avoid "white/black-list" in documentation and code comments. + + * Workaround for a compiler warning against use of die() in + osx-keychain (in contrib/). + + * Workaround for a false positive compiler warning. + + * "git p4" working on UTF-16 files on Windows did not implement + CRLF-to-LF conversion correctly, which has been corrected. + + * "git p4" did not handle non-ASCII client name well, which has been + corrected. + + * "rerere-train" script (in contrib/) used to honor commit.gpgSign + while recreating the throw-away merges. + + * "git checkout" miscounted the paths it updated, which has been + corrected. + + * Fix for a bug that makes write-tree to fail to write out a + non-existent index as a tree, introduced in 2.37. + + * There was a bug in the codepath to upgrade generation information + in commit-graph from v1 to v2 format, which has been corrected. + + * Gitweb had legacy URL shortener that is specific to the way + projects hosted on kernel.org used to (but no longer) work, which + has been removed. + + * Fix build procedure for Windows that uses CMake so that it can pick + up the shell interpreter from local installation location. + + * Conditionally allow building Python interpreter on Windows + + * Fix to lstat() emulation on Windows. + + * Older gcc with -Wall complains about the universal zero initializer + "struct s = { 0 };" idiom, which makes developers' lives + inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The + build procedure has been tweaked to help these compilers. + + * Plug memory leaks in the failure code path in the "merge-ort" merge + strategy backend. + + * "git symbolic-ref symref non..sen..se" is now diagnosed as an error. + + * A follow-up fix to a fix for a regression in 2.36 around hooks. + + * Avoid repeatedly running getconf to ask libc version in the test + suite, and instead just as it once per script. + + * Platform-specific code that determines if a directory is OK to use + as a repository has been taught to report more details, especially + on Windows. + + * "vimdiff3" regression fix. + + * "git fsck" reads mode from tree objects but canonicalizes the mode + before passing it to the logic to check object sanity, which has + hid broken tree objects from the checking logic. This has been + corrected, but to help existing projects with broken tree objects + that they cannot fix retroactively, the severity of anomalies this + code detects has been demoted to "info" for now. + + * Fixes to sparse index compatibility work for "reset" and "checkout" + commands. + + * An earlier optimization discarded a tree-object buffer that is + still in use, which has been corrected. + + * Fix deadlocks between main Git process and subprocess spawned via + the pipe_command() API, that can kill "git add -p" that was + reimplemented in C recently. + + * The sequencer machinery translated messages left in the reflog by + mistake, which has been corrected. + + * xcalloc(), imitating calloc(), takes "number of elements of the + array", and "size of a single element", in this order. A call that + does not follow this ordering has been corrected. + + * The preload-index codepath made copies of pathspec to give to + multiple threads, which were left leaked. + + * Update the version of Ubuntu used for GitHub Actions CI from 18.04 + to 22.04. + + * The auto-stashed local changes created by "git merge --autostash" + was mixed into a conflicted state left in the working tree, which + has been corrected. + + * Multi-pack index got corrupted when preferred pack changed from one + pack to another in a certain way, which has been corrected. + (merge 99e4d084ff tb/midx-with-changing-preferred-pack-fix later to maint). + + * The clean-up of temporary files created via mks_tempfile_dt() was + racy and attempted to unlink() the leading directory when signals + are involved, which has been corrected. + (merge babe2e0559 rs/tempfile-cleanup-race-fix later to maint). + + * FreeBSD portability fix for "git maintenance" that spawns "crontab" + to schedule tasks. + (merge ee69e7884e bc/gc-crontab-fix later to maint). + + * Those who use diff-so-fancy as the diff-filter noticed a regression + or two in the code that parses the diff output in the built-in + version of "add -p", which has been corrected. + (merge 0a101676e5 js/add-p-diff-parsing-fix later to maint). + + * Segfault fix-up to an earlier fix to the topic to teach "git reset" + and "git checkout" work better in a sparse checkout. + (merge 037f8ea6d9 vd/sparse-reset-checkout-fixes later to maint). + + * "git diff --no-index A B" managed its the pathnames of its two + input files rather haphazardly, sometimes leaking them. The + command line argument processing has been straightened out to clean + it up. + (merge 2b43dd0eb5 rs/diff-no-index-cleanup later to maint). + + * "git rev-list --verify-objects" ought to inspect the contents of + objects and notice corrupted ones, but it didn't when the commit + graph is in use, which has been corrected. + (merge b27ccae34b jk/rev-list-verify-objects-fix later to maint). + + * More fixes to "add -p" + (merge 64ec8efb83 js/builtin-add-p-portability-fix later to maint). + + * The parser in the script interface to parse-options in "git + rev-parse" has been updated to diagnose a bogus input correctly. + (merge f20b9c36d0 ow/rev-parse-parseopt-fix later to maint). + + * The code that manages list-object-filter structure, used in partial + clones, leaked the instances, which has been plugged. + (merge 66eede4a37 jk/plug-list-object-filter-leaks later to maint). + + * Fix another UI regression in the reimplemented "add -p". + (merge f6f0ee247f rs/add-p-worktree-mode-prompt-fix later to maint). + + * "git fetch" over protocol v2 sent an incorrect ref prefix request + to the server and made "git pull" with configured fetch refspec + that does not cover the remote branch to merge with fail, which has + been corrected. + (merge 49ca2fba39 jk/proto-v2-ref-prefix-fix later to maint). + + * A result from opendir() was leaking in the commit-graph expiration + codepath, which has been plugged. + (merge 12f1ae5324 ml/commit-graph-expire-dir-leak-fix later to maint). + + * Just like we have coding guidelines, we now have guidelines for + reviewers. + (merge e01b851923 vd/doc-reviewing-guidelines later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge 77b9e85c0f vd/fix-perf-tests later to maint). + (merge 0682bc43f5 jk/test-crontab-fixes later to maint). + (merge b46dd1726c cc/doc-trailer-whitespace-rules later to maint). diff --git a/Documentation/RelNotes/2.38.1.txt b/Documentation/RelNotes/2.38.1.txt new file mode 100644 index 0000000..b2b5854 --- /dev/null +++ b/Documentation/RelNotes/2.38.1.txt @@ -0,0 +1,5 @@ +Git v2.38.1 Release Notes +========================= + +This release merges the security fix that appears in v2.30.6; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.38.2.txt b/Documentation/RelNotes/2.38.2.txt new file mode 100644 index 0000000..92acb62 --- /dev/null +++ b/Documentation/RelNotes/2.38.2.txt @@ -0,0 +1,67 @@ +Git 2.38.2 Release Notes +======================== + +This is to backport various fixes accumulated during the development +towards Git 2.39, the next feature release. + + +Fixes since v2.38.1 +------------------- + + * Update CodingGuidelines to clarify what features to use and avoid + in C99. + + * The codepath that reads from the index v4 had unaligned memory + accesses, which has been corrected. + + * "git remote rename" failed to rename a remote without fetch + refspec, which has been corrected. + + * "git clone" did not like to see the "--bare" and the "--origin" + options used together without a good reason. + + * Fix messages incorrectly marked for translation. + + * "git fsck" failed to release contents of tree objects already used + from the memory, which has been fixed. + + * "git rebase -i" can mistakenly attempt to apply a fixup to a commit + itself, which has been corrected. + + * In read-only repositories, "git merge-tree" tried to come up with a + merge result tree object, which it failed (which is not wrong) and + led to a segfault (which is bad), which has been corrected. + + * Force C locale while running tests around httpd to make sure we can + find expected error messages in the log. + + * Fix a logic in "mailinfo -b" that miscomputed the length of a + substring, which lead to an out-of-bounds access. + + * The codepath to sign learned to report errors when it fails to read + from "ssh-keygen". + + * "GIT_EDITOR=: git branch --edit-description" resulted in failure, + which has been corrected. + + * Documentation on various Boolean GIT_* environment variables have + been clarified. + + * "git multi-pack-index repack/expire" used to repack unreachable + cruft into a new pack, which have been corrected. + + * The code to clean temporary object directories (used for + quarantine) tried to remove them inside its signal handler, which + was a no-no. + + * "git branch --edit-description" on an unborh branch misleadingly + said that no such branch exists, which has been corrected. + + * GitHub CI settings have been adjusted to recent reality, merging + and cherry-picking necessary topics that have been prepared for Git + 2.39. + + * `git rebase --update-refs` would delete references when all `update-ref` + commands in the sequencer were removed, which has been corrected. + +Also contains various documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.38.3.txt b/Documentation/RelNotes/2.38.3.txt new file mode 100644 index 0000000..4a46bb4 --- /dev/null +++ b/Documentation/RelNotes/2.38.3.txt @@ -0,0 +1,5 @@ +Git v2.38.3 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.38.4.txt b/Documentation/RelNotes/2.38.4.txt new file mode 100644 index 0000000..fdfde22 --- /dev/null +++ b/Documentation/RelNotes/2.38.4.txt @@ -0,0 +1,7 @@ +Git v2.38.4 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7, v2.34.7, v2.35.7, v2.36.5 and v2.37.6 to +address the security issues CVE-2023-22490 and CVE-2023-23946; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.38.5.txt b/Documentation/RelNotes/2.38.5.txt new file mode 100644 index 0000000..2d1f3b1 --- /dev/null +++ b/Documentation/RelNotes/2.38.5.txt @@ -0,0 +1,8 @@ +Git v2.38.5 Release Notes +========================= + +This release merges up the fix that appears in v2.30.9, v2.31.8, +v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6 and v2.37.7 to address +the security issues CVE-2023-25652, CVE-2023-25815, and +CVE-2023-29007; see the release notes for these versions for +details. diff --git a/Documentation/RelNotes/2.39.0.txt b/Documentation/RelNotes/2.39.0.txt new file mode 100644 index 0000000..9bf00ec --- /dev/null +++ b/Documentation/RelNotes/2.39.0.txt @@ -0,0 +1,346 @@ +Git v2.39 Release Notes +======================= + +UI, Workflows & Features +------------------------ + + * "git grep" learned to expand the sparse-index more lazily and on + demand in a sparse checkout. + + * By default, use of fsmonitor on a repository on networked + filesystem is disabled. Add knobs to make it workable on macOS. + + * After checking out a "branch" that is a symbolic-ref that points at + another branch, "git symbolic-ref HEAD" reports the underlying + branch, not the symbolic-ref the user gave checkout as argument. + The command learned the "--no-recurse" option to stop after + dereferencing a symbolic-ref only once. + + * "git branch --edit-description @{-1}" is now a way to edit branch + description of the branch you were on before switching to the + current branch. + + * "git merge-tree --stdin" is a new way to request a series of merges + and report the merge results. + + * "git shortlog" learned to group by the "format" string. + + * A new "--include-whitespace" option is added to "git patch-id", and + existing bugs in the internal patch-id logic that did not match + what "git patch-id" produces have been corrected. + + * Enable gc.cruftpacks by default for those who opt into + feature.experimental setting. + + * "git repack" learns to send cruft objects out of the way into + packfiles outside the repository. + + * 'scalar reconfigure -a' is taught to automatically remove + scalar.repo entires which no longer exist. + + * Redact headers from cURL's h2h3 module in GIT_CURL_VERBOSE and + others. + + * 'git maintenance register' is taught to write configuration to an + arbitrary path, and 'git for-each-repo' is taught to expand tilde + characters in paths. + + * When creating new notes, the template used to get a stray empty + newline, which has been removed. + + * "git receive-pack" used to use all the local refs as the boundary for + checking connectivity of the data "git push" sent, but now it uses + only the refs that it advertised to the pusher. In a repository with + the .hideRefs configuration, this reduces the resources needed to + perform the check. + + * With '--recurse-submodules=on-demand', all submodules are + recursively pushed. + + +Performance, Internal Implementation, Development Support etc. +-------------------------------------------------------------- + + * With a bit of header twiddling, use the native regexp library on + macOS instead of the compat/ one. + + * Prepare for GNU [ef]grep that throw warning of their uses. + + * Sources related to fuzz testing have been moved down to their own + directory. + + * Most credential helpers ignored unknown entries in a credential + description, but a few died upon seeing them. The latter were + taught to ignore them, too + + * "scalar unregister" in a repository that is already been + unregistered reported an error. + + * Remove error detection from a function that fetches from promisor + remotes, and make it die when such a fetch fails to bring all the + requested objects, to give an early failure to various operations. + + * Update CodingGuidelines to clarify what features to use and avoid + in C99. + + * Avoid false-positive from LSan whose assumption may be broken with + higher optimization levels. + + * Enable address and undefined sanitizer tasks at GitHub Actions CI. + + * More UNUSED annotation to help using -Wunused option with the + compiler. + (merge 4b992f0a24 jk/unused-anno-more later to maint). + + * Rewrite a deep recursion in the skipping negotiator to use a loop + with on-heap prio queue to avoid stack wastage. + + * Add documentation for message IDs in fsck error messages. + + * Define the logical elements of a "bundle list", data structure to + store them in-core, format to transfer them, and code to parse + them. + + * The role the security mailing list plays in an embargoed release + has been documented. + + * Two new facilities, "timer" and "counter", are introduced to the + trace2 API. + + * Code simplification by using strvec_pushf() instead of building an + argument in a separate strbuf. + + * Make sure generated dependency file is stably sorted to help + developers debugging their build issues. + + * The glossary entries for "commit-graph file" and "reachability + bitmap" have been added. + + * Various tests exercising the transfer.credentialsInUrl + configuration are taught to avoid making requests which require + resolving localhost to reduce CI-flakiness. + + * A redundant diagnostic message is dropped from test_path_is_missing(). + + * Simplify the run-command API. + + * Update the actions/github-script dependency in CI to avoid a + deprecation warning. + + * Progress on being able to initialize a rev_info struct with a + macro. + + * Add trace2 counters to the region to clear skip worktree bits in a + sparse checkout. + + * Modernize test script to avoid "test -f" and friends. + + * Avoid calling 'cache_tree_update()' when doing so would be + redundant. + + * Update the credential-cache documentation to provide a more + realistic example. + + * Makefile comments updates and reordering to clarify knobs used to + choose SHA implementations. + + * A design document for sparse-checkout's future directions has been + added. + + * Teach chainlint.pl to annotate the original test definition instead + of the token stream. + + * "make coccicheck" is time consuming. It has been made to run more + incrementally. + + * `parse_object()` has been hardened to check for the existence of a + suspected blob object. + + * The build procedure has been adjusted to GNUmake version 4.4, which + made some changes to how pattern rule with multiple targets are + handled. + + +Fixes since v2.38 +----------------- + + * The codepath that reads from the index v4 had unaligned memory + accesses, which has been corrected. + + * Fix messages incorrectly marked for translation. + + * "git fsck" failed to release contents of tree objects already used + from the memory, which has