Merge branch 'master' into ds/backfill

* master: (446 commits)
  The seventh batch
  The sixth batch
  The fifth batch
  The fourth batch
  refs/reftable: fix uninitialized memory access of `max_index`
  remote: announce removal of "branches/" and "remotes/"
  The third batch
  hash.h: drop unsafe_ function variants
  csum-file: introduce hashfile_checkpoint_init()
  t/helper/test-hash.c: use unsafe_hash_algo()
  csum-file.c: use unsafe_hash_algo()
  hash.h: introduce `unsafe_hash_algo()`
  csum-file.c: extract algop from hashfile_checksum_valid()
  csum-file: store the hash algorithm as a struct field
  t/helper/test-tool: implement sha1-unsafe helper
  trace2: prevent segfault on config collection with valueless true
  refs: fix creation of reflog entries for symrefs
  ci: wire up Visual Studio build with Meson
  ci: raise error when Meson generates warnings
  meson: fix compilation with Visual Studio
  ...

11 files changed, 325 insertions, 10 deletions

diff --git a/Documentation/RelNotes/2.40.4.txt b/Documentation/RelNotes/2.40.4.txt
new file mode 100644
index 0000000000..0ff29f3cfc
--- /dev/null
+++ b/Documentation/RelNotes/2.40.4.txt
@@ -0,0 +1,5 @@
+Git v2.40.4 Release Notes
+=========================
+
+This release lets Git refuse to accept URLs that contain control
+sequences.  This addresses CVE-2024-50349 and CVE-2024-52006.
diff --git a/Documentation/RelNotes/2.41.3.txt b/Documentation/RelNotes/2.41.3.txt
new file mode 100644
index 0000000000..b5aba88790
--- /dev/null
+++ b/Documentation/RelNotes/2.41.3.txt
@@ -0,0 +1,6 @@
+Git v2.41.3 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4 to address
+the security issues CVE-2024-50349 and CVE-2024-52006; see the
+release notes for that version for details.
diff --git a/Documentation/RelNotes/2.42.4.txt b/Documentation/RelNotes/2.42.4.txt
new file mode 100644
index 0000000000..3129d76e75
--- /dev/null
+++ b/Documentation/RelNotes/2.42.4.txt
@@ -0,0 +1,6 @@
+Git v2.42.4 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4 and v2.41.3
+to address the security issues CVE-2024-50349 and CVE-2024-52006;
+see the release notes for these versions for details.
diff --git a/Documentation/RelNotes/2.43.6.txt b/Documentation/RelNotes/2.43.6.txt
new file mode 100644
index 0000000000..2114b9f78d
--- /dev/null
+++ b/Documentation/RelNotes/2.43.6.txt
@@ -0,0 +1,7 @@
+Git v2.43.6 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3
+and v2.42.4 to address the security issues CVE-2024-50349 and
+CVE-2024-52006; see the release notes for these versions for
+details.
diff --git a/Documentation/RelNotes/2.44.3.txt b/Documentation/RelNotes/2.44.3.txt
new file mode 100644
index 0000000000..5862845458
--- /dev/null
+++ b/Documentation/RelNotes/2.44.3.txt
@@ -0,0 +1,7 @@
+Git v2.44.3 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3,
+v2.42.4 and v2.43.6 to address the security issues CVE-2024-50349
+and CVE-2024-52006; see the release notes for these versions
+for details.
diff --git a/Documentation/RelNotes/2.45.3.txt b/Documentation/RelNotes/2.45.3.txt
index 2a1e9aa608..ddb3cb694b 100644
--- a/Documentation/RelNotes/2.45.3.txt
+++ b/Documentation/RelNotes/2.45.3.txt
@@ -1,7 +1,12 @@
 Git v2.45.3 Release Notes
 =========================
 
-This primarily is to backport various small fixes accumulated on the
+This release merges up the fix that appears in v2.40.4, v2.41.3,
+v2.42.4, v2.43.6 and v2.44.3 to address the security issues
+CVE-2024-50349 and CVE-2024-52006; see the release notes for
+these versions for details.
+
+This version also backports various small fixes accumulated on the
 'master' front during the development towards Git 2.46, the next
 feature release.
 
