summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-20 05:14:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-20 05:14:40 +0000
commit0af26528cb04d21e9048ee35edeca0e73a2442cf (patch)
tree3567d11f882c7edfcac69b28848c3e7a77de31ed
parentMerging upstream version 1:2.45.1. (diff)
downloadgit-0af26528cb04d21e9048ee35edeca0e73a2442cf.tar.xz
git-0af26528cb04d21e9048ee35edeca0e73a2442cf.zip
Merging debian version 1:2.45.1-1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog12
-rw-r--r--debian/changelog.upstream1881
-rw-r--r--debian/copyright7
-rw-r--r--debian/patches/0001-hook-plug-a-new-memory-leak.diff34
-rw-r--r--debian/patches/0002-Revert-core.hooksPath-add-some-protection-while-cloni.diff82
-rw-r--r--debian/patches/0003-tests-verify-that-clone-c-core.hooksPath-dev-null-wor.diff48
-rw-r--r--debian/patches/0004-hook-clone-protections-add-escape-hatch.diff182
-rw-r--r--debian/patches/0005-hooks-clone-protections-special-case-current-Git-LFS-.diff82
-rw-r--r--debian/patches/0006-hooks-clone-protections-simplify-templates-hooks-vali.diff198
-rw-r--r--debian/patches/0007-Revert-Add-a-helper-function-to-compare-file-contents.diff185
-rw-r--r--debian/patches/series7
-rw-r--r--debian/versions.upstream17
12 files changed, 2716 insertions, 19 deletions
diff --git a/debian/changelog b/debian/changelog
index 16c199d..0c60561 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+git (1:2.45.1-1) unstable; urgency=medium
+
+ * new upstream release (see RelNotes/2.44.0.txt, RelNotes/2.45.0.txt).
+ * new upstream point release (see RelNotes/2.45.1.txt; addresses
+ CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021 and
+ CVE-2024-32465; closes: #1071160).
+ * debian/patches/0001..0007: new from upstream: followups intended
+ for v2.45.2 to avoid regressions from the fixes included in
+ v2.45.1 (thx Johannes Schindelin).
+
+ -- Jonathan Nieder <jrnieder@gmail.com> Mon, 20 May 2024 03:36:58 +0000
+
git (1:2.43.0-1~progress7.99u1) graograman-backports; urgency=low
* Initial reupload to graograman-backports.
diff --git a/debian/changelog.upstream b/debian/changelog.upstream
index 69e5ac8..2342f06 100644
--- a/debian/changelog.upstream
+++ b/debian/changelog.upstream
@@ -1,3 +1,1627 @@
+Version v2.45.1; changes since v2.45.0:
+---------------------------------------
+
+Filip Hejsek (4):
+ t0411: add tests for cloning from partial repo
+ has_dir_name(): do not get confused by characters < '/'
+ t7423: add tests for symlinked submodule directories
+ clone: prevent clashing git dirs when cloning submodule in parallel
+
+Jeff King (6):
+ http: reset POSTFIELDSIZE when clearing curl handle
+ INSTALL: bump libcurl version to 7.21.3
+ remote-curl: add Transfer-Encoding header only for older curl
+ test-lib: ignore uninteresting LSan output
+ upload-pack: disable lazy-fetching by default
+ docs: document security issues around untrusted .git dirs
+
+Johannes Schindelin (26):
+ repository: avoid leaking `fsmonitor` data
+ ci: upgrade to using macos-13
+ ci(linux-asan/linux-ubsan): let's save some time
+ ci: bump remaining outdated Actions versions
+ ci(linux32): add a note about Actions that must not be updated
+ fetch/clone: detect dubious ownership of local repositories
+ submodules: submodule paths must not contain symlinks
+ clone_submodule: avoid using `access()` on directories
+ submodule: require the submodule path to contain directories only
+ t5510: verify that D/F confusion cannot lead to an RCE
+ entry: report more colliding paths
+ clone: when symbolic links collide with directories, keep the latter
+ find_hook(): refactor the `STRIP_EXTENSION` logic
+ init: refactor the template directory discovery into its own function
+ Add a helper function to compare file contents
+ clone: prevent hooks from running during a clone
+ init.templateDir: consider this config setting protected
+ core.hooksPath: add some protection while cloning
+ fsck: warn about symlink pointing inside a gitdir
+ Git 2.39.4
+ Git 2.40.2
+ Git 2.41.1
+ Git 2.42.2
+ Git 2.43.4
+ Git 2.44.1
+ Git 2.45.1
+
+Junio C Hamano (2):
+ GitHub Actions: update to checkout@v4
+ GitHub Actions: update to github-script@v7
+
+Patrick Steinhardt (4):
+ builtin/clone: stop resolving symlinks when copying files
+ builtin/clone: abort when hardlinked source and target file differ
+ setup.c: introduce `die_upon_dubious_ownership()`
+ builtin/clone: refuse local clones of unsafe repositories
+
+
+Version v2.45.0; changes since v2.45.0-rc1:
+-------------------------------------------
+
+Alexander Shopov (1):
+ l10n: bg.po: Updated Bulgarian translation (5652t)
+
+Arkadii Yakovets (1):
+ l10n: uk: v2.45 update
+
+Bagas Sanjaya (1):
+ l10n: po-id for 2.45
+
+Emir SARI (1):
+ l10n: tr: Update Turkish translations
+
+Jean-Noël Avila (1):
+ l10n: fr: v2.45.0
+
+Jiang Xin (1):
+ l10n: TEAMS: retire l10n teams no update in 1 year
+
+Junio C Hamano (1):
+ Git 2.45
+
+Peter Krefting (1):
+ l10n: sv.po: Update Swedish translation
+
+Ralf Thielow (1):
+ l10n: Update German translation
+
+René Scharfe (1):
+ don't report vsnprintf(3) error as bug
+
+Rubén Justo (4):
+ apply: plug a leak in apply_data
+ add-interactive: plug a leak in get_untracked_files
+ add-patch: plug a leak handling the '/' command
+ add: plug a leak on interactive_add
+
+Taylor Blau (1):
+ Documentation/RelNotes/2.45.0.txt: fix typo
+
+Teng Long (1):
+ l10n: zh_CN: for git 2.45 rounds
+
+Vũ Tiến Hưng (2):
+ l10n: Update Vietnamese team contact
+ l10n: vi: Updated translation for 2.45
+
+Yi-Jyun Pan (1):
+ l10n: zh-TW: Git 2.45
+
+
+Version v2.45.0-rc1; changes since v2.45.0-rc0:
+-----------------------------------------------
+
+Junio C Hamano (2):
+ A bit more topics before -rc1
+ Git 2.45-rc1
+
+Linus Arver (5):
+ format_trailer_info(): use trailer_item objects
+ format_trailer_info(): drop redundant unfold_value()
+ format_trailer_info(): append newline for non-trailer lines
+ trailer: begin formatting unification
+ trailer: finish formatting unification
+
+Marcel Röthke (1):
+ rerere: fix crashes due to unmatched opening conflict markers
+
+Orgad Shaneh (1):
+ docs: remove duplicate entry and fix typo in 2.45 changelog
+
+Patrick Steinhardt (15):
+ reftable/block: rename `block_reader_start()`
+ reftable/block: merge `block_iter_seek()` and `block_reader_seek()`
+ reftable/block: better grouping of functions
+ reftable/block: introduce `block_reader_release()`
+ reftable/block: move ownership of block reader into `struct table_iter`
+ reftable/reader: iterate to next block in place
+ reftable/block: reuse uncompressed blocks
+ reftable/block: open-code call to `uncompress2()`
+ reftable/block: reuse `zstream` state on inflation
+ reftable/block: avoid copying block iterators on seek
+ pack-bitmap: gracefully handle missing BTMP chunks
+ run-command: introduce function to prepare auto-maintenance process
+ builtin/receive-pack: convert to use git-maintenance(1)
+ docs: improve changelog entry for `git pack-refs --auto`
+ docs: address typos in Git v2.45 changelog
+
+Peter Krefting (1):
+ bisect: report the found commit with "show"
+
+René Scharfe (3):
+ git-compat-util: fix NO_OPENSSL on current macOS
+ imap-send: increase command size limit
+ apply: avoid using fixed-size buffer in write_out_one_reject()
+
+Rubén Justo (1):
+ launch_editor: waiting message on error
+
+Thalia Archibald (8):
+ fast-import: tighten path unquoting
+ fast-import: directly use strbufs for paths
+ fast-import: allow unquoted empty path for root
+ fast-import: remove dead strbuf
+ fast-import: improve documentation for path quoting
+ fast-import: document C-style escapes for paths
+ fast-import: forbid escaped NUL in paths
+ fast-import: make comments more precise
+
+Xing Xin (1):
+ Documentation: fix typos describing date format
+
+Yehezkel Bernat (1):
+ Documentation: fix linkgit reference
+
+Đoàn Trần Công Danh (1):
+ t9604: Fix test for musl libc and new Debian
+
+
+Version v2.45.0-rc0; changes since v2.44.1:
+-------------------------------------------
+
+Ahelenia Ziemiańska (1):
+ grep: improve errors for unmatched ( and )
+
+Alexander Shopov (4):
+ transport-helper.c: trivial fix of error message
+ builtin/remote.c: trivial fix of error message
+ builtin/clone.c: trivial fix of message
+ revision.c: trivial fix to message
+
+Aryan Gupta (1):
+ tests: modernize the test script t0010-racy-git.sh
+
+Beat Bolli (25):
+ completion: use awk for filtering the config entries
+ date: make "iso-strict" conforming for the UTC timezone
+ t0006: add more tests with a negative TZ offset
+ doc: avoid redundant use of cat
+ contrib/subtree/t: avoid redundant use of cat
+ t/lib-cvs.sh: avoid redundant use of cat
+ t/annotate-tests.sh: avoid redundant use of cat
+ t/perf: avoid redundant use of cat
+ t/t0*: avoid redundant uses of cat
+ t/t1*: avoid redundant uses of cat
+ t/t3*: avoid redundant uses of cat
+ t/t4*: avoid redundant uses of cat
+ t/t5*: avoid redundant uses of cat
+ t/t6*: avoid redundant uses of cat
+ t/t7*: avoid redundant use of cat
+ t/t8*: avoid redundant use of cat
+ t/t9*: avoid redundant uses of cat
+ t/t1*: merge a "grep | sed" pipeline
+ t/t3*: merge a "grep | awk" pipeline
+ t/t4*: merge a "grep | sed" pipeline
+ t/t5*: merge a "grep | sed" pipeline
+ t/t8*: merge "grep | sed" pipelines
+ t/t9*: merge "grep | sed" pipelines
+ contrib/coverage-diff: avoid redundant pipelines
+ git-quiltimport: avoid an unnecessary subshell
+
+Bo Anderson (5):
+ t/lib-credential: clean additional credential
+ osxkeychain: replace deprecated SecKeychain API
+ osxkeychain: erase all matching credentials
+ osxkeychain: erase matching passwords only
+ osxkeychain: store new attributes
+
+Brian C Tracy (1):
+ fuzz: add fuzzer for config parsing
+
+Brian Lyles (13):
+ docs: clarify file options in git-config `--edit`
+ docs: fix typo in git-config `--default`
+ docs: correct trailer `key_value_separator` description
+ docs: adjust trailer `separator` and `key_value_separator` language
+ pretty: update tests to use `test_config`
+ pretty: find pretty formats case-insensitively
+ docs: address inaccurate `--empty` default with `--exec`
+ docs: clean up `--empty` formatting in git-rebase(1) and git-am(1)
+ rebase: update `--empty=ask` to `--empty=stop`
+ sequencer: handle unborn branch with `--allow-empty`
+ sequencer: do not require `allow_empty` for redundant commit options
+ cherry-pick: enforce `--keep-redundant-commits` incompatibility
+ cherry-pick: add `--empty` for more robust redundant commit handling
+
+Chandra Pratap (2):
+ apply: ignore working tree filemode when !core.filemode
+ t9146: replace test -d/-e/-f with appropriate test_path_is_* function
+
+Christian Couder (5):
+ revision: clarify a 'return NULL' in get_reference()
+ oidset: refactor oidset_insert_from_set()
+ t6022: fix 'test' style and 'even though' typo
+ rev-list: allow missing tips with --missing=[print|allow*]
+ revision: fix --missing=[print|allow*] for annotated tags
+
+Derrick Stolee (1):
+ fetch: return when parsing submodule.recurse
+
+Dirk Gouders (6):
+ Documentation/user-manual.txt: example for generating object hashes
+ MyFirstObjectWalk: use additional arg in config_fn_t
+ MyFirstObjectWalk: fix misspelled "builtins/"
+ MyFirstObjectWalk: fix filtered object walk
+ MyFirstObjectWalk: fix description for counting omitted objects
+ MyFirstObjectWalk: add stderr to pipe processing
+
+Dragan Simic (8):
+ documentation: send-email: use camel case consistently
+ config: minor addition of whitespace
+ config: really keep value-internal whitespace verbatim
+ t1300: add more tests for whitespace and inline comments
+ config.txt: describe handling of whitespace further
+ grep docs: describe --recurse-submodules further and improve formatting a bit
+ grep docs: describe --no-index further and improve formatting a bit
+ config: fix some small capitalization issues, as spotted
+
+Eric Sunshine (2):
+ docs: sort configuration variable groupings alphabetically
+ test-lib: fix non-functioning GIT_TEST_MAINT_SCHEDULER fallback
+
+Eric W. Biederman (23):
+ object-file-convert: stubs for converting from one object format to another
+ oid-array: teach oid-array to handle multiple kinds of oids
+ object-names: support input of oids in any supported hash
+ repository: add a compatibility hash algorithm
+ loose: compatibilty short name support
+ object-file: update the loose object map when writing loose objects
+ object-file: add a compat_oid_in parameter to write_object_file_flags
+ commit: convert mergetag before computing the signature of a commit
+ commit: export add_header_signature to support handling signatures on tags
+ tag: sign both hashes
+ object: factor out parse_mode out of fast-import and tree-walk into in object.h
+ object-file-convert: don't leak when converting tag objects
+ object-file-convert: convert commits that embed signed tags
+ object-file: update object_info_extended to reencode objects
+ rev-parse: add an --output-object-format parameter
+ builtin/cat-file: let the oid determine the output algorithm
+ tree-walk: init_tree_desc take an oid to get the hash algorithm
+ object-file: handle compat objects in check_object_signature
+ builtin/ls-tree: let the oid determine the output algorithm
+ test-lib: compute the compatibility hash so tests may use it
+ t1006: rename sha1 to oid
+ t1006: test oid compatibility with cat-file
+ t1016-compatObjectFormat: add tests to verify the conversion between objects
+
+Eugenio Gigante (1):
+ add: use unsigned type for collection of bits
+
+Florian Schmidt (1):
+ wt-status: don't find scissors line beyond buf len
+
+Ghanshyam Thakkar (5):
+ add-patch: classify '@' as a synonym for 'HEAD'
+ add -p tests: remove PERL prerequisites
+ setup: remove unnecessary variable
+ builtin/commit: error out when passing untracked path with -i
+ builtin/add: error out when passing untracked path with -u
+
+Haritha D (1):
+ build: support z/OS (OS/390).
