Re: [PATCH] git: Update to version 2.38.1

Reviewed-by: Michael Tremer michael.tremer@ipfire.org

On 26 Nov 2022, at 13:41, Adolf Belka adolf.belka@ipfire.org wrote:

• Update from version 2.37.1 to 2.38.1
• Update of rootfile
• Changelog Git v2.38.1 Release Notes

This release merges the security fix that appears in v2.30.6; see the release notes for that version for details. Git v2.38 Release Notes

• "git remote show [-n] frotz" now pays attention to negative pathspec.
• "git push" sometimes performs poorly when reachability bitmaps are used, even in a repository where other operations are helped by bitmaps. The push.useBitmaps configuration variable is introduced to allow disabling use of reachability bitmaps only for "git push".
• "git grep -m<max-hits>" is a way to limit the hits shown per file.
• "git merge-tree" learned a new mode where it takes two commits and computes a tree that would result in the merge commit, if the histories leading to these two commits were to be merged.
• "git mv A B" in a sparsely populated working tree can be asked to move a path between directories that are "in cone" (i.e. expected to be materialized in the working tree) and "out of cone" (i.e. expected to be hidden). The handling of such cases has been improved.
• Earlier, HTTP transport clients learned to tell the server side what locale they are in by sending Accept-Language HTTP header, but this was done only for some requests but not others.
• Introduce a safe.barerepository configuration variable that allows users to forbid discovery of bare repositories.
• Various messages that come from the pack-bitmap codepaths have been tweaked.
• "git rebase -i" learns to update branches whose tip appear in the rebased range with "--update-refs" option.
• "git ls-files" learns the "--format" option to tweak its output.
• "git cat-file" learned an option to use the mailmap when showing commit and tag objects.
• When "git merge" finds that it cannot perform a merge, it should restore the working tree to the state before the command was initiated, but in some corner cases it didn't.
• Operating modes like "--batch" of "git cat-file" command learned to take NUL-terminated input, instead of one-item-per-line.
• "git rm" has become more aware of the sparse-index feature.
• "git rev-list --disk-usage" learned to take an optional value "human" to show the reported value in human-readable format, like "3.40MiB".
• The "diagnose" feature to create a zip archive for diagnostic material has been lifted from "scalar" and made into a feature of "git bugreport".
• The namespaces used by "log --decorate" from "refs/" hierarchy by default has been tightened.
• "git rev-list --ancestry-path=C A..B" is a natural extension of "git rev-list A..B"; instead of choosing a subset of A..B to those that have ancestry relationship with A, it lets a subset with ancestry relationship with C.
• "scalar" now enables built-in fsmonitor on enlisted repositories, when able.
• The bash prompt (in contrib/) learned to optionally indicate when the index is unmerged.
• "git clone" command learned the "--bundle-uri" option to coordinate with hosting sites the use of pre-prepared bundle files.
• "git range-diff" learned to honor pathspec argument if given.
• "git format-patch --from=<ident>" can be told to add an in-body "From:" line even for commits that are authored by the given <ident> with "--force-in-body-from" option.
• The built-in fsmonitor refuses to work on a network mounted repositories; a configuration knob for users to override this has been introduced.
• The "scalar" addition from Microsoft is now part of the core Git installation.
• Collection of what is referenced by objects in promisor packs have been optimized to inspect these objects in the in-pack order.
• Introduce a helper to see if a branch is already being worked on (hence should not be newly checked out in a working tree), which performs much better than the existing find_shared_symref() to replace many uses of the latter.
• Teach "git archive" to (optionally and then by default) avoid spawning an external "gzip" process when creating ".tar.gz" (and ".tgz") archives.
• Allow large objects read from a packstream to be streamed into a loose object file straight, without having to keep it in-core as a whole.
• Further preparation to turn git-submodule.sh into a builtin continues.
• Apply Coccinelle rule to turn raw memmove() into MOVE_ARRAY() cpp macro, which would improve maintainability and readability.
• Teach "make all" to build gitweb as well.
• Tweak tests so that they still work when the "git init" template did not create .git/info directory.
• Add Coccinelle rules to detect the pattern of initializing and then finalizing a structure without using it in between at all, which happens after code restructuring and the compilers fail to recognize as an unused variable.
• The code to convert between GPG trust level strings and internal constants we use to represent them have been cleaned up.
• Support for libnettle as SHA256 implementation has been added.
• The way "git multi-pack" uses parse-options API has been improved.
• A Coccinelle rule (in contrib/) to encourage use of COPY_ARRAY macro has been improved.
• API tweak to make it easier to run fuzz testing on commit-graph parser.
• Omit fsync-related trace2 entries when their values are all zero.
• The codepath to write multi-pack index has been taught to release a large chunk of memory that holds an array of objects in the packs, as soon as it is done with the array, to reduce memory consumption.