diff --git a/Documentation/RelNotes/2.46.3.txt b/Documentation/RelNotes/2.46.3.txt
new file mode 100644
index 0000000000..4af032b63c
--- /dev/null
+++ b/Documentation/RelNotes/2.46.3.txt
@@ -0,0 +1,6 @@
+Git v2.46.3 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3, v2.42.4,
+v2.43.6, v2.44.3 and v2.45.3 to address the security issues CVE-2024-50349 and
+CVE-2024-52006; see the release notes for these versions for details.
diff --git a/Documentation/RelNotes/2.47.2.txt b/Documentation/RelNotes/2.47.2.txt
new file mode 100644
index 0000000000..7a52ad8cb4
--- /dev/null
+++ b/Documentation/RelNotes/2.47.2.txt
@@ -0,0 +1,7 @@
+Git v2.47.2 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3,
+v2.42.4, v2.43.6, v2.44.3, v2.45.3 and v2.46.3 to address the
+security issues CVE-2024-50349 and CVE-2024-52006; see the release
+notes for these versions for details.
diff --git a/Documentation/RelNotes/2.48.0.txt b/Documentation/RelNotes/2.48.0.txt
index b9d1b129cd..eff93be37a 100644
--- a/Documentation/RelNotes/2.48.0.txt
+++ b/Documentation/RelNotes/2.48.0.txt
@@ -21,6 +21,24 @@ UI, Workflows & Features
 
  * Drop support for older libcURL and Perl.
 
+ * End-user experience of "git mergetool" when the command errors out
+   has been improved.
+
+ * "git bundle --unbundle" and "git clone" running on a bundle file
+   both learned to trigger fsck over the new objects with configurable
+   fck check levels.
+
+ * When "git fetch $remote" notices that refs/remotes/$remote/HEAD is
+   missing and discovers what branch the other side points with its
+   HEAD, refs/remotes/$remote/HEAD is updated to point to it.
+
+ * "git fetch" honors "remote.<remote>.followRemoteHEAD" settings to
+   tweak the remote-tracking HEAD in "refs/remotes/<remote>/HEAD".
+
+ * "git range-diff" learned to optionally show and compare merge
+   commits in the ranges being compared, with the --diff-merges
+   option.
+
 
 Performance, Internal Implementation, Development Support etc.
 --------------------------------------------------------------
@@ -29,15 +47,15 @@ Performance, Internal Implementation, Development Support etc.
 
  * The way AsciiDoc is used for SYNOPSIS part of the manual pages has
    been revamped.  The sources, at least for the simple cases, got
-   vastly pleasant to work with.
+   vastly more pleasant to work with.
 
  * The reftable library is now prepared to expect that the memory
    allocation function given to it may fail to allocate and to deal
    with such an error.
 
  * An extra worktree attached to a repository points at each other to
-   allow finding the repository from the worktree and vice versa
-   possible.  Turn this linkage to relative paths.
+   allow finding the repository from the worktree (and vice versa)
+   possible.  Use relative paths for this linkage.
 
  * Enable Windows-based CI in GitLab.
 
@@ -76,7 +94,7 @@ Performance, Internal Implementation, Development Support etc.
  * Update the project's CodingGuidelines to discourage naming functions
    with a "_1()" suffix.
 
- * Updates the '.clang-format' to match project conventions.
+ * Update '.clang-format' to match project conventions.
 
  * Centralize documentation for repository extensions into a single place.
 
@@ -98,7 +116,7 @@ Performance, Internal Implementation, Development Support etc.
  * The migration procedure between two ref backends has been optimized.
 
  * "git fsck" learned to issue warnings on "curiously formatted" ref
-   contents that have always been taken valid but something Git
+   contents that have always been treated as valid but that Git
    wouldn't have written itself (e.g., missing terminating end-of-line
    after the full object name).
 
@@ -107,18 +125,61 @@ Performance, Internal Implementation, Development Support etc.
  * Built-in Git subcommands are supplied the repository object to work
    with; they learned to do the same when they invoke sub-subcommands.
 
