From d677db86d9fa98b063846ed461312eb04fe23ba5 Mon Sep 17 00:00:00 2001
From: Andy Whitcroft <apw@shadowen.org>
Date: Mon, 8 Jan 2007 11:45:44 +0000
Subject: [PATCH 01/16] ssh-upload: prevent buffer overrun

Prevent a client from overrunning the on stack ref buffer.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 ssh-upload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssh-upload.c b/ssh-upload.c
index 0b52ae15cb..901e0366df 100644
--- a/ssh-upload.c
+++ b/ssh-upload.c
@@ -67,7 +67,7 @@ static int serve_ref(int fd_in, int fd_out)
 	int posn = 0;
 	signed char remote = 0;
 	do {
-		if (read(fd_in, ref + posn, 1) < 1)
+		if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1)
 			return -1;
 		posn++;
 	} while (ref[posn - 1]);

From 521f9c4def9430526bfdfffdb8ed4c2f4166bece Mon Sep 17 00:00:00 2001
From: Michael Loeffler <zvpunry@zvpunry.de>
Date: Mon, 8 Jan 2007 20:23:13 +0100
Subject: [PATCH 02/16] git-commit: do not fail to print the diffstat even if
 there is a file named HEAD

Signed-off-by: Michael Loeffler <zvpunry@zvpunry.de>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 git-commit.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/git-commit.sh b/git-commit.sh
index 04aad5e5da..c2beb76fe4 100755
--- a/git-commit.sh
+++ b/git-commit.sh
@@ -628,7 +628,7 @@ then
 	if test -z "$quiet"
 	then
 		echo "Created${initial_commit:+ initial} commit $commit"
-		git-diff-tree --shortstat --summary --root --no-commit-id HEAD
+		git-diff-tree --shortstat --summary --root --no-commit-id HEAD --
 	fi
 fi
 

From d84029b6738197fa409861597934b29bbebad262 Mon Sep 17 00:00:00 2001
From: Junio C Hamano <junkio@cox.net>
Date: Mon, 8 Jan 2007 13:59:15 -0800
Subject: [PATCH 03/16] --utf8 is now default for 'git-am'

Since we are talking about allowing potentially incompatible UI
changes in v1.5.0 iff the change improves the general situation,
I would say why not.

There is --no-utf8 flag to avoid re-coding from botching the log
message just in case, but we may not even need it.

Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 Documentation/git-am.txt | 19 ++++++++++++++++---
 git-am.sh                |  8 +++++---
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/Documentation/git-am.txt b/Documentation/git-am.txt
index 910457d3b3..53e81cb103 100644
--- a/Documentation/git-am.txt
+++ b/Documentation/git-am.txt
@@ -9,7 +9,7 @@ git-am - Apply a series of patches in a mailbox
 SYNOPSIS
 --------
 [verse]
-'git-am' [--signoff] [--dotest=<dir>] [--utf8] [--binary] [--3way]
+'git-am' [--signoff] [--dotest=<dir>] [--utf8 | --no-utf8] [--binary] [--3way]
          [--interactive] [--whitespace=<option>] <mbox>...
 'git-am' [--skip | --resolved]
 
@@ -29,8 +29,21 @@ OPTIONS
 	Instead of `.dotest` directory, use <dir> as a working
 	area to store extracted patches.
 
---utf8, --keep::
-	Pass `-u` and `-k` flags to `git-mailinfo` (see
+--keep::
+	Pass `-k` flag to `git-mailinfo` (see gitlink:git-mailinfo[1]).
+
+--utf8::
+	Pass `-u` flag to `git-mailinfo` (see gitlink:git-mailinfo[1]).
+	The proposed commit log message taken from the e-mail
+	are re-coded into UTF-8 encoding (configuration variable
+	`i18n.commitencoding` can be used to specify project's
+	preferred encoding if it is not UTF-8).
++
+This was optional in prior versions of git, but now it is the
+default.   You could use `--no-utf8` to override this.
+
+--no-utf8::
+	Do not pass `-u` flag to `git-mailinfo` (see
 	gitlink:git-mailinfo[1]).
 
 --binary::
diff --git a/git-am.sh b/git-am.sh
index 7c0bb6084b..d9eb79d1aa 100755
--- a/git-am.sh
+++ b/git-am.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2005, 2006 Junio C Hamano
 
-USAGE='[--signoff] [--dotest=<dir>] [--utf8] [--binary] [--3way]
+USAGE='[--signoff] [--dotest=<dir>] [--utf8 | --no-utf8] [--binary] [--3way]
   [--interactive] [--whitespace=<option>] <mbox>...
   or, when resuming [--skip | --resolved]'
 . git-sh-setup
@@ -105,7 +105,7 @@ It does not apply to blobs recorded in its index."
 }
 
 prec=4
-dotest=.dotest sign= utf8= keep= skip= interactive= resolved= binary= ws= resolvemsg=
+dotest=.dotest sign= utf8=t keep= skip= interactive= resolved= binary= ws= resolvemsg=
 
 while case "$#" in 0) break;; esac
 do
@@ -128,7 +128,9 @@ do
 	-s|--s|--si|--sig|--sign|--signo|--signof|--signoff)
 	sign=t; shift ;;
 	-u|--u|--ut|--utf|--utf8)
-	utf8=t; shift ;;
+	shift ;; # this is now default
+	--no-u|--no-ut|--no-utf|--no-utf8)
+	utf8=; shift ;;
 	-k|--k|--ke|--kee|--keep)
 	keep=t; shift ;;
 

From 0f018baba654347b5ce746253b99d59707f80184 Mon Sep 17 00:00:00 2001
From: Junio C Hamano <junkio@cox.net>
Date: Mon, 8 Jan 2007 14:40:33 -0800
Subject: [PATCH 04/16] --prune is now default for 'pack-refs'

There is no reason not to, really.

Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 Documentation/git-pack-refs.txt | 9 +++++----
 builtin-pack-refs.c             | 9 +++++++--
 t/t3210-pack-refs.sh            | 2 +-
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/Documentation/git-pack-refs.txt b/Documentation/git-pack-refs.txt
index 5da5105771..464269fbb9 100644
--- a/Documentation/git-pack-refs.txt
+++ b/Documentation/git-pack-refs.txt
@@ -7,7 +7,7 @@ git-pack-refs - Pack heads and tags for efficient repository access
 
 SYNOPSIS
 --------
-'git-pack-refs' [--all] [--prune]
+'git-pack-refs' [--all] [--no-prune]
 
 DESCRIPTION
 -----------
@@ -40,10 +40,11 @@ developed and packing their tips does not help performance.
 This option causes branch tips to be packed as well.  Useful for
 a repository with many branches of historical interests.
 
-\--prune::
+\--no-prune::
+
+The command usually removes loose refs under `$GIT_DIR/refs`
+hierarchy after packing them.  This option tells it not to.
 
-After packing the refs, remove loose refs under `$GIT_DIR/refs`
-hierarchy.  This should probably become default.
 
 Author
 ------
diff --git a/builtin-pack-refs.c b/builtin-pack-refs.c
index 8dc5b9efff..6de7128b9d 100644
--- a/builtin-pack-refs.c
+++ b/builtin-pack-refs.c
@@ -4,7 +4,7 @@
 #include "tag.h"
 
 static const char builtin_pack_refs_usage[] =
-"git-pack-refs [--all] [--prune]";
+"git-pack-refs [--all] [--prune | --no-prune]";
 
 struct ref_to_prune {
 	struct ref_to_prune *next;
@@ -90,10 +90,15 @@ int cmd_pack_refs(int argc, const char **argv, const char *prefix)
 
 	memset(&cbdata, 0, sizeof(cbdata));
 
+	cbdata.prune = 1;
 	for (i = 1; i < argc; i++) {
 		const char *arg = argv[i];
 		if (!strcmp(arg, "--prune")) {
-			cbdata.prune = 1;
+			cbdata.prune = 1; /* now the default */
+			continue;
+		}
+		if (!strcmp(arg, "--no-prune")) {
+			cbdata.prune = 0;
 			continue;
 		}
 		if (!strcmp(arg, "--all")) {
diff --git a/t/t3210-pack-refs.sh b/t/t3210-pack-refs.sh
index b1e9f2eed2..16bdae4f23 100755
--- a/t/t3210-pack-refs.sh
+++ b/t/t3210-pack-refs.sh
@@ -34,7 +34,7 @@ test_expect_success \
     'see if a branch still exists when packed' \
     'git-branch b &&
      git-pack-refs --all &&
-     rm .git/refs/heads/b &&
+     rm -f .git/refs/heads/b &&
      echo "$SHA1 refs/heads/b" >expect &&
      git-show-ref b >result &&
      diff expect result'

From e08140568a131bcd26e64a0bc8188040847be998 Mon Sep 17 00:00:00 2001
From: Andy Whitcroft <apw@shadowen.org>
Date: Mon, 8 Jan 2007 15:57:52 +0000
Subject: [PATCH 05/16] short i/o: clean up the naming for the
 write_{in,or}_xxx family

We recently introduced a write_in_full() which would either write
the specified object or emit an error message and fail.  In order
to fix the read side we now want to introduce a read_in_full()
but without an error emit.  This patch cleans up the naming
of this family of calls:

1) convert the existing write_or_whine() to write_or_whine_pipe()
   to better indicate its pipe specific nature,
2) convert the existing write_in_full() calls to write_or_whine()
   to better indicate its nature,
3) introduce a write_in_full() providing a write or fail semantic,
   and
4) convert write_or_whine() and write_or_whine_pipe() to use
   write_in_full().