• Add a level of redirection to array allocation API in xdiff part, to make it easier to share with the libgit2 project.
• "git fetch" client logs the partial clone filter used in the trace2 output.
• The "bundle URI" design gets documented.
• The common ancestor negotiation exchange during a "git fetch" session now leaves trace log.
• Test portability improvements. (merge 4d1d843be7 mt/rot13-in-c later to maint).
• The "subcommand" mode is introduced to parse-options API and update the command line parser of Git commands with subcommands.
• The pack bitmap file gained a bitmap-lookup table to speed up locating the necessary bitmap for a given commit.
• The assembly version of SHA-1 implementation for PPC has been removed.
• The server side that responds to "git fetch" and "git clone" request has been optimized by allowing it to send objects in its object store without recomputing and validating the object names.
• Annotate function parameters that are not used (but cannot be removed for structural reasons), to prepare us to later compile with -Wunused warning turned on.
• Share the text used to explain configuration variables used by "git <subcmd>" in "git help <subcmd>" with the text from "git help config".
• "git mv A B" in a sparsely populated working tree can be asked to move a path from a directory that is "in cone" to another directory that is "out of cone". Handling of such a case has been improved.
• The chainlint script for our tests has been revamped.
• Rewrite of "git add -i" in C that appeared in Git 2.25 didn't correctly record a removed file to the index, which was fixed.
• Certain diff options are currently ignored when combined-diff is shown; mark them as incompatible with the feature.
• Adjust technical/bitmap-format to be formatted by AsciiDoc, and add some missing information to the documentation.
• Fixes for tests when the source directory has unusual characters in its path, e.g. whitespaces, double-quotes, etc.
• "git mktree --missing" lazily fetched objects that are missing from the local object store, which was totally unnecessary for the purpose of creating the tree object(s) from its input.
• Give _() markings to fatal/warning/usage: labels that are shown in front of these messages.
• References to commands-to-be-typed-literally in "git rebase" documentation mark-up have been corrected.
• In a non-bare repository, the behavior of Git when the core.worktree configuration variable points at a directory that has a repository as its subdirectory, regressed in Git 2.27 days.
• Recent update to vimdiff layout code has been made more robust against different end-user vim settings.
• Plug various memory leaks, both in the main code and in test-tool commands.
• Fixes a long-standing corner case bug around directory renames in the merge-ort strategy.
• The resolve-undo information in the index was not protected against GC, which has been corrected.
• A corner case bug where lazily fetching objects from a promisor remote resulted in infinite recursion has been corrected.
• "git clone" from a repository with some ref whose HEAD is unborn did not set the HEAD in the resulting repository correctly, which has been corrected.
• An earlier attempt to plug leaks placed a clean-up label to jump to at a bogus place, which as been corrected.
• Variable quoting fix in the vimdiff driver of "git mergetool"
• "git shortlog -n" relied on the underlying qsort() to be stable, which shouldn't have. Fixed.
• A fix for a regression in test framework.
• mkstemp() emulation on Windows has been improved.
• Add missing documentation for "include" and "includeIf" features in "git config" file format, which incidentally teaches the command line completion to include them in its offerings.
• Avoid "white/black-list" in documentation and code comments.
• Workaround for a compiler warning against use of die() in osx-keychain (in contrib/).
• Workaround for a false positive compiler warning.
• "git p4" working on UTF-16 files on Windows did not implement CRLF-to-LF conversion correctly, which has been corrected.
• "git p4" did not handle non-ASCII client name well, which has been corrected.
• "rerere-train" script (in contrib/) used to honor commit.gpgSign while recreating the throw-away merges.
• "git checkout" miscounted the paths it updated, which has been corrected.
• Fix for a bug that makes write-tree to fail to write out a non-existent index as a tree, introduced in 2.37.
• There was a bug in the codepath to upgrade generation information in commit-graph from v1 to v2 format, which has been corrected.
• Gitweb had legacy URL shortener that is specific to the way projects hosted on kernel.org used to (but no longer) work, which has been removed.
• Fix build procedure for Windows that uses CMake so that it can pick up the shell interpreter from local installation location.
• Conditionally allow building Python interpreter on Windows
• Fix to lstat() emulation on Windows.
• Older gcc with -Wall complains about the universal zero initializer "struct s = { 0 };" idiom, which makes developers' lives inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The build procedure has been tweaked to help these compilers.
• Plug memory leaks in the failure code path in the "merge-ort" merge strategy backend.
• "git symbolic-ref symref non..sen..se" is now diagnosed as an error.
• A follow-up fix to a fix for a regression in 2.36 around hooks.
• Avoid repeatedly running getconf to ask libc version in the test suite, and instead just as it once per script.
