Log

Author Commit Date CI Message
Edward Thomson 13a8bc92 2018-12-01T18:32:01 crlf_data: move to a "to_workdir" folder Move the crlf_data folders reponsible for holding the state of the filters going into the working directory to "to_workdir" variations of the folder name to accommodate future growth into the "to odb" filter variation. Update the script to create these new folders as appopriate.
Edward Thomson 788fccc4 2018-12-01T12:13:19 Merge pull request #4807 from libgit2/ethomson/index_fixes Index API updates for consistency
Edward Thomson 168fe39b 2018-11-28T14:26:57 object_type: use new enumeration names Use the new object_type enumeration names within the codebase.
Edward Thomson 18e71e6d 2018-11-28T13:31:06 index: use new enum and structure names Use the new-style index names throughout our own codebase.
Edward Thomson 4e892ae5 2018-11-14T21:00:25 index: update enum and structure names We have various macro, enumeration and structure names that were introduced (very) early in the project and do not match our current naming conventions. For instance: `GIT_IDXENTRY...` flags that correspond to a structure named `git_index_entry`. Update these to match the current guidance. The old macros and enumeration names are reflected as new macros in order to support backward compatibility (and do so without warnings for consumers).
Edward Thomson 19faf7c5 2018-11-14T23:35:48 object_type: update public API to use git_object_t git_object_t is the future; update the public API to use it. This will also ensure that we can build our tests which make use of the old API without modification (and without compiler warnings).
Edward Thomson 26b21b39 2018-11-14T22:48:10 object_type: remove unused object type flags The two "reserved" bits in `git_object_t` are unused. They were included for completeness, but downstream users should never use them and they should not have been made public. These values are never set. With the refactoring of `git_otype` into `git_object_t`, we can remove these from the new API. They will remain in the old (deprecated) API in the unlikely event that someone was using them.
Edward Thomson 7e7859a1 2018-11-14T21:12:55 object_type: update enumeration names Update the `git_otype` names to reflect our current naming conventions. `git_otype` is now `git_object_t` and the `GIT_OBJ_*` values are now `GIT_OBJECT_*` values. The old macro, enumeration and structure names are retained and simply set to the new names.
Patrick Steinhardt 0ddc6094 2018-11-30T09:46:14 Merge pull request #4770 from tiennou/feature/merge-analysis-any-branch Allow merge analysis against any reference
Patrick Steinhardt e7873eb2 2018-11-29T08:00:31 Merge pull request #4888 from TheBB/add-cb revwalk: Allow changing hide_cb
Patrick Steinhardt 487233fa 2018-11-29T07:21:41 Merge pull request #4895 from pks-t/pks/unused-warnings Unused function warnings
Edward Thomson a904fc6d 2018-11-28T20:31:30 Merge pull request #4870 from libgit2/ethomson/proxy Add builtin proxy support for the http transport
Edward Thomson 30ac46aa 2018-11-28T10:12:43 http: reset replay_count upon connection Reset the replay_count upon a successful connection. It's possible that we could encounter a situation where we connect successfully but need to replay a request - for example, a connection and initial request succeeds without authentication but a subsequent call does require authentication. Reset the replay count upon any successful request to afford subsequent replays room to manuever.
Edward Thomson 02bb39f4 2018-11-22T08:49:09 stream registration: take an enum type Accept an enum (`git_stream_t`) during custom stream registration that indicates whether the registration structure should be used for standard (non-TLS) streams or TLS streams.
Edward Thomson 41f620d9 2018-11-18T19:10:50 http: only load proxy configuration during connection Only load the proxy configuration during connection; we need this data when we're going to connect to the server, however we may mutate it after connection (connecting through a CONNECT proxy means that we should send requests like normal). If we reload the proxy configuration but do not actually reconnect (because we're in a keep-alive session) then we will reload the proxy configuration that we should have mutated. Thus, only load the proxy configuration when we know that we're going to reconnect.
