kmx git

Commit	Date	Message
1a16e8b0	2016-03-01T17:55:40	pack-objects: fix memory leak on overflow
e114bbac	2016-03-01T16:00:49	index: assert required OID are non-NULL
d0780b81	2016-03-01T15:35:45	object: avoid call of memset with ouf of bounds pointer When computing a short OID we do this by first copying the leading parts into the new OID structure and then setting the trailing part to zero. In the case of the desired length being `GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds pointer and a length of 0. While this seems to cause no problems for common platforms the C89 standard does not explicitly state that calling `memset` with an out of bounds pointer and length of 0 is valid. Fix the potential issue by using the newly introduced `git_oid__cpy_prefix` function.
fa4b93a6	2016-04-11T15:57:23	backport git_oid__cpy_prefix
faf823dc	2016-03-11T09:58:38	tests: transport: fix memory leaks with registering transports
0370dae1	2016-02-25T18:15:02	Check for __CLANG_INTTYPES_H This fixes an issue in Xcode 7.3 in objective-git where we get the error "Include of non-modular header file in module". Not importing this header again fixes the issue.
e39ad747	2016-03-01T14:40:17	config_file: handle missing quotation marks in section header When parsing a section header we expect something along the format of '[section "subsection"]'. When a section is mal-formated and is entirely missing its quotation marks we catch this case by observing that `strchr(line, '"') - strrchr(line, '"') = NULL - NULL = 0` and error out. Unfortunately, the error message is misleading though, as we state that we are missing the closing quotation mark while we in fact miss both quotation marks. Improve the error message by explicitly checking if the first quotation mark could be found and, if not, stating that quotation marks are completely missing.
ffb1f419	2016-03-01T14:24:09	describe: handle error code returned by git_pqueue_insert
4ebf745f	2016-03-09T11:16:16	mwindow: free unused windows if we fail to mmap The first time may be due to memory fragmentation or just bad luck on a 32-bit system. When we hit the mmap error for the first time, free up the unused windows and try again.
9ee498e8	2016-03-08T10:16:37	Only buffer if necessary.
eb09ead2	2016-03-04T01:18:30	odb: improved not found error messages When looking up an abbreviated oid, show the actual (abbreviated) oid the caller passed instead of a full (but ambiguously truncated) oid.
cdded630	2016-01-13T11:07:14	Remove duplicated calls to git_mwindow_close
e3862c9f	2016-01-11T17:09:32	Buffer sideband packet data The inner packet may be split across multiple sideband packets.
8ec3d88f	2015-12-24T10:04:44	Avoid subtraction overflow in git_indexer_commit
4a93a7fc	2015-12-28T11:37:39	Tabs
b8dc15f7	2015-12-28T11:35:19	Adding test cases that actually test the functionality of the new transport ssh, ssh+git and git+ssh should all successfully build an SSH transport
e44f6586	2015-12-28T07:43:24	Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers
429155d5	2015-12-28T07:40:15	Updating change to http_parser to reflect PR for nodejs/http-parser The parser now also supports digits, '-' and '.'. https://github.com/nodejs/http-parser/pull/276
fa8b1a88	2015-12-22T10:56:38	Adding spec coverage for ssh+git and git+ssh protocols
ff8e3f0e	2015-12-22T10:38:31	Handle git+ssh:// and ssh+git:// protocols support
2f2575c0	2015-12-22T10:38:16	Updating http parser to accept a `+` in the schema
785d8c48	2016-03-04T13:50:23	Merge pull request #3653 from libgit2/cmn/treebuilder-submodule treebuilder: don't try to verify submodules exist in the odb
ea5bf6bb	2016-03-04T12:34:38	treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.
16099833	2016-03-03T22:57:45	Merge pull request #3651 from libgit2/cmn/init-libssh2 ssh: initialize libssh2
22f3d3aa	2016-03-03T22:26:31	ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.
839bdb05	2016-03-03T21:20:33	Merge pull request #3639 from srajko/threading-openssl-libssh2 Expand OpenSSL and libssh2 thread safety documentation
e23efa6d	2016-03-03T21:03:10	tests: take the version from our define
1e8255a3	2016-03-03T20:20:43	Bump version to 0.24.0
c21c8f67	2016-03-03T20:18:55	CHANGELOG: prepre tamplate for release
a7ef27af	2016-03-03T20:17:13	CHANGELOG: add note about WinHTTP cred handling
66a530eb	2016-03-03T20:11:18	Merge pull request #3648 from libgit2/cmn/auth-retry test: make sure we retry the auth callback on all platforms
ba9bb664	2016-03-03T19:21:07	tests: create a ctest target for cred_callback
