summaryrefslogtreecommitdiff
path: root/Documentation/RelNotes
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/RelNotes')
-rw-r--r--Documentation/RelNotes/2.30.6.txt60
-rw-r--r--Documentation/RelNotes/2.31.5.txt5
-rw-r--r--Documentation/RelNotes/2.32.4.txt5
-rw-r--r--Documentation/RelNotes/2.33.5.txt5
-rw-r--r--Documentation/RelNotes/2.34.5.txt5
-rw-r--r--Documentation/RelNotes/2.35.5.txt5
-rw-r--r--Documentation/RelNotes/2.36.3.txt5
-rw-r--r--Documentation/RelNotes/2.37.2.txt24
-rw-r--r--Documentation/RelNotes/2.37.3.txt46
-rw-r--r--Documentation/RelNotes/2.37.4.txt65
-rw-r--r--Documentation/RelNotes/2.38.0.txt242
-rw-r--r--Documentation/RelNotes/2.38.1.txt5
-rw-r--r--Documentation/RelNotes/2.38.2.txt60
-rw-r--r--Documentation/RelNotes/2.39.0.txt346
14 files changed, 851 insertions, 27 deletions
diff --git a/Documentation/RelNotes/2.30.6.txt b/Documentation/RelNotes/2.30.6.txt
new file mode 100644
index 0000000..d649071
--- /dev/null
+++ b/Documentation/RelNotes/2.30.6.txt
@@ -0,0 +1,60 @@
+Git v2.30.6 Release Notes
+=========================
+
+This release addresses the security issues CVE-2022-39253 and
+CVE-2022-39260.
+
+Fixes since v2.30.5
+-------------------
+
+ * CVE-2022-39253:
+ When relying on the `--local` clone optimization, Git dereferences
+ symbolic links in the source repository before creating hardlinks
+ (or copies) of the dereferenced link in the destination repository.
+ This can lead to surprising behavior where arbitrary files are
+ present in a repository's `$GIT_DIR` when cloning from a malicious
+ repository.
+
+ Git will no longer dereference symbolic links via the `--local`
+ clone mechanism, and will instead refuse to clone repositories that
+ have symbolic links present in the `$GIT_DIR/objects` directory.
+
+ Additionally, the value of `protocol.file.allow` is changed to be
+ "user" by default.
+
+ * CVE-2022-39260:
+ An overly-long command string given to `git shell` can result in
+ overflow in `split_cmdline()`, leading to arbitrary heap writes and
+ remote code execution when `git shell` is exposed and the directory
+ `$HOME/git-shell-commands` exists.
+
+ `git shell` is taught to refuse interactive commands that are
+ longer than 4MiB in size. `split_cmdline()` is hardened to reject
+ inputs larger than 2GiB.
+
+Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The
+fix was authored by Taylor Blau, with help from Johannes Schindelin.
+
+Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub.
+The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau.
+
+
+Jeff King (2):
+ shell: add basic tests
+ shell: limit size of interactive commands
+
+Kevin Backhouse (1):
+ alias.c: reject too-long cmdline strings in split_cmdline()
+
+Taylor Blau (11):
+ builtin/clone.c: disallow `--local` clones with symlinks
+ t/lib-submodule-update.sh: allow local submodules
+ t/t1NNN: allow local submodules
+ t/2NNNN: allow local submodules
+ t/t3NNN: allow local submodules
+ t/t4NNN: allow local submodules
+ t/t5NNN: allow local submodules
+ t/t6NNN: allow local submodules
+ t/t7NNN: allow local submodules
+ t/t9NNN: allow local submodules
+ transport: make `protocol.file.allow` be "user" by default
diff --git a/Documentation/RelNotes/2.31.5.txt b/Documentation/RelNotes/2.31.5.txt
new file mode 100644
index 0000000..0d87e6e
--- /dev/null
+++ b/Documentation/RelNotes/2.31.5.txt
@@ -0,0 +1,5 @@
+Git v2.31.5 Release Notes
+=========================
+
+This release merges the security fix that appears in v2.30.6; see
+the release notes for that version for details.
diff --git a/Documentation/RelNotes/2.32.4.txt b/Documentation/RelNotes/2.32.4.txt
new file mode 100644
index 0000000..76c67b2
--- /dev/null
+++ b/Documentation/RelNotes/2.32.4.txt
@@ -0,0 +1,5 @@
+Git v2.32.4 Release Notes
+=========================
+
+This release merges the security fix that appears in v2.30.6; see
+the release notes for that version for details.
diff --git a/Documentation/RelNotes/2.33.5.txt b/Documentation/RelNotes/2.33.5.txt
new file mode 100644
index 0000000..a636526
--- /dev/null
+++ b/Documentation/RelNotes/2.33.5.txt
@@ -0,0 +1,5 @@
+Git v2.33.5 Release Notes
+=========================
+
+This release merges the security fix that appears in v2.30.6; see
+the release notes for that version for details.
diff --git a/Documentation/RelNotes/2.34.5.txt b/Documentation/RelNotes/2.34.5.txt
new file mode 100644
index 0000000..0e89992
--- /dev/null
+++ b/Documentation/RelNotes/2.34.5.txt
@@ -0,0 +1,5 @@
+Git v2.34.5 Release Notes
+=========================
+
+This release merges the security fix that appears in v2.30.6; see
+the release notes for that version for details.