+ * Drop support for ancient environments in various CI jobs.
+
+ * Isolate the reftable subsystem from the rest of Git's codebase by
+   using fewer pieces of Git's infrastructure.
+
+ * Optimize reading random references out of the reftable backend by
+   allowing reuse of iterator objects.
+
+ * Backport oss-fuzz tests to our codebase.
+
+ * Introduce a new repository extension to prevent older Git versions
+   from mis-interpreting worktrees created with relative paths.
+
+ * Yet another "pass the repository through the callchain" topic.
+
+ * "git describe" learned to stop digging the history needlessly
+   deeper.
+
+ * Build procedure update plus introduction of Meson based builds.
+
+ * Recent reftable updates mistook a NULL return from a request for
+   0-byte allocation as OOM and died unnecessarily, which has been
+   corrected.
+
+ * Reftable backend adds check for upper limit of log's update_index.
+
+ * Start working to make the codebase buildable with -Wsign-compare.
+
+ * Regression fix for 'show-index' when run outside of a repository.
+
+ * The meson-build procedure is integrated into CI to catch and
+   prevent bitrotting.
+
+ * "git refs migrate" learned to also migrate the reflog data across
+   backends.
+
+ * The developer documentation has been updated to give the latest
+   info on gitk and git-gui maintainer.
+
+
+ * CI jobs that run threaded programs under LSan has been giving false
+   positives from time to time, which has been worked around.
+
 
 Fixes since v2.47
 -----------------
 
  * Doc update to clarify how periodical maintenance are scheduled,
-   spread across time to avoid thundering hurds.
+   spread across time to avoid thundering herds.
 
  * Use after free and double freeing at the end in "git log -L... -p"
    had been identified and fixed.
 
  * On macOS, fsmonitor can fall into a race condition that results in
-   a client waiting forever to be notified for an event that have
+   a client waiting forever to be notified about an event that has
    already happened.  This problem has been corrected.
 
  * "git maintenance start" crashed due to an uninitialized variable
@@ -142,7 +203,7 @@ Fixes since v2.47
  * The dumb-http code regressed when the result of re-indexing a pack
    yielded an *.idx file that differs in content from the *.idx file
    it downloaded from the remote. This has been corrected by no longer
-   relying on: the *.idx file we got from the remote.
+   relying on the *.idx file we got from the remote.
 
  * When called with '--left-right' and '--use-bitmap-index', 'rev-list'
    will produce output without any left/right markers, which has been
@@ -166,7 +227,7 @@ Fixes since v2.47
  * "git gc" discards any objects that are outside promisor packs that
    are referred to by an object in a promisor pack, and we do not
    refetch them from the promisor at runtime, resulting an unusable
-   repository.  Work it around by including these objects in the
+   repository.  Work around it by including these objects in the
    referring promisor pack at the receiving end of the fetch.
 
  * Avoid build/test breakage on a system without working malloc debug
@@ -204,8 +265,66 @@ Fixes since v2.47
 
  * The sequencer failed to honor core.commentString in some places.
 
