* maint-2.44:
Git 2.44.4
Git 2.43.7
wincred: avoid buffer overflow in wcsncat()
bundle-uri: fix arbitrary file writes via parameter injection
config: quote values containing CR character
git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls
git-gui: do not mistake command arguments as redirection operators
git-gui: introduce function git_redir for git calls with redirections
git-gui: pass redirections as separate argument to git_read
git-gui: pass redirections as separate argument to _open_stdout_stderr
git-gui: convert git_read*, git_write to be non-variadic
git-gui: override exec and open only on Windows
gitk: sanitize 'open' arguments: revisit recently updated 'open' calls
git-gui: use git_read in githook_read
git-gui: sanitize $PATH on all platforms
git-gui: break out a separate function git_read_nice
git-gui: assure PATH has only absolute elements.
git-gui: remove option --stderr from git_read
git-gui: cleanup git-bash menu item
git-gui: sanitize 'exec' arguments: background
git-gui: avoid auto_execok in do_windows_shortcut
git-gui: sanitize 'exec' arguments: simple cases
git-gui: avoid auto_execok for git-bash menu item
git-gui: treat file names beginning with "|" as relative paths
git-gui: remove unused proc is_shellscript
git-gui: remove git config --list handling for git < 1.5.3
git-gui: remove special treatment of Windows from open_cmd_pipe
git-gui: remove HEAD detachment implementation for git < 1.5.3
git-gui: use only the configured shell
git-gui: remove Tcl 8.4 workaround on 2>@1 redirection
git-gui: make _shellpath usable on startup
git-gui: use [is_Windows], not bad _shellpath
git-gui: _which, only add .exe suffix if not present
gitk: encode arguments correctly with "open"
gitk: sanitize 'open' arguments: command pipeline
gitk: collect construction of blameargs into a single conditional
gitk: sanitize 'open' arguments: simple commands, readable and writable
gitk: sanitize 'open' arguments: simple commands with redirections
gitk: sanitize 'open' arguments: simple commands
gitk: sanitize 'exec' arguments: redirect to process
gitk: sanitize 'exec' arguments: redirections and background
gitk: sanitize 'exec' arguments: redirections
gitk: sanitize 'exec' arguments: 'eval exec'
gitk: sanitize 'exec' arguments: simple cases
gitk: have callers of diffcmd supply pipe symbol when necessary
gitk: treat file names beginning with "|" as relative paths
Signed-off-by: Taylor Blau <me@ttaylorr.com>
This addresses CVE-2025-27613, Gitk can create and truncate a user's
files:
When a user clones an untrusted repository and runs gitk without
additional command arguments, files for which the user has write
permission can be created and truncated. The option "Support per-file
encoding" must have been enabled before in Gitk's Preferences. This
option is disabled by default.
The same happens when "Show origin of this line" is used in the main
window (regardless of whether "Support per-file encoding" is enabled or
not).
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
This addresses CVE-2025-27614, Arbitrary command execution with Gitk:
A Git repository can be crafted in such a way that with some social
engineering a user who has cloned the repository can be tricked into
running any script (e.g., Bourne shell, Perl, Python, ...) supplied by
the attacker by invoking `gitk filename`, where `filename` has a
particular structure. The script is run with the privileges of the user.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
In GNU Make commit 07fcee35 ([SV 64815] Recipe lines cannot contain
conditional statements, 2023-05-22) and following, conditional
statements may no longer be preceded by a tab character (which Make
refers to as the recipe prefix).
There are a handful of spots in our various Makefile(s) which will break
in a future release of Make containing 07fcee35. For instance, trying to
compile the pre-image of this patch with the tip of make.git results in
the following:
$ make -v | head -1 && make
GNU Make 4.4.90
config.mak.uname:842: *** missing 'endif'. Stop.
The kernel addressed this issue in 82175d1f9430 (kbuild: Replace tabs
with spaces when followed by conditionals, 2024-01-28). Address the
issues in Git's tree by applying the same strategy.
When a conditional word (ifeq, ifneq, ifdef, etc.) is preceded by one or
more tab characters, replace each tab character with 8 space characters
with the following:
find . -type f -not -path './.git/*' -name Makefile -or -name '*.mak' |
xargs perl -i -pe '
s/(\t+)(ifn?eq|ifn?def|else|endif)/" " x (length($1) * 8) . $2/ge unless /\\$/
'
The "unless /\\$/" removes any false-positives (like "\telse \"
appearing within a shell script as part of a recipe).