778fb695	2016-03-03T12:14:02	Merge pull request #3646 from pks-t/pks/xdiff-fix-from-upstream xdiff: fix memleak on error case
a4cba9d4	2016-03-03T10:48:24	winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
25205737	2016-03-03T10:08:00	test: make sure we retry the auth callback on all platforms We were missing this test on Windows, which meant we didn't notice that we never fixed the single authentication attempt it tries, nor its wrong return code. Enable this for the unix platforms as well over HTTP. We previously were doing it locally but disabled it on OS X due to issues with its sshd not accepting password authentication.
9b3fc895	2016-03-03T11:17:36	tests: plug a leak
edaffe22	2016-03-01T17:16:27	Merge pull request #3633 from ethomson/safe_creation Stricter object dependency checking during creation
a4ea7faa	2016-03-01T08:54:00	xdiff: fix memleak on error case Commit 3d1abc5afce fixes a memory leak in the xdiff code. In the process of upstreaming the fix it was pointed out by Johannes Schindelin that there is another memory leak present (see [1]). Fix the second memory leak by applying the upstream fix to our code base. [1]: http://thread.gmane.org/gmane.comp.version-control.git/287034
dbee6835	2016-02-28T20:13:24	Merge pull request #3567 from sba1/few-p_getaddrinfo-fixes Few p_getaddrinfo fixes
f2dddf52	2016-02-28T15:51:38	turn on strict object validation by default
4afe536b	2016-02-28T16:02:49	tests: use legitimate object ids Use legitimate (existing) object IDs in tests so that we have the ability to turn on strict object validation when running tests.
98c34149	2016-02-28T15:11:15	refs: honor strict object creation
3ef01e77	2016-02-28T14:37:37	git_object__is_valid: use `odb_read_header` This allows lighter weight validation in `git_object__is_valid` that does not require reading the entire object.
6ddf533a	2016-02-23T18:29:16	git_index_add: validate objects in index entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the index entries given to `git_index_add`.
1a9d7c95	2016-02-28T19:43:45	Merge pull request #3644 from ethomson/debug_pool travis ci: enable debug pool for valgrind builds
2bbc7d3e	2016-02-23T15:00:27	treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.
ef63bab3	2016-02-23T13:34:35	git_commit: validate tree and parent ids When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to commit creation functions.
7565dc65	2016-02-23T13:33:10	git_object__is_valid: simple object validity test
22a19f5b	2016-02-22T23:46:50	git_libgit2_opts: introduce `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION`
da033560	2016-02-28T11:34:36	travis ci: enable debug pool for valgrind builds
6cc4bac8	2016-02-28T11:31:10	Merge pull request #3577 from rossdylan/rossdylan/pooldebug Add a new build flag to disable the pool allocator
09db7fd8	2016-02-25T15:19:51	Expand OpenSSL and libssh2 thread safety documentation
93e16642	2016-02-26T12:51:13	Fixed typo in one of the ifndef's in pool.h used to enable/disable debug mode
9f4e7c84	2016-02-25T18:42:09	Merge pull request #3638 from ethomson/nsec USE_NSECS fixes
0d9a7498	2016-02-25T12:09:49	Merge pull request #3628 from pks-t/pks/coverity-fixes Coverity fixes
fd129f28	2016-02-25T11:59:00	Merge pull request #3630 from libgit2/cmn/idx-extra-check Extra checks for packfile indices
3d6a42d1	2016-02-25T11:23:19	nsec: support NDK's crazy nanoseconds Android NDK does not have a `struct timespec` in its `struct stat` for nanosecond support, instead it has a single nanosecond member inside the struct stat itself. We will use that and use a macro to expand to the `st_mtim` / `st_mtimespec` definition on other systems (much like the existing `st_mtime` backcompat definition).
a4c55069	2016-02-25T11:31:18	nsec: update staging test for GIT_USE_NSECS The index::nsec::staging_maintains_other_nanos test was created to ensure that when we stage an entry when GIT_USE_NSECS is unset that we truncate the index entry and do not persist the (old, invalid) nanosec values. Ensure that when GIT_USE_NSECS is set that we do not do that, and actually write the correct nanosecond values.
6d97beb9	2016-02-25T15:46:59	pack: don't allow a negative offset
ea9e00cb	2016-02-23T18:15:43	pack: make sure we don't go out of bounds for extended entries A corrupt index might have data that tells us to go look past the end of the file for data. Catch these cases and return an appropriate error message.
9dfe1140	2016-02-25T09:08:23	Merge pull request #3637 from libgit2/cmn/conventions CONVENTIONS: update to include general public API principles
1f8cb02f	2016-02-25T14:51:00	CONVENTIONS: update to include general public API principles