+ * Describe a case where an option value needs to be spelled as a
+   separate argument, i.e. "--opt val", not "--opt=val".
+   (merge 1bc1e94091 jc/doc-opt-tilde-expand later to maint).
+
+ * Loosen overly strict ownership check introduced in the recent past,
+   to keep the promise "cloning a suspicious repository is a safe
+   first step to inspect it".
+   (merge 0ffb5a6bf1 bc/allow-upload-pack-from-other-people later to maint).
+
+ * "git fast-import" learned to reject paths with ".."  and "." as
+   their components to avoid creating invalid tree objects.
+   (merge 8cb4c6e62f en/fast-import-verify-path later to maint).
+
+ * The --ancestry-path option is designed to be given a commit that is
+   on the path, which was not documented, which has been corrected.
+   (merge bc1a980759 kk/doc-ancestry-path later to maint).
+
+ * "git tag" has been taught to refuse to create refs/tags/HEAD
+   since such a tag will be confusing in the context of the UI provided by
+   the Git Porcelain commands.
+   (merge bbd445d5ef jc/forbid-head-as-tagname later to maint).
+
+ * The advice messages now tell the newer 'git config set' command to
+   set the advice.token configuration variable to squelch a message.
+   (merge 6c397d0104 bf/explicit-config-set-in-advice-messages later to maint).
+
+ * The syntax ":/<text>" to name the latest commit with the matching
+   text was broken with a recent change, which has been corrected.
+   (merge 0ff919e87a ps/commit-with-message-syntax-fix later to maint).
+
+ * Fix performance regression of a recent "fatten promisor pack with
+   local objects" protection against an unwanted gc.
+
+ * "git log -p --remerge-diff --reverse" was completely broken.
+   (merge f94bfa1516 js/log-remerge-keep-ancestry later to maint).
+
+ * "git bundle create" with an annotated tag on the positive end of
+   the revision range had a workaround code for older limitation in
+   the revision walker, which has become unnecessary.
+   (merge dd1072dfa8 tc/bundle-with-tag-remove-workaround later to maint).
+
+ * GitLab CI updates.
+   (merge c6b43f663e ps/ci-gitlab-update later to maint).
+
+ * Code to reuse objects based on bitmap contents have been tightened
+   to avoid race condition even when multiple packs are involved.
+   (merge 62b3ec8a3f tb/bitmap-fix-pack-reuse later to maint).
+
+ * An earlier "csum-file checksum does not have to be computed with
+   sha1dc" topic had a few code paths that had initialized an
+   implementation of a hash function to be used by an unmatching hash
+   by mistake, which have been corrected.
+   (merge 599a63409b ps/weak-sha1-for-tail-sum-fix later to maint).
+
  * Other code cleanup, docfix, build fix, etc.
    (merge 77af53f56f aa/t7300-modernize later to maint).
    (merge dcd590a39d bf/t-readme-mention-reftable later to maint).
    (merge 68e3c69efa kh/trailer-in-glossary later to maint).
    (merge 91f88f76e6 tb/boundary-traversal-fix later to maint).
+   (merge 168ebb7159 jc/doc-error-message-guidelines later to maint).
+   (merge 18693d7d65 kh/doc-bundle-typofix later to maint).
+   (merge e2f5d3b491 kh/doc-update-ref-grammofix later to maint).
+   (merge 8525e92886 mh/doc-windows-home-env later to maint).
diff --git a/Documentation/RelNotes/2.48.1.txt b/Documentation/RelNotes/2.48.1.txt
new file mode 100644
index 0000000000..26c59b6e3b
--- /dev/null
+++ b/Documentation/RelNotes/2.48.1.txt
@@ -0,0 +1,7 @@
+Git v2.48.1 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3,
+v2.42.4, v2.43.6, v2.44.3, v2.45.3, v2.46.3, and v2.47.2 to address
+the security issues CVE-2024-50349 and CVE-2024-52006; see the release
+notes for these versions for details.
diff --git a/Documentation/RelNotes/2.49.0.txt b/Documentation/RelNotes/2.49.0.txt
new file mode 100644
index 0000000000..72984fea5d
--- /dev/null
+++ b/Documentation/RelNotes/2.49.0.txt
@@ -0,0 +1,140 @@
+Git v2.49 Release Notes
+=======================
+
+UI, Workflows & Features
+------------------------
+
+ * Completion script updates for zsh
+
+
+Performance, Internal Implementation, Development Support etc.
+--------------------------------------------------------------
+
+ * More -Wsign-compare fixes.
+
+ * meson-based build now supports the unsafe-sha1 build knob.
+
+ * The code to check LSan results has been simplified and made more
+   robust.
+   (merge 164a2516eb jk/lsan-race-ignore-false-positive later to maint).
+
+ * More code paths have a repository passed through the callchain,
+   instead of assuming the primary the_repository object.
+
+ * Move a few more unit tests to the clar test framework.
+
+ * Introduce a new API to visit objects in batches based on a common
+   path, or by type.
+
+ * Following the procedure we established to introduce breaking
+   changes for Git 3.0, allow an early opt-in for removing support of
+   $GIT_DIR/branches/ and $GIT_DIR/remotes/ directories to configure
+   remotes.
+
+
+Fixes since v2.48
+-----------------
+
+ * "git submodule" learned various ways to spell the same option,
+   e.g. "--branch=B" can be spelled "--branch B" or "-bB".