After doing so, Git compiles on newer versions of Make:
$ make -v | head -1 && make
GNU Make 4.4.90
GIT_VERSION = 2.44.0.414.gfac1dc44ca9
[...]
$ echo $?
0
Reported-by: Dario Gjorgjevski <dario.gjorgjevski@gmail.com>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
These sites offer https versions of their content.
Using the https versions provides some protection for users.
Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
It's somewhat traditional to respect sites' self-identification.
Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* paulus/master:
gitk: Resize panes correctly when reducing window size
gitk: replace tabs with spaces
gitk: fix the context menu not appearing in the presence of submodule diffs
gitk: Un-hide selection in areas with non-default background color
gitk: add diff lines background colors
gitk: be prepared to be run in a bare repository
gitk: Preserve window dimensions on exit when not using ttk themes
gitk: don't highlight files after submodules as submodules
gitk: fix branch name encoding error
gitk: rename "commit summary" to "commit reference"
* 'master' of git://ozlabs.org/~paulus/gitk:
gitk: Do not mistake unchanged lines for submodule changes
gitk: Use right colour for remote refs in the "Tags and heads" dialog
gitk: Add Chinese (zh_CN) translation
gitk: Make web links clickable
* 'master' of git://ozlabs.org/~paulus/gitk:
gitk: Remove translated message from comments
gitk: ru.po: Update Russian translation
gitk: Update copyright notice to 2016
gitk: Clear array 'commitinfo' on reload
gitk: Remove closed file descriptors from $blobdifffd
gitk: Turn off undo manager in the text widget
gitk: Fix Japanese translation for "marked commit"
gitk: Fix missing commits when using -S or -G
gitk: Use explicit RGB green instead of "lime"
gitk: Add Portuguese translation
gitk: Makefile: create install bin directory
gitk: Include commit title in branch dialog
gitk: Allow checking out a remote branch
gitk: Add a 'rename' option to the branch context menu
* 'master' of git://ozlabs.org/~paulus/gitk:
gitk: Follow themed bgcolor in help dialogs
gitk: fr.po: Sync translations with git
gitk: Update French translation (311t)
gitk: Update German translation
gitk: Update Bulgarian translation (311t)
* git://ozlabs.org/~paulus/gitk:
gitk: sv.po: Update Swedish translation (311t)
gitk: Let .bleft.mid widgets 'breathe'
gitk: Match ttk fonts to gitk fonts
gitk: Update revision date in Japanese PO file
gitk: Update "Language:" header
gitk: Improve translation message
gitk: Remove unused line
gitk: Update year
gitk: Change last translator line
gitk: Update fuzzy messages
gitk: Update Japanese translation
gitk: Fix translation around copyright sign
gitk: Update Japanese translation
gitk: Fix wrong translation
gitk: Translate Japanese catalog
gitk: Translate more to Japanese catalog
gitk: Update Japanese message catalog
gitk: Re-sync line number in Japanese message catalogue
gitk: Color name update
* git://ozlabs.org/~paulus/gitk:
gitk: Accelerators for the main menu
gitk: Adjust the menu line numbers to compensate for the new entry
gitk: Add a "Copy commit summary" command
gitk: Update Bulgarian translation (307t)
gitk: Update .po files
gitk: Update Bulgarian translation (304t)
gitk: Use translated version of "Command line" in getcommitlines
gitk: Make it easier to go quickly to a specific commit
gitk: Show the current view's name in the window title
gitk: Add mouse right-click options to copy path and branch name
gitk: Remove mc parameter from proc show_error
gitk: Fix error when changing colors after closing "List references" window
gitk: Replace catch {unset foo} with unset -nocomplain foo
gitk: Rearrange window title to be more conventional
gitk: sv.po: Update Swedish translation (305t0f0u)
gitk: Fix bad English grammar "Matches none Commit Info"
* 'master' of git://ozlabs.org/~paulus/gitk:
gitk: Update .po files
gitk: l10n: Add Catalan translation
gitk: Fix typo in Russian translation
gitk: Remove tcl-format flag from a message that shouldn't have it
gitk: Pass --invert-grep option down to "git log"
gitk: Synchronize config file writes
gitk: Report errors in saving config file
gitk: Only write changed configuration variables
gitk: Enable mouse horizontal scrolling in diff pane
