Update to 2.14.5 (CVE-2018-17456)

From the upstream release announcement:

  These releases fix a security flaw (CVE-2018-17456), which allowed an
  attacker to execute arbitrary code by crafting a malicious .gitmodules
  file in a project cloned with --recurse-submodules.

  When running "git clone --recurse-submodules", Git parses the supplied
  .gitmodules file for a URL field and blindly passes it as an argument
  to a "git clone" subprocess.  If the URL field is set to a string that
  begins with a dash, this "git clone" subprocess interprets the URL as
  an option.  This can lead to executing an arbitrary script shipped in
  the superproject as the user who ran "git clone".

  In addition to fixing the security issue for the user running "clone",
  the 2.17.2, 2.18.1 and 2.19.1 releases have an "fsck" check which can
  be used to detect such malicious repository content when fetching or
  accepting a push. See "transfer.fsckObjects" in git-config(1).

  Credit for finding and fixing this vulnerability goes to joernchen
  and Jeff King, respectively.

References:
https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct.c.googlers.com/

.mailmap

@@ -1,18 +0,0 @@
-<atkac@redhat.com> <atkac@fedoraproject.org>
-<atkac@redhat.com> <vonsch@gmail.com>
-<bernie@codewiz.org> <bernie@fedoraproject.org>
-<Christian.Iseli@licr.org> <c4chris@fedoraproject.org>
-<dennis@ausil.us> <ausil@fedoraproject.org>
-<dwmw2@infradead.org> <David.Woodhouse@intel.com>
-James Bowes <jbowes@redhat.com> <jbowes@fedoraproject.org>
-<jkeating@redhat.com> <jkeating@fedoraproject.org>
-Josh Boyer <jwboyer@gmail.com> <jwboyer@fedoraproject.org>
-<katzj@redhat.com> <katzj@fedoraproject.org>
-<lkundrak@redhat.com> <lkundrak@fedoraproject.org>
-<mmaslano@redhat.com> <mmaslano@fedoraproject.org>
-<releng@fedoraproject.org> <rel-eng@lists.fedoraproject.org>
-<skasal@redhat.com> <kasal@fedoraproject.org>
-<tmraz@redhat.com> <tmraz@fedoraproject.org>
-<tmz@pobox.com> <tmz@fedoraproject.org>
-<ville.skytta@iki.fi> <scop@fedoraproject.org>
-<xavier@bachelot.org> <xavierb@fedoraproject.org>

0001-git-svn-control-destruction-order-to-avoid-segfault.patch

@@ -0,0 +1,40 @@
+From 7f6f75e97acd25f8e95ce431e16d2e1c2093845d Mon Sep 17 00:00:00 2001
+From: Eric Wong <e@80x24.org>
+Date: Mon, 29 Jan 2018 23:11:07 +0000
+Subject: [PATCH] git-svn: control destruction order to avoid segfault
+
+It seems necessary to control destruction ordering to avoid a
+segfault with SVN 1.9.5 when using "git svn branch".  I've also
+reported the problem against libsvn-perl to Debian [Bug #888791],
+but releasing the SVN::Client instance can be beneficial anyways to
+save memory.
+
+ref: https://bugs.debian.org/888791
+Tested-by: Todd Zullinger <tmz@pobox.com>
+Reported-by: brian m. carlson <sandals@crustytoothpaste.net>
+Signed-off-by: Eric Wong <e@80x24.org>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Signed-off-by: Todd Zullinger <tmz@pobox.com>
+---
+ git-svn.perl | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/git-svn.perl b/git-svn.perl
+index aa242d4f4f..b012980246 100755
+--- a/git-svn.perl
++++ b/git-svn.perl
+@@ -1199,6 +1199,11 @@ sub cmd_branch {
+ 	$ctx->copy($src, $rev, $dst)
+ 		unless $_dry_run;
+ 
++	# Release resources held by ctx before creating another SVN::Ra
++	# so destruction is orderly.  This seems necessary with SVN 1.9.5
++	# to avoid segfaults.
++	$ctx = undef;
++
+ 	$gs->fetch_all;
+ }
+ 
+-- 
+2.16.1
+

0001-rev-parse-check-lookup-ed-commit-references-for-NULL.patch

@@ -0,0 +1,72 @@
+From b03b51f889272622a3859a3765f1e7d1175b2346 Mon Sep 17 00:00:00 2001
+From: Elijah Newren <newren@gmail.com>
+Date: Wed, 23 May 2018 23:27:33 -0700
+Subject: [PATCH] rev-parse: check lookup'ed commit references for NULL
+
+Commits 2122f8b963d4 ("rev-parse: Add support for the ^! and ^@ syntax",
+2008-07-26) and 3dd4e7320d ("Teach rev-parse the ... syntax.", 2006-07-04)
+taught rev-parse new syntax, and used lookup_commit_reference() as part of
+their logic.  Neither usage checked the returned commit to see if it was
+non-NULL before using it.  Check for NULL and ensure an appropriate error
+is reported to the user.
+
+Reported by Florian Weimer and Todd Zullinger.
+
+Helped-by: Jeff King <peff@peff.net>
+Signed-off-by: Elijah Newren <newren@gmail.com>
+Signed-off-by: Todd Zullinger <tmz@pobox.com>
+---
+ builtin/rev-parse.c          | 8 ++++++--
+ t/t6101-rev-parse-parents.sh | 8 ++++++++
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/builtin/rev-parse.c b/builtin/rev-parse.c
+index 7f965fe74e..fd8e52c7b7 100644
+--- a/builtin/rev-parse.c
++++ b/builtin/rev-parse.c
+@@ -282,6 +282,10 @@ static int try_difference(const char *arg)
+ 			struct commit *a, *b;
+ 			a = lookup_commit_reference(&oid);
+ 			b = lookup_commit_reference(&end);
++			if (!a || !b) {
++				*dotdot = '.';
++				return 0;
++			}
+ 			exclude = get_merge_bases(a, b);
+ 			while (exclude) {
+ 				struct commit *commit = pop_commit(&exclude);
+@@ -328,12 +332,12 @@ static int try_parent_shorthands(const char *arg)
+ 		return 0;
+ 
+ 	*dotdot = 0;
+-	if (get_sha1_committish(arg, oid.hash)) {
++	if (get_sha1_committish(arg, oid.hash) ||
++	    !(commit = lookup_commit_reference(&oid))) {
+ 		*dotdot = '^';
+ 		return 0;
+ 	}
+ 
+-	commit = lookup_commit_reference(&oid);
+ 	if (exclude_parent &&
+ 	    exclude_parent > commit_list_count(commit->parents)) {
+ 		*dotdot = '^';
+diff --git a/t/t6101-rev-parse-parents.sh b/t/t6101-rev-parse-parents.sh
+index 8c617981a3..7683e4a114 100755
+--- a/t/t6101-rev-parse-parents.sh
++++ b/t/t6101-rev-parse-parents.sh
+@@ -214,4 +214,12 @@ test_expect_success 'rev-list merge^-1x (garbage after ^-1)' '
+ 	test_must_fail git rev-list merge^-1x
+ '
+ 
++test_expect_success 'rev-parse $garbage^@ does not segfault' '
++	test_must_fail git rev-parse $EMPTY_TREE^@
++'
++
++test_expect_success 'rev-parse $garbage...$garbage does not segfault' '
++	test_must_fail git rev-parse $EMPTY_TREE...$EMPTY_BLOB
++'
++
+ test_done
+-- 
+2.17.0
+