• Platform-specific code that determines if a directory is OK to use as a repository has been taught to report more details, especially on Windows.
• "vimdiff3" regression fix.
• "git fsck" reads mode from tree objects but canonicalizes the mode before passing it to the logic to check object sanity, which has hid broken tree objects from the checking logic. This has been corrected, but to help existing projects with broken tree objects that they cannot fix retroactively, the severity of anomalies this code detects has been demoted to "info" for now.
• Fixes to sparse index compatibility work for "reset" and "checkout" commands.
• An earlier optimization discarded a tree-object buffer that is still in use, which has been corrected.
• Fix deadlocks between main Git process and subprocess spawned via the pipe_command() API, that can kill "git add -p" that was reimplemented in C recently.
• The sequencer machinery translated messages left in the reflog by mistake, which has been corrected.
• xcalloc(), imitating calloc(), takes "number of elements of the array", and "size of a single element", in this order. A call that does not follow this ordering has been corrected.
• The preload-index codepath made copies of pathspec to give to multiple threads, which were left leaked.
• Update the version of Ubuntu used for GitHub Actions CI from 18.04 to 22.04.
• The auto-stashed local changes created by "git merge --autostash" was mixed into a conflicted state left in the working tree, which has been corrected.
• Multi-pack index got corrupted when preferred pack changed from one pack to another in a certain way, which has been corrected. (merge 99e4d084ff tb/midx-with-changing-preferred-pack-fix later to maint).
• The clean-up of temporary files created via mks_tempfile_dt() was racy and attempted to unlink() the leading directory when signals are involved, which has been corrected. (merge babe2e0559 rs/tempfile-cleanup-race-fix later to maint).
• FreeBSD portability fix for "git maintenance" that spawns "crontab" to schedule tasks. (merge ee69e7884e bc/gc-crontab-fix later to maint).
• Those who use diff-so-fancy as the diff-filter noticed a regression or two in the code that parses the diff output in the built-in version of "add -p", which has been corrected. (merge 0a101676e5 js/add-p-diff-parsing-fix later to maint).
• Segfault fix-up to an earlier fix to the topic to teach "git reset" and "git checkout" work better in a sparse checkout. (merge 037f8ea6d9 vd/sparse-reset-checkout-fixes later to maint).
• "git diff --no-index A B" managed its the pathnames of its two input files rather haphazardly, sometimes leaking them. The command line argument processing has been straightened out to clean it up. (merge 2b43dd0eb5 rs/diff-no-index-cleanup later to maint).
• "git rev-list --verify-objects" ought to inspect the contents of objects and notice corrupted ones, but it didn't when the commit graph is in use, which has been corrected. (merge b27ccae34b jk/rev-list-verify-objects-fix later to maint).
• More fixes to "add -p" (merge 64ec8efb83 js/builtin-add-p-portability-fix later to maint).
• The parser in the script interface to parse-options in "git rev-parse" has been updated to diagnose a bogus input correctly. (merge f20b9c36d0 ow/rev-parse-parseopt-fix later to maint).
• The code that manages list-object-filter structure, used in partial clones, leaked the instances, which has been plugged. (merge 66eede4a37 jk/plug-list-object-filter-leaks later to maint).
• Fix another UI regression in the reimplemented "add -p". (merge f6f0ee247f rs/add-p-worktree-mode-prompt-fix later to maint).
• "git fetch" over protocol v2 sent an incorrect ref prefix request to the server and made "git pull" with configured fetch refspec that does not cover the remote branch to merge with fail, which has been corrected. (merge 49ca2fba39 jk/proto-v2-ref-prefix-fix later to maint).
• A result from opendir() was leaking in the commit-graph expiration codepath, which has been plugged. (merge 12f1ae5324 ml/commit-graph-expire-dir-leak-fix later to maint).
• Just like we have coding guidelines, we now have guidelines for reviewers. (merge e01b851923 vd/doc-reviewing-guidelines later to maint).
• Other code cleanup, docfix, build fix, etc. (merge 77b9e85c0f vd/fix-perf-tests later to maint). (merge 0682bc43f5 jk/test-crontab-fixes later to maint). (merge b46dd1726c cc/doc-trailer-whitespace-rules later to maint). Git 2.37.4 Release Notes This primarily is to backport various fixes accumulated on the 'master' front since 2.37.3, and also includes the same security fixes as in v2.30.6.
• CVE-2022-39253: When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The fix was authored by Taylor Blau, with help from Johannes Schindelin.
• CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau.
• An earlier optimization discarded a tree-object buffer that is still in use, which has been corrected.
• Fix deadlocks between main Git process and subprocess spawned via the pipe_command() API, that can kill "git add -p" that was reimplemented in C recently.
• xcalloc(), imitating calloc(), takes "number of elements of the array", and "size of a single element", in this order. A call that does not follow this ordering has been corrected.
• The preload-index codepath made copies of pathspec to give to multiple threads, which were left leaked.
• Update the version of Ubuntu used for GitHub Actions CI from 18.04 to 22.04.
• The auto-stashed local changes created by "git merge --autostash" was mixed into a conflicted state left in the working tree, which has been corrected.