Edward Thomson 52478d7d 2018-11-18T19:54:49 http: don't allow SSL connections to a proxy Temporarily disallow SSL connections to a proxy until we can understand the valgrind warnings when tunneling OpenSSL over OpenSSL.
Edward Thomson df2cc108 2018-11-18T10:29:07 stream: provide generic registration API Update the new stream registration API to be `git_stream_register` which takes a registration structure and a TLS boolean. This allows callers to register non-TLS streams as well as TLS streams. Provide `git_stream_register_tls` that takes just the init callback for backward compatibliity.
Edward Thomson 0467606f 2018-11-18T11:00:11 http: disallow repeated headers from servers Don't allow servers to send us multiple Content-Type, Content-Length or Location headers.
Edward Thomson 3a2e4836 2018-11-18T09:52:12 CMake: disable deprecated documentation sync The `-Wdocumentation-deprecated-sync` option will warn when there is a doxygen `\deprecated` tag but there is no corresponding deprecation attribute on the function. We want to encourage users to not use particular APIs by marking them deprecated in the documentation without necessarily raising a compiler warning by marking an item as deprecated.
Edward Thomson 45054732 2018-10-29T10:45:59 tests: optionally ignore https cert validation For testing, we may wish to use a man-in-the-middle proxy that can inspect the CONNECT traffic to our test endpoints. For this, we will need to accept the proxy's certificate, which will not be valid for the true endpoint. Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable https certificate validation for the tests.
Edward Thomson 21142c5a 2018-10-29T10:04:48 http: remove cURL We previously used cURL to support HTTP proxies. Now that we've added this support natively, we can remove the curl dependency.
Edward Thomson 2878ad08 2018-10-29T08:59:33 streams: remove unused tls functions The implementations of git_openssl_stream_new and git_mbedtls_stream_new have callers protected by #ifdefs and are never called unless compiled in. There's no need for a dummy implementation. Remove them.
Edward Thomson 5d4e1e04 2018-10-28T21:27:56 http: use CONNECT to talk to proxies Natively support HTTPS connections through proxies by speaking CONNECT to the proxy and then adding a TLS connection on top of the socket.
Edward Thomson 43b592ac 2018-10-25T08:49:01 tls: introduce a wrap function Introduce `git_tls_stream_wrap` which will take an existing `stream` with an already connected socket and begin speaking TLS on top of it. This is useful if you've built a connection to a proxy server and you wish to begin CONNECT over it to tunnel a TLS connection. Also update the pluggable TLS stream layer so that it can accept a registration structure that provides an `init` and `wrap` function, instead of a single initialization function.
Edward Thomson 6ba3e6af 2018-11-18T21:53:48 proxy tests: rename credential callback Rename credential callback to proxy_cred_cb to match new cert callback.
Edward Thomson 394ae7e1 2018-10-22T17:35:35 proxy tests: support self-signed proxy cert Give the proxy tests a proxy certificate callback, and allow self-signed certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment variable is set (to anything). In that case, simply compare the hostname from the callback to the hostname that we connected to.
Edward Thomson b2ed778a 2018-11-18T22:20:10 http transport: reset error message on cert failure Store the error message from the underlying TLS library before calling the certificate callback. If it refuses to act (demonstrated by returning GIT_PASSTHROUGH) then restore the error message. Otherwise, if the callback does not set an error message, set a sensible default that implicates the callback itself.
Edward Thomson 2ce2315c 2018-10-22T17:33:45 http transport: support cert check for proxies Refactor certificate checking so that it can easily be called for proxies or the remote server.
Edward Thomson 74c6e08e 2018-10-22T14:56:53 http transport: provide proxy credentials
Edward Thomson 496da38c 2018-10-22T12:48:45 http transport: refactor storage Create a simple data structure that contains information about the server being connected to, whether that's the actual remote endpoint (git server) or an intermediate proxy. This allows for organization of streams, authentication state, etc.
Edward Thomson 6af8572c 2018-10-22T11:29:01 http transport: cap number of authentication replays Put a limit on the number of authentication replays in the HTTP transport. Standardize on 7 replays for authentication or redirects, which matches the behavior of the WinHTTP transport.