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 cache.h        |  3 +-
 send-pack.c    |  4 +--
 trace.c        |  4 +--
 write_or_die.c | 90 ++++++++++++++++++++++++++++----------------------
 4 files changed, 57 insertions(+), 44 deletions(-)

diff --git a/cache.h b/cache.h
index 36be64e386..38a20a8069 100644
--- a/cache.h
+++ b/cache.h
@@ -433,9 +433,10 @@ extern char *git_log_output_encoding;
 
 extern int copy_fd(int ifd, int ofd);
 extern void read_or_die(int fd, void *buf, size_t count);
-extern int write_in_full(int fd, const void *buf, size_t count, const char *);
+extern int write_in_full(int fd, const void *buf, size_t count);
 extern void write_or_die(int fd, const void *buf, size_t count);
 extern int write_or_whine(int fd, const void *buf, size_t count, const char *msg);
+extern int write_or_whine_pipe(int fd, const void *buf, size_t count, const char *msg);
 
 /* pager.c */
 extern void setup_pager(void);
diff --git a/send-pack.c b/send-pack.c
index c195d080db..6756264b29 100644
--- a/send-pack.c
+++ b/send-pack.c
@@ -65,14 +65,14 @@ static int pack_objects(int fd, struct ref *refs)
 			memcpy(buf + 1, sha1_to_hex(refs->old_sha1), 40);
 			buf[0] = '^';
 			buf[41] = '\n';
-			if (!write_in_full(pipe_fd[1], buf, 42,
+			if (!write_or_whine(pipe_fd[1], buf, 42,
 						"send-pack: send refs"))
 				break;
 		}
 		if (!is_null_sha1(refs->new_sha1)) {
 			memcpy(buf, sha1_to_hex(refs->new_sha1), 40);
 			buf[40] = '\n';
-			if (!write_in_full(pipe_fd[1], buf, 41,
+			if (!write_or_whine(pipe_fd[1], buf, 41,
 						"send-pack: send refs"))
 				break;
 		}
diff --git a/trace.c b/trace.c
index 495e5ed92a..27fef868c4 100644
--- a/trace.c
+++ b/trace.c
@@ -101,7 +101,7 @@ void trace_printf(const char *format, ...)
 	nfvasprintf(&trace_str, format, rest);
 	va_end(rest);
 
-	write_or_whine(fd, trace_str, strlen(trace_str), err_msg);
+	write_or_whine_pipe(fd, trace_str, strlen(trace_str), err_msg);
 
 	free(trace_str);
 
@@ -139,7 +139,7 @@ void trace_argv_printf(const char **argv, int count, const char *format, ...)
 	strncpy(trace_str + format_len, argv_str, argv_len);
 	strcpy(trace_str + trace_len - 1, "\n");
 
-	write_or_whine(fd, trace_str, trace_len, err_msg);
+	write_or_whine_pipe(fd, trace_str, trace_len, err_msg);
 
 	free(argv_str);
 	free(format_str);
diff --git a/write_or_die.c b/write_or_die.c
index 6db1d3123d..613c0c3f6e 100644
--- a/write_or_die.c
+++ b/write_or_die.c
@@ -35,49 +35,61 @@ void write_or_die(int fd, const void *buf, size_t count)
 	}
 }
 
+int write_in_full(int fd, const void *buf, size_t count)
+{
+	const char *p = buf;
+	ssize_t total = 0;
+	ssize_t wcount = 0;
+
+	while (count > 0) {
+		wcount = xwrite(fd, p, count);
+		if (wcount <= 0) {
+			if (total)
+				return total;
+			else
+				return wcount;
+		}
+		count -= wcount;
+		p += wcount;
+		total += wcount;
+	}
+
+	return wcount;
+}
+
+int write_or_whine_pipe(int fd, const void *buf, size_t count, const char *msg)
+{
+	ssize_t written;
+
+	written = write_in_full(fd, buf, count);
+	if (written == 0) {
+		fprintf(stderr, "%s: disk full?\n", msg);
+		return 0;
+	}
+	else if (written < 0) {
+		if (errno == EPIPE)
+			exit(0);
+		fprintf(stderr, "%s: write error (%s)\n",
+			msg, strerror(errno));
+		return 0;
+	}
+
+	return 1;
+}
+
 int write_or_whine(int fd, const void *buf, size_t count, const char *msg)
 {
-	const char *p = buf;
 	ssize_t written;
 
-	while (count > 0) {
-		written = xwrite(fd, p, count);
-		if (written == 0) {
-			fprintf(stderr, "%s: disk full?\n", msg);
-			return 0;
-		}
-		else if (written < 0) {
-			if (errno == EPIPE)
-				exit(0);
-			fprintf(stderr, "%s: write error (%s)\n",
-				msg, strerror(errno));
-			return 0;
-		}
-		count -= written;
-		p += written;
-	}
-
-	return 1;
-}
-
-int write_in_full(int fd, const void *buf, size_t count, const char *msg)
-{
-	const char *p = buf;
-	ssize_t written;
-
-	while (count > 0) {
-		written = xwrite(fd, p, count);
-		if (written == 0) {
-			fprintf(stderr, "%s: disk full?\n", msg);
-			return 0;
-		}
-		else if (written < 0) {
-			fprintf(stderr, "%s: write error (%s)\n",
-				msg, strerror(errno));
-			return 0;
-		}
-		count -= written;
-		p += written;
+	written = write_in_full(fd, buf, count);
+	if (written == 0) {
+		fprintf(stderr, "%s: disk full?\n", msg);
+		return 0;
+	}
+	else if (written < 0) {
+		fprintf(stderr, "%s: write error (%s)\n",
+			msg, strerror(errno));
+		return 0;
 	}
 
 	return 1;

From 93d26e4cb9cec2eb8abb4f37e6dda2c86fcceeac Mon Sep 17 00:00:00 2001
From: Andy Whitcroft <apw@shadowen.org>
Date: Mon, 8 Jan 2007 15:58:08 +0000
Subject: [PATCH 06/16] short i/o: fix calls to read to use xread or
 read_in_full

We have a number of badly checked read() calls.  Often we are
expecting read() to read exactly the size we requested or fail, this
fails to handle interrupts or short reads.  Add a read_in_full()
providing those semantics.  Otherwise we at a minimum need to check
for EINTR and EAGAIN, where this is appropriate use xread().

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 builtin-grep.c           |  2 +-
 builtin-tar-tree.c       |  2 +-
 builtin-upload-archive.c |  2 +-
 cache.h                  |  1 +
 dir.c                    |  2 +-
 http-fetch.c             |  2 +-
 http-push.c              |  2 +-
 imap-send.c              |  4 ++--
 index-pack.c             |  2 +-
 local-fetch.c            |  2 +-
 path.c                   |  2 +-
 refs.c                   |  2 +-
 sha1_file.c              |  2 +-
 ssh-fetch.c              | 11 +++++++----
 ssh-upload.c             | 25 +++++++++++--------------
 upload-pack.c            |  4 ++--
 write_or_die.c           | 29 +++++++++++++++++++++++------
 17 files changed, 57 insertions(+), 39 deletions(-)

diff --git a/builtin-grep.c b/builtin-grep.c
index 3b1b1cbbfa..2bfbdb7140 100644
--- a/builtin-grep.c
+++ b/builtin-grep.c
@@ -136,7 +136,7 @@ static int grep_file(struct grep_opt *opt, const char *filename)
 	if (i < 0)
 		goto err_ret;
 	data = xmalloc(st.st_size + 1);
-	if (st.st_size != xread(i, data, st.st_size)) {
+	if (st.st_size != read_in_full(i, data, st.st_size)) {
 		error("'%s': short read %s", filename, strerror(errno));
 		close(i);
 		free(data);
diff --git a/builtin-tar-tree.c b/builtin-tar-tree.c
index 11e62fc141..ad802fc1aa 100644
--- a/builtin-tar-tree.c
+++ b/builtin-tar-tree.c
@@ -74,7 +74,7 @@ int cmd_get_tar_commit_id(int argc, const char **argv, const char *prefix)
 	char *content = buffer + RECORDSIZE;
 	ssize_t n;
 
-	n = xread(0, buffer, HEADERSIZE);
+	n = read_in_full(0, buffer, HEADERSIZE);
 	if (n < HEADERSIZE)
 		die("git-get-tar-commit-id: read error");
 	if (header->typeflag[0] != 'g')
diff --git a/builtin-upload-archive.c b/builtin-upload-archive.c
index e4156f8f48..48ae09e9b5 100644
--- a/builtin-upload-archive.c
+++ b/builtin-upload-archive.c
@@ -91,7 +91,7 @@ static void process_input(int child_fd, int band)
 	char buf[16384];
 	ssize_t sz = read(child_fd, buf, sizeof(buf));
 	if (sz < 0) {
-		if (errno != EINTR)
+		if (errno != EAGAIN && errno != EINTR)
 			error_clnt("read error: %s\n", strerror(errno));
 		return;
 	}
diff --git a/cache.h b/cache.h
index 38a20a8069..a9583ff18e 100644
--- a/cache.h
+++ b/cache.h
@@ -432,6 +432,7 @@ extern char *git_commit_encoding;
 extern char *git_log_output_encoding;
 
 extern int copy_fd(int ifd, int ofd);
+extern int read_in_full(int fd, void *buf, size_t count);
 extern void read_or_die(int fd, void *buf, size_t count);
 extern int write_in_full(int fd, const void *buf, size_t count);
 extern void write_or_die(int fd, const void *buf, size_t count);
diff --git a/dir.c b/dir.c
index 0338d6c4e0..32b57f0125 100644
--- a/dir.c
+++ b/dir.c
@@ -142,7 +142,7 @@ static int add_excludes_from_file_1(const char *fname,
 		return 0;
 	}
 	buf = xmalloc(size+1);
-	if (read(fd, buf, size) != size)
+	if (read_in_full(fd, buf, size) != size)
 		goto err;
 	close(fd);
 
