An earlier workaround to squelch unhelpful deprecation warnings
from the complier on Mac OSX unnecessarily set minimum required
version of the OS, which the user might want to raise (or lower)
for other reasons.

* es/squelch-openssl-warnings-on-macosx:
  git-compat-util: do not step on MAC_OS_X_VERSION_MIN_REQUIRED

Longstanding configuration variable naming rules has been added to
the documentation.

* jc/conf-var-doc:
  CodingGuidelines: describe naming rules for configuration variables
  config.txt: mark deprecated variables more prominently
  config.txt: clarify that add.ignore-errors is deprecated

The credential helper for Windows (in contrib/) used to mishandle
a user name with an at-sign in it.

* av/wincred-with-at-in-username-fix:
  wincred: fix get credential if username has "@"

Older GnuPG implementations may not correctly import the keyring
material we prepare for the tests to use.

* ch/new-gpg-drops-rfc-1991:
  t/lib-gpg: sanity-check that we can actually sign
  t/lib-gpg: include separate public keys in keyring.gpg

Clarify in the documentation that "remote.<nick>.pushURL" and
"remote.<nick>.URL" are there to name the same repository accessed
via different transports, not two separate repositories.

* jc/remote-set-url-doc:
  Documentation/git-remote.txt: stress that set-url is not for triangular

The pack bitmap support did not build with older versions of GCC.

* jk/pack-bitmap:
  ewah: fix building with gcc < 3.4.0

Reading configuration from a blob object, when it ends with a lone
CR, use to confuse the configuration parser.

* jk/config-no-ungetc-eof:
  config_buf_ungetc: warn when pushing back a random character
  config: do not ungetc EOF

We didn't format an integer that wouldn't fit in "int" but in
"uintmax_t" correctly.

* jk/decimal-width-for-uintmax:
  decimal_width: avoid integer overflow

"git push --signed" gave an incorrectly worded error message when
the other side did not support the capability.

* jc/push-cert:
  transport-helper: fix typo in error message when --signed is not supported

"git fetch" over a remote-helper that cannot respond to "list"
command could not fetch from a symbolic reference e.g. HEAD.

* mh/deref-symref-over-helper-transport:
  transport-helper: do not request symbolic refs to remote helpers

The insn sheet "git rebase -i" creates did not fully honor
core.abbrev settings.

* ks/rebase-i-abbrev:
  rebase -i: use full object name internally throughout the script

Code clean-up.

* dp/remove-duplicated-header-inclusion:
  do not include the same header twice

Code clean-up.

* sb/hex-object-name-is-at-most-41-bytes-long:
  hex.c: reduce memory footprint of sha1_to_hex static buffers

Typofix in comments.

* ak/git-pm-typofix:
  Git.pm: two minor typo fixes

The tests that wanted to see that file becomes unreadable after
running "chmod a-r file", and the tests that wanted to make sure it
is not run as root, we used "can we write into the / directory?" as
a cheap substitute, but on some platforms that is not a good
heuristics.  The tests and their prerequisites have been updated to
check what they really require.

* jk/sanity:
  test-lib.sh: set prerequisite SANITY by testing what we really need
  tests: correct misuses of POSIXPERM
  t/lib-httpd: switch SANITY check for NOT_ROOT

Signed-off-by: NJunio C Hamano <gitster@pobox.com>

The interactive "show a list and let the user choose from it"
interface "add -i" used showed and prompted to the user even when
the candidate list was empty, against which the only "choice" the
user could have made was to choose nothing.

* ak/add-i-empty-candidates:
  add -i: return from list_and_choose if there is no candidate

"git apply --whitespace=fix" used to under-allocate the memory
when the fix resulted in a longer text than the original patch.

* jc/apply-ws-fix-expands:
  apply: count the size of postimage correctly
  apply: make update_pre_post_images() sanity check the given postlen
  apply.c: typofix

"git log --help" used to show rev-list options that are irrelevant
to the "log" command.