0001-revision-quit-pruning-diff-more-quickly-when-possibl.patch

@@ -0,0 +1,129 @@
+From fffa73135ec366040b4570e386736afcd9fc4715 Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Fri, 13 Oct 2017 11:27:45 -0400
+Subject: [PATCH] revision: quit pruning diff more quickly when possible
+
+When the revision traversal machinery is given a pathspec,
+we must compute the parent-diff for each commit to determine
+which ones are TREESAME. We set the QUICK diff flag to avoid
+looking at more entries than we need; we really just care
+whether there are any changes at all.
+
+But there is one case where we want to know a bit more: if
+--remove-empty is set, we care about finding cases where the
+change consists only of added entries (in which case we may
+prune the parent in try_to_simplify_commit()). To cover that
+case, our file_add_remove() callback does not quit the diff
+upon seeing an added entry; it keeps looking for other types
+of entries.
+
+But this means when --remove-empty is not set (and it is not
+by default), we compute more of the diff than is necessary.
+You can see this in a pathological case where a commit adds
+a very large number of entries, and we limit based on a
+broad pathspec. E.g.:
+
+  perl -e '
+    chomp(my $blob = `git hash-object -w --stdin </dev/null`);
+    for my $a (1..1000) {
+      for my $b (1..1000) {
+        print "100644 $blob\t$a/$b\n";
+      }
+    }
+  ' | git update-index --index-info
+  git commit -qm add
+
+  git rev-list HEAD -- .
+
+This case takes about 100ms now, but after this patch only
+needs 6ms. That's not a huge improvement, but it's easy to
+get and it protects us against even more pathological cases
+(e.g., going from 1 million to 10 million files would take
+ten times as long with the current code, but not increase at
+all after this patch).
+
+This is reported to minorly speed-up pathspec limiting in
+real world repositories (like the 100-million-file Windows
+repository), but probably won't make a noticeable difference
+outside of pathological setups.
+
+This patch actually covers the case without --remove-empty,
+and the case where we see only deletions. See the in-code
+comment for details.
+
+Note that we have to add a new member to the diff_options
+struct so that our callback can see the value of
+revs->remove_empty_trees. This callback parameter could be
+passed to the "add_remove" and "change" callbacks, but
+there's not much point. They already receive the
+diff_options struct, and doing it this way avoids having to
+update the function signature of the other callbacks
+(arguably the format_callback and output_prefix functions
+could benefit from the same simplification).
+
+Signed-off-by: Jeff King <peff@peff.net>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+(cherry picked from commit a937b37e766479c8e780b17cce9c4b252fd97e40)
+---
+ diff.h     |  1 +
+ revision.c | 16 +++++++++++++---
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/diff.h b/diff.h
+index 2d442e296f..142a2f24f2 100644
+--- a/diff.h
++++ b/diff.h
+@@ -180,6 +180,7 @@ struct diff_options {
+ 	pathchange_fn_t pathchange;
+ 	change_fn_t change;
+ 	add_remove_fn_t add_remove;
++	void *change_fn_data;
+ 	diff_format_fn_t format_callback;
+ 	void *format_callback_data;
+ 	diff_prefix_fn_t output_prefix;
+diff --git a/revision.c b/revision.c
+index 7da0907c85..1770f9ec33 100644
+--- a/revision.c
++++ b/revision.c
+@@ -392,8 +392,16 @@ static struct commit *one_relevant_parent(const struct rev_info *revs,
+  * if the whole diff is removal of old data, and otherwise
+  * REV_TREE_DIFFERENT (of course if the trees are the same we
+  * want REV_TREE_SAME).
+- * That means that once we get to REV_TREE_DIFFERENT, we do not
+- * have to look any further.
++ *
++ * The only time we care about the distinction is when
++ * remove_empty_trees is in effect, in which case we care only about
++ * whether the whole change is REV_TREE_NEW, or if there's another type
++ * of change. Which means we can stop the diff early in either of these
++ * cases:
++ *
++ *   1. We're not using remove_empty_trees at all.
++ *
++ *   2. We saw anything except REV_TREE_NEW.
+  */
+ static int tree_difference = REV_TREE_SAME;
+ 
+@@ -404,9 +412,10 @@ static void file_add_remove(struct diff_options *options,
+ 		    const char *fullpath, unsigned dirty_submodule)
+ {
+ 	int diff = addremove == '+' ? REV_TREE_NEW : REV_TREE_OLD;
++	struct rev_info *revs = options->change_fn_data;
+ 
+ 	tree_difference |= diff;
+-	if (tree_difference == REV_TREE_DIFFERENT)
++	if (!revs->remove_empty_trees || tree_difference != REV_TREE_NEW)
+ 		DIFF_OPT_SET(options, HAS_CHANGES);
+ }
+ 
+@@ -1345,6 +1354,7 @@ void init_revisions(struct rev_info *revs, const char *prefix)
+ 	DIFF_OPT_SET(&revs->pruning, QUICK);
+ 	revs->pruning.add_remove = file_add_remove;
+ 	revs->pruning.change = file_change;
++	revs->pruning.change_fn_data = revs;
+ 	revs->sort_order = REV_SORT_IN_GRAPH_ORDER;
+ 	revs->dense = 1;
+ 	revs->prefix = prefix;
+-- 
+2.15.0
+

0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch

@@ -1,73 +0,0 @@
-From 89ccbc15948db9ddbf74530e3fd66dd78ae897ae Mon Sep 17 00:00:00 2001
-From: Todd Zullinger <tmz@pobox.com>
-Date: Sun, 21 Aug 2022 13:49:57 -0400
-Subject: [PATCH] t/lib-httpd: try harder to find a port for apache
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When running multiple builds concurrently, tests which run daemons, like
-apache httpd, sometimes conflict with each other, leading to spurious
-failures:
-
-    ++ /usr/sbin/httpd -d '/tmp/git-t.ck9I/trash directory.t9118-git-svn-funky-branch-names/httpd' \
-       -f /builddir/build/BUILD/git-2.37.2/t/lib-httpd/apache.conf -DDAV -DSVN -c 'Listen 127.0.0.1:9118' \
-       -k start
-    (98)Address already in use: AH00072: make_sock: could not bind to address 127.0.0.1:9118
-    no listening sockets available, shutting down
-    AH00015: Unable to open logs
-    ++ test 1 -ne 0
-
-Try a bit harder to find an open port to use to avoid these intermittent
-failures.  If we fail to start httpd, increment the port number and try
-again.  By default, we make 3 attempts.  This may be overridden by
-setting GIT_TEST_START_HTTPD_TRIES to a different value.
-
-Helped-by: Ondřej Pohořelský <opohorel@redhat.com>
-Signed-off-by: Todd Zullinger <tmz@pobox.com>
----
- t/lib-httpd.sh | 29 ++++++++++++++++++-----------
- 1 file changed, 18 insertions(+), 11 deletions(-)
-
-diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
-index 2fb1b2ae56..4afdf5a6aa 100644
---- a/t/lib-httpd.sh
-+++ b/t/lib-httpd.sh
-@@ -206,19 +206,26 @@ enable_cgipassauth () {
- }
- 
- start_httpd() {
--	prepare_httpd >&3 2>&4
--
- 	test_atexit stop_httpd
- 
--	"$LIB_HTTPD_PATH" -d "$HTTPD_ROOT_PATH" \
--		-f "$TEST_PATH/apache.conf" $HTTPD_PARA \
--		-c "Listen 127.0.0.1:$LIB_HTTPD_PORT" -k start \
--		>&3 2>&4
--	if test $? -ne 0
--	then
--		cat "$HTTPD_ROOT_PATH"/error.log >&4 2>/dev/null
--		test_skip_or_die GIT_TEST_HTTPD "web server setup failed"
--	fi
-+	i=0
-+	while test $i -lt ${GIT_TEST_START_HTTPD_TRIES:-3}
-+	do
-+		i=$(($i + 1))
-+		prepare_httpd >&3 2>&4
-+		say >&3 "Starting httpd on port $LIB_HTTPD_PORT"
-+		"$LIB_HTTPD_PATH" -d "$HTTPD_ROOT_PATH" \
-+			-f "$TEST_PATH/apache.conf" $HTTPD_PARA \
-+			-c "Listen 127.0.0.1:$LIB_HTTPD_PORT" -k start \
-+			>&3 2>&4
-+		test $? -eq 0 && return
-+		LIB_HTTPD_PORT=$(($LIB_HTTPD_PORT + 1))
-+		export LIB_HTTPD_PORT
-+		# clean up modules symlink, prepare_httpd will re-create it
-+		rm -f "$HTTPD_ROOT_PATH/modules"
-+	done
-+	cat "$HTTPD_ROOT_PATH"/error.log >&4 2>/dev/null
-+	test_skip_or_die GIT_TEST_HTTPD "web server setup failed"
- }
- 
- stop_httpd() {