diff --git a/Documentation/RelNotes/2.35.5.txt b/Documentation/RelNotes/2.35.5.txt
new file mode 100644
index 0000000..e19cc48
--- /dev/null
+++ b/Documentation/RelNotes/2.35.5.txt
@@ -0,0 +1,5 @@
+Git v2.35.5 Release Notes
+=========================
+
+This release merges the security fix that appears in v2.30.6; see
+the release notes for that version for details.
diff --git a/Documentation/RelNotes/2.36.3.txt b/Documentation/RelNotes/2.36.3.txt
new file mode 100644
index 0000000..56db77b
--- /dev/null
+++ b/Documentation/RelNotes/2.36.3.txt
@@ -0,0 +1,5 @@
+Git v2.36.3 Release Notes
+=========================
+
+This release merges the security fix that appears in v2.30.6; see
+the release notes for that version for details.
diff --git a/Documentation/RelNotes/2.37.2.txt b/Documentation/RelNotes/2.37.2.txt
index 300fb09..d82b29e 100644
--- a/Documentation/RelNotes/2.37.2.txt
+++ b/Documentation/RelNotes/2.37.2.txt
@@ -61,4 +61,28 @@ Fixes since v2.37.1
* Workaround for a false positive compiler warning.
+ * The resolve-undo information in the index was not protected against
+ GC, which has been corrected.
+
+ * A corner case bug where lazily fetching objects from a promisor
+ remote resulted in infinite recursion has been corrected.
+
+ * "git p4" working on UTF-16 files on Windows did not implement
+ CRLF-to-LF conversion correctly, which has been corrected.
+
+ * "git p4" did not handle non-ASCII client name well, which has been
+ corrected.
+
+ * "rerere-train" script (in contrib/) used to honor commit.gpgSign
+ while recreating the throw-away merges.
+
+ * "git checkout" miscounted the paths it updated, which has been
+ corrected.
+
+ * Fix for a bug that makes write-tree to fail to write out a
+ non-existent index as a tree, introduced in 2.37.
+
+ * There was a bug in the codepath to upgrade generation information
+ in commit-graph from v1 to v2 format, which has been corrected.
+
Also contains minor documentation updates and code clean-ups.
diff --git a/Documentation/RelNotes/2.37.3.txt b/Documentation/RelNotes/2.37.3.txt
new file mode 100644
index 0000000..d66689e
--- /dev/null
+++ b/Documentation/RelNotes/2.37.3.txt
@@ -0,0 +1,46 @@
+Git 2.37.3 Release Notes
+========================
+
+This primarily is to backport various fixes accumulated on the 'master'
+front since 2.37.2.
+
+Fixes since v2.37.2
+-------------------
+
+ * The build procedure for Windows that uses CMake has been updated to
+ pick up the shell interpreter from local installation location.
+
+ * Conditionally allow building Python interpreter on Windows
+
+ * Fix to lstat() emulation on Windows.
+
+ * Older gcc with -Wall complains about the universal zero initializer
+ "struct s = { 0 };" idiom, which makes developers' lives
+ inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The
+ build procedure has been tweaked to help these compilers.
+
+ * Plug memory leaks in the failure code path in the "merge-ort" merge
+ strategy backend.
+
+ * Avoid repeatedly running getconf to ask libc version in the test
+ suite, and instead just as it once per script.
+
+ * Platform-specific code that determines if a directory is OK to use
+ as a repository has been taught to report more details, especially
+ on Windows.
+
+ * "vimdiff3" regression has been corrected.
+
+ * "git fsck" reads mode from tree objects but canonicalizes the mode
+ before passing it to the logic to check object sanity, which has
+ hid broken tree objects from the checking logic. This has been
+ corrected, but to help exiting projects with broken tree objects
+ that they cannot fix retroactively, the severity of anomalies this
+ code detects has been demoted to "info" for now.
+
+ * Fixes to sparse index compatibility work for "reset" and "checkout"
+ commands.
+
+ * Documentation for "git add --renormalize" has been improved.
+
+Also contains other minor documentation updates and code clean-ups.
diff --git a/Documentation/RelNotes/2.37.4.txt b/Documentation/RelNotes/2.37.4.txt
new file mode 100644
index 0000000..e42a5c1
--- /dev/null
+++ b/Documentation/RelNotes/2.37.4.txt
@@ -0,0 +1,65 @@
+Git 2.37.4 Release Notes
+========================
+
+This primarily is to backport various fixes accumulated on the 'master'
+front since 2.37.3, and also includes the same security fixes as in
+v2.30.6.
+
+Fixes since v2.37.3
+-------------------
+
+ * CVE-2022-39253:
+ When relying on the `--local` clone optimization, Git dereferences
+ symbolic links in the source repository before creating hardlinks
+ (or copies) of the dereferenced link in the destination repository.
+ This can lead to surprising behavior where arbitrary files are
+ present in a repository's `$GIT_DIR` when cloning from a malicious
+ repository.
+
+ Git will no longer dereference symbolic links via the `--local`
+ clone mechanism, and will instead refuse to clone repositories that
+ have symbolic links present in the `$GIT_DIR/objects` directory.
+
+ Additionally, the value of `protocol.file.allow` is changed to be
+ "user" by default.
+
+ Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis.