gitk: Default wrcomcmd to use --pretty=email
* git://ozlabs.org/~paulus/gitk:
gitk: Remove boilerplate for configuration variables
gitk: Show detached HEAD if --all is specified
gitk: Do not depend on Cygwin's "kill" command on Windows
* master~2:
gitk: Show staged submodules regardless of ignore config
gitk: Allow displaying time zones from author and commit dates timestamps
gitk: Switch to patch mode when searching for line origin
gitk: Replace SHA1 entry field on keyboard paste
l10n: Init Vietnamese translation
* 'master' of git://ozlabs.org/~paulus/gitk:
gitk: Indent word-wrapped lines in commit display header
gitk: Comply with XDG base directory specification
gitk: Replace "next" and "prev" buttons with down and up arrows
gitk: chmod +x po2msg.sh
gitk: Update copyright dates
gitk: Add Bulgarian translation (304t)
gitk: Fix mistype
* git://ozlabs.org/~paulus/gitk:
gitk: Recognize -L option
gitk: Support showing the gathered inline diffs
gitk: Split out diff part in $commitinfo
gitk: Refactor per-line part of getblobdiffline and its support
gitk: Support -G option from the command line
gitk: Tag display improvements
* git://ozlabs.org/~paulus/gitk:
gitk: On OSX, bring the gitk window to front
gitk: Add support for -G'regex' pickaxe variant
gitk: Add menu item for reverting commits
gitk: Simplify file filtering
gitk: Display the date of a tag in a human-friendly way
gitk: Improve behaviour of drop-down lists
gitk: Move hard-coded colors to .gitk
* git://ozlabs.org/~paulus/gitk:
gitk: Display important heads even when there are many
gitk: Improve display of list of nearby tags and heads
gitk: Fix display of branch names on some commits
gitk: Update Swedish translation (296t)
gitk: When searching, only highlight files when in Patch mode
gitk: Fix error message when clicking on a connecting line
gitk: Fix crash when not using themed widgets
gitk: Use bindshiftfunctionkey to bind Shift-F5
gitk: Refactor code for binding modified function keys
gitk: Work around empty back and forward images when buttons are disabled
gitk: Highlight first search result immediately on incremental search
gitk: Highlight current search hit in orange
gitk: Synchronize highlighting in file view when scrolling diff
After overwriting a tag with a new tag, "Reread references" action
in "gitk" correctly moved the marker in the display, but it failed
to discard a cached contents of the tag (even "Reload" didn't).
* da/gitk-reload-tag-contents:
gitk: Rename 'tagcontents' to 'cached_tagcontent'
gitk: Teach "Reread references" to reload tags
gitk: Avoid Meta1-F5
* git://ozlabs.org/~paulus/gitk:
gitk: Teach gitk to respect log.showroot
gitk: Add menu items for comparing a commit with the marked commit
gitk: Speed up resolution of short SHA1 ids
gitk: Use symbolic font names "sans" and "monospace" when available
gitk: Skip over AUTHOR/COMMIT_DATE when searching all fields
gitk: Make "git describe" output clickable, too
gitk: Fix the display of files when filtered by path
gitk: Use a tabbed dialog to edit preferences
gitk: Use "gitk: repo-top-level-dir" as window title
* git://ozlabs.org/~paulus/gitk:
gitk: Make vi-style keybindings more vi-like
gitk: Make "touching paths" search support backslashes
gitk: Show modified files with separate work tree
gitk: Simplify calculation of gitdir
gitk: Run 'git rev-parse --git-dir' only once
gitk: Put temporary directory inside .git
gitk: Fix "External diff" with separate work tree
gitk: Fix "blame parent commit" with separate work tree
gitk: Fix "show origin of this line" with separate work tree
gitk: Fix file highlight when run in subdirectory
gitk: Update copyright
gitk: When a commit contains a note, mark it with a yellow box
gitk: Remember time zones from author and commit timestamps
gitk: Remove unused $cdate array
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Update cherry-pick error message parsing
gitk: Quote tag names in event bindings to avoid problems with % chars
gitk: Allow user to control how much of the SHA1 ID gets auto-selected
gitk: spelling fixes in Russian translation
gitk: Take only numeric version components when computing $git_version
The executable bit on gitk-git/gitk was lost (accidentally it seems) by
commit 62ba5143ec. Put it back, so that
gitk can be run directly from a git.git checkout.
