Commit 42653c09 (Prompt for a username when an HTTP request
401s, 2010-04-01) changed http_get_strbuf to prompt for
credentials when we receive a 401, but didn't touch
http_get_file. The latter is called only for dumb http;
while it's usually the case that people don't use
authentication on top of dumb http, there is no reason not
to allow both types of requests to use this feature.
Signed-off-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

When fetching an http URL, we first try fetching info/refs
with an extra "service" parameter. This will work for a
smart-http server, or a dumb server which ignores extra
parameters when fetching files. If that fails, we retry
without the extra parameter to remain compatible with dumb
servers which didn't like our first request.

If the server returned a "401 Unauthorized", indicating that
the credentials we provided were not good, there is not much
point in retrying. With the current code, we just waste an
extra round trip to the HTTP server before failing.

But as the http code becomes smarter about throwing away
rejected credentials and re-prompting the user for new ones
(which it will later in this series), this will become more
confusing. At some point we will stop asking for credentials
to retry smart http, and will be asking for credentials to
retry dumb http. So now we're not only wasting an extra HTTP
round trip for something that is unlikely to work, but we're
making the user re-type their password for it.
Signed-off-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

These just checked that we could clone a repository when the
username and password were given in the URL; we should also
check that git will prompt when no or partial credentials
are given.
Signed-off-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

The url_decode function needs only minor tweaks to handle
arbitrary buffers. Let's do those tweaks, which cleans up an
unreadable mess of temporary strings in http.c.
Signed-off-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

The second batch of topics for this cycle are now in.
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

* jc/index-pack:
  verify-pack: use index-pack --verify
  index-pack: show histogram when emulating "verify-pack -v"
  index-pack: start learning to emulate "verify-pack -v"
  index-pack: a miniscule refactor
  index-pack --verify: read anomalous offsets from v2 idx file
  write_idx_file: need_large_offset() helper function
  index-pack: --verify
  write_idx_file: introduce a struct to hold idx customization options
  index-pack: group the delta-base array entries also by type

Conflicts:
	builtin/verify-pack.c
	cache.h
	sha1_file.c

* jn/mime-type-with-params:
  gitweb: Serve */*+xml 'blob_plain' as text/plain with $prevent_xss
  gitweb: Serve text/* 'blob_plain' as text/plain with $prevent_xss

* jc/submodule-sync-no-auto-vivify:
  submodule add: always initialize .git/config entry
  submodule sync: do not auto-vivify uninteresting submodule

Conflicts:
	git-submodule.sh

* jk/archive-tar-filter:
  upload-archive: allow user to turn off filters
  archive: provide builtin .tar.gz filter
  archive: implement configurable tar filters
  archive: refactor file extension format-guessing
  archive: move file extension format-guessing lower
  archive: pass archiver struct to write_archive callback
  archive: refactor list of archive formats
  archive-tar: don't reload default config options
  archive: reorder option parsing and config reading

* jn/gitweb-split-header-html:
  gitweb: Refactor git_header_html

* jk/clone-cmdline-config:
  clone: accept config options on the command line
  config: make git_config_parse_parameter a public function
  remote: use new OPT_STRING_LIST
  parse-options: add OPT_STRING_LIST helper

* jk/maint-config-param:
  config: use strbuf_split_str instead of a temporary strbuf
  strbuf: allow strbuf_split to work on non-strbufs
  config: avoid segfault when parsing command-line config
  config: die on error in command-line config
  fix "git -c" parsing of values with equals signs
  strbuf_split: add a max parameter

* jk/tag-list-multiple-patterns:
  tag: accept multiple patterns for --list

* jc/zlib-wrap:
  zlib: allow feeding more than 4GB in one go
  zlib: zlib can only process 4GB at a time
  zlib: wrap deflateBound() too
  zlib: wrap deflate side of the API
  zlib: wrap inflateInit2 used to accept only for gzip format
  zlib: wrap remaining calls to direct inflate/inflateEnd
  zlib wrapper: refactor error message formatter

Conflicts:
	sha1_file.c

* ak/gcc46-profile-feedback:
  Add explanation of the profile feedback build to the README
  Add profile feedback build to git
  Add option to disable NORETURN

* js/rebase-typo-branch-squelch-usage:
  rebase: do not print lots of usage hints after an obvious error message

* jn/doc-dashdash:
  Documentation/i18n: quote double-dash for AsciiDoc
  Documentation: quote double-dash for AsciiDoc

* bc/submodule-foreach-stdin-fix-1.7.4:
  git-submodule.sh: preserve stdin for the command spawned by foreach
  t/t7407: demonstrate that the command called by 'submodule foreach' loses stdin

Conflicts:
	git-submodule.sh

* nk/ref-doc:
  glossary: clarify description of HEAD
  glossary: update description of head and ref
  glossary: update description of "tag"
  git.txt: de-emphasize the implementation detail of a ref
  check-ref-format doc: de-emphasize the implementation detail of a ref
  git-remote.txt: avoid sounding as if loose refs are the only ones in the world
  git-remote.txt: fix wrong remote refspec

* fk/relink-upon-ldflags-update:
  Makefile: Track changes to LDFLAGS and relink when necessary

* jl/maint-fetch-recursive-fix:
  fetch: Also fetch submodules in subdirectories in on-demand mode

* jc/maint-cygwin-trust-executable-bit-default:
  cygwin: trust executable bit by default

* aw/rebase-i-p:
  rebase -i -p: include non-first-parent commits in todo list

* rj/config-cygwin:
  config.c: Make git_config() work correctly when called recursively
  t1301-*.sh: Fix the 'forced modes' test on cygwin
  help.c: Fix detection of custom merge strategy on cygwin

* md/interix-update:
  Update the Interix default build configuration.