Edward Thomson 22654812 2018-10-22T11:24:05 http transport: prompt for proxy credentials Teach the HTTP transport how to prompt for proxy credentials.
Edward Thomson 0328eef6 2018-10-22T11:14:06 http transport: further refactor credential handling Prepare credential handling to understand both git server and proxy server authentication.
Edward Thomson 32cb56ce 2018-10-22T10:16:54 http transport: refactor credential handling Factor credential handling into its own function. Additionally, add safety checks to ensure that we are in a valid state - that we have received a valid challenge from the server and that we have configuration to respond to that challenge.
Edward Thomson e6e399ab 2018-10-22T09:49:54 http transport: use HTTP proxies when requested The HTTP transport should understand how to apply proxies when configured with `GIT_PROXY_SPECIFIED` and `GIT_PROXY_SPECIFIED`. When a proxy is configured, the HTTP transport will now connect to the proxy (instead of directly to the git server), and will request the properly-formed URL of the git server endpoint.
Edward Thomson e6f1931a 2018-10-22T00:09:24 http: rename http subtransport's `io` to `gitserver_stream` Rename `http_subtransport->io` to `http_subtransport->gitserver_stream` to clarify its use, especially as we might have additional streams (eg for a proxy) in the future.
Edward Thomson 4ecc14cd 2018-10-21T23:47:53 tests: support optional PROXY_SCHEME As we want to support HTTPS proxies, support an optional `GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will allow for HTTPS support. (When unset, the tests default to HTTP proxies.)
Edward Thomson de60d9b4 2018-10-21T21:00:37 tests: PROXY_URL is more accurately PROXY_HOST Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be `GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an actual URL. (We cannot use a URL here since we may want to include the username:password combination in the constructed URL.)
Edward Thomson c07ff4cb 2018-10-21T14:17:06 http: rename `connection_data` -> `gitserver_data` Rename the `connection_data` struct member to `gitserver_data`, to disambiguate future `connection_data`s that apply to the proxy, not the final server endpoint.
Edward Thomson ed72465e 2018-10-13T19:16:54 proxy: propagate proxy configuration errors
Edward Thomson dcd00638 2018-11-28T14:45:55 Merge pull request #4898 from pks-t/pks/config-parent-is-file config: fix adding files if their parent directory is a file
Patrick Steinhardt ffe39bab 2018-11-23T20:04:37 cmake: enable warnings for unused const variables Together with the warnings for unused warnings, we always had warnings for unused constant variables disabled since commit 823c0e9cc (Fix broken logic for attr cache invalidation, 2014-04-17). As we have now fixed all occurrences of such variables, we can safely enable those warnings again.
Patrick Steinhardt 2521e11c 2018-11-23T20:02:31 tests: mailmap: avoid definition of unused static variables The mailmap testdata header contains a set of static variable definitions. As these variables aren't used in all places where they are used, they trigger the unused-const-variable warnings. As we have currently disabled those warnings explicitly, they are never triggered, but we intend to enable them. Avoid the issue by only keeping variable definitions that are actually used in all locations. Move the others to where they are used.
Patrick Steinhardt f2f5ec84 2018-11-23T19:27:09 khash: move khash include into implementation files The current map implementations directly include the "khash.h" headers into their own headers to make available a set of static functions, defines et cetera. Besides leaking the complete khash namespace into files wherever khashes are used, this also triggers Clang's -Wunused-function warnings when some of the static functions are not being used at all. Fix the issue by moving the includes into the respective map implementation files. Add forward declares for all the map types to make them known.
Patrick Steinhardt 852bc9f4 2018-11-23T19:26:24 khash: remove intricate knowledge of khash types Instead of using the `khiter_t`, `git_strmap_iter` and `khint_t` types, simply use `size_t` instead. This decouples code from the khash stuff and makes it possible to move the khash includes into the implementation files.