diff --git a/http-fetch.c b/http-fetch.c
index 396552da02..50a3b005ab 100644
--- a/http-fetch.c
+++ b/http-fetch.c
@@ -175,7 +175,7 @@ static void start_object_request(struct object_request *obj_req)
 	prevlocal = open(prevfile, O_RDONLY);
 	if (prevlocal != -1) {
 		do {
-			prev_read = read(prevlocal, prev_buf, PREV_BUF_SIZE);
+			prev_read = xread(prevlocal, prev_buf, PREV_BUF_SIZE);
 			if (prev_read>0) {
 				if (fwrite_sha1_file(prev_buf,
 						     1,
diff --git a/http-push.c b/http-push.c
index ecefdfd4f8..acb5c273aa 100644
--- a/http-push.c
+++ b/http-push.c
@@ -288,7 +288,7 @@ static void start_fetch_loose(struct transfer_request *request)
 	prevlocal = open(prevfile, O_RDONLY);
 	if (prevlocal != -1) {
 		do {
-			prev_read = read(prevlocal, prev_buf, PREV_BUF_SIZE);
+			prev_read = xread(prevlocal, prev_buf, PREV_BUF_SIZE);
 			if (prev_read>0) {
 				if (fwrite_sha1_file(prev_buf,
 						     1,
diff --git a/imap-send.c b/imap-send.c
index ad91858bc4..8de19e3cc6 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -224,7 +224,7 @@ socket_perror( const char *func, Socket_t *sock, int ret )
 static int
 socket_read( Socket_t *sock, char *buf, int len )
 {
-	int n = read( sock->fd, buf, len );
+	int n = xread( sock->fd, buf, len );
 	if (n <= 0) {
 		socket_perror( "read", sock, n );
 		close( sock->fd );
@@ -390,7 +390,7 @@ arc4_init( void )
 		fprintf( stderr, "Fatal: no random number source available.\n" );
 		exit( 3 );
 	}
-	if (read( fd, dat, 128 ) != 128) {
+	if (read_in_full( fd, dat, 128 ) != 128) {
 		fprintf( stderr, "Fatal: cannot read random number source.\n" );
 		exit( 3 );
 	}
diff --git a/index-pack.c b/index-pack.c
index 5f6d128a83..e9a5303222 100644
--- a/index-pack.c
+++ b/index-pack.c
@@ -638,7 +638,7 @@ static void readjust_pack_header_and_sha1(unsigned char *sha1)
 	/* Rewrite pack header with updated object number */
 	if (lseek(output_fd, 0, SEEK_SET) != 0)
 		die("cannot seek back: %s", strerror(errno));
-	if (xread(output_fd, &hdr, sizeof(hdr)) != sizeof(hdr))
+	if (read_in_full(output_fd, &hdr, sizeof(hdr)) != sizeof(hdr))
 		die("cannot read pack header back: %s", strerror(errno));
 	hdr.hdr_entries = htonl(nr_objects);
 	if (lseek(output_fd, 0, SEEK_SET) != 0)
diff --git a/local-fetch.c b/local-fetch.c
index 7b6875cce6..cf99cb72dd 100644
--- a/local-fetch.c
+++ b/local-fetch.c
@@ -184,7 +184,7 @@ int fetch_ref(char *ref, unsigned char *sha1)
 		fprintf(stderr, "cannot open %s\n", filename);
 		return -1;
 	}
-	if (read(ifd, hex, 40) != 40 || get_sha1_hex(hex, sha1)) {
+	if (read_in_full(ifd, hex, 40) != 40 || get_sha1_hex(hex, sha1)) {
 		close(ifd);
 		fprintf(stderr, "cannot read from %s\n", filename);
 		return -1;
diff --git a/path.c b/path.c
index 066f621955..bb5ee7bf99 100644
--- a/path.c
+++ b/path.c
@@ -113,7 +113,7 @@ int validate_symref(const char *path)
 	fd = open(path, O_RDONLY);
 	if (fd < 0)
 		return -1;
-	len = read(fd, buffer, sizeof(buffer)-1);
+	len = read_in_full(fd, buffer, sizeof(buffer)-1);
 	close(fd);
 
 	/*
diff --git a/refs.c b/refs.c
index 52057455a2..2b69e1eddc 100644
--- a/refs.c
+++ b/refs.c
@@ -284,7 +284,7 @@ const char *resolve_ref(const char *ref, unsigned char *sha1, int reading, int *
 		fd = open(path, O_RDONLY);
 		if (fd < 0)
 			return NULL;
-		len = read(fd, buffer, sizeof(buffer)-1);
+		len = read_in_full(fd, buffer, sizeof(buffer)-1);
 		close(fd);
 
 		/*
diff --git a/sha1_file.c b/sha1_file.c
index d9622d95e7..0c9483c5c0 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1869,7 +1869,7 @@ int write_sha1_from_fd(const unsigned char *sha1, int fd, char *buffer,
 			if (ret != Z_OK)
 				break;
 		}
-		size = read(fd, buffer + *bufposn, bufsize - *bufposn);
+		size = xread(fd, buffer + *bufposn, bufsize - *bufposn);
 		if (size <= 0) {
 			close(local);
 			unlink(tmpfile);
diff --git a/ssh-fetch.c b/ssh-fetch.c
index b006c5c980..72965d678a 100644
--- a/ssh-fetch.c
+++ b/ssh-fetch.c
@@ -82,7 +82,7 @@ int fetch(unsigned char *sha1)
 		remote = conn_buf[0];
 		memmove(conn_buf, conn_buf + 1, --conn_buf_posn);
 	} else {
-		if (read(fd_in, &remote, 1) < 1)
+		if (xread(fd_in, &remote, 1) < 1)
 			return -1;
 	}
 	/* fprintf(stderr, "Got %d\n", remote); */
@@ -99,7 +99,7 @@ static int get_version(void)
 	char type = 'v';
 	write(fd_out, &type, 1);
 	write(fd_out, &local_version, 1);
-	if (read(fd_in, &remote_version, 1) < 1) {
+	if (xread(fd_in, &remote_version, 1) < 1) {
 		return error("Couldn't read version from remote end");
 	}
 	return 0;
@@ -111,10 +111,13 @@ int fetch_ref(char *ref, unsigned char *sha1)
 	char type = 'r';
 	write(fd_out, &type, 1);
 	write(fd_out, ref, strlen(ref) + 1);
-	read(fd_in, &remote, 1);
+
+	if (read_in_full(fd_in, &remote, 1) != 1)
+		return -1;
 	if (remote < 0)
 		return remote;
-	read(fd_in, sha1, 20);
+	if (read_in_full(fd_in, sha1, 20) != 20)
+		return -1;
 	return 0;
 }
 
diff --git a/ssh-upload.c b/ssh-upload.c
index 901e0366df..86b169bf4f 100644
--- a/ssh-upload.c
+++ b/ssh-upload.c
@@ -21,17 +21,14 @@ static int serve_object(int fd_in, int fd_out) {
 	ssize_t size;
 	unsigned char sha1[20];
 	signed char remote;
-	int posn = 0;
-	do {
-		size = read(fd_in, sha1 + posn, 20 - posn);
-		if (size < 0) {
-			perror("git-ssh-upload: read ");
-			return -1;
-		}
-		if (!size)
-			return -1;
-		posn += size;
-	} while (posn < 20);
+
+	size = read_in_full(fd_in, sha1, 20);
+	if (size < 0) {
+		perror("git-ssh-upload: read ");
+		return -1;
+	}
+	if (!size)
+		return -1;
 	
 	if (verbose)
 		fprintf(stderr, "Serving %s\n", sha1_to_hex(sha1));
@@ -54,7 +51,7 @@ static int serve_object(int fd_in, int fd_out) {
 
 static int serve_version(int fd_in, int fd_out)
 {
-	if (read(fd_in, &remote_version, 1) < 1)
+	if (xread(fd_in, &remote_version, 1) < 1)
 		return -1;
 	write(fd_out, &local_version, 1);
 	return 0;
@@ -67,7 +64,7 @@ static int serve_ref(int fd_in, int fd_out)
 	int posn = 0;
 	signed char remote = 0;
 	do {
-		if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1)
+		if (posn >= PATH_MAX || xread(fd_in, ref + posn, 1) < 1)
 			return -1;
 		posn++;
 	} while (ref[posn - 1]);
@@ -89,7 +86,7 @@ static void service(int fd_in, int fd_out) {
 	char type;
 	int retval;
 	do {
-		retval = read(fd_in, &type, 1);
+		retval = xread(fd_in, &type, 1);
 		if (retval < 1) {
 			if (retval < 0)
 				perror("git-ssh-upload: read ");
diff --git a/upload-pack.c b/upload-pack.c
index c568ef066c..03a4156e19 100644
--- a/upload-pack.c
+++ b/upload-pack.c
@@ -242,7 +242,7 @@ static void create_pack_file(void)
 					*cp++ = buffered;
 					outsz++;
 				}
-				sz = read(pu_pipe[0], cp,
+				sz = xread(pu_pipe[0], cp,
 					  sizeof(data) - outsz);
 				if (0 < sz)
 						;
@@ -267,7 +267,7 @@ static void create_pack_file(void)
 				/* Status ready; we ship that in the side-band
 				 * or dump to the standard error.
 				 */
-				sz = read(pe_pipe[0], progress,
+				sz = xread(pe_pipe[0], progress,
 					  sizeof(progress));
 				if (0 < sz)
 					send_client_data(2, progress, sz);
diff --git a/write_or_die.c b/write_or_die.c
index 613c0c3f6e..e7f82639ff 100644
--- a/write_or_die.c
+++ b/write_or_die.c
@@ -1,19 +1,36 @@
 #include "cache.h"
 
-void read_or_die(int fd, void *buf, size_t count)
+int read_in_full(int fd, void *buf, size_t count)
 {
 	char *p = buf;
-	ssize_t loaded;
+	ssize_t total = 0;
+	ssize_t loaded = 0;
 
 	while (count > 0) {
 		loaded = xread(fd, p, count);
-		if (loaded == 0)
-			die("unexpected end of file");
-		else if (loaded < 0)
-			die("read error (%s)", strerror(errno));
+		if (loaded <= 0) {
+			if (total)
+				return total;
+			else
+				return loaded;
+		}
 		count -= loaded;
 		p += loaded;
+		total += loaded;
 	}
+
+	return total;
+}
+
+void read_or_die(int fd, void *buf, size_t count)
+{
+	ssize_t loaded;
+
+	loaded = read_in_full(fd, buf, count);
+	if (loaded == 0)
+		die("unexpected end of file");
+	else if (loaded < 0)
+		die("read error (%s)", strerror(errno));
 }
 
 void write_or_die(int fd, const void *buf, size_t count)

From 93822c2239a336e5cb583549071c59202ef6c5b2 Mon Sep 17 00:00:00 2001
From: Andy Whitcroft <apw@shadowen.org>
Date: Mon, 8 Jan 2007 15:58:23 +0000
Subject: [PATCH 07/16] short i/o: fix calls to write to use xwrite or
 write_in_full

We have a number of badly checked write() calls.  Often we are
expecting write() to write exactly the size we requested or fail,
this fails to handle interrupts or short writes.  Switch to using
the new write_in_full().  Otherwise we at a minimum need to check
for EINTR and EAGAIN, where this is appropriate use xwrite().