+ The fix was authored by Taylor Blau, with help from Johannes
+ Schindelin.
+
+ * CVE-2022-39260:
+ An overly-long command string given to `git shell` can result in
+ overflow in `split_cmdline()`, leading to arbitrary heap writes and
+ remote code execution when `git shell` is exposed and the directory
+ `$HOME/git-shell-commands` exists.
+
+ `git shell` is taught to refuse interactive commands that are
+ longer than 4MiB in size. `split_cmdline()` is hardened to reject
+ inputs larger than 2GiB.
+
+ Credit for finding CVE-2022-39260 goes to Kevin Backhouse of
+ GitHub. The fix was authored by Kevin Backhouse, Jeff King, and
+ Taylor Blau.
+
+ * An earlier optimization discarded a tree-object buffer that is
+ still in use, which has been corrected.
+
+ * Fix deadlocks between main Git process and subprocess spawned via
+ the pipe_command() API, that can kill "git add -p" that was
+ reimplemented in C recently.
+
+ * xcalloc(), imitating calloc(), takes "number of elements of the
+ array", and "size of a single element", in this order. A call that
+ does not follow this ordering has been corrected.
+
+ * The preload-index codepath made copies of pathspec to give to
+ multiple threads, which were left leaked.
+
+ * Update the version of Ubuntu used for GitHub Actions CI from 18.04
+ to 22.04.
+
+ * The auto-stashed local changes created by "git merge --autostash"
+ was mixed into a conflicted state left in the working tree, which
+ has been corrected.
+
+Also contains other minor documentation updates and code clean-ups.
diff --git a/Documentation/RelNotes/2.38.0.txt b/Documentation/RelNotes/2.38.0.txt
index 335b0e8..870581f 100644
--- a/Documentation/RelNotes/2.38.0.txt
+++ b/Documentation/RelNotes/2.38.0.txt
@@ -6,7 +6,7 @@ UI, Workflows & Features
* "git remote show [-n] frotz" now pays attention to negative
pathspec.
- * "git push" sometimes perform poorly when reachability bitmaps are
+ * "git push" sometimes performs poorly when reachability bitmaps are
used, even in a repository where other operations are helped by
bitmaps. The push.useBitmaps configuration variable is introduced
to allow disabling use of reachability bitmaps only for "git push".
@@ -27,7 +27,7 @@ UI, Workflows & Features
what locale they are in by sending Accept-Language HTTP header, but
this was done only for some requests but not others.
- * Introduce a discovery.barerepository configuration variable that
+ * Introduce a safe.barerepository configuration variable that
allows users to forbid discovery of bare repositories.
* Various messages that come from the pack-bitmap codepaths have been
@@ -45,6 +45,49 @@ UI, Workflows & Features
restore the working tree to the state before the command was
initiated, but in some corner cases it didn't.
+ * Operating modes like "--batch" of "git cat-file" command learned to
+ take NUL-terminated input, instead of one-item-per-line.
+
+ * "git rm" has become more aware of the sparse-index feature.
+
+ * "git rev-list --disk-usage" learned to take an optional value
+ "human" to show the reported value in human-readable format, like
+ "3.40MiB".
+
+ * The "diagnose" feature to create a zip archive for diagnostic
+ material has been lifted from "scalar" and made into a feature of
+ "git bugreport".
+
+ * The namespaces used by "log --decorate" from "refs/" hierarchy by
+ default has been tightened.
+
+ * "git rev-list --ancestry-path=C A..B" is a natural extension of
+ "git rev-list A..B"; instead of choosing a subset of A..B to those
+ that have ancestry relationship with A, it lets a subset with
+ ancestry relationship with C.
+
+ * "scalar" now enables built-in fsmonitor on enlisted repositories,
+ when able.
+
+ * The bash prompt (in contrib/) learned to optionally indicate when
+ the index is unmerged.
+
+ * "git clone" command learned the "--bundle-uri" option to coordinate
+ with hosting sites the use of pre-prepared bundle files.
+
+ * "git range-diff" learned to honor pathspec argument if given.
+
+ * "git format-patch --from=<ident>" can be told to add an in-body
+ "From:" line even for commits that are authored by the given
+ <ident> with "--force-in-body-from" option.
+
+ * The built-in fsmonitor refuses to work on a network mounted
+ repositories; a configuration knob for users to override this has
+ been introduced.
+
+ * The "scalar" addition from Microsoft is now part of the core Git
+ installation.
+
Performance, Internal Implementation, Development Support etc.
@@ -87,7 +130,7 @@ Performance, Internal Implementation, Development Support etc.
* The way "git multi-pack" uses parse-options API has been improved.
- * A coccinelle rule (in contrib/) to encourage use of COPY_ARRAY
+ * A Coccinelle rule (in contrib/) to encourage use of COPY_ARRAY
macro has been improved.
* API tweak to make it easier to run fuzz testing on commit-graph parser.
@@ -101,6 +144,43 @@ Performance, Internal Implementation, Development Support etc.
* Add a level of redirection to array allocation API in xdiff part,
to make it easier to share with the libgit2 project.
+ * "git fetch" client logs the partial clone filter used in the trace2
+ output.
+
+ * The "bundle URI" design gets documented.
+
+ * The common ancestor negotiation exchange during a "git fetch"
+ session now leaves trace log.
+
+ * Test portability improvements.