* jc/doc-log-rev-list-options:
  Documentation: what does "git log --indexed-objects" even mean?

The error message from "git commit", when a non-existing author
name was given as value to the "--author=" parameter, has been
reworded to avoid misunderstanding.

* mg/commit-author-no-match-malformed-message:
  commit: reword --author error message

A broken pack .idx file in the receiving repository prevented the
dumb http transport from fetching a good copy of it from the other
side.

* jk/dumb-http-idx-fetch-fix:
  dumb-http: do not pass NULL path to parse_pack_index

The documentation incorrectly said that C(opy) and R(ename) are the
only ones that can be followed by the score number in the output in
the --raw format.

* jc/diff-format-doc:
  diff-format doc: a score can follow M for rewrite

Fix a misspelled conditional that is always true.

* jk/remote-curl-an-array-in-struct-cannot-be-null:
  do not check truth value of flex arrays

Code to read branch name from various files in .git/ directory
would have misbehaved if the code to write them left an empty file.

* jk/status-read-branch-name-fix:
  read_and_strip_branch: fix typo'd address-of operator

The "git push" documentation made the "--repo=<there>" option
easily misunderstood.

* mg/push-repo-option-doc:
  git-push.txt: document the behavior of --repo

After attempting and failing a password-less authentication
(e.g. kerberos), libcURL refuses to fall back to password based
Basic authentication without a bit of help/encouragement.

* bc/http-fallback-to-password-after-krb-fails:
  remote-curl: fall back to Basic auth if Negotiate fails

Setting diff.submodule to 'log' made "git format-patch" produce
broken patches.

* dk/format-patch-ignore-diff-submodule:
  format-patch: ignore diff.submodule setting
  t4255: test am submodule with diff.submodule

"git rerere" (invoked internally from many mergy operations) did
not correctly signal errors when told to update the working tree
files and failed to do so for whatever reason.

* jn/rerere-fail-on-auto-update-failure:
  rerere: error out on autoupdate failure

"git blame HEAD -- missing" failed to correctly say "HEAD" when it
tried to say "No such path 'missing' in HEAD".

* jk/blame-commit-label:
  blame.c: fix garbled error message
  use xstrdup_or_null to replace ternary conditionals
  builtin/commit.c: use xstrdup_or_null instead of envdup
  builtin/apply.c: use xstrdup_or_null instead of null_strdup
  git-compat-util: add xstrdup_or_null helper

Signed-off-by: NAlexander Kuleshov <kuleshovmail@gmail.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

What we wanted out of the SANITY precondition is that the filesystem
behaves sensibly with permission bits settings.

 - You should not be able to remove a file in a read-only directory,

 - You should not be able to tell if a file in a directory exists if
   the directory lacks read or execute permission bits.

We used to cheat by approximating that condition with "is the /
writable?" test and/or "are we running as root?" test.  Neither test
is sufficient or appropriate in environments like Cygwin.
Signed-off-by: NTorsten Bögershausen <tboegi@web.de>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

41 bytes is the exact number of bytes needed for having the returned
hex string represented. 50 seems to be an arbitrary number, such
that there are no benefits from alignment to certain address boundaries.
Signed-off-by: NStefan Beller <sbeller@google.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

A few files include the same header file directly more than once.

As all these headers protect themselves against repeated inclusion
by the "#ifndef FOO_H / #define FOO_H / ... / #endif" idiom, leave
only the first inclusion and remove the later inclusion as a no-op
clean-up.
Signed-off-by: NДилян Палаузов <git-dpa@aegee.org>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

Signed-off-by: NMike Hommey <mh@glandium.org>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

MAC_OS_X_VERSION_MIN_REQUIRED may be defined by the builder to a
specific version in order to produce compatible binaries for a
particular system.  Blindly defining it to MAC_OS_X_VERSION_10_6
is bad.

Additionally MAC_OS_X_VERSION_10_6 will not be defined on older
systems and should AvailabilityMacros.h be included on such as
system an error will result.  However, using the explicit value
of 1060 (which is what MAC_OS_X_VERSION_10_6 is defined to) does
not solve the problem.

