aboutsummaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/RelNotes/2.10.3.txt48
-rw-r--r--Documentation/RelNotes/2.11.0.txt158
-rw-r--r--Documentation/RelNotes/2.11.1.txt120
-rw-r--r--Documentation/config.txt34
-rw-r--r--Documentation/date-formats.txt2
-rw-r--r--Documentation/git-commit.txt3
-rw-r--r--Documentation/git-fetch-pack.txt6
-rw-r--r--Documentation/git-fetch.txt2
-rw-r--r--Documentation/git-gc.txt34
-rw-r--r--Documentation/git-interpret-trailers.txt3
-rw-r--r--Documentation/git-pull.txt2
-rw-r--r--Documentation/git-push.txt2
-rw-r--r--Documentation/git-svn.txt8
-rw-r--r--Documentation/git-worktree.txt2
-rw-r--r--Documentation/git.txt12
-rw-r--r--Documentation/gitattributes.txt4
-rw-r--r--Documentation/gitcore-tutorial.txt12
-rw-r--r--Documentation/gitnamespaces.txt20
-rw-r--r--Documentation/transfer-data-leaks.txt30
19 files changed, 382 insertions, 120 deletions
diff --git a/Documentation/RelNotes/2.10.3.txt b/Documentation/RelNotes/2.10.3.txt
new file mode 100644
index 000000000..277a2a18a
--- /dev/null
+++ b/Documentation/RelNotes/2.10.3.txt
@@ -0,0 +1,48 @@
+Git v2.10.3 Release Notes
+=========================
+
+Fixes since v2.10.2
+-------------------
+
+ * Extract a small helper out of the function that reads the authors
+ script file "git am" internally uses.
+ This by itself is not useful until a second caller appears in the
+ future for "rebase -i" helper.
+
+ * The command-line completion script (in contrib/) learned to
+ complete "git cmd ^mas<HT>" to complete the negative end of
+ reference to "git cmd ^master".
+
+ * "git send-email" attempts to pick up valid e-mails from the
+ trailers, but people in real world write non-addresses there, like
+ "Cc: Stable <add@re.ss> # 4.8+", which broke the output depending
+ on the availability and vintage of Mail::Address perl module.
+
+ * The code that we have used for the past 10+ years to cycle
+ 4-element ring buffers turns out to be not quite portable in
+ theoretical world.
+
+ * "git daemon" used fixed-length buffers to turn URL to the
+ repository the client asked for into the server side directory
+ path, using snprintf() to avoid overflowing these buffers, but
+ allowed possibly truncated paths to the directory. This has been
+ tightened to reject such a request that causes overlong path to be
+ required to serve.
+
+ * Recent update to git-sh-setup (a library of shell functions that
+ are used by our in-tree scripted Porcelain commands) included
+ another shell library git-sh-i18n without specifying where it is,
+ relying on the $PATH. This has been fixed to be more explicit by
+ prefixing $(git --exec-path) output in front.
+
+ * Fix for a racy false-positive test failure.
+
+ * Portability update and workaround for builds on recent Mac OS X.
+
+ * Update to the test framework made in 2.9 timeframe broke running
+ the tests under valgrind, which has been fixed.
+
+ * Improve the rule to convert "unsigned char [20]" into "struct
+ object_id *" in contrib/coccinelle/
+
+Also contains minor documentation updates and code clean-ups.
diff --git a/Documentation/RelNotes/2.11.0.txt b/Documentation/RelNotes/2.11.0.txt
index 7a1fce772..b7b7dd361 100644
--- a/Documentation/RelNotes/2.11.0.txt
+++ b/Documentation/RelNotes/2.11.0.txt
@@ -57,39 +57,40 @@ UI, Workflows & Features
* Even though "git hash-objects", which is a tool to take an
on-filesystem data stream and put it into the Git object store,
- allowed to perform the "outside-world-to-Git" conversions (e.g.
+ can perform "outside-world-to-Git" conversions (e.g.
end-of-line conversions and application of the clean-filter), and
- it had the feature on by default from very early days, its reverse
+ it has had this feature on by default from very early days, its reverse
operation "git cat-file", which takes an object from the Git object
- store and externalize for the consumption by the outside world,
+ store and externalizes it for consumption by the outside world,
lacked an equivalent mechanism to run the "Git-to-outside-world"
conversion. The command learned the "--filters" option to do so.
- * Output from "git diff" can be made easier to read by selecting
+ * Output from "git diff" can be made easier to read by intelligently selecting
which lines are common and which lines are added/deleted
- intelligently when the lines before and after the changed section
- are the same. A command line option is added to help with the
- experiment to find a good heuristics.
+ when the lines before and after the changed section
+ are the same. A command line option (--indent-heuristic) and a
+ configuration variable (diff.indentHeuristic) are added to help with the
+ experiment to find good heuristics.
* In some projects, it is common to use "[RFC PATCH]" as the subject
prefix for a patch meant for discussion rather than application. A
- new option "--rfc" is a short-hand for "--subject-prefix=RFC PATCH"
+ new format-patch option "--rfc" is a short-hand for "--subject-prefix=RFC PATCH"
to help the participants of such projects.
- * "git add --chmod=+x <pathspec>" added recently only toggled the
+ * "git add --chmod={+,-}x <pathspec>" only changed the
executable bit for paths that are either new or modified. This has
- been corrected to flip the executable bit for all paths that match
+ been corrected to change the executable bit for all paths that match
the given pathspec.
* When "git format-patch --stdout" output is placed as an in-body
- header and it uses the RFC2822 header folding, "git am" failed to
+ header and it uses RFC2822 header folding, "git am" fails to
put the header line back into a single logical line. The
underlying "git mailinfo" was taught to handle this properly.