been fixed. + + * "git clone" did not like to see the "--bare" and the "--origin" + options used together without a good reason. + + * "git remote rename" failed to rename a remote without fetch + refspec, which has been corrected. + + * Documentation on various Boolean GIT_* environment variables have + been clarified. + + * "git rebase -i" can mistakenly attempt to apply a fixup to a commit + itself, which has been corrected. + + * "git multi-pack-index repack/expire" used to repack unreachable + cruft into a new pack, which have been corrected. + + * In read-only repositories, "git merge-tree" tried to come up with a + merge result tree object, which it failed (which is not wrong) and + led to a segfault (which is bad), which has been corrected. + + * Force C locale while running tests around httpd to make sure we can + find expected error messages in the log. + + * Fix a logic in "mailinfo -b" that miscomputed the length of a + substring, which lead to an out-of-bounds access. + + * The codepath to sign learned to report errors when it fails to read + from "ssh-keygen". + + * Code clean-up that results in plugging a leak. + + * "GIT_EDITOR=: git branch --edit-description" resulted in failure, + which has been corrected. + + * The code to clean temporary object directories (used for + quarantine) tried to remove them inside its signal handler, which + was a no-no. + + * Update comment in the Makefile about the RUNTIME_PREFIX config knob. + + * Clarify that "the sentence after <area>: prefix does not begin with + a capital letter" rule applies only to the commit title. + + * "git branch --edit-description" on an unborn branch misleadingly + said that no such branch exists, which has been corrected. + + * Work around older clang that warns against C99 zero initialization + syntax for struct. + + * Giving "--invert-grep" and "--all-match" without "--grep" to the + "git log" command resulted in an attempt to access grep pattern + expression structure that has not been allocated, which has been + corrected. + (merge db84376f98 ab/grep-simplify-extended-expression later to maint). + + * "git diff rev^!" did not show combined diff to go to the rev from + its parents. + (merge a79c6b6081 rs/diff-caret-bang-with-parents later to maint). + + * Allow configuration files in "protected" scopes to include other + configuration files. + (merge ecec57b3c9 gc/bare-repo-discovery later to maint). + + * Give a bit more diversity to macOS CI by using sha1dc in one of the + jobs (the other one tests Apple Common Crypto). + (merge 1ad5c3df35 jc/ci-osx-with-sha1dc later to maint). + + * A bugfix with tracing support in midx codepath + (merge e9c3839944 tb/midx-bitmap-selection-fix later to maint). + + * When geometric repacking feature is in use together with the + --pack-kept-objects option, we lost packs marked with .keep files. + (merge 197443e80a tb/save-keep-pack-during-geometric-repack later to maint). + + * Move a global variable added as a hack during regression fixes to + its proper place in the API. + (merge 0b0ab95f17 ab/run-hook-api-cleanup later to maint). + + * Update to build procedure with VS using CMake/CTest. + (merge c858750b41 js/cmake-updates later to maint). + + * The short-help text shown by "git cmd -h" and the synopsis text + shown at the beginning of "git help cmd" have been made more + consistent. + + * When creating a multi-pack bitmap, remove per-pack bitmap files + unconditionally as they will never be consulted. + (merge 55d902cd61 tb/remove-unused-pack-bitmap later to maint). + + * Fix a longstanding syntax error in Git.pm error codepath. + + * "git diff --stat" etc. were invented back when everything was ASCII + and strlen() was a way to measure the display width of a string; + adjust them to compute the display width assuming UTF-8 pathnames. + (merge ce8529b2bb tb/diffstat-with-utf8-strwidth later to maint). + + * "git branch --edit-description" can exit with status -1 which is + not a good practice; it learned to use 1 as everybody else instead. + + * "git apply" limits its input to a bit less than 1 GiB. + + * Merging a branch with directory renames into a branch that changes + the directory to a symlink was mishandled by the ort merge + strategy, which has been corrected. + + * A bugfix to "git subtree" in its split and merge features. + + * Fix some bugs in the reflog messages when rebasing and changes the + reflog messages of "rebase --apply" to match "rebase --merge" with + the aim of making the reflog easier to parse. + + * "git rebase --keep-base" used to discard the commits that are + already cherry-picked to the upstream, even when "keep-base" meant + that the base, on top of which the history is being rebuilt, does + not yet include these cherry-picked commits. The --keep-base + option now implies --reapply-cherry-picks and --no-fork-point + options. + + * The way "git repack" created temporary files when it received a + signal was prone to deadlocking, which has been corrected. + + * Various tests exercising the transfer.credentialsInUrl + configuration are taught to avoid making requests which require + resolving localhost to reduce CI-flakiness. + + * The adjust_shared_perm() helper function learned to refrain from + setting the "g+s" bit on directories when it is not necessary. + + * "git archive" mistakenly complained twice about a missing + executable, which has been corrected. + + * Fix a bug where `git branch -d` did not work on an orphaned HEAD. + + * `git rebase --update-refs` would delete references when all + `update-ref` commands in the sequencer were removed, which has been + corrected. + + * Fix a regression in the bisect-helper which mistakenly treats + arguments to the command given to 'git bisect run' as arguments to + the helper. + + * Correct an error where `git rebase` would mistakenly use a branch or + tag named "refs/rewritten/xyz" when missing a rebase label. + + * Assorted fixes of parsing end-user input as integers. + (merge 14770cf0de pw/config-int-parse-fixes later to maint). + + * "git prune" may try to iterate over .git/objects/pack for trash + files to remove in it, and loudly fail when the directory is + missing, which is not necessary. The command has been taught to + ignore such a failure. + (merge 6974765352 ew/prune-with-missing-objects-pack later to maint). + + * Add one more candidate directory that may house httpd modules while + running tests. + (merge 1c7dc23d41 es/locate-httpd-module-location-in-test later to maint). + + * A handful of leaks in the line-log machinery have been plugged. + + * The format of a line in /proc/cpuinfo that describes a CPU on s390x + looked different from everybody else, and the code in chainlint.pl + failed to parse it. + (merge 1f51b77f4f ah/chainlint-cpuinfo-parse-fix later to maint). + + * Adjust the GitHub CI to newer ubuntu release. + (merge 0d3507f3e7 jx/ci-ubuntu-fix later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge 413bc6d20a ds/cmd-main-reorder later to maint). + (merge 8d2863e4ed nw/t1002-cleanup later to maint). + (merge 7c2dc122f9 rs/list-objects-filter-leakfix later to maint). + (merge 288fcb1c94 zk/push-use-bitmaps later to maint). + (merge 42db324c0f km/merge-recursive-typofix later to maint). diff --git a/Documentation/RelNotes/2.39.1.txt b/Documentation/RelNotes/2.39.1.txt new file mode 100644 index 0000000..60c86f4 --- /dev/null +++ b/Documentation/RelNotes/2.39.1.txt @@ -0,0 +1,5 @@ +Git v2.39.1 Release Notes +========================= + +This release merges the security fix that appears in v2.30.7; see +the release notes for that version for details. diff --git a/Documentation/RelNotes/2.39.2.txt b/Documentation/RelNotes/2.39.2.txt new file mode 100644 index 0000000..ebb9900 --- /dev/null +++ b/Documentation/RelNotes/2.39.2.txt @@ -0,0 +1,7 @@ +Git v2.39.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.30.8, v2.31.7, +v2.32.6, v2.33.7, v2.34.7, v2.35.7, v2.36.5, v2.37.6 and v2.38.4 +to address the security issues CVE-2023-22490 and CVE-2023-23946; +see the release notes for these versions for details. diff --git a/Documentation/RelNotes/2.39.3.txt b/Documentation/RelNotes/2.39.3.txt new file mode 100644 index 0000000..66351b6 --- /dev/null +++ b/Documentation/RelNotes/2.39.3.txt @@ -0,0 +1,64 @@ +Git v2.39.3 Release Notes +========================= + +This release merges up the fix that appears in v2.30.9, v2.31.8, +v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7 and v2.38.5 to +address the security issues CVE-2023-25652, CVE-2023-25815, and +CVE-2023-29007; see the release notes for these versions for +details. + +This release also merges fixes that have accumulated on the 'master' +front to prepare for the 2.40 release that are still relevant to +2.39.x maintenance track. + +Fixes since v2.39.2 +------------------- + + * Stop running win+VS build by default. + + * CI updates. We probably want a clean-up to move the long shell + script embedded in yaml file into a separate file, but that can + come later. + + * Avoid unnecessary builds in CI, with settings configured in + ci-config. + + * Redefining system functions for a few functions did not follow our + usual "implement git_foo() and #define foo(args) git_foo(args)" + pattern, which has broken build for some folks. + + * Deal with a few deprecation warning from cURL library. + + * Newer regex library macOS stopped enabling GNU-like enhanced BRE, + where '\(A\|B\)' works as alternation, unless explicitly asked with + the REG_ENHANCED flag. "git grep" now can be compiled to do so, to + retain the old behaviour. + + * When given a pattern that matches an empty string at the end of a + line, the code to parse the "git diff" line-ranges fell into an + infinite loop, which has been corrected. + + * Fix the sequence to fsync $GIT_DIR/packed-refs file that forgot to + flush its output to the disk.. + + * "git diff --relative" did not mix well with "git diff --ext-diff", + which has been corrected. + + * The logic to see if we are using the "cone" mode by checking the + sparsity patterns has been tightened to avoid mistaking a pattern + that names a single file as specifying a cone. + + * Doc update for environment variables set when hooks are invoked. + + * Document ORIG_HEAD a bit more. + + * "git ls-tree --format='%(path) %(path)' $tree $path" showed the + path three times, which has been corrected. + + * Document that "branch -f <branch>" disables only the safety to + avoid recreating an existing branch. + + * Clarify how "checkout -b/-B" and "git branch [-f]" are similar but + different in the documentation. + +Also contains minor documentation updates and code clean-ups. diff --git a/Documentation/RelNotes/2.40.0.txt b/Documentation/RelNotes/2.40.0.txt new file mode 100644 index 0000000..3ea445b --- /dev/null +++ b/Documentation/RelNotes/2.40.0.txt @@ -0,0 +1,320 @@ +Git v2.40 Release Notes +======================= + +UI, Workflows & Features + + * "merge-tree" learns a new `--merge-base` option. + + * "git jump" (in contrib/) learned to present the "quickfix list" to + its standard output (instead of letting it consumed by the editor + it invokes), and learned to also drive emacs/emacsclient. + + * "git var UNKNOWN_VARIABLE" and "git var VARIABLE" with the variable + given an empty value used to behave identically. Now the latter + just gives an empty output, while the former still gives an error + message. + + * Introduce a case insensitive mode to the Bash completion helpers. + + * The advice message given by "git status" when it takes long time to + enumerate untracked paths has been updated. + + * Just like "git var GIT_EDITOR" abstracts the complex logic to + choose which editor gets used behind it, "git var" now give support + to GIT_SEQUENCE_EDITOR. + + * "git format-patch" learned to honor format.mboxrd even when sending + patches to the standard output stream, + + * 'cat-file' gains mailmap support for its '--batch-check' and '-s' + options. + + * Conditionally skip the pre-applypatch and applypatch-msg hooks when + applying patches with 'git am'. + + * Introduce an optional configuration to allow the trailing hash that + protects the index file from bit flipping. + + * "git check-attr" learned to take an optional tree-ish to read the + .gitattributes file from. + + * "scalar" learned to give progress bar. + + * "grep -P" learned to use Unicode Character Property to grok + character classes when processing \b and \w etc. + + * "git rebase" often ignored incompatible options instead of + complaining, which has been corrected. + + * "scalar" warns but continues when its periodic maintenance + feature cannot be enabled. + + * The bundle-URI subsystem adds support for creation-token heuristics + to help incremental fetches. + + * Userdiff regexp update for Java language. + + * "git fetch --jobs=0" used to hit a BUG(), which has been corrected + to use the available CPUs. + + * An invalid label or ref in the "rebase -i" todo file used to + trigger an runtime error. SUch an error is now diagnosed while the + todo file is parsed. + + * The "diff" drivers specified by the "diff" attribute attached to + paths can now specify which algorithm (e.g. histogram) to use. + + * "git range-diff" learned --abbrev=<num> option. + + * "git archive HEAD^{tree}" records the paths with the current + timestamp in the archive, making it harder to obtain a stable + output. The command learned the --mtime option to specify an + arbitrary timestamp (e.g. --mtime="@0 +0000" for the epoch). + + * The credential subsystem learned that a password may have an + explicit expiration. + + * The format.attach configuration variable lacked a way to override a + value defined in a lower-priority configuration file (e.g. the + system one) by redefining it in a higher-priority configuration + file. Now, setting format.attach to an empty string means show the + patch inline in the e-mail message, without using MIME attachment. + + This is a backward incompatible change. + + +Performance, Internal Implementation, Development Support etc. + + * `git bisect` becomes a builtin. + + * The pack-bitmap machinery is taught to log the paths of redundant + bitmap(s) to trace2 instead of stderr. + + * Use the SHA1DC implementation on macOS, just like other platforms, + by default. + + * Even in a repository with promisor remote, it is useless to + attempt to lazily attempt fetching an object that is expected to be + commit, because no "filter" mode omits commit objects. Take + advantage of this assumption to fail fast on errors. + + * Stop using "git --super-prefix" and narrow the scope of its use to + the submodule--helper. + + * Stop running win+VS build by default. + + * CI updates. We probably want a clean-up to move the long shell + script embedded in yaml file into a separate file, but that can + come later. + + * Use `git diff --no-index` as a test_cmp on Windows. + + We'd probably need to revisit "do we really want to, and have to, + lose CRLF vs LF?" later, at which time we may be able to further + clean this up by replacing "git diff --no-index" with "diff -u". + + * Avoid unnecessary builds in CI, with settings configured in + ci-config. + + * Plug leaks in sequencer subsystem and its users. + + * In-tree .gitattributes update to match the way we recommend our + users to mark a file as text. + (merge 1f34e0cd3d po/attributes-text later to maint). + + * Finally retire the scripted "git add -p/-i" implementation and have + everybody use the one reimplemented in C. + + +Fixes since v2.39 +----------------- + + * Various leak fixes. + + * Fix a bug where `pack-objects` would not respect multiple `--filter` + arguments when invoked directly. + (merge d4f7036887 rs/multi-filter-args later to maint). + + * Make fsmonitor more robust to avoid the flakiness seen in t7527. + (merge 6692d45477 jh/t7527-unflake-by-forcing-cookie later to maint). + + * Stop using deprecated macOS API in fsmonitor. + (merge b0226007f0 jh/fsmonitor-darwin-modernize later to maint). + + * Redefining system functions for a few functions did not follow our + usual "implement git_foo() and #define foo(args) git_foo(args)" + pattern, which has broken build for some folks. + + * The way the diff machinery prepares the options array for the + parse_options API has been refactored to avoid resource leaks. + (merge 189e97bc4b rs/diff-parseopts later to maint). + + * Correct pthread API usage. + (merge 786e67611d sx/pthread-error-check-fix later to maint). + + * The code to auto-correct a misspelt subcommand unnecessarily called + into git_default_config() from the early config codepath, which was + a no-no. This has bee corrected. + (merge 0918d08887 sg/help-autocorrect-config-fix later to maint). + + * "git