68ad3156	2016-02-24T17:17:57	openssl: we already had the function, just needed the header
f3d1be7d	2016-02-24T16:38:22	openssl: export the locking function when building without OpenSSL This got lost duing the move and it lets the users call this function just in case.
43955927	2016-02-23T22:27:36	Merge pull request #3631 from ethomson/giterr_fixups Minor `giterr` fixups
cd59e0c0	2016-02-23T13:05:49	giterr_set_str: remove `GITERR_OS` documentation The `giterr_set_str` does not actually honor `GITERR_OS`. Remove the documentation that claims that we do.
04c3b35f	2016-02-23T13:02:07	map: use `giterr_set` internally Use the `giterr_set` function, which actually supports `GITERR_OS`. The `giterr_set_str` function is exposed for external users and will not append the operating system's error message.
32f07984	2016-02-23T11:07:03	diff_tform: fix potential NULL pointer access The `normalize_find_opts` function in theory allows for the incoming diff to have no repository. When the caller does not pass in diff find options or if the GIT_DIFF_FIND_BY_CONFIG value is set, though, we try to derive the configuration from the diff's repository configuration without first verifying that the repository is actually set to a non-NULL value. Fix this issue by explicitly checking if the repository is set and if it is not, fall back to a default value of GIT_DIFF_FIND_RENAMES.
3d1abc5a	2016-02-22T17:13:23	xmerge: fix memory leak on error path
05bf67b9	2016-02-23T11:16:36	openssl_stream: fix NULL pointer dereference
2baf854e	2016-02-22T16:08:56	openssl_stream: fix memory leak when creating new stream
2afb6fa4	2016-02-22T16:05:13	rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.
d0cb11e7	2016-02-22T16:01:03	remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.
0f1e2d20	2016-02-23T11:23:26	index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.
7808c937	2016-02-22T15:59:15	index: plug memory leak in `read_conflict_names`
003c5e46	2016-02-22T15:52:49	transports: smart_pkt: fix memory leaks on error paths
793e0855	2016-02-22T14:06:48	refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.
be8479c9	2016-02-22T14:01:50	diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.
bac52ab0	2016-02-22T13:48:45	pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.
d1c9a48d	2016-02-23T10:45:09	pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC
2129d6df	2016-02-22T13:33:48	crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.
b9f28b8d	2016-02-23T10:09:03	refspec: check buffer with GITERR_CHECK_ALLOC_BUF
c5bd70d1	2016-02-23T11:48:30	revwalk: use GITERR_CHECK_ALLOC_BUF
6e2a3755	2016-02-23T11:45:43	smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
42c05ed5	2016-02-23T10:02:44	path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer
859ed5dd	2016-02-23T09:54:26	common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.
f2a554b4	2016-02-22T14:43:28	coverity: hint git_vector_foreach does not deref NULL contents Coverity does not comprehend the connection between a vector's size and the contents pointer, that is that the vector's pointer is non-NULL when its size is positive. As the vector code should be reasonably well tested and users are expected to not manually modify a vector's contents it seems save to assume that the macros will never dereference a NULL pointer. Fix Coverity warnings by overriding the foreach macros with macros that explicitly aborting when (v)->contents is NULL.
fb96b28c	2016-02-23T08:16:12	Merge pull request #3629 from ethomson/set_user_agent_doc git_libgit2_opts: minor documentation & usage fixes
7bab2e8f	2016-02-22T23:04:40	git_libgit2_opts: validate key
5bc93eae	2016-02-22T22:26:01	git_libgit2_opts: document GIT_OPT_SET_USER_AGENT
305c4f95	2016-02-22T10:16:49	Merge pull request #3627 from libgit2/cmn/typo Fix a few checkout -> rebase typos
88ab3be6	2016-02-22T15:41:01	Fix a few checkout -> rebase typos
c8fe6c09	2016-02-19T16:23:14	openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.
f1260e03	2016-02-19T09:13:40	Remove unnecessary ifdef in pool.h
f596946f	2016-02-19T13:52:04	CHANGELOG: add a few missing changes
deecaa2e	2016-02-19T13:31:54	openssl: free the context even if we don't connect
bf127eec	2016-02-19T13:24:41	global: remove an unused variable
78e16c34	2016-02-19T13:06:51	Merge pull request #3597 from ethomson/filter_registration Filter registration
b643501d	2016-02-19T10:21:37	Merge pull request #3614 from pks-t/pks/coverity-fixes Coverity fixes
8a62bf11	2016-02-15T11:28:33	netops: fix memory leak when an error occurs