Patrick Steinhardt 5bfb3b58 2018-11-23T18:48:40 khash: implement map-specific foreach macros The current foreach map macros simply redirect to the type-indifferent `kh_foreach` macro. As this type-indifferent macro directly accesses the structures, the current implementation makes it impossible to make the stuctures private to the implementation only. And making them private is required to move out the khash include into the implementations to decrease the namespace leak.
Patrick Steinhardt 382b668b 2018-11-23T18:38:18 khash: implement begin/end via functions instead of macros Right now, the `git_*map_begin()` and `git_*map_end()` helpers are implemented via macros which simply redirect to `kh_begin` and `kh_end`. As these macros refer to members of the map structures, they make it impossible to move the khash include into the implementation files. Implement these helpers as real functions instead to further decouple the headers from implementations.
Patrick Steinhardt ae765d00 2018-11-23T19:26:48 submodule: remove string map implementation that strips trailing slashes The submodule code currently has its own implementation of a string map, which overrides the hashing and hash equals functions with functions that ignore potential trailing slashes. These functions aren't actually used by our code, making them useless.
Patrick Steinhardt 02789782 2018-11-23T18:37:57 idxmap: remove unused foreach macros The foreach macros of the idxmap types are not used anywhere. As we are about to open-code all foreach macros for the maps in order to be able to make the khash structure internal, removing these unused macros will leave a few places less that need conversion.
Patrick Steinhardt 681c58cf 2018-11-21T11:21:02 cmake: enable warnings for unused functions Ever since commit 823c0e9cc (Fix broken logic for attr cache invalidation, 2014-04-17), we have completely disabled warnings for unused functions. The only comment that was added back then is about "annoying extra warnings" from Clang, but in fact we shouldn't just ignore warnings about functions which aren't used at all. Instead, the right thing would be to either only conditionally compile functions that aren't used in all configurations or, alternatively, to remove functions that aren't required at all. As remaining instances of unused functions have been removed in the last two commits, re-enable the warning.
Patrick Steinhardt b2af13f2 2018-11-21T12:07:23 iterator: remove unused function `tree_iterator_entry_cmp` The function `tree_iterator_entry_cmp` has been introduced in commit be30387e8 (iterators: refactored tree iterator, 2016-02-25), but in fact it has never been used at all. Remove it to avoid unused function warnings as soon as we re-enable "-Wunused-functions".
Patrick Steinhardt bbf9f5a7 2018-11-21T11:20:14 tests: path: only compile test_canonicalize on Win32 platforms The function `test_canonicalize` is only used on Win32 platforms. It will thus result in an unused function warning if these warnings are enabled and one is on a platform different than Win32. Fix the issue by only compiling in the function on Win32 platforms.
Patrick Steinhardt 14a9a4f3 2018-11-21T11:18:46 tests: move apply_helpers functions into own compilation unit Currently, the "apply_helper" functions used for testing the apply logic are all statically defined in the "apply_helpers.h" header file. This may lead to warnings from the compiler in case where this header file is included, but not all functions it brings along are used in the compilation unit where it has been included into. Fix these potential warnings by moving the implementation into its own compilation unit "apply_helpers.c".
Eivind Fonn 0836f069 2018-11-14T16:08:30 revwalk: Allow changing hide_cb Since git_revwalk objects are encouraged to be reused, a public interface for changing hide_cb is desirable.
Patrick Steinhardt c97d302d 2018-11-28T13:45:41 Merge pull request #4879 from libgit2/ethomson/defer_cert_cred_cb Allow certificate and credential callbacks to decline to act
Patrick Steinhardt 43cbe6b7 2018-11-28T13:36:47 config: fix adding files if their parent directory is a file When we try to add a configuration file with `git_config_add_file_ondisk`, we treat nonexisting files as empty. We do this by performing a stat call, ignoring ENOENT errors. This works just fine in case the file or any of its parents simply does not exist, but there is also the case where any of the parent directories is not a directory, but a file. So e.g. trying to add a configuration file "/dev/null/.gitconfig" will fail, as `errno` will be ENOTDIR instead of ENOENT. Catch ENOTDIR in addition to ENOENT to fix the issue. Add a test that verifies we are able to add configuration files with such an invalid path file just fine.