http-fetch" (which is rarely used) forgot to identify itself + in the trace2 output. + (merge 7abb43cbc8 jt/http-fetch-trace2-report-name later to maint). + + * The output from "git diff --stat" on an unmerged path lost the + terminating LF in Git 2.39, which has been corrected. + (merge 209d9cb011 pg/diff-stat-unmerged-regression-fix later to maint). + + * "git pull -v --recurse-submodules" attempted to pass "-v" down to + underlying "git submodule update", which did not understand the + request and barfed, which has been corrected. + (merge 6f65f84766 ss/pull-v-recurse-fix later to maint). + + * When given a pattern that matches an empty string at the end of a + line, the code to parse the "git diff" line-ranges fell into an + infinite loop, which has been corrected. + + * Fix the sequence to fsync $GIT_DIR/packed-refs file that forgot to + flush its output to the disk.. + + * Fix to a small regression in 2.38 days. + + * "git diff --relative" did not mix well with "git diff --ext-diff", + which has been corrected. + + * The logic to see if we are using the "cone" mode by checking the + sparsity patterns has been tightened to avoid mistaking a pattern + that names a single file as specifying a cone. + + * Deal with a few deprecation warning from cURL library. + + * Doc update for environment variables set when hooks are invoked. + + * Document ORIG_HEAD a bit more. + + * "git ls-tree --format='%(path) %(path)' $tree $path" showed the + path three times, which has been corrected. + + * Remove "git env--helper" and demote it to a test-tool subcommand. + (merge 4a1baacd46 ab/test-env-helper later to maint). + + * Newer regex library macOS stopped enabling GNU-like enhanced BRE, + where '\(A\|B\)' works as alternation, unless explicitly asked with + the REG_ENHANCED flag. "git grep" now can be compiled to do so, to + retain the old behaviour. + + * Pthread emulation on Win32 leaked thread handle when a thread is + joined. + (merge 238a9dfe86 sk/win32-close-handle-upon-pthread-join later to maint). + + * "git send-email -v 3" used to be expanded to "git send-email + --validate 3" when the user meant to pass them down to + "format-patch", which has been corrected. + (merge 8774aa56ad km/send-email-with-v-reroll-count later to maint). + + * Document that "branch -f <branch>" disables only the safety to + avoid recreating an existing branch. + + * "git fetch <group>", when "<group>" of remotes lists the same + remote twice, unnecessarily failed when parallel fetching was + enabled, which has been corrected. + (merge 06a668cb90 cw/fetch-remote-group-with-duplication later to maint). + + * Clarify how "checkout -b/-B" and "git branch [-f]" are similar but + different in the documentation. + + * "git hash-object" now checks that the resulting object is well + formed with the same code as "git fsck". + (merge 8e4309038f jk/hash-object-fsck later to maint). + + * Improve the error message given when private key is not loaded in + the ssh agent in the codepath to sign with an ssh key. + (merge dce7b31126 as/ssh-signing-improve-key-missing-error later to maint). + + * Adjust "git request-pull" to strip embedded signature from signed + tags to notice non-PGP signatures. + (merge a9cad02538 gm/request-pull-with-non-pgp-signed-tags later to maint). + + * Remove support for MSys, which now lags way behind MSys2. + (merge 2987407f3c hj/remove-msys-support later to maint). + + * Fix use of CreateThread() API call made early in the windows + start-up code. + (merge 592bcab61b sk/winansi-createthread-fix later to maint). + + * "git pack-objects" learned to release delta-island bitmap data when + it is done using it, saving peak heap memory usage. + (merge 647982bb71 ew/free-island-marks later to maint). + + * In an environment where dynamically generated code is prohibited to + run (e.g. SELinux), failure to JIT pcre patterns is expected. Fall + back to interpreted execution in such a case. + (merge 50b6ad55b0 cb/grep-fallback-failing-jit later to maint). + + * "git name-rev" heuristics update. + (merge b2182a8730 en/name-rev-make-taggerdate-much-less-important later to maint). + + * Remove more remaining uses of macros that relies on the_index + singleton instance without explicitly spelling it out. + + * Remove unnecessary explicit sizing of strbuf. + (merge 93ea118bed rs/cache-tree-strbuf-growth-fix later to maint). + + * Doc update. + (merge d9ec3b0dc0 jk/doc-ls-remote-matching later to maint). + + * Error messages given upon a signature verification failure used to + discard the errors from underlying gpg program, which has been + corrected. + (merge ad6b320756 js/gpg-errors later to maint). + + * Update --date=default documentation. + (merge 9deef088ae rd/doc-default-date-format later to maint). + + * A test helper had a single write(2) of 256kB, which was too big for + some platforms (e.g. NonStop), which has been corrected by using + xwrite() wrapper appropriately. + (merge 58eab6ff13 jc/genzeros-avoid-raw-write later to maint). + + * sscanf(3) used in "git symbolic-ref --short" implementation found + to be not working reliably on macOS in UTF-8 locales. Rewrite the + code to avoid sscanf() altogether to work it around. + (merge 613bef56b8 jk/shorten-unambiguous-ref-wo-sscanf later to maint). + + * Various fix-ups on HTTP tests. + (merge 8f2146dbf1 jk/http-test-fixes later to maint). + + * Fixes to code that parses the todo file used in "rebase -i". + (merge 666b6e1135 pw/rebase-i-parse-fix later to maint). + + * Test library clean-up. + (merge c600a91c94 ar/test-lib-remove-stale-comment later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge 4eb1ccecd4 dh/mingw-ownership-check-typofix later to maint). + (merge f95526419b ar/typofix-gitattributes-doc later to maint). + (merge 27875aeec9 km/doc-branch-start-point later to maint). + (merge 35c194dc57 es/t1509-root-fixes later to maint). + (merge 7b341645e3 pw/ci-print-failure-name-fix later to maint). + (merge bcb71d45bf jx/t1301-updates later to maint). + (merge ebdc46c242 jc/doc-diff-patch.txt later to maint). + (merge a87a20cbb4 ar/test-cleanup later to maint). + (merge f5156f1885 ar/bisect-doc-update later to maint). + (merge fca2d86c97 jk/interop-error later to maint). + (merge cf4936ed74 tl/ls-tree-code-clean-up later to maint). + (merge dcb47e52b0 en/t6426-todo-cleanup later to maint). + (merge 5b8db44bdd jc/format-patch-v-unleak later to maint). + (merge 590b636737 jk/hash-object-literally-fd-leak later to maint). + (merge 5458ba0a4d tb/t0003-invoke-dd-more-portably later to maint). + (merge 70661d288b ar/markup-em-dash later to maint). + (merge e750951e74 en/ls-files-doc-update later to maint). + (merge 4f542975d1 mh/doc-credential-cache-only-in-core later to maint). + (merge 3a2ebaebc7 gc/index-format-doc later to maint). + (merge b08edf709d jk/httpd-test-updates later to maint). + (merge d85e9448dd wl/new-command-doc later to maint). + (merge d912a603ed kf/t5000-modernise later to maint). + (merge e65b868d07 rs/size-t-fixes later to maint). + (merge 3eb1e1ca9a ab/config-h-remove-unused later to maint). + (merge d390e08076 cw/doc-pushurl-vs-url later to maint). + (merge 567342fc77 rs/ctype-test later to maint). + (merge d35d8f2e7a ap/t2015-style-update later to maint). diff --git a/Documentation/RelNotes/2.40.1.txt b/Documentation/RelNotes/2.40.1.txt new file mode 100644 index 0000000..e72f6b1 --- /dev/null +++ b/Documentation/RelNotes/2.40.1.txt @@ -0,0 +1,8 @@ +Git v2.40.1 Release Notes +========================= + +This release merges up the fix that appears in v2.30.9, v2.31.8, +v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5 +and v2.39.3 to address the security issues CVE-2023-25652, +CVE-2023-25815, and CVE-2023-29007; see the release notes for these +versions for details. diff --git a/Documentation/RelNotes/2.41.0.txt b/Documentation/RelNotes/2.41.0.txt new file mode 100644 index 0000000..8a9e170 --- /dev/null +++ b/Documentation/RelNotes/2.41.0.txt @@ -0,0 +1,399 @@ +Git v2.41 Release Notes +======================= + +UI, Workflows & Features + + * Allow information carried on the WWW-Authenticate header to be + passed to the credential helpers. + + * A new "fetch.hideRefs" option can be used to exclude specified refs + from "rev-list --objects --stdin --not --all" traversal for + checking object connectivity, most useful when there are many + unrelated histories in a single repository. + + * "git push" has been taught to allow deletion of refs with one-level + names to help repairing a repository who acquired such a ref by + mistake. In general, we don't encourage use of such a ref, and + creation or update to such a ref is rejected as before. + + * Allow "git bisect reset" to check out the original branch when the + branch is already checked out in a different worktree linked to the + same repository. + + * A few subcommands have been taught to stop users from working on a + branch that is being used in another worktree linked to the same + repository. + + * "git format-patch" learned to write a log-message only output file + for empty commits. + + * "git format-patch" honors the src/dst prefixes set to nonstandard + values with configuration variables like "diff.noprefix", causing + receiving end of the patch that expects the standard -p1 format to + break. "format-patch" has been taught to ignore end-user configuration + and always use the standard prefixes. + + This is a backward compatibility breaking change. + + * Lift the limitation that colored prompts can only be used with + PROMPT_COMMAND mode. + + * "git blame --contents=<file> <rev> -- <path>" used to be forbidden, + but now it finds the origins of lines starting at <file> contents + through the history that leads to <rev>. + + * "git pack-redundant" gave a warning when run, as the command has + outlived its usefulness long ago and is nominated for future + removal. Now we escalate to give an error. + + * "git clone" from an empty repository learned to propagate the + choice of the hash algorithm from the source repository to the + newly created repository over any one of the v0/v1/v2 protocol. + + * "git mergetool" and "git difftool" learns a new configuration + guiDefault to optionally favor configured guitool over non-gui-tool + automatically when $DISPLAY is set. + + * "git branch -d origin/master" would say "no such branch", but it is + likely a missed "-r" if refs/remotes/origin/master exists. The + command has been taught to give such a hint in its error message. + + * Clean-up of the code path that deals with merge strategy option + handling in "git rebase". + + * "git clone --local" stops copying from an original repository that + has symbolic links inside its $GIT_DIR; an error message when that + happens has been updated. + + * The "--format=..." option of "git for-each-ref", "git branch", and + "git tag" commands learn "--omit-empty" to hide refs whose + formatting results in an empty string from the output. + + * The sendemail-validate validate hook learned to pass the total + number of input files and where in the sequence each invocation is + via environment variables. + + * When "gc" needs to retain unreachable objects, packing them into + cruft packs (instead of exploding them into loose object files) has + been offered as a more efficient option for some time. Now the use + of cruft packs has been made the default and no longer considered + an experimental feature. + + * The output given by "git blame" that attributes a line to contents + taken from the file specified by the "--contents" option shows it + differently from a line attributed to the working tree file. + + * "git send-email" learned to give the e-mail headers to the validate + hook by passing an extra argument from the command line. + + * The credential subsystem learns to help OAuth framework. + + * The titles of manual pages used to be chomped at an unreasonably + short limit, which has been removed. + + * Error messages given when working on an unborn branch that is + checked out in another worktree have been improved. + + * The documentation was misleading about the interaction between + GIT_DEFAULT_HASH and "git clone", which has been clarified to + stress that the variable is to be ignored by the command. + + * "git send-email" learned "--header-cmd=<cmd>" that can inject + arbitrary e-mail header lines to the outgoing messages. + + * "git fsck" learned to detect bit-flip breakages in the reachability + bitmap files. + + * The "--stdin" option of "git name-rev" has been replaced with + the "--annotate-stdin" option more than a year ago. We stop + advertising it in the "git name-rev -h" output. + + * "git push --all" gained an alias "git push --branches". + + * "git fetch" learned the "--porcelain" option that emits what it did + in a machine-parseable format. + + * "git --attr-source=<tree> cmd $args" is a new way to have any + command to read attributes not from the working tree but from the + given tree object. + + +Performance, Internal Implementation, Development Support etc. + + * Code clean-up to clarify directory traversal API. + + * Code clean-up to clarify the rule that "git-compat-util.h" must be + the first to be included. + + * More work towards -Wunused. + + * Instead of forcing each command to choose to honor GPG related + configuration variables, make the subsystem lazily initialize + itself. + + * Remove workaround for ancient versions of DocBook to make it work + correctly with groff, which has not been necessary since docbook + 1.76 from 2010. + + * Code clean-up to include and/or uninclude parse-options.h file as + needed. + + * The code path that reports what "git fetch" did to each ref has + been cleaned up. + + * Assorted config API updates. + + * A few configuration variables to tell the cURL library that + different types of ssl-cert and ssl-key are in use have been added. + + * Split key function and data structure definitions out of cache.h to + new header files and adjust the users. + + * "git fetch --all" does not have to download and handle the same + bundleURI over and over, which has been corrected. + + * "git sparse-checkout" command learns a debugging aid for the sparse + rule definitions. + + * "git write-tree" learns to work better with sparse-index. + + * The on-disk reverse index that allows mapping from the pack offset + to the object name for the object stored at the offset has been + enabled by default. + + * "git fsck" learned to validate the on-disk pack reverse index files. + + * strtok() and strtok_r() are banned in this codebase. + + * The detect-compilers script to help auto-tweaking the build system + had trouble working with compilers whose version number has extra + suffixes. The script has been taught that certain suffixes (like + "-win32" in "gcc 10-win32") can be safely stripped as they share + the same features and bugs with the version without the suffix. + + * ctype tests have been taught to test EOF, too. + + * The implementation of credential helpers used fgets() over fixed + size buffers to read protocol messages, causing the remainder of + the folded long line to trigger unexpected behaviour, which has + been corrected. + + * The implementation of the default "negotiator", used to find common + ancestor over the network for object tranfer, used to be recursive; + it was updated to be iterative to conserve stackspace usage. + + * Our custom callout formatter is no longer used in the documentation + formatting toolchain, as the upstream default ones give better + output these days. + + * The tracing mechanism learned to notice and report when + auto-discovered bare repositories are being used, as allowing so + without explicitly stating the user intends to do so (with setting + GIT_DIR for example) can be used with social engineering as an + attack vector. + + * "git diff-files" learned not to expand sparse-index unless needed. + + +Fixes since v2.40 +----------------- + + * "git fsck" learned to check the index files in other worktrees, + just like "git gc" honors them as anchoring points. + (merge 8d3e7eac52 jk/fsck-indices-in-worktrees later to maint). + + * Fix a segfaulting loop. The function and its caller may need + further clean-up. + (merge c5773dc078 ew/commit-reach-clean-up-flags-fix later to maint). + + * "git restore" supports options like "--ours" that are only + meaningful during a conflicted merge, but these options are only + meaningful when updating the working tree files. These options are + marked to be incompatible when both "--staged" and "--worktree" are + in effect. + (merge ee8a88826a ak/restore-both-incompatible-with-conflicts later to maint). + + * Simplify UI to control progress meter given by "git bundle" command. + (merge 8b95521edb