Note that the script is already executable in gitk.git, just not in
git.git.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Add Brazilian Portuguese (pt-BR) translation
gitk: Make text selectable on Mac
gitk: Prevent the text pane from becoming editable
gitk: Add the equivalent of diff --color-words
gitk: Update Swedish translation (290t)
gitk: Show notes by default (like git log does)
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Display dirty submodules correctly
gitk: Fix display of copyright symbol
gitk: Add emacs editor variable block
gitk: Avoid calling tk_setPalette on Windows
gitk: Don't clobber "Remember this view" setting
gitk: Add comments to explain encode_view_opts and decode_view_opts
gitk: Use consistent font for all text input fields
gitk: Set the font for all listbox widgets
gitk: Set the font for all spinbox widgets
gitk: Remove forced use of sans-serif font
gitk: Add Ctrl-W shortcut for closing the active window
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Fix selection of tags
gitk: Default to the system colours on Windows
gitk: Update Japanese translation
gitk: Fix "git gui blame" invocation when called from top-level directory
gitk: Disable checkout of remote branches
gitk: Improve appearance of radiobuttons and checkbuttons
gitk: Skip translation of "wrong Tcl version" message
gitk: Add Japanese translation
gitk: Use the --submodule option for displaying diffs when available
gitk: Fix diffing committed -> staged (typo in diffcmd)
gitk: Add configuration for UI colour scheme
gitk: Don't compare fake children when comparing commits
gitk: Show diff of commits at end of compare-commits output
gitk: Add a user preference to enable/disable use of themed widgets
gitk: Fix errors in the theme patch
gitk: Use themed tk widgets
gitk: Restore scrolling position of diff pane on back/forward in history
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Work around leftover temporary save file
gitk: Show diff of commits at end of compare-commits output
gitk: Update Swedish translation (280t0f0u)
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Parse arbitrary commit-ish in SHA1 field
gitk: Fix direction of symmetric difference in optimized mode
gitk: New option to hide remote refs
gitk: Do not hard-code "encoding" in attribute lookup functions
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Allow diff view without context lines
gitk: Add another string to translation
gitk: Add option 'Simple history' to the options menu
gitk: Handle msysGit version during version comparisons
gitk: Make more options easily accessible from Edit View dialog
gitk: Check git version before using --textconv flag
gitk: Use --textconv to generate diff text
gitk: Update German translation.
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Add Russian translation
gitk: Fix compare-commits function when we have local changes
gitk: Avoid crash if closed while reading references
gitk: Handle external diff tool with spaces in the path
gitk: Remember and restore the window state with the geometry
gitk: Map KP_Divide to focus the search box
gitk: Mark some more strings for translation
gitk: Mark forgotten string for translation
gitk: Make .gitk a hidden file under windows
gitk: Add a command to compare two strings of commits
gitk: Add a way to mark a commit, plus a "find descendant" command
gitk: Fixes for Mac OS X TkAqua
gitk: Provide a 32x32 window icon based on the git logo
gitk: Provide a window icon if possible
gitk: Handle blobs containing a DOS end-of-file marker
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Force the focus to the main window on Windows
gitk: Allow unbalanced quotes/braces in commit headers
gitk: Update German translation
gitk: Mark forgotten strings (header sentence parts in color chooser) for translation
gitk: Ensure that "Reset branch" menu entry is enabled
gitk: Use check-buttons' -text property instead of separate labels
gitk: Map / to focus the search box
gitk: Fix bugs in blaming code
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Add a menu option to start git gui
gitk: Make line origin search update the busy status
gitk: Update German translation
gitk: Fix bug in accessing undefined "notflag" variable
gitk: Highlight only when search type is "containing:".
gitk: Fix context menu items for generating diffs when in tree mode
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Avoid handling the Return key twice in Add Branch
gitk: Show local changes properly when we have a path limit
gitk: Fix switch statement in parseviewargs
gitk: Index line[hnd]tag arrays by id rather than row number
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Fix linehtag undefined error with file highlighting
gitk: Fix commit encoding support
gitk: Fix transient windows on Win32 and MacOS
gitk: Add accelerators to frequently used menu commands
gitk: Implement a user-friendly Edit View dialog
gitk: Improve cherry-pick error handling
gitk: Make cherry-pick call git-citool on conflicts
gitk: Make gitk dialog windows transient
gitk: Add Return and Escape bindings to dialogs
gitk: Cope with unmerged files in local changes
gitk: Make "show origin of this line" work on fake commits
gitk: Unify handling of merge diffs with normal 2-way diffs
gitk: Make the background color of marked lines configurable
gitk: Add a menu item to show where a given line comes from
gitk: Fix some off-by-one errors in computing which line to blame
gitk: Allow starting gui blame for a specific line
gitk: Fix file list context menu for merge commits
gitk: Allow forcing branch creation if it already exists
Taylor Blau