Edward Thomson c3b427ba 2018-11-25T13:59:22 Merge pull request #4896 from csware/C4133 Fix warning C4133 incompatible types in MSVC
Sven Strickroth f0714daf 2018-11-25T13:36:29 Fix warning C4133 incompatible types in MSVC Introduced in commit b433a22a979ae78c28c8b16f8c3487e2787cb73e. Signed-off-by: Sven Strickroth <email@cs-ware.de>
Edward Thomson a2e6e0ea 2018-11-06T14:15:43 transport: allow cred/cert callbacks to return GIT_PASSTHROUGH Allow credential and certificate checking callbacks to return GIT_PASSTHROUGH, indicating that they do not want to act. Introduce this to support in both the http and ssh callbacks. Additionally, enable the same mechanism for certificate validation. This is most useful to disambiguate any meaning in the publicly exposed credential and certificate functions (`git_transport_smart_credentials` and `git_transport_smart_certificate_check`) but it may be more generally useful for callers to be able to defer back to libgit2.
Patrick Steinhardt 0e3e832d 2018-11-21T13:30:01 Merge pull request #4884 from libgit2/ethomson/index_iterator index: introduce git_index_iterator
Edward Thomson 94fce582 2018-11-21T10:27:59 Merge pull request #4894 from pks-t/pks/commit-author-oob commit: fix out-of-bound reads when parsing truncated author fields
Patrick Steinhardt cb23c3ef 2018-11-21T10:54:29 commit: fix out-of-bound reads when parsing truncated author fields While commit objects usually should have only one author field, our commit parser actually handles the case where a commit has multiple author fields because some tools that exist in the wild actually write them. Detection of those additional author fields is done by using a simple `git__prefixcmp`, checking whether the current line starts with the string "author ". In case where we are handed a non-NUL-terminated string that ends directly after the space, though, we may have an out-of-bounds read of one byte when trying to compare the expected final NUL byte. Fix the issue by using `git__prefixncmp` instead of `git_prefixcmp`. Unfortunately, a test cannot be easily written to catch this case. While we could test the last error message and verify that it didn't in fact fail parsing a signature (because that would indicate that it has in fact tried to parse the additional "author " field, which it shouldn't be able to detect in the first place), this doesn't work as the next line needs to be the "committer" field, which would error out with the same error message even if we hadn't done an out-of-bounds read. As objects read from the object database are always NUL terminated, this issue cannot be triggered in normal code and thus it's not security critical.
Edward Thomson 11d33df8 2018-11-18T23:39:43 Merge branch 'tiennou/fix/logallrefupdates-always'
Etienne Samson e226ad8f 2018-11-17T17:55:10 refs: add support for core.logAllRefUpdates=always Since we were not expecting this config entry to contain a string, we would fail as soon as its (cached) value would be accessed. Hence, provide some constants for the 4 states we use, and account for "always" when we decide to reflog changes.
Edward Thomson 646a94be 2018-11-18T23:15:56 Merge pull request #4847 from noahp/noahp/null-arg-fixes tests: 🌀 address two null argument instances
Edward Thomson 5c213e29 2018-11-18T22:59:03 Merge pull request #4875 from tiennou/fix/openssl-errors Some OpenSSL issues
Edward Thomson 0310749b 2018-11-18T22:58:17 Merge pull request #4892 from osener/patch-1 worktree: Expose git_worktree_add_init_options
Edward Thomson 4ef2b889 2018-11-18T22:56:28 Merge pull request #4882 from kc8apf/include_port_in_host_header transport/http: Include non-default ports in Host header
Ozan Sener 4dcd4514 2018-11-18T18:13:58 worktree: Expose git_worktree_add_init_options
Edward Thomson 7321cff0 2018-11-15T09:17:51 Merge pull request #4713 from libgit2/ethomson/win_symlinks Support symlinks on Windows when core.symlinks=true
Edward Thomson 8ee10098 2018-11-06T13:10:30 transport: see if cert/cred callbacks exist before calling them Custom transports may want to ask libgit2 to invoke a configured credential or certificate callback; however they likely do not know if a callback was actually configured. Return a sentinal value (GIT_PASSTHROUGH) if there is no callback configured instead of crashing.