0002-t-lib-git-daemon-try-harder-to-find-a-port.patch

@@ -1,88 +0,0 @@
-From e90e1068ddc9cfa3badd23b16a46c57ed6d8308a Mon Sep 17 00:00:00 2001
-From: Todd Zullinger <tmz@pobox.com>
-Date: Fri, 26 Aug 2022 18:28:44 -0400
-Subject: [PATCH] t/lib-git-daemon: try harder to find a port
-
-As with the previous commit, try harder to find an open port to avoid
-intermittent failures on busy/shared build systems.
-
-By default, we make 3 attempts.  This may be overridden by setting
-GIT_TEST_START_GIT_DAEMON_TRIES to a different value.
-
-Signed-off-by: Todd Zullinger <tmz@pobox.com>
----
- t/lib-git-daemon.sh | 60 ++++++++++++++++++++++++++++-----------------
- 1 file changed, 37 insertions(+), 23 deletions(-)
-
-diff --git a/t/lib-git-daemon.sh b/t/lib-git-daemon.sh
-index e62569222b..c3e8dda9ff 100644
---- a/t/lib-git-daemon.sh
-+++ b/t/lib-git-daemon.sh
-@@ -51,30 +51,44 @@ start_git_daemon() {
- 		registered_stop_git_daemon_atexit_handler=AlreadyDone
- 	fi
- 
--	say >&3 "Starting git daemon ..."
--	mkfifo git_daemon_output
--	${LIB_GIT_DAEMON_COMMAND:-git daemon} \
--		--listen=127.0.0.1 --port="$LIB_GIT_DAEMON_PORT" \
--		--reuseaddr --verbose --pid-file="$GIT_DAEMON_PIDFILE" \
--		--base-path="$GIT_DAEMON_DOCUMENT_ROOT_PATH" \
--		"$@" "$GIT_DAEMON_DOCUMENT_ROOT_PATH" \
--		>&3 2>git_daemon_output &
--	GIT_DAEMON_PID=$!
--	{
--		read -r line <&7
--		printf "%s\n" "$line" >&4
--		cat <&7 >&4 &
--	} 7<git_daemon_output &&
-+	i=0
-+	while test $i -lt ${GIT_TEST_START_GIT_DAEMON_TRIES:-3}
-+	do
-+		say >&3 "Starting git daemon on port $LIB_GIT_DAEMON_PORT ..."
-+		mkfifo git_daemon_output
-+		${LIB_GIT_DAEMON_COMMAND:-git daemon} \
-+			--listen=127.0.0.1 --port="$LIB_GIT_DAEMON_PORT" \
-+			--reuseaddr --verbose --pid-file="$GIT_DAEMON_PIDFILE" \
-+			--base-path="$GIT_DAEMON_DOCUMENT_ROOT_PATH" \
-+			"$@" "$GIT_DAEMON_DOCUMENT_ROOT_PATH" \
-+			>&3 2>git_daemon_output &
-+		GIT_DAEMON_PID=$!
-+		{
-+			read -r line <&7
-+			printf "%s\n" "$line" >&4
-+			cat <&7 >&4 &
-+		} 7<git_daemon_output &&
- 
--	# Check expected output
--	if test x"$(expr "$line" : "\[[0-9]*\] \(.*\)")" != x"Ready to rumble"
--	then
--		kill "$GIT_DAEMON_PID"
--		wait "$GIT_DAEMON_PID"
--		unset GIT_DAEMON_PID
--		test_skip_or_die GIT_TEST_GIT_DAEMON \
--			"git daemon failed to start"
--	fi
-+		# Check expected output
-+		output="$(expr "$line" : "\[[0-9]*\] \(.*\)")"
-+		# Return if found
-+		test x"$output" = x"Ready to rumble" && return
-+		# Increment port for retry if not found
-+		LIB_GIT_DAEMON_PORT=$(($LIB_GIT_DAEMON_PORT + 1))
-+		export LIB_GIT_DAEMON_PORT
-+		GIT_DAEMON_HOST_PORT=127.0.0.1:$LIB_GIT_DAEMON_PORT
-+		GIT_DAEMON_URL=git://$GIT_DAEMON_HOST_PORT
-+		# unset GIT_DAEMON_PID; remove the fifo & pid file
-+		GIT_DAEMON_PID=
-+		rm -f git_daemon_output "$GIT_DAEMON_PIDFILE"
-+	done
-+
-+	# Clean up and return failure
-+	kill "$GIT_DAEMON_PID"
-+	wait "$GIT_DAEMON_PID"
-+	unset GIT_DAEMON_PID
-+	test_skip_or_die GIT_TEST_GIT_DAEMON \
-+		"git daemon failed to start"
- }
- 
- stop_git_daemon() {

0003-t-lib-git-svn-try-harder-to-find-a-port.patch

@@ -1,85 +0,0 @@
-From 41423d666fd52eaa6aa2b44a0de1b81d0857ca06 Mon Sep 17 00:00:00 2001
-From: Todd Zullinger <tmz@pobox.com>
-Date: Fri, 26 Aug 2022 18:28:44 -0400
-Subject: [PATCH] t/lib-git-svn: try harder to find a port
-
-As with the previous commits, try harder to find an open port to avoid
-intermittent failures on busy/shared build systems.
-
-By default, we make 3 attempts.  This may be overridden by setting
-GIT_TEST_START_SVNSERVE_TRIES to a different value.
-
-Run svnserve in daemon mode and use 'test_atexit' to stop it.  This is
-cleaner than running in the foreground with --listen-once and having to
-manage the PID ourselves.
-
-Signed-off-by: Todd Zullinger <tmz@pobox.com>
----
- t/lib-git-svn.sh                    | 34 +++++++++++++++++++++++++----
- t/t9113-git-svn-dcommit-new-file.sh |  1 -
- 2 files changed, 30 insertions(+), 5 deletions(-)
-
-diff --git a/t/lib-git-svn.sh b/t/lib-git-svn.sh
-index ea28971e8e..04e660e2ba 100644
---- a/t/lib-git-svn.sh
-+++ b/t/lib-git-svn.sh
-@@ -17,6 +17,7 @@ fi
- GIT_DIR=$PWD/.git
- GIT_SVN_DIR=$GIT_DIR/svn/refs/remotes/git-svn
- SVN_TREE=$GIT_SVN_DIR/svn-tree
-+SVNSERVE_PIDFILE="$PWD"/daemon.pid
- test_set_port SVNSERVE_PORT
- 
- svn >/dev/null 2>&1
-@@ -119,10 +120,35 @@ require_svnserve () {
- }
- 
- start_svnserve () {
--	svnserve --listen-port $SVNSERVE_PORT \
--		 --root "$rawsvnrepo" \
--		 --listen-once \
--		 --listen-host 127.0.0.1 &
-+	test_atexit stop_svnserve
-+
-+	i=0
-+	while test $i -lt ${GIT_TEST_START_SVNSERVE_TRIES:-3}
-+	do
-+		say >&3 "Starting svnserve on port $SVNSERVE_PORT ..."
-+		svnserve --listen-port $SVNSERVE_PORT \
-+			 --root "$rawsvnrepo" \
-+			 --daemon --pid-file="$SVNSERVE_PIDFILE" \
-+			 --listen-host 127.0.0.1
-+		ret=$?
-+		# increment port and retry if unsuccessful
-+		if test $ret -ne 0
-+		then
-+			SVNSERVE_PORT=$(($SVNSERVE_PORT + 1))
-+			export SVNSERVE_PORT
-+		else
-+			break
-+		fi
-+	done
-+}
-+
-+stop_svnserve () {
-+	say >&3 "Stopping svnserve ..."
-+	SVNSERVE_PID="$(cat "$SVNSERVE_PIDFILE")"
-+	if test -n "$SVNSERVE_PID"
-+	then
-+		kill "$SVNSERVE_PID" 2>/dev/null
-+	fi
- }
- 
- prepare_utf8_locale () {
-diff --git a/t/t9113-git-svn-dcommit-new-file.sh b/t/t9113-git-svn-dcommit-new-file.sh
-index e8479cec7a..5925891f5d 100755
---- a/t/t9113-git-svn-dcommit-new-file.sh
-+++ b/t/t9113-git-svn-dcommit-new-file.sh
-@@ -28,7 +28,6 @@ test_expect_success 'create files in new directory with dcommit' "
- 	echo hello > git-new-dir/world &&
- 	git update-index --add git-new-dir/world &&
- 	git commit -m hello &&
--	start_svnserve &&
- 	git svn dcommit
- 	"
- 

git-1.8-gitweb-home-link.patch

@@ -0,0 +1,12 @@
+diff -up git-1.8.4.2/gitweb/gitweb.perl.orig git-1.8.4.2/gitweb/gitweb.perl
+--- git-1.8.4.2/gitweb/gitweb.perl.orig	2013-10-28 14:17:38.000000000 -0400
++++ git-1.8.4.2/gitweb/gitweb.perl	2013-10-29 16:49:07.302747507 -0400
+@@ -83,7 +83,7 @@ our $projectroot = "++GITWEB_PROJECTROOT
+ our $project_maxdepth = "++GITWEB_PROJECT_MAXDEPTH++";
+ 
+ # string of the home link on top of all pages
+-our $home_link_str = "++GITWEB_HOME_LINK_STR++";
++our $home_link_str = $ENV{'SERVER_NAME'} ? "git://" . $ENV{'SERVER_NAME'} : "projects";
+ 
+ # extra breadcrumbs preceding the home link
+ our @extra_breadcrumbs = ();