* "gitweb" can spawn "highlight" to show blob contents with
(programming) language-specific syntax highlighting, but only
when the language is known. "highlight" can however be told
- to make the guess itself by giving it "--force" option, which
+ to guess the language itself by giving it "--force" option, which
has been enabled.
* "git gui" l10n to Portuguese.
@@ -109,19 +110,19 @@ UI, Workflows & Features
history leading to nth parent was looking the other way.
* In recent versions of cURL, GSSAPI credential delegation is
- disabled by default due to CVE-2011-2192; introduce a configuration
- to selectively allow enabling this.
+ disabled by default due to CVE-2011-2192; introduce a http.delegation
+ configuration variable to selectively allow enabling this.
(merge 26a7b23429 ps/http-gssapi-cred-delegation later to maint).
* "git mergetool" learned to honor "-O<orderfile>" to control the
order of paths to present to the end user.
* "git diff/log --ws-error-highlight=<kind>" lacked the corresponding
- configuration variable to set it by default.
+ configuration variable (diff.wsErrorHighlight) to set it by default.
- * "git ls-files" learned "--recurse-submodules" option that can be
- used to get a listing of tracked files across submodules (i.e. this
- only works with "--cached" option, not for listing untracked or
+ * "git ls-files" learned the "--recurse-submodules" option
+ to get a listing of tracked files across submodules (i.e. this
+ only works with the "--cached" option, not for listing untracked or
ignored files). This would be a useful tool to sit on the upstream
side of a pipe that is read with xargs to work on all working tree
files from the top-level superproject.
@@ -130,7 +131,7 @@ UI, Workflows & Features
implementations of XDG Secret Service API has been added to
contrib/credential/.
- * The GPG verification status shown in "%G?" pretty format specifier
+ * The GPG verification status shown by the "%G?" pretty format specifier
was not rich enough to differentiate a signature made by an expired
key, a signature made by a revoked key, etc. New output letters
have been assigned to express them.
@@ -139,17 +140,17 @@ UI, Workflows & Features
learned to turn "git describe" output (e.g. v2.9.3-599-g2376d31787)
into clickable links in its output.
- * When new paths were added by "git add -N" to the index, it was
- enough to circumvent the check by "git commit" to refrain from
- making an empty commit without "--allow-empty". The same logic
- prevented "git status" to show such a path as "new file" in the
+ * "git commit" created an empty commit when invoked with an index
+ consisting solely of intend-to-add paths (added with "git add -N").
+ It now requires the "--allow-empty" option to create such a commit.
+ The same logic prevented "git status" from showing such paths as "new files" in the
"Changes not staged for commit" section.
- * The smudge/clean filter API expect an external process is spawned
- to filter the contents for each path that has a filter defined. A
+ * The smudge/clean filter API spawns an external process
+ to filter the contents of each path that has a filter defined. A
new type of "process" filter API has been added to allow the first
request to run the filter for a path to spawn a single process, and
- all filtering need is served by this single process for multiple
+ all filtering is served by this single process for multiple
paths, reducing the process creation overhead.
* The user always has to say "stash@{$N}" when naming a single
@@ -173,7 +174,7 @@ Performance, Internal Implementation, Development Support etc.
script file "git am" internally uses.
(merge a77598e jc/am-read-author-file later to maint).
- * Lifts calls to exit(2) and die() higher in the callchain in
+ * Lift calls to exit(2) and die() higher in the callchain in
sequencer.c files so that more helper functions in it can be used
by callers that want to handle error conditions themselves.
@@ -192,13 +193,13 @@ Performance, Internal Implementation, Development Support etc.
does not advertise any refs, but "git fetch" was not prepared to
see such an advertisement. When the other side disconnects without
giving any ref advertisement, we used to say "there may not be a
- repository at that URL", but we may have seen other advertisement
+ repository at that URL", but we may have seen other advertisements
like "shallow" and ".have" in which case we definitely know that a
repository is there. The code to detect this case has also been
updated.
* Some codepaths in "git pack-objects" were not ready to use an
- existing pack bitmap; now they are and as the result they have
+ existing pack bitmap; now they are and as a result they have
become faster.
* The codepath in "git fsck" to detect malformed tree objects has
@@ -214,7 +215,7 @@ Performance, Internal Implementation, Development Support etc.
packfile first.
(merge c9af708b1a jk/pack-objects-optim-mru later to maint).
- * Codepaths involved in interacting alternate object store have
+ * Codepaths involved in interacting alternate object stores have
been cleaned up.
* In order for the receiving end of "git push" to inspect the
@@ -222,7 +223,7 @@ Performance, Internal Implementation, Development Support etc.
from the sending end need to be made available to the hook and
the mechanism for the connectivity check, and this was done
traditionally by storing the objects in the receiving repository
- and letting "git gc" to expire it. Instead, store the newly
+ and letting "git gc" expire them. Instead, store the newly
received objects in a temporary area, and make them available by
reusing the alternate object store mechanism to them only while we
decide if we accept the check, and once we decide, either migrate
@@ -237,7 +238,7 @@ Performance, Internal Implementation, Development Support etc.
replaced with a priority queue.
* "git diff --no-index" codepath has been updated not to try to peek
- into .git/ directory that happens to be under the current
+ into a .git/ directory that happens to be under the current
directory, when we know we are operating outside any repository.
* Update of the sequencer codebase to make it reusable to reimplement
@@ -251,8 +252,8 @@ Performance, Internal Implementation, Development Support etc.
holding onto them. Use O_CLOEXEC flag to open files in various
codepaths.
- * Update "interpret-trailers" machinery and teaches it that people in
- real world write all sorts of crufts in the "trailer" that was
+ * Update "interpret-trailers" machinery and teach it that people in
+ the real world write all sorts of cruft in the "trailer" that was
originally designed to have the neat-o "Mail-Header: like thing"
and nothing else.