Edward Thomson c358bbc5 2018-11-12T17:22:47 index: introduce git_index_iterator Provide a public git_index_iterator API that is backed by an index snapshot. This allows consumers to provide a stable iteration even while manipulating the index during iteration.
Edward Thomson 9189a66a 2018-11-14T12:09:48 Merge pull request #4886 from pks-t/pks/strntol-truncate-leading-sign strntol: fix out-of-bounds reads when parsing numbers with leading sign
Patrick Steinhardt 4b84db6a 2018-11-14T12:33:38 patch_parse: remove unused function `parse_number` The function `parse_number` was replaced by `git_parse_advance_digit` which is provided by the parser interface in commit 252f2eeee (parse: implement and use `git_parse_advance_digit`, 2017-07-14). As there are no remaining callers, remove it.
Patrick Steinhardt 4209a512 2018-11-14T12:04:42 strntol: fix out-of-bounds reads when parsing numbers with leading sign When parsing a number, we accept a leading plus or minus sign to return a positive or negative number. When the parsed string has such a leading sign, we set up a flag indicating that the number is negative and advance the pointer to the next character in that string. This misses updating the number of bytes in the string, though, which is why the parser may later on do an out-of-bounds read. Fix the issue by correctly updating both the pointer and the number of remaining bytes. Furthermore, we need to check whether we actually have any bytes left after having advanced the pointer, as otherwise the auto-detection of the base may do an out-of-bonuds access. Add a test that detects the out-of-bound read. Note that this is not actually security critical. While there are a lot of places where the function is called, all of these places are guarded or irrelevant: - commit list: this operates on objects from the ODB, which are always NUL terminated any may thus not trigger the off-by-one OOB read. - config: the configuration is NUL terminated. - curl stream: user input is being parsed that is always NUL terminated - index: the index is read via `git_futils_readbuffer`, which always NUL terminates it. - loose objects: used to parse the length from the object's header. As we check previously that the buffer contains a NUL byte, this is safe. - rebase: this parses numbers from the rebase instruction sheet. As the rebase code uses `git_futils_readbuffer`, the buffer is always NUL terminated. - revparse: this parses a user provided buffer that is NUL terminated. - signature: this parser the header information of objects. As objects read from the ODB are always NUL terminated, this is a non-issue. The constructor `git_signature_from_buffer` does not accept a length parameter for the buffer, so the buffer needs to be NUL terminated, as well. - smart transport: the buffer that is parsed is NUL terminated - tree cache: this parses the tree cache from the index extension. The index itself is read via `git_futils_readbuffer`, which always NUL terminates it. - winhttp transport: user input is being parsed that is always NUL terminated
Edward Thomson fd4e3b21 2018-11-13T15:33:20 Merge pull request #4885 from pks-t/pks/apply-test-fixups apply: small fixups in the test suite
Patrick Steinhardt cf83809b 2018-11-13T14:26:26 Merge pull request #4883 from pks-t/pks/signature-tz-oob signature: fix out-of-bounds read when parsing timezone offset
Noah Pendleton f127ce35 2018-11-13T08:22:25 tests: address two null argument instances Handle two null argument cases that occur in the unit tests. One is in library code, the other is in test code. Detected by running unit tests with undefined behavior sanitizer: ```bash # build mkdir build && cd build cmake -DBUILD_CLAR=ON -DCMAKE_C_FLAGS="-fsanitize=address \ -fsanitize=undefined -fstack-usage -static-libasan" .. cmake --build . # run with asan ASAN_OPTIONS="allocator_may_return_null=1" ./libgit2_clar ... ............../libgit2/src/apply.c:316:3: runtime error: null pointer \ passed as argument 1, which is declared to never be null ...................../libgit2/tests/apply/fromfile.c:46:3: runtime \ error: null pointer passed as argument 1, which is declared to never be null ```
Patrick Steinhardt afc64bcd 2018-11-13T14:13:40 tests: apply: fix reference to deprecated `git_buf_free` Since commit 56ffdfc61 (buffer: deprecate `git_buf_free` in favor of `git_buf_dispose`, 2018-02-08), the function `git_buf_free` is deprecated and shall not be used anymore. As part of the new apply framework that has been cooking for quite some time some new references have been introduced to that deprecated function. Replace them with calls to `git_buf_dispose`.