+
+Harmen Stoppels (1):
+ rebase: make warning less passive aggressive
+
+Jakub Wilk (1):
+ git-remote.txt: fix typo
+
+Jean-Noël Avila (17):
+ doc: git-rev-parse: enforce command-line description syntax
+ doc: close unclosed angle-bracket of a placeholder in git-clone doc
+ doc: end sentences with full-stop
+ doc: clarify the format of placeholders
+ doc: git-init: format verbatim parts
+ doc: git-init: format placeholders
+ doc: git-init: rework definition lists
+ doc: git-init: rework config item init.templateDir
+ doc: git-clone: format verbatim words
+ doc: git-clone: format placeholders
+ doc: format alternatives in synopsis
+ doc: fix some placeholders formating
+ doc: rework CodingGuidelines with new formatting rules
+ doc: allow literal and emphasis format in doc vs help tests
+ doc: git-init: apply new documentation formatting guidelines
+ doc: git-clone: apply new documentation formatting guidelines
+ doc: git-clone: do not autoreference the manpage in itself
+
+Jeff Hostetler (17):
+ name-hash: add index_dir_find()
+ t7527: add case-insensitve test for FSMonitor
+ fsmonitor: refactor refresh callback on directory events
+ fsmonitor: clarify handling of directory events in callback helper
+ fsmonitor: refactor refresh callback for non-directory events
+ dir: create untracked_cache_invalidate_trimmed_path()
+ fsmonitor: refactor untracked-cache invalidation
+ fsmonitor: move untracked-cache invalidation into helper functions
+ fsmonitor: return invalidated cache-entry count on directory event
+ fsmonitor: remove custom loop from non-directory path handler
+ fsmonitor: return invalidated cache-entry count on non-directory event
+ fsmonitor: trace the new invalidated cache-entry count
+ fsmonitor: refactor bit invalidation in refresh callback
+ fsmonitor: support case-insensitive events
+ t0211: demonstrate missing 'def_param' events for certain commands
+ trace2: avoid emitting 'def_param' set more than once
+ trace2: emit 'def_param' set with 'cmd_name' event
+
+Jeff King (51):
+ t0303: check that helper_test_clean removes all credentials
+ userdiff: skip textconv caching when not in a repository
+ Revert "refs: allow @{n} to work with n-sized reflog"
+ get_oid_basic(): special-case ref@{n} for oldest reflog entry
+ read_ref_at(): special-case ref@{0} for an empty reflog
+ upload-pack: drop separate v2 "haves" array
+ upload-pack: switch deepen-not list to an oid_array
+ upload-pack: use oidset for deepen_not list
+ upload-pack: use a strmap for want-ref lines
+ upload-pack: accept only a single packfile-uri line
+ upload-pack: always turn off save_commit_buffer
+ upload-pack: use PARSE_OBJECT_SKIP_HASH_CHECK in more places
+ upload-pack: free tree buffers after parsing
+ upload-pack: use repository struct to get config
+ upload-pack: centralize setup of sideband-all config
+ upload-pack: use existing config mechanism for advertisement
+ upload-pack: only accept packfile-uris if we advertised it
+ doc/gitremote-helpers: fix missing single-quote
+ config: forbid newline as core.commentChar
+ strbuf: simplify comment-handling in add_lines() helper
+ strbuf: avoid static variables in strbuf_add_commented_lines()
+ commit: refactor base-case of adjust_comment_line_char()
+ strbuf: avoid shadowing global comment_line_char name
+ environment: store comment_line_char as a string
+ strbuf: accept a comment string for strbuf_stripspace()
+ strbuf: accept a comment string for strbuf_commented_addf()
+ strbuf: accept a comment string for strbuf_add_commented_lines()
+ prefer comment_line_str to comment_line_char for printing
+ find multi-byte comment chars in NUL-terminated strings
+ find multi-byte comment chars in unterminated buffers
+ sequencer: handle multi-byte comment characters when writing todo list
+ wt-status: drop custom comment-char stringification
+ environment: drop comment_line_char compatibility macro
+ config: allow multi-byte core.commentChar
+ shortlog: stop setting pp.print_email_subject
+ pretty: split oneline and email subject printing
+ pretty: drop print_email_subject flag
+ log: do not set up extra_headers for non-email formats
+ format-patch: return an allocated string from log_write_email_headers()
+ format-patch: simplify after-subject MIME header handling
+ doc/gitremote-helpers: fix more missing single-quotes
+ transport-helper: use write helpers more consistently
+ transport-helper: drop "object-format <algo>" option
+ transport-helper: send "true" value for object-format option
+ contrib: drop hg-to-git script
+ format-patch: fix leak of empty header string
+ rebase: use child_process_clear() to clean
+ config: add core.commentString
+ http: reset POSTFIELDSIZE when clearing curl handle
+ INSTALL: bump libcurl version to 7.21.3
+ remote-curl: add Transfer-Encoding header only for older curl
+
+Jiamu Sun (1):
+ bugreport.c: fix a crash in `git bugreport` with `--no-suffix` option
+
+Johannes Schindelin (22):
+ merge-tree: accept 3 trees as arguments
+ merge-tree: fail with a non-zero exit code on missing tree objects
+ merge-ort: do check `parse_tree()`'s return value
+ t4301: verify that merge-tree fails on missing blob objects
+ Always check `parse_tree*()`'s return value
+ cache-tree: avoid an unnecessary check
+ fill_tree_descriptor(): mark error message for translation
+ neue: remove a bogus empty file
+ commit-reach(paint_down_to_common): plug two memory leaks
+ commit-reach(repo_in_merge_bases_many): optionally expect missing commits
+ commit-reach(repo_in_merge_bases_many): report missing commits
+ commit-reach(paint_down_to_common): prepare for handling shallow commits
+ commit-reach(paint_down_to_common): start reporting errors
+ commit-reach(merge_bases_many): pass on "missing commits" errors
+ commit-reach(get_merge_bases_many_0): pass on "missing commits" errors
+ commit-reach(repo_get_merge_bases): pass on "missing commits" errors
+ commit-reach(get_octopus_merge_bases): pass on "missing commits" errors
+ commit-reach(repo_get_merge_bases_many): pass on "missing commits" errors
+ commit-reach(repo_get_merge_bases_many_dirty): pass on errors
+ merge-recursive: prepare for `merge_submodule()` to report errors
+ merge-ort/merge-recursive: do report errors in `merge_submodule()`
+ merge-tree: fix argument type of the `--merge-base` option
+
+John Cai (1):
+ t5300: fix test_with_bad_commit()
+
+Jonas Wunderlich (1):
+ doc: status.showUntrackedFiles does not take "false"
+
+Josh Triplett (2):
+ commit: avoid redundant scissor line with --cleanup=scissors -v
+ commit: unify logic to avoid multiple scissors lines when merging
+
+Julio Bacellari (1):
+ doc: remove outdated information about interactive.singleKey
+
+Junio C Hamano (61):
+ apply: correctly reverse patch's pre- and post-image mode bits
+ apply: code simplification
+ t9210: do not rely on lazy fetching to fail
+ git: --no-lazy-fetch option
+ doc: add shortcut to "am --whitespace=<action>"
+ doc: apply the new placeholder rules to git-add documentation
+ compat: drop inclusion of <git-compat-util.h>
+ Start the 2.45 cycle
+ git: document GIT_NO_REPLACE_OBJECTS environment variable
+ doc: clarify the wording on <git-compat-util.h> requirement
+ git: extend --no-lazy-fetch to work across subprocesses
+ The second batch
+ The third batch
+ test_i18ngrep: hard deprecate and forbid its use
+ unpack: replace xwrite() loop with write_in_full()
+ sideband: avoid short write(2)
+ repack: check error writing to pack-objects subprocess
+ clean: further clean-up of implementation around "--force"
+ The fourth batch
+ The fifth batch
+ setup: notice more types of implicit bare repositories
+ The sixth batch
+ status: unify parsing of --untracked= and status.showUntrackedFiles
+ status: allow --untracked=false and friends
+ The seventh batch
+ The eighth batch
+ config: fix --comment formatting
+ config: allow tweaking whitespace between value and comment
+ diff.*Prefix: use camelCase in the doc and test titles
+ The ninth batch
+ apply: parse names out of "diff --git" more carefully
+ The tenth batch
+ The eleventh batch
+ SubmittingPatches: release-notes entry experiment
+ The twelfth batch
+ t4126: make sure a directory with SP at the end is usable
+ t4126: fix "funny directory name" test on Windows (again)
+ advice: omit trailing whitespace
+ checkout: omit "tracking" information on a detached HEAD
+ The thirteenth batch
+ t2104: style fixes
+ The fourteenth batch
+ revision: optionally record matches with pathspec elements
+ The fifteenth batch
+ CodingGuidelines: describe "export VAR=VAL" rule
+ CodingGuidelines: quote assigned value in 'local var=$val'
+ t: local VAR="VAL" (quote positional parameters)
+ t: local VAR="VAL" (quote command substitution)
+ t: local VAR="VAL" (quote ${magic-reference})
+ t: teach lint that RHS of 'local VAR=VAL' needs to be quoted
+ t0610: local VAR="VAL" fix
+ t1016: local VAR="VAL" fix
+ config: do not leak excludes_file
+ Makefile(s): do not enforce "all indents must be done with tab"
+ The sixteenth batch
+ t2104: style fixes
+ The seventeenth batch
+ The eighteenth batch
+ The ninteenth batch
+ The twentieth batch
+ Git 2.45-rc0
+
+Justin Tobler (3):
+ reftable/stack: expose option to disable auto-compaction
+ reftable/stack: add env to disable autocompaction
+ reftable/stack: use geometric table compaction
+
+Karthik Nayak (7):
+ refs: introduce `is_pseudoref()` and `is_headref()`
+ refs: extract out `loose_fill_ref_dir_regular_file()`
+ refs: introduce `refs_for_each_include_root_refs()`
+ ref-filter: rename 'FILTER_REFS_ALL' to 'FILTER_REFS_REGULAR'
+ for-each-ref: add new option to include root refs
+ update-ref: use {old,new}-oid instead of {old,new}value
+ githooks: use {old,new}-oid instead of {old,new}-value
+
+Kipras Melnikovas (1):
+ mergetools: vimdiff: use correct tool's name when reading mergetool config
+
+Kristoffer Haugsbakk (9):
+ column: disallow negative padding
+ column: guard against negative padding
+ gitcli: drop mention of “non-dashed form”
+ config: document `core.commentChar` as ASCII-only
+ t3200: improve test style
+ advice: make all entries stylistically consistent
+ advice: use backticks for verbatim
+ advice: use double quotes for regular quoting
+ branch: advise about ref syntax rules
+
+Linus Arver (10):
+ trailer: free trailer_info _after_ all related usage
+ shortlog: add test for de-duplicating folded trailers
+ trailer: rename functions to use 'trailer'
+ trailer: reorder format_trailers_from_commit() parameters
+ trailer: move interpret_trailers() to interpret-trailers.c
+ trailer_info_get(): reorder parameters
+ format_trailers(): use strbuf instead of FILE
+ format_trailer_info(): move "fast path" to caller
+ format_trailers_from_commit(): indirectly call trailer_info_get()
+ mailmap: change primary address for Linus Arver
+
+M Hickford (1):
+ libsecret: retrieve empty password
+
+Matthias Aßhauer (1):
+ Win32: detect unix socket support at runtime
+
+Max Gautier (1):
+ editorconfig: add Makefiles to "text files"
+
+Michael Lohmann (2):
+ revision: ensure MERGE_HEAD is a ref in prepare_show_merge
+ revision: implement `git log --merge` also for rebase/cherry-pick/revert
+
+Patrick Steinhardt (84):
+ refs: introduce reftable backend
+ ci: add jobs to test with the reftable backend
+ refs/reftable: fix leak when copying reflog fails
+ reftable/record: introduce function to compare records by key
+ reftable/merged: allocation-less dropping of shadowed records
+ reftable/merged: skip comparison for records of the same subiter
+ reftable/pq: allocation-less comparison of entry keys
+ reftable/block: swap buffers instead of copying
+ reftable/record: don't try to reallocate ref record name
+ reftable/reader: add comments to `table_iter_next()`
+ t: move tests exercising the "files" backend
+ t0410: convert tests to use DEFAULT_REPO_FORMAT prereq
+ t1400: exercise reflog with gaps with reftable backend
+ t1404: make D/F conflict tests compatible with reftable backend
+ t1405: remove unneeded cleanup step
+ t2011: exercise D/F conflicts with HEAD with the reftable backend
+ t7003: ensure filter-branch prunes reflogs with the reftable backend
+ git-difftool--helper: honor `--trust-exit-code` with `--dir-diff`
+ dir-iterator: pass name to `prepare_next_entry_data()` directly
+ dir-iterator: support iteration in sorted order
+ refs/files: sort reflogs returned by the reflog iterator
+ refs/files: sort merged worktree and common reflogs
+ refs: always treat iterators as ordered
+ refs: drop unused params from the reflog iterator callback
+ refs: stop resolving ref corresponding to reflogs
+ builtin/reflog: introduce subcommand to list reflogs
+ builtin/clone: allow remote helpers to detect repo
+ refs/reftable: don't fail empty transactions in repo without HEAD
+ reftable/pq: use `size_t` to track iterator index
+ reftable/merged: make `merged_iter` structure private
+ reftable/merged: advance subiter on subsequent iteration
+ reftable/merged: make subiters own their records
+ reftable/merged: remove unnecessary null check for subiters
+ reftable/merged: handle subiter cleanup on close only
+ reftable/merged: circumvent pqueue with single subiter
+ reftable/merged: avoid duplicate pqueue emptiness check
+ reftable/record: reuse refname when decoding
+ reftable/record: reuse refname when copying
+ reftable/record: decode keys in place
+ reftable: allow inlining of a few functions
+ refs/reftable: precompute prefix length
+ refs/reftable: reload correct stack when creating reflog iter
+ reftable/record: convert old and new object IDs to arrays
+ reftable/record: avoid copying author info
+ reftable/record: reuse refnames when decoding log records
+ reftable/record: reuse message when decoding log records
+ reftable/record: use scratch buffer when decoding records
+ refs/reftable: track last log record name via strbuf
+ t0610: remove unused variable assignment
+ lockfile: report when rollback fails
+ reftable/stack: register new tables as tempfiles
+ reftable/stack: register lockfiles during compaction
+ reftable/stack: register compacted tables as tempfiles
+ reftable/record: fix memory leak when decoding object records
+ reftable/block: fix binary search over restart counter
+ t5601: exercise clones with "includeIf.*.onbranch"
+ reftable: fix tests being broken by NFS' delete-after-close semantics
+ t7800: improve test descriptions with empty arguments
+ t7800: use single quotes for test bodies
+ t/README: document how to loop around test cases
+ reftable/stack: fix error handling in `reftable_stack_init_addition()`
+ reftable/error: discern locked/outdated errors
+ reftable/stack: use error codes when locking fails during compaction
+ reftable/stack: gracefully handle failed auto-compaction due to locks
+ refs/reftable: print errors on compaction failure
+ t/helper: drop pack-refs wrapper
+ refs: move `struct pack_refs_opts` to where it's used
+ refs: remove `PACK_REFS_ALL` flag
+ refs/reftable: expose auto compaction via new flag
+ builtin/pack-refs: release allocated memory
+ builtin/pack-refs: introduce new "--auto" flag
+ builtin/gc: move `struct maintenance_run_opts`
+ t6500: extract objects with "17" prefix
+ builtin/gc: forward git-gc(1)'s `--auto` flag when packing refs
+ builtin/gc: pack refs when using `git maintenance run --auto`
+ reftable/basics: fix return type of `binsearch()` to be `size_t`
+ reftable/basics: improve `binsearch()` test
+ reftable/refname: refactor binary search over refnames
+ reftable/block: refactor binary search over restart points
+ reftable/block: fix error handling when searching restart points
+ reftable/record: extract function to decode key lengths
+ reftable/block: avoid decoding keys when searching restart points
+ t0610: make `--shared=` tests reusable