@@ -280,7 +281,7 @@ notes for details).
has been removed.
* Having a submodule whose ".git" repository is somehow corrupt
- caused a few commands that recurse into submodules loop forever.
+ caused a few commands that recurse into submodules to loop forever.
* "git symbolic-ref -d HEAD" happily removes the symbolic ref, but
the resulting repository becomes an invalid one. Teach the command
@@ -308,12 +309,12 @@ notes for details).
forgot to update "git gui" to look at the configuration to match
this change.
- * "git add --chmod=+x" added recently lacked documentation, which has
+ * "git add --chmod={+,-}x" added recently lacked documentation, which has
been corrected.
* "git log --cherry-pick" used to include merge commits as candidates
to be matched up with other commits, resulting a lot of wasted time.
- The patch-id generation logic has been updated to ignore merges to
+ The patch-id generation logic has been updated to ignore merges and
avoid the wastage.
* The http transport (with curl-multi option, which is the default
@@ -333,20 +334,20 @@ notes for details).
line of the next one. This process may have to merge two adjacent
hunks, but the code forgot to do so in some cases.
- * Performance tests done via "t/perf" did not use the same set of
+ * Performance tests done via "t/perf" did not use the right
build configuration if the user relied on autoconf generated
configuration.
* "git format-patch --base=..." feature that was recently added
- showed the base commit information after "-- " e-mail signature
+ showed the base commit information after the "-- " e-mail signature
line, which turned out to be inconvenient. The base information
has been moved above the signature line.
* More i18n.
* Even when "git pull --rebase=preserve" (and the underlying "git
- rebase --preserve") can complete without creating any new commit
- (i.e. fast-forwards), it still insisted on having a usable ident
+ rebase --preserve") can complete without creating any new commits
+ (i.e. fast-forwards), it still insisted on having usable ident
information (read: user.email is set correctly), which was less
than nice. As the underlying commands used inside "git rebase"
would fail with a more meaningful error message and advice text
@@ -396,7 +397,7 @@ notes for details).
* Documentation around tools to import from CVS was fairly outdated.
* "git clone --recurse-submodules" lost the progress eye-candy in
- recent update, which has been corrected.
+ a recent update, which has been corrected.
* A low-level function verify_packfile() was meant to show errors
that were detected without dying itself, but under some conditions
@@ -409,23 +410,23 @@ notes for details).
to a design bug, which has been fixed.
* In the codepath that comes up with the hostname to be used in an
- e-mail when the user didn't tell us, we looked at ai_canonname
+ e-mail when the user didn't tell us, we looked at the ai_canonname
field in struct addrinfo without making sure it is not NULL first.
* "git worktree", even though it used the default_abbrev setting that
- ought to be affected by core.abbrev configuration variable, ignored
+ ought to be affected by the core.abbrev configuration variable, ignored
the variable setting. The command has been taught to read the
default set of configuration variables to correct this.
* "git init" tried to record core.worktree in the repository's
- 'config' file when GIT_WORK_TREE environment variable was set and
+ 'config' file when the GIT_WORK_TREE environment variable was set and
it was different from where GIT_DIR appears as ".git" at its top,
but the logic was faulty when .git is a "gitdir:" file that points
at the real place, causing trouble in working trees that are
managed by "git worktree". This has been corrected.
* Codepaths that read from an on-disk loose object were too loose in
- validating what they are reading is a proper object file and
+ validating that they are reading a proper object file and
sometimes read past the data they read from the disk, which has
been corrected. H/t to Gustavo Grieco for reporting.
@@ -434,8 +435,8 @@ notes for details).
time, and "git gui" was the last in-tree user of the syntax. This
is finally fixed, so that we can move forward with the deprecation.
- * An author name, that spelled a backslash-quoted double quote in the
- human readable part "My \"double quoted\" name", was not unquoted
+ * An author name that has a backslash-quoted double quote in the
+ human readable part ("My \"double quoted\" name"), was not unquoted
correctly while applying a patch from a piece of e-mail.
* Doc update to clarify what "log -3 --reverse" does.
@@ -449,11 +450,10 @@ notes for details).
has been fixed; this did not affect any existing code as nobody
tried to write anything after the padding on such a line, though.
- * The code that parses the format parameter of for-each-ref command
+ * The code that parses the format parameter of the for-each-ref command
has seen a micro-optimization.
- * When we started cURL to talk to imap server when a new enough
- version of cURL library is available, we forgot to explicitly add
+ * When we started to use cURL to talk to an imap server, we forgot to explicitly add
imap(s):// before the destination. To some folks, that didn't work
and the library tried to make HTTP(s) requests instead.
@@ -474,13 +474,12 @@ notes for details).
"Give me only the history since that version".
(merge cccf74e2da nd/shallow-deepen later to maint).
- * It is a common mistake to say "git blame --reverse OLD path",
- expecting that the command line is dwimmed as if asking how lines
+ * "git blame --reverse OLD path" is now DWIMmed to show how lines
in path in an old revision OLD have survived up to the current
commit.
(merge e1d09701a4 jc/blame-reverse later to maint).
- * http.emptyauth configuration is a way to allow an empty username to
+ * The http.emptyauth configuration variable is a way to allow an empty username to
pass when attempting to authenticate using mechanisms like
Kerberos. We took an unspecified (NULL) username and sent ":"
(i.e. no username, no password) to CURLOPT_USERPWD, but did not do
@@ -494,20 +493,20 @@ notes for details).
-p <paths>" adds to the current contents of the index to come up
with what to commit.
- * A stray symbolic link in $GIT_DIR/refs/ directory could make name
+ * A stray symbolic link in the $GIT_DIR/refs/ directory could make name
resolution loop forever, which has been corrected.
* The "submodule.<name>.path" stored in .gitmodules is never copied
to .git/config and such a key in .git/config has no meaning, but
- the documentation described it and submodule.<name>.url next to
- each other as if both belong to .git/config. This has been fixed.