jk/bundle-progress later to maint). + + * "git bundle" learned that "-" is a common way to say that the input + comes from the standard input and/or the output goes to the + standard output. It used to work only for output and only from the + root level of the working tree. + (merge 0bbe10313e jk/bundle-use-dash-for-stdfiles later to maint). + + * Once we start running, we assumed that the list of alternate object + databases would never change. Hook into the machinery used to + update the list of packfiles during runtime to update this list as + well. + (merge e2d003dbed ds/reprepare-alternates-when-repreparing-packfiles later to maint). + + * The code to parse "git rebase -X<opt>" was not prepared to see an + unparsable option string, which has been corrected. + (merge 15a4cc912e ab/fix-strategy-opts-parsing later to maint). + + * "git add -p" while the index is unmerged sometimes failed to parse + the diff output it internally produces and died, which has been + corrected. + (merge 28d1122f9c jk/add-p-unmerged-fix later to maint). + + * Fix for a "ls-files --format="%(path)" that produced nonsense + output, which was a bug in 2.38. + (merge cfb62dd006 aj/ls-files-format-fix later to maint). + + * "git receive-pack" that responds to "git push" requests failed to + clean a stale lockfile when killed in the middle, which has been + corrected. + (merge c55c30669c ps/receive-pack-unlock-before-die later to maint). + + * "git rev-parse --quiet foo@{u}", or anything that asks @{u} to be + parsed with GET_OID_QUIETLY option, did not quietly fail, which has + been corrected. + (merge dfbfdc521d fc/oid-quietly-parse-upstream later to maint). + + * Transports that do not support protocol v2 did not correctly fall + back to protocol v0 under certain conditions, which has been + corrected. + (merge eaa0fd6584 jk/fix-proto-downgrade-to-v0 later to maint). + + * time(2) on glib 2.31+, especially on Linux, goes out of sync with + higher resolution timers used for gettimeofday(2) and by the + filesystem. Replace all calls to it with a git_time() wrapper and + (merge 370ddcbc89 pe/time-use-gettimeofday later to maint). + + * Code clean-up to use designated initializers in parse-options API. + (merge 353e6d4554 sg/parse-options-h-initializers later to maint). + + * A recent-ish change to allow unicode character classes to be used + with "grep -P" triggered a JIT bug in older pcre2 libraries. + The problematic change in Git built with these older libraries has + been disabled to work around the bug. + (merge 14b9a04479 mk/workaround-pcre-jit-ucp-bug later to maint). + + * The wildmatch library code unlearns exponential behaviour it + acquired some time ago since it was borrowed from rsync. + (merge 3dc0b7f0dc pw/wildmatch-fixes later to maint). + + * The index files can become corrupt under certain conditions when + the split-index feature is in use, especially together with + fsmonitor, which have been corrected. + (merge 061dd722dc js/split-index-fixes later to maint). + + * Document what the pathname-looking strings in "rev-list --object" + output are for and what they mean. + (merge 15364d2a3c jk/document-rev-list-object-name later to maint). + + * Fix unnecessary truncation of generation numbers used in-core. + (merge d3af1c193d ps/ahead-behind-truncation-fix later to maint). + + * Code clean-up around the use of the_repository. + (merge 4a93b899c1 ab/remove-implicit-use-of-the-repository later to maint). + + * Consistently spell "Message-ID" as such, not "Message-Id". + (merge ba4324c4e1 jc/spell-id-in-both-caps-in-message-id later to maint). + + * Correct use of an uninitialized structure member. + (merge dc12ee77ab jx/cap-object-info-uninitialized-fix later to maint). + + * Tests had a few places where we ignored PERL_PATH and blindly used + /usr/bin/perl, which have been corrected. + (merge c1917156a0 jk/use-perl-path-consistently later to maint). + + * Documentation mark-up fix. + (merge 78b6369e67 la/mfc-markup-fix later to maint). + + * Doc toolchain update to remove old workaround for AsciiDoc. + (merge 8806120de6 fc/remove-header-workarounds-for-asciidoc later to maint). + + * The userdiff regexp patterns for various filetypes that are built + into the system have been updated to avoid triggering regexp errors + from UTF-8 aware regex engines. + (merge be39144954 rs/userdiff-multibyte-regex later to maint). + + * The approxidate() API has been simplified by losing an extra + function that did the same thing as another one. + (merge 8a7f0b666f rs/remove-approxidate-relative later to maint). + + * Code clean-up to replace a hardcoded constant with a CPP macro. + (merge c870de6502 rs/get-tar-commit-id-use-defined-const later to maint). + + * Doc build simplification. + (merge 9a09ed3229 fc/doc-stop-using-manversion later to maint). + + * "git archive" run from a subdirectory mishandled attributes and + paths outside the current directory. + (merge 92b1dd1b9e rs/archive-from-subdirectory-fixes later to maint). + + * The code to parse capability list for v0 on-wire protocol fell into + an infinite loop when a capability appears multiple times, which + has been corrected. + + * Geometric repacking ("git repack --geometric=<n>") in a repository + that borrows from an alternate object database had various corner + case bugs, which have been corrected. + (merge d85cd18777 ps/fix-geom-repack-with-alternates later to maint). + + * The "%GT" placeholder for the "--format" option of "git log" and + friends caused BUG() to trigger on a commit signed with an unknown + key, which has been corrected. + (merge 7891e46585 jk/gpg-trust-level-fix later to maint). + + * The completion script used to use bare "read" without the "-r" + option to read the contents of various state files, which risked + getting confused with backslashes in them. This has been + corrected. + (merge 197152098a ek/completion-use-read-r-to-read-literally later to maint). + + * A small API fix to the ort merge strategy backend. + (merge 000c4ceca7 en/ort-finalize-after-0-merges-fix later to maint). + + * The commit object parser has been taught to be a bit more lenient + to parse timestamps on the author/committer line with a malformed + author/committer ident. + (merge 90ef0f14eb jk/parse-commit-with-malformed-ident later to maint). + + * Retitle a test script with an overly narrow name. + (merge 8bb19c14fb ob/t3501-retitle later to maint). + + * Doc update to clarify how text and eol attributes interact to + specify the end-of-line conversion. + (merge 6696077ace ah/doc-attributes-text later to maint). + + * Gitk updates from GfW project. + (merge 99e70f3077 js/gitk-fixes-from-gfw later to maint). + + * "git diff --dirstat" leaked memory, which has been plugged. + (merge 83973981eb jc/dirstat-plug-leaks later to maint). + + * "git merge-tree" reads the basic configuration, which can be used + by git forges to disable replace-refs feature. + (merge b6551feadf ds/merge-tree-use-config later to maint). + + * A few bugs in the sequencer machinery that results in miscounting + the steps have been corrected. + (merge 170eea9750 js/rebase-count-fixes later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge f7111175df as/doc-markup-fix later to maint). + (merge 90ff7c9898 fc/test-aggregation-clean-up later to maint). + (merge 9b0c7f308a jc/am-doc-refer-to-format-patch later to maint). + (merge b10cbdac4c bb/unicode-width-table-15 later to maint). + (merge 3457b50e8c ab/retire-scripted-add-p later to maint). + (merge d52fcf493b ds/p2000-fix-grep-sparse later to maint). + (merge ec063d2591 ss/hashmap-typofix later to maint). + (merge 1aaed69d11 rs/archive-mtime later to maint). + (merge 2da2cc9b28 ob/rollback-after-commit-lock-failure later to maint). + (merge 54dbd0933b ob/sequencer-save-head-simplify later to maint). + (merge a93cbe8d78 ar/test-cleanup-unused-file-creation later to maint). + (merge cc48ddd937 jk/chainlint-fixes later to maint). + (merge 4833b08426 ow/ref-format-remove-unused-member later to maint). + (merge d0ea2ca1cf dw/doc-submittingpatches-grammofix later to maint). + (merge fd72637423 ar/t2024-checkout-output-fix later to maint). + (merge d45cbe3fe0 ob/sequencer-i18n-fix later to maint). + (merge b734fe49fd ob/messages-capitalize-exception later to maint). + (merge ad353d7e77 ma/gittutorial-fixes later to maint). + (merge a5855fd8d4 ar/test-cleanup-unused-file-creation-part2 later to maint). + (merge 0c5308af30 sd/doc-gitignore-and-rm-cached later to maint). + (merge cbb83daeaf kh/doc-interpret-trailers-updates later to maint). + (merge 3d77fbb664 ar/config-count-tests-updates later to maint). + (merge b7cf25c8f4 jc/t9800-fix-use-of-show-s-raw later to maint). diff --git a/Documentation/RelNotes/2.42.0.txt b/Documentation/RelNotes/2.42.0.txt new file mode 100644 index 0000000..0f1897a --- /dev/null +++ b/Documentation/RelNotes/2.42.0.txt @@ -0,0 +1,329 @@ +Git v2.42 Release Notes +======================= + +UI, Workflows & Features + + * "git pack-refs" learns "--include" and "--exclude" to tweak the ref + hierarchy to be packed using pattern matching. + + * 'git worktree add' learned how to create a worktree based on an + orphaned branch with `--orphan`. + + * "git pack-objects" learned to invoke a new hook program that + enumerates extra objects to be used as anchoring points to keep + otherwise unreachable objects in cruft packs. + + * Add more "git var" for toolsmiths to learn various locations Git is + configured with either via the configuration or hard-coded defaults. + + * 'git notes append' was taught '--separator' to specify string to insert + between paragraphs. + + * The "git for-each-ref" family of commands learned placeholders + related to GPG signature verification. + + * "git diff --no-index" learned to read from named pipes as if they + were regular files, to allow "git diff <(process) <(substitution)" + some shells support. + + * Help newbies by suggesting that there are cases where force-pushing + is a valid and sensible thing to update a branch at a remote + repository, rather than reconciling with merge/rebase. + + * "git blame --contents=file" has been taught to work in a bare + repository. + + * "git branch -f X" to repoint the branch X said that X was "checked + out" in another worktree, even when branch X was not and instead + being bisected or rebased. The message was reworded to say the + branch was "in use". + + * Tone down the warning on SHA-256 repositories being an experimental + curiosity. We do not have support for them to interoperate with + traditional SHA-1 repositories, but at this point, we do not plan + to make breaking changes to SHA-256 repositories and there is no + longer need for such a strongly phrased warning. + + +Performance, Internal Implementation, Development Support etc. + + * "git diff-tree" has been taught to take advantage of the + sparse-index feature. + + * Clang's sanitizer implementation seems to work better than GCC's. + (merge d88d727143 jk/ci-use-clang-for-sanitizer-jobs later to maint). + + * The object traversal using reachability bitmap done by + "pack-object" has been tweaked to take advantage of the fact that + using "boundary" commits as representative of all the uninteresting + ones can save quite a lot of object enumeration. + + * discover_git_directory() no longer touches the_repository. + + * "git worktree" learned to work better with sparse index feature. + + * When the external merge driver is killed by a signal, its output + should not be trusted as a resolution with conflicts that is + proposed by the driver, but the code did. + + * The set-up code for the get_revision() API now allows feeding + options like --all and --not in the --stdin mode. + + * Move functions that are not about pure string manipulation out of + strbuf.[ch] + + * "imap-send" codepaths got cleaned up to get rid of unused + parameters. + + * Enumerating refs in the packed-refs file, while excluding refs that + match certain patterns, has been optimized. + + * Mark-up unused parameters in the code so that we can eventually + enable -Wunused-parameter by default. + + * Instead of inventing a custom counter variables for debugging, + use existing trace2 facility in the fsync customization codepath. + + * "git branch --list --format=<format>" and friends are taught + a new "%(describe)" placeholder. + + * Clarify how to choose the starting point for a new topic in + developer guidance document. + + * The implementation of "get_sha1_hex()" that reads a hexadecimal + string that spells a full object name has been extended to cope + with any hash function used in the repository, but the "sha1" in + its name survived. Rename it to get_hash_hex(), a name that is + more consistent within its friends like get_hash_hex_algop(). + + * Command line parser fix, and a small parse-options API update. + + +Fixes since v2.41 +----------------- + + * "git tag" learned to leave the "$GIT_DIR/TAG_EDITMSG" file when the + command failed, so that the user can salvage what they typed. + (merge 08c12ec1d0 kh/keep-tag-editmsg-upon-failure later to maint). + + * The "-s" (silent, squelch) option of the "diff" family of commands + did not interact with other options that specify the output format + well. This has been cleaned up so that it will clear all the + formatting options given before. + (merge 9d484b92ed jc/diff-s-with-other-options later to maint). + + * Update documentation regarding Coccinelle patches. + (merge 3bd0097cfc gc/doc-cocci-updates later to maint). + + * Some atoms that can be used in "--format=<format>" for "git ls-tree" + were not supported by "git ls-files", even though they were relevant + in the context of the latter. + (merge 4d28c4f75f zh/ls-files-format-atoms later to maint). + + * Document more pseudo-refs and teach the command line completion + machinery to complete AUTO_MERGE. + (merge 982ff3a649 pb/complete-and-document-auto-merge-and-friends later to maint). + + * "git submodule" code trusted the data coming from the config (and + the in-tree .gitmodules file) too much without validating, leading + to NULL dereference if the user mucks with a repository (e.g. + submodule.<name>.url is removed). This has been corrected. + (merge fbc806acd1 tb/submodule-null-deref-fix later to maint). + + * The value of config.worktree is per-repository, but has been kept + in a singleton global variable per process. This has been OK as + most Git operations interacted with a single repository at a time, + but not right for operations like recursive "grep" that want to + access multiple repositories from a single process without forking. + + The global variable has been eliminated and made into a member in + the per-repository data structure. + (merge 3867f6d650 vd/worktree-config-is-per-repository later to maint). + + * "git [-c log.follow=true] log [--follow] ':(glob)f**'" used to barf. + (merge 8260bc5902 jk/log-follow-with-non-literal-pathspec later to maint). + + * Introduce a mechanism to disable replace refs globally and per + repository. + (merge 9c7d1b057f ds/disable-replace-refs later to maint). + + * "git cat-file --batch" and friends learned "-Z" that uses NUL + delimiter for both input and output. + (merge f79e18849b ps/cat-file-null-output later to maint). + + * The reimplemented "git add -i" did not honor color.ui configuration. + (merge 6f74648cea ds/add-i-color-configuration-fix later to maint). + + * Compilation fix for platforms without D_TYPE in struct dirent. + (merge 03bf92b9bf as/dtype-compilation-fix later to maint). + + * Suggest to refrain from using hex literals that are non-portable + when writing printf(1) format strings. + (merge f0b68f0546 jt/doc-use-octal-with-printf later to maint). + + * Simplify error message when run-command fails to start a command. + (merge 6d224ac286 rs/run-command-exec-error-on-noent later to maint). + + * Gracefully deal with a stale MIDX file that lists a packfile that + no longer exists. + (merge 06f3867865 tb/open-midx-bitmap-fallback later to maint). + + * Even when diff.ignoreSubmodules tells us to ignore submodule + changes, "git commit" with an index that already records changes to + submodules should include the submodule changes in the resulting + commit, but it did not. + (merge 5768478edc js/defeat-ignore-submodules-config-with-explicit-addition later to maint). + + * When "git commit --trailer=..." invokes the interpret-trailers + machinery, it knows what it feeds to interpret-trailers is a full + log message without any patch, but failed to express that by + passing the "--no-divider" option, which has been corrected. + (merge be3d654343 jk/commit-use-no-divider-with-interpret-trailers later to maint). + + * Avoid breakage of "git pack-objects --cruft" due to inconsistency + between the way the code enumerates packfiles in the repository. + (merge 73320e49ad tb/collect-pack-filenames-fix later to maint). + + * We create .pack and then .idx, we consider only packfiles that have + .idx usable (those with only .pack are not ready yet), so we should + remove .idx before removing .pack for consistency. + (merge 0dd1324a73 ds/remove-idx-before-pack later to maint). + + * Partially revert a sanity check that the rest of the config code + was not ready, to avoid triggering it in a corner case. + (merge a53f43f900 gc/config-partial-submodule-kvi-fix later to maint). + + * "git apply" punts when it is fed too large a patch input; the error + message it gives when it happens has been clarified. + (merge 42612e18d2 pw/apply-too-large later to maint). + + * During a cherry-pick or revert session that works on multiple + commits, "git status" did not give correct information, which has + been corrected. + (merge a096a889f4 jk/cherry-pick-revert-status later to maint). + + * A few places failed to differentiate the case where the index is + truly empty (nothing added) and we haven't yet read from the + on-disk index file, which have been corrected. + (merge 2ee045eea1 js/empty-index-fixes later to maint). + + * "git bugreport" tests did not test what it wanted to test, which + has been corrected. + (merge 1aa92b8500 ma/t0091-fixup later to maint). + + * Code snippets in a tutorial document no longer compiled after + recent header shuffling, which have been corrected. + (merge bbd7c7b7c0 vd/adjust-mfow-doc-to-updated-headers later to maint). + + * "git ls-files '(attr:X)D/'" that triggers the common prefix + optimization codepath failed to read from "D/.gitattributes", + which has been corrected. + (merge f4a8fde057 jc/pathspec-match-with-common-prefix later to maint). + + * "git fsck --no-progress" still spewed noise from the commit-graph + subsystem, which has been corrected. + (merge 9281cd07f0 tb/fsck-no-progress later to maint). + + * Various offset computation in the code that accesses the packfiles + and other data in the object layer has been hardened against + arithmetic overflow, especially on 32-bit systems. + (merge 9a25cad7e0 tb/object-access-overflow-protection later to maint). + + * Names of MinGW header files are spelled in mixed case in some + source files, but the build host can be using case sensitive + filesystem with header files with their name spelled in all + lowercase. + (merge 4a53d0d0bc mh/mingw-case-sensitive-build later to maint). + + * Update message mark-up for i18n in "git bundle". + (merge bbb6acd998 dk/bundle-i18n-more later to maint). + + * "git tag --list --points-at X" showed tags that directly refers to + object X, but did not list a tag that points at such a tag, which + has been corrected. + + * "./configure --with-expat=no" did not work as a way to refuse use + of the expat library on a system with the library installed, which + has been corrected. + (merge fb8f7269c2 ah/autoconf-fixes later to maint). + + * When the user edits "rebase -i" todo file so that it starts with a + "fixup", which would make it invalid, the command truncated the + rest of the file before giving an error and returning the control + back to the user. Stop truncating to make it easier to correct + such a malformed todo file. + (merge 9645a087c2 ah/sequencer-rewrite-todo-fix later to maint). + + * Rewrite the description of giving a custom command to the + submodule.<name>.update configuration variable. + (merge 7cebc5bd78 pv/doc-submodule-update-settings later to maint). + + * Adjust to OpenSSL 3+, which deprecates its SHA-1 functions based on + its traditional API, by using its EVP API instead. + (merge bda9c12073 ew/hash-with-openssl-evp later to maint). + + * Exclude "." from the set of characters to be removed from the + beginning and the end of the human-readable name. + (merge 1c04cb0744 bc/ident-dot-is-no-longer-crud-letter later to maint). + + * "git bisect visualize" stopped running "gitk" on Git for Windows + when the command was reimplemented in C around Git 2.34 timeframe. + This has been corrected. + (merge fff1594fa7 ma/locate-in-path-for-windows later to maint). + + * "git rebase -i" with a series of squash/fixup, when one of the + steps stopped in conflicts and ended up getting skipped, did not + handle the accumulated commit log messages, which has been + corrected. + (merge 6ce7afe163 pw/rebase-skip-commit-message-fix later to maint). + + * Adjust to newer Term::ReadLine to prevent it from breaking + the interactive prompt code in send-email. + (merge c016726c2d jk/send-email-with-new-readline later to maint). + + * Windows updates. + (merge 0050f8e401 ds/maintenance-on-windows-fix later to maint). + + * Correct use of lstat() that assumed a failing call would not + clobber the statbuf. + (merge 72695d8214 st/mv-lstat-fix later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge 51f9d2e563 sa/doc-ls-remote later to maint). + (merge c6d26a9dda jk/format-patch-message-id-unleak later to maint). + (merge f7e063f326 ps/fetch-cleanups later to maint). + (merge e4cf013468 tl/quote-problematic-arg-for-clarity later to maint). + (merge 20025fdfc7 tz/test-ssh-verifytime-fix later to maint). + (merge e48a21df65 tz/test-fix-pthreads-prereq later to maint). + (merge 68b51172e3 mh/commit-reach-get-reachable-plug-leak later to maint). + (merge aeee1408ce kh/use-default-notes-doc later to maint). + (merge 3b8724bce6 jc/test-modernization later to maint). + (merge 447a3b7331 jc/test-modernization-2 later to maint). + (merge d57fa7fc73 la/doc-interpret-trailers later to maint). + (merge 548afb0d9a la/docs-typofixes later to maint). + (merge 3744ffcbcd rs/doc-ls-tree-hex-literal later to maint). + (merge 6c26da8404 mh/credential-erase-improvements later to maint). + (merge 78e56cff69 tz/lib-gpg-prereq-fix later to maint). + (merge 80d32e84b5 rj/leakfixes later to maint). + (merge 0a868031ed pb/complete-diff-options later to maint). + (merge d4f28279ad jc/doc-hash-object-types later to maint). + (merge 1876a5ae15 ks/t4205-test-describe-with-abbrev-fix later to maint). + (merge 6e6a529b57 jk/fsck-indices-in-worktrees later to maint). + (merge 3e81b896f7 rs/packet-length-simplify later to maint). + (merge 4c9cb51fe7 mh/doc-credential-helpers later to maint). + (merge 3437f549dd jr/gitignore-doc-example-markup later to maint). + (merge 947ebd62a0 jc/am-parseopt-fix later to maint). + (merge e12cb98e1e jc/branch-parseopt-fix later to maint). + (merge d6f598e443 jc/gitignore-doc-pattern-markup later to maint). + (merge a2dad4868b jc/transport-parseopt-fix later to maint). + (merge 68cbb20e73 jc/parse-options-show-branch later to maint). + (merge 3821eb6c3d jc/parse-options-reset later to maint). + (merge c48af99a3e bb/trace2-comment-fix later to maint). + (merge c95ae3ff9c rs/describe-parseopt-fix later to maint). + (merge 36f76d2a25 rs/pack-objects-parseopt-fix later to maint). + (merge 30c8c55cbf jc/tree-walk-drop-base-offset later to maint). + (merge d089a06421 rs/bundle-parseopt-cleanup later to maint). + (merge 823839bda1 ew/sha256-gcrypt-leak-fixes later to maint). + (merge a5c01603b3 bc/ignore-clangd-cache later to maint). + (merge 12009a182b js/allow-t4000-to-be-indented-with-spaces later to maint). + (merge b3dcd24b8a jc/send-email-pre-process-fix later to maint). diff --git a/Documentation/RelNotes/2.42.1.txt b/Documentation/RelNotes/2.42.1.txt new file mode 100644 index 0000000..3d391b7 --- /dev/null +++ b/Documentation/RelNotes/2.42.1.txt @@ -0,0 +1,88 @@ +Git 2.42.1 Release Notes +======================== + +There is nothing exciting to see here. Relative to Git 2.42, this +release contains the fixes that have already been merged to the +'master' branch of the development towards Git 2.43 that has been +tagged as Git 2.43.0-rc0. + +Fixes since Git 2.42.0 +---------------------- + + * Tests that are known to pass with LSan are now marked as such. + + * Flaky "git p4" tests, as well as "git svn" tests, are now skipped + in the (rather expensive) sanitizer CI job. + + * Tests with LSan from time to time seem to emit harmless message + that makes our tests unnecessarily flaky; we work it around by + filtering the uninteresting output. + + * GitHub CI workflow has learned to trigger Coverity check. + + * Overly long label names used in the sequencer machinery are now + chopped to fit under filesystem limitation. + + * Scalar updates. + + * Tweak GitHub Actions CI so that pushing the same commit to multiple + branch tips at the same time will not waste building and testing + the same thing twice. + + * The commit-graph verification code that detects mixture of zero and + non-zero generation numbers has been updated. + + * "git diff -w --exit-code" with various options did not work + correctly, which is being addressed. + + * transfer.unpackLimit ought to be used as a fallback, but overrode + fetch.unpackLimit and receive.unpackLimit instead. + + * The use of API between two calls to require_clean_work_tree() from + the sequencer code has been cleaned up for consistency. + + * "git diff --no-such-option" and other corner cases around the exit + status of the "diff" command has been corrected. + + * "git for-each-ref --sort='contents:size'" sorts the refs according + to size numerically, giving a ref that points at a blob twelve-byte + (12) long before showing a blob hundred-byte (100) long. + + * Various fixes to the behavior of "rebase -i" when the command got + interrupted by conflicting changes. + + * References from description of the `--patch` option in various + manual pages have been simplified and improved. + + * "git grep -e A --no-or -e B" is accepted, even though the negation + of "or" did not mean anything, which has been tightened. + + * The completion script (in contrib/) has been taught to treat the + "-t" option to "git checkout" and "git switch" just like the + "--track" option, to complete remote-tracking branches. + + * "git diff --no-index -R <(one) <(two)" did not work correctly, + which has been corrected. + + * Update "git maintenance" timers' implementation based on systemd + timers to work with WSL. + + * "git diff --cached" codepath did not fill the necessary stat + information for a file when fsmonitor knows it is clean and ended + up behaving as if it is not clean, which has been corrected. + + * Clarify how "alias.foo = : git cmd ; aliased-command-string" should + be spelled with necessary whitespaces around punctuation marks to + work. + + * HTTP Header redaction code has been adjusted for a newer version of + cURL library that shows its traces differently from earlier + versions. + + * An error message given by "git send-email" when given a malformed + address did not give correct information, which has been corrected. + + * UBSan options were not propagated through the test framework to git + run via the httpd, unlike ASan options, which has been corrected. + +Also contains various documentation updates, code clean-ups and minor fixups. diff --git a/Documentation/RelNotes/2.43.0.txt b/Documentation/RelNotes/2.43.0.txt new file mode 100644 index 0000000..e0e5b53 --- /dev/null +++ b/Documentation/RelNotes/2.43.0.txt @@ -0,0 +1,323 @@ +Git v2.43 Release Notes +======================= + +Backward Compatibility Notes + + * The "--rfc" option of "git format-patch" used to be a valid way to + override an earlier "--subject-prefix=<something>" on the command + line and replace it with "[RFC PATCH]", but from this release, it + merely prefixes the string "RFC " in front of the given subject + prefix. If you are negatively affected by this change, please use + "--subject-prefix=PATCH --rfc" as a replacement. + + * In Git 2.42, "git rev-list --stdin" learned to take non-revisions + (like "--not") from the standard input, but the way such a "--not" was + handled was quite confusing, which has been rethought. The updated + rule is that "--not" given from the command line only affects revs + given from the command line that comes but not revs read from the + standard input, and "--not" read from the standard input affects + revs given from the standard input and not revs given from the + command line. + +UI, Workflows & Features + + * A message written in olden time prevented a branch from getting + checked out, saying it is already checked out elsewhere. But these + days, we treat a branch that is being bisected or rebased just like + a branch that is checked out and protect it from getting modified + with the same codepath. The message has been rephrased to say that + the branch is "in use" to avoid confusion. + + * Hourly and other schedules of "git maintenance" jobs are randomly + distributed now. + + * "git cmd -h" learned to signal which options can be negated by + listing such options like "--[no-]opt". + + * The way authentication related data other than passwords (e.g., + oauth token and password expiration data) are stored in libsecret + keyrings has been rethought. + + * Update the libsecret and wincred credential helpers to correctly + match which credential to erase; they erased the wrong entry in + some cases. + + * Git GUI updates. + + * "git format-patch" learned a new "--description-file" option that + lets cover letter description to be fed; this can be used on + detached HEAD where there is no branch description available, and + also can override the branch description if there is one. + + * Use of the "--max-pack-size" option to allow multiple packfiles to + be created is now supported even when we are sending unreachable + objects to cruft packs. + + * "git format-patch --rfc --subject-prefix=<foo>" used to ignore the + "--subject-prefix" option and used "[RFC PATCH]"; now we will add + "RFC" prefix to whatever subject prefix is specified. + + * "git log --format" has been taught the %(decorate) placeholder for + further customization over what the "--decorate" option offers. + + * The default log message created by "git revert", when reverting a + commit that records a revert, has been tweaked, to encourage people + to describe complex "revert of revert of revert" situations better in + their own words. + + * The command-line completion support (in contrib/) learned to + complete "git commit --trailer=" for possible trailer keys. + + * "git update-index" learned the "--show-index-version" option to + inspect the index format version used by the on-disk index file. + + * "git diff" learned the "diff.statNameWidth" configuration variable, + to give the default width for the name part in the "--stat" output. + + * "git range-diff --notes=foo" compared "log --notes=foo --notes" of + the two ranges, instead of using just the specified notes tree, + which has been corrected to use only the specified notes tree. + + * The command line completion script (in contrib/) can be told to + complete aliases by including ": git <cmd> ;" in the alias to tell + it that the alias should be completed in a similar way to how "git + <cmd>" is completed. The parsing code for the alias has been + loosened to allow ';' without an extra space before it. + + * "git for-each-ref" and friends learned to apply mailmap to + authorname and other fields in a more flexible way than using + separate placeholder letters like %a[eElL] every time we want to + come up with small variants. + + * "git repack" machinery learned to pay attention to the "--filter=" + option. + + * "git repack" learned the "--max-cruft-size" option to prevent cruft + packs from growing without bounds. + + * "git merge-tree" learned to take strategy backend specific options + via the "-X" option, like "git merge" does. + + * "git log" and friends learned the "--dd" option that is a + short-hand for "--diff-merges=first-parent -p". + + * The attribute subsystem learned to honor the "attr.tree" + configuration variable that specifies which tree to read the + .gitattributes files from. + + * "git merge-file" learns a mode to read three variants of the + contents to be merged from blob objects. + + +Performance, Internal Implementation, Development Support etc. + + * "git check-attr" has been taught to work better with sparse-index. + + * It may be tempting to leave the help text NULL for a command line + option that is either hidden or too obvious, but "git subcmd -h" + and "git subcmd --help-all" would have segfaulted if done so. Now + the help text is truly optional. + + * Tests that are known to pass with LSan are now marked as such. + + * Flaky "git p4" tests, as well as "git svn" tests, are now skipped + in the (rather expensive) sanitizer CI job. + + * Tests with LSan from time to time seem to emit harmless messages + that make our tests unnecessarily flaky; we work around it by + filtering the uninteresting