+ t0610: execute git-pack-refs(1) with specified umask
+
+Peter Hutterer (1):
+ diff: add diff.srcPrefix and diff.dstPrefix configuration variables
+
+Philippe Blain (5):
+ merge-ort: turn submodule conflict suggestions into an advice
+ ci(github): make Windows test artifacts name unique
+ sequencer: allow disabling conflict advice
+ builtin/am: allow disabling conflict advice
+ t/README: mention test files are make targets
+
+Phillip Wood (9):
+ rebase -i: stop setting GIT_CHERRY_PICK_HELP
+ xdiff-interface: refactor parsing of merge.conflictstyle
+ merge-ll: introduce LL_MERGE_OPTIONS_INIT
+ merge options: add a conflict style member
+ checkout: cleanup --conflict=<style> parsing
+ checkout: fix interaction between --conflict and --merge
+ t3428: modernize test setup
+ t3428: use test_commit_message
+ t3428: restore coverage for "apply" backend
+
+Pi Fisher (1):
+ typo: replace 'commitish' with 'committish'
+
+Ralph Seichter (1):
+ config: add --comment option to add a comment
+
+René Scharfe (28):
+ use xstrncmpz()
+ fetch: convert strncmp() with strlen() to starts_with()
+ mem-pool: add mem_pool_strfmt()
+ name-rev: use mem_pool_strfmt()
+ submodule: use strvec_pushf() for --submodule-prefix
+ t-ctype: allow NUL anywhere in the specification string
+ t-ctype: simplify EOF check
+ t-ctype: align output of i
+ t-ctype: avoid duplicating class names
+ parse-options: recognize abbreviated negated option with arg
+ parse-options: set arg of abbreviated option lazily
+ parse-options: factor out register_abbrev() and struct parsed_option
+ parse-options: detect ambiguous self-negation
+ parse-options: normalize arg and long_name before comparison
+ parse-options: rearrange long_name matching code
+ t-prio-queue: shorten array index message
+ t-prio-queue: check result array bounds
+ factor out strbuf_expand_bad_format()
+ cat-file: use strbuf_expand_bad_format()
+ midx: use strvec_pushf() for pack-objects base name
+ mem-pool: use st_add() in mem_pool_strvfmt()
+ imap-send: use xsnprintf to format command
+ t-prio-queue: simplify using compound literals
+ apply: avoid fixed-size buffer in create_one_file()
+ path: remove mksnpath()
+ apply: don't leak fd on fdopen() error
+ usage: report vsnprintf(3) failure
+ date: make DATE_MODE thread-safe
+
+Richard Macklin (1):
+ rebase: fix typo in autosquash documentation
+
+Rubén Justo (13):
+ tag: error when git-column fails
+ completion: fix __git_complete_worktree_paths
+ completion: reflog with implicit "show"
+ completion: reflog show <log-options>
+ completion: introduce __git_find_subcommand
+ completion: factor out __git_resolve_builtins
+ completion: reflog subcommands and options
+ checkout: plug some leaks in git-restore
+ add-patch: introduce 'p' in interactive-patch
+ add-patch: do not print hunks repeatedly
+ add: use advise_if_enabled for ADVICE_ADD_IGNORED_FILE
+ add: use advise_if_enabled for ADVICE_ADD_EMPTY_PATHSPEC
+ add: use advise_if_enabled for ADVICE_ADD_EMBEDDED_REPO
+
+SZEDER Gábor (1):
+ upload-pack: don't send null character in abort message to the client
+
+Sergey Organov (1):
+ clean: improve -n and -f implementation and documentation
+
+Steven Jeuris (1):
+ userdiff: better method/property matching for C#
+
+Taylor Blau (8):
+ Documentation/config/pack.txt: fix broken AsciiDoc mark-up
+ upload-pack: disallow object-info capability by default
+ midx-write: move writing-related functions from midx.c
+ midx-write.c: factor out common want_included_pack() routine
+ midx-write.c: check count of packs to repack after grouping
+ midx-write.c: use `--stdin-packs` when repacking
+ t/t7700-repack.sh: fix test breakages with `GIT_TEST_MULTI_PACK_INDEX=1 `
+ Makefile(s): avoid recipe prefix in conditional statements
+
+Ville Skyttä (2):
+ completion: fix prompt with unset SHOWCONFLICTSTATE in nounset mode
+ completion: protect prompt against unset SHOWUPSTREAM in nounset mode
+
+Vincenzo Mezzela (1):
+ t7301: use test_path_is_(missing|file)
+
+brian m. carlson (7):
+ loose: add a mapping between SHA-1 and SHA-256 for loose objects
+ commit: write commits for both hashes
+ cache: add a function to read an OID of a specific algorithm
+ object-file-convert: add a function to convert trees between algorithms
+ object-file-convert: convert tag objects when writing
+ object-file-convert: convert commit objects when writing
+ repository: implement extensions.compatObjectFormat
+
+shejialuo (1):
+ t9117: prefer test_path_* helper functions
+
+
+Version v2.44.1; changes since v2.44.0:
+---------------------------------------
+
+Filip Hejsek (4):
+ t0411: add tests for cloning from partial repo
+ has_dir_name(): do not get confused by characters < '/'
+ t7423: add tests for symlinked submodule directories
+ clone: prevent clashing git dirs when cloning submodule in parallel
+
+Jeff King (6):
+ http: reset POSTFIELDSIZE when clearing curl handle
+ INSTALL: bump libcurl version to 7.21.3
+ remote-curl: add Transfer-Encoding header only for older curl
+ test-lib: ignore uninteresting LSan output
+ upload-pack: disable lazy-fetching by default
+ docs: document security issues around untrusted .git dirs
+
+Johannes Schindelin (25):
+ repository: avoid leaking `fsmonitor` data
+ ci: upgrade to using macos-13
+ ci(linux-asan/linux-ubsan): let's save some time
+ ci: bump remaining outdated Actions versions
+ ci(linux32): add a note about Actions that must not be updated
+ fetch/clone: detect dubious ownership of local repositories
+ submodules: submodule paths must not contain symlinks
+ clone_submodule: avoid using `access()` on directories
+ submodule: require the submodule path to contain directories only
+ t5510: verify that D/F confusion cannot lead to an RCE
+ entry: report more colliding paths
+ clone: when symbolic links collide with directories, keep the latter
+ find_hook(): refactor the `STRIP_EXTENSION` logic
+ init: refactor the template directory discovery into its own function
+ Add a helper function to compare file contents
+ clone: prevent hooks from running during a clone
+ init.templateDir: consider this config setting protected
+ core.hooksPath: add some protection while cloning
+ fsck: warn about symlink pointing inside a gitdir
+ Git 2.39.4
+ Git 2.40.2
+ Git 2.41.1
+ Git 2.42.2
+ Git 2.43.4
+ Git 2.44.1
+
+Junio C Hamano (2):
+ GitHub Actions: update to checkout@v4
+ GitHub Actions: update to github-script@v7
+
+Patrick Steinhardt (4):
+ builtin/clone: stop resolving symlinks when copying files
+ builtin/clone: abort when hardlinked source and target file differ
+ setup.c: introduce `die_upon_dubious_ownership()`
+ builtin/clone: refuse local clones of unsafe repositories
+
+
+Version v2.44.0; changes since v2.44.0-rc2:
+-------------------------------------------
+
+Junio C Hamano (1):
+ Git 2.43.3
+
+
+Version v2.44.0-rc2; changes since v2.44.0-rc1:
+-----------------------------------------------
+
+Alexander Shopov (1):
+ l10n: bg.po: Updated Bulgarian translation (5610t)
+
+Arkadii Yakovets (3):
+ l10n: uk: v2.44 localization update
+ l10n: uk: v2.44 update (round 2)
+ l10n: uk: v2.44 update (round 3)
+
+Bagas Sanjaya (1):
+ l10n: po-id for 2.44 (round 1)
+
+Emir SARI (1):
+ l10n: tr: Update Turkish translations for 2.44
+
+Jean-Noël Avila (1):
+ l10n: fr.po: v2.44.0 round 3
+
+Jeff King (1):
+ trailer: fix comment/cut-line regression with opts->no_divider
+
+Jiang Xin (3):
+ diff: mark param1 and param2 as placeholders
+ l10n: ci: remove unused param for add-pr-comment@v2
+ l10n: ci: disable cache for setup-go to suppress warnings
+
+Johannes Schindelin (2):
+ Always check the return value of `repo_read_object_file()`
+ l10n: bump Actions versions in l10n.yml
+
+Jordi Mas (1):
+ l10n: Update Catalan translation
+
+Junio C Hamano (2):
+ Hopefully the last batch of fixes before 2.44 final
+ Git 2.44-rc2
+
+Peter Krefting (1):
+ l10n: sv.po: Update Swedish translation
+
+Philippe Blain (4):
+ completion: add space after config variable names also in Bash 3
+ completion: complete 'submodule.*' config variables
+ completion: add and use __git_compute_first_level_config_vars_for_section
+ completion: add and use __git_compute_second_level_config_vars_for_section
+
+Phillip Wood (1):
+ prune: mark rebase autostash and orig-head as reachable
+
+Ralf Thielow (1):
+ l10n: Update German translation
+
+René Scharfe (2):
+ receive-pack: use find_commit_header() in check_cert_push_options()
+ receive-pack: use find_commit_header() in check_nonce()
+
+Teng Long (1):
+ l10n: zh_CN: for git 2.44 rounds
+
+Todd Zullinger (1):
+ RelNotes: minor typo fixes in 2.44.0 draft
+
+Vegard Nossum (1):
+ sequencer: unset GIT_CHERRY_PICK_HELP for 'exec' commands
+
+Yi-Jyun Pan (1):
+ l10n: zh_TW: Git 2.44
+
+
+Version v2.44.0-rc1; changes since v2.44.0-rc0:
+-----------------------------------------------
+
+Britton Leo Kerin (7):
+ completion: tests: always use 'master' for default initial branch name
+ completion: bisect: complete bad, new, old, and help subcommands
+ completion: bisect: complete custom terms and related options
+ completion: bisect: complete missing --first-parent and - -no-checkout options
+ completion: new function __git_complete_log_opts
+ completion: bisect: complete log opts for visualize subcommand
+ completion: bisect: recognize but do not complete view subcommand
+
+Johannes Schindelin (2):
+ ci: bump remaining outdated Actions versions
+ ci(linux32): add a note about Actions that must not be updated
+
+Junio C Hamano (11):
+ GitHub Actions: update to checkout@v4
+ GitHub Actions: update to github-script@v7
+ tag: fix sign_buffer() call to create a signed tag
+ bisect: document "terms" subcommand more fully
+ bisect: document command line arguments for "bisect start"
+ ssh signing: signal an error with a negative return value
+ unit-tests: do show relative file paths on non-Windows, too
+ A few more topics before -rc1
+ write-or-die: fix the polarity of GIT_FLUSH environment variable
+ A few more fixes before -rc1
+ Git 2.43.2
+
+Patrick Steinhardt (15):
+ reftable/reader: be more careful about errors in indexed seeks
+ reftable/writer: use correct type to iterate through index entries
+ reftable/writer: simplify writing index records
+ reftable/writer: fix writing multi-level indices
+ reftable: document reading and writing indices
+ builtin/stash: report failure to write to index
+ reftable: introduce macros to grow arrays
+ reftable: introduce macros to allocate arrays
+ reftable/stack: fix parameter validation when compacting range
+ reftable/stack: index segments with `size_t`
+ reftable/stack: use `size_t` to track stack slices during compaction
+ reftable/stack: use `size_t` to track stack length
+ reftable/merged: refactor seeking of records
+ reftable/merged: refactor initialization of iterators
+ reftable/record: improve semantics when initializing records
+
+Philippe Blain (1):
+ .github/PULL_REQUEST_TEMPLATE.md: add a note about single-commit PRs
+
+Phillip Wood (2):
+ show-ref --verify: accept pseudorefs
+ t1400: use show-ref to check pseudorefs
+
+Taylor Blau (2):
+ t5332-multi-pack-reuse.sh: extract pack-objects helper functions
+ pack-objects: enable multi-pack reuse via `feature.experimental`
+
+Victoria Dye (1):
+ ref-filter.c: sort formatted dates by byte value
+
+
+Version v2.44.0-rc0; changes since v2.43.4:
+-------------------------------------------
+
+Achu Luma (2):
+ unit-tests: rewrite t/helper/test-ctype.c as a unit test
+ t2400: avoid losing exit status to pipes
+
+Andy Koppe (3):
+ rebase: fully ignore rebase.autoSquash without -i
+ rebase: support --autosquash without -i
+ rebase: rewrite --(no-)autosquash documentation
+
+Antonin Delpeuch (2):
+ merge-file: add --diff-algorithm option
+ merge-ll: expose revision names to custom drivers
+
+Arthur Chan (1):
+ fuzz: add new oss-fuzz fuzzer for date.c / date.h
+
+Britton Leo Kerin (2):
+ doc: use singular form of repeatable path arg
+ doc: refer to pathspec instead of path
+
+Carlo Marcelo Arenas Belón (1):
+ ci: update FreeBSD cirrus job
+
+Chandra Pratap (2):
+ t4129: prevent loss of exit code due to the use of pipes
+ tests: move t0009-prio-queue.sh to the new unit testing framework
+
+Elijah Newren (19):
+ t6429: remove switching aspects of fast-rebase
+ replay: introduce new builtin
+ replay: start using parse_options API
+ replay: die() instead of failing assert()
+ replay: introduce pick_regular_commit()
+ replay: change rev walking options
+ replay: add an important FIXME comment about gpg signing
+ replay: remove progress and info output
+ replay: remove HEAD related sanity check
+ replay: make it a minimal server side command
+ replay: use standard revision ranges
+ replay: add --advance or 'cherry-pick' mode
+ replay: add --contained to rebase contained branches
+ replay: stop assuming replayed branches do not diverge
+ completion: squelch stray errors in sparse-checkout completion
+ completion: fix logic for determining whether cone mode is active
+ completion: avoid misleading completions in cone mode
+ completion: avoid user confusion in non-cone mode
+ sparse-checkout: be consistent with end of options markers
+
+Ghanshyam Thakkar (4):
+ t7501: add tests for --include and --only
+ t7501: add tests for --amend --signoff
+ t0024: avoid losing exit status to pipes
+ t0024: style fix
+
+Jean-Noël Avila (2):
+ doc: enforce dashes in placeholders
+ doc: enforce placeholders in documentation
+
+Jeff Hostetler (1):
+ sparse-index: pass string length to index_file_exists()
+
+Jeff King (13):
+ commit-graph: handle overflow in chunk_size checks
+ midx: check consistency of fanout table
+ commit-graph: drop redundant call to "lite" verification
+ commit-graph: clarify missing-chunk error messages
+ commit-graph: abort as soon as we see a bogus chunk
+ commit-graph: use fanout value for graph size
+ commit-graph: check order while reading fanout chunk
+ commit-graph: drop verify_commit_graph_lite()
+ commit-graph: mark chunk error messages for translation
+ transport-helper: re-examine object dir after fetching
+ Makefile: use mkdir_p_parent_template for UNIT_TEST_BIN
+ Makefile: remove UNIT_TEST_BIN directory with "make clean"
+ t/Makefile: get UNIT_TESTS list from C sources
+
+Jiang Xin (6):
+ transport-helper: no connection restriction in connect_helper
+ remote-curl: supports git-upload-archive service
+ transport-helper: protocol v2 supports upload-archive
+ http-backend: new rpc-service for git-upload-archive
+ transport-helper: call do_take_over() in connect_helper
+ transport-helper: call do_take_over() in process_connect
+
+Joanna Wang (2):
+ attr: enable attr pathspec magic for git-add and git-stash
+ attr: add builtin objectmode values support
+
+Johannes Schindelin (7):
+ cmake: also build unit tests
+ unit-tests: do not mistake `.pdb` files for being executable
+ unit-tests: do show relative file paths
+ artifacts-tar: when including `.dll` files, don't forget the unit-tests
+ cmake: fix typo in variable name
+ cmake: use test names instead of full paths
+ cmake: handle also unit tests
+
+John Cai (15):
+ t3210: move to t0601
+ remove REFFILES prerequisite for some tests in t1405 and t2017
+ t1414: convert test to use Git commands instead of writing refs manually
+ t1404: move reffiles specific tests to t0600
+ t1405: move reffiles specific tests to t0601
+ t1406: move reffiles specific tests to t0600
+ t1410: move reffiles specific tests to t0600
+ t1415: move reffiles specific tests to t0601
+ t1503: move reffiles specific tests to t0600
+ t3903: make drop stash test ref backend agnostic
+ t4202: move reffiles specific tests to t0600
+ t5312: move reffiles specific tests to t0601
+ reftable: honor core.fsync
+ index-pack: test and document --strict=<msg-id>=<severity>...