* ln/gitweb-mime-types-split-at-blank:
  gitweb: allow space as delimiter in mime.types

* jc/no-gitweb-test-without-cgi-etc:
  t/gitweb-lib.sh: skip gitweb tests when perl dependencies are not met

* fg/submodule-keep-updating:
  git-submodule.sh: clarify the "should we die now" logic
  submodule update: continue when a checkout fails
  git-sh-setup: add die_with_status

Conflicts:
	git-submodule.sh

* jc/legacy-loose-object:
  sha1_file.c: "legacy" is really the current format

* an/shallow-doc:
  Document the underlying protocol used by shallow repositories and --depth commands.
  Fix documentation of fetch-pack that implies that the client can disconnect after sending wants.

Signed-off-by: NJunio C Hamano <gitster@pobox.com>

* maint:
  docs: document --textconv diff option

This has been there since textconv existed, but was never
documented. There is some overlap with what's in
gitattributes(5), but it's important to warn in both places
that textconv diffs probably can't be applied.
Signed-off-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

Enhance usability of 'blob_plain' view protection against XSS attacks
(enabled by setting $prevent_xss to true) by serving contents inline
as safe 'text/plain' mimetype where possible, instead of serving with
"Content-Disposition: attachment" to make sure they don't run in
gitweb's security domain.

This patch broadens downgrading to 'text/plain' further, to any
*/*+xml mimetype.  This includes:

  application/xhtml+xml    (*.xhtml, *.xht)
  application/atom+xml     (*.atom)
  application/rss+xml      (*.rss)
  application/mathml+xm    (*.mathml)
  application/docbook+xml  (*.docbook)
  image/svg+xml            (*.svg, *.svgz)

Probably most useful is serving XHTML files as text/plain in
'blob_plain' view, directly viewable.

Because file with 'image/svg+xml' mimetype can be compressed SVGZ
file, we have to check if */*+xml really is text file, via '-T $fd'.
Signed-off-by: NJakub Narebski <jnareb@gmail.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

One of mechanism enabled by setting $prevent_xss to true is 'blob_plain'
view protection.  With XSS prevention on, blobs of all types except a
few known safe ones are served with "Content-Disposition: attachment" to
make sure they don't run in our security domain.

Instead of serving text/* type files, except text/plain (and including
text/html), as attachements, downgrade it to text/plain.  This way HTML
pages in 'blob_plain' (raw) view would be displayed in browser, but
safely as a source, and not asked to be saved.
Signed-off-by: NJakub Narebski <jnareb@gmail.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

The user-supplied command spawned by 'submodule foreach' loses its
connection to the original standard input.  Instead, it is connected to the
output of a pipe within the git-submodule script.  The user-supplied
command supplied to 'submodule foreach' is spawned within a while loop
which is being piped into.  Due to the way shells implement piping output
to a while loop, a subshell is created with its standard input attached to
the output of the pipe.  This results in all of the commands executed
within the while loop to have their stdins modified in the same way,
including the user-supplied command.

This can cause a problem if the command requires reading from stdin or if
it changes its behavior based on whether stdin is a tty or not.  For
example, this problem was noticed when trying to execute the following:

   git submodule foreach git shortlog --since=two.weeks.ago

which printed a message about entering the first submodule and produced no
further output and exited with a status of zero.  In this case, shortlog
detected that it was not connected to a tty, and since no revision was
supplied as an argument, it attempted to read the list of revisions from
standard input.  Instead, it slurped up the list of submodules that was
being piped to the enclosing while loop and caused that loop to end early
without processing the remaining submodules.

Work around this behavior by saving the original standard input file
descriptor before the while loop, and restoring it when spawning the
user-supplied command.

This fixes the tests in t7407.
Signed-off-by: NBrandon Casey <drafnel@gmail.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

The user-supplied command spawned by 'submodule foreach' loses its
connection to the original standard input.  Instead, it is connected to the
output of a pipe within the git-submodule script.  This can cause a problem
if the command requires reading from stdin or if it changes its behavior
based on whether stdin is a tty or not (e.g. git shortlog).  Demonstrate
this flaw.
Signed-off-by: NBrandon Casey <drafnel@gmail.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

* jc/streaming-filter:
  t0021: test application of both crlf and ident
  t0021-conversion.sh: fix NoTerminatingSymbolAtEOF test
  streaming: filter cascading
  streaming filter: ident filter
  Add LF-to-CRLF streaming conversion
  stream filter: add "no more input" to the filters
  Add streaming filter API
  convert.h: move declarations for conversion from cache.h

* jn/gitweb-js-blame:
  gitweb.js: use setTimeout rather than setInterval in blame_incremental.js
  gitweb.js: No need for loop in blame_incremental's handleResponse()
  gitweb.js: No need for inProgress in blame_incremental.js

* da/git-prefix-everywhere:
  t/t7503-pre-commit-hook.sh: Add GIT_PREFIX tests
  git-mergetool--lib: Make vimdiff retain the current directory
  git: Remove handling for GIT_PREFIX
  setup: Provide GIT_PREFIX to built-ins