Commit graph

39283 commits

Author SHA1 Message Date
Junio C Hamano
636614f337 Merge branch 'jk/http-backend-deadlock-2.3' into jk/http-backend-deadlock
* jk/http-backend-deadlock-2.3:
  http-backend: spool ref negotiation requests to buffer
  t5551: factor out tag creation
  http-backend: fix die recursion with custom handler
2015-05-25 20:44:42 -07:00
Junio C Hamano
7419a03fdb Merge branch 'jk/http-backend-deadlock-2.2' into jk/http-backend-deadlock-2.3
* jk/http-backend-deadlock-2.2:
  http-backend: spool ref negotiation requests to buffer
  t5551: factor out tag creation
  http-backend: fix die recursion with custom handler
2015-05-25 20:44:04 -07:00
Jeff King
6bc0cb5176 http-backend: spool ref negotiation requests to buffer
When http-backend spawns "upload-pack" to do ref
negotiation, it streams the http request body to
upload-pack, who then streams the http response back to the
client as it reads. In theory, git can go full-duplex; the
client can consume our response while it is still sending
the request.  In practice, however, HTTP is a half-duplex
protocol. Even if our client is ready to read and write
simultaneously, we may have other HTTP infrastructure in the
way, including the webserver that spawns our CGI, or any
intermediate proxies.

In at least one documented case[1], this leads to deadlock
when trying a fetch over http. What happens is basically:

  1. Apache proxies the request to the CGI, http-backend.

  2. http-backend gzip-inflates the data and sends
     the result to upload-pack.

  3. upload-pack acts on the data and generates output over
     the pipe back to Apache. Apache isn't reading because
     it's busy writing (step 1).

This works fine most of the time, because the upload-pack
output ends up in a system pipe buffer, and Apache reads
it as soon as it finishes writing. But if both the request
and the response exceed the system pipe buffer size, then we
deadlock (Apache blocks writing to http-backend,
http-backend blocks writing to upload-pack, and upload-pack
blocks writing to Apache).

We need to break the deadlock by spooling either the input
or the output. In this case, it's ideal to spool the input,
because Apache does not start reading either stdout _or_
stderr until we have consumed all of the input. So until we
do so, we cannot even get an error message out to the
client.

The solution is fairly straight-forward: we read the request
body into an in-memory buffer in http-backend, freeing up
Apache, and then feed the data ourselves to upload-pack. But
there are a few important things to note:

  1. We limit the in-memory buffer to prevent an obvious
     denial-of-service attack. This is a new hard limit on
     requests, but it's unlikely to come into play. The
     default value is 10MB, which covers even the ridiculous
     100,000-ref negotation in the included test (that
     actually caps out just over 5MB). But it's configurable
     on the off chance that you don't mind spending some
     extra memory to make even ridiculous requests work.

  2. We must take care only to buffer when we have to. For
     pushes, the incoming packfile may be of arbitrary
     size, and we should connect the input directly to
     receive-pack. There's no deadlock problem here, though,
     because we do not produce any output until the whole
     packfile has been read.

     For upload-pack's initial ref advertisement, we
     similarly do not need to buffer. Even though we may
     generate a lot of output, there is no request body at
     all (i.e., it is a GET, not a POST).

[1] http://article.gmane.org/gmane.comp.version-control.git/269020

Test-adapted-from: Dennis Kaarsemaker <dennis@kaarsemaker.net>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-05-25 20:43:18 -07:00
Jeff King
cc969c8dc1 t5551: factor out tag creation
One of our tests in t5551 creates a large number of tags,
and jumps through some hoops to do it efficiently. Let's
factor that out into a function so we can make other similar
tests.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-05-20 10:38:31 -07:00
Jeff King
7253a02348 http-backend: fix die recursion with custom handler
When we die() in http-backend, we call a custom handler that
writes an HTTP 500 response to stdout, then reports the
error to stderr. Our routines for writing out the HTTP
response may themselves die, leading to us entering die()
again.

When it was originally written, that was OK; our custom
handler keeps a variable to notice this and does not
recurse. However, since cd163d4 (usage.c: detect recursion
in die routines and bail out immediately, 2012-11-14), the
main die() implementation detects recursion before we even
get to our custom handler, and bails without printing
anything useful.

We can handle this case by doing two things:

  1. Installing a custom die_is_recursing handler that
     allows us to enter up to one level of recursion. Only
     the first call to our custom handler will try to write
     out the error response. So if we die again, that is OK.
     If we end up dying more than that, it is a sign that we
     are in an infinite recursion.