+ index-pack: --fsck-objects to take an optional argument for fsck msgs
+
+Josh Steadmon (4):
+ unit tests: add a project plan document
+ ci: run unit tests in CI
+ fuzz: fix fuzz test build rules
+ ci: build and run minimal fuzzers in GitHub CI
+
+Junio C Hamano (26):
+ cache: add fake_lstat()
+ diff-lib: fix check_removed() when fsmonitor is active
+ checkout: refactor die_if_checked_out() caller
+ Start the 2.44 cycle
+ checkout: forbid "-B <branch>" from touching a branch used elsewhere
+ The second batch
+ The third batch
+ The fourth batch
+ The fifth batch
+ The sixth batch
+ messages: mark some strings with "up-to-date" not to touch
+ The seventh batch
+ The eighth batch
+ The ninth batch
+ ls-files: avoid the verb "deprecate" for individual options
+ The tenth batch
+ The eleventh batch
+ t0091: allow test in a repository without tags
+ The twelfth batch
+ Makefile: reduce repetitive library paths
+ Makefile: simplify output of the libpath_template
+ The thirteenth batch
+ t/Makefile: say the default target upfront
+ The fourteenth batch
+ The fifteenth batch
+ Git 2.44-rc0
+
+Justin Tobler (2):
+ t1401: remove lockfile creation
+ t5541: remove lockfile creation
+
+Kristoffer Haugsbakk (5):
+ config: format newlines
+ config: rename global config function
+ config: factor out global config file retrieval
+ maintenance: use XDG config if it exists
+ config: add back code comment
+
+Kyle Lippincott (1):
+ setup: allow cwd=.git w/ bareRepository=explicit
+
+M Hickford (1):
+ credential/wincred: store oauth_refresh_token
+
+Marcelo Roberto Jimenez (1):
+ gitweb: die when a configuration file cannot be read
+
+Patrick Steinhardt (93):
+ t: allow skipping expected object ID in `ref-store update-ref`
+ t: convert tests to not write references via the filesystem
+ t: convert tests to not access symrefs via the filesystem
+ t: convert tests to not access reflog via the filesystem
+ t1450: convert tests to remove worktrees via git-worktree(1)
+ t4207: delete replace references via git-update-ref(1)
+ t7300: assert exact states of repo
+ t7900: assert the absence of refs via git-for-each-ref(1)
+ t: mark several tests that assume the files backend with REFFILES
+ t/lib-httpd: dynamically detect httpd and modules path
+ t/lib-httpd: stop using legacy crypt(3) for authentication
+ t9164: fix inability to find basename(1) in Subversion hooks
+ global: convert trivial usages of `test <expr> -a/-o <expr>`
+ contrib/subtree: stop using `-o` to test for number of args
+ contrib/subtree: convert subtree type check to use case statement
+ Makefile: stop using `test -o` when unlinking duplicate executables
+ t5510: ensure that the packed-refs file needs locking
+ refs/files: use transactions to delete references
+ refs: deduplicate code to delete references
+ refs: remove `delete_refs` callback from backends
+ setup: extract function to create the refdb
+ setup: allow skipping creation of the refdb
+ remote-curl: rediscover repository when fetching refs
+ builtin/clone: fix bundle URIs with mismatching object formats
+ builtin/clone: set up sparse checkout later
+ builtin/clone: skip reading HEAD when retrieving remote
+ builtin/clone: create the refdb with the correct object format
+ wt-status: read HEAD and ORIG_HEAD via the refdb
+ refs: propagate errno when reading special refs fails
+ refs: complete list of special refs
+ bisect: consistently write BISECT_EXPECTED_REV via the refdb
+ t: introduce DEFAULT_REPO_FORMAT prereq
+ worktree: skip reading HEAD when repairing worktrees
+ refs: refactor logic to look up storage backends
+ setup: start tracking ref storage format
+ setup: set repository's formats on init
+ setup: introduce "extensions.refStorage" extension
+ setup: introduce GIT_DEFAULT_REF_FORMAT envvar
+ t: introduce GIT_TEST_DEFAULT_REF_FORMAT envvar
+ builtin/rev-parse: introduce `--show-ref-format` flag
+ builtin/init: introduce `--ref-format=` value flag
+ builtin/clone: introduce `--ref-format=` value flag
+ t9500: write "extensions.refstorage" into config
+ reftable/stack: do not overwrite errors when compacting
+ reftable/stack: do not auto-compact twice in `reftable_stack_add()`
+ reftable/writer: fix index corruption when writing multiple indices
+ reftable/record: constify some parts of the interface
+ reftable/record: store "val1" hashes as static arrays
+ reftable/record: store "val2" hashes as static arrays
+ reftable/merged: really reuse buffers to compute record keys
+ reftable/merged: transfer ownership of records when iterating
+ git-prompt: stop manually parsing HEAD with unknown ref formats
+ ci: add job performing static analysis on GitLab CI
+ refs: prepare `refs_init_db()` for initializing worktree refs
+ setup: move creation of "refs/" into the files backend
+ refs/files: skip creation of "refs/{heads,tags}" for worktrees
+ builtin/worktree: move setup of commondir file earlier
+ worktree: expose interface to look up worktree by name
+ builtin/worktree: create refdb via ref backend
+ reftable/stack: refactor stack reloading to have common exit path
+ reftable/stack: refactor reloading to use file descriptor
+ reftable/stack: use stat info to avoid re-reading stack list
+ reftable/blocksource: refactor code to match our coding style
+ reftable/blocksource: use mmap to read tables
+ git-p4: stop reaching into the refdb
+ commit-graph: fix memory leak when not writing graph
+ completion: discover repo path in `__git_pseudoref_exists ()`
+ t9902: verify that completion does not print anything
+ completion: improve existence check for pseudo-refs
+ completion: silence pseudoref existence check
+ completion: treat dangling symrefs as existing pseudorefs
+ t7527: decrease likelihood of racing with fsmonitor daemon
+ Makefile: detect new Homebrew location for ARM-based Macs
+ ci: handle TEST_OUTPUT_DIRECTORY when printing test failures
+ ci: make p4 setup on macOS more robust
+ ci: add macOS jobs to GitLab CI
+ reftable/stack: unconditionally reload stack after commit
+ reftable/stack: fix race in up-to-date check
+ sequencer: clean up pseudo refs with REF_NO_DEREF
+ sequencer: delete REBASE_HEAD in correct repo when picking commits
+ refs: convert AUTO_MERGE to become a normal pseudo-ref
+ sequencer: introduce functions to handle autostashes via refs
+ refs: convert MERGE_AUTOSTASH to become a normal pseudo-ref
+ refs: redefine special refs
+ Documentation: add "special refs" to the glossary
+ reftable/stack: adjust permissions of compacted tables
+ t1300: make tests more robust with non-default ref backends
+ t1301: mark test for `core.sharedRepository` as reffiles specific
+ t1302: make tests more robust with new extensions
+ t1419: mark test suite as files-backend specific
+ t5526: break test submodule differently
+ t: mark tests regarding git-pack-refs(1) to be backend specific
+ reftable/stack: fsync "tables.list" during compaction
+
+Philippe Blain (5):
+ completion: complete missing rev-list options
+ completion: complete --patch-with-raw
+ completion: complete --encoding
+ completion: complete missing 'git log' options
+ ci(github): also skip logs of broken test cases
+
+Phillip Wood (1):
+ unit tests: add TAP unit test framework
+
+René Scharfe (3):
+ git-compat-util: convert skip_{prefix,suffix}{,_mem} to bool
+ mem-pool: fix big allocations
+ mem-pool: simplify alignment calculation
+
+Rubén Justo (9):
+ branch: clarify <oldbranch> term
+ advice: sort the advice related lists
+ advice: fix an unexpected leading space
+ branch: make the advice to force-deleting a conditional one
+ advice: allow disabling the automatic hint in advise_if_enabled()
+ t5332: mark as leak-free
+ t6113: mark as leak-free
+ test-lib: check for TEST_PASSES_SANITIZE_LEAK
+ t0080: mark as leak-free
+
+Simon Ser (1):
+ format-patch: fix ignored encode_email_headers for cover letter
+
+Sören Krecker (1):
+ mingw: give more details about unsafe directory's ownership
+
+Tamino Bauknecht (1):
+ fetch: add new config option fetch.all
+
+Taylor Blau (26):
+ pack-objects: free packing_data in more places
+ pack-bitmap-write: deep-clear the `bb_commit` slab
+ pack-bitmap: plug leak in find_objects()
+ midx: factor out `fill_pack_info()`
+ midx: implement `BTMP` chunk
+ midx: implement `midx_locate_pack()`
+ pack-bitmap: pass `bitmapped_pack` struct to pack-reuse functions
+ ewah: implement `bitmap_is_empty()`
+ pack-bitmap: simplify `reuse_partial_packfile_from_bitmap()` signature
+ pack-bitmap: return multiple packs via `reuse_partial_packfile_from_bitmap()`
+ pack-objects: parameterize pack-reuse routines over a single pack
+ pack-objects: keep track of `pack_start` for each reuse pack
+ pack-objects: pass `bitmapped_pack`'s to pack-reuse functions
+ pack-objects: prepare `write_reused_pack()` for multi-pack reuse
+ pack-objects: prepare `write_reused_pack_verbatim()` for multi-pack reuse
+ pack-objects: include number of packs reused in output
+ git-compat-util.h: implement checked size_t to uint32_t conversion
+ midx: implement `midx_preferred_pack()`
+ pack-revindex: factor out `midx_key_to_pack_pos()` helper
+ pack-revindex: implement `midx_pair_to_pack_pos()`
+ pack-bitmap: prepare to mark objects from multiple packs for reuse
+ pack-objects: add tracing for various packfile metrics
+ t/test-lib-functions.sh: implement `test_trace2_data` helper
+ pack-objects: allow setting `pack.allowPackReuse` to "single"
+ pack-bitmap: enable reuse from all bitmapped packs
+ t/perf: add performance tests for multi-pack reuse
+
+Victoria Dye (14):
+ ref-filter.c: really don't sort when using --no-sort
+ ref-filter.h: add max_count and omit_empty to ref_format
+ ref-filter.h: move contains caches into filter
+ ref-filter.h: add functions for filter/format & format-only
+ ref-filter.c: rename 'ref_filter_handler()' to 'filter_one()'
+ ref-filter.c: refactor to create common helper functions
+ ref-filter.c: filter & format refs in the same callback
+ for-each-ref: clean up documentation of --format
+ ref-filter.c: use peeled tag for '*' format fields
+ t/perf: add perf tests for for-each-ref
+ submodule-config.h: move check_submodule_url
+ test-submodule: remove command line handling for check-name
+ t7450: test submodule urls
+ submodule-config.c: strengthen URL fsck check
+
+Zach FettersMoore (1):
+ subtree: fix split processing with multiple subtrees present
+
+
+Version v2.43.4; changes since v2.43.3:
+---------------------------------------
+
+Filip Hejsek (4):
+ t0411: add tests for cloning from partial repo
+ has_dir_name(): do not get confused by characters < '/'
+ t7423: add tests for symlinked submodule directories
+ clone: prevent clashing git dirs when cloning submodule in parallel
+
+Jeff King (6):
+ http: reset POSTFIELDSIZE when clearing curl handle
+ INSTALL: bump libcurl version to 7.21.3
+ remote-curl: add Transfer-Encoding header only for older curl
+ test-lib: ignore uninteresting LSan output
+ upload-pack: disable lazy-fetching by default
+ docs: document security issues around untrusted .git dirs
+
+Johannes Schindelin (24):
+ repository: avoid leaking `fsmonitor` data
+ ci: upgrade to using macos-13
+ ci(linux-asan/linux-ubsan): let's save some time
+ ci: bump remaining outdated Actions versions
+ ci(linux32): add a note about Actions that must not be updated
+ fetch/clone: detect dubious ownership of local repositories
+ submodules: submodule paths must not contain symlinks
+ clone_submodule: avoid using `access()` on directories
+ submodule: require the submodule path to contain directories only
+ t5510: verify that D/F confusion cannot lead to an RCE
+ entry: report more colliding paths
+ clone: when symbolic links collide with directories, keep the latter
+ find_hook(): refactor the `STRIP_EXTENSION` logic
+ init: refactor the template directory discovery into its own function
+ Add a helper function to compare file contents
+ clone: prevent hooks from running during a clone
+ init.templateDir: consider this config setting protected
+ core.hooksPath: add some protection while cloning
+ fsck: warn about symlink pointing inside a gitdir
+ Git 2.39.4
+ Git 2.40.2
+ Git 2.41.1
+ Git 2.42.2
+ Git 2.43.4
+
+Junio C Hamano (2):
+ GitHub Actions: update to checkout@v4
+ GitHub Actions: update to github-script@v7
+
+Patrick Steinhardt (4):
+ builtin/clone: stop resolving symlinks when copying files
+ builtin/clone: abort when hardlinked source and target file differ
+ setup.c: introduce `die_upon_dubious_ownership()`
+ builtin/clone: refuse local clones of unsafe repositories
+
+
+Version v2.43.3; changes since v2.43.2:
+---------------------------------------
+
+Jeff King (1):
+ trailer: fix comment/cut-line regression with opts->no_divider
+
+Junio C Hamano (1):
+ Git 2.43.3
+
+
+Version v2.43.2; changes since v2.43.1:
+---------------------------------------
+
+Elijah Newren (1):
+ diffcore-delta: avoid ignoring final 'line' of file
+
+James Touton (1):
+ git-p4: use raw string literals for regular expressions
+
+Jeff King (1):
+ diff: handle NULL meta-info when spawning external diff
+
+Johannes Schindelin (1):
+ win32: special-case `ENOSPC` when writing to a pipe
+
+Junio C Hamano (11):
+ Docs: majordomo@vger.kernel.org has been decomissioned
+ CoC: whitespace fix
+ builtin/worktree: comment style fixes
+ merge-ort.c: comment style fix
+ reftable/pq_test: comment style fix
+ tag: fix sign_buffer() call to create a signed tag
+ bisect: document "terms" subcommand more fully
+ bisect: document command line arguments for "bisect start"
+ ssh signing: signal an error with a negative return value
+ write-or-die: fix the polarity of GIT_FLUSH environment variable
+ Git 2.43.2
+
+Linus Arver (1):
+ strvec: use correct member name in comments
+
+Nikolay Borisov (1):
+ rebase: fix documentation about used shell in -x
+
+Nikolay Edigaryev (1):
+ rev-list-options: fix off-by-one in '--filter=blob:limit=<n>' explainer