The changes that introduced stepping on MAC_OS_X_VERSION_MIN were
made in b195aa00 (git-compat-util: suppress unavoidable
Apple-specific deprecation warnings) to avoid deprecation
warnings.

Instead of blindly setting MAC_OS_X_VERSION_MIN to 1060 change
the definition of DEPRECATED_ATTRIBUTE to empty to avoid the
warnings.  This preserves any MAC_OS_X_VERSION_MIN_REQUIRED
setting while avoiding the warnings as intended by b195aa00.
Signed-off-by: NKyle J. McKay <mackyle@gmail.com>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

Signed-off-by: NJunio C Hamano <gitster@pobox.com>

Our config code simulates a stdio stream around a buffer,
but our fake ungetc() does not behave quite like the real
one. In particular, we only rewind the position by one
character, but do _not_ actually put the character from the
caller into position.

It turns out that this does not matter, because we only ever
push back the character we just read. In other words, such
an assignment would be a noop. But because the function is
called ungetc, and because it takes a character parameter,
it is a mistake waiting to happen.

Actually assigning the character into the buffer would be
ideal, but our pointer is actually a "const" copy of the
buffer. We do not know who the real owner of the buffer is
in this code, and would not want to munge their contents.

Instead, we can simply add an assertion that matches what
the current caller does, and will let us know if new callers
are added that violate the contract.
Signed-off-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

The decimal_width function originally appeared in blame.c as
"lineno_width", and was designed for calculating the
print-width of small-ish integer values (line numbers in
text files). In ec7ff5ba, it was made into a reusable
function, and in dc801e71, we started using it to align
diffstats.

Binary files in a diffstat show byte counts rather than line
numbers, meaning they can be quite large (e.g., consider
adding or removing a 2GB file). decimal_width is not up to
the challenge for two reasons:

  1. It takes the value as an "int", whereas large files may
     easily surpass this. The value may be truncated, in
     which case we will produce an incorrect value.

  2. It counts "up" by repeatedly multiplying another
     integer by 10 until it surpasses the value.  This can
     cause an infinite loop when the value is close to the
     largest representable integer.

     For example, consider using a 32-bit signed integer,
     and a value of 2,140,000,000 (just shy of 2^31-1).
     We will count up and eventually see that 1,000,000,000
     is smaller than our value. The next step would be to
     multiply by 10 and see that 10,000,000,000 is too
     large, ending the loop. But we can't represent that
     value, and we have signed overflow.

     This is technically undefined behavior, but a common
     behavior is to lose the high bits, in which case our
     iterator will certainly be less than the number. So
     we'll keep multiplying, overflow again, and so on.

This patch changes the argument to a uintmax_t (the same
type we use to store the diffstat information for binary
filese), and counts "down" by repeatedly dividing our value
by 10.
Signed-off-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

When we are parsing a config value, if we see a carriage
return, we fgetc the next character to see if it is a
line feed (in which case we silently drop the CR). If it
isn't, we then ungetc the character, and take the literal
CR.

But we never check whether we in fact got a character at
all. If the config file ends in CR, we will get EOF here,
and try to ungetc EOF. This works OK for a real stdio
stream. The ungetc returns an error, and the next fgetc will
then return EOF again.

However, our custom buffer-based stream is not so fortunate.
It happily rewinds the position of the stream by one
character, ignoring the fact that we fed it EOF. The next
fgetc call returns the final CR again, over and over, and we
end up in an infinite loop.
Signed-off-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>

The __builtin_ctzll function was added in gcc 3.4.0.
This extends the check for gcc so that use of __builtin_ctzll is only
enabled if gcc >= 3.4.0.
Signed-off-by: NTom G. Christensen <tgc@statsbiblioteket.dk>
Reviewed-by: NJeff King <peff@peff.net>
Signed-off-by: NJunio C Hamano <gitster@pobox.com>