+ (merge 4d1d843be7 mt/rot13-in-c later to maint).
+
+ * The "subcommand" mode is introduced to parse-options API and update
+ the command line parser of Git commands with subcommands.
+
+ * The pack bitmap file gained a bitmap-lookup table to speed up
+ locating the necessary bitmap for a given commit.
+
+ * The assembly version of SHA-1 implementation for PPC has been
+ removed.
+
+ * The server side that responds to "git fetch" and "git clone"
+ request has been optimized by allowing it to send objects in its
+ object store without recomputing and validating the object names.
+
+ * Annotate function parameters that are not used (but cannot be
+ removed for structural reasons), to prepare us to later compile
+ with -Wunused warning turned on.
+
+ * Share the text used to explain configuration variables used by "git
+ <subcmd>" in "git help <subcmd>" with the text from "git help config".
+
+ * "git mv A B" in a sparsely populated working tree can be asked to
+ move a path from a directory that is "in cone" to another directory
+ that is "out of cone". Handling of such a case has been improved.
+
+ * The chainlint script for our tests has been revamped.
+
Fixes since v2.37
-----------------
@@ -134,27 +214,21 @@ Fixes since v2.37
* Recent update to vimdiff layout code has been made more robust
against different end-user vim settings.
- * Plug various memory leaks.
- (merge ece3974ba6 ab/leakfix later to maint).
-
- * Plug various memory leaks in test-tool commands.
- (merge f40a693450 ab/test-tool-leakfix later to maint).
+ * Plug various memory leaks, both in the main code and in test-tool
+ commands.
* Fixes a long-standing corner case bug around directory renames in
the merge-ort strategy.
* The resolve-undo information in the index was not protected against
GC, which has been corrected.
- (merge e0ad13977a jc/resolve-undo later to maint).
* A corner case bug where lazily fetching objects from a promisor
remote resulted in infinite recursion has been corrected.
- (merge cb88b37cb9 hx/lookup-commit-in-graph-fix later to maint).
* "git clone" from a repository with some ref whose HEAD is unborn
did not set the HEAD in the resulting repository correctly, which
has been corrected.
- (merge daf7898abb jk/clone-unborn-confusion later to maint).
* An earlier attempt to plug leaks placed a clean-up label to jump to
at a bogus place, which as been corrected.
@@ -167,50 +241,164 @@ Fixes since v2.37
* A fix for a regression in test framework.
* mkstemp() emulation on Windows has been improved.
- (merge ae25974de3 rs/mingw-tighten-mkstemp later to maint).
* Add missing documentation for "include" and "includeIf" features in
"git config" file format, which incidentally teaches the command
line completion to include them in its offerings.
- (merge 07aed58017 mb/config-document-include later to maint).
* Avoid "white/black-list" in documentation and code comments.
- (merge f5adaa5cc3 ds/doc-wo-whitelist later to maint).
* Workaround for a compiler warning against use of die() in
osx-keychain (in contrib/).
- (merge f2fc531585 ld/osx-keychain-usage-fix later to maint).
* Workaround for a false positive compiler warning.
- (merge b4f52f09ae ds/win-syslog-compiler-fix later to maint).
* "git p4" working on UTF-16 files on Windows did not implement
CRLF-to-LF conversion correctly, which has been corrected.
- (merge 4d35f74421 mb/p4-utf16-crlf later to maint).
* "git p4" did not handle non-ASCII client name well, which has been
corrected.
- (merge d205483695 kk/p4-client-name-encoding-fix later to maint).
* "rerere-train" script (in contrib/) used to honor commit.gpgSign
while recreating the throw-away merges.
- (merge cc391fc886 cl/rerere-train-with-no-sign later to maint).
* "git checkout" miscounted the paths it updated, which has been
corrected.
- (merge 611c7785e8 mt/checkout-count-fix later to maint).
* Fix for a bug that makes write-tree to fail to write out a
non-existent index as a tree, introduced in 2.37.
- (merge 4447d4129d tk/untracked-cache-with-uall later to maint).
* There was a bug in the codepath to upgrade generation information
in commit-graph from v1 to v2 format, which has been corrected.
- (merge 9550f6c16a tb/commit-graph-genv2-upgrade-fix later to maint).
+
+ * Gitweb had legacy URL shortener that is specific to the way
+ projects hosted on kernel.org used to (but no longer) work, which
+ has been removed.
+
+ * Fix build procedure for Windows that uses CMake so that it can pick
+ up the shell interpreter from local installation location.
+
+ * Conditionally allow building Python interpreter on Windows
+
+ * Fix to lstat() emulation on Windows.
+
+ * Older gcc with -Wall complains about the universal zero initializer
+ "struct s = { 0 };" idiom, which makes developers' lives
+ inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The
+ build procedure has been tweaked to help these compilers.
+
+ * Plug memory leaks in the failure code path in the "merge-ort" merge
+ strategy backend.
+
+ * "git symbolic-ref symref non..sen..se" is now diagnosed as an error.
+
+ * A follow-up fix to a fix for a regression in 2.36 around hooks.
+
+ * Avoid repeatedly running getconf to ask libc version in the test
+ suite, and instead just as it once per script.
+
+ * Platform-specific code that determines if a directory is OK to use
+ as a repository has been taught to report more details, especially
+ on Windows.