git-2.52-sanitize-sideband-channel-messages.patch

@@ -1,275 +0,0 @@
-From 65e88e659008e2cbf79cf44975406ff0d569a3a9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= <opohorel@redhat.com>
-Date: Thu, 20 Nov 2025 12:24:59 +0100
-Subject: [PATCH] sideband: mask control characters
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The output of `git clone` is a vital component for understanding what
-has happened when things go wrong. However, these logs are partially
-under the control of the remote server (via the "sideband", which
-typically contains what the remote `git pack-objects` process sends to
-`stderr`), and is currently not sanitized by Git.
-
-This makes Git susceptible to ANSI escape sequence injection (see
-CWE-150, https://cwe.mitre.org/data/definitions/150.html), which allows
-attackers to corrupt terminal state, to hide information, and even to
-insert characters into the input buffer (i.e. as if the user had typed
-those characters).
-
-To plug this vulnerability, disallow any control character in the
-sideband, replacing them instead with the common `^<letter/symbol>`
-(e.g. `^[` for `\x1b`, `^A` for `\x01`).
-
-There is likely a need for more fine-grained controls instead of using a
-"heavy hammer" like this, which will be introduced subsequently.
-
-Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-sideband: introduce an "escape hatch" to allow control characters
-
-The preceding commit fixed the vulnerability whereas sideband messages
-(that are under the control of the remote server) could contain ANSI
-escape sequences that would be sent to the terminal verbatim.
-
-However, this fix may not be desirable under all circumstances, e.g.
-when remote servers deliberately add coloring to their messages to
-increase their urgency.
-
-To help with those use cases, give users a way to opt-out of the
-protections: `sideband.allowControlCharacters`.
-
-Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-sideband: do allow ANSI color sequences by default
-
-The preceding two commits introduced special handling of the sideband
-channel to neutralize ANSI escape sequences before sending the payload
-to the terminal, and `sideband.allowControlCharacters` to override that
-behavior.
-
-However, some `pre-receive` hooks that are actively used in practice
-want to color their messages and therefore rely on the fact that Git
-passes them through to the terminal.
-
-In contrast to other ANSI escape sequences, it is highly unlikely that
-coloring sequences can be essential tools in attack vectors that mislead
-Git users e.g. by hiding crucial information.
-
-Therefore we can have both: Continue to allow ANSI coloring sequences to
-be passed to the terminal, and neutralize all other ANSI escape
-sequences.
-
-Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-sideband: default to allowControlCharacters=true
-
-We don't want to change the default Git behaviour, just add the option
-to filter control characters.
-
-Signed-off-by: Ondřej Pohořelský <opohorel@redhat.com>
----
- Documentation/config.adoc           |  2 +
- Documentation/config/sideband.adoc  | 16 ++++++
- sideband.c                          | 78 ++++++++++++++++++++++++++++-
- t/t5409-colorize-remote-messages.sh | 31 ++++++++++++
- 4 files changed, 125 insertions(+), 2 deletions(-)
- create mode 100644 Documentation/config/sideband.adoc
-
-diff --git a/Documentation/config.adoc b/Documentation/config.adoc
-index 62eebe7c54..dcea3c0c15 100644
---- a/Documentation/config.adoc
-+++ b/Documentation/config.adoc
-@@ -523,6 +523,8 @@ include::config/sequencer.adoc[]
- 
- include::config/showbranch.adoc[]
- 
-+include::config/sideband.adoc[]
-+
- include::config/sparse.adoc[]
- 
- include::config/splitindex.adoc[]
-diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc
-new file mode 100644
-index 0000000000..c9ba24a02c
---- /dev/null
-+++ b/Documentation/config/sideband.adoc
-@@ -0,0 +1,16 @@
-+sideband.allowControlCharacters::
-+	By default, control characters that are delivered via the sideband
-+	are NOT masked. Use this config setting to prevent potentially
-+	unwanted ANSI escape sequences from being sent to the terminal:
-++
-+--
-+	color::
-+		Allow ANSI color sequences, line feeds and horizontal tabs,
-+		but mask all other control characters.
-+	false::
-+		Mask all control characters other than line feeds and
-+		horizontal tabs.
-+	true::
-+		Allow all control characters to be sent to the terminal.
-+		This is the default.
-+--
-\ No newline at end of file
-diff --git a/sideband.c b/sideband.c
-index ea7c25211e..88d1b44a7a 100644
---- a/sideband.c
-+++ b/sideband.c
-@@ -26,6 +26,12 @@ static struct keyword_entry keywords[] = {
- 	{ "error",	GIT_COLOR_BOLD_RED },
- };
- 
-+static enum {
-+	ALLOW_NO_CONTROL_CHARACTERS = 0,
-+	ALLOW_ALL_CONTROL_CHARACTERS = 1,
-+	ALLOW_ANSI_COLOR_SEQUENCES = 2
-+} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS;
-+
- /* Returns a color setting (GIT_COLOR_NEVER, etc). */
- static enum git_colorbool use_sideband_colors(void)
- {
-@@ -39,6 +45,25 @@ static enum git_colorbool use_sideband_colors(void)
- 	if (use_sideband_colors_cached != GIT_COLOR_UNKNOWN)
- 		return use_sideband_colors_cached;
- 
-+	switch (repo_config_get_maybe_bool(the_repository, "sideband.allowcontrolcharacters", &i)) {
-+	case 0: /* Boolean value */
-+		allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS :
-+			ALLOW_NO_CONTROL_CHARACTERS;
-+		break;
-+	case -1: /* non-Boolean value */
-+		if (repo_config_get_string_tmp(the_repository, "sideband.allowcontrolcharacters",
-+					      &value))
-+			; /* huh? `get_maybe_bool()` returned -1 */
-+		else if (!strcmp(value, "color"))
-+			allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES;
-+		else
-+			warning(_("unrecognized value for `sideband."
-+				  "allowControlCharacters`: '%s'"), value);
-+		break;
-+	default:
-+		break; /* not configured */
-+	}
-+
- 	if (!repo_config_get_string_tmp(the_repository, key, &value))
- 		use_sideband_colors_cached = git_config_colorbool(key, value);
- 	else if (!repo_config_get_string_tmp(the_repository, "color.ui", &value))
-@@ -66,6 +91,55 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref
- 		list_config_item(list, prefix, keywords[i].keyword);
- }
- 
-+static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n)
-+{
-+	int i;
-+
-+	/*
-+	 * Valid ANSI color sequences are of the form
-+	 *
-+	 * ESC [ [<n> [; <n>]*] m
-+	 */
-+
-+	if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES ||
-+	    n < 3 || src[0] != '\x1b' || src[1] != '[')
-+		return 0;
-+
-+	for (i = 2; i < n; i++) {
-+		if (src[i] == 'm') {
-+			strbuf_add(dest, src, i + 1);
-+			return i;
-+		}
-+		if (!isdigit(src[i]) && src[i] != ';')
-+			break;
-+	}
-+
-+	return 0;
-+}
-+
-+static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n)
-+{
-+	int i;
-+
-+	if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) {
-+		strbuf_add(dest, src, n);
-+		return;
-+	}
-+
-+	strbuf_grow(dest, n);
-+	for (; n && *src; src++, n--) {
-+		if (!iscntrl(*src) || *src == '\t' || *src == '\n')
-+			strbuf_addch(dest, *src);
-+		else if ((i = handle_ansi_color_sequence(dest, src, n))) {
-+			src += i;
-+			n -= i;
-+		} else {
-+			strbuf_addch(dest, '^');
-+			strbuf_addch(dest, 0x40 + *src);
-+		}
-+	}
-+}
-+
- /*
-  * Optionally highlight one keyword in remote output if it appears at the start
-  * of the line. This should be called for a single line only, which is
-@@ -81,7 +155,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n)
- 	int i;
- 
- 	if (!want_color_stderr(use_sideband_colors())) {
--		strbuf_add(dest, src, n);
-+		strbuf_add_sanitized(dest, src, n);
- 		return;
- 	}
- 
-@@ -114,7 +188,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n)
- 		}
- 	}
- 
--	strbuf_add(dest, src, n);
-+	strbuf_add_sanitized(dest, src, n);
- }
- 
- 
-diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh
-index fa5de4500a..2d40d8c640 100755
---- a/t/t5409-colorize-remote-messages.sh
-+++ b/t/t5409-colorize-remote-messages.sh
-@@ -98,4 +98,35 @@ test_expect_success 'fallback to color.ui' '
- 	grep "<BOLD;RED>error<RESET>: error" decoded
- '
- 
-+test_expect_success 'disallow (color) control sequences in sideband' '
-+	write_script .git/color-me-surprised <<-\EOF &&
-+	printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2
-+	exec "$@"
-+	EOF
-+	test_config_global uploadPack.packObjectshook ./color-me-surprised &&
-+	test_commit need-at-least-one-commit &&
-+
-+	git -c sideband.allowControlCharacters=color \
-+		clone --no-local . throw-away 2>stderr &&
-+	test_decode_color <stderr >decoded &&
-+	test_grep RED decoded &&
-+	test_grep "\\^G" stderr &&
-+	tr -dc "\\007" <stderr >actual &&
-+	test_must_be_empty actual &&
-+
-+	rm -rf throw-away &&
-+	git -c sideband.allowControlCharacters=false \
-+		clone --no-local . throw-away 2>stderr &&
-+	test_decode_color <stderr >decoded &&
-+	test_grep ! RED decoded &&
-+	test_grep "\\^G" stderr &&
-+
-+	rm -rf throw-away &&
-+	git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr &&
-+	test_decode_color <stderr >decoded &&
-+	test_grep RED decoded &&
-+	tr -dc "\\007" <stderr >actual &&
-+	test_file_not_empty actual
-+'
-+
- test_done
--- 
-2.51.1
-

git-init.el

@@ -0,0 +1,5 @@
+;; Git VC backend
+(add-to-list 'vc-handled-backends 'GIT t)
+(autoload 'git-status "git" "GIT mode." t)
+(autoload 'git-blame-mode "git-blame"
+ 	"Minor mode for incremental blame for Git." t)

git-test-apache-davlockdbtype-config.patch

@@ -1,14 +0,0 @@
-diff -ur b/t/lib-httpd/apache.conf a/t/lib-httpd/apache.conf
---- b/t/lib-httpd/apache.conf	2024-01-09 11:06:46.660868023 +0100
-+++ a/t/lib-httpd/apache.conf	2024-01-09 11:09:09.572713625 +0100
-@@ -272,7 +272,9 @@
- <IfDefine DAV>
- 	LoadModule dav_module modules/mod_dav.so
- 	LoadModule dav_fs_module modules/mod_dav_fs.so
--
-+	<IfDirective DavLockDBType>
-+   		DavLockDBType sdbm
-+	</IfDirective>
- 	DAVLockDB DAVLock
- 	<Location /dumb/>
- 		Dav on