output. + + * Unused parameters to functions are marked as such, and/or removed, + in order to bring us closer to "-Wunused-parameter" clean. + + * The code to keep track of existing packs in the repository while + repacking has been refactored. + + * The "streaming" interface used for bulk-checkin codepath has been + narrowed to take only blob objects for now, with no real loss of + functionality. + + * GitHub CI workflow has learned to trigger Coverity check. + + * Test coverage for trailers has been improved. + + * The code to iterate over loose references has been optimized to + reduce the number of lstat() system calls. + + * The codepaths that read "chunk" formatted files have been corrected + to pay attention to the chunk size and notice broken files. + + * Replace macos-12 used at GitHub CI with macos-13. + (merge 682a868f67 js/ci-use-macos-13 later to maint). + + +Fixes since v2.42 +----------------- + + * Overly long label names used in the sequencer machinery are now + chopped to fit under filesystem limitation. + + * Scalar updates. + + * Tweak GitHub Actions CI so that pushing the same commit to multiple + branch tips at the same time will not waste building and testing + the same thing twice. + + * The commit-graph verification code that detects a mixture of zero and + non-zero generation numbers has been updated. + + * "git diff -w --exit-code" with various options did not work + correctly, which has been corrected. + + * The "transfer.unpackLimit" configuration variable ought to be used + as a fallback, but overrode the more specific "fetch.unpackLimit" + and "receive.unpackLimit" configuration variables by mistake, which + has been corrected. + + * The use of API between two calls to require_clean_work_tree() from + the sequencer code has been cleaned up for consistency. + + * "git diff --no-such-option" and other corner cases around the exit + status of the "diff" command have been corrected. + + * "git for-each-ref --sort='contents:size'" sorted the refs according + to size numerically, giving a ref that points at a blob twelve-byte + (12) long before showing a blob hundred-byte (100) long, which has + been corrected. + + * We now limit the depth of the tree objects and maximum length of + pathnames recorded in tree objects. + (merge 4d5693ba05 jk/tree-name-and-depth-limit later to maint). + + * Various fixes to the behavior of "rebase -i", when the command got + interrupted by conflicting changes, have been made. + + * References from a description of the `--patch` option in various + manual pages have been simplified and improved. + + * "git grep -e A --no-or -e B" is accepted, even though the negation + of the "--or" option did not mean anything, which has been tightened. + + * The completion script (in contrib/) has been taught to treat the + "-t" option to "git checkout" and "git switch" just like the + "--track" option, to complete remote-tracking branches. + + * "git diff --no-index -R <(one) <(two)" did not work correctly, + which has been corrected. + + * "git maintenance" timers' implementation has been updated, based on + systemd timers, to work with WSL. + + * "git diff --cached" codepath did not fill the necessary stat + information for a file when fsmonitor knows it is clean and ended + up behaving as if it were not clean, which has been corrected. + + * How "alias.foo = : git cmd ; aliased-command-string" should be + spelled with necessary whitespace around punctuation marks to work + has been more clearly documented (but this will be moot with newer + versions of Git where the parsing rules have been improved). + + * HTTP Header redaction code has been adjusted for a newer version of + cURL library that shows its traces differently from earlier + versions. + + * An error message given by "git send-email", when given a malformed + address, did not show the offending address, which has been corrected. + + * UBSan options were not propagated through the test framework to git + run via the httpd, unlike ASan options, which has been corrected. + + * "checkout --merge -- path" and "update-index --unresolve path" did + not resurrect conflicted state that was resolved to remove path, + but now they do. + (merge 5bdedac3c7 jc/unresolve-removal later to maint). + + * The display width table for unicode characters has been updated for + Unicode 15.1 + (merge 872976c37e bb/unicode-width-table-15 later to maint). + + * Update mailmap entry for Derrick. + (merge 6e5457d8c7 ds/mailmap-entry-update later to maint). + + * In the ".gitmodules" files, submodules are keyed by their names, + and the path to the submodule whose name is $name is specified by + the submodule.$name.path variable. There were a few codepaths that + mixed the name and path up when consulting the submodule database, + which have been corrected. It took long for these bugs to be found + as the name of a submodule initially is the same as its path, and + the problem does not surface until it is moved to a different path, + which apparently happens very rarely. + + * "git diff --merge-base X other args..." insisted that X must be a + commit and errored out when given an annotated tag that peels to a + commit, but we only need it to be a committish. This has been + corrected. + (merge 4adceb5a29 ar/diff-index-merge-base-fix later to maint). + + * "git merge-tree" used to segfault when the "--attr-source" + option is used, which has been corrected. + (merge e95bafc52f jc/merge-ort-attr-index-fix later to maint). + + * Unlike "git log --pretty=%D", "git log --pretty="%(decorate)" did + not auto-initialize the decoration subsystem, which has been + corrected. + + * Feeding "git stash store" with a random commit that was not created + by "git stash create" now errors out. + (merge d9b6634589 jc/fail-stash-to-store-non-stash later to maint). + + * The index file has room only for the lower 32-bit of the file size in + the cached stat information, which means cached stat information + will have 0 in its sd_size member for a file whose size is a multiple + of 4GiB. This is mistaken for a racily clean path. Avoid it by + storing a bogus sd_size value instead for such files. + (merge 5143ac07b1 bc/racy-4gb-files later to maint). + + * "git p4" tried to store symlinks to LFS when told, but has been + fixed not to do so, because it does not make sense. + (merge 10c89a02b0 mm/p4-symlink-with-lfs later to maint). + + * The codepath to handle recipient addresses `git send-email + --compose` learns from the user was completely broken, which has + been corrected. + (merge 3ec6167567 jk/send-email-fix-addresses-from-composed-messages later to maint). + + * "cd sub && git grep -f patterns" tried to read "patterns" file at + the top level of the working tree; it has been corrected to read + "sub/patterns" instead. + + * "git reflog expire --single-worktree" has been broken for the past + 20 months or so, which has been corrected. + + * "git send-email" did not have certain pieces of data computed yet + when it tried to validate the outgoing messages and its recipient + addresses, which has been sorted out. + + * "git bugreport" learned to complain when it received a command line + argument that it will not use. + + * The codepath to traverse the commit-graph learned to notice that a + commit is missing (e.g., corrupt repository lost an object), even + though it knows something about the commit (like its parents) from + what is in commit-graph. + (merge 7a5d604443 ps/do-not-trust-commit-graph-blindly-for-existence later to maint). + + * "git rev-list --missing" did not work for missing commit objects, + which has been corrected. + + * "git rev-list --unpacked --objects" failed to exclude packed + non-commit objects, which has been corrected. + (merge 7b3c8e9f38 tb/rev-list-unpacked-fix later to maint). + + * "To dereference" and "to peel" were sometimes used in in-code + comments and documentation but without description in the glossary. + (merge 893dce2ffb vd/glossary-dereference-peel later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge c2c349a15c xz/commit-title-soft-limit-doc later to maint). + (merge 1bd809938a tb/format-pack-doc-update later to maint). + (merge 8f81532599 an/clang-format-typofix later to maint). + (merge 3ca86adc2d la/strvec-header-fix later to maint). + (merge 6789275d37 jc/test-i18ngrep later to maint). + (merge 9972cd6004 ps/leakfixes later to maint). + (merge 46edab516b tz/send-email-helpfix later to maint). diff --git a/Documentation/RelNotes/2.43.1.txt b/Documentation/RelNotes/2.43.1.txt new file mode 100644 index 0000000..20e96f2 --- /dev/null +++ b/Documentation/RelNotes/2.43.1.txt @@ -0,0 +1,82 @@ +Git 2.43.1 Release Notes +======================== + +There is nothing exciting to see here. Relative to Git 2.43, this +release contains the fixes that have already been merged to the +'master' branch of the development towards the next major release. + +Fixes since Git 2.43.0 +---------------------- + + * The way CI testing used "prove" could lead to running the test + suite twice needlessly, which has been corrected. + + * Newer versions of Getopt::Long started giving warnings against our + (ab)use of it in "git send-email". Bump the minimum version + requirement for Perl to 5.8.1 (from September 2002) to allow + simplifying our implementation. + + * Earlier we stopped relying on commit-graph that (still) records + information about commits that are lost from the object store, + which has negative performance implications. The default has been + flipped to disable this pessimization. + + * Stale URLs have been updated to their current counterparts (or + archive.org) and HTTP links are replaced with working HTTPS links. + + * trace2 streams used to record the URLs that potentially embed + authentication material, which has been corrected. + + * The sample pre-commit hook that tries to catch introduction of new + paths that use potentially non-portable characters did not notice + an existing path getting renamed to such a problematic path, when + rename detection was enabled. + + * The command line parser for the "log" family of commands was too + loose when parsing certain numbers, e.g., silently ignoring the + extra 'q' in "git log -n 1q" without complaining, which has been + tightened up. + + * "git $cmd --end-of-options --rev -- --path" for some $cmd failed + to interpret "--rev" as a rev, and "--path" as a path. This was + fixed for many programs like "reset" and "checkout". + + * "git bisect reset" has been taught to clean up state files and refs + even when BISECT_START file is gone. + + * Some codepaths did not correctly parse configuration variables + specified with valueless "true", which has been corrected. + + * Code clean-up for sanity checking of command line options for "git + show-ref". + + * The code to parse the From e-mail header has been updated to avoid + recursion. + + * "git fetch --atomic" issued an unnecessary empty error message, + which has been corrected. + + * Command line completion script (in contrib/) learned to work better + with the reftable backend. + + * "git status" is taught to show both the branch being bisected and + being rebased when both are in effect at the same time. + cf. <xmqqil76kyov.fsf@gitster.g> + + * "git archive --list extra garbage" silently ignored excess command + line parameters, which has been corrected. + + * "git sparse-checkout set" added default patterns even when the + patterns are being fed from the standard input, which has been + corrected. + + * Unlike other environment variables that took the usual + true/false/yes/no as well as 0/1, GIT_FLUSH only understood 0/1, + which has been corrected. + + * Clearing in-core repository (happens during e.g., "git fetch + --recurse-submodules" with commit graph enabled) made in-core + commit object in an inconsistent state by discarding the necessary + data from commit-graph too early, which has been corrected. + +Also contains various documentation updates, code clean-ups and minor fixups. diff --git a/Documentation/RelNotes/2.43.2.txt b/Documentation/RelNotes/2.43.2.txt new file mode 100644 index 0000000..5895e23 --- /dev/null +++ b/Documentation/RelNotes/2.43.2.txt @@ -0,0 +1,37 @@ +Git 2.43.2 Release Notes +======================== + +Relative to Git 2.43.1, this release has two important fixes to allow +"git imap-send" to be built with NO_CURL defined, and to restore the +forced flushing behaviour when GIT_FLUSH=1 is set. It also contains +other, unexciting, fixes that have already been merged to the 'master' +branch of the development towards the next major release. + +Fixes since Git 2.43.1 +---------------------- + + * Update to a new feature recently added, "git show-ref --exists". + + * Rename detection logic ignored the final line of a file if it is an + incomplete line. + + * "git diff --no-rename A B" did not disable rename detection but did + not trigger an error from the command line parser. + + * "git diff --no-index file1 file2" segfaulted while invoking the + external diff driver, which has been corrected. + + * Rewrite //-comments to /* comments */ in files whose comments + prevalently use the latter. + + * A failed "git tag -s" did not necessarily result in an error + depending on the crypto backend, which has been corrected. + + * "git stash" sometimes was silent even when it failed due to + unwritable index file, which has been corrected. + + * Recent conversion to allow more than 0/1 in GIT_FLUSH broke the + mechanism by flipping what yes/no means by mistake, which has been + corrected. + +Also contains documentation updates, code clean-ups and minor fixups. diff --git a/Documentation/RelNotes/2.43.3.txt b/Documentation/RelNotes/2.43.3.txt new file mode 100644 index 0000000..924f205 --- /dev/null +++ b/Documentation/RelNotes/2.43.3.txt @@ -0,0 +1,12 @@ +Git 2.43.3 Release Notes +======================== + +Relative to Git 2.43.2, this release fixes one regression that +manifests while running "git commit -v --trailer". + +Fixes since Git 2.43.2 +---------------------- + + * "git commit -v --trailer=..." was broken with recent update and + placed the trailer _after_ the divider line, which has been + corrected. diff --git a/Documentation/RelNotes/2.44.0.txt b/Documentation/RelNotes/2.44.0.txt new file mode 100644 index 0000000..14f9ce8 --- /dev/null +++ b/Documentation/RelNotes/2.44.0.txt @@ -0,0 +1,334 @@ +Git v2.44 Release Notes +======================= + +Backward Compatibility Notes + + * "git checkout -B <branch>" used to allow switching to a branch that + is in use on another worktree, but this was by mistake. The users + need to use "--ignore-other-worktrees" option. + + +UI, Workflows & Features + + * "git add" and "git stash" learned to support the ":(attr:...)" + magic pathspec. + + * "git rebase --autosquash" is now enabled for non-interactive rebase, + but it is still incompatible with the apply backend. + + * Introduce "git replay", a tool meant on the server side without + working tree to recreate a history. + + * "git merge-file" learned to take the "--diff-algorithm" option to + use algorithm different from the default "myers" diff. + + * Command line completion (in contrib/) learned to complete path + arguments to the "add/set" subcommands of "git sparse-checkout" + better. + + * "git checkout -B <branch> [<start-point>]" allowed a branch that is + in use in another worktree to be updated and checked out, which + might be a bit unexpected. The rule has been tightened, which is a + breaking change. "--ignore-other-worktrees" option is required to + unbreak you, if you are used to the current behaviour that "-B" + overrides the safety. + + * The builtin_objectmode attribute is populated for each path + without adding anything in .gitattributes files, which would be + useful in magic pathspec, e.g., ":(attr:builtin_objectmode=100755)" + to limit to executables. + + * "git fetch" learned to pay attention to "fetch.all" configuration + variable, which pretends as if "--all" was passed from the command + line when no remote parameter was given. + + * In addition to (rather cryptic) Security Identifiers, show username + and domain in the error message when we barf on mismatch between + the Git directory and the current user on Windows. + + * The error message given when "git branch -d branch" fails due to + commits unique to the branch has been split into an error and a new + conditional advice message. + + * When given an existing but unreadable file as a configuration file, + gitweb behaved as if the file did not exist at all, but now it + errors out. This is a change that may break backward compatibility. + + * When $HOME/.gitconfig is missing but XDG config file is available, we + should write into the latter, not former. "git gc" and "git + maintenance" wrote into a wrong "global config" file, which have + been corrected. + + * Define "special ref" as a very narrow set that consists of + FETCH_HEAD and MERGE_HEAD, and clarify everything else that used to + be classified as such are actually just pseudorefs. + + * All conditional "advice" messages show how to turn them off, which + becomes repetitive. Setting advice.