  2. Reporting the error to stderr before trying to write
     out the HTTP response. In the current code, if we do
     die() trying to write out the response, we'll exit
     immediately from this second die(), and never get a
     chance to output the original error (which is almost
     certainly the more interesting one; the second die is
     just going to be along the lines of "I tried to write
     to stdout but it was closed").

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-05-15 11:13:47 -07:00
Junio C Hamano
3d4a3ffe64 Git 2.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-30 11:25:06 -07:00
Junio C Hamano
0ab00b9464 Merge branch 'mh/multimail-renewal'
* mh/multimail-renewal:
  Update git-multimail to version 1.0.2
2015-04-28 13:01:29 -07:00
Junio C Hamano
3f5872603d Merge branch 'mg/show-notes-doc'
Documentation fix.

* mg/show-notes-doc:
  rev-list-options.txt: complete sentence about notes matching
2015-04-28 13:00:20 -07:00
Junio C Hamano
b7990520bc Merge branch 'nd/versioncmp-prereleases'
* nd/versioncmp-prereleases:
  git tag: mention versionsort.prereleaseSuffix in manpage
2015-04-28 13:00:19 -07:00
Junio C Hamano
5b9496768f Merge branch 'mg/status-v-v'
* mg/status-v-v:
  status: document the -v/--verbose option
2015-04-28 13:00:18 -07:00
Michael Haggerty
36bf6d4697 Update git-multimail to version 1.0.2
The only changes are to the README files, most notably the list of
maintainers and the project URL.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-28 11:37:09 -07:00
Junio C Hamano
fb3e7d5515 Sync with 2.3.7 2015-04-27 12:26:21 -07:00
Junio C Hamano
16018ae5fb Git 2.3.7
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-27 12:25:36 -07:00
Junio C Hamano
ad34ad614d Merge branch 'tb/connect-ipv6-parse-fix' into maint
An earlier update to the parser that disects a URL broke an
address, followed by a colon, followed by an empty string (instead
of the port number), e.g. ssh://example.com:/path/to/repo.

* tb/connect-ipv6-parse-fix:
  connect.c: ignore extra colon after hostname
2015-04-27 12:23:54 -07:00
Junio C Hamano
89ba311df3 Merge branch 'ma/bash-completion-leaking-x' into maint
The completion script (in contrib/) contaminated global namespace
and clobbered on a shell variable $x.

* ma/bash-completion-leaking-x:
  completion: fix global bash variable leak on __gitcompappend
2015-04-27 12:23:51 -07:00
Junio C Hamano
631f6f1d47 Merge branch 'jc/push-cert' into maint
The "git push --signed" protocol extension did not limit what the
"nonce" that is a server-chosen string can contain or how long it
can be, which was unnecessarily lax.  Limit both the length and the
alphabet to a reasonably small space that can still have enough
entropy.

* jc/push-cert:
  push --signed: tighten what the receiving end can ask to sign
2015-04-27 12:23:50 -07:00
Michael Haggerty
9c589d971e status: document the -v/--verbose option
Document `git status -v`, including its new doubled `-vv` form.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-23 18:45:33 -07:00
Michael Haggerty
6eb1401375 RelNotes: wordsmithing
Make many textual tweaks to the 2.4.0 release notes.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-23 11:32:08 -07:00
Michael Haggerty
2eac0356b0 RelNotes: refer to the rebase -i "todo list", not "insn sheet"
"Todo list" is the name that is used in the user-facing documentation.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-23 11:32:05 -07:00
Michael Haggerty
37f4bed11b RelNotes: correct name of versionsort.prereleaseSuffix
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-23 11:29:22 -07:00
Michael Haggerty
64f7a26494 git tag: mention versionsort.prereleaseSuffix in manpage
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-23 11:28:24 -07:00
Junio C Hamano
564705c7f0 Git 2.4.0-rc3
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-22 13:52:43 -07:00
Junio C Hamano
fb896362cc Sync with maint 2015-04-21 12:58:50 -07:00
Junio C Hamano
ba63bfaa59 Git 2.3.6
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-21 12:17:09 -07:00
Junio C Hamano
d544696afa Merge branch 'jk/colors' into maint
"diff-highlight" (in contrib/) used to show byte-by-byte
differences, which meant that multi-byte characters can be chopped
in the middle.  It learned to pay attention to character boundaries
(assuming the UTF-8 payload).