+
+Patrick Steinhardt (1):
+ builtin/stash: report failure to write to index
+
+Philippe Blain (2):
+ imap-send: add missing "strbuf.h" include under NO_CURL
+ .github/PULL_REQUEST_TEMPLATE.md: add a note about single-commit PRs
+
+René Scharfe (2):
+ parse-options: fully disable option abbreviation with PARSE_OPT_KEEP_UNKNOWN
+ parse-options: simplify positivation handling
+
+Sam Delmerico (1):
+ push: region_leave trace for negotiate_using_fetch
+
+Taylor Blau (1):
+ pack-bitmap: drop unused `reuse_objects`
+
+Toon Claes (1):
+ builtin/show-ref: treat directory as non-existing in --exists
+
+
+Version v2.43.1; changes since v2.43.0:
+---------------------------------------
+
+Chandra Pratap (2):
+ sideband.c: remove redundant 'NEEDSWORK' tag
+ write-or-die: make GIT_FLUSH a Boolean environment variable
+
+Elijah Newren (12):
+ treewide: remove unnecessary includes from header files
+ treewide: remove unnecessary includes in source files
+ archive.h: remove unnecessary include
+ blame.h: remove unnecessary includes
+ fsmonitor--daemon.h: remove unnecessary includes
+ http.h: remove unnecessary include
+ line-log.h: remove unnecessary include
+ pkt-line.h: remove unnecessary include
+ submodule-config.h: remove unnecessary include
+ trace2/tr2_tls.h: remove unnecessary include
+ treewide: add direct includes currently only pulled in transitively
+ treewide: remove unnecessary includes in source files
+
+Eric Sunshine (1):
+ git-add.txt: add missing short option -A to synopsis
+
+Illia Bobyr (1):
+ rebase: clarify --reschedule-failed-exec default
+
+Jeff Hostetler (3):
+ trace2: fix signature of trace2_def_param() macro
+ t0211: test URL redacting in PERF format
+ t0212: test URL redacting in EVENT format
+
+Jeff King (24):
+ parse-options: decouple "--end-of-options" and "--"
+ bisect: always clean on reset
+ config: handle NULL value when parsing non-bools
+ setup: handle NULL value when parsing extensions
+ trace2: handle NULL values in tr2_sysenv config callback
+ help: handle NULL value for alias.* config
+ submodule: handle NULL value when parsing submodule.*.branch
+ trailer: handle NULL value when parsing trailer-specific config
+ fsck: handle NULL value when parsing message config
+ config: reject bogus values for core.checkstat
+ git_xmerge_config(): prefer error() to die()
+ imap-send: don't use git_die_config() inside callback
+ config: use config_error_nonbool() instead of custom messages
+ diff: give more detailed messages for bogus diff.* config
+ config: use git_config_string() for core.checkRoundTripEncoding
+ push: drop confusing configset/callback redundancy
+ gpg-interface: drop pointless config_error_nonbool() checks
+ sequencer: simplify away extra git_config_string() call
+ mailinfo: fix out-of-bounds memory reads in unquote_quoted_pair()
+ t5100: make rfc822 comment test more careful
+ mailinfo: avoid recursion when unquoting From headers
+ t1006: add tests for %(objectsize:disk)
+ commit-graph: retain commit slab when closing NULL commit_graph
+ index-pack: spawn threads atomically
+
+Jiang Xin (5):
+ t5574: test porcelain output of atomic fetch
+ fetch: no redundant error message for atomic fetch
+ test-pkt-line: add option parser for unpack-sideband
+ pkt-line: memorize sideband fragment in reader
+ pkt-line: do not chomp newlines for sideband messages
+
+Johannes Schindelin (3):
+ ci: avoid running the test suite _twice_
+ packfile.c: fix a typo in `each_file_in_pack_dir_fn()`'s declaration
+ trace2: redact passwords from https:// URLs by default
+
+Josh Brobst (1):
+ builtin/reflog.c: fix dry-run option short name
+
+Josh Soref (13):
+ doc: update links to current pages
+ doc: switch links to https
+ doc: update links for andre-simon.de
+ doc: refer to internet archive
+ CodingGuidelines: move period inside parentheses
+ CodingGuidelines: write punctuation marks
+ SubmittingPatches: drop ref to "What's in git.git"
+ SubmittingPatches: discourage new trailers
+ SubmittingPatches: update extra tags list
+ SubmittingPatches: provide tag naming advice
+ SubmittingPatches: clarify GitHub visual
+ SubmittingPatches: clarify GitHub artifact format
+ SubmittingPatches: hyphenate non-ASCII
+
+Julian Prein (1):
+ hooks--pre-commit: detect non-ASCII when renaming
+
+Junio C Hamano (13):
+ orphan/unborn: add to the glossary and use them consistently
+ orphan/unborn: fix use of 'orphan' in end-user facing messages
+ revision: parse integer arguments to --max-count, --skip, etc., more carefully
+ git.txt: HEAD is not that special
+ git-bisect.txt: BISECT_HEAD is not that special
+ refs.h: HEAD is not that special
+ docs: AUTO_MERGE is not that special
+ docs: MERGE_AUTOSTASH is not that special
+ doc: format.notes specify a ref under refs/notes/ hierarchy
+ remote.h: retire CAS_OPT_NAME
+ archive: "--list" does not take further options
+ sparse-checkout: use default patterns for 'set' only !stdin
+ Git 2.43.1
+
+Linus Arver (3):
+ commit: ignore_non_trailer computes number of bytes to ignore
+ trailer: find the end of the log message
+ trailer: use offsets for trailer_start/trailer_end
+
+Maarten van der Schrieck (1):
+ Documentation: fix statement about rebase.instructionFormat
+
+Marcel Krause (1):
+ doc: make the gitfile syntax easier to discover
+
+Michael Lohmann (2):
+ Documentation/git-merge.txt: fix reference to synopsis
+ Documentation/git-merge.txt: use backticks for command wrapping
+
+Patrick Steinhardt (31):
+ ci: reorder definitions for grouping functions
+ ci: make grouping setup more generic
+ ci: group installation of Docker dependencies
+ ci: split out logic to set up failed test artifacts
+ ci: unify setup of some environment variables
+ ci: squelch warnings when testing with unusable Git repo
+ ci: install test dependencies for linux-musl
+ ci: add support for GitLab CI
+ commit-graph: disable GIT_COMMIT_GRAPH_PARANOIA by default
+ t0410: mark tests to require the reffiles backend
+ t1400: split up generic reflog tests from the reffile-specific ones
+ t1401: stop treating FETCH_HEAD as real reference
+ t1410: use test-tool to create empty reflog
+ t1417: make `reflog --updateref` tests backend agnostic
+ t3310: stop checking for reference existence via `test -f`
+ t4013: simplify magic parsing and drop "failure"
+ t5401: speed up creation of many branches
+ t5551: stop writing packed-refs directly
+ t6301: write invalid object ID via `test-tool ref-store`
+ reftable: wrap EXPECT macros in do/while
+ reftable: handle interrupted reads
+ reftable: handle interrupted writes
+ reftable/stack: verify that `reftable_stack_add()` uses auto-compaction
+ reftable/stack: perform auto-compaction with transactional interface
+ reftable/stack: reuse buffers when reloading stack
+ reftable/stack: fix stale lock when dying
+ reftable/stack: fix use of unseeded randomness
+ reftable/merged: reuse buffer to compute record keys
+ reftable/block: introduce macro to initialize `struct block_iter`
+ reftable/block: reuse buffer to compute record keys
+ tests: adjust whitespace in chainlint expectations
+
+René Scharfe (14):
+ column: release strbuf and string_list after use
+ i18n: factorize even more 'incompatible options' messages
+ push: use die_for_incompatible_opt4() for - -delete/--tags/--all/--mirror
+ repack: use die_for_incompatible_opt3() for -A/-k/--cruft
+ revision: use die_for_incompatible_opt3() for - -graph/--reverse/--walk-reflogs
+ revision, rev-parse: factorize incompatibility messages about - -exclude-hidden
+ clean: factorize incompatibility message
+ worktree: standardize incompatibility messages
+ worktree: simplify incompatibility message for --orphan and commit-ish
+ show-ref: use die_for_incompatible_opt3()
+ t6300: avoid hard-coding object sizes
+ rebase: use strvec_pushf() for format-patch revisions
+ fast-import: use mem_pool_calloc()
+ t1006: prefer shell loop to awk for packed object sizes
+
+Rubén Justo (1):
+ status: fix branch shown when not only bisecting
+
+Shreyansh Paliwal (1):
+ test-lib-functions.sh: fix test_grep fail message wording
+
+Stan Hu (2):
+ completion: refactor existence checks for pseudorefs
+ completion: support pseudoref existence checks for reftables
+
+Todd Zullinger (2):
+ perl: bump the required Perl version to 5.8.1 from 5.8.0
+ send-email: avoid duplicate specification warnings
+
+
Version v2.43.0; changes since v2.43.0-rc2:
-------------------------------------------
@@ -139,7 +1763,7 @@ brian m. carlson (1):
merge-file: add an option to process object IDs
-Version v2.43.0-rc0; changes since v2.42.1:
+Version v2.43.0-rc0; changes since v2.42.2:
-------------------------------------------
Alyssa Ross (1):
@@ -535,6 +2159,59 @@ brian m. carlson (1):
doc: correct the 50 characters soft limit (+)
+Version v2.42.2; changes since v2.42.1:
+---------------------------------------
+
+Filip Hejsek (4):
+ t0411: add tests for cloning from partial repo
+ has_dir_name(): do not get confused by characters < '/'
+ t7423: add tests for symlinked submodule directories
+ clone: prevent clashing git dirs when cloning submodule in parallel
+
+Jeff King (6):
+ http: reset POSTFIELDSIZE when clearing curl handle
+ INSTALL: bump libcurl version to 7.21.3
+ remote-curl: add Transfer-Encoding header only for older curl
+ test-lib: ignore uninteresting LSan output
+ upload-pack: disable lazy-fetching by default
+ docs: document security issues around untrusted .git dirs
+
+Johannes Schindelin (23):
+ repository: avoid leaking `fsmonitor` data
+ ci: upgrade to using macos-13
+ ci(linux-asan/linux-ubsan): let's save some time
+ ci: bump remaining outdated Actions versions
+ ci(linux32): add a note about Actions that must not be updated
+ fetch/clone: detect dubious ownership of local repositories
+ submodules: submodule paths must not contain symlinks
+ clone_submodule: avoid using `access()` on directories
+ submodule: require the submodule path to contain directories only
+ t5510: verify that D/F confusion cannot lead to an RCE
+ entry: report more colliding paths
+ clone: when symbolic links collide with directories, keep the latter
+ find_hook(): refactor the `STRIP_EXTENSION` logic
+ init: refactor the template directory discovery into its own function
+ Add a helper function to compare file contents
+ clone: prevent hooks from running during a clone
+ init.templateDir: consider this config setting protected
+ core.hooksPath: add some protection while cloning
+ fsck: warn about symlink pointing inside a gitdir
+ Git 2.39.4
+ Git 2.40.2
+ Git 2.41.1
+ Git 2.42.2
+
+Junio C Hamano (2):
+ GitHub Actions: update to checkout@v4
+ GitHub Actions: update to github-script@v7
+
+Patrick Steinhardt (4):
+ builtin/clone: stop resolving symlinks when copying files
+ builtin/clone: abort when hardlinked source and target file differ
+ setup.c: introduce `die_upon_dubious_ownership()`
+ builtin/clone: refuse local clones of unsafe repositories
+
+
Version v2.42.1; changes since v2.42.0:
---------------------------------------
@@ -800,7 +2477,7 @@ brian m. carlson (2):
gitignore: ignore clangd .cache directory
-Version v2.42.0-rc0; changes since v2.41.0:
+Version v2.42.0-rc0; changes since v2.41.1:
-------------------------------------------
Alejandro R. Sedeño (1):
@@ -921,7 +2598,7 @@ Jacob Keller (1):
Jan Klötzke (1):
ref-filter: handle nested tags in --points-at option
-Jeff King (36):
+Jeff King (35):
format-patch: free rev.message_id when exiting
format-patch: free elements of rev.ref_message_ids list
pathspec: factor out magic-to-name function
@@ -931,7 +2608,6 @@ Jeff King (36):
ci: run ASan/UBSan in a single job
ci: drop linux-clang job
commit: pass --no-divider to interpret-trailers
- http: handle both "h2" and "h2h3" in curl info lines
var: mark unused parameters in git_var callbacks
imap-send: use server conf argument in setup_curl()
imap-send: drop unused parameter from imap_cmd_cb callback
@@ -1289,6 +2965,61 @@ brian m. carlson (7):
var: add config file locations
+Version v2.41.1; changes since v2.41.0:
+---------------------------------------
+
+Filip Hejsek (4):
+ t0411: add tests for cloning from partial repo
+ has_dir_name(): do not get confused by characters < '/'
+ t7423: add tests for symlinked submodule directories
+ clone: prevent clashing git dirs when cloning submodule in parallel
+
+Jeff King (9):
+ http: handle both "h2" and "h2h3" in curl info lines
+ http: factor out matching of curl http/2 trace lines
+ http: update curl http/2 info matching for curl 8.3.0
+ http: reset POSTFIELDSIZE when clearing curl handle
+ INSTALL: bump libcurl version to 7.21.3
+ remote-curl: add Transfer-Encoding header only for older curl
+ test-lib: ignore uninteresting LSan output
+ upload-pack: disable lazy-fetching by default
+ docs: document security issues around untrusted .git dirs
+
+Johannes Schindelin (22):
+ repository: avoid leaking `fsmonitor` data
+ ci: upgrade to using macos-13
+ ci(linux-asan/linux-ubsan): let's save some time
+ ci: bump remaining outdated Actions versions
+ ci(linux32): add a note about Actions that must not be updated
+ fetch/clone: detect dubious ownership of local repositories
+ submodules: submodule paths must not contain symlinks
+ clone_submodule: avoid using `access()` on directories
+ submodule: require the submodule path to contain directories only
+ t5510: verify that D/F confusion cannot lead to an RCE
+ entry: report more colliding paths
+ clone: when symbolic links collide with directories, keep the latter
+ find_hook(): refactor the `STRIP_EXTENSION` logic
+ init: refactor the template directory discovery into its own function
+ Add a helper function to compare file contents
+ clone: prevent hooks from running during a clone
+ init.templateDir: consider this config setting protected
+ core.hooksPath: add some protection while cloning
+ fsck: warn about symlink pointing inside a gitdir
+ Git 2.39.4
+ Git 2.40.2