Note, the changes to config handling are much larger and handled
in the next patch in the sequence.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 builtin-rerere.c   | 11 +++++++----
 builtin-tar-tree.c |  2 +-
 commit.c           |  6 ++++--
 daemon.c           |  2 +-
 diff.c             |  2 +-
 entry.c            |  4 ++--
 http-fetch.c       |  2 +-
 http-push.c        |  2 +-
 imap-send.c        |  2 +-
 index-pack.c       |  2 +-
 merge-recursive.c  |  2 +-
 read-cache.c       |  6 +++---
 refs.c             |  8 ++++----
 sha1_file.c        | 19 ++++++------------
 ssh-fetch.c        | 33 +++++++++++--------------------
 ssh-upload.c       | 10 ++++++----
 test-delta.c       |  2 +-
 unpack-file.c      |  2 +-
 upload-pack.c      |  1 +
 write_or_die.c     | 49 +++++++++++++++++++++-------------------------
 20 files changed, 76 insertions(+), 91 deletions(-)

diff --git a/builtin-rerere.c b/builtin-rerere.c
index 079c0bdf36..318d959d89 100644
--- a/builtin-rerere.c
+++ b/builtin-rerere.c
@@ -51,9 +51,11 @@ static int write_rr(struct path_list *rr, int out_fd)
 	int i;
 	for (i = 0; i < rr->nr; i++) {
 		const char *path = rr->items[i].path;
-		write(out_fd, rr->items[i].util, 40);
-		write(out_fd, "\t", 1);
-		write(out_fd, path, strlen(path) + 1);
+		int length = strlen(path) + 1;
+		if (write_in_full(out_fd, rr->items[i].util, 40) != 40 ||
+		    write_in_full(out_fd, "\t", 1) != 1 ||
+		    write_in_full(out_fd, path, length) != length)
+			die("unable to write rerere record");
 	}
 	close(out_fd);
 	return commit_lock_file(&write_lock);
@@ -244,7 +246,8 @@ static int outf(void *dummy, mmbuffer_t *ptr, int nbuf)
 {
 	int i;
 	for (i = 0; i < nbuf; i++)
-		write(1, ptr[i].ptr, ptr[i].size);
+		if (write_in_full(1, ptr[i].ptr, ptr[i].size) != ptr[i].size)
+			return -1;
 	return 0;
 }
 
diff --git a/builtin-tar-tree.c b/builtin-tar-tree.c
index ad802fc1aa..8055ddab9b 100644
--- a/builtin-tar-tree.c
+++ b/builtin-tar-tree.c
@@ -82,7 +82,7 @@ int cmd_get_tar_commit_id(int argc, const char **argv, const char *prefix)
 	if (memcmp(content, "52 comment=", 11))
 		return 1;
 
-	n = xwrite(1, content + 11, 41);
+	n = write_in_full(1, content + 11, 41);
 	if (n < 41)
 		die("git-get-tar-commit-id: write error");
 
diff --git a/commit.c b/commit.c
index 2a58175aca..9ce45cec25 100644
--- a/commit.c
+++ b/commit.c
@@ -249,8 +249,10 @@ int write_shallow_commits(int fd, int use_pack_protocol)
 			if (use_pack_protocol)
 				packet_write(fd, "shallow %s", hex);
 			else {
-				write(fd, hex,  40);
-				write(fd, "\n", 1);
+				if (write_in_full(fd, hex,  40) != 40)
+					break;
+				if (write_in_full(fd, "\n", 1) != 1)
+					break;
 			}
 		}
 	return count;
diff --git a/daemon.c b/daemon.c
index b129b83e40..f039534d65 100644
--- a/daemon.c
+++ b/daemon.c
@@ -102,7 +102,7 @@ static void logreport(int priority, const char *err, va_list params)
 	buf[buflen++] = '\n';
 	buf[buflen] = '\0';
 
-	write(2, buf, buflen);
+	write_in_full(2, buf, buflen);
 }
 
 static void logerror(const char *err, ...)
diff --git a/diff.c b/diff.c
index e1b016f47f..ad476f7c68 100644
--- a/diff.c
+++ b/diff.c
@@ -1389,7 +1389,7 @@ static void prep_temp_blob(struct diff_tempfile *temp,
 	fd = git_mkstemp(temp->tmp_path, TEMPFILE_PATH_LEN, ".diff_XXXXXX");
 	if (fd < 0)
 		die("unable to create temp-file");
-	if (write(fd, blob, size) != size)
+	if (write_in_full(fd, blob, size) != size)
 		die("unable to write temp-file");
 	close(fd);
 	temp->name = temp->tmp_path;
diff --git a/entry.c b/entry.c
index 88df713947..0ebf0f0c19 100644
--- a/entry.c
+++ b/entry.c
@@ -89,7 +89,7 @@ static int write_entry(struct cache_entry *ce, char *path, struct checkout *stat
 			return error("git-checkout-index: unable to create file %s (%s)",
 				path, strerror(errno));
 		}
-		wrote = write(fd, new, size);
+		wrote = write_in_full(fd, new, size);
 		close(fd);
 		free(new);
 		if (wrote != size)
@@ -104,7 +104,7 @@ static int write_entry(struct cache_entry *ce, char *path, struct checkout *stat
 				return error("git-checkout-index: unable to create "
 						 "file %s (%s)", path, strerror(errno));
 			}
-			wrote = write(fd, new, size);
+			wrote = write_in_full(fd, new, size);
 			close(fd);
 			free(new);
 			if (wrote != size)
diff --git a/http-fetch.c b/http-fetch.c
index 50a3b005ab..fe8cd7bdcd 100644
--- a/http-fetch.c
+++ b/http-fetch.c
@@ -71,7 +71,7 @@ static size_t fwrite_sha1_file(void *ptr, size_t eltsize, size_t nmemb,
 	int posn = 0;
 	struct object_request *obj_req = (struct object_request *)data;
 	do {
-		ssize_t retval = write(obj_req->local,
+		ssize_t retval = xwrite(obj_req->local,
 				       (char *) ptr + posn, size - posn);
 		if (retval < 0)
 			return posn;
diff --git a/http-push.c b/http-push.c
index acb5c273aa..7e73eac9c3 100644
--- a/http-push.c
+++ b/http-push.c
@@ -195,7 +195,7 @@ static size_t fwrite_sha1_file(void *ptr, size_t eltsize, size_t nmemb,
 	int posn = 0;
 	struct transfer_request *request = (struct transfer_request *)data;
 	do {
-		ssize_t retval = write(request->local_fileno,
+		ssize_t retval = xwrite(request->local_fileno,
 				       (char *) ptr + posn, size - posn);
 		if (retval < 0)
 			return posn;
diff --git a/imap-send.c b/imap-send.c
index 8de19e3cc6..3eaf025720 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -236,7 +236,7 @@ socket_read( Socket_t *sock, char *buf, int len )
 static int
 socket_write( Socket_t *sock, const char *buf, int len )
 {
-	int n = write( sock->fd, buf, len );
+	int n = write_in_full( sock->fd, buf, len );
 	if (n != len) {
 		socket_perror( "write", sock, n );
 		close( sock->fd );
diff --git a/index-pack.c b/index-pack.c
index e9a5303222..8d10d6ba24 100644
--- a/index-pack.c
+++ b/index-pack.c
@@ -814,7 +814,7 @@ static void final(const char *final_pack_name, const char *curr_pack_name,
 		char buf[48];
 		int len = snprintf(buf, sizeof(buf), "%s\t%s\n",
 				   report, sha1_to_hex(sha1));
-		xwrite(1, buf, len);
+		write_in_full(1, buf, len);
 
 		/*
 		 * Let's just mimic git-unpack-objects here and write
diff --git a/merge-recursive.c b/merge-recursive.c
index bac16f577c..87a27e0379 100644
--- a/merge-recursive.c
+++ b/merge-recursive.c
@@ -517,7 +517,7 @@ static int mkdir_p(const char *path, unsigned long mode)
 static void flush_buffer(int fd, const char *buf, unsigned long size)
 {
 	while (size > 0) {
-		long ret = xwrite(fd, buf, size);
+		long ret = write_in_full(fd, buf, size);
 		if (ret < 0) {
 			/* Ignore epipe */
 			if (errno == EPIPE)
diff --git a/read-cache.c b/read-cache.c
index 29cf9abe64..8ecd826e9c 100644
--- a/read-cache.c
+++ b/read-cache.c
@@ -870,7 +870,7 @@ static int ce_write_flush(SHA_CTX *context, int fd)
 	unsigned int buffered = write_buffer_len;
 	if (buffered) {
 		SHA1_Update(context, write_buffer, buffered);
-		if (write(fd, write_buffer, buffered) != buffered)
+		if (write_in_full(fd, write_buffer, buffered) != buffered)
 			return -1;
 		write_buffer_len = 0;
 	}
@@ -919,7 +919,7 @@ static int ce_flush(SHA_CTX *context, int fd)
 
 	/* Flush first if not enough space for SHA1 signature */
 	if (left + 20 > WRITE_BUFFER_SIZE) {
-		if (write(fd, write_buffer, left) != left)
+		if (write_in_full(fd, write_buffer, left) != left)
 			return -1;
 		left = 0;
 	}
@@ -927,7 +927,7 @@ static int ce_flush(SHA_CTX *context, int fd)
 	/* Append the SHA1 signature at the end */
 	SHA1_Final(write_buffer + left, context);
 	left += 20;
-	return (write(fd, write_buffer, left) != left) ? -1 : 0;
+	return (write_in_full(fd, write_buffer, left) != left) ? -1 : 0;
 }
 
 static void ce_smudge_racily_clean_entry(struct cache_entry *ce)
diff --git a/refs.c b/refs.c
index 2b69e1eddc..4d6fad8879 100644
--- a/refs.c
+++ b/refs.c
@@ -332,7 +332,7 @@ int create_symref(const char *ref_target, const char *refs_heads_master)
 	}
 	lockpath = mkpath("%s.lock", git_HEAD);
 	fd = open(lockpath, O_CREAT | O_EXCL | O_WRONLY, 0666);	
-	written = write(fd, ref, len);
+	written = write_in_full(fd, ref, len);
 	close(fd);
 	if (written != len) {
 		unlink(lockpath);
@@ -968,7 +968,7 @@ static int log_ref_write(struct ref_lock *lock,
 			sha1_to_hex(sha1),
 			committer);
 	}
-	written = len <= maxlen ? write(logfd, logrec, len) : -1;
+	written = len <= maxlen ? write_in_full(logfd, logrec, len) : -1;
 	free(logrec);
 	close(logfd);
 	if (written != len)
@@ -987,8 +987,8 @@ int write_ref_sha1(struct ref_lock *lock,
 		unlock_ref(lock);
 		return 0;
 	}
-	if (write(lock->lock_fd, sha1_to_hex(sha1), 40) != 40 ||
-	    write(lock->lock_fd, &term, 1) != 1
+	if (write_in_full(lock->lock_fd, sha1_to_hex(sha1), 40) != 40 ||
+	    write_in_full(lock->lock_fd, &term, 1) != 1
 		|| close(lock->lock_fd) < 0) {
 		error("Couldn't write %s", lock->lk->filename);
 		unlock_ref(lock);
diff --git a/sha1_file.c b/sha1_file.c
index 0c9483c5c0..095a7e1622 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1611,20 +1611,13 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
 
 static int write_buffer(int fd, const void *buf, size_t len)
 {
-	while (len) {
-		ssize_t size;
+	ssize_t size;
 