+   (merge b86f0f9071 re/submodule-parse-opt later to maint).
+
+ * Tweak the help text used for the option value placeholders by
+   parse-options API so that translations can customize the "<>"
+   placeholder signal (e.g. "--option=<value>").
+   (merge 5b34dd08d0 as/long-option-help-i18n later to maint).
+
+ * CI jobs gave sporadic failures, which turns out that that the
+   object finalization code was giving an error when it did not have
+   to.
+   (merge d7fcbe2c56 ps/object-collision-check later to maint).
+
+ * The code to compute "unique" name used git_rand() which can fail or
+   get stuck; the callsite does not require cryptographic security.
+   Introduce the "insecure" mode and use it appropriately.
+   (merge 0b4f8afef6 ps/reftable-get-random-fix later to maint).
+
+ * A misconfigured "fsck.skiplist" configuration variable was not
+   diagnosed as an error, which has been corrected.
+   (merge ca7158076f jt/fsck-skiplist-parse-fix later to maint).
+
+ * Extended SHA-1 expression parser did not work well when a branch
+   with an unusual name (e.g. "foo{bar") is involved.
+   (merge 191f0c8db2 en/object-name-with-funny-refname-fix later to maint).
+
+ * The meson build procedure looked for the 'version-def.h' file in a
+   wrong directory, which has been corrected.
+   (merge 4771501c0a tc/meson-use-our-version-def-h later to maint).
+
+ * The meson build procedure for Documentation/technical/ hierarchy was
+   missing necessary dependencies, which has been corrected.
+   (merge 1dca492edd sj/meson-doc-technical-dependency-fix later to maint).
+
+ * The "instaweb" bound only to local IP address without "--local" and
+   to all addresses with "--local", which was the other way around, when
+   using Python's http.server class, which has been corrected.
+   (merge 76baf97fa1 ak/instaweb-python-port-binding-fix later to maint).
+
+ * Document that it is insecure to use Personal Access Tokens, which
+   some hosting providers take as username/password, embedded in URLs.
+   (merge a90ff409f0 mh/doc-credential-helpers-with-pat later to maint).
+
+ * The help text from "git $cmd -h" appear on the standard output for
+   some $cmd and the standard error for others.  The built-in commands
+   have been fixed to show them on the standard output consistently.
+   (merge f66d1423f5 jc/show-usage-help later to maint).
+
+ * The meson-driven build is now aware of "git-subtree" housed in
+   contrib/subtree hierarchy.
+   (merge 8454b42f94 ps/build-meson-subtree later to maint).
+
+ * It was possible for "git unpack-objects" and "git index-pack" to
+   make an unaligned access, which has been corrected.
+   (merge 98046591b9 jk/pack-header-parse-alignment-fix later to maint).
+
+ * The "cache" credential back-end did not handle authtype correctly,
+   which has been corrected.
+   (merge 0b43274850 mh/credential-cache-authtype-request-fix later to maint).
+
+ * "git branch --sort=..." and "git for-each-ref --format=... --sort=..."
+   did not work as expected with some atoms, which has been corrected.
+   (merge c5490ce9d1 rs/ref-fitler-used-atoms-value-fix later to maint).
+
+ * reflog entries for symbolic ref updates were broken, which has been
+   corrected.
+   (merge 3519492430 kn/reflog-symref-fix later to maint).
+
+ * The trace2 code was not prepared to show a configuration variable
+   that is set to true using the valueless true syntax, which has been
+   corrected.
+   (merge 2fd367cf63 am/trace2-with-valueless-true later to maint).
+
+ * The "git refs migrate" command did not migrate the reflog for
+   refs/stash, which is the contents of the stashes, which has been
+   corrected.
+   (merge a0bea0978f ps/reflog-migration-with-logall-fix later to maint).
+
+ * Doc and short-help text for "show-index" has been clarified to
+   stress that the command reads its data from the standard input.
+   (merge 49edce4ff9 jc/show-index-h-update later to maint).
+
+ * The API around choosing to use unsafe variant of SHA-1
+   implementation has been updated in an attempt to make it harder to
+   abuse.
+   (merge 04292c3796 tb/unsafe-hash-cleanup later to maint).
+
+ * Fix bugs in an earlier attempt to fix "git refs migration".
+   (merge f11f0a5a2d kn/reflog-migration-fix-fix later to maint).
+
+ * Other code cleanup, docfix, build fix, etc.
+   (merge ddb5287894 jk/t7407-use-test-grep later to maint).
+   (merge 21e1b44865 aj/difftool-config-doc-fix later to maint).
+   (merge 6a63995335 mh/gitattr-doc-markup-fix later to maint).
+   (merge 43850dcf9c sk/unit-test-hash later to maint).
+   (merge 4ad47d2de3 jc/cli-doc-option-and-config later to maint).
+   (merge 2d0ff147e5 jp/t8002-printf-fix later to maint).
+   (merge 69666e6746 ja/doc-restore-markup-update later to maint).
+   (merge d11d003ba5 sk/strlen-returns-size_t later to maint).
+   (merge 77b2d29e91 ja/doc-notes-markup-updates later to maint).
+   (merge 6979bf6f8f jk/combine-diff-cleanup later to maint).
+   (merge 8705c9bd13 kn/pack-write-with-reduced-globals later to maint).