Patrick Steinhardt fe215153 2018-11-13T14:08:49 tests: apply: fix missing `cl_git_pass` wrappers Some function calls in the new "apply" test suite were missing the checks whether they succeeded as expected. Fix this by adding the missing `cl_git_pass` wrappers.
Patrick Steinhardt 20cb30b6 2018-11-13T13:40:17 Merge pull request #4667 from tiennou/feature/remote-create-api Remote creation API
Patrick Steinhardt 28239be3 2018-11-13T13:27:41 Merge pull request #4818 from pks-t/pks/index-collision Index collision fixes
Edward Thomson 11fbead8 2018-11-11T16:40:56 Merge pull request #4705 from libgit2/ethomson/apply Patch (diff) application
Edward Thomson 2f5f3cfd 2018-11-10T11:07:01 Merge pull request #4880 from libgit2/ethomson/smart_transport_url smart transport: only clear url on hard reset (regression)
Rick Altherr 83b35181 2018-10-19T10:54:38 transport/http: Include non-default ports in Host header When the port is omitted, the server assumes the default port for the service is used (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host). In cases where the client provided a non-default port, it should be passed along. This hasn't been an issue so far as the git protocol doesn't include server-generated URIs. I encountered this when implementing Rust registry support for Sonatype Nexus. Rust's registry uses a git repository for the package index. Clients look at a file in the root of the package index to find the base URL for downloading the packages. Sonatype Nexus looks at the incoming HTTP request (Host header and URL) to determine the client-facing URL base as it may be running behind a load balancer or reverse proxy. This client-facing URL base is then used to construct the package download base URL. When libgit2 fetches the index from Nexus on a non-default port, Nexus trusts the incorrect Host header and generates an incorrect package download base URL.
Rick Altherr 58b60fcc 2018-11-08T09:31:28 netops: add method to return default http port for a connection Constant strings and logic for HTTP(S) default ports were starting to be spread throughout netops.c. Instead of duplicating this again to determine if a Host header should include the port, move the default port constants and logic into an internal method in netops.{c,h}.
Patrick Steinhardt 52f859fd 2018-11-09T19:32:08 signature: fix out-of-bounds read when parsing timezone offset When parsing a signature's timezone offset, we first check whether there is a timezone at all by verifying that there are still bytes left to read following the time itself. The check thus looks like `time_end + 1 < buffer_end`, which is actually correct in this case. After setting the timezone's start pointer to that location, we compute the remaining bytes by using the formula `buffer_end - tz_start + 1`, re-using the previous `time_end + 1`. But this is in fact missing the braces around `(tz_start + 1)`, thus leading to an overestimation of the remaining bytes by a length of two. In case of a non-NUL terminated buffer, this will result in an overflow. The function `git_signature__parse` is only used in two locations. First is `git_signature_from_buffer`, which only accepts a string without a length. The string thus necessarily has to be NUL terminated and cannot trigger the issue. The other function is `git_commit__parse_raw`, which can in fact trigger the error as it may receive non-NUL terminated commit data. But as objects read from the ODB are always NUL-terminated by us as a cautionary measure, it cannot trigger the issue either. In other words, this error does not have any impact on security.