-		size = write(fd, buf, len);
-		if (!size)
-			return error("file write: disk full");
-		if (size < 0) {
-			if (errno == EINTR || errno == EAGAIN)
-				continue;
-			return error("file write error (%s)", strerror(errno));
-		}
-		len -= size;
-		buf = (char *) buf + size;
-	}
+	size = write_in_full(fd, buf, len);
+	if (!size)
+		return error("file write: disk full");
+	if (size < 0)
+		return error("file write error (%s)", strerror(errno));
 	return 0;
 }
 
diff --git a/ssh-fetch.c b/ssh-fetch.c
index 72965d678a..4c172b6824 100644
--- a/ssh-fetch.c
+++ b/ssh-fetch.c
@@ -20,22 +20,6 @@ static int fd_out;
 static unsigned char remote_version;
 static unsigned char local_version = 1;
 
-static ssize_t force_write(int fd, void *buffer, size_t length)
-{
-	ssize_t ret = 0;
-	while (ret < length) {
-		ssize_t size = write(fd, (char *) buffer + ret, length - ret);
-		if (size < 0) {
-			return size;
-		}
-		if (size == 0) {
-			return ret;
-		}
-		ret += size;
-	}
-	return ret;
-}
-
 static int prefetches;
 
 static struct object_list *in_transit;
@@ -53,8 +37,9 @@ void prefetch(unsigned char *sha1)
 	node->item = lookup_unknown_object(sha1);
 	*end_of_transit = node;
 	end_of_transit = &node->next;
-	force_write(fd_out, &type, 1);
-	force_write(fd_out, sha1, 20);
+	/* XXX: what if these writes fail? */
+	write_in_full(fd_out, &type, 1);
+	write_in_full(fd_out, sha1, 20);
 	prefetches++;
 }
 
@@ -97,8 +82,10 @@ int fetch(unsigned char *sha1)
 static int get_version(void)
 {
 	char type = 'v';
-	write(fd_out, &type, 1);
-	write(fd_out, &local_version, 1);
+	if (write_in_full(fd_out, &type, 1) != 1 ||
+	    write_in_full(fd_out, &local_version, 1)) {
+		return error("Couldn't request version from remote end");
+	}
 	if (xread(fd_in, &remote_version, 1) < 1) {
 		return error("Couldn't read version from remote end");
 	}
@@ -109,8 +96,10 @@ int fetch_ref(char *ref, unsigned char *sha1)
 {
 	signed char remote;
 	char type = 'r';
-	write(fd_out, &type, 1);
-	write(fd_out, ref, strlen(ref) + 1);
+	int length = strlen(ref) + 1;
+	if (write_in_full(fd_out, &type, 1) != 1 ||
+	    write_in_full(fd_out, ref, length) != length)
+		return -1;
 
 	if (read_in_full(fd_in, &remote, 1) != 1)
 		return -1;
diff --git a/ssh-upload.c b/ssh-upload.c
index 86b169bf4f..2f04572787 100644
--- a/ssh-upload.c
+++ b/ssh-upload.c
@@ -41,7 +41,8 @@ static int serve_object(int fd_in, int fd_out) {
 		remote = -1;
 	}
 	
-	write(fd_out, &remote, 1);
+	if (write_in_full(fd_out, &remote, 1) != 1)
+		return 0;
 	
 	if (remote < 0)
 		return 0;
@@ -53,7 +54,7 @@ static int serve_version(int fd_in, int fd_out)
 {
 	if (xread(fd_in, &remote_version, 1) < 1)
 		return -1;
-	write(fd_out, &local_version, 1);
+	write_in_full(fd_out, &local_version, 1);
 	return 0;
 }
 
@@ -74,10 +75,11 @@ static int serve_ref(int fd_in, int fd_out)
 
 	if (get_ref_sha1(ref, sha1))
 		remote = -1;
-	write(fd_out, &remote, 1);
+	if (write_in_full(fd_out, &remote, 1) != 1)
+		return 0;
 	if (remote)
 		return 0;
-	write(fd_out, sha1, 20);
+	write_in_full(fd_out, sha1, 20);
         return 0;
 }
 
diff --git a/test-delta.c b/test-delta.c
index 795aa08377..16595ef0a9 100644
--- a/test-delta.c
+++ b/test-delta.c
@@ -68,7 +68,7 @@ int main(int argc, char *argv[])
 	}
 
 	fd = open (argv[4], O_WRONLY|O_CREAT|O_TRUNC, 0666);
-	if (fd < 0 || write(fd, out_buf, out_size) != out_size) {
+	if (fd < 0 || write_in_full(fd, out_buf, out_size) != out_size) {
 		perror(argv[4]);
 		return 1;
 	}
diff --git a/unpack-file.c b/unpack-file.c
index ccddf1d4b0..d24acc2a67 100644
--- a/unpack-file.c
+++ b/unpack-file.c
@@ -17,7 +17,7 @@ static char *create_temp_file(unsigned char *sha1)
 	fd = mkstemp(path);
 	if (fd < 0)
 		die("unable to create temp-file");
-	if (write(fd, buf, size) != size)
+	if (write_in_full(fd, buf, size) != size)
 		die("unable to write temp-file");
 	close(fd);
 	return path;
diff --git a/upload-pack.c b/upload-pack.c
index 03a4156e19..3a466c6a3e 100644
--- a/upload-pack.c
+++ b/upload-pack.c
@@ -55,6 +55,7 @@ static ssize_t send_client_data(int fd, const char *data, ssize_t sz)
 		/* emergency quit */
 		fd = 2;
 	if (fd == 2) {
+		/* XXX: are we happy to lose stuff here? */
 		xwrite(fd, data, sz);
 		return sz;
 	}
diff --git a/write_or_die.c b/write_or_die.c
index e7f82639ff..a119e1d208 100644
--- a/write_or_die.c
+++ b/write_or_die.c
@@ -33,45 +33,40 @@ void read_or_die(int fd, void *buf, size_t count)
 		die("read error (%s)", strerror(errno));
 }
 
-void write_or_die(int fd, const void *buf, size_t count)
-{
-	const char *p = buf;
-	ssize_t written;
-
-	while (count > 0) {
-		written = xwrite(fd, p, count);
-		if (written == 0)
-			die("disk full?");
-		else if (written < 0) {
-			if (errno == EPIPE)
-				exit(0);
-			die("write error (%s)", strerror(errno));
-		}
-		count -= written;
-		p += written;
-	}
-}
-
 int write_in_full(int fd, const void *buf, size_t count)
 {
 	const char *p = buf;
 	ssize_t total = 0;
-	ssize_t wcount = 0;
+	ssize_t written = 0;
 
 	while (count > 0) {
-		wcount = xwrite(fd, p, count);
-		if (wcount <= 0) {
+		written = xwrite(fd, p, count);
+		if (written <= 0) {
 			if (total)
 				return total;
 			else
-				return wcount;
+				return written;
 		}
-		count -= wcount;
-		p += wcount;
-		total += wcount;
+		count -= written;
+		p += written;
+		total += written;
 	}
 
-	return wcount;
+	return total;
+}
+
+void write_or_die(int fd, const void *buf, size_t count)
+{
+	ssize_t written;
+
+	written = write_in_full(fd, buf, count);
+	if (written == 0)
+		die("disk full?");
+	else if (written < 0) {
+		if (errno == EPIPE)
+			exit(0);
+		die("write error (%s)", strerror(errno));
+	}
 }
 
 int write_or_whine_pipe(int fd, const void *buf, size_t count, const char *msg)

From 480c9e521bdc0b6f7e90d3901d4ffc1f57f57a5e Mon Sep 17 00:00:00 2001
From: Andy Whitcroft <apw@shadowen.org>
Date: Mon, 8 Jan 2007 15:58:38 +0000
Subject: [PATCH 08/16] short i/o: fix config updates to use write_in_full

We need to check that the writes we perform during the update of
the users configuration work.  Convert to using write_in_full().

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 config.c | 106 ++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 77 insertions(+), 29 deletions(-)

diff --git a/config.c b/config.c
index 5cbd130be2..9ded954496 100644
--- a/config.c
+++ b/config.c
@@ -464,7 +464,15 @@ static int store_aux(const char* key, const char* value)
 	return 0;
 }
 
-static void store_write_section(int fd, const char* key)
+static int write_error()
+{
+	fprintf(stderr, "Failed to write new configuration file\n");
+
+	/* Same error code as "failed to rename". */
+	return 4;
+}
+
+static int store_write_section(int fd, const char* key)
 {
 	const char *dot = strchr(key, '.');
 	int len1 = store.baselen, len2 = -1;
@@ -478,37 +486,60 @@ static void store_write_section(int fd, const char* key)
 		}
 	}
 
-	write(fd, "[", 1);
-	write(fd, key, len1);
+	if (write_in_full(fd, "[", 1) != 1 ||
+	    write_in_full(fd, key, len1) != len1)
+		return 0;
 	if (len2 >= 0) {
-		write(fd, " \"", 2);
+		if (write_in_full(fd, " \"", 2) != 2)
+			return 0;
 		while (--len2 >= 0) {
 			unsigned char c = *++dot;
 			if (c == '"')
-				write(fd, "\\", 1);
-			write(fd, &c, 1);
+				if (write_in_full(fd, "\\", 1) != 1)
+					return 0;
+			if (write_in_full(fd, &c, 1) != 1)
+				return 0;
 		}
-		write(fd, "\"", 1);
+		if (write_in_full(fd, "\"", 1) != 1)
+			return 0;
 	}
-	write(fd, "]\n", 2);
+	if (write_in_full(fd, "]\n", 2) != 2)
+		return 0;
+
+	return 1;
 }
 
-static void store_write_pair(int fd, const char* key, const char* value)
+static int store_write_pair(int fd, const char* key, const char* value)
 {
 	int i;
+	int length = strlen(key+store.baselen+1);
 