+ the documentation described it next to submodule.<name>.url
+ as if both belong to .git/config. This has been fixed.
- * In a worktree connected to a repository elsewhere, created via "git
+ * In a worktree created via "git
worktree", "git checkout" attempts to protect users from confusion
by refusing to check out a branch that is already checked out in
another worktree. However, this also prevented checking out a
- branch, which is designated as the primary branch of a bare
- reopsitory, in a worktree that is connected to the bare
+ branch which is designated as the primary branch of a bare
+ repository, in a worktree that is connected to the bare
repository. The check has been corrected to allow it.
* "git rebase" immediately after "git clone" failed to find the fork
@@ -515,7 +514,7 @@ notes for details).
* When fetching from a remote that has many tags that are irrelevant
to branches we are following, we used to waste way too many cycles
- when checking if the object pointed at by a tag (that we are not
+ checking if the object pointed at by a tag (that we are not
going to fetch!) exists in our repository too carefully.
* Protect our code from over-eager compilers.
@@ -524,27 +523,24 @@ notes for details).
"." instead of the branch name; the documentation has been updated
to describe it.
- * A hot-fix for a test added by a recent topic that went to both
- 'master' and 'maint' already.
-
* "git send-email" attempts to pick up valid e-mails from the
- trailers, but people in real world write non-addresses there, like
+ trailers, but people in the real world write non-addresses there, like
"Cc: Stable <add@re.ss> # 4.8+", which broke the output depending
- on the availability and vintage of Mail::Address perl module.
+ on the availability and vintage of the Mail::Address perl module.
(merge dcfafc5214 mm/send-email-cc-cruft-after-address later to maint).
- * The Travis CI configuration we ship ran the tests with --verbose
+ * The Travis CI configuration we ship ran the tests with the --verbose
option but this risks non-TAP output that happens to be "ok" to be
misinterpreted as TAP signalling a test that passed. This resulted
- in unnecessary failure. This has been corrected by introducing a
+ in unnecessary failures. This has been corrected by introducing a
new mode to run our tests in the test harness to send the verbose
output separately to the log file.
- * Some AsciiDoc formatter mishandles a displayed illustration with
+ * Some AsciiDoc formatters mishandle a displayed illustration with
tabs in it. Adjust a few of them in merge-base documentation to
work around them.
- * A minor regression fix for "git submodule" that was introduced
+ * Fixed a minor regression in "git submodule" that was introduced
when more helper functions were reimplemented in C.
(merge 77b63ac31e sb/submodule-ignore-trailing-slash later to maint).
@@ -553,19 +549,19 @@ notes for details).
theoretical world.
(merge bb84735c80 rs/ring-buffer-wraparound later to maint).
- * "git daemon" used fixed-length buffers to turn URL to the
+ * "git daemon" used fixed-length buffers to turn URLs to the
repository the client asked for into the server side directory
- path, using snprintf() to avoid overflowing these buffers, but
+ paths, using snprintf() to avoid overflowing these buffers, but
allowed possibly truncated paths to the directory. This has been
- tightened to reject such a request that causes overlong path to be
- required to serve.
+ tightened to reject such a request that causes an overlong path to be
+ served.
(merge 6bdb0083be jk/daemon-path-ok-check-truncation later to maint).
* Recent update to git-sh-setup (a library of shell functions that
are used by our in-tree scripted Porcelain commands) included
another shell library git-sh-i18n without specifying where it is,
relying on the $PATH. This has been fixed to be more explicit by
- prefixing $(git --exec-path) output in front.
+ prefixing with $(git --exec-path) output.
(merge 1073094f30 ak/sh-setup-dot-source-i18n-fix later to maint).
* Fix for a racy false-positive test failure.
@@ -574,6 +570,15 @@ notes for details).
* Portability update and workaround for builds on recent Mac OS X.
(merge a296bc0132 ls/macos-update later to maint).
+ * Using a %(HEAD) placeholder in "for-each-ref --format=" option
+ caused the command to segfault when on an unborn branch.
+ (merge 84679d470d jc/for-each-ref-head-segfault-fix later to maint).
+
+ * "git rebase -i" did not work well with the core.commentchar
+ configuration variable for two reasons, both of which have been
+ fixed.
+ (merge 882cd23777 js/rebase-i-commentchar-fix later to maint).
+
* Other minor doc, test and build updates and code cleanups.
(merge 5c238e29a8 jk/common-main later to maint).
(merge 5a5749e45b ak/pre-receive-hook-template-modefix later to maint).
@@ -583,3 +588,6 @@ notes for details).
(merge 28fab7b23d nd/test-helpers later to maint).
(merge c2bb0c1d1e rs/cocci later to maint).
(merge 3285b7badb ps/common-info-doc later to maint).
+ (merge 2b090822e8 nd/worktree-lock later to maint).
+ (merge 4bd488ea7c jk/create-branch-remove-unused-param later to maint).
+ (merge 974e0044d6 tk/diffcore-delta-remove-unused later to maint).
diff --git a/Documentation/RelNotes/2.11.1.txt b/Documentation/RelNotes/2.11.1.txt
new file mode 100644
index 000000000..74b193f1a
--- /dev/null
+++ b/Documentation/RelNotes/2.11.1.txt
@@ -0,0 +1,120 @@
+Git v2.11.1 Release Notes
+=========================
+
+Fixes since v2.11
+-----------------
+
+ * The default Travis-CI configuration specifies newer P4 and GitLFS.
+
+ * The character width table has been updated to match Unicode 9.0
+
+ * Update the isatty() emulation for Windows by updating the previous
+ hack that depended on internals of (older) MSVC runtime.