+ Git 2.41.1
+
+Junio C Hamano (2):
+ GitHub Actions: update to checkout@v4
+ GitHub Actions: update to github-script@v7
+
+Patrick Steinhardt (4):
+ builtin/clone: stop resolving symlinks when copying files
+ builtin/clone: abort when hardlinked source and target file differ
+ setup.c: introduce `die_upon_dubious_ownership()`
+ builtin/clone: refuse local clones of unsafe repositories
+
+
Version v2.41.0; changes since v2.41.0-rc2:
-------------------------------------------
@@ -1382,7 +3113,7 @@ brian m. carlson (1):
upload-pack: advertise capabilities when cloning empty repos
-Version v2.41.0-rc0; changes since v2.40.1:
+Version v2.41.0-rc0; changes since v2.40.2:
-------------------------------------------
Adam Johnson (1):
@@ -1969,6 +3700,60 @@ ZheNing Hu (2):
branch, for-each-ref, tag: add option to omit empty lines
+Version v2.40.2; changes since v2.40.1:
+---------------------------------------
+
+Filip Hejsek (4):
+ t0411: add tests for cloning from partial repo
+ has_dir_name(): do not get confused by characters < '/'
+ t7423: add tests for symlinked submodule directories
+ clone: prevent clashing git dirs when cloning submodule in parallel
+
+Jeff King (9):
+ http: handle both "h2" and "h2h3" in curl info lines
+ http: factor out matching of curl http/2 trace lines
+ http: update curl http/2 info matching for curl 8.3.0
+ http: reset POSTFIELDSIZE when clearing curl handle
+ INSTALL: bump libcurl version to 7.21.3
+ remote-curl: add Transfer-Encoding header only for older curl
+ test-lib: ignore uninteresting LSan output
+ upload-pack: disable lazy-fetching by default
+ docs: document security issues around untrusted .git dirs
+
+Johannes Schindelin (21):
+ repository: avoid leaking `fsmonitor` data
+ ci: upgrade to using macos-13
+ ci(linux-asan/linux-ubsan): let's save some time
+ ci: bump remaining outdated Actions versions
+ ci(linux32): add a note about Actions that must not be updated
+ fetch/clone: detect dubious ownership of local repositories
+ submodules: submodule paths must not contain symlinks
+ clone_submodule: avoid using `access()` on directories
+ submodule: require the submodule path to contain directories only
+ t5510: verify that D/F confusion cannot lead to an RCE
+ entry: report more colliding paths
+ clone: when symbolic links collide with directories, keep the latter
+ find_hook(): refactor the `STRIP_EXTENSION` logic
+ init: refactor the template directory discovery into its own function
+ Add a helper function to compare file contents
+ clone: prevent hooks from running during a clone
+ init.templateDir: consider this config setting protected
+ core.hooksPath: add some protection while cloning
+ fsck: warn about symlink pointing inside a gitdir
+ Git 2.39.4
+ Git 2.40.2
+
+Junio C Hamano (2):
+ GitHub Actions: update to checkout@v4
+ GitHub Actions: update to github-script@v7
+
+Patrick Steinhardt (4):
+ builtin/clone: stop resolving symlinks when copying files
+ builtin/clone: abort when hardlinked source and target file differ
+ setup.c: introduce `die_upon_dubious_ownership()`
+ builtin/clone: refuse local clones of unsafe repositories
+
+
Version v2.40.1; changes since v2.40.0:
---------------------------------------
@@ -2144,7 +3929,7 @@ idriss fekir (1):
trace.c, git.c: remove unnecessary parameter to trace_repo_setup()
-Version v2.40.0-rc0; changes since v2.39.3:
+Version v2.40.0-rc0; changes since v2.39.4:
-------------------------------------------
Adam Szkoda (1):
@@ -2248,11 +4033,10 @@ Harshil-Jani (2):
mingw: remove duplicate `USE_NED_ALLOCATOR` directive
mingw: remove msysGit/MSYS1 support
-Jeff Hostetler (2):
+Jeff Hostetler (1):
fsmonitor: fix race seen in t7527
- fsmonitor: eliminate call to deprecated FSEventStream function
-Jeff King (32):
+Jeff King (28):
git-jump: move valid-mode check earlier
pack-bitmap.c: break out of the bitmap loop early if not tracing
pack-bitmap.c: trace bitmap ignore logs when midx-bitmap is found
@@ -2279,10 +4063,6 @@ Jeff King (32):
hash-object: use fsck for object checks
hash-object: fix descriptor leak with --literally
fsck: do not assume NUL-termination of buffers
- t/lib-httpd: bump required apache version to 2.2
- t/lib-httpd: bump required apache version to 2.4
- t/lib-httpd: drop SSLMutex config
- t/lib-httpd: increase ssl key size to 2048 bits
doc/ls-remote: cosmetic cleanups for examples
doc/ls-remote: clarify pattern format
@@ -2557,6 +4337,81 @@ ZheNing Hu (1):
date.c: allow ISO 8601 reduced precision times
+Version v2.39.4; changes since v2.39.3:
+---------------------------------------
+
+Filip Hejsek (4):
+ t0411: add tests for cloning from partial repo
+ has_dir_name(): do not get confused by characters < '/'
+ t7423: add tests for symlinked submodule directories
+ clone: prevent clashing git dirs when cloning submodule in parallel
+
+Jeff Hostetler (1):
+ fsmonitor: eliminate call to deprecated FSEventStream function
+
+Jeff King (29):
+ t/lib-httpd: bump required apache version to 2.2
+ t/lib-httpd: bump required apache version to 2.4
+ t/lib-httpd: drop SSLMutex config
+ t/lib-httpd: increase ssl key size to 2048 bits
+ t5541: run "used receive-pack service" test earlier
+ t5541: stop marking "used receive-pack service" test as v0 only
+ t5541: simplify and move "no empty path components" test
+ t5551: drop redundant grep for Accept-Language
+ t5551: lower-case headers in expected curl trace
+ t5551: handle HTTP/2 when checking curl trace
+ t5551: stop forcing clone to run with v0 protocol
+ t5551: handle v2 protocol when checking curl trace
+ t5551: handle v2 protocol in upload-pack service test
+ t5551: simplify expected cookie file
+ t5551: handle v2 protocol in cookie test
+ t5551: drop curl trace lines without headers
+ t/lib-httpd: respect $HTTPD_PROTO in expect_askpass()
+ t/lib-httpd: enable HTTP/2 "h2" protocol, not just h2c
+ t5559: fix test failures with LIB_HTTPD_SSL
+ t5559: make SSL/TLS the default
+ http: handle both "h2" and "h2h3" in curl info lines
+ http: factor out matching of curl http/2 trace lines
+ http: update curl http/2 info matching for curl 8.3.0
+ http: reset POSTFIELDSIZE when clearing curl handle
+ INSTALL: bump libcurl version to 7.21.3
+ remote-curl: add Transfer-Encoding header only for older curl
+ test-lib: ignore uninteresting LSan output
+ upload-pack: disable lazy-fetching by default
+ docs: document security issues around untrusted .git dirs
+
+Johannes Schindelin (19):
+ ci: upgrade to using macos-13
+ ci(linux-asan/linux-ubsan): let's save some time
+ ci: bump remaining outdated Actions versions
+ ci(linux32): add a note about Actions that must not be updated
+ fetch/clone: detect dubious ownership of local repositories
+ submodules: submodule paths must not contain symlinks
+ clone_submodule: avoid using `access()` on directories
+ submodule: require the submodule path to contain directories only
+ t5510: verify that D/F confusion cannot lead to an RCE
+ entry: report more colliding paths
+ clone: when symbolic links collide with directories, keep the latter
+ find_hook(): refactor the `STRIP_EXTENSION` logic
+ init: refactor the template directory discovery into its own function
+ Add a helper function to compare file contents
+ clone: prevent hooks from running during a clone
+ init.templateDir: consider this config setting protected
+ core.hooksPath: add some protection while cloning
+ fsck: warn about symlink pointing inside a gitdir
+ Git 2.39.4
+
+Junio C Hamano (2):
+ GitHub Actions: update to checkout@v4
+ GitHub Actions: update to github-script@v7
+
+Patrick Steinhardt (4):
+ builtin/clone: stop resolving symlinks when copying files
+ builtin/clone: abort when hardlinked source and target file differ
+ setup.c: introduce `die_upon_dubious_ownership()`
+ builtin/clone: refuse local clones of unsafe repositories
+
+
Version v2.39.3; changes since v2.39.2:
---------------------------------------
diff --git a/debian/copyright b/debian/copyright
index 02ae6fa..13fb9b9 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -3,7 +3,7 @@ Upstream-Contact: git@vger.kernel.org
Source: https://www.kernel.org/pub/software/scm/git/
Files: *
-Copyright: © 2005-2023, Linus Torvalds and others.
+Copyright: © 2005-2024, Linus Torvalds and others.
License: GPL-2
Files: reftable/* t/t0032-reftable-unittest.sh
@@ -218,11 +218,6 @@ Copyright: © 2011, John Szakmeister <john@szakmeister.net>
© 2012, Philipp A. Hartmann <pah@qo.cx>
License: GPL-2+
-Files: contrib/hg-to-git/hg-to-git.py
-Copyright: © 2007, Stelian Pop <stelian@popies.net>
-Name: hg-to-git.py - A Mercurial to GIT converter
-License: GPL-2+
-
Files: contrib/mw-to-git/git-*.perl contrib/mw-to-git/t/t*
Copyright: © 2011
Jérémie Nikaes <jeremie.nikaes@ensimag.imag.fr>
diff --git a/debian/patches/0001-hook-plug-a-new-memory-leak.diff b/debian/patches/0001-hook-plug-a-new-memory-leak.diff
new file mode 100644
index 0000000..ab74831
--- /dev/null
+++ b/debian/patches/0001-hook-plug-a-new-memory-leak.diff
@@ -0,0 +1,34 @@
+From 94f95a123b10f3837e181ad93b81f1a4f53bb8fc Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Sat, 18 May 2024 10:32:39 +0000
+Subject: hook: plug a new memory leak
+
+commit 2811ce3a79dc8a0105a6defb59718b35f5b397aa upstream.
+
+In 8db1e8743c0 (clone: prevent hooks from running during a clone,
+2024-03-28), I introduced an inadvertent memory leak that was
+unfortunately not caught before v2.45.1 was released. Here is a fix.
+
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+---
+ hook.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/hook.c b/hook.c
+index eebc4d44734..8de469b134a 100644
+--- a/hook.c
++++ b/hook.c
+@@ -26,8 +26,10 @@ static int identical_to_template_hook(const char *name, const char *path)
+ found_template_hook = access(template_path.buf, X_OK) >= 0;
+ }
+ #endif
+- if (!found_template_hook)
++ if (!found_template_hook) {
++ strbuf_release(&template_path);
+ return 0;
++ }
+
+ ret = do_files_match(template_path.buf, path);
+
diff --git a/debian/patches/0002-Revert-core.hooksPath-add-some-protection-while-cloni.diff b/debian/patches/0002-Revert-core.hooksPath-add-some-protection-while-cloni.diff
new file mode 100644
index 0000000..8e1c975
--- /dev/null
+++ b/debian/patches/0002-Revert-core.hooksPath-add-some-protection-while-cloni.diff
@@ -0,0 +1,82 @@
+From 7db946419c29e185f1cc6e544cfb47b442019ac7 Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Sat, 18 May 2024 10:32:41 +0000
+Subject: Revert "core.hooksPath: add some protection while cloning"
+
+commit f13e8e2ea56ceef593311b3cff1ba7ba1a493682 upstream.
+
+This defense-in-depth was intended to protect the clone operation
+against future escalations where bugs in `git clone` would allow
+attackers to write arbitrary files in the `.git/` directory would allow
+for Remote Code Execution attacks via maliciously-placed hooks.
+
+However, it turns out that the `core.hooksPath` protection has
+unintentional side effects so severe that they do not justify the
+benefit of the protections. For example, it has been reported in
+https://lore.kernel.org/git/FAFA34CB-9732-4A0A-87FB-BDB272E6AEE8@alchemists.io/
+that the following invocation, which is intended to make `git clone`
+safer, is itself broken by that protective measure:
+
+ git clone --config core.hooksPath=/dev/null <url>
+
+Since it turns out that the benefit does not justify the cost, let's revert
+20f3588efc6 (core.hooksPath: add some protection while cloning,
+2024-03-30).
+
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+---
+ config.c | 13 +------------
+ t/t1800-hook.sh | 15 ---------------
+ 2 files changed, 1 insertion(+), 27 deletions(-)
+
+diff --git a/config.c b/config.c
+index 77a0fd2d80e..ae3652b08fa 100644
+--- a/config.c
++++ b/config.c
+@@ -1416,19 +1416,8 @@ static int git_default_core_config(const char *var, const char *value,
+ if (!strcmp(var, "core.attributesfile"))
+ return git_config_pathname(&git_attributes_file, var, value);
+
+- if (!strcmp(var, "core.hookspath")) {
+- if (ctx->kvi && ctx->kvi->scope == CONFIG_SCOPE_LOCAL &&
+- git_env_bool("GIT_CLONE_PROTECTION_ACTIVE", 0))
+- die(_("active `core.hooksPath` found in the local "
+- "repository config:\n\t%s\nFor security "
+- "reasons, this is disallowed by default.\nIf "
+- "this is intentional and the hook should "
+- "actually be run, please\nrun the command "
+- "again with "
+- "`GIT_CLONE_PROTECTION_ACTIVE=false`"),
+- value);
++ if (!strcmp(var, "core.hookspath"))
+ return git_config_pathname(&git_hooks_path, var, value);
+- }
+
+ if (!strcmp(var, "core.bare")) {
+ is_bare_repository_cfg = git_config_bool(var, value);
+diff --git a/t/t1800-hook.sh b/t/t1800-hook.sh
+index 1894ebeb0e8..8b0234cf2d5 100755
+--- a/t/t1800-hook.sh
++++ b/t/t1800-hook.sh
+@@ -185,19 +185,4 @@ test_expect_success 'stdin to hooks' '
+ test_cmp expect actual
+ '
+
+-test_expect_success 'clone protections' '
+- test_config core.hooksPath "$(pwd)/my-hooks" &&
+- mkdir -p my-hooks &&
+- write_script my-hooks/test-hook <<-\EOF &&
+- echo Hook ran $1
+- EOF
+-
+- git hook run test-hook 2>err &&
+- test_grep "Hook ran" err &&
+- test_must_fail env GIT_CLONE_PROTECTION_ACTIVE=true \
+- git hook run test-hook 2>err &&
+- test_grep "active .core.hooksPath" err &&
+- test_grep ! "Hook ran" err
+-'
+-
+ test_done
diff --git a/debian/patches/0003-tests-verify-that-clone-c-core.hooksPath-dev-null-wor.diff b/debian/patches/0003-tests-verify-that-clone-c-core.hooksPath-dev-null-wor.diff
new file mode 100644
index 0000000..9a494d9
--- /dev/null
+++ b/debian/patches/0003-tests-verify-that-clone-c-core.hooksPath-dev-null-wor.diff
@@ -0,0 +1,48 @@
+From ce34e1b7a072db221190446e79cb373c7f6010a5 Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Sat, 18 May 2024 10:32:42 +0000
+Subject: tests: verify that `clone -c core.hooksPath=/dev/null` works again
+
+commit a25a15726f4d1bf1c8362f1b3146096d6a87f965 upstream.