* configuration explicitly on + now omits the instruction part. + + * The "disable repository discovery of a bare repository" check, + triggered by setting safe.bareRepository configuration variable to + 'explicit', has been loosened to exclude the ".git/" directory inside + a non-bare repository from the check. So you can do "cd .git && + git cmd" to run a Git command that works on a bare repository without + explicitly specifying $GIT_DIR now. + + * The completion script (in contrib/) learned more options that can + be used with "git log". + + * The labels on conflict markers for the common ancestor, our version, + and the other version are available to custom 3-way merge driver + via %S, %X, and %Y placeholders. + + * The write codepath for the reftable data learned to honor + core.fsync configuration. + + * The "--fsck-objects" option of "git index-pack" now can take the + optional parameter to tweak severity of different fsck errors. + + * The wincred credential backend has been taught to support oauth + refresh token the same way as credential-cache and + credential-libsecret backends. + + * Command line completion support (in contrib/) has been + updated for "git bisect". + + * "git branch" and friends learned to use the formatted text as + sorting key, not the underlying timestamp value, when the --sort + option is used with author or committer timestamp with a format + specifier (e.g., "--sort=creatordate:format:%H:%M:%S"). + + * The command line completion script (in contrib/) learned to + complete configuration variable names better. + + +Performance, Internal Implementation, Development Support etc. + + * Process to add some form of low-level unit tests has started. + + * Add support for GitLab CI. + + * "git for-each-ref --no-sort" still sorted the refs alphabetically + which paid non-trivial cost. It has been redefined to show output + in an unspecified order, to allow certain optimizations to take + advantage of. + + * Simplify API implementation to delete references by eliminating + duplication. + + * Subject approxidate() and show_date() machinery to OSS-Fuzz. + + * A new helper to let us pretend that we called lstat() when we know + our cache_entry is up-to-date via fsmonitor. + + * The optimization based on fsmonitor in the "diff --cached" + codepath is resurrected with the "fake-lstat" introduced earlier. + + * Test balloon to use C99 "bool" type from <stdbool.h> has been + added. + + * "git clone" has been prepared to allow cloning a repository with + non-default hash function into a repository that uses the reftable + backend. + + * Streaming spans of packfile data used to be done only from a + single, primary, pack in a repository with multiple packfiles. It + has been extended to allow reuse from other packfiles, too. + + * Comment updates to help developers not to attempt to modify + messages from plumbing commands that must stay constant. + + It might make sense to reassess the plumbing needs every few years, + but that should be done as a separate effort. + + * Move test-ctype helper to the unit-test framework. + + * Instead of manually creating refs/ hierarchy on disk upon a + creation of a secondary worktree, which is only usable via the + files backend, use the refs API to populate it. + + * CI for GitLab learned to drive macOS jobs. + + * A few tests to "git commit -o <pathspec>" and "git commit -i + <pathspec>" has been added. + + * Tests on ref API are moved around to prepare for reftable. + + * The Makefile often had to say "-L$(path) -R$(path)" that repeats + the path to the same library directory for link time and runtime. + A Makefile template is used to reduce such repetition. + + * The priority queue test has been migrated to the unit testing + framework. + + * Setting `feature.experimental` opts the user into multi-pack reuse + experiment + + * Squelch node.js 16 deprecation warnings from GitHub Actions CI + by updating actions/github-script and actions/checkout that use + node.js 20. + + * The mechanism to report the filename in the source code, used by + the unit-test machinery, assumed that the compiler expanded __FILE__ + to the path to the source given to the $(CC), but some compilers + give full path, breaking the output. This has been corrected. + + +Fixes since v2.43 +----------------- + + * The way CI testing used "prove" could lead to running the test + suite twice needlessly, which has been corrected. + + * Update ref-related tests. + + * "git format-patch --encode-email-headers" ignored the option when + preparing the cover letter, which has been corrected. + + * Newer versions of Getopt::Long started giving warnings against our + (ab)use of it in "git send-email". Bump the minimum version + requirement for Perl to 5.8.1 (from September 2002) to allow + simplifying our implementation. + + * Earlier we stopped relying on commit-graph that (still) records + information about commits that are lost from the object store, + which has negative performance implications. The default has been + flipped to disable this pessimization. + + * Stale URLs have been updated to their current counterparts (or + archive.org) and HTTP links are replaced with working HTTPS links. + + * trace2 streams used to record the URLs that potentially embed + authentication material, which has been corrected. + + * The sample pre-commit hook that tries to catch introduction of new + paths that use potentially non-portable characters did not notice + an existing path getting renamed to such a problematic path, when + rename detection was enabled. + + * The command line parser for the "log" family of commands was too + loose when parsing certain numbers, e.g., silently ignoring the + extra 'q' in "git log -n 1q" without complaining, which has been + tightened up. + + * "git $cmd --end-of-options --rev -- --path" for some $cmd failed + to interpret "--rev" as a rev, and "--path" as a path. This was + fixed for many programs like "reset" and "checkout". + + * "git bisect reset" has been taught to clean up state files and refs + even when BISECT_START file is gone. + + * Some codepaths did not correctly parse configuration variables + specified with valueless "true", which has been corrected. + + * Code clean-up for sanity checking of command line options for "git + show-ref". + + * The code to parse the From e-mail header has been updated to avoid + recursion. + + * "git fetch --atomic" issued an unnecessary empty error message, + which has been corrected. + + * Command line completion script (in contrib/) learned to work better + with the reftable backend. + + * "git status" is taught to show both the branch being bisected and + being rebased when both are in effect at the same time. + + * "git archive --list extra garbage" silently ignored excess command + line parameters, which has been corrected. + + * "git sparse-checkout set" added default patterns even when the + patterns are being fed from the standard input, which has been + corrected. + + * "git sparse-checkout (add|set) --[no-]cone --end-of-options" did + not handle "--end-of-options" correctly after a recent update. + + * Unlike other environment variables that took the usual + true/false/yes/no as well as 0/1, GIT_FLUSH only understood 0/1, + which has been corrected. + + * Clearing in-core repository (happens during e.g., "git fetch + --recurse-submodules" with commit graph enabled) made in-core + commit object in an inconsistent state by discarding the necessary + data from commit-graph too early, which has been corrected. + + * Update to a new feature recently added, "git show-ref --exists". + + * oss-fuzz tests are built and run in CI. + (merge c4a9cf1df3 js/oss-fuzz-build-in-ci later to maint). + + * Rename detection logic ignored the final line of a file if it is an + incomplete line. + + * GitHub CI update. + (merge 0188b2c8e0 pb/ci-github-skip-logs-for-broken-tests later to maint). + + * "git diff --no-rename A B" did not disable rename detection but did + not trigger an error from the command line parser. + + * "git archive --remote=<remote>" learned to talk over the smart + http (aka stateless) transport. + (merge 176cd68634 jx/remote-archive-over-smart-http later to maint). + + * Fetching via protocol v0 over Smart HTTP transport sometimes failed + to correctly auto-follow tags. + (merge fba732c462 jk/fetch-auto-tag-following-fix later to maint). + + * The documentation for the --exclude-per-directory option marked it + as deprecated, which confused readers into thinking there may be a + plan to remove it in the future, which was not our intention. + (merge 0009542cab jc/ls-files-doc-update later to maint). + + * "git diff --no-index file1 file2" segfaulted while invoking the + external diff driver, which has been corrected. + + * Rewrite //-comments to /* comments */ in files whose comments + prevalently use the latter. + + * Cirrus CI jobs started breaking because we specified version of + FreeBSD that is no longer available, which has been corrected. + (merge 81fffb66d3 cb/use-freebsd-13-2-at-cirrus-ci later to maint). + + * A caller called index_file_exists() that takes a string expressed + as <ptr, length> with a wrong length, which has been corrected. + (merge 156e28b36d jh/sparse-index-expand-to-path-fix later to maint). + + * A failed "git tag -s" did not necessarily result in an error + depending on the crypto backend, which has been corrected. + + * "git stash" sometimes was silent even when it failed due to + unwritable index file, which has been corrected. + + * "git show-ref --verify" did not show things like "CHERRY_PICK_HEAD", + which has been corrected. + + * Recent conversion to allow more than 0/1 in GIT_FLUSH broke the + mechanism by flipping what yes/no means by mistake, which has been + corrected. + + * The sequencer machinery does not use the ref API and instead + records names of certain objects it needs for its correct operation + in temporary files, which makes these objects susceptible to loss + by garbage collection. These temporary files have been added as + starting points for reachability analysis to fix this. + (merge bc7f5db896 pw/gc-during-rebase later to maint). + + * "git cherry-pick" invoked during "git rebase -i" session lost + the authorship information, which has been corrected. + (merge e4301f73ff vn/rebase-with-cherry-pick-authorship later to maint). + + * The code paths that call repo_read_object_file() have been + tightened to react to errors. + (merge 568459bf5e js/check-null-from-read-object-file later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge 5aea3955bc rj/clarify-branch-doc-m later to maint). + (merge 9cce3be2df bk/bisect-doc-fix later to maint). + (merge 8430b438f6 vd/fsck-submodule-url-test later to maint). + (merge 3cb4384683 jc/t0091-with-unknown-git later to maint). + (merge 020456cb74 rs/receive-pack-remove-find-header later to maint). + (merge bc47139f4f la/trailer-cleanups later to maint). diff --git a/Documentation/RelNotes/2.45.0.txt b/Documentation/RelNotes/2.45.0.txt new file mode 100644 index 0000000..fec1936 --- /dev/null +++ b/Documentation/RelNotes/2.45.0.txt @@ -0,0 +1,476 @@ +Git v2.45 Release Notes +======================= + +Backward Compatibility Notes + +UI, Workflows & Features + + * Integrate the reftable code into the refs framework as a backend. + With "git init --ref-format=reftable", hopefully it would be a lot + more efficient to manage a repository with many references. + + * "git checkout -p" and friends learned that that "@" is a synonym + for "HEAD". + + * Variants of vimdiff learned to honor mergetool.<variant>.layout + settings. + + * "git reflog" learned a "list" subcommand that enumerates known reflogs. + + * When a merge conflicted at a submodule, merge-ort backend used to + unconditionally give a lengthy message to suggest how to resolve + it. Now the message can be squelched as an advice message. + + * "git for-each-ref" learned "--include-root-refs" option to show + even the stuff outside the 'refs/' hierarchy. + + * "git rev-list --missing=print" has learned to optionally take + "--allow-missing-tips", which allows the objects at the starting + points to be missing. + + * "git merge-tree" has learned that the three trees involved in the + 3-way merge only need to be trees, not necessarily commits. + + * "git log --merge" learned to pay attention to CHERRY_PICK_HEAD and + other kinds of *_HEAD pseudorefs. + + * Platform specific tweaks for OS/390 has been added to + config.mak.uname. + + * Users with safe.bareRepository=explicit can still work from within + $GIT_DIR of a seconary worktree (which resides at .git/worktrees/$name/) + of the primary worktree without explicitly specifying the $GIT_DIR + environment variable or the --git-dir=<path> option. + + * The output format for dates "iso-strict" has been tweaked to show + a time in the Zulu timezone with "Z" suffix, instead of "+00:00". + + * "git diff" and friends learned two extra configuration variables, + diff.srcPrefix and diff.dstPrefix. + + * The status.showUntrackedFiles configuration variable had a name + that tempts users to set a Boolean value expressed in our usual + "false", "off", and "0", but it only took "no". This has been + corrected so "true" and its synonyms are taken as "normal", while + "false" and its synonyms are taken as "no". + + * Remove an ancient and not well maintained Hg-to-git migration + script from contrib/. + + * Hints that suggest what to do after resolving conflicts can now be + squelched by disabling advice.mergeConflict. + + * Allow git-cherry-pick(1) to automatically drop redundant commits via + a new `--empty` option, similar to the `--empty` options for + git-rebase(1) and git-am(1). Includes a soft deprecation of + `--keep-redundant-commits` as well as some related docs changes and + sequencer code cleanup. + + * "git config" learned "--comment=<message>" option to leave a + comment immediately after the "variable = value" on the same line + in the configuration file. + + * core.commentChar used to be limited to a single byte, but has been + updated to allow an arbitrary multi-byte sequence. + + * "git add -p" and other "interactive hunk selection" UI has learned to + skip showing the hunk immediately after it has already been shown, and + an additional action to explicitly ask to reshow the current hunk. + + * "git pack-refs" learned the "--auto" option, which defers the decision of + whether and how to pack to the ref backend. This is used by the reftable + backend to avoid repacking of an already-optimal ref database. The new mode + is triggered from "git gc --auto". + + * "git add -u <pathspec>" and "git commit [-i] <pathspec>" did not + diagnose a pathspec element that did not match any files in certain + situations, unlike "git add <pathspec>" did. + + * The userdiff patterns for C# has been updated. + + * Git writes a "waiting for your editor" message on an incomplete + line after launching an editor, and then append another error + message on the same line if the editor errors out. It now clears + the "waiting for..." line before giving the error message. + + * The filename used for rejected hunks "git apply --reject" creates + was limited to PATH_MAX, which has been lifted. + + * When "git bisect" reports the commit it determined to be the + culprit, we used to show it in a format that does not honor common + UI tweaks, like log.date and log.decorate. The code has been + taught to use "git show" to follow more customizations. + + +Performance, Internal Implementation, Development Support etc. + + * The code to iterate over refs with the reftable backend has seen + some optimization. + + * More tests that are marked as "ref-files only" have been updated to + improve test coverage of reftable backend. + + * Some parts of command line completion script (in contrib/) have + been micro-optimized. + + * The way placeholders are to be marked-up in documentation have been + specified; use "_<placeholder>_" to typeset the word inside a pair + of <angle-brackets> emphasized. + + * "git --no-lazy-fetch cmd" allows to run "cmd" while disabling lazy + fetching of objects from the promisor remote, which may be handy + for debugging. + + * The implementation in "git clean" that makes "-n" and "-i" ignore + clean.requireForce has been