-	write(fd, "\t", 1);
-	write(fd, key+store.baselen+1,
-		strlen(key+store.baselen+1));
-	write(fd, " = ", 3);
+	if (write_in_full(fd, "\t", 1) != 1 ||
+	    write_in_full(fd, key+store.baselen+1, length) != length ||
+	    write_in_full(fd, " = ", 3) != 3)
+		return 0;
 	for (i = 0; value[i]; i++)
 		switch (value[i]) {
-		case '\n': write(fd, "\\n", 2); break;
-		case '\t': write(fd, "\\t", 2); break;
-		case '"': case '\\': write(fd, "\\", 1);
-		default: write(fd, value+i, 1);
-	}
-	write(fd, "\n", 1);
+		case '\n':
+			if (write_in_full(fd, "\\n", 2) != 2)
+				return 0;
+			break;
+		case '\t':
+			if (write_in_full(fd, "\\t", 2) != 2)
+				return 0;
+			break;
+		case '"':
+		case '\\':
+			if (write_in_full(fd, "\\", 1) != 1)
+				return 0;
+		default:
+			if (write_in_full(fd, value+i, 1) != 1)
+				return 0;
+			break;
+		}
+	if (write_in_full(fd, "\n", 1) != 1)
+		return 0;
+	return 1;
 }
 
 static int find_beginning_of_line(const char* contents, int size,
@@ -648,8 +679,11 @@ int git_config_set_multivar(const char* key, const char* value,
 		}
 
 		store.key = (char*)key;
-		store_write_section(fd, key);
-		store_write_pair(fd, key, value);
+		if (!store_write_section(fd, key) ||
+		    !store_write_pair(fd, key, value)) {
+			ret = write_error();
+			goto out_free;
+		}
 	} else{
 		struct stat st;
 		char* contents;
@@ -729,10 +763,10 @@ int git_config_set_multivar(const char* key, const char* value,
 
 			/* write the first part of the config */
 			if (copy_end > copy_begin) {
-				write(fd, contents + copy_begin,
+				write_in_full(fd, contents + copy_begin,
 				copy_end - copy_begin);
 				if (new_line)
-					write(fd, "\n", 1);
+					write_in_full(fd, "\n", 1);
 			}
 			copy_begin = store.offset[i];
 		}
@@ -740,13 +774,19 @@ int git_config_set_multivar(const char* key, const char* value,
 		/* write the pair (value == NULL means unset) */
 		if (value != NULL) {
 			if (store.state == START)
-				store_write_section(fd, key);
-			store_write_pair(fd, key, value);
+				if (!store_write_section(fd, key)) {
+					ret = write_error();
+					goto out_free;
+				}
+			if (!store_write_pair(fd, key, value)) {
+				ret = write_error();
+				goto out_free;
+			}
 		}
 
 		/* write the rest of the config */
 		if (copy_begin < st.st_size)
-			write(fd, contents + copy_begin,
+			write_in_full(fd, contents + copy_begin,
 				st.st_size - copy_begin);
 
 		munmap(contents, st.st_size);
@@ -800,6 +840,7 @@ int git_config_rename_section(const char *old_name, const char *new_name)
 
 	while (fgets(buf, sizeof(buf), config_file)) {
 		int i;
+		int length;
 		for (i = 0; buf[i] && isspace(buf[i]); i++)
 			; /* do nothing */
 		if (buf[i] == '[') {
@@ -830,15 +871,22 @@ int git_config_rename_section(const char *old_name, const char *new_name)
 				/* old_name matches */
 				ret++;
 				store.baselen = strlen(new_name);
-				store_write_section(out_fd, new_name);
+				if (!store_write_section(out_fd, new_name)) {
+					ret = write_error();
+					goto out;
+				}
 				continue;
 			}
 		}
-		write(out_fd, buf, strlen(buf));
+		length = strlen(buf);
+		if (write_in_full(out_fd, buf, length) != length) {
+			ret = write_error();
+			goto out;
+		}
 	}
 	fclose(config_file);
 	if (close(out_fd) || commit_lock_file(lock) < 0)
-		ret = error("Cannot commit config file!");
+			ret = error("Cannot commit config file!");
  out:
 	free(config_filename);
 	return ret;

From 041e69c9984972c51cbf21a70b0327d83dee41db Mon Sep 17 00:00:00 2001
From: "J. Bruce Fields" <bfields@fieldses.org>
Date: Mon, 8 Jan 2007 23:28:51 -0500
Subject: [PATCH 09/16] Documentation: add git-remote man page

Add a preliminary man page for git-remote.

Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 Documentation/git-remote.txt | 76 ++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 Documentation/git-remote.txt

diff --git a/Documentation/git-remote.txt b/Documentation/git-remote.txt
new file mode 100644
index 0000000000..5b93a8c8be
--- /dev/null
+++ b/Documentation/git-remote.txt
@@ -0,0 +1,76 @@
+git-remote(1)
+============
+
+NAME
+----
+git-remote - manage set of tracked repositories
+
+
+SYNOPSIS
+--------
+[verse]
+'git-remote'
+'git-remote' add <name> <url>
+'git-remote' show <name>
+
+DESCRIPTION
+-----------
+
+Manage the set of repositories ("remotes") whose branches you track.
+
+With no arguments, shows a list of existing remotes.
+
+In the second form, adds a remote named <name> for the repository at
+<url>.  The command `git fetch <name>` can then be used to create and
+update remote-tracking branches <name>/<branch>.
+
+In the third form, gives some information about the remote <name>.
+
+The remote configuration is achieved using the `remote.origin.url` and
+`remote.origin.fetch` configuration variables.  (See
+gitlink:git-repo-config[1]).
+
+Examples
+--------
+
+Add a new remote, fetch, and check out a branch from it:
+
+------------
+$ git remote
+origin
+$ git branch -r
+origin/master
+$ git remote add linux-nfs git://linux-nfs.org/pub/nfs-2.6.git
+$ git remote
+linux-nfs
+origin
+$ git fetch
+* refs/remotes/linux-nfs/master: storing branch 'master' ...
+  commit: bf81b46
+$ git branch -r
+origin/master
+linux-nfs/master
+$ git checkout -b nfs linux-nfs/master
+...
+------------
+
+See Also
+--------
+gitlink:git-fetch[1]
+gitlink:git-branch[1]
+gitlink:git-repo-config[1]
+
+Author
+------
+Written by Junio Hamano
+
+
+Documentation
+--------------
+Documentation by J. Bruce Fields and the git-list <git@vger.kernel.org>.
+
+
+GIT
+---
+Part of the gitlink:git[7] suite
+

From 49fb940e4025f36953cd938576ec8306335c6cd0 Mon Sep 17 00:00:00 2001
From: Martin Langhoff <martin@catalyst.net.nz>
Date: Tue, 9 Jan 2007 15:10:32 +1300
Subject: [PATCH 10/16] cvsserver: detect early of we are up to date and avoid
 costly rev-list

if the SHA1 of our head matches the last SHA1 seen in the DB, avoid further
processing.

[jc: an "Oops, please amend" patch rolled in]

Signed-off-by: Martin Langhoff <martin@catalyst.net.nz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 git-cvsserver.perl | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index df395126b8..eb98fa0857 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -2184,7 +2184,10 @@ sub update
     # first lets get the commit list
     $ENV{GIT_DIR} = $self->{git_path};
 
-    my $commitinfo = `git-cat-file commit $self->{module} 2>&1`;
+    my $commitsha1 = `git rev-parse $self->{module}`;
+    chomp $commitsha1;
+
+    my $commitinfo = `git cat-file commit $self->{module} 2>&1`;
     unless ( $commitinfo =~ /tree\s+[a-zA-Z0-9]{40}/ )
     {
         die("Invalid module '$self->{module}'");
@@ -2194,6 +2197,10 @@ sub update
     my $git_log;
     my $lastcommit = $self->_get_prop("last_commit");
 
+    if (defined $lastcommit && $lastcommit eq $commitsha1) { # up-to-date
+         return 1;
+    }
+
     # Start exclusive lock here...
     $self->{dbh}->begin_work() or die "Cannot lock database for BEGIN";
 

From 3486595bf1671cabb6fa22d276db2907eefbf9b6 Mon Sep 17 00:00:00 2001
From: Martin Langhoff <martin@catalyst.net.nz>
Date: Tue, 9 Jan 2007 15:10:41 +1300
Subject: [PATCH 11/16] cvsserver: fix revision number during file adds

With this patch, cvs add / cvs commit echoes back to the client
the correct file version (1.1) so that the file in the checkout
is recognised as up-to-date.

Signed-off-by: Martin Langhoff <martin@catalyst.net.nz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 git-cvsserver.perl | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index eb98fa0857..a33a876ff6 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -1181,12 +1181,15 @@ sub req_ci
         $filename = filecleanup($filename);
 
         my $meta = $updater->getmeta($filename);
+	unless (defined $meta->{revision}) {
+	  $meta->{revision} = 1;
+	}
 
         my ( $filepart, $dirpart ) = filenamesplit($filename, 1);
 
         $log->debug("Checked-in $dirpart : $filename");
 
-        if ( $meta->{filehash} eq "deleted" )
+        if ( defined $meta->{filehash} && $meta->{filehash} eq "deleted" )
         {
             print "Remove-entry $dirpart\n";
             print "$filename\n";

From 3f43d72392b6c0477debd7edbd49bae9b7f41e60 Mon Sep 17 00:00:00 2001
From: Junio C Hamano <junkio@cox.net>
Date: Mon, 8 Jan 2007 21:52:38 -0800
Subject: [PATCH 12/16] rm git-rerere.perl -- it is now a built-in.

Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 git-rerere.perl | 284 ------------------------------------------------
 1 file changed, 284 deletions(-)
 delete mode 100755 git-rerere.perl