1a16e8b0

2016-03-01T17:55:40

pack-objects: fix memory leak on overflow

e114bbac

2016-03-01T16:00:49

index: assert required OID are non-NULL

d0780b81

2016-03-01T15:35:45

object: avoid call of memset with ouf of bounds pointer When computing a short OID we do this by first copying the leading parts into the new OID structure and then setting the trailing part to zero. In the case of the desired length being `GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds pointer and a length of 0. While this seems to cause no problems for common platforms the C89 standard does not explicitly state that calling `memset` with an out of bounds pointer and length of 0 is valid. Fix the potential issue by using the newly introduced `git_oid__cpy_prefix` function.

fa4b93a6

2016-04-11T15:57:23

backport git_oid__cpy_prefix

faf823dc

2016-03-11T09:58:38

tests: transport: fix memory leaks with registering transports

0370dae1

2016-02-25T18:15:02

Check for __CLANG_INTTYPES_H This fixes an issue in Xcode 7.3 in objective-git where we get the error "Include of non-modular header file in module". Not importing this header again fixes the issue.

e39ad747

2016-03-01T14:40:17

config_file: handle missing quotation marks in section header When parsing a section header we expect something along the format of '[section "subsection"]'. When a section is mal-formated and is entirely missing its quotation marks we catch this case by observing that `strchr(line, '"') - strrchr(line, '"') = NULL - NULL = 0` and error out. Unfortunately, the error message is misleading though, as we state that we are missing the closing quotation mark while we in fact miss both quotation marks. Improve the error message by explicitly checking if the first quotation mark could be found and, if not, stating that quotation marks are completely missing.

ffb1f419

2016-03-01T14:24:09

describe: handle error code returned by git_pqueue_insert

4ebf745f

2016-03-09T11:16:16

mwindow: free unused windows if we fail to mmap The first time may be due to memory fragmentation or just bad luck on a 32-bit system. When we hit the mmap error for the first time, free up the unused windows and try again.

9ee498e8

2016-03-08T10:16:37

Only buffer if necessary.

eb09ead2

2016-03-04T01:18:30

odb: improved not found error messages When looking up an abbreviated oid, show the actual (abbreviated) oid the caller passed instead of a full (but ambiguously truncated) oid.

cdded630

2016-01-13T11:07:14

Remove duplicated calls to git_mwindow_close

e3862c9f

2016-01-11T17:09:32

Buffer sideband packet data The inner packet may be split across multiple sideband packets.

8ec3d88f

2015-12-24T10:04:44

Avoid subtraction overflow in git_indexer_commit

4a93a7fc

2015-12-28T11:37:39

Tabs

b8dc15f7

2015-12-28T11:35:19

Adding test cases that actually test the functionality of the new transport ssh, ssh+git and git+ssh should all successfully build an SSH transport

e44f6586

2015-12-28T07:43:24

Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers

429155d5

2015-12-28T07:40:15

Updating change to http_parser to reflect PR for nodejs/http-parser The parser now also supports digits, '-' and '.'. https://github.com/nodejs/http-parser/pull/276

fa8b1a88

2015-12-22T10:56:38

Adding spec coverage for ssh+git and git+ssh protocols

ff8e3f0e

2015-12-22T10:38:31

Handle git+ssh:// and ssh+git:// protocols support

2f2575c0

2015-12-22T10:38:16

Updating http parser to accept a `+` in the schema

785d8c48

2016-03-04T13:50:23

Merge pull request #3653 from libgit2/cmn/treebuilder-submodule treebuilder: don't try to verify submodules exist in the odb

ea5bf6bb

2016-03-04T12:34:38

treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.

16099833

2016-03-03T22:57:45

Merge pull request #3651 from libgit2/cmn/init-libssh2 ssh: initialize libssh2

22f3d3aa

2016-03-03T22:26:31

ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.

839bdb05

2016-03-03T21:20:33

Merge pull request #3639 from srajko/threading-openssl-libssh2 Expand OpenSSL and libssh2 thread safety documentation

e23efa6d

2016-03-03T21:03:10

tests: take the version from our define

1e8255a3

2016-03-03T20:20:43

Bump version to 0.24.0

c21c8f67

2016-03-03T20:18:55

CHANGELOG: prepre tamplate for release

a7ef27af

2016-03-03T20:17:13

CHANGELOG: add note about WinHTTP cred handling

66a530eb

2016-03-03T20:11:18

Merge pull request #3648 from libgit2/cmn/auth-retry test: make sure we retry the auth callback on all platforms

ba9bb664

2016-03-03T19:21:07

tests: create a ctest target for cred_callback

778fb695

2016-03-03T12:14:02

Merge pull request #3646 from pks-t/pks/xdiff-fix-from-upstream xdiff: fix memleak on error case

a4cba9d4

2016-03-03T10:48:24

winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.