+
+ * "vimdiff3" regression fix.
+
+ * "git fsck" reads mode from tree objects but canonicalizes the mode
+ before passing it to the logic to check object sanity, which has
+ hid broken tree objects from the checking logic. This has been
+ corrected, but to help existing projects with broken tree objects
+ that they cannot fix retroactively, the severity of anomalies this
+ code detects has been demoted to "info" for now.
+
+ * Fixes to sparse index compatibility work for "reset" and "checkout"
+ commands.
+
+ * An earlier optimization discarded a tree-object buffer that is
+ still in use, which has been corrected.
+
+ * Fix deadlocks between main Git process and subprocess spawned via
+ the pipe_command() API, that can kill "git add -p" that was
+ reimplemented in C recently.
+
+ * The sequencer machinery translated messages left in the reflog by
+ mistake, which has been corrected.
+
+ * xcalloc(), imitating calloc(), takes "number of elements of the
+ array", and "size of a single element", in this order. A call that
+ does not follow this ordering has been corrected.
+
+ * The preload-index codepath made copies of pathspec to give to
+ multiple threads, which were left leaked.
+
+ * Update the version of Ubuntu used for GitHub Actions CI from 18.04
+ to 22.04.
+
+ * The auto-stashed local changes created by "git merge --autostash"
+ was mixed into a conflicted state left in the working tree, which
+ has been corrected.
+
+ * Multi-pack index got corrupted when preferred pack changed from one
+ pack to another in a certain way, which has been corrected.
+ (merge 99e4d084ff tb/midx-with-changing-preferred-pack-fix later to maint).
+
+ * The clean-up of temporary files created via mks_tempfile_dt() was
+ racy and attempted to unlink() the leading directory when signals
+ are involved, which has been corrected.
+ (merge babe2e0559 rs/tempfile-cleanup-race-fix later to maint).
+
+ * FreeBSD portability fix for "git maintenance" that spawns "crontab"
+ to schedule tasks.
+ (merge ee69e7884e bc/gc-crontab-fix later to maint).
+
+ * Those who use diff-so-fancy as the diff-filter noticed a regression
+ or two in the code that parses the diff output in the built-in
+ version of "add -p", which has been corrected.
+ (merge 0a101676e5 js/add-p-diff-parsing-fix later to maint).
+
+ * Segfault fix-up to an earlier fix to the topic to teach "git reset"
+ and "git checkout" work better in a sparse checkout.
+ (merge 037f8ea6d9 vd/sparse-reset-checkout-fixes later to maint).
+
+ * "git diff --no-index A B" managed its the pathnames of its two
+ input files rather haphazardly, sometimes leaking them. The
+ command line argument processing has been straightened out to clean
+ it up.
+ (merge 2b43dd0eb5 rs/diff-no-index-cleanup later to maint).
+
+ * "git rev-list --verify-objects" ought to inspect the contents of
+ objects and notice corrupted ones, but it didn't when the commit
+ graph is in use, which has been corrected.
+ (merge b27ccae34b jk/rev-list-verify-objects-fix later to maint).
+
+ * More fixes to "add -p"
+ (merge 64ec8efb83 js/builtin-add-p-portability-fix later to maint).
+
+ * The parser in the script interface to parse-options in "git
+ rev-parse" has been updated to diagnose a bogus input correctly.
+ (merge f20b9c36d0 ow/rev-parse-parseopt-fix later to maint).
+
+ * The code that manages list-object-filter structure, used in partial
+ clones, leaked the instances, which has been plugged.
+ (merge 66eede4a37 jk/plug-list-object-filter-leaks later to maint).
+
+ * Fix another UI regression in the reimplemented "add -p".
+ (merge f6f0ee247f rs/add-p-worktree-mode-prompt-fix later to maint).
+
+ * "git fetch" over protocol v2 sent an incorrect ref prefix request
+ to the server and made "git pull" with configured fetch refspec
+ that does not cover the remote branch to merge with fail, which has
+ been corrected.
+ (merge 49ca2fba39 jk/proto-v2-ref-prefix-fix later to maint).
+
+ * A result from opendir() was leaking in the commit-graph expiration
+ codepath, which has been plugged.
+ (merge 12f1ae5324 ml/commit-graph-expire-dir-leak-fix later to maint).
+
+ * Just like we have coding guidelines, we now have guidelines for
+ reviewers.
+ (merge e01b851923 vd/doc-reviewing-guidelines later to maint).
* Other code cleanup, docfix, build fix, etc.
- (merge a700395eaf ma/t4200-update later to maint).
- (merge ae436f283c ma/sparse-checkout-cone-doc-fix later to maint).
- (merge a10f6e2bda sg/index-format-doc-update later to maint).
- (merge ce5f07983d mt/pkt-line-comment-tweak later to maint).
- (merge 1e11fab59c jc/string-list-cleanup later to maint).
+ (merge 77b9e85c0f vd/fix-perf-tests later to maint).
+ (merge 0682bc43f5 jk/test-crontab-fixes later to maint).