diff --git a/git-rerere.perl b/git-rerere.perl
deleted file mode 100755
index 4f692091e7..0000000000
--- a/git-rerere.perl
+++ /dev/null
@@ -1,284 +0,0 @@
-#!/usr/bin/perl
-#
-# REuse REcorded REsolve.  This tool records a conflicted automerge
-# result and its hand resolution, and helps to resolve future
-# automerge that results in the same conflict.
-#
-# To enable this feature, create a directory 'rr-cache' under your
-# .git/ directory.
-
-use Digest;
-use File::Path;
-use File::Copy;
-
-my $git_dir = $::ENV{GIT_DIR} || ".git";
-my $rr_dir = "$git_dir/rr-cache";
-my $merge_rr = "$git_dir/rr-cache/MERGE_RR";
-
-my %merge_rr = ();
-
-sub read_rr {
-	if (!-f $merge_rr) {
-		%merge_rr = ();
-		return;
-	}
-	my $in;
-	local $/ = "\0";
-	open $in, "<$merge_rr" or die "$!: $merge_rr";
-	while (<$in>) {
-		chomp;
-		my ($name, $path) = /^([0-9a-f]{40})\t(.*)$/s;
-		$merge_rr{$path} = $name;
-	}
-	close $in;
-}
-
-sub write_rr {
-	my $out;
-	open $out, ">$merge_rr" or die "$!: $merge_rr";
-	for my $path (sort keys %merge_rr) {
-		my $name = $merge_rr{$path};
-		print $out "$name\t$path\0";
-	}
-	close $out;
-}
-
-sub compute_conflict_name {
-	my ($path) = @_;
-	my @side = ();
-	my $in;
-	open $in, "<$path"  or die "$!: $path";
-
-	my $sha1 = Digest->new("SHA-1");
-	my $hunk = 0;
-	while (<$in>) {
-		if (/^<<<<<<< .*/) {
-			$hunk++;
-			@side = ([], undef);
-		}
-		elsif (/^=======$/) {
-			$side[1] = [];
-		}
-		elsif (/^>>>>>>> .*/) {
-			my ($one, $two);
-			$one = join('', @{$side[0]});
-			$two = join('', @{$side[1]});
-			if ($two le $one) {
-				($one, $two) = ($two, $one);
-			}
-			$sha1->add($one);
-			$sha1->add("\0");
-			$sha1->add($two);
-			$sha1->add("\0");
-			@side = ();
-		}
-		elsif (@side == 0) {
-			next;
-		}
-		elsif (defined $side[1]) {
-			push @{$side[1]}, $_;
-		}
-		else {
-			push @{$side[0]}, $_;
-		}
-	}
-	close $in;
-	return ($sha1->hexdigest, $hunk);
-}
-
-sub record_preimage {
-	my ($path, $name) = @_;
-	my @side = ();
-	my ($in, $out);
-	open $in, "<$path"  or die "$!: $path";
-	open $out, ">$name" or die "$!: $name";
-
-	while (<$in>) {
-		if (/^<<<<<<< .*/) {
-			@side = ([], undef);
-		}
-		elsif (/^=======$/) {
-			$side[1] = [];
-		}
-		elsif (/^>>>>>>> .*/) {
-			my ($one, $two);
-			$one = join('', @{$side[0]});
-			$two = join('', @{$side[1]});
-			if ($two le $one) {
-				($one, $two) = ($two, $one);
-			}
-			print $out "<<<<<<<\n";
-			print $out $one;
-			print $out "=======\n";
-			print $out $two;
-			print $out ">>>>>>>\n";
-			@side = ();
-		}
-		elsif (@side == 0) {
-			print $out $_;
-		}
-		elsif (defined $side[1]) {
-			push @{$side[1]}, $_;
-		}
-		else {
-			push @{$side[0]}, $_;
-		}
-	}
-	close $out;
-	close $in;
-}
-
-sub find_conflict {
-	my $in;
-	local $/ = "\0";
-	my $pid = open($in, '-|');
-	die "$!" unless defined $pid;
-	if (!$pid) {
-		exec(qw(git ls-files -z -u)) or die "$!: ls-files";
-	}
-	my %path = ();
-	my @path = ();
-	while (<$in>) {
-		chomp;
-		my ($mode, $sha1, $stage, $path) =
-		    /^([0-7]+) ([0-9a-f]{40}) ([123])\t(.*)$/s;
-		$path{$path} |= (1 << $stage);
-	}
-	close $in;
-	while (my ($path, $status) = each %path) {
-		if ($status == 14) { push @path, $path; }
-	}
-	return @path;
-}
-
-sub merge {
-	my ($name, $path) = @_;
-	record_preimage($path, "$rr_dir/$name/thisimage");
-	unless (system('git', 'merge-file', map { "$rr_dir/$name/${_}image" }
-		       qw(this pre post))) {
-		my $in;
-		open $in, "<$rr_dir/$name/thisimage" or
-		    die "$!: $name/thisimage";
-		my $out;
-		open $out, ">$path" or die "$!: $path";
-		while (<$in>) { print $out $_; }
-		close $in;
-		close $out;
-		return 1;
-	}
-	return 0;
-}
-
-sub garbage_collect_rerere {
-	# We should allow specifying these from the command line and
-	# that is why the caller gives @ARGV to us, but I am lazy.
-
-	my $cutoff_noresolve = 15; # two weeks
-	my $cutoff_resolve = 60; # two months
-	my @to_remove;
-	while (<$rr_dir/*/preimage>) {
-		my ($dir) = /^(.*)\/preimage$/;
-		my $cutoff = ((-f "$dir/postimage")
-			      ? $cutoff_resolve
-			      : $cutoff_noresolve);
-		my $age = -M "$_";
-		if ($cutoff <= $age) {
-			push @to_remove, $dir;
-		}
-	}
-	if (@to_remove) {
-		rmtree(\@to_remove);
-	}
-}
-
--d "$rr_dir" || exit(0);
-
-read_rr();
-
-if (@ARGV) {
-	my $arg = shift @ARGV;
-	if ($arg eq 'clear') {
-		for my $path (keys %merge_rr) {
-			my $name = $merge_rr{$path};
-			if (-d "$rr_dir/$name" &&
-			    ! -f "$rr_dir/$name/postimage") {
-				rmtree(["$rr_dir/$name"]);
-			}
-		}
-		unlink $merge_rr;
-	}
-	elsif ($arg eq 'status') {
-		for my $path (keys %merge_rr) {
-			print $path, "\n";
-		}
-	}
-	elsif ($arg eq 'diff') {
-		for my $path (keys %merge_rr) {
-			my $name = $merge_rr{$path};
-			system('diff', ((@ARGV == 0) ? ('-u') : @ARGV),
-				'-L', "a/$path", '-L', "b/$path",
-				"$rr_dir/$name/preimage", $path);
-		}
-	}
-	elsif ($arg eq 'gc') {
-		garbage_collect_rerere(@ARGV);
-	}
-	else {
-		die "$0 unknown command: $arg\n";
-	}
-	exit 0;
-}
-
-my %conflict = map { $_ => 1 } find_conflict();
-
-# MERGE_RR records paths with conflicts immediately after merge
-# failed.  Some of the conflicted paths might have been hand resolved
-# in the working tree since then, but the initial run would catch all
-# and register their preimages.
-
-for my $path (keys %conflict) {
-	# This path has conflict.  If it is not recorded yet,
-	# record the pre-image.
-	if (!exists $merge_rr{$path}) {
-		my ($name, $hunk) = compute_conflict_name($path);
-		next unless ($hunk);
-		$merge_rr{$path} = $name;
-		if (! -d "$rr_dir/$name") {
-			mkpath("$rr_dir/$name", 0, 0777);
-			print STDERR "Recorded preimage for '$path'\n";
-			record_preimage($path, "$rr_dir/$name/preimage");
-		}
-	}
-}
-
-# Now some of the paths that had conflicts earlier might have been
-# hand resolved.  Others may be similar to a conflict already that
-# was resolved before.
-
-for my $path (keys %merge_rr) {
-	my $name = $merge_rr{$path};
-
-	# We could resolve this automatically if we have images.
-	if (-f "$rr_dir/$name/preimage" &&
-	    -f "$rr_dir/$name/postimage") {
-		if (merge($name, $path)) {
-			print STDERR "Resolved '$path' using previous resolution.\n";
-			# Then we do not have to worry about this path
-			# anymore.
-			delete $merge_rr{$path};
-			next;
-		}
-	}
-
-	# Let's see if we have resolved it.
-	(undef, my $hunk) = compute_conflict_name($path);
-	next if ($hunk);
-
-	print STDERR "Recorded resolution for '$path'.\n";
-	copy($path, "$rr_dir/$name/postimage");
-	# And we do not have to worry about this path anymore.
-	delete $merge_rr{$path};
-}
-
-# Write out the rest.
-write_rr();

From baee1e91ed41cd369ca3ddd63615b64feaa0286f Mon Sep 17 00:00:00 2001
From: Brian Gernhardt <benji@silverinsanity.com>
Date: Tue, 9 Jan 2007 00:27:33 -0500
Subject: [PATCH 13/16] Ignore git-init and git-remote

These new commands weren't added to .gitignore.  Add them so we don't
end up with copies of them in the repo.

Signed-off-by: Brian Gernhardt <benji@silverinsanity.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 2904f12349..6da1cdbd0d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,6 +50,7 @@ git-http-fetch
 git-http-push
 git-imap-send
 git-index-pack
+git-init
 git-init-db
 git-instaweb
 git-local-fetch
@@ -92,6 +93,7 @@ git-rebase
 git-receive-pack
 git-reflog
 git-relink
+git-remote
 git-repack
 git-repo-config
 git-request-pull

From cdd4fb15cf06ec1de588bee4576509857d8e2cb4 Mon Sep 17 00:00:00 2001
From: Brian Gernhardt <benji@silverinsanity.com>
Date: Tue, 9 Jan 2007 00:27:41 -0500
Subject: [PATCH 14/16] Auto-quote config values in config.c:store_write_pair()

Suggested by Jakub Narebski <jnareb@gmail.com> on the list.

When we send a value to store_write_pair(), make sure that the value
that gets read out matches the one passed in.  This means that for any
value that contains leading or trailing whitespace or any comment
character (# and ;), we need to surround it in quotes.

Signed-off-by: Brian Gernhardt <benji@silverinsanity.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 config.c               | 14 ++++++++++++++
 t/t1300-repo-config.sh | 17 +++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/config.c b/config.c
index 9ded954496..2cd0263e13 100644
--- a/config.c
+++ b/config.c
@@ -513,11 +513,23 @@ static int store_write_pair(int fd, const char* key, const char* value)
 {
 	int i;
 	int length = strlen(key+store.baselen+1);
+	int quote = 0;
+
+	/* Check to see if the value needs to be quoted. */
+	if (value[0] == ' ')
+		quote = 1;
+	for (i = 0; value[i]; i++)
+		if (value[i] == ';' || value[i] == '#')
+			quote = 1;
+	if (value[i-1] == ' ')
+		quote = 1;
 
 	if (write_in_full(fd, "\t", 1) != 1 ||
 	    write_in_full(fd, key+store.baselen+1, length) != length ||
 	    write_in_full(fd, " = ", 3) != 3)
 		return 0;
+	if (quote && write_in_full(fd, "\"", 1) != 1)
+		return 0;
 	for (i = 0; value[i]; i++)
 		switch (value[i]) {
 		case '\n':
@@ -537,6 +549,8 @@ static int store_write_pair(int fd, const char* key, const char* value)
 				return 0;
 			break;
 		}
+	if (quote && write_in_full(fd, "\"", 1) != 1)
+		return 0;
 	if (write_in_full(fd, "\n", 1) != 1)
 		return 0;
 	return 1;
diff --git a/t/t1300-repo-config.sh b/t/t1300-repo-config.sh
index a29caa06dc..60acdd368b 100755
--- a/t/t1300-repo-config.sh
+++ b/t/t1300-repo-config.sh
@@ -401,5 +401,22 @@ test_expect_success numbers '
 	test z1048576 = "z$m"
 '
 