Also contains other minor documentation updates and code clean-ups. Git 2.37.3 Release Notes This primarily is to backport various fixes accumulated on the 'master' front since 2.37.2.

• The build procedure for Windows that uses CMake has been updated to pick up the shell interpreter from local installation location.
• Conditionally allow building Python interpreter on Windows
• Fix to lstat() emulation on Windows.
• Older gcc with -Wall complains about the universal zero initializer "struct s = { 0 };" idiom, which makes developers' lives inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The build procedure has been tweaked to help these compilers.
• Plug memory leaks in the failure code path in the "merge-ort" merge strategy backend.
• Avoid repeatedly running getconf to ask libc version in the test suite, and instead just as it once per script.
• Platform-specific code that determines if a directory is OK to use as a repository has been taught to report more details, especially on Windows.
• "vimdiff3" regression has been corrected.
• "git fsck" reads mode from tree objects but canonicalizes the mode before passing it to the logic to check object sanity, which has hid broken tree objects from the checking logic. This has been corrected, but to help exiting projects with broken tree objects that they cannot fix retroactively, the severity of anomalies this code detects has been demoted to "info" for now.
• Fixes to sparse index compatibility work for "reset" and "checkout" commands.
• Documentation for "git add --renormalize" has been improved.

Also contains other minor documentation updates and code clean-ups. Git 2.37.2 Release Notes This primarily is to backport various fixes accumulated on the 'master' front since 2.37.1.