+ (merge b46dd1726c cc/doc-trailer-whitespace-rules later to maint).
diff --git a/Documentation/RelNotes/2.38.1.txt b/Documentation/RelNotes/2.38.1.txt
new file mode 100644
index 0000000..b2b5854
--- /dev/null
+++ b/Documentation/RelNotes/2.38.1.txt
@@ -0,0 +1,5 @@
+Git v2.38.1 Release Notes
+=========================
+
+This release merges the security fix that appears in v2.30.6; see
+the release notes for that version for details.
diff --git a/Documentation/RelNotes/2.38.2.txt b/Documentation/RelNotes/2.38.2.txt
new file mode 100644
index 0000000..086b900
--- /dev/null
+++ b/Documentation/RelNotes/2.38.2.txt
@@ -0,0 +1,60 @@
+Git 2.38.2 Release Notes
+========================
+
+This is to backport various fixes accumulated during the development
+towards Git 2.39, the next feature release.
+
+
+Fixes since v2.38.1
+-------------------
+
+ * Update CodingGuidelines to clarify what features to use and avoid
+ in C99.
+
+ * The codepath that reads from the index v4 had unaligned memory
+ accesses, which has been corrected.
+
+ * "git remote rename" failed to rename a remote without fetch
+ refspec, which has been corrected.
+
+ * "git clone" did not like to see the "--bare" and the "--origin"
+ options used together without a good reason.
+
+ * Fix messages incorrectly marked for translation.
+
+ * "git fsck" failed to release contents of tree objects already used
+ from the memory, which has been fixed.
+
+ * "git rebase -i" can mistakenly attempt to apply a fixup to a commit
+ itself, which has been corrected.
+
+ * In read-only repositories, "git merge-tree" tried to come up with a
+ merge result tree object, which it failed (which is not wrong) and
+ led to a segfault (which is bad), which has been corrected.
+
+ * Force C locale while running tests around httpd to make sure we can
+ find expected error messages in the log.
+
+ * Fix a logic in "mailinfo -b" that miscomputed the length of a
+ substring, which lead to an out-of-bounds access.
+
+ * The codepath to sign learned to report errors when it fails to read
+ from "ssh-keygen".
+
+ * "GIT_EDITOR=: git branch --edit-description" resulted in failure,
+ which has been corrected.
+
+ * Documentation on various Boolean GIT_* environment variables have
+ been clarified.
+
+ * "git multi-pack-index repack/expire" used to repack unreachable
+ cruft into a new pack, which have been corrected.
+
+ * The code to clean temporary object directories (used for
+ quarantine) tried to remove them inside its signal handler, which
+ was a no-no.
+
+ * "git branch --edit-description" on an unborh branch misleadingly
+ said that no such branch exists, which has been corrected.
+
+Also contains various documentation updates and code clean-ups.
diff --git a/Documentation/RelNotes/2.39.0.txt b/Documentation/RelNotes/2.39.0.txt
new file mode 100644
index 0000000..bb649e4
--- /dev/null
+++ b/Documentation/RelNotes/2.39.0.txt
@@ -0,0 +1,346 @@
+Git v2.39 Release Notes
+=======================
+
+UI, Workflows & Features
+------------------------
+
+ * "git grep" learned to expand the sparse-index more lazily and on
+ demand in a sparse checkout.
+
+ * By default, use of fsmonitor on a repository on networked
+ filesystem is disabled. Add knobs to make it workable on macOS.
+
+ * After checking out a "branch" that is a symbolic-ref that points at
+ another branch, "git symbolic-ref HEAD" reports the underlying
+ branch, not the symbolic-ref the user gave checkout as argument.
+ The command learned the "--no-recurse" option to stop after
+ dereferencing a symbolic-ref only once.
+
+ * "git branch --edit-description @{-1}" is now a way to edit branch
+ description of the branch you were on before switching to the
+ current branch.
+
+ * "git merge-tree --stdin" is a new way to request a series of merges
+ and report the merge results.
+
+ * "git shortlog" learned to group by the "format" string.
+
+ * A new "--include-whitespace" option is added to "git patch-id", and
+ existing bugs in the internal patch-id logic that did not match
+ what "git patch-id" produces have been corrected.
+
+ * Enable gc.cruftpacks by default for those who opt into
+ feature.experimental setting.
+
+ * "git repack" learns to send cruft objects out of the way into
+ packfiles outside the repository.
+
+ * 'scalar reconfigure -a' is taught to automatically remove
+ scalar.repo entires which no longer exist.
+
+ * Redact headers from cURL's h2h3 module in GIT_CURL_VERBOSE and
+ others.
+
+ * 'git maintenance register' is taught to write configuration to an
+ arbitrary path, and 'git for-each-repo' is taught to expand tilde
+ characters in paths.
+
+ * When creating new notes, the template used to get a stray empty
+ newline, which has been removed.
+
+ * "git receive-pack" used to use all the local refs as the boundary for
+ checking connectivity of the data "git push" sent, but now it uses
+ only the refs that it advertised to the pusher. In a repository with
+ the .hideRefs configuration, this reduces the resources needed to
+ perform the check.
+
+ * With '--recurse-submodules=on-demand', all submodules are
+ recursively pushed.
+
+
+Performance, Internal Implementation, Development Support etc.
+--------------------------------------------------------------
+
+ * With a bit of header twiddling, use the native regexp library on
+ macOS instead of the compat/ one.
+
+ * Prepare for GNU [ef]grep that throw warning of their uses.
+
+ * Sources related to fuzz testing have been moved down to their own
+ directory.