+rm .git/config
+
+git-repo-config quote.leading " test"
+git-repo-config quote.ending "test "
+git-repo-config quote.semicolon "test;test"
+git-repo-config quote.hash "test#test"
+
+cat > expect << EOF
+[quote]
+	leading = " test"
+	ending = "test "
+	semicolon = "test;test"
+	hash = "test#test"
+EOF
+
+test_expect_success 'quoting' 'cmp .git/config expect'
+
 test_done
 

From 1295228d1fdda17c2ef62e712649c962c3da5eb7 Mon Sep 17 00:00:00 2001
From: Junio C Hamano <junkio@cox.net>
Date: Mon, 8 Jan 2007 23:10:49 -0800
Subject: [PATCH 15/16] merge-base: do not leak commit list

Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 commit.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/commit.c b/commit.c
index 9ce45cec25..496d37aa02 100644
--- a/commit.c
+++ b/commit.c
@@ -1012,7 +1012,7 @@ void sort_in_topological_order_fn(struct commit_list ** list, int lifo,
 	free(nodes);
 }
 
-/* merge-rebase stuff */
+/* merge-base stuff */
 
 /* bits #0..15 in revision.h */
 #define PARENT1		(1u<<16)
@@ -1020,6 +1020,8 @@ void sort_in_topological_order_fn(struct commit_list ** list, int lifo,
 #define STALE		(1u<<18)
 #define RESULT		(1u<<19)
 
+static const unsigned all_flags = (PARENT1 | PARENT2 | STALE | RESULT);
+
 static struct commit *interesting(struct commit_list *list)
 {
 	while (list) {
@@ -1084,6 +1086,7 @@ static struct commit_list *merge_bases(struct commit *one, struct commit *two)
 	}
 
 	/* Clean up the result to remove stale ones */
+	free_commit_list(list);
 	list = result; result = NULL;
 	while (list) {
 		struct commit_list *n = list->next;
@@ -1099,7 +1102,6 @@ struct commit_list *get_merge_bases(struct commit *one,
 				    struct commit *two,
                                     int cleanup)
 {
-	const unsigned all_flags = (PARENT1 | PARENT2 | STALE | RESULT);
 	struct commit_list *list;
 	struct commit **rslt;
 	struct commit_list *result;

From 883d60fa97c6397450fb129634054e0a6101baac Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Date: Mon, 8 Jan 2007 01:59:54 +0100
Subject: [PATCH 16/16] Sanitize for_each_reflog_ent()

It used to ignore the return value of the helper function; now, it
expects it to return 0, and stops iteration upon non-zero return
values; this value is then passed on as the return value of
for_each_reflog_ent().

Further, it makes no sense to force the parsing upon the helper
functions; for_each_reflog_ent() now calls the helper function with
old and new sha1, the email, the timestamp & timezone, and the message.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 builtin-reflog.c | 26 ++++++++++++--------------
 fsck-objects.c   |  4 +++-
 reachable.c      |  4 +++-
 refs.c           | 26 +++++++++++++++++++++-----
 refs.h           |  4 ++--
 revision.c       |  4 +++-
 6 files changed, 44 insertions(+), 24 deletions(-)

diff --git a/builtin-reflog.c b/builtin-reflog.c
index a967117661..ca22452e64 100644
--- a/builtin-reflog.c
+++ b/builtin-reflog.c
@@ -195,19 +195,12 @@ static int keep_entry(struct commit **it, unsigned char *sha1)
 }
 
 static int expire_reflog_ent(unsigned char *osha1, unsigned char *nsha1,
-			     char *data, void *cb_data)
+		const char *email, unsigned long timestamp, int tz,
+		const char *message, void *cb_data)
 {
 	struct expire_reflog_cb *cb = cb_data;
-	unsigned long timestamp;
-	char *cp, *ep;
 	struct commit *old, *new;
 
-	cp = strchr(data, '>');
-	if (!cp || *++cp != ' ')
-		goto prune;
-	timestamp = strtoul(cp, &ep, 10);
-	if (*ep != ' ')
-		goto prune;
 	if (timestamp < cb->cmd->expire_total)
 		goto prune;
 
@@ -221,15 +214,20 @@ static int expire_reflog_ent(unsigned char *osha1, unsigned char *nsha1,
 	     (new && !in_merge_bases(new, cb->ref_commit))))
 		goto prune;
 
-	if (cb->newlog)
-		fprintf(cb->newlog, "%s %s %s",
-			sha1_to_hex(osha1), sha1_to_hex(nsha1), data);
+	if (cb->newlog) {
+		char sign = (tz < 0) ? '-' : '+';
+		int zone = (tz < 0) ? (-tz) : tz;
+		fprintf(cb->newlog, "%s %s %s %lu %c%04d\t%s",
+			sha1_to_hex(osha1), sha1_to_hex(nsha1),
+			email, timestamp, sign, zone,
+			message);
+	}
 	if (cb->cmd->verbose)
-		printf("keep %s", data);
+		printf("keep %s", message);
 	return 0;
  prune:
 	if (!cb->newlog || cb->cmd->verbose)
-		printf("%sprune %s", cb->newlog ? "" : "would ", data);
+		printf("%sprune %s", cb->newlog ? "" : "would ", message);
 	return 0;
 }
 
diff --git a/fsck-objects.c b/fsck-objects.c
index 1cc3b399bc..0d8a8ebb46 100644
--- a/fsck-objects.c
+++ b/fsck-objects.c
@@ -399,7 +399,9 @@ static void fsck_dir(int i, char *path)
 
 static int default_refs;
 
-static int fsck_handle_reflog_ent(unsigned char *osha1, unsigned char *nsha1, char *datail, void *cb_data)
+static int fsck_handle_reflog_ent(unsigned char *osha1, unsigned char *nsha1,
+		const char *email, unsigned long timestamp, int tz,
+		const char *message, void *cb_data)
 {
 	struct object *obj;
 
diff --git a/reachable.c b/reachable.c
index 4dfee1dbe8..a6a334822a 100644
--- a/reachable.c
+++ b/reachable.c
@@ -104,7 +104,9 @@ static void walk_commit_list(struct rev_info *revs)
 	}
 }
 
-static int add_one_reflog_ent(unsigned char *osha1, unsigned char *nsha1, char *datail, void *cb_data)
+static int add_one_reflog_ent(unsigned char *osha1, unsigned char *nsha1,
+		const char *email, unsigned long timestamp, int tz,
+		const char *message, void *cb_data)
 {
 	struct object *object;
 	struct rev_info *revs = (struct rev_info *)cb_data;
diff --git a/refs.c b/refs.c
index 4d6fad8879..d189d8ad99 100644
--- a/refs.c
+++ b/refs.c
@@ -1097,7 +1097,7 @@ int read_ref_at(const char *ref, unsigned long at_time, int cnt, unsigned char *
 	return 0;
 }
 
-void for_each_reflog_ent(const char *ref, each_reflog_ent_fn fn, void *cb_data)
+int for_each_reflog_ent(const char *ref, each_reflog_ent_fn fn, void *cb_data)
 {
 	const char *logfile;
 	FILE *logfp;
@@ -1106,19 +1106,35 @@ void for_each_reflog_ent(const char *ref, each_reflog_ent_fn fn, void *cb_data)
 	logfile = git_path("logs/%s", ref);
 	logfp = fopen(logfile, "r");
 	if (!logfp)
-		return;
+		return -1;
 	while (fgets(buf, sizeof(buf), logfp)) {
 		unsigned char osha1[20], nsha1[20];
-		int len;
+		char *email_end, *message;
+		unsigned long timestamp;
+		int len, ret, tz;
 
 		/* old SP new SP name <email> SP time TAB msg LF */
 		len = strlen(buf);
 		if (len < 83 || buf[len-1] != '\n' ||
 		    get_sha1_hex(buf, osha1) || buf[40] != ' ' ||
-		    get_sha1_hex(buf + 41, nsha1) || buf[81] != ' ')
+		    get_sha1_hex(buf + 41, nsha1) || buf[81] != ' ' ||
+		    !(email_end = strchr(buf + 82, '>')) ||
+		    email_end[1] != ' ' ||
+		    !(timestamp = strtoul(email_end + 2, &message, 10)) ||
+		    !message || message[0] != ' ' ||
+		    (message[1] != '+' && message[1] != '-') ||
+		    !isdigit(message[2]) || !isdigit(message[3]) ||
+		    !isdigit(message[4]) || !isdigit(message[5]) ||
+		    message[6] != '\t')
 			continue; /* corrupt? */
-		fn(osha1, nsha1, buf+82, cb_data);
+		email_end[1] = '\0';
+		tz = strtol(message + 1, NULL, 10);
+		message += 7;
+		ret = fn(osha1, nsha1, buf+82, timestamp, tz, message, cb_data);
+		if (ret)
+			return ret;
 	}
 	fclose(logfp);
+	return 0;
 }
 
diff --git a/refs.h b/refs.h
index de43cc768a..0e877e82ee 100644
--- a/refs.h
+++ b/refs.h
@@ -45,8 +45,8 @@ extern int write_ref_sha1(struct ref_lock *lock, const unsigned char *sha1, cons
 extern int read_ref_at(const char *ref, unsigned long at_time, int cnt, unsigned char *sha1);
 
 /* iterate over reflog entries */
-typedef int each_reflog_ent_fn(unsigned char *osha1, unsigned char *nsha1, char *, void *);
-void for_each_reflog_ent(const char *ref, each_reflog_ent_fn fn, void *cb_data);
+typedef int each_reflog_ent_fn(unsigned char *osha1, unsigned char *nsha1, const char *, unsigned long, int, const char *, void *);
+int for_each_reflog_ent(const char *ref, each_reflog_ent_fn fn, void *cb_data);
 
 /** Returns 0 if target has the right format for a ref. **/
 extern int check_ref_format(const char *target);
diff --git a/revision.c b/revision.c
index 6e4ec46302..1e3b29a429 100644
--- a/revision.c
+++ b/revision.c
@@ -505,7 +505,9 @@ static void handle_one_reflog_commit(unsigned char *sha1, void *cb_data)
 	}
 }
 
-static int handle_one_reflog_ent(unsigned char *osha1, unsigned char *nsha1, char *detail, void *cb_data)
+static int handle_one_reflog_ent(unsigned char *osha1, unsigned char *nsha1,
+		const char *email, unsigned long timestamp, int tz,
+		const char *message, void *cb_data)
 {
 	handle_one_reflog_commit(osha1, cb_data);
 	handle_one_reflog_commit(nsha1, cb_data);