* jk/colors:
  diff-highlight: do not split multibyte characters
2015-04-21 12:12:25 -07:00
Junio C Hamano
d3115a35fc Merge branch 'jk/test-annoyances' into maint
Test fixes.

* jk/test-annoyances:
  t5551: make EXPENSIVE test cheaper
  t5541: move run_with_cmdline_limit to test-lib.sh
  t: pass GIT_TRACE through Apache
  t: redirect stderr GIT_TRACE to descriptor 4
  t: translate SIGINT to an exit
2015-04-21 12:12:24 -07:00
Junio C Hamano
42b2f894a0 Merge branch 'pt/enter-repo-comment-fix' into maint
Documentation update.

* pt/enter-repo-comment-fix:
  enter_repo(): fix docs to match code
2015-04-21 12:12:23 -07:00
Junio C Hamano
1c30f8efa4 Merge branch 'jz/gitweb-conf-doc-fix' into maint
Documentation update.

* jz/gitweb-conf-doc-fix:
  gitweb.conf.txt: say "build-time", not "built-time"
2015-04-21 12:12:22 -07:00
Junio C Hamano
c809f4258f Merge branch 'jk/cherry-pick-docfix' into maint
* jk/cherry-pick-docfix:
  cherry-pick: fix docs describing handling of empty commits
2015-04-21 12:12:21 -07:00
Junio C Hamano
c84364abe3 Merge branch 'iu/fix-parse-options-h-comment' into maint
* iu/fix-parse-options-h-comment:
  parse-options.h: OPTION_{BIT,SET_INT} do not store pointer to defval
2015-04-21 12:12:20 -07:00
Junio C Hamano
e8281f0164 Merge branch 'jg/cguide-we-cannot-count' into maint
* jg/cguide-we-cannot-count:
  CodingGuidelines: update 'rough' rule count
2015-04-21 12:12:19 -07:00
Junio C Hamano
2e0aabe602 Merge branch 'jk/pack-corruption-post-mortem' into maint
Documentation update.

* jk/pack-corruption-post-mortem:
  howto: document more tools for recovery corruption
2015-04-21 12:12:18 -07:00
Junio C Hamano
e9ab76da8f Merge branch 'jn/doc-fast-import-no-16-octopus-limit' into maint
Documentation update.

* jn/doc-fast-import-no-16-octopus-limit:
  fast-import doc: remove suggested 16-parent limit
2015-04-21 12:12:17 -07:00
Junio C Hamano
ef05a39fa0 RelNotes: "merge --quiet" change has been reverted
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-21 11:09:19 -07:00
Junio C Hamano
7c597ef345 Hopefully the last batch for 2.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-20 15:30:13 -07:00
Junio C Hamano
7ff140202a Merge branch 'ps/grep-help-all-callback-arg'
Code clean-up.

* ps/grep-help-all-callback-arg:
  grep: correctly initialize help-all option
2015-04-20 15:28:34 -07:00
Junio C Hamano
9718c7c0c2 Merge branch 'tb/connect-ipv6-parse-fix'
An earlier update to the parser that disects an address broke an
address, followed by a colon, followed by an empty string (instead
of the port number).

* tb/connect-ipv6-parse-fix:
  connect.c: ignore extra colon after hostname
2015-04-20 15:28:33 -07:00
Junio C Hamano
a59ac46ba4 Merge branch 'va/fix-git-p4-tests'
Test fixes for git-p4.

* va/fix-git-p4-tests:
  t9814: guarantee only one source exists in git-p4 copy tests
  git-p4: fix copy detection test
  t9814: fix broken shell syntax in git-p4 rename test
2015-04-20 15:28:32 -07:00
Junio C Hamano
268d5bc2b2 Merge branch 'jc/push-cert'
The "git push --signed" protocol extension did not limit what the
"nonce" that is a server-chosen string can contain or how long it
can be, which was unnecessarily lax.  Limit both the length and the
alphabet to a reasonably small space that can still have enough
entropy.

* jc/push-cert:
  push --signed: tighten what the receiving end can ask to sign
2015-04-20 15:28:31 -07:00
Junio C Hamano
6b1258b07b Merge branch 'ma/bash-completion-leaking-x'
The completion script (in contrib/) contaminated global namespace
and clobbered on a shell variable $x.