+
+As part of the protections added in Git v2.45.1 and friends,
+repository-local `core.hooksPath` settings are no longer allowed, as a
+defense-in-depth mechanism to prevent future Git vulnerabilities to
+raise to critical level if those vulnerabilities inadvertently allow the
+repository-local config to be written.
+
+What the added protection did not anticipate is that such a
+repository-local `core.hooksPath` can not only be used to point to
+maliciously-placed scripts in the current worktree, but also to
+_prevent_ hooks from being called altogether.
+
+We just reverted the `core.hooksPath` protections, based on the Git
+maintainer's recommendation in
+https://lore.kernel.org/git/xmqq4jaxvm8z.fsf@gitster.g/ to address this
+concern as well as related ones. Let's make sure that we won't regress
+while trying to protect the clone operation further.
+
+Reported-by: Brooke Kuhlmann <brooke@alchemists.io>
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+---
+ t/t1350-config-hooks-path.sh | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/t/t1350-config-hooks-path.sh b/t/t1350-config-hooks-path.sh
+index f6dc83e2aab..45a04929170 100755
+--- a/t/t1350-config-hooks-path.sh
++++ b/t/t1350-config-hooks-path.sh
+@@ -41,4 +41,11 @@ test_expect_success 'git rev-parse --git-path hooks' '
+ test .git/custom-hooks/abc = "$(cat actual)"
+ '
+
++test_expect_success 'core.hooksPath=/dev/null' '
++ git clone -c core.hooksPath=/dev/null . no-templates &&
++ value="$(git -C no-templates config --local core.hooksPath)" &&
++ # The Bash used by Git for Windows rewrites `/dev/null` to `nul`
++ { test /dev/null = "$value" || test nul = "$value"; }
++'
++
+ test_done
diff --git a/debian/patches/0004-hook-clone-protections-add-escape-hatch.diff b/debian/patches/0004-hook-clone-protections-add-escape-hatch.diff
new file mode 100644
index 0000000..b2aa135
--- /dev/null
+++ b/debian/patches/0004-hook-clone-protections-add-escape-hatch.diff
@@ -0,0 +1,182 @@
+From 1f34eea689413fa10a664f4c154b097be7796b0a Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Sat, 18 May 2024 10:32:43 +0000
+Subject: hook(clone protections): add escape hatch
+
+commit 85811d32aca9f0ba324a04bd8709c315d472efbe upstream.
+
+As defense-in-depth measures, v2.39.4 and friends leading up to v2.45.1
+introduced code that detects when hooks have been installed during a
+`git clone`, which is indicative of a common attack vector with critical
+severity that allows Remote Code Execution.
+
+There are legitimate use cases for such behavior, though, for example
+when those hooks stem from Git's own templates, which system
+administrators are at liberty to modify to enforce, say, commit message
+conventions. The git clone protections specifically add exceptions to
+allow for that.
+
+Another legitimate use case that has been identified too late to be
+handled in these security bug-fix versions is Git LFS: It behaves
+somewhat similar to common attack vectors by writing a few hooks while
+running the `smudge` filter during a regular clone, which means that Git
+has no chance to know that the hooks are benign and e.g. the
+`post-checkout` hook can be safely executed as part of the clone
+operation.
+
+To help Git LFS, and other tools behaving similarly (if there are any),
+let's add a new, multi-valued `safe.hook.sha256` config setting. Like
+the already-existing `safe.*` settings, it is ignored in
+repository-local configs, and it is interpreted as a list of SHA-256
+checksums of hooks' contents that are safe to execute during a clone
+operation. Future Git LFS versions will need to write those entries at
+the same time they install the `smudge`/`clean` filters.
+
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+---
+ Documentation/config/safe.txt | 6 +++
+ hook.c | 69 ++++++++++++++++++++++++++++++++---
+ t/t1800-hook.sh | 15 ++++++++
+ 3 files changed, 85 insertions(+), 5 deletions(-)
+
+diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt
+index 577df40223a..e2eb4992bef 100644
+--- a/Documentation/config/safe.txt
++++ b/Documentation/config/safe.txt
+@@ -59,3 +59,9 @@ which id the original user has.
+ If that is not what you would prefer and want git to only trust
+ repositories that are owned by root instead, then you can remove
+ the `SUDO_UID` variable from root's environment before invoking git.
++
++safe.hook.sha256::
++ The value is the SHA-256 of hooks that are considered to be safe
++ to run during a clone operation.
+++
++Multiple values can be added via `git config --global --add`.
+diff --git a/hook.c b/hook.c
+index 8de469b134a..9eca6c0103a 100644
+--- a/hook.c
++++ b/hook.c
+@@ -10,6 +10,9 @@
+ #include "environment.h"
+ #include "setup.h"
+ #include "copy.h"
++#include "strmap.h"
++#include "hash-ll.h"
++#include "hex.h"
+
+ static int identical_to_template_hook(const char *name, const char *path)
+ {
+@@ -37,11 +40,66 @@ static int identical_to_template_hook(const char *name, const char *path)
+ return ret;
+ }
+
++static struct strset safe_hook_sha256s = STRSET_INIT;
++static int safe_hook_sha256s_initialized;
++
++static int get_sha256_of_file_contents(const char *path, char *sha256)
++{
++ struct strbuf sb = STRBUF_INIT;
++ int fd;
++ ssize_t res;
++
++ git_hash_ctx ctx;
++ const struct git_hash_algo *algo = &hash_algos[GIT_HASH_SHA256];
++ unsigned char hash[GIT_MAX_RAWSZ];
++
++ if ((fd = open(path, O_RDONLY)) < 0)
++ return -1;
++ res = strbuf_read(&sb, fd, 400);
++ close(fd);
++ if (res < 0)
++ return -1;
++
++ algo->init_fn(&ctx);
++ algo->update_fn(&ctx, sb.buf, sb.len);
++ strbuf_release(&sb);
++ algo->final_fn(hash, &ctx);
++
++ hash_to_hex_algop_r(sha256, hash, algo);
++
++ return 0;
++}
++
++static int safe_hook_cb(const char *key, const char *value,
++ const struct config_context *ctx UNUSED, void *d)
++{
++ struct strset *set = d;
++
++ if (value && !strcmp(key, "safe.hook.sha256"))
++ strset_add(set, value);
++
++ return 0;
++}
++
++static int is_hook_safe_during_clone(const char *name, const char *path, char *sha256)
++{
++ if (get_sha256_of_file_contents(path, sha256) < 0)
++ return 0;
++
++ if (!safe_hook_sha256s_initialized) {
++ safe_hook_sha256s_initialized = 1;
++ git_protected_config(safe_hook_cb, &safe_hook_sha256s);
++ }
++
++ return strset_contains(&safe_hook_sha256s, sha256);
++}
++
+ const char *find_hook(const char *name)
+ {
+ static struct strbuf path = STRBUF_INIT;
+
+ int found_hook;
++ char sha256[GIT_SHA256_HEXSZ + 1] = { '\0' };
+
+ strbuf_reset(&path);
+ strbuf_git_path(&path, "hooks/%s", name);
+@@ -73,13 +131,14 @@ const char *find_hook(const char *name)
+ return NULL;
+ }
+ if (!git_hooks_path && git_env_bool("GIT_CLONE_PROTECTION_ACTIVE", 0) &&
+- !identical_to_template_hook(name, path.buf))
++ !identical_to_template_hook(name, path.buf) &&
++ !is_hook_safe_during_clone(name, path.buf, sha256))
+ die(_("active `%s` hook found during `git clone`:\n\t%s\n"
+ "For security reasons, this is disallowed by default.\n"
+- "If this is intentional and the hook should actually "
+- "be run, please\nrun the command again with "
+- "`GIT_CLONE_PROTECTION_ACTIVE=false`"),
+- name, path.buf);
++ "If this is intentional and the hook is safe to run, "
++ "please run the following command and try again:\n\n"
++ " git config --global --add safe.hook.sha256 %s"),
++ name, path.buf, sha256);
+ return path.buf;
+ }
+
+diff --git a/t/t1800-hook.sh b/t/t1800-hook.sh
+index 8b0234cf2d5..cbdf60c451a 100755
+--- a/t/t1800-hook.sh
++++ b/t/t1800-hook.sh
+@@ -185,4 +185,19 @@ test_expect_success 'stdin to hooks' '
+ test_cmp expect actual
+ '
+
++test_expect_success '`safe.hook.sha256` and clone protections' '
++ git init safe-hook &&
++ write_script safe-hook/.git/hooks/pre-push <<-\EOF &&
++ echo "called hook" >safe-hook.log
++ EOF
++
++ test_must_fail env GIT_CLONE_PROTECTION_ACTIVE=true \
++ git -C safe-hook hook run pre-push 2>err &&
++ cmd="$(grep "git config --global --add safe.hook.sha256 [0-9a-f]" err)" &&
++ eval "$cmd" &&
++ GIT_CLONE_PROTECTION_ACTIVE=true \
++ git -C safe-hook hook run pre-push &&
++ test "called hook" = "$(cat safe-hook/safe-hook.log)"
++'
++
+ test_done
diff --git a/debian/patches/0005-hooks-clone-protections-special-case-current-Git-LFS-.diff b/debian/patches/0005-hooks-clone-protections-special-case-current-Git-LFS-.diff
new file mode 100644
index 0000000..bad67cd
--- /dev/null
+++ b/debian/patches/0005-hooks-clone-protections-special-case-current-Git-LFS-.diff
@@ -0,0 +1,82 @@
+From 09595d6984b41cbb6f653643f826fe009c56b493 Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Sat, 18 May 2024 10:32:44 +0000
+Subject: hooks(clone protections): special-case current Git LFS hooks
+
+commit c65d0f9ee6894cdf7feeb51639870bfaf826c905 upstream.
+
+A notable regression in v2.45.1 and friends (all the way down to
+v2.39.4) has been that Git LFS-enabled clones error out with a message
+indicating that the `post-checkout` hook has been tampered with while
+cloning, and as a safety measure it is not executed.
+
+A generic fix for benign third-party applications wishing to write hooks
+during clone operations has been implemented in the parent of this
+commit: said applications are expected to add `safe.hook.sha256` values
+to a protected config.
+
+However, the current version of Git LFS, v3.5.1, cannot be adapted
+retroactively; Therefore, let's just hard-code the SHA-256 values for
+this version. That way, Git LFS usage will no longer be broken, and the
+next Git LFS version can be taught to add those `safe.hook.sha256`
+entries.
+
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+---
+ hook.c | 11 +++++++++++
+ t/t1800-hook.sh | 20 ++++++++++++++++++++
+ 2 files changed, 31 insertions(+)
+
+diff --git a/hook.c b/hook.c
+index 9eca6c0103a..fc0548edb66 100644
+--- a/hook.c
++++ b/hook.c
+@@ -88,6 +88,17 @@ static int is_hook_safe_during_clone(const char *name, const char *path, char *s
+
+ if (!safe_hook_sha256s_initialized) {
+ safe_hook_sha256s_initialized = 1;
++
++ /* Hard-code known-safe values for Git LFS v3.4.0..v3.5.1 */
++ /* pre-push */
++ strset_add(&safe_hook_sha256s, "df5417b2daa3aa144c19681d1e997df7ebfe144fb7e3e05138bd80ae998008e4");
++ /* post-checkout */
++ strset_add(&safe_hook_sha256s, "791471b4ff472aab844a4fceaa48bbb0a12193616f971e8e940625498b4938a6");
++ /* post-commit */
++ strset_add(&safe_hook_sha256s, "21e961572bb3f43a5f2fbafc1cc764d86046cc2e5f0bbecebfe9684a0b73b664");
++ /* post-merge */
++ strset_add(&safe_hook_sha256s, "75da0da66a803b4b030ad50801ba57062c6196105eb1d2251590d100edb9390b");
++
+ git_protected_config(safe_hook_cb, &safe_hook_sha256s);
+ }
+
+diff --git a/t/t1800-hook.sh b/t/t1800-hook.sh
+index cbdf60c451a..c51be5f7a06 100755
+--- a/t/t1800-hook.sh
++++ b/t/t1800-hook.sh
+@@ -200,4 +200,24 @@ test_expect_success '`safe.hook.sha256` and clone protections' '
+ test "called hook" = "$(cat safe-hook/safe-hook.log)"
+ '
+
++write_lfs_pre_push_hook () {
++ write_script "$1" <<-\EOF
++ command -v git-lfs >/dev/null 2>&1 || { echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting the 'pre-push' file in the hooks directory (set by 'core.hookspath'; usually '.git/hooks').\n"; exit 2; }
++ git lfs pre-push "$@"
++ EOF
++}
++
++test_expect_success 'Git LFS special-handling in clone protections' '
++ git init lfs-hooks &&
++ write_lfs_pre_push_hook lfs-hooks/.git/hooks/pre-push &&
++ write_script git-lfs <<-\EOF &&
++ echo "called $*" >fake-git-lfs.log
++ EOF
++
++ PATH="$PWD:$PATH" GIT_CLONE_PROTECTION_ACTIVE=true \
++ git -C lfs-hooks hook run pre-push &&
++ test_write_lines "called pre-push" >expect &&
++ test_cmp lfs-hooks/fake-git-lfs.log expect
++'
++
+ test_done
diff --git a/debian/patches/0006-hooks-clone-protections-simplify-templates-hooks-vali.diff b/debian/patches/0006-hooks-clone-protections-simplify-templates-hooks-vali.diff
new file mode 100644
index 0000000..a0642e3
--- /dev/null
+++ b/debian/patches/0006-hooks-clone-protections-simplify-templates-hooks-vali.diff
@@ -0,0 +1,198 @@
+From 8813bb5f4109991b88c98584a4abbb2d06cfbc28 Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Sat, 18 May 2024 10:32:45 +0000
+Subject: hooks(clone protections): simplify templates hooks validation
+
+commit eff37e9b1dec25a3e1297eb89a36d8e68fe01b40 upstream.
+
+When an active hook is encountered during a clone operation, to protect
+against Remote Code Execution attack vectors, Git checks whether the
+hook was copied over from the templates directory.
+
+When that logic was introduced, there was no other way to check this
+than to add a function to compare files.
+
+In the meantime, we've added code to compute the SHA-256 checksum of a
+given hook and compare that checksum against a list of known-safe ones.
+
+Let's simplify the logic by adding to said list when copying the
+templates' hooks.
+
+We need to be careful to support multi-process operations such as
+recursive submodule clones: In such a scenario, the list of SHA-256
+checksums that is kept in memory is not enough, we also have to pass the
+information down to child processes via `GIT_CONFIG_PARAMETERS`.
+
+Extend the regression test in t5601 to ensure that recursive clones are
+handled as expected.
+
+Note: Technically there is no way that the checksums computed while
+initializing the submodules' gitdirs can be passed to the process that
+performs the checkout: For historical reasons, these operations are
+performed in processes spawned in separate loops from the
+super-project's `git clone` process. But since the templates from which
+the submodules are initialized are the very same as the ones from which
+the super-project is initialized, we can get away with using the list of
+SHA-256 checksums that is computed when initializing the super-project
+and passing that down to the `submodule--helper` processes that perform
+the recursive checkout.