• "git shortlog -n" relied on the underlying qsort() to be stable, which shouldn't have. Fixed.
• Variable quoting fix in the vimdiff driver of "git mergetool".
• An earlier attempt to plug leaks placed a clean-up label to jump to at a bogus place, which as been corrected.
• Fixes a long-standing corner case bug around directory renames in the merge-ort strategy.
• Recent update to vimdiff layout code has been made more robust against different end-user vim settings.
• In a non-bare repository, the behavior of Git when the core.worktree configuration variable points at a directory that has a repository as its subdirectory, regressed in Git 2.27 days.
• References to commands-to-be-typed-literally in "git rebase" documentation mark-up have been corrected.
• Give _() markings to fatal/warning/usage: labels that are shown in front of these messages.
• "git mktree --missing" lazily fetched objects that are missing from the local object store, which was totally unnecessary for the purpose of creating the tree object(s) from its input.
• Fixes for tests when the source directory has unusual characters in its path, e.g. whitespaces, double-quotes, etc.
• Adjust technical/bitmap-format to be formatted by AsciiDoc, and add some missing information to the documentation.
• Certain diff options are currently ignored when combined-diff is shown; mark them as incompatible with the feature.
• "git clone" from a repository with some ref whose HEAD is unborn did not set the HEAD in the resulting repository correctly, which has been corrected.
• mkstemp() emulation on Windows has been improved.
• Add missing documentation for "include" and "includeIf" features in "git config" file format, which incidentally teaches the command line completion to include them in its offerings.
• Avoid "white/black-list" in documentation and code comments.
• Workaround for a compiler warning against use of die() in osx-keychain (in contrib/).
• Workaround for a false positive compiler warning.
• The resolve-undo information in the index was not protected against GC, which has been corrected.
• A corner case bug where lazily fetching objects from a promisor remote resulted in infinite recursion has been corrected.
• "git p4" working on UTF-16 files on Windows did not implement CRLF-to-LF conversion correctly, which has been corrected.
• "git p4" did not handle non-ASCII client name well, which has been corrected.
• "rerere-train" script (in contrib/) used to honor commit.gpgSign while recreating the throw-away merges.
• "git checkout" miscounted the paths it updated, which has been corrected.
• Fix for a bug that makes write-tree to fail to write out a non-existent index as a tree, introduced in 2.37.
• There was a bug in the codepath to upgrade generation information in commit-graph from v1 to v2 format, which has been corrected. Also contains minor documentation updates and code clean-ups.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org

config/rootfiles/packages/git | 4 ++++ lfs/git | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/packages/git b/config/rootfiles/packages/git index e2bce72bb..fd8cc2214 100644 --- a/config/rootfiles/packages/git +++ b/config/rootfiles/packages/git @@ -5,6 +5,7 @@ usr/bin/git-shell usr/bin/git-upload-archive usr/bin/git-upload-pack #usr/bin/gitk +#usr/bin/scalar #usr/libexec/git-core #usr/libexec/git-core/git usr/libexec/git-core/git-add @@ -48,6 +49,7 @@ usr/libexec/git-core/git-cvsimport usr/libexec/git-core/git-cvsserver usr/libexec/git-core/git-daemon usr/libexec/git-core/git-describe +usr/libexec/git-core/git-diagnose usr/libexec/git-core/git-diff usr/libexec/git-core/git-diff-files usr/libexec/git-core/git-diff-index @@ -175,6 +177,7 @@ usr/libexec/git-core/git-var usr/libexec/git-core/git-verify-commit usr/libexec/git-core/git-verify-pack usr/libexec/git-core/git-verify-tag +usr/libexec/git-core/git-version usr/libexec/git-core/git-web--browse usr/libexec/git-core/git-whatchanged usr/libexec/git-core/git-worktree @@ -203,6 +206,7 @@ usr/libexec/git-core/mergetools/tortoisemerge usr/libexec/git-core/mergetools/vimdiff usr/libexec/git-core/mergetools/winmerge usr/libexec/git-core/mergetools/xxdiff +usr/libexec/git-core/scalar #usr/share/git-core #usr/share/git-core/templates usr/share/git-core/templates/branches diff --git a/lfs/git b/lfs/git index a4bed2722..d5bc66799 100644 --- a/lfs/git +++ b/lfs/git @@ -24,7 +24,7 @@

include Config

-VER = 2.37.1 +VER = 2.38.1 SUMMARY = Fast, scalable, distributed revision control system

THISAPP = git-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = git -PAK_VER = 25 +PAK_VER = 26

DEPS = perl-Authen-SASL perl-MIME-Base64 perl-Net-SMTP-SSL

@@ -47,7 +47,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = b5423e4628f8c727aa74b3f7c7da12d46814eb45adfe84bf57e87a33e85a0a793ff690f4c1f7d2da4824bc8dd7d1df1c06cbe96adae857177d3fb204941b53ef +$(DL_FILE)_BLAKE2 = 50e4e9ef04d9eef7c10aba1f0d53d5d15f50ea9a8c344733e7a7865e2f2a833edb4f4b5882f47dd39389dfdedf22a813cfe3d35ab950d6543d21e0294ce17f2d

install : $(TARGET)

-- 2.38.1