Edward Thomson 9ad96367 2018-11-07T15:31:21 smart transport: only clear url on hard reset After creating a transport for a server, we expect to be able to call `connect`, then invoke subsequent `action` calls. We provide the URL to these `action` calls, although our built-in transports happen to ignore it since they've already parsed it into an internal format that they intend to use (`gitno_connection_data`). In ca2eb4608243162a13c427e74526b6422d5a6659, we began clearing the URL field after a connection, meaning that subsequent calls to transport `action` callbacks would get a NULL URL, which went undetected since the builtin transports ignore the URL when they're already connected (instead of re-parsing it into an internal format). Downstream custom transport implementations (eg, LibGit2Sharp) did notice this change, however. Since `reset_stream` is called even when we're not closing the subtransport, update to only clear the URL when we're closing the subtransport. This ensures that `action` calls will get the correct URL information even after a connection.
Patrick Steinhardt fa7aba70 2018-11-07T12:23:14 Merge pull request #4871 from pks-t/pks/tree-parsing-fixes Tree parsing fixes
Edward Thomson 4e746d80 2018-11-05T15:49:11 test: ensure applying a patch can't delete a file twice
Edward Thomson f8b9493b 2018-11-05T15:46:08 apply: test re-adding a file after removing it Ensure that we can add a file back after it's been removed. Update the renamed/deleted validation in application to not apply to deltas that are adding files to support this.
Edward Thomson 78580ad3 2018-11-05T15:34:59 apply: test modifying a file after renaming it Ensure that we cannot modify a file after it's been renamed out of the way. If multiple deltas exist for a single path, ensure that we do not attempt to modify a file after it's been renamed out of the way. To support this, we must track the paths that have been removed or renamed; add to a string map when we remove a path and remove from the string map if we recreate a path. Validate that we are not applying to a path that is in this map, unless the delta is a rename, since git supports renaming one file to two different places in two different deltas. Further, test that we cannot apply a modification delta to a path that will be created in the future by a rename (a path that does not yet exist.)
Edward Thomson 605066ee 2018-11-05T14:37:35 apply: test renaming a file after modifying it Multiple deltas can exist in a diff, and can be applied in-order. If there exists a delta that modifies a file followed by a delta that renames that file, then both will be captured. The modification delta will be applied and the resulting file will be staged with the original filename. The rename delta will be independently applied - to the original file (not the modified file from the original delta) and staged independently.
Edward Thomson bd682f3e 2018-11-04T19:01:57 apply: test that we can't rename a file after modifying it Multiple deltas can exist in a diff, and can be applied in-order. However if there exists a delta that renames a file, it must be first, so that other deltas can reference the resulting target file. git enforces this (`error: already exists in index`), so ensure that we do, too.
Edward Thomson a3c1070c 2018-11-04T14:07:22 apply: test modify delta after rename delta Ensure that we can apply a delta after renaming a file.
Edward Thomson 07e71bfa 2018-11-04T13:14:20 apply: test multiple deltas to new file
Edward Thomson df4258ad 2018-11-04T13:01:03 apply: handle multiple deltas to the same file git allows a patch file to contain multiple deltas to the same file: although it does not produce files in this format itself, this could be the result of concatenating two different patch files that affected the same file. git apply behaves by applying this next delta to the existing postimage of the file. We should do the same. If we have previously seen a file, and produced a postimage for it, we will load that postimage and apply the current delta to that. If we have not, get the file from the preimage.
Edward Thomson c71e964a 2018-11-04T12:21:57 apply: test rename 1 to 2 Test that a patch can contain two deltas that appear to rename an initial source file to two different destination paths. Git creates both target files with the initial source contents; ensure that we do, too.
Edward Thomson 56a2ae0c 2018-11-04T12:18:01 apply: test rename 2 to 1 Test that we can apply a patch that renames two different files to the same target filename. Git itself handles this scenario in a last-write wins, such that the rename listed last is the one persisted in the target. Ensure that we do the same.
Edward Thomson 235dc9b2 2018-11-04T12:05:46 apply: test circular rename Test a rename from A->B simultaneous with a rename from B->A.