simplified, together with the + documentation. + + * Uses of xwrite() helper have been audited and updated for better + error checking and simpler code. + + * Some trace2 events that lacked def_param have learned to show it, + enriching the output. + + * The parse-options code that deals with abbreviated long option + names have been cleaned up. + + * The code in reftable backend that creates new table files works + better with the tempfile framework to avoid leaving cruft after a + failure. + + * The reftable code has its own custom binary search function whose + comparison callback has an unusual interface, which caused the + binary search to degenerate into a linear search, which has been + corrected. + + * The code to iterate over reflogs in the reftable has been optimized + to reduce memory allocation and deallocation. + + * Work to support a repository that work with both SHA-1 and SHA-256 + hash algorithms has started. + + * A new fuzz target that exercises config parsing code has been + added. + + * Fix the way recently added tests interpolate variables defined + outside them, and document the best practice to help future + developers. + + * Introduce an experimental protocol for contributors to propose the + topic description to be used in the "What's cooking" report, the + merge commit message for the topic, and in the release notes and + document it in the SubmittingPatches document. + + * The t/README file now gives a hint on running individual tests in + the "t/" directory with "make t<num>-*.sh t<num>-*.sh". + (merge 8d383806fc pb/test-scripts-are-build-targets later to maint). + + * The "hint:" messages given by the advice mechanism, when given a + message with a blank line, left a line with trailing whitespace, + which has been cleansed. + + * Documentation rules has been explicitly described how to mark-up + literal parts and a few manual pages have been updated as examples. + + * The .editorconfig file has been taught that a Makefile uses HT + indentation. + + * t-prio-queue test has been cleaned up by using C99 compound + literals; this is meant to also serve as a weather-balloon to smoke + out folks with compilers who have trouble compiling code that uses + the feature. + + * Windows binary used to decide the use of unix-domain socket at + build time, but it learned to make the decision at runtime instead. + + * The "shared repository" test in the t0610 reftable test failed + under restrictive umask setting (e.g. 007), which has been + corrected. + + * Document and apply workaround for a buggy version of dash that + mishandles "local var=val" construct. + + * The codepaths that reach date_mode_from_type() have been updated to + pass "struct date_mode" by value to make them thread safe. + + * The strategy to compact multiple tables of reftables after many + operations accumulate many entries has been improved to avoid + accumulating too many tables uncollected. + + * The code to iterate over reftable blocks has seen some optimization + to reduce memory allocation and deallocation. + + * The way "git fast-import" handles paths described in its input has + been tightened up and more clearly documented. + + * The cvsimport tests required that the platform understands + traditional timezone notations like CST6CDT, which has been + updated to work on those systems as long as they understand + POSIX notation with explicit tz transition dates. + + * The code to format trailers have been cleaned up. + + +Fixes since v2.44 +----------------- + + * "git apply" on a filesystem without filemode support have learned + to take a hint from what is in the index for the path, even when + not working with the "--index" or "--cached" option, when checking + the executable bit match what is required by the preimage in the + patch. + (merge 45b625142d cp/apply-core-filemode later to maint). + + * "git column" has been taught to reject negative padding value, as + it would lead to nonsense behaviour including division by zero. + (merge 76fb807faa kh/column-reject-negative-padding later to maint). + + * "git am --help" now tells readers what actions are available in + "git am --whitespace=<action>", in addition to saying that the + option is passed through to the underlying "git apply". + (merge a171dac734 jc/am-whitespace-doc later to maint). + + * "git tag --column" failed to check the exit status of its "git + column" invocation, which has been corrected. + (merge 92e66478fc rj/tag-column-fix later to maint). + + * Credential helper based on libsecret (in contrib/) has been updated + to handle an empty password correctly. + (merge 8f1f2023b7 mh/libsecret-empty-password-fix later to maint). + + * "git difftool --dir-diff" learned to honor the "--trust-exit-code" + option; it used to always exit with 0 and signalled success. + (merge eb84c8b6ce ps/difftool-dir-diff-exit-code later to maint). + + * The code incorrectly attempted to use textconv cache when asked, + even when we are not running in a repository, which has been + corrected. + (merge affe355fe7 jk/textconv-cache-outside-repo-fix later to maint). + + * Remove an empty file that shouldn't have been added in the first + place. + (merge 4f66942215 js/remove-cruft-files later to maint). + + * The logic to access reflog entries by date and number had ugly + corner cases at the boundaries, which have been cleaned up. + (merge 5edd126720 jk/reflog-special-cases-fix later to maint). + + * An error message from "git upload-pack", which responds to "git + fetch" requests, had a trailing NUL in it, which has been + corrected. + (merge 3f4c7a0805 sg/upload-pack-error-message-fix later to maint). + + * Clarify wording in the CodingGuidelines that requires <git-compat-util.h> + to be the first header file. + (merge 4e89f0e07c jc/doc-compat-util later to maint). + + * "git commit -v --cleanup=scissors" used to add the scissors line + twice in the log message buffer, which has been corrected. + (merge e90cc075cc jt/commit-redundant-scissors-fix later to maint). + + * A custom remote helper no longer cannot access the newly created + repository during "git clone", which is a regression in Git 2.44. + This has been corrected. + (merge 199f44cb2e ps/remote-helper-repo-initialization-fix later to maint). + + * Various parts of upload-pack have been updated to bound the resource + consumption relative to the size of the repository to protect from + abusive clients. + (merge 6cd05e768b jk/upload-pack-bounded-resources later to maint). + + * The upload-pack program, when talking over v2, accepted the + packfile-uris protocol extension from the client, even if it did + not advertise the capability, which has been corrected. + (merge a922bfa3b5 jk/upload-pack-v2-capability-cleanup later to maint). + + * Make sure failure return from merge_bases_many() is properly caught. + (merge 25fd20eb44 js/merge-base-with-missing-commit later to maint). + + * FSMonitor client code was confused when FSEvents were given in a + different case on a case-insensitive filesystem, which has been + corrected. + (merge 29c139ce78 jh/fsmonitor-icase-corner-case-fix later to maint). + + * The "core.commentChar" configuration variable only allows an ASCII + character, which was not clearly documented, which has been + corrected. + (merge fb7c556f58 kh/doc-commentchar-is-a-byte later to maint). + + * With release 2.44 we got rid of all uses of test_i18ngrep and there + is no in-flight topic that adds a new use of it. Make a call to + test_i18ngrep a hard failure, so that we can remove it at the end + of this release cycle. + (merge 381a83dfa3 jc/test-i18ngrep later to maint). + + * The command line completion script (in contrib/) learned to + complete "git reflog" better. + (merge 1284f9cc11 rj/complete-reflog later to maint). + + * The logic to complete the command line arguments to "git worktree" + subcommand (in contrib/) has been updated to correctly honor things + like "git -C dir" etc. + (merge 3574816d98 rj/complete-worktree-paths-fix later to maint). + + * When git refuses to create a branch because the proposed branch + name is not a valid refname, an advice message is given to refer + the user to exact naming rules. + (merge 8fbd903e58 kh/branch-ref-syntax-advice later to maint). + + * Code simplification by getting rid of code that sets an environment + variable that is no longer used. + (merge 72a8d3f027 pw/rebase-i-ignore-cherry-pick-help-environment later to maint). + + * The code to find the effective end of log messages can fall into an + endless loop, which has been corrected. + (merge 2541cba2d6 fs/find-end-of-log-message-fix later to maint). + + * Mark-up used in the documentation has been improved for + consistency. + (merge 45d5ed3e50 ja/doc-markup-fixes later to maint). + + * The status.showUntrackedFiles configuration variable was + incorrectly documented to accept "false", which has been corrected. + + * Leaks from "git restore" have been plugged. + (merge 2f64da0790 rj/restore-plug-leaks later to maint). + + * "git bugreport --no-suffix" was not supported and instead + segfaulted, which has been corrected. + (merge b3b57c69da js/bugreport-no-suffix-fix later to maint). + + * The documentation for "%(trailers[:options])" placeholder in the + "--pretty" option of commands in the "git log" family has been + updated. + (merge bff85a338c bl/doc-key-val-sep-fix later to maint). + + * "git checkout --conflict=bad" reported a bad conflictStyle as if it + were given to a configuration variable; it has been corrected to + report that the command line option is bad. + (merge 5a99c1ac1a pw/checkout-conflict-errorfix later to maint). + + * Code clean-up in the "git log" machinery that implements custom log + message formatting. + (merge 1c10b8e5b0 jk/pretty-subject-cleanup later to maint). + + * "git config" corrupted literal HT characters written in the + configuration file as part of a value, which has been corrected. + (merge e6895c3f97 ds/config-internal-whitespace-fix later to maint). + + * A unit test for reftable code tried to enumerate all files in a + directory after reftable operations and expected to see nothing but + the files it wanted to leave there, but was fooled by .nfs* cruft + files left, which has been corrected. + (merge 0068aa7946 ps/reftable-unit-test-nfs-workaround later to maint). + + * The implementation and documentation of "object-format" option + exchange between the Git itself and its remote helpers did not + quite match, which has been corrected. + + * The "--pretty=<shortHand>" option of the commands in the "git log" + family, defined as "[pretty] shortHand = <expansion>" should have + been looked up case insensitively, but was not, which has been + corrected. + (merge f999d5188b bl/pretty-shorthand-config-fix later to maint). + + * "git apply" failed to extract the filename the patch applied to, + when the change was about an empty file created in or deleted from + a directory whose name ends with a SP, which has been corrected. + (merge 776ffd1a30 jc/apply-parse-diff-git-header-names-fix later to maint). + + * Update a more recent tutorial doc. + (merge 95ab557b4b dg/myfirstobjectwalk-updates later to maint). + + * The test script had an incomplete and ineffective attempt to avoid + clobbering the testing user's real crontab (and its equivalents), + which has been completed. + (merge 73cb87773b es/test-cron-safety later to maint). + + * Use advice_if_enabled() API to rewrite a simple pattern to + call advise() after checking advice_enabled(). + (merge 6412d01527 rj/use-adv-if-enabled later to maint). + + * Another "set -u" fix for the bash prompt (in contrib/) script. + (merge d7805bc743 vs/complete-with-set-u-fix later to maint). + + * "git checkout/switch --detach foo", after switching to the detached + HEAD state, gave the tracking information for the 'foo' branch, + which was pointless. + + * "git apply" has been updated to lift the hardcoded pathname length + limit, which in turn allowed a mksnpath() function that is no + longer used. + (merge 708f7e0590 rs/apply-lift-path-length-limit later to maint). + + * A file descriptor leak in an error codepath, used when "git apply + --reject" fails to create the *.rej file, has been corrected. + (merge 2b1f456adf rs/apply-reject-fd-leakfix later to maint). + + * A config parser callback function fell through instead of returning + after recognising and processing a variable, wasting cycles, which + has been corrected. + (merge a816ccd642 ds/fetch-config-parse-microfix later to maint). + + * Fix was added to work around a regression in libcURL 8.7.0 (which has + already been fixed in their tip of the tree). + (merge 92a209bf24 jk/libcurl-8.7-regression-workaround later to maint). + + * The variable that holds the value read from the core.excludefile + configuration variable used to leak, which has been corrected. + (merge 0e0fefb29f jc/unleak-core-excludesfile later to maint). + + * vreportf(), which is used by error() and friends, has been taught + to give the error message printf-format string when its vsnprintf() + call fails, instead of showing nothing useful to identify the + nature of the error. + (merge c63adab961 rs/usage-fallback-to-show-message-format later to maint). + + * Adjust to an upcoming changes to GNU make that breaks our Makefiles. + (merge 227b8fd902 tb/make-indent-conditional-with-non-spaces later to maint). + + * Git 2.44 introduced a regression that makes the updated code to + barf in repositories with multi-pack index written by older + versions of Git, which has been corrected. + + * When .git/rr-cache/ rerere database gets corrupted or rerere is fed to + work on a file with conflicted hunks resolved incompletely, the rerere + machinery got confused and segfaulted, which has been corrected. + (merge 167395bb47 mr/rerere-crash-fix later to maint). + + * The "receive-pack" program (which responds to "git push") was not + converted to run "git maintenance --auto" when other codepaths that + used to run "git gc --auto" were updated, which has been corrected. + (merge 7bf3057d9c ps/run-auto-maintenance-in-receive-pack later to maint). + + * Other code cleanup, docfix, build fix, etc. + (merge f0e578c69c rs/use-xstrncmpz later to maint). + (merge 83e6eb7d7a ba/credential-test-clean-fix later to maint). + (merge 64562d784d jb/doc-interactive-singlekey-do-not-need-perl later to maint). + (merge c431a235e2 cp/t9146-use-test-path-helpers later to maint). + (merge 82d75402d5 ds/doc-send-email-capitalization later to maint). + (merge 41bff66e35 jc/doc-add-placeholder-fix later to maint). + (merge 6835f0efe9 jw/remote-doc-typofix later to maint). + (merge 244001aa20 hs/rebase-not-in-progress later to maint). + (merge 2ca6c07db2 jc/no-include-of-compat-util-from-headers later to maint). + (merge 87bd7fbb9c rs/fetch-simplify-with-starts-with later to maint). + (merge f39addd0d9 rs/name-rev-with-mempool later to maint). + (merge 9a97b43e03 rs/submodule-prefix-simplify later to maint). + (merge 40b8076462 ak/rebase-autosquash later to maint). + (merge 3223204456 eg/add-uflags later to maint). + (merge 5f78d52dce es/config-doc-sort-sections later to maint). + (merge 781fb7b4c2 as/option-names-in-messages later to maint). + (merge 51d41dc243 jk/doc-remote-helpers-markup-fix later to maint). + (merge e1aaf309db pb/ci-win-artifact-names-fix later to maint). + (merge ad538c61da jc/index-pack-fsck-levels later to maint). + (merge 67471bc704 ja/doc-formatting-fix later to maint). + (merge 86f9ce7dd6 bl/doc-config-fixes later to maint). + (merge 0d527842b7 az/grep-group-error-message-update later to maint). + (merge 7c43bdf07b rs/strbuf-expand-bad-format later to maint). + (merge 8b68b48d5c ds/typofix-core-config-doc later to maint). + (merge 39bb692152 rs/imap-send-use-xsnprintf later to maint). + (merge 8d320cec60 jc/t2104-style-fixes later to maint). + (merge b4454d5a7b pw/t3428-cleanup later to maint). + (merge 84a7c33a4b pf/commitish-committish later to maint). + (merge 8882ee9d68 la/mailmap-entry later to maint). + (merge 44bdba2fa6 rs/no-openssl-compilation-fix-on-macos later to maint). + (merge f412d72c19 yb/replay-doc-linkfix later to maint). + (merge 5da40be8d7 xx/rfc2822-date-format-in-doc later to maint). diff --git a/Documentation/RelNotes/2.8.0.txt b/Documentation/RelNotes/2.8.0.txt index 27320b6..3845328 100644 --- a/Documentation/RelNotes/2.8.0.txt +++ b/Documentation/RelNotes/2.8.0.txt @@ -377,7 +377,7 @@ notes for details). on that order. * "git show 'HEAD:Foo[BAR]Baz'" did not interpret the argument as a - rev, i.e. the object named by the the pathname with wildcard + rev, i.e. the object named by the pathname with wildcard characters in a tree object. (merge aac4fac nd/dwim-wildcards-as-pathspecs later to maint). |