* ma/bash-completion-leaking-x:
  completion: fix global bash variable leak on __gitcompappend
2015-04-20 15:28:30 -07:00
Junio C Hamano
1eb0545cce git-gui 0.20.0
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQCVAwUAVTI85mB90JXwhOSJAQIAwAP+Lcm1TuAKXdiCMcYJFLPHhSvHJJRHPiN8
 ydBIRP5UO6BJrmbo+w9tx3qAda4TS/crqRwSnRa5cXOWB+aDkuH8zm4IfkQKXIjI
 qG4Q2t53q8vLBtRd6Y4uNlDQ04mh/J64E9tJoCaIzMj2m6W/Xizo2zslnOfo6F2Z
 Z2rJhBMe1PY=
 =4pD7
 -----END PGP SIGNATURE-----

Merge tag 'gitgui-0.20.0' of http://repo.or.cz/r/git-gui

git-gui 0.20.0

* tag 'gitgui-0.20.0' of http://repo.or.cz/r/git-gui:
  git-gui: set version 0.20
  git-gui: sv.po: Update Swedish translation (547t0f0u)
  git-gui i18n: Updated Bulgarian translation (547t,0f,0u)
  git-gui: Makes chooser set 'gitdir' to the resolved path
  git-gui: Fixes chooser not accepting gitfiles
  git-gui: reinstate support for Tcl 8.4
  git-gui: fix problem with gui.maxfilesdisplayed
  git-gui: fix verbose loading when git path contains spaces.
  git-gui/gitk: Do not depend on Cygwin's "kill" command on Windows
  git-gui: add configurable tab size to the diff view
  git-gui: Make git-gui lib dir configurable at runime
  git-gui i18n: Updated Bulgarian translation (520t,0f,0u)
  L10n: vi.po (543t): Init translation for Vietnamese
  git-gui: align the new recursive checkbox with the radiobuttons.
  git-gui: Add a 'recursive' checkbox in the clone menu.
2015-04-18 18:35:48 -07:00
Pat Thoyts
4498b3a50a git-gui: set version 0.20
Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net>
2015-04-18 12:15:32 +01:00
Peter Krefting
5a5c11f19d git-gui: sv.po: Update Swedish translation (547t0f0u)
Signed-off-by: Peter Krefting <peter@softwolves.pp.se>
Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net>
2015-04-18 12:03:50 +01:00
Alexander Shopov
de18648212 git-gui i18n: Updated Bulgarian translation (547t,0f,0u)
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net>
2015-04-18 11:51:39 +01:00
Michael J Gruber
7348cdeb6c rev-list-options.txt: complete sentence about notes matching
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-17 10:30:51 -07:00
Junio C Hamano
3d6bc9a763 Revert "merge: pass verbosity flag down to merge-recursive"
This reverts commit 2bf15a3330, whose
intention was good, but the verbosity levels used in merge-recursive
turns out to be rather uneven.  For example, a merge of two branches
with conflicting submodule updates used to report CONFLICT: output
with --quiet but no longer (which *is* desired), while the final
"Automatic merge failed; fix conflicts and then commit" message is
still shown even with --quiet (which *is* inconsistent).

Originally reported by Bryan Turner; it is too early to declare what
the concensus is, but it seems that we would need to level the
verbosity levels used in merge strategy backends before we can go
forward.  In the meantime, we'd revert to the old behaviour until
that happens.

cf. $gmane/267245
2015-04-16 08:03:14 -07:00
Junio C Hamano
e46fe3df01 Git 2.4.0-rc2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-04-14 11:57:13 -07:00
Junio C Hamano
7a1aa0c288 Merge branch 'jk/colors'
"diff-highlight" (in contrib/) used to show byte-by-byte
differences, which meant that multi-byte characters can be chopped
in the middle.  It learned to pay attention to character boundaries
(assuming the UTF-8 payload).

* jk/colors:
  diff-highlight: do not split multibyte characters
2015-04-14 11:49:13 -07:00
Junio C Hamano
3cdff83fb0 Merge branch 'jk/merge-quiet'
"git merge --quiet" did not squelch messages from the underlying
merge-recursive strategy.

* jk/merge-quiet:
  merge: pass verbosity flag down to merge-recursive
2015-04-14 11:49:12 -07:00
Junio C Hamano
f8e593e9a7 Merge branch 'jk/pack-corruption-post-mortem'
Documentation update.

* jk/pack-corruption-post-mortem:
  howto: document more tools for recovery corruption
2015-04-14 11:49:11 -07:00