+
+ * "git rev-parse --symbolic" failed with a more recent notation like
+ "HEAD^-1" and "HEAD^!".
+
+ * An empty directory in a working tree that can simply be nuked used
+ to interfere while merging or cherry-picking a change to create a
+ submodule directory there, which has been fixed..
+
+ * The code in "git push" to compute if any commit being pushed in the
+ superproject binds a commit in a submodule that hasn't been pushed
+ out was overly inefficient, making it unusable even for a small
+ project that does not have any submodule but have a reasonable
+ number of refs.
+
+ * "git push --dry-run --recurse-submodule=on-demand" wasn't
+ "--dry-run" in the submodules.
+
+ * The output from "git worktree list" was made in readdir() order,
+ and was unstable.
+
+ * mergetool.<tool>.trustExitCode configuration variable did not apply
+ to built-in tools, but now it does.
+
+ * "git p4" LFS support was broken when LFS stores an empty blob.
+
+ * Fix a corner case in merge-recursive regression that crept in
+ during 2.10 development cycle.
+
+ * Update the error messages from the dumb-http client when it fails
+ to obtain loose objects; we used to give sensible error message
+ only upon 404 but we now forbid unexpected redirects that needs to
+ be reported with something sensible.
+
+ * When diff.renames configuration is on (and with Git 2.9 and later,
+ it is enabled by default, which made it worse), "git stash"
+ misbehaved if a file is removed and another file with a very
+ similar content is added.
+
+ * "git diff --no-index" did not take "--no-abbrev" option.
+
+ * "git difftool --dir-diff" had a minor regression when started from
+ a subdirectory, which has been fixed.
+
+ * "git commit --allow-empty --only" (no pathspec) with dirty index
+ ought to be an acceptable way to create a new commit that does not
+ change any paths, but it was forbidden, perhaps because nobody
+ needed it so far.
+
+ * A pathname that begins with "//" or "\\" on Windows is special but
+ path normalization logic was unaware of it.
+
+ * "git pull --rebase", when there is no new commits on our side since
+ we forked from the upstream, should be able to fast-forward without
+ invoking "git rebase", but it didn't.
+
+ * The way to specify hotkeys to "xxdiff" that is used by "git
+ mergetool" has been modernized to match recent versions of xxdiff.
+
+ * Unlike "git am --abort", "git cherry-pick --abort" moved HEAD back
+ to where cherry-pick started while picking multiple changes, when
+ the cherry-pick stopped to ask for help from the user, and the user
+ did "git reset --hard" to a different commit in order to re-attempt
+ the operation.
+
+ * Code cleanup in shallow boundary computation.
+
+ * A recent update to receive-pack to make it easier to drop garbage
+ objects made it clear that GIT_ALTERNATE_OBJECT_DIRECTORIES cannot
+ have a pathname with a colon in it (no surprise!), and this in turn
+ made it impossible to push into a repository at such a path. This
+ has been fixed by introducing a quoting mechanism used when
+ appending such a path to the colon-separated list.
+
+ * The function usage_msg_opt() has been updated to say "fatal:"
+ before the custom message programs give, when they want to die
+ with a message about wrong command line options followed by the
+ standard usage string.
+
+ * "git index-pack --stdin" needs an access to an existing repository,
+ but "git index-pack file.pack" to generate an .idx file that
+ corresponds to a packfile does not.
+
+ * Fix for NDEBUG builds.
+
+ * A lazy "git push" without refspec did not internally use a fully
+ specified refspec to perform 'current', 'simple', or 'upstream'
+ push, causing unnecessary "ambiguous ref" errors.
+
+ * "git p4" misbehaved when swapping a directory and a symbolic link.
+
+ * Even though an fix was attempted in Git 2.9.3 days, but running
+ "git difftool --dir-diff" from a subdirectory never worked. This
+ has been fixed.
+
+ * "git p4" that tracks multile p4 paths imported a single changelist
+ that touches files in these multiple paths as one commit, followed
+ by many empty commits. This has been fixed.
+
+ * A potential but unlikely buffer overflow in Windows port has been
+ fixed.
+
+ * When the http server gives an incomplete response to a smart-http
+ rpc call, it could lead to client waiting for a full response that
+ will never come. Teach the client side to notice this condition
+ and abort the transfer.
+
+
+Also contains various documentation updates and code clean-ups.
diff --git a/Documentation/config.txt b/Documentation/config.txt
index a0ab66aae..aba7568bc 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1409,7 +1409,9 @@ gc.pruneExpire::
Override the grace period with this config variable. The value
"now" may be used to disable this grace period and always prune
unreachable objects immediately, or "never" may be used to
- suppress pruning.
+ suppress pruning. This feature helps prevent corruption when
+ 'git gc' runs concurrently with another process writing to the
+ repository; see the "NOTES" section of linkgit:git-gc[1].
gc.worktreePruneExpire::
When 'git gc' is run, it calls
@@ -1891,6 +1893,16 @@ http.userAgent::
of common USER_AGENT strings (but not including those like git/1.7.1).
Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable.
+http.followRedirects::
+ Whether git should follow HTTP redirects. If set to `true`, git
+ will transparently follow any redirect issued by a server it
+ encounters. If set to `false`, git will treat all redirects as
+ errors. If set to `initial`, git will follow redirects only for
+ the initial request to a remote, but not for subsequent
+ follow-up HTTP requests. Since git uses the redirected URL as
+ the base for the follow-up requests, this is generally
+ sufficient. The default is `initial`.
+
http.<url>.*::
Any of the http.* options above can be applied selectively to some URLs.
For a config key to match a URL, each element of the config key is
@@ -2930,6 +2942,11 @@ is omitted from the advertisements but `refs/heads/master` and
`refs/namespaces/bar/refs/heads/master` are still advertised as so-called
"have" lines. In order to match refs before stripping, add a `^` in front of
the ref name. If you combine `!` and `^`, `!` must be specified first.