+
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+---
+ hook.c | 43 ++++++++++++++++---------------------------
+ hook.h | 10 ++++++++++
+ setup.c | 7 +++++++
+ t/t5601-clone.sh | 19 +++++++++++++++++++
+ 4 files changed, 52 insertions(+), 27 deletions(-)
+
+diff --git a/hook.c b/hook.c
+index fc0548edb66..8ac51c9912b 100644
+--- a/hook.c
++++ b/hook.c
+@@ -14,32 +14,6 @@
+ #include "hash-ll.h"
+ #include "hex.h"
+
+-static int identical_to_template_hook(const char *name, const char *path)
+-{
+- const char *env = getenv("GIT_CLONE_TEMPLATE_DIR");
+- const char *template_dir = get_template_dir(env && *env ? env : NULL);
+- struct strbuf template_path = STRBUF_INIT;
+- int found_template_hook, ret;
+-
+- strbuf_addf(&template_path, "%s/hooks/%s", template_dir, name);
+- found_template_hook = access(template_path.buf, X_OK) >= 0;
+-#ifdef STRIP_EXTENSION
+- if (!found_template_hook) {
+- strbuf_addstr(&template_path, STRIP_EXTENSION);
+- found_template_hook = access(template_path.buf, X_OK) >= 0;
+- }
+-#endif
+- if (!found_template_hook) {
+- strbuf_release(&template_path);
+- return 0;
+- }
+-
+- ret = do_files_match(template_path.buf, path);
+-
+- strbuf_release(&template_path);
+- return ret;
+-}
+-
+ static struct strset safe_hook_sha256s = STRSET_INIT;
+ static int safe_hook_sha256s_initialized;
+
+@@ -70,6 +44,22 @@ static int get_sha256_of_file_contents(const char *path, char *sha256)
+ return 0;
+ }
+
++void add_safe_hook(const char *path)
++{
++ char sha256[GIT_SHA256_HEXSZ + 1] = { '\0' };
++
++ if (!get_sha256_of_file_contents(path, sha256)) {
++ char *p;
++
++ strset_add(&safe_hook_sha256s, sha256);
++
++ /* support multi-process operations e.g. recursive clones */
++ p = xstrfmt("safe.hook.sha256=%s", sha256);
++ git_config_push_parameter(p);
++ free(p);
++ }
++}
++
+ static int safe_hook_cb(const char *key, const char *value,
+ const struct config_context *ctx UNUSED, void *d)
+ {
+@@ -142,7 +132,6 @@ const char *find_hook(const char *name)
+ return NULL;
+ }
+ if (!git_hooks_path && git_env_bool("GIT_CLONE_PROTECTION_ACTIVE", 0) &&
+- !identical_to_template_hook(name, path.buf) &&
+ !is_hook_safe_during_clone(name, path.buf, sha256))
+ die(_("active `%s` hook found during `git clone`:\n\t%s\n"
+ "For security reasons, this is disallowed by default.\n"
+diff --git a/hook.h b/hook.h
+index 19ab9a5806e..b4770d9bd88 100644
+--- a/hook.h
++++ b/hook.h
+@@ -87,4 +87,14 @@ int run_hooks(const char *hook_name);
+ * hook. This function behaves like the old run_hook_le() API.
+ */
+ int run_hooks_l(const char *hook_name, ...);
++
++/**
++ * Mark the contents of the provided path as safe to run during a clone
++ * operation.
++ *
++ * This function is mainly used when copying templates to mark the
++ * just-copied hooks as benign.
++ */
++void add_safe_hook(const char *path);
++
+ #endif
+diff --git a/setup.c b/setup.c
+index 30f243fc32d..25828a85ec3 100644
+--- a/setup.c
++++ b/setup.c
+@@ -17,6 +17,8 @@
+ #include "trace2.h"
+ #include "worktree.h"
+ #include "exec-cmd.h"
++#include "run-command.h"
++#include "hook.h"
+
+ static int inside_git_dir = -1;
+ static int inside_work_tree = -1;
+@@ -1868,6 +1870,7 @@ static void copy_templates_1(struct strbuf *path, struct strbuf *template_path,
+ size_t path_baselen = path->len;
+ size_t template_baselen = template_path->len;
+ struct dirent *de;
++ int is_hooks_dir = ends_with(template_path->buf, "/hooks/");
+
+ /* Note: if ".git/hooks" file exists in the repository being
+ * re-initialized, /etc/core-git/templates/hooks/update would
+@@ -1920,6 +1923,10 @@ static void copy_templates_1(struct strbuf *path, struct strbuf *template_path,
+ strbuf_release(&lnk);
+ }
+ else if (S_ISREG(st_template.st_mode)) {
++ if (is_hooks_dir &&
++ is_executable(template_path->buf))
++ add_safe_hook(template_path->buf);
++
+ if (copy_file(path->buf, template_path->buf, st_template.st_mode))
+ die_errno(_("cannot copy '%s' to '%s'"),
+ template_path->buf, path->buf);
+diff --git a/t/t5601-clone.sh b/t/t5601-clone.sh
+index deb1c282c71..ca3a8d1ebed 100755
+--- a/t/t5601-clone.sh
++++ b/t/t5601-clone.sh
+@@ -836,6 +836,25 @@ test_expect_success 'clone with init.templatedir runs hooks' '
+ git config --unset init.templateDir &&
+ test_grep ! "active .* hook found" err &&
+ test_path_is_missing hook-run-local-config/hook.run
++ ) &&
++
++ test_config_global protocol.file.allow always &&
++ git -C tmpl/hooks submodule add "$(pwd)/tmpl/hooks" sub &&
++ test_tick &&
++ git -C tmpl/hooks add .gitmodules sub &&
++ git -C tmpl/hooks commit -m submodule &&
++
++ (
++ sane_unset GIT_TEMPLATE_DIR &&
++ NO_SET_GIT_TEMPLATE_DIR=t &&
++ export NO_SET_GIT_TEMPLATE_DIR &&
++
++ git -c init.templateDir="$(pwd)/tmpl" \
++ clone --recurse-submodules \
++ tmpl/hooks hook-run-submodule 2>err &&
++ test_grep ! "active .* hook found" err &&
++ test_path_is_file hook-run-submodule/hook.run &&
++ test_path_is_file hook-run-submodule/sub/hook.run
+ )
+ '
+
diff --git a/debian/patches/0007-Revert-Add-a-helper-function-to-compare-file-contents.diff b/debian/patches/0007-Revert-Add-a-helper-function-to-compare-file-contents.diff
new file mode 100644
index 0000000..6cf2874
--- /dev/null
+++ b/debian/patches/0007-Revert-Add-a-helper-function-to-compare-file-contents.diff
@@ -0,0 +1,185 @@
+From 13b17dea6c851b21ceb9ce163cdd7338f1ec4ecf Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Sat, 18 May 2024 10:32:46 +0000
+Subject: Revert "Add a helper function to compare file contents"
+
+commit 851218a8af645b0abd64882d2b88bc984aa762e9 upstream.
+
+Now that during a `git clone`, the hooks' contents are no longer
+compared to the templates' files', the caller for which the
+`do_files_match()` function was introduced is gone, and therefore this
+function can be retired, too.
+
+This reverts commit 584de0b4c23 (Add a helper function to compare file
+contents, 2024-03-30).
+
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+---
+ copy.c | 58 --------------------------------------
+ copy.h | 14 ---------
+ t/helper/test-path-utils.c | 10 -------
+ t/t0060-path-utils.sh | 41 ---------------------------
+ 4 files changed, 123 deletions(-)
+
+diff --git a/copy.c b/copy.c
+index 3df156f6cea..d9d20920126 100644
+--- a/copy.c
++++ b/copy.c
+@@ -70,61 +70,3 @@ int copy_file_with_time(const char *dst, const char *src, int mode)
+ return copy_times(dst, src);
+ return status;
+ }
+-
+-static int do_symlinks_match(const char *path1, const char *path2)
+-{
+- struct strbuf buf1 = STRBUF_INIT, buf2 = STRBUF_INIT;
+- int ret = 0;
+-
+- if (!strbuf_readlink(&buf1, path1, 0) &&
+- !strbuf_readlink(&buf2, path2, 0))
+- ret = !strcmp(buf1.buf, buf2.buf);
+-
+- strbuf_release(&buf1);
+- strbuf_release(&buf2);
+- return ret;
+-}
+-
+-int do_files_match(const char *path1, const char *path2)
+-{
+- struct stat st1, st2;
+- int fd1 = -1, fd2 = -1, ret = 1;
+- char buf1[8192], buf2[8192];
+-
+- if ((fd1 = open_nofollow(path1, O_RDONLY)) < 0 ||
+- fstat(fd1, &st1) || !S_ISREG(st1.st_mode)) {
+- if (fd1 < 0 && errno == ELOOP)
+- /* maybe this is a symbolic link? */
+- return do_symlinks_match(path1, path2);
+- ret = 0;
+- } else if ((fd2 = open_nofollow(path2, O_RDONLY)) < 0 ||
+- fstat(fd2, &st2) || !S_ISREG(st2.st_mode)) {
+- ret = 0;
+- }
+-
+- if (ret)
+- /* to match, neither must be executable, or both */
+- ret = !(st1.st_mode & 0111) == !(st2.st_mode & 0111);
+-
+- if (ret)
+- ret = st1.st_size == st2.st_size;
+-
+- while (ret) {
+- ssize_t len1 = read_in_full(fd1, buf1, sizeof(buf1));
+- ssize_t len2 = read_in_full(fd2, buf2, sizeof(buf2));
+-
+- if (len1 < 0 || len2 < 0 || len1 != len2)
+- ret = 0; /* read error or different file size */
+- else if (!len1) /* len2 is also 0; hit EOF on both */
+- break; /* ret is still true */
+- else
+- ret = !memcmp(buf1, buf2, len1);
+- }
+-
+- if (fd1 >= 0)
+- close(fd1);
+- if (fd2 >= 0)
+- close(fd2);
+-
+- return ret;
+-}
+diff --git a/copy.h b/copy.h
+index 057259a3a7a..2af77cba864 100644
+--- a/copy.h
++++ b/copy.h
+@@ -7,18 +7,4 @@ int copy_fd(int ifd, int ofd);
+ int copy_file(const char *dst, const char *src, int mode);
+ int copy_file_with_time(const char *dst, const char *src, int mode);
+
+-/*
+- * Compare the file mode and contents of two given files.
+- *
+- * If both files are actually symbolic links, the function returns 1 if the link
+- * targets are identical or 0 if they are not.
+- *
+- * If any of the two files cannot be accessed or in case of read failures, this
+- * function returns 0.
+- *
+- * If the file modes and contents are identical, the function returns 1,
+- * otherwise it returns 0.
+- */
+-int do_files_match(const char *path1, const char *path2);
+-
+ #endif /* COPY_H */
+diff --git a/t/helper/test-path-utils.c b/t/helper/test-path-utils.c
+index 023ed2e1a78..bf0e23ed505 100644
+--- a/t/helper/test-path-utils.c
++++ b/t/helper/test-path-utils.c
+@@ -501,16 +501,6 @@ int cmd__path_utils(int argc, const char **argv)
+ return !!res;
+ }
+
+- if (argc == 4 && !strcmp(argv[1], "do_files_match")) {
+- int ret = do_files_match(argv[2], argv[3]);
+-
+- if (ret)
+- printf("equal\n");
+- else
+- printf("different\n");
+- return !ret;
+- }
+-
+ fprintf(stderr, "%s: unknown function name: %s\n", argv[0],
+ argv[1] ? argv[1] : "(there was none)");
+ return 1;
+diff --git a/t/t0060-path-utils.sh b/t/t0060-path-utils.sh
+index 85686ee15da..0afa3d0d312 100755
+--- a/t/t0060-path-utils.sh
++++ b/t/t0060-path-utils.sh
+@@ -610,45 +610,4 @@ test_expect_success !VALGRIND,RUNTIME_PREFIX,CAN_EXEC_IN_PWD '%(prefix)/ works'
+ test_cmp expect actual
+ '
+
+-test_expect_success 'do_files_match()' '
+- test_seq 0 10 >0-10.txt &&
+- test_seq -1 10 >-1-10.txt &&
+- test_seq 1 10 >1-10.txt &&
+- test_seq 1 9 >1-9.txt &&
+- test_seq 0 8 >0-8.txt &&
+-
+- test-tool path-utils do_files_match 0-10.txt 0-10.txt >out &&
+-
+- assert_fails() {
+- test_must_fail \
+- test-tool path-utils do_files_match "$1" "$2" >out &&
+- grep different out
+- } &&
+-
+- assert_fails 0-8.txt 1-9.txt &&
+- assert_fails -1-10.txt 0-10.txt &&
+- assert_fails 1-10.txt 1-9.txt &&
+- assert_fails 1-10.txt .git &&
+- assert_fails does-not-exist 1-10.txt &&
+-
+- if test_have_prereq FILEMODE
+- then
+- cp 0-10.txt 0-10.x &&
+- chmod a+x 0-10.x &&
+- assert_fails 0-10.txt 0-10.x
+- fi &&
+-
+- if test_have_prereq SYMLINKS
+- then
+- ln -sf 0-10.txt symlink &&
+- ln -s 0-10.txt another-symlink &&
+- ln -s over-the-ocean yet-another-symlink &&
+- ln -s "$PWD/0-10.txt" absolute-symlink &&
+- assert_fails 0-10.txt symlink &&
+- test-tool path-utils do_files_match symlink another-symlink &&
+- assert_fails symlink yet-another-symlink &&
+- assert_fails symlink absolute-symlink
+- fi
+-'
+-
+ test_done
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..7ff1f37
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,7 @@
+0001-hook-plug-a-new-memory-leak.diff
+0002-Revert-core.hooksPath-add-some-protection-while-cloni.diff
+0003-tests-verify-that-clone-c-core.hooksPath-dev-null-wor.diff
+0004-hook-clone-protections-add-escape-hatch.diff
+0005-hooks-clone-protections-special-case-current-Git-LFS-.diff
+0006-hooks-clone-protections-simplify-templates-hooks-vali.diff
+0007-Revert-Add-a-helper-function-to-compare-file-contents.diff
diff --git a/debian/versions.upstream b/debian/versions.upstream
index 0562272..7af7478 100644
--- a/debian/versions.upstream
+++ b/debian/versions.upstream
@@ -831,21 +831,38 @@ v2.39.0
v2.39.1
v2.39.2
v2.39.3
+v2.39.4
v2.40.0-rc0
v2.40.0-rc1
v2.40.0-rc2
v2.40.0
v2.40.1
+v2.40.2
v2.41.0-rc0
v2.41.0-rc1
v2.41.0-rc2
v2.41.0
+v2.41.1
v2.42.0-rc0
v2.42.0-rc1
v2.42.0-rc2
v2.42.0
v2.42.1
+v2.42.2
v2.43.0-rc0
v2.43.0-rc1
v2.43.0-rc2
v2.43.0
+v2.43.1
+v2.43.2
+v2.43.3
+v2.43.4
+v2.44.0-rc0
+v2.44.0-rc1
+v2.44.0-rc2
+v2.44.0
+v2.44.1
+v2.45.0-rc0
+v2.45.0-rc1
+v2.45.0
+v2.45.1