git.rpmlintrc

@@ -1,42 +0,0 @@
-# the dictionary is a bit limited
-addFilter("git.* spelling-error %description .* subpackages")
-addFilter("git-subtree.* spelling-error %description .* (subdirectory|subproject|subtree)")
-
-# git-core-doc requires git-core, which provides the symlink target
-addFilter("git(-core-doc)?\..*: W: dangling-relative-symlink /usr/share/doc/git/contrib/hooks ../../../git-core/contrib/hooks")
-
-# gitk requires git, which provides the symlink target
-addFilter("gitk\.noarch: W: dangling-relative-symlink /usr/share/bash-completion/completions/gitk git")
-
-# git-gui requires git, which provides the git binary
-addFilter("git-gui.noarch: W: desktopfile-without-binary /usr/share/applications/git-gui.desktop git")
-
-# ignore no binary warning for main git package; making it noarch isn't trivial
-# since we have arch-specific subpackages
-addFilter("git\..*: E: no-binary$")
-
-# ignore no doc/manpage warnings where we don't expect any documentation
-addFilter("git-(all|core|credential-libsecret)\..*: W: no-documentation")
-addFilter("perl-Git-SVN.noarch: W: no-documentation")
-addFilter("git-core\..*: W: no-manual-page-for-binary")
-
-# nothing provides git-gnome-keyring, it's simply obsolete
-# similarly ignore the warning when git-cvs and git-p4 are disabled
-addFilter("git.* obsolete-not-provided git-(cvs|gnome-keyring|p4)")
-
-# git-svn has both man and html docs and only a single command
-addFilter('git-svn\..*: W: package-with-huge-docs')
-
-# ignore potential "bashisms" in docs
-addFilter('git-core-doc\.noarch: W: potential-bashisms /usr/share/doc/git/')
-
-# ignore unused-direct-shlib-dependency for libpcre; while it probably could be
-# removed from some binaries, the cost of doing so isn't worth the gain.
-addFilter('git-(core|daemon)\..*: W: unused-direct-shlib-dependency .* /lib64/libpcre2-.*')
-
-# ignore duplicate gvimdiff/nvimdiff files; they are only 29 bytes, sourcing the same base
-# vimdiff mergetool
-addFilter('git-core\..*: W: files-duplicate /usr/libexec/git-core/mergetools/[gn]vimdiff')
-
-# ignore non-standard-dir-in-var for gitweb (#479613)
-addFilter('gitweb.noarch: W: non-standard-dir-in-var www')

git.skip-test-patterns

@@ -1,33 +0,0 @@
-^ok 1 # SKIP enable client-side http/2 \(missing HTTP2\)$
-expensive 2GB clone test; enable with GIT_TEST_CLONE_2GB=true
-filesystem does not corrupt utf-8
-fsmonitor--daemon is not supported on this platform
-GIT_SKIP_TESTS
-missing AUTOIDENT
-missing BUILTIN_TXT_
-missing CASE_INSENSITIVE_FS
-missing DONTHAVEIT
-missing ([!]LONG_IS_64BIT,)?EXPENSIVE
-missing FSMONITOR_DAEMON
-missing JGIT
-missing !?LAZY_(TRUE|FALSE)
-missing MINGW
-missing NATIVE_CRLF
-missing !PCRE
-missing !PTHREADS
-missing !REFFILES
-missing RFC1991
-missing RUNTIME_PREFIX
-missing SYMLINKS_WINDOWS
-missing TAR_NEEDS_PAX_FALLBACK
-missing UTF8_NFD_TO_NFC
-missing WINDOWS
-skipped: skip all tests in t5559
-skipping case insensitive tests
-skipping git p4 tests
-skipping remote-svn tests, python not available
-skipping svn-info test
-skipping Windows-(only path|specific) tests
-Test requiring writable / skipped
-used to test external credential helpers
-You must set env var GIT_TEST_ALLOW_SUDO=YES in order to run this test

git.xinetd.in

@@ -8,7 +8,7 @@ service git
         socket_type     = stream
         wait            = no
         user            = nobody
-        server          = @GITEXECDIR@/git-daemon
+        server          = @GITCOREDIR@/git-daemon
         server_args     = --base-path=@BASE_PATH@ --export-all --user-path=public_git --syslog --inetd --verbose
         log_on_failure  += USERID
 }

git@.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Git Repositories Server Daemon
+Documentation=man:git-daemon(1)
+
+[Service]
+User=nobody
+ExecStart=-/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all --user-path=public_git --syslog --inetd --verbose
+StandardInput=socket

git@.service.in

@@ -1,10 +0,0 @@
-[Unit]
-Description=Git Repositories Server Daemon
-Documentation=man:git-daemon(1)
-
-[Service]
-User=nobody
-ExecStart=-@GITEXECDIR@/git-daemon --base-path=@BASE_PATH@ --export-all \
-          --user-path=public_git --inetd --log-destination=stderr --verbose
-StandardInput=socket
-StandardError=journal