++
+Even if you hide refs, a client may still be able to steal the target
+objects via the techniques described in the "SECURITY" section of the
+linkgit:gitnamespaces[7] man page; it's best to keep private data in a
+separate repository.
transfer.unpackLimit::
When `fetch.unpackLimit` or `receive.unpackLimit` are
@@ -2939,7 +2956,7 @@ transfer.unpackLimit::
uploadarchive.allowUnreachable::
If true, allow clients to use `git archive --remote` to request
any tree, whether reachable from the ref tips or not. See the
- discussion in the `SECURITY` section of
+ discussion in the "SECURITY" section of
linkgit:git-upload-archive[1] for more details. Defaults to
`false`.
@@ -2953,12 +2970,23 @@ uploadpack.allowTipSHA1InWant::
When `uploadpack.hideRefs` is in effect, allow `upload-pack`
to accept a fetch request that asks for an object at the tip
of a hidden ref (by default, such a request is rejected).
- see also `uploadpack.hideRefs`.
+ See also `uploadpack.hideRefs`. Even if this is false, a client
+ may be able to steal objects via the techniques described in the
+ "SECURITY" section of the linkgit:gitnamespaces[7] man page; it's
+ best to keep private data in a separate repository.
uploadpack.allowReachableSHA1InWant::
Allow `upload-pack` to accept a fetch request that asks for an
object that is reachable from any ref tip. However, note that
calculating object reachability is computationally expensive.
+ Defaults to `false`. Even if this is false, a client may be able
+ to steal objects via the techniques described in the "SECURITY"
+ section of the linkgit:gitnamespaces[7] man page; it's best to
+ keep private data in a separate repository.
+
+uploadpack.allowAnySHA1InWant::
+ Allow `upload-pack` to accept a fetch request that asks for any
+ object at all.
Defaults to `false`.
uploadpack.keepAlive::
diff --git a/Documentation/date-formats.txt b/Documentation/date-formats.txt
index 35e8da201..6926e0a4c 100644
--- a/Documentation/date-formats.txt
+++ b/Documentation/date-formats.txt
@@ -11,7 +11,7 @@ Git internal format::
It is `<unix timestamp> <time zone offset>`, where `<unix
timestamp>` is the number of seconds since the UNIX epoch.
`<time zone offset>` is a positive or negative offset from UTC.
- For example CET (which is 2 hours ahead UTC) is `+0200`.
+ For example CET (which is 1 hour ahead of UTC) is `+0100`.
RFC 2822::
The standard email format as described by RFC 2822, for example
diff --git a/Documentation/git-commit.txt b/Documentation/git-commit.txt
index f2ab0ee2e..4f8f20a36 100644
--- a/Documentation/git-commit.txt
+++ b/Documentation/git-commit.txt
@@ -265,7 +265,8 @@ FROM UPSTREAM REBASE" section in linkgit:git-rebase[1].)
If this option is specified together with `--amend`, then
no paths need to be specified, which can be used to amend
the last commit without committing changes that have
- already been staged.
+ already been staged. If used together with `--allow-empty`
+ paths are also not required, and an empty commit will be created.
-u[<mode>]::
--untracked-files[=<mode>]::
diff --git a/Documentation/git-fetch-pack.txt b/Documentation/git-fetch-pack.txt
index d45f6adc6..f7ebe36a7 100644
--- a/Documentation/git-fetch-pack.txt
+++ b/Documentation/git-fetch-pack.txt
@@ -119,9 +119,9 @@ be in a separate packet, and the list must end with a flush packet.
$GIT_DIR (e.g. "HEAD", "refs/heads/master"). When
unspecified, update from all heads the remote side has.
+
-If the remote has enabled the options `uploadpack.allowTipSHA1InWant` or
-`uploadpack.allowReachableSHA1InWant`, they may alternatively be 40-hex
-sha1s present on the remote.
+If the remote has enabled the options `uploadpack.allowTipSHA1InWant`,
+`uploadpack.allowReachableSHA1InWant`, or `uploadpack.allowAnySHA1InWant`,
+they may alternatively be 40-hex sha1s present on the remote.
SEE ALSO
--------
diff --git a/Documentation/git-fetch.txt b/Documentation/git-fetch.txt
index 9e4216999..b153aefa6 100644
--- a/Documentation/git-fetch.txt
+++ b/Documentation/git-fetch.txt
@@ -192,6 +192,8 @@ The first command fetches the `maint` branch from the repository at
objects will eventually be removed by git's built-in housekeeping (see
linkgit:git-gc[1]).
+include::transfer-data-leaks.txt[]
+
BUGS
----
Using --recurse-submodules can only fetch new commits in already checked
diff --git a/Documentation/git-gc.txt b/Documentation/git-gc.txt
index bed60f471..852b72c67 100644
--- a/Documentation/git-gc.txt
+++ b/Documentation/git-gc.txt
@@ -63,11 +63,10 @@ automatic consolidation of packs.
--prune=<date>::
Prune loose objects older than date (default is 2 weeks ago,
overridable by the config variable `gc.pruneExpire`).
- --prune=all prunes loose objects regardless of their age (do
- not use --prune=all unless you know exactly what you are doing.
- Unless the repository is quiescent, you will lose newly created
- objects that haven't been anchored with the refs and end up
- corrupting your repository). --prune is on by default.
+ --prune=all prunes loose objects regardless of their age and
+ increases the risk of corruption if another process is writing to
+ the repository concurrently; see "NOTES" below. --prune is on by
+ default.
--no-prune::
Do not prune any loose objects.
@@ -138,17 +137,36 @@ default is "2 weeks ago".