+
+ * Most credential helpers ignored unknown entries in a credential
+ description, but a few died upon seeing them. The latter were
+ taught to ignore them, too
+
+ * "scalar unregister" in a repository that is already been
+ unregistered reported an error.
+
+ * Remove error detection from a function that fetches from promisor
+ remotes, and make it die when such a fetch fails to bring all the
+ requested objects, to give an early failure to various operations.
+
+ * Update CodingGuidelines to clarify what features to use and avoid
+ in C99.
+
+ * Avoid false-positive from LSan whose assumption may be broken with
+ higher optimization levels.
+
+ * Enable address and undefined sanitizer tasks at GitHub Actions CI.
+
+ * More UNUSED annotation to help using -Wunused option with the
+ compiler.
+ (merge 4b992f0a24 jk/unused-anno-more later to maint).
+
+ * Rewrite a deep recursion in the skipping negotiator to use a loop
+ with on-heap prio queue to avoid stack wastage.
+
+ * Add documentation for message IDs in fsck error messages.
+
+ * Define the logical elements of a "bundle list", data structure to
+ store them in-core, format to transfer them, and code to parse
+ them.
+
+ * The role the security mailing list plays in an embargoed release
+ has been documented.
+
+ * Two new facilities, "timer" and "counter", are introduced to the
+ trace2 API.
+
+ * Code simplification by using strvec_pushf() instead of building an
+ argument in a separate strbuf.
+
+ * Make sure generated dependency file is stably sorted to help
+ developers debugging their build issues.
+
+ * The glossary entries for "commit-graph file" and "reachability
+ bitmap" have been added.
+
+ * Various tests exercising the transfer.credentialsInUrl
+ configuration are taught to avoid making requests which require
+ resolving localhost to reduce CI-flakiness.
+
+ * A redundant diagnostic message is dropped from test_path_is_missing().
+
+ * Simplify the run-command API.
+
+ * Update the actions/github-script dependency in CI to avoid a
+ deprecation warning.
+
+ * Progress on being able to initialize a rev_info struct with a
+ macro.
+
+ * Add trace2 counters to the region to clear skip worktree bits in a
+ sparse checkout.
+
+ * Modernize test script to avoid "test -f" and friends.
+
+ * Avoid calling 'cache_tree_update()' when doing so would be
+ redundant.
+
+ * Update the credential-cache documentation to provide a more
+ realistic example.
+
+ * Makefile comments updates and reordering to clarify knobs used to
+ choose SHA implementations.
+
+ * A design document for sparse-checkout's future directions has been
+ added.
+
+ * Teach chainlint.pl to annotate the original test definition instead
+ of the token stream.
+
+ * "make coccicheck" is time consuming. It has been made to run more
+ incrementally.
+
+ * `parse_object()` has been hardened to check for the existence of a
+ suspected blob object.
+
+ * Adjust the documentation build procedure to GNUmake version 4.4,
+ which made some changes to how pattern rule with multiple targets
+ are handled.
+
+
+Fixes since v2.38
+-----------------
+
+ * The codepath that reads from the index v4 had unaligned memory
+ accesses, which has been corrected.
+
+ * Fix messages incorrectly marked for translation.
+
+ * "git fsck" failed to release contents of tree objects already used
+ from the memory, which has been fixed.
+
+ * "git clone" did not like to see the "--bare" and the "--origin"
+ options used together without a good reason.
+
+ * "git remote rename" failed to rename a remote without fetch
+ refspec, which has been corrected.
+
+ * Documentation on various Boolean GIT_* environment variables have
+ been clarified.
+
+ * "git rebase -i" can mistakenly attempt to apply a fixup to a commit
+ itself, which has been corrected.
+
+ * "git multi-pack-index repack/expire" used to repack unreachable
+ cruft into a new pack, which have been corrected.
+
+ * In read-only repositories, "git merge-tree" tried to come up with a
+ merge result tree object, which it failed (which is not wrong) and
+ led to a segfault (which is bad), which has been corrected.
+
+ * Force C locale while running tests around httpd to make sure we can
+ find expected error messages in the log.
+
+ * Fix a logic in "mailinfo -b" that miscomputed the length of a
+ substring, which lead to an out-of-bounds access.
+
+ * The codepath to sign learned to report errors when it fails to read
+ from "ssh-keygen".
+
+ * Code clean-up that results in plugging a leak.
+
+ * "GIT_EDITOR=: git branch --edit-description" resulted in failure,
+ which has been corrected.
+
+ * The code to clean temporary object directories (used for
+ quarantine) tried to remove them inside its signal handler, which
+ was a no-no.
+
+ * Update comment in the Makefile about the RUNTIME_PREFIX config knob.
+
+ * Clarify that "the sentence after <area>: prefix does not begin with
+ a capital letter" rule applies only to the commit title.
+
+ * "git branch --edit-description" on an unborh branch misleadingly
+ said that no such branch exists, which has been corrected.
+
+ * Work around older clang that warns against C99 zero initialization
+ syntax for struct.
+
+ * Giving "--invert-grep" and "--all-match" without "--grep" to the
+ "git log" command resulted in an attempt to access grep pattern
+ expression structure that has not been allocated, which has been
+ corrected.
+ (merge db84376f98 ab/grep-simplify-extended-expression later to maint).
+
+ * "git diff rev^!" did not show combined diff to go to the rev from
+ its parents.