gpgkey-junio.asc

@@ -59,86 +59,108 @@ d2ZdUxMgwgcNiQOCW70YWtxf0LF2seSJdLItHDBOu/f3cqKwNGUvcC3d/9qVb0wP
 SI1mq18S02MGcvDySsjGtX7o4kujUqE2ZNCW6ORLJUC6zEYu3TRNWrXeS3uAP21x
 UrEPkuTiJL7SCS12FYJt5agx5NIUKI7bkIUbLbiuhC4z47MFajW9Y5jUQk86dk7b
 jGqVrXYIu92Dhxc2CND2fWaMpYRhwvHR6KQU1yYHYkGVlMHiozM5D+4dCRRVI8x3
-p/+ypFBZmZr7yTpv/qD0N8HHl2NAYvGRQdzjyFQOXERwaXuzjCkAEQEAAYkEWwQY
-AQoAJgIbAhYhBJbgevJXcZVZgNrRACDQTlpxNmCnBQJeHMcfBQkenRjmAinBXSAE
-GQECAAYFAk6JSjkACgkQsLXohpav5sukpRAAywCaKmo0HH77yNkqormnKtRBrz8j
-tx68e//pq/AyCrghKUh91iLGYji3/E1qQe7p7Ne7WAn3uFZs22zrNKIDGxtMMCQT
-C0Ne4BAvMh1NzwzzBCCyirs1ccLj5gKkoFkKfTo5U5NWNznYPM8uib1uY5vdRqIJ
-2vJ7JJykNdcW5od42TtWsOxH2zTp4SRNmX8QPaRbfOxPdlKsbp0eIO6kk+Lx6gEv
-WAtEda5xSd1PwyK7SfGadTm+8Rw5UeP1kRtuKQPm7sRBB0coXDVHpFi/nMWHzVxv
-/NKhLAkzIbGOV6rL8ihVhXGqEgiD5Q+QdbaNsiLtHo5niBzpbnzvSopBYcOftrhc
-PNDY0RYXYb/5JZUid/JBWKwV+zREEnbgtsYDbwFEDnCVIGyXAoxyas/S3b14izat
-qgINxiYuxpDY+w1O5RywjOTdLPUWlL5YhH1W/gwbdyGiL4sh0v/fzNy0vKR5zPt1
-hICEA9YvCI7k3b74O6eiDB5fMIRPkNr6ubZWe0T6x4eL2EjSFRXIEmbmnAh93pdp
-WFrXH+Sf1LKhBZzojgUsQU/rzB2R94S7Vx0Z+tzgDZ8fJe47ZUEfzJccyyGve/QA
-sLLgTWRwRP3MSa1rC4wuWtDDMk/drw9CpmeFeRFn0oDIBo/m2mBv+UNAxSdijREz
-vPRiwROma/RawVcJECDQTlpxNmCnTLQP/A1WNmgPCCyFqp812Zvgh0pAqceaM+dg
-FlvNi5j5Jyw7/hicx2e0BXgKt64TEodphknCFzZIFDq3jJSdLt1l9NHpiLVM0Hf0
-cLFGF3eRHOID7PeGJGztLJ0CGhhSXaPh7nNLK0G9zXCAasedpowX4ZUntv+p/+Fr
-jQ8eSgyyljvrlywK+tH07F1W6t6eMNOw7/AHx7fkOux4CDem1FsNbhZWX8YPUATo
-vP1YLBXcrQgpJPpypG6up56D70ewTs4l+qNOISr3phG2egeEhYNwv6GUv8aelh69
-iaUHscT+DOXrFKq+RSHBMzGFFTrDJFDSu3d3A5Rg8KxJMcOxc00L3GMPchrFiJH7
-QShAQdU/ocF0MAA6n56g/QynxafFI/MRMXVTmF+lMBW/kK63pD3AJkIgvdLdht5o
-s7aKlddPrmIulaELIDdF2MSicMmgWJcqFkqZH2HIC+gx26Fafn2vfiUqsEc4NTpZ
-qhf66F9UjPKfYFfLhbGrmq/giAk1qjiGnBzCUQ9hXVqpmFfnVDjmQrk8KB9skDms
-PJgZ4hzmj5AarCpFtDmE4W7Tvi/xqgrFZkPX/SDhTWInJGcWaOTvlc5dkjAxKT6X
-LUGLScJHxhaovTGVzq1GWhhNCFhCs4AkWqPKhYfeZuWiuiMLZaEyJPfTufT7Svab
-pOhlaD1YY8fvuQINBE6GdewBEADxm56jO5pnVRH13BsG38o1qD9mJppXhf0mb6dB
-ORP1b3YJNaknQtxVPXSlXNAYNStYs9bWwn+RrYmOEfy0MWekqOBqgHDEf50ktZaz
-hFd89dt58IA+WIFo7BFk1XIr4USdSEQeL7Pb4oSg5AYn8C3OlT7T3nxWBh9aEbat
-EfiUMFKikLVVLdbEL7FBzEkypHfQCslDlq+ggAAVBzqrMIBn/idto87UrF2x/qd2
-P2PJl9pUf744pL9yzX+cNbQld0Yf6gQW9/r0UUW/CCU4qpPDvycyGIx3Y7PV/MjA
-lre4qJv4khoSFasAAjDXzyUIYhw7yMmaAE/lEOVN7M6reYDvhaDCcWfEn8sjH03/
-Wa92vVx7boMx5RAEh8YE2KZHEZkAODlW4pnDKyaH38lj8pa0dh77RXAD6X1XPGwi
-zpmjfrBBPGvUNGsdIpJaY4KEaZ0+v3bhvfU0DWB4dmJB3aPxC6CFtVA0QBGcbw16
-jUeA+2LUJgWMs86npHaPzD99J4Q+Smw9mZPfyT5O5yymYXOwIp50aUjkGCQcHtt7
-jisNkU52bFD2JcQJr8o67JIcqFNdhPAnxC+BN0QDtCyXT+wxC1Uvh9E//r3JPEQD
-REfEUb3l+3Sarz1KCm3LUhx1XE82Z6c96tHopUfiOiwbtxv+8UypXT2ntKfprz1U
-dMb5jwARAQABiQIfBBgBAgAJBQJOhnXsAhsMAAoJECDQTlpxNmCnFKYP/j6dmEQW
-ZliWE8le9Qzh1WqTbHd5elaGJuW0KGQ+g9okWBkh+sLlPxxTk2f0b79Pc7K3OPy7
-89OcIsrbHD3jDp7TS9IVpX7kVZnvnts5oV3XcK5q84XDEQqa6UIlfiZkZJCzIX8N
-kSAbv0UmmKKLKS+ANIEIZBKBrWxpYwvG2wBoWPkpNv5mdEuR9h3pZ1aCSZRXysMl
-WXo5cMYuZUhabrOqTNP5efEm8iBREHzNSotsiOhHuu7OIPmvZJTUjMrR1wZMCw+Y
-uNO2kT3t+ZFTxCx2aeRzqnI55LYFQVBpgSsap/seqRZfj7j7SBb2bSbCuhNedbAw
-b3kDWSfJGy/IN6vPdsc3NdsYFK+X8cnypCu4pZDK2IU+CkVrq/ukR8TNdrpAYfEY
-XbLq0XFOT0s4jIcjf3dAtlGW36hA0AKPw1BL3cyEGfv2sq75gkw1/jIYMXGc8URJ
-y5AfgELIrO1dIjMsm6vFFLeHpAobEP87UEpqIyJtwEIfWdcV5YHYmlFkGd21Lnxp
-f2dBAh5dc4MJpYmFZGScSDtTcYCDEXICTgedVOt4WCaV5mwpPeSEzr2TOVm6d1nU
-lGBJCV6QPMEdyx03hRkwaTMth0D/SYCvUrjlGQ1VC4WuTveSBhTH7iDrjGSoXNJu
-P2Oq+jb/iAfZxuetjpKFD6TCMR0Bcs/cEZuXuQINBFQduiABEACYnNg+kGmtkPmt
-kQ/75P8lLsljMk9IIwXGmnFILLpHBM/tN+7wGDxODLY/pPZ2Qfmp7PZLr5Ok5Qnt
-v/g+YCtVaTu5Cajt2TOsyH+AYDqtrjjHIt8d2kVloq79ONsCUojFtbFD1nf5W9Sk
-WQgntHYRYY1MaCkNd3oUp74TQugzk8Q6UBDamAn1r4nfm6QNXstItqyWsCgQhixW
-Qi4WzQc4iA/83t+qUJ+32smjk6J+rGUbbEH8zTASXmcDWYBuPgjo3YEjV+3/qNar
-zncYneJfQXwFSgvcR9oUuBQ3ydWJd7sfiImuAnQdRfEC/JFb0iR9sJ395Pw5WQfM
-Esrp0uL/Uig52mSrFyIfanxhrJP4j+CyCcJp1TaFINag5/YwHX3GzoikwXUukb+h
-KxXxK9Vu8Eu2gAlKFaHt2x5Sc3D1d+nr2QyMkIThC6/d3+XUjgOIMWkCK5dgkuz6
-rs60cRQr8YBGf4Jgk/Xrkk/SjBjBlcTz9lrC06wBRCsa+0XxCAHlM7gVp0HvMn+h
-Kx9ny7dPqaqhg8WXuBL0n8yAXXDSgDAin55mRbiKq2bNuMaEJvwKNFU6ENHGSngT
-w/Pt6B0dbeB1SBVxJPGbGmk74BL8m5V67Kb7MDP05OLSZsUyNLQCpfSgYsUA14uV
-GHE/vE6haP9/DwMLdyJ/CxSjQJMk+wARAQABiQRbBBgBCgAmAhsCFiEEluB68ldx
-lVmA2tEAINBOWnE2YKcFAl4cxyAFCRkIqP8CKcFdIAQZAQIABgUCVB26IAAKCRB1
-lO7Hs/fKyah/D/wJ3v4WdqGo7KgW0kmWfFVWZLKwtb+16gcy6nIm7F7VUcODv+qR
-LA/4UUg72yabVCXnMBi/eEHtkVZWlB/+tzg643DiRvXTCZiwoS5c6fTze55e/Z87
-qY7okf40aTR+qWuMgligI/LeXunr1Pu2jlJLMcUVh5QLxLZ8bDqpDgQM9zcdFmKQ
-/ofUnK7y6gYyUl2KYJDYi0alzjTm+73/S0Mc7z08Yp/s+dtKPbU9imKCnNRkPTQp
-cwlYHWJv0YPQ0TdOkid6HJC7CmZEPH845D+qojAjYBPogNIj/RaByaT3kN32zu8+
-jaZJSCnBM0l2lSh/qO7sQBZhqPX5pJDjjj7d/ATY7XxJCnK/2cZVSuVhMXPIFIAQ
-G4ZYFUaQssjQKLN7BXJUo7+ec1AMkTiwDUocPza8h+fitcpOsWWJWWvZvkSObbuP
-KGn7BgoTzEehO2Rz0QsNjgOa5SXxmc0zX7sbB1XiMxSe7gBZBOnYjhPVcidO3tWu
-M/jXGfZAL9ISq6Zf47ebXA7Y+6Bx3oquMgtSN10gbdoJvjqEBJNN65wadvBP8+Sr
-L+nWRGhsfmu8jupXdJe8h8ysXCboVkpXHuSu+lDjeL9WLqpwc/XkaOy7B6PfwIRa
-YYHnsKs8ogvDuTRJPV4khizyt+A6aiQ1PQqxSKWGY+lzxbmBkPhp5v1N5wkQINBO
-WnE2YKdkRQ//ZKvUegOZTtfivAZI888o4Ocpig3CFxJGlXa52JUnDhYFFpRtXRTP
-gIdQ0zBvhNjmBnELNv5/D1ubnjqWBTaJpZgUXIljJufuWL7VdD57nAAMw2VLvNUe
-38iytUYTAPevaJtLQ4jfj3E9MYH4tcMBmlZ75ZKqiHHH+7+V5J8TD/S01xROK7H1
-kGkXo49deB7K9oT4uno8kE5+AgmEMI80XiKjfQkh6tiG5I0W58DLeAOIxCRkm3kH
-Bi22PpuAKhRelRQnAF9dLdlhZECy5eYl7JKQzOS/dQ0Z3zg+HuDBRyhrmV/go/9C
-npFGUZBa+FOC1GMO07GKH8tZY99D5tDCAH6r6S+RrYS690mWpjXhqouBtJezld+X
-dsgKwgKHk3IEM4m916O0E75kiNk/AD7vZowwEBvPsgN+CDXCPgH4J5x0p9uyxnKH
-omLBd7cuJpio6gf4O1KTl1tlVGcb8f+AUR/MIe70NXyEtpYWMiPW3/0dKwt9APgW
-KSX0c8Mp2XKH/vAEDx86XTfBNrnXyUanOQhbLQciYzolJjiPrB0C2NgFFFXSHPwC
-ikyT5n2RehAJVmg3eufB1ZOKQgo7ue3ynkW4JidgyCUtsoYSmipl9Nhw1hA3ZNK1
-FVCx7tcmy0ZHFO+PV+p17oAC8ZCxSRE0oTeHKcgpF5+DRhQM/+UnmKg=
-=7hTI
+p/+ypFBZmZr7yTpv/qD0N8HHl2NAYvGRQdzjyFQOXERwaXuzjCkAEQEAAYkERAQY
+AQIADwIbAgUCVB9jPgUJB3dMaAIpwV0gBBkBAgAGBQJOiUo5AAoJELC16IaWr+bL
+pKUQAMsAmipqNBx++8jZKqK5pyrUQa8/I7cevHv/6avwMgq4ISlIfdYixmI4t/xN
+akHu6ezXu1gJ97hWbNts6zSiAxsbTDAkEwtDXuAQLzIdTc8M8wQgsoq7NXHC4+YC
+pKBZCn06OVOTVjc52DzPLom9bmOb3UaiCdryeyScpDXXFuaHeNk7VrDsR9s06eEk
+TZl/ED2kW3zsT3ZSrG6dHiDupJPi8eoBL1gLRHWucUndT8Miu0nxmnU5vvEcOVHj
+9ZEbbikD5u7EQQdHKFw1R6RYv5zFh81cb/zSoSwJMyGxjleqy/IoVYVxqhIIg+UP
+kHW2jbIi7R6OZ4gc6W5870qKQWHDn7a4XDzQ2NEWF2G/+SWVInfyQVisFfs0RBJ2
+4LbGA28BRA5wlSBslwKMcmrP0t29eIs2raoCDcYmLsaQ2PsNTuUcsIzk3Sz1FpS+