Notes
-----
-'git gc' tries very hard to be safe about the garbage it collects. In
+'git gc' tries very hard not to delete objects that are referenced
+anywhere in your repository. In
particular, it will keep not only objects referenced by your current set
of branches and tags, but also objects referenced by the index,
remote-tracking branches, refs saved by 'git filter-branch' in
refs/original/, or reflogs (which may reference commits in branches
that were later amended or rewound).
-
-If you are expecting some objects to be collected and they aren't, check
+If you are expecting some objects to be deleted and they aren't, check
all of those locations and decide whether it makes sense in your case to
remove those references.
+On the other hand, when 'git gc' runs concurrently with another process,
+there is a risk of it deleting an object that the other process is using
+but hasn't created a reference to. This may just cause the other process
+to fail or may corrupt the repository if the other process later adds a
+reference to the deleted object. Git has two features that significantly
+mitigate this problem:
+
+. Any object with modification time newer than the `--prune` date is kept,
+ along with everything reachable from it.
+
+. Most operations that add an object to the database update the
+ modification time of the object if it is already present so that #1
+ applies.
+
+However, these features fall short of a complete solution, so users who
+run commands concurrently have to live with some risk of corruption (which
+seems to be low in practice) unless they turn off automatic garbage
+collection with 'git config gc.auto 0'.
+
HOOKS
-----
diff --git a/Documentation/git-interpret-trailers.txt b/Documentation/git-interpret-trailers.txt
index e99bda6ad..09074c75a 100644
--- a/Documentation/git-interpret-trailers.txt
+++ b/Documentation/git-interpret-trailers.txt
@@ -49,7 +49,8 @@ will be added before the new trailer.
Existing trailers are extracted from the input message by looking for
a group of one or more lines that (i) are all trailers, or (ii) contains at
-least one Git-generated trailer and consists of at least 25% trailers.
+least one Git-generated or user-configured trailer and consists of at
+least 25% trailers.
The group must be preceded by one or more empty (or whitespace-only) lines.
The group must either be at the end of the message or be the last
non-whitespace lines before a line that starts with '---'. Such three
diff --git a/Documentation/git-pull.txt b/Documentation/git-pull.txt
index d033b258e..4470e4b57 100644
--- a/Documentation/git-pull.txt
+++ b/Documentation/git-pull.txt
@@ -237,6 +237,8 @@ If you tried a pull which resulted in complex conflicts and
would want to start over, you can recover with 'git reset'.
+include::transfer-data-leaks.txt[]
+
BUGS
----
Using --recurse-submodules can only fetch new commits in already checked
diff --git a/Documentation/git-push.txt b/Documentation/git-push.txt
index 47b77e693..8eefabd0d 100644
--- a/Documentation/git-push.txt
+++ b/Documentation/git-push.txt
@@ -559,6 +559,8 @@ Commits A and B would no longer belong to a branch with a symbolic name,
and so would be unreachable. As such, these commits would be removed by
a `git gc` command on the origin repository.
+include::transfer-data-leaks.txt[]
+
GIT
---
Part of the linkgit:git[1] suite
diff --git a/Documentation/git-svn.txt b/Documentation/git-svn.txt
index 5f9e65b0c..9bee9b0c4 100644
--- a/Documentation/git-svn.txt
+++ b/Documentation/git-svn.txt
@@ -664,13 +664,19 @@ creating the branch or tag.
When retrieving svn commits into Git (as part of 'fetch', 'rebase', or
'dcommit' operations), look for the first `From:` or `Signed-off-by:` line
in the log message and use that as the author string.
++
+[verse]
+config key: svn.useLogAuthor
+
--add-author-from::
When committing to svn from Git (as part of 'commit-diff', 'set-tree' or 'dcommit'
operations), if the existing log message doesn't already have a
`From:` or `Signed-off-by:` line, append a `From:` line based on the
Git commit's author string. If you use this, then `--use-log-author`
will retrieve a valid author string for all commits.
-
++
+[verse]
+config key: svn.addAuthorFrom
ADVANCED OPTIONS
----------------
diff --git a/Documentation/git-worktree.txt b/Documentation/git-worktree.txt
index 0aeb020d0..e257c19eb 100644
--- a/Documentation/git-worktree.txt
+++ b/Documentation/git-worktree.txt
@@ -133,7 +133,7 @@ OPTIONS
+
If the last path components in the working tree's path is unique among
working trees, it can be used to identify worktrees. For example if
-you only have to working trees at "/abc/def/ghi" and "/abc/def/ggg",
+you only have two working trees, at "/abc/def/ghi" and "/abc/def/ggg",
then "ghi" or "def/ghi" is enough to point to the former working tree.
DETAILS
diff --git a/Documentation/git.txt b/Documentation/git.txt
index ab7215eee..bdab26151 100644
--- a/Documentation/git.txt
+++ b/Documentation/git.txt
@@ -44,6 +44,12 @@ unreleased) version of Git, that is available from the 'master'
branch of the `git.git` repository.
Documentation for older releases are available here:
+* link:v2.11.1/git.html[documentation for release 2.11.1]
+
+* release notes for
+ link:RelNotes/2.11.1.txt[2.11.1],
+ link:RelNotes/2.11.0.txt[2.11].
+
* link:v2.10.2/git.html[documentation for release 2.10.2]
* release notes for
@@ -866,6 +872,12 @@ Git so take care if using a foreign front-end.
specifies a ":" separated (on Windows ";" separated) list
of Git object directories which can be used to search for Git
objects. New objects will not be written to these directories.
++
+ Entries that begin with `"` (double-quote) will be interpreted
+ as C-style quoted paths, removing leading and trailing
+ double-quotes and respecting backslash escapes. E.g., the value
+ `"path-with-\"-and-:-in-it":vanilla-path` has two paths:
+ `path-with-"-and-:-in-it` and `vanilla-path`.