+ (merge a79c6b6081 rs/diff-caret-bang-with-parents later to maint).
+
+ * Allow configuration files in "protected" scopes to include other
+ configuration files.
+ (merge ecec57b3c9 gc/bare-repo-discovery later to maint).
+
+ * Give a bit more diversity to macOS CI by using sha1dc in one of the
+ jobs (the other one tests Apple Common Crypto).
+ (merge 1ad5c3df35 jc/ci-osx-with-sha1dc later to maint).
+
+ * A bugfix with tracing support in midx codepath
+ (merge e9c3839944 tb/midx-bitmap-selection-fix later to maint).
+
+ * When geometric repacking feature is in use together with the
+ --pack-kept-objects option, we lost packs marked with .keep files.
+ (merge 197443e80a tb/save-keep-pack-during-geometric-repack later to maint).
+
+ * Move a global variable added as a hack during regression fixes to
+ its proper place in the API.
+ (merge 0b0ab95f17 ab/run-hook-api-cleanup later to maint).
+
+ * Update to build procedure with VS using CMake/CTest.
+ (merge c858750b41 js/cmake-updates later to maint).
+
+ * The short-help text shown by "git cmd -h" and the synopsis text
+ shown at the beginning of "git help cmd" have been made more
+ consistent.
+
+ * When creating a multi-pack bitmap, remove per-pack bitmap files
+ unconditionally as they will never be consulted.
+ (merge 55d902cd61 tb/remove-unused-pack-bitmap later to maint).
+
+ * Fix a longstanding syntax error in Git.pm error codepath.
+
+ * "git diff --stat" etc. were invented back when everything was ASCII
+ and strlen() was a way to measure the display width of a string;
+ adjust them to compute the display width assuming UTF-8 pathnames.
+ (merge ce8529b2bb tb/diffstat-with-utf8-strwidth later to maint).
+
+ * "git branch --edit-description" can exit with status -1 which is
+ not a good practice; it learned to use 1 as everybody else instead.
+
+ * "git apply" limits its input to a bit less than 1 GiB.
+
+ * Merging a branch with directory renames into a branch that changes
+ the directory to a symlink was mishandled by the ort merge
+ strategy, which has been corrected.
+
+ * A bugfix to "git subtree" in its split and merge features.
+
+ * Fix some bugs in the reflog messages when rebasing and changes the
+ reflog messages of "rebase --apply" to match "rebase --merge" with
+ the aim of making the reflog easier to parse.
+
+ * "git rebase --keep-base" used to discard the commits that are
+ already cherry-picked to the upstream, even when "keep-base" meant
+ that the base, on top of which the history is being rebuilt, does
+ not yet include these cherry-picked commits. The --keep-base
+ option now implies --reapply-cherry-picks and --no-fork-point
+ options.
+
+ * The way "git repack" creared temporary files when it received a
+ signal was prone to deadlocking, which has been corrected.
+
+ * Various tests exercising the transfer.credentialsInUrl
+ configuration are taught to avoid making requests which require
+ resolving localhost to reduce CI-flakiness.
+
+ * The adjust_shared_perm() helper function learned to refrain from
+ setting the "g+s" bit on directories when it is not necessary.
+
+ * "git archive" mistakenly complained twice about a missing
+ executable, which has been corrected.
+
+ * Fix a bug where `git branch -d` did not work on an orphaned HEAD.
+
+ * `git rebase --update-refs` would delete references when all
+ `update-ref` commands in the sequencer were removed, which has been
+ corrected.
+
+ * Fix a regression in the bisect-helper which mistakenly treats
+ arguments to the command given to 'git bisect run' as arguments to
+ the helper.
+
+ * Correct an error where `git rebase` would mistakenly use a branch or
+ tag named "refs/rewritten/xyz" when missing a rebase label.
+
+ * Assorted fixes of parsing end-user input as integers.
+ (merge 14770cf0de pw/config-int-parse-fixes later to maint).
+
+ * "git prune" may try to iterate over .git/objects/pack for trash
+ files to remove in it, and loudly fail when the directory is
+ missing, which is not necessary. The command has been taught to
+ ignore such a failure.
+ (merge 6974765352 ew/prune-with-missing-objects-pack later to maint).
+
+ * Add one more candidate directory that may house httpd modules while
+ running tests.
+ (merge 1c7dc23d41 es/locate-httpd-module-location-in-test later to maint).
+
+ * A handful of leaks in the line-log machinery have been plugged.
+
+ * The format of a line in /proc/cpuinfo that describes a CPU on s390x
+ looked different from everybody else, and the code in chainlint.pl
+ failed to parse it.
+ (merge 1f51b77f4f ah/chainlint-cpuinfo-parse-fix later to maint).
+
+ * Adjust the GitHub CI to newer ubuntu release.
+ (merge 0d3507f3e7 jx/ci-ubuntu-fix later to maint).
+
+ * Other code cleanup, docfix, build fix, etc.
+ (merge 413bc6d20a ds/cmd-main-reorder later to maint).
+ (merge 8d2863e4ed nw/t1002-cleanup later to maint).
+ (merge 7c2dc122f9 rs/list-objects-filter-leakfix later to maint).
+ (merge 288fcb1c94 zk/push-use-bitmaps later to maint).
+ (merge 42db324c0f km/merge-recursive-typofix later to maint).