+WIR9Vv4MG3choi+LIdL/38zctLykecz7dYSAhAPWLwiO5N2++DunogweXzCET5Da
++rm2VntE+seHi9hI0hUVyBJm5pwIfd6XaVha1x/kn9SyoQWc6I4FLEFP68wdkfeE
+u1cdGfrc4A2fHyXuO2VBH8yXHMshr3v0ALCy4E1kcET9zEmtawuMLlrQwzJP3a8P
+QqZnhXkRZ9KAyAaP5tpgb/lDQMUnYo0RM7z0YsETpmv0WsFXCRAg0E5acTZgp74s
+D/4rBEPyAk7cmWtyR0XDZpQETY0Sw7Nr4aErdTdQ7AlntHMcn+MWRJpa57S/ea2F
+l6SWZ4X09VV/H11lWnYzw0IkSRDsDATxMin+qpy6c7IwxZ9RQ1UT9PhmVBz7rbrs
+l3Hnjv+WG9PcMCdlFOMZL4VC2TQEr0hBSXWhV6mDI0rdwuUu+oq84s1cke5g/e5T
+joGupTxkaNO/yfDJMf+3dqwGmJDKl23dfKg+XbFh3Y/G321/C5GgvqtjaCoqzCuT
+DByEbVXBde7mFB5xQg8ejDgFfuocw57whdNcS3MlGPO/P06nB940QELjwp5O34mM
+cVn0qnyhgaioueVW5qzucEa+UfzbkYhinlYdbyljwquJlqIScLPNL0xtzOWo1oWH
+Ll7jVklRuRHXFp6Asqan/MovLlYTcBO4OwOJ/rIJBOHkMeLu/vlEIeqC6J5vuD+b
+P4XUpHamxOU8U6RVVDIH4cckhEU3zWDTwaD/RTG8TatJzGmjNOOR04imbqFApU7N
+OUQ488WNqH11aeZoDOoXWKEvWfE7Cg/fTP0JZH3HaW9LWljWrt68FCyuLtvGVeNy
+jHw4NZq89bbqnhKBAX1LS3pl/+nfD8Wx4sldo8RhlOQgUQu+ZJ5sAueLrnd1AmWE
+EXvZDFyZqXsrun4cjvZXDmyFFhuaGVis1QzTIumYpUumvIkERAQYAQIADwIbAgUC
+WXolxwUJEJR2CwIpwV0gBBkBAgAGBQJOiUo5AAoJELC16IaWr+bLpKUQAMsAmipq
+NBx++8jZKqK5pyrUQa8/I7cevHv/6avwMgq4ISlIfdYixmI4t/xNakHu6ezXu1gJ
+97hWbNts6zSiAxsbTDAkEwtDXuAQLzIdTc8M8wQgsoq7NXHC4+YCpKBZCn06OVOT
+Vjc52DzPLom9bmOb3UaiCdryeyScpDXXFuaHeNk7VrDsR9s06eEkTZl/ED2kW3zs
+T3ZSrG6dHiDupJPi8eoBL1gLRHWucUndT8Miu0nxmnU5vvEcOVHj9ZEbbikD5u7E
+QQdHKFw1R6RYv5zFh81cb/zSoSwJMyGxjleqy/IoVYVxqhIIg+UPkHW2jbIi7R6O
+Z4gc6W5870qKQWHDn7a4XDzQ2NEWF2G/+SWVInfyQVisFfs0RBJ24LbGA28BRA5w
+lSBslwKMcmrP0t29eIs2raoCDcYmLsaQ2PsNTuUcsIzk3Sz1FpS+WIR9Vv4MG3ch
+oi+LIdL/38zctLykecz7dYSAhAPWLwiO5N2++DunogweXzCET5Da+rm2VntE+seH
+i9hI0hUVyBJm5pwIfd6XaVha1x/kn9SyoQWc6I4FLEFP68wdkfeEu1cdGfrc4A2f
+HyXuO2VBH8yXHMshr3v0ALCy4E1kcET9zEmtawuMLlrQwzJP3a8PQqZnhXkRZ9KA
+yAaP5tpgb/lDQMUnYo0RM7z0YsETpmv0WsFXCRAg0E5acTZgp2XoD/wJiq+drfb+
+IljjLScNgQbH2vq5lXub4rD5j83waVfkh60eFCo8hu1dBkaWyHs81gFPKIPRHYJJ
+19B6g/nFOW7bZPbzhZzdICTejz2ITi8ipSgTsRGQMeQ+vGzlxH7dItmo0MeU2Pbf
+pfTn1tB6wafHtMLaZafDIskh1RkAMFsWoEK305PtyuTSkGDGTKnA9yBX4CpKHZDR
+1iYqZU+HQ0aDjiZaEl/m8S2siF6zz1PG1BFDtKDjg7+nKT1wriKfndEIksxrxxY0
+Kqfif2rUu1Kzc2FrtRQY6hguz2HASpcPLr3c6ru5e9SXqaWtfBuXkYzQ0temrFnY
+3Oj/rlt5PxcB29XVuB4/CxfPgBVCHVaLOMkJtE/C9GQ5Vzb0k8OxAXClF1EXA9bT
+Wri0unw/kt64cL04ZqKUlXmPDzzMdASFIq0pvEzfvIFBdrY3xNPFULEuAbxGhFoR
+6iOYJzDRXbl6114IsGnVR3MdFbBQVi6isrFn16JC4yXqUXEHB+oTUTrBv5J/bWu3
+gq3O4MwAprHyTAviUvC9Iq71orXe3iAGbnaeCkPmdmxL9y5UjwXo3OaYN2Axppwd
+B6j3QAIyJOkjjOCJRumQx3mKR0F464Xif3S7gcrelIYthz0JVkXg4bucUj7L/8Rl
+cCAAru4p1TL+VpEBciclDjJSBVRX8nX9dLkCDQROhnXsARAA8ZueozuaZ1UR9dwb
+Bt/KNag/ZiaaV4X9Jm+nQTkT9W92CTWpJ0LcVT10pVzQGDUrWLPW1sJ/ka2JjhH8
+tDFnpKjgaoBwxH+dJLWWs4RXfPXbefCAPliBaOwRZNVyK+FEnUhEHi+z2+KEoOQG
+J/AtzpU+0958VgYfWhG2rRH4lDBSopC1VS3WxC+xQcxJMqR30ArJQ5avoIAAFQc6
+qzCAZ/4nbaPO1Kxdsf6ndj9jyZfaVH++OKS/cs1/nDW0JXdGH+oEFvf69FFFvwgl
+OKqTw78nMhiMd2Oz1fzIwJa3uKib+JIaEhWrAAIw188lCGIcO8jJmgBP5RDlTezO
+q3mA74WgwnFnxJ/LIx9N/1mvdr1ce26DMeUQBIfGBNimRxGZADg5VuKZwysmh9/J
+Y/KWtHYe+0VwA+l9VzxsIs6Zo36wQTxr1DRrHSKSWmOChGmdPr924b31NA1geHZi
+Qd2j8QughbVQNEARnG8Neo1HgPti1CYFjLPOp6R2j8w/fSeEPkpsPZmT38k+Tucs
+pmFzsCKedGlI5BgkHB7be44rDZFOdmxQ9iXECa/KOuySHKhTXYTwJ8QvgTdEA7Qs
+l0/sMQtVL4fRP/69yTxEA0RHxFG95ft0mq89Sgpty1IcdVxPNmenPerR6KVH4jos
+G7cb/vFMqV09p7Sn6a89VHTG+Y8AEQEAAYkCHwQYAQIACQUCToZ17AIbDAAKCRAg
+0E5acTZgpxSmD/4+nZhEFmZYlhPJXvUM4dVqk2x3eXpWhibltChkPoPaJFgZIfrC
+5T8cU5Nn9G+/T3Oytzj8u/PTnCLK2xw94w6e00vSFaV+5FWZ757bOaFd13CuavOF
+wxEKmulCJX4mZGSQsyF/DZEgG79FJpiiiykvgDSBCGQSga1saWMLxtsAaFj5KTb+
+ZnRLkfYd6WdWgkmUV8rDJVl6OXDGLmVIWm6zqkzT+XnxJvIgURB8zUqLbIjoR7ru
+ziD5r2SU1IzK0dcGTAsPmLjTtpE97fmRU8Qsdmnkc6pyOeS2BUFQaYErGqf7HqkW
+X4+4+0gW9m0mwroTXnWwMG95A1knyRsvyDerz3bHNzXbGBSvl/HJ8qQruKWQytiF
+PgpFa6v7pEfEzXa6QGHxGF2y6tFxTk9LOIyHI393QLZRlt+oQNACj8NQS93MhBn7
+9rKu+YJMNf4yGDFxnPFEScuQH4BCyKztXSIzLJurxRS3h6QKGxD/O1BKaiMibcBC
+H1nXFeWB2JpRZBndtS58aX9nQQIeXXODCaWJhWRknEg7U3GAgxFyAk4HnVTreFgm
+leZsKT3khM69kzlZundZ1JRgSQlekDzBHcsdN4UZMGkzLYdA/0mAr1K45RkNVQuF
+rk73kgYUx+4g64xkqFzSbj9jqvo2/4gH2cbnrY6ShQ+kwjEdAXLP3BGbl7kCDQRU
+HbogARAAmJzYPpBprZD5rZEP++T/JS7JYzJPSCMFxppxSCy6RwTP7Tfu8Bg8Tgy2
+P6T2dkH5qez2S6+TpOUJ7b/4PmArVWk7uQmo7dkzrMh/gGA6ra44xyLfHdpFZaKu
+/TjbAlKIxbWxQ9Z3+VvUpFkIJ7R2EWGNTGgpDXd6FKe+E0LoM5PEOlAQ2pgJ9a+J
+35ukDV7LSLaslrAoEIYsVkIuFs0HOIgP/N7fqlCft9rJo5OifqxlG2xB/M0wEl5n
+A1mAbj4I6N2BI1ft/6jWq853GJ3iX0F8BUoL3EfaFLgUN8nViXe7H4iJrgJ0HUXx
+AvyRW9IkfbCd/eT8OVkHzBLK6dLi/1IoOdpkqxciH2p8YayT+I/gsgnCadU2hSDW
+oOf2MB19xs6IpMF1LpG/oSsV8SvVbvBLtoAJShWh7dseUnNw9Xfp69kMjJCE4Quv
+3d/l1I4DiDFpAiuXYJLs+q7OtHEUK/GARn+CYJP165JP0owYwZXE8/ZawtOsAUQr
+GvtF8QgB5TO4FadB7zJ/oSsfZ8u3T6mqoYPFl7gS9J/MgF1w0oAwIp+eZkW4iqtm
+zbjGhCb8CjRVOhDRxkp4E8Pz7egdHW3gdUgVcSTxmxppO+AS/JuVeuym+zAz9OTi
+0mbFMjS0AqX0oGLFANeLlRhxP7xOoWj/fw8DC3cifwsUo0CTJPsAEQEAAYkERAQY
+AQIADwIbAgUCWXol2AUJCwAGNgIpwV0gBBkBAgAGBQJUHbogAAoJEHWU7sez98rJ
+qH8P/Ane/hZ2oajsqBbSSZZ8VVZksrC1v7XqBzLqcibsXtVRw4O/6pEsD/hRSDvb
+JptUJecwGL94Qe2RVlaUH/63ODrjcOJG9dMJmLChLlzp9PN7nl79nzupjuiR/jRp
+NH6pa4yCWKAj8t5e6evU+7aOUksxxRWHlAvEtnxsOqkOBAz3Nx0WYpD+h9ScrvLq
+BjJSXYpgkNiLRqXONOb7vf9LQxzvPTxin+z520o9tT2KYoKc1GQ9NClzCVgdYm/R
+g9DRN06SJ3ockLsKZkQ8fzjkP6qiMCNgE+iA0iP9FoHJpPeQ3fbO7z6NpklIKcEz
+SXaVKH+o7uxAFmGo9fmkkOOOPt38BNjtfEkKcr/ZxlVK5WExc8gUgBAbhlgVRpCy
+yNAos3sFclSjv55zUAyROLANShw/NryH5+K1yk6xZYlZa9m+RI5tu48oafsGChPM
+R6E7ZHPRCw2OA5rlJfGZzTNfuxsHVeIzFJ7uAFkE6diOE9VyJ07e1a4z+NcZ9kAv
+0hKrpl/jt5tcDtj7oHHeiq4yC1I3XSBt2gm+OoQEk03rnBp28E/z5Ksv6dZEaGx+
+a7yO6ld0l7yHzKxcJuhWSlce5K76UON4v1YuqnBz9eRo7LsHo9/AhFphgeewqzyi
+C8O5NEk9XiSGLPK34DpqJDU9CrFIpYZj6XPFuYGQ+Gnm/U3nCRAg0E5acTZgpz8Y
+D/9Hh8JWHRWhQf2a53WIlCqERNV+J6wWItmACncTyaLjJJkj7f1Ka3iZ8vo1WWWY
+463m8y1hf1aNgr2trYZ6kOSwGP+BWKrRakn6/jKaL42QbUvHyR4PnGNuFYyv5thW
+7988XsoKRo5GBPQzk/F+6IkKzNDgv1/i1GnVgWJmH1wg1ssMGN1fYlu43z+lKemf
+0ss9pQqPtV8W+wrViO4MvWVQ/CcicsDvgA5pM9sLeIBXX3nsdo/TWdEJu4JEvsA8
+MN/q09qkGU14Ptzfze2k63nHheA2OnTOo9agQEL7N05a9zzSoXj39CubObjnTjr4
+QmqWVkkHPKWV3R1ULQle65U4zELdYfU1wXoH2AZVW+02SNZTGlRjCyoV9O01QSt3
+Rlyzajy+3gwDLnczqV0CUF7WgL0V0LYYCavjXhdc+oFsYN6kU3D31ZgOMrxauoIB
+LWSzqJ83Fm6tmL0OLJuFpi8FvV9NYkqux3ECL3iTpttyEpWPKo9ZlxEgusrK2uTE
+2S6rhy7zkf/3/raGgtEjIQ7E1zuR52ENlIN/djnSfkLf6OmkhgBgSs/HixC4zFtz
+Dk2VltUXhUURXRl9Op+8Atrv44JfLpFehdVDjbKrFmOiW948c0LoB0g73ujnjBFO
++qTu3PzPD4ihBUJ3cNLoadoOQ9gzW/I9rkykw5jpk0sCMg==
+=z4yI
 -----END PGP PUBLIC KEY BLOCK-----

