git, branch v1.6.5.9

Git 1.6.5.9

2010-12-15T19:27:41Z

Signed-off-by: Junio C Hamano

Git 1.6.4.5

2010-12-15T19:19:11Z

Signed-off-by: Junio C Hamano

gitweb: Introduce esc_attr to escape attributes of HTML elements

2010-12-15T19:16:31Z

It is needed only to escape attributes of handcrafted HTML elements, and not those generated using CGI.pm subroutines / methods for HTML generation. While at it, add esc_url and esc_html where needed, and prefer to use CGI.pm HTML generating methods than handcrafted HTML code. Most of those are probably unnecessary (could be exploited only by person with write access to gitweb config, or at least access to the repository). This fixes CVE-2010-3906 Reported-by: Emanuele Gentili Helped-by: John 'Warthog9' Hawley Helped-by: Jonathan Nieder Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano

request-pull.txt: Document -p option

2010-07-26T04:52:19Z

Signed-off-by: Stephen Boyd Signed-off-by: Junio C Hamano

Merge branch 'maint-1.6.4' into maint-1.6.5

2010-07-26T04:51:58Z

* maint-1.6.4: Check size of path buffer before writing into it rev-parse: fix --parse-opt --keep-dashdash --stop-at-non-option

Check size of path buffer before writing into it

2010-07-25T17:33:47Z

This prevents a buffer overrun that could otherwise be triggered by creating a file called '.git' with contents gitdir: (something really long) Signed-off-by: Greg Brockman Signed-off-by: Junio C Hamano

rev-parse: fix --parse-opt --keep-dashdash --stop-at-non-option

2010-07-07T18:11:50Z

The ?: operator has a lower priority than |, so the implicit associativity made the 6th argument of parse_options be PARSE_OPT_KEEP_DASHDASH if keep_dashdash was true discarding PARSE_OPT_STOP_AT_NON_OPTION and PARSE_OPT_SHELL_EVAL. Signed-off-by: Uwe Kleine-König Signed-off-by: Junio C Hamano

Remove extra '-' from git-am(1)

2010-03-05T06:02:44Z

Signed-off-by: Michal Sojka Signed-off-by: Junio C Hamano

dwim_ref: fix dangling symref warning

2010-02-16T17:03:58Z

If we encounter a symref that is dangling, in most cases we will warn about it. The one exception is a dangling HEAD, as that indicates a branch yet to be born. However, the check in dwim_ref was not quite right. If we were fed something like "HEAD^0" we would try to resolve "HEAD", see that it is dangling, and then check whether the _original_ string we got was "HEAD" (which it wasn't in this case). And that makes no sense; the dangling thing we found was not "HEAD^0" but rather "HEAD". Fixing this squelches a scary warning from "submodule summary HEAD" (and consequently "git status" with status.submodulesummary set) in an empty repo, as the submodule script calls "git rev-parse -q --verify HEAD^0". Signed-off-by: Jeff King Signed-off-by: Junio C Hamano

stash pop: remove 'apply' options during 'drop' invocation

2010-02-16T05:46:27Z

The 'git stash pop' option parsing used to remove the first argument in --index mode. At the time this was implemented, this first argument was always --index. However, since the invention of the -q option in fcdd0e9 (stash: teach quiet option, 2009-06-17) you can cause an internal invocation of git stash drop --index by running git stash pop -q --index which then of course fails because drop doesn't know --index. To handle this, instead let 'git stash apply' decide what the future argument to 'drop' should be. Warning: this means that 'git stash apply' must parse all options that 'drop' can take, and deal with them in the same way. This is currently true for its only option -q. Signed-off-by: Thomas Rast Acked-by: Stephen Boyd Signed-off-by: Junio C Hamano