`GIT_DIR`::
If the `GIT_DIR` environment variable is set then it
diff --git a/Documentation/gitattributes.txt b/Documentation/gitattributes.txt
index 976243a63..e0b66c122 100644
--- a/Documentation/gitattributes.txt
+++ b/Documentation/gitattributes.txt
@@ -435,7 +435,9 @@ to filter relative to the repository root. Right after the flush packet
Git sends the content split in zero or more pkt-line packets and a
flush packet to terminate content. Please note, that the filter
must not send any response before it received the content and the
-final flush packet.
+final flush packet. Also note that the "value" of a "key=value" pair
+can contain the "=" character whereas the key would never contain
+that character.
------------------------
packet: git> command=smudge
packet: git> pathname=path/testfile.dat
diff --git a/Documentation/gitcore-tutorial.txt b/Documentation/gitcore-tutorial.txt
index 4546fa0d7..22309cfb4 100644
--- a/Documentation/gitcore-tutorial.txt
+++ b/Documentation/gitcore-tutorial.txt
@@ -25,7 +25,7 @@ you want to understand Git's internals.
The core Git is often called "plumbing", with the prettier user
interfaces on top of it called "porcelain". You may not want to use the
plumbing directly very often, but it can be good to know what the
-plumbing does for when the porcelain isn't flushing.
+plumbing does when the porcelain isn't flushing.
Back when this document was originally written, many porcelain
commands were shell scripts. For simplicity, it still uses them as
@@ -1368,7 +1368,7 @@ $ git repack
will do it for you. If you followed the tutorial examples, you
would have accumulated about 17 objects in `.git/objects/??/`
directories by now. 'git repack' tells you how many objects it
-packed, and stores the packed file in `.git/objects/pack`
+packed, and stores the packed file in the `.git/objects/pack`
directory.
[NOTE]
@@ -1478,7 +1478,7 @@ You can repack this private repository whenever you feel like.
A recommended work cycle for a "subsystem maintainer" who works
on that project and has an own "public repository" goes like this:
-1. Prepare your work repository, by 'git clone' the public
+1. Prepare your work repository, by running 'git clone' on the public
repository of the "project lead". The URL used for the
initial cloning is stored in the remote.origin.url
configuration variable.
@@ -1543,9 +1543,9 @@ like this:
Working with Others, Shared Repository Style
--------------------------------------------
-If you are coming from CVS background, the style of cooperation
+If you are coming from a CVS background, the style of cooperation
suggested in the previous section may be new to you. You do not
-have to worry. Git supports "shared public repository" style of
+have to worry. Git supports the "shared public repository" style of
cooperation you are probably more familiar with as well.
See linkgit:gitcvs-migration[7] for the details.
@@ -1635,7 +1635,7 @@ $ git show-branch
++* [master~2] Pretty-print messages.
------------
-Note that you should not do Octopus because you can. An octopus
+Note that you should not do Octopus just because you can. An octopus
is a valid thing to do and often makes it easier to view the
commit history if you are merging more than two independent
changes at the same time. However, if you have merge conflicts
diff --git a/Documentation/gitnamespaces.txt b/Documentation/gitnamespaces.txt
index 7685e3651..b614969ad 100644
--- a/Documentation/gitnamespaces.txt
+++ b/Documentation/gitnamespaces.txt
@@ -61,22 +61,4 @@ For a simple local test, you can use linkgit:git-remote-ext[1]:
git clone ext::'git --namespace=foo %s /tmp/prefixed.git'
----------
-SECURITY
---------
-
-Anyone with access to any namespace within a repository can potentially
-access objects from any other namespace stored in the same repository.
-You can't directly say "give me object ABCD" if you don't have a ref to
-it, but you can do some other sneaky things like:
-
-. Claiming to push ABCD, at which point the server will optimize out the
- need for you to actually send it. Now you have a ref to ABCD and can
- fetch it (claiming not to have it, of course).
-
-. Requesting other refs, claiming that you have ABCD, at which point the
- server may generate deltas against ABCD.
-
-None of this causes a problem if you only host public repositories, or
-if everyone who may read one namespace may also read everything in every
-other namespace (for instance, if everyone in an organization has read
-permission to every repository).
+include::transfer-data-leaks.txt[]
diff --git a/Documentation/transfer-data-leaks.txt b/Documentation/transfer-data-leaks.txt
new file mode 100644
index 000000000..914bacc39
--- /dev/null
+++ b/Documentation/transfer-data-leaks.txt
@@ -0,0 +1,30 @@
+SECURITY
+--------
+The fetch and push protocols are not designed to prevent one side from
+stealing data from the other repository that was not intended to be
+shared. If you have private data that you need to protect from a malicious
+peer, your best option is to store it in another repository. This applies
+to both clients and servers. In particular, namespaces on a server are not
+effective for read access control; you should only grant read access to a
+namespace to clients that you would trust with read access to the entire
+repository.
+
+The known attack vectors are as follows:
+
+. The victim sends "have" lines advertising the IDs of objects it has that
+ are not explicitly intended to be shared but can be used to optimize the
+ transfer if the peer also has them. The attacker chooses an object ID X
+ to steal and sends a ref to X, but isn't required to send the content of
+ X because the victim already has it. Now the victim believes that the
+ attacker has X, and it sends the content of X back to the attacker
+ later. (This attack is most straightforward for a client to perform on a
+ server, by creating a ref to X in the namespace the client has access
+ to and then fetching it. The most likely way for a server to perform it
+ on a client is to "merge" X into a public branch and hope that the user
+ does additional work on this branch and pushes it back to the server
+ without noticing the merge.)
+
+. As in #1, the attacker chooses an object ID X to steal. The victim sends
+ an object Y that the attacker already has, and the attacker falsely
+ claims to have X and not Y, so the victim sends Y as a delta against X.
+ The delta reveals regions of X that are similar to Y to the attacker.