print-failed-test-output

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-shopt -s failglob
-
-# Print output from failing tests
-printf -v sep "%0.s-" {1..80}
-for exit_file in t/test-results/*.exit; do
-    [ "$(< "$exit_file")" -eq 0 ] && continue
-    out_file="${exit_file%exit}out"
-    printf '\n%s\n%s\n%s\n' "$sep" "$out_file" "$sep"
-    cat "$out_file"
-done
-
-# tar up test-results & $testdir, then print base64 encoded output
-#
-# copy $testdir contents to test-results to avoid absolute paths with tar
-cp -a $testdir/* t/test-results/
-begin='-----BEGIN BASE64 MESSAGE-----'
-end='-----END BASE64 MESSAGE-----'
-printf '\n%s\n' 'test-results and trash directory output follows; decode via:'
-printf '%s\n' "sed -n '/^${begin}$/,/^${end}$/{/^${begin}$/!{/^${end}$/!p}}' build.log | base64 -d >output.tar.zst"
-printf '%s\n' "$begin"
-tar -C t -cf - test-results/ | zstdmt -17 | base64
-printf '%s\n' "$end"
-
-exit 1

sources

@@ -1,2 +1,2 @@
-SHA512 (git-2.52.0.tar.xz) = 965e5ebb72d1f080d64e34bdb75f0bb1689c9dd41dcf63b020d986bad49808ac09bfb1115962bc0c5b95bac8622367ac4cd09aa89266f73d2137fe94c90dd3ed
-SHA512 (git-2.52.0.tar.sign) = a5a68ce131a5763650c477ec01a4de958dd6a946bdea0f613e26bdab41d2df6b3ca63f9028bbe603bf0c834bd415c86e6c616b1ff08cc48aa7c3c61a37b24b74
+SHA512 (git-2.14.5.tar.xz) = cd87ed857e0340cb95e7fd8adb19adc1fa51c80134be3b08fc5fb8846f5ef88bacf322d3a576ae35e5df9febfee7d8b337c48a4af7b6c98bcf30c8ce1cfc5308
+SHA512 (git-2.14.5.tar.sign) = 7df316948726f49443c141c8576a2f50f1909cf60d151952d0b1c29ccf1c9490ccdc004aa6c814319712ee7e8b7215846c8fe4a6752bf0a5accf8e8bfd2c5e44