25205737

2016-03-03T10:08:00

test: make sure we retry the auth callback on all platforms We were missing this test on Windows, which meant we didn't notice that we never fixed the single authentication attempt it tries, nor its wrong return code. Enable this for the unix platforms as well over HTTP. We previously were doing it locally but disabled it on OS X due to issues with its sshd not accepting password authentication.

9b3fc895

2016-03-03T11:17:36

tests: plug a leak

edaffe22

2016-03-01T17:16:27

Merge pull request #3633 from ethomson/safe_creation Stricter object dependency checking during creation

a4ea7faa

2016-03-01T08:54:00

xdiff: fix memleak on error case Commit 3d1abc5afce fixes a memory leak in the xdiff code. In the process of upstreaming the fix it was pointed out by Johannes Schindelin that there is another memory leak present (see [1]). Fix the second memory leak by applying the upstream fix to our code base. [1]: http://thread.gmane.org/gmane.comp.version-control.git/287034

dbee6835

2016-02-28T20:13:24

Merge pull request #3567 from sba1/few-p_getaddrinfo-fixes Few p_getaddrinfo fixes

f2dddf52

2016-02-28T15:51:38

turn on strict object validation by default

4afe536b

2016-02-28T16:02:49

tests: use legitimate object ids Use legitimate (existing) object IDs in tests so that we have the ability to turn on strict object validation when running tests.

98c34149

2016-02-28T15:11:15

refs: honor strict object creation

3ef01e77

2016-02-28T14:37:37

git_object__is_valid: use `odb_read_header` This allows lighter weight validation in `git_object__is_valid` that does not require reading the entire object.

6ddf533a

2016-02-23T18:29:16

git_index_add: validate objects in index entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the index entries given to `git_index_add`.

1a9d7c95

2016-02-28T19:43:45

Merge pull request #3644 from ethomson/debug_pool travis ci: enable debug pool for valgrind builds

2bbc7d3e

2016-02-23T15:00:27

treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.

ef63bab3

2016-02-23T13:34:35

git_commit: validate tree and parent ids When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to commit creation functions.

7565dc65

2016-02-23T13:33:10

git_object__is_valid: simple object validity test

22a19f5b

2016-02-22T23:46:50

git_libgit2_opts: introduce `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION`

da033560

2016-02-28T11:34:36

travis ci: enable debug pool for valgrind builds

6cc4bac8

2016-02-28T11:31:10

Merge pull request #3577 from rossdylan/rossdylan/pooldebug Add a new build flag to disable the pool allocator

09db7fd8

2016-02-25T15:19:51

Expand OpenSSL and libssh2 thread safety documentation

93e16642

2016-02-26T12:51:13

Fixed typo in one of the ifndef's in pool.h used to enable/disable debug mode

9f4e7c84

2016-02-25T18:42:09

Merge pull request #3638 from ethomson/nsec USE_NSECS fixes

0d9a7498

2016-02-25T12:09:49

Merge pull request #3628 from pks-t/pks/coverity-fixes Coverity fixes

fd129f28

2016-02-25T11:59:00

Merge pull request #3630 from libgit2/cmn/idx-extra-check Extra checks for packfile indices

3d6a42d1

2016-02-25T11:23:19

nsec: support NDK's crazy nanoseconds Android NDK does not have a `struct timespec` in its `struct stat` for nanosecond support, instead it has a single nanosecond member inside the struct stat itself. We will use that and use a macro to expand to the `st_mtim` / `st_mtimespec` definition on other systems (much like the existing `st_mtime` backcompat definition).

a4c55069

2016-02-25T11:31:18

nsec: update staging test for GIT_USE_NSECS The index::nsec::staging_maintains_other_nanos test was created to ensure that when we stage an entry when GIT_USE_NSECS is *unset* that we truncate the index entry and do not persist the (old, invalid) nanosec values. Ensure that when GIT_USE_NSECS is *set* that we do not do that, and actually write the correct nanosecond values.

6d97beb9

2016-02-25T15:46:59

pack: don't allow a negative offset

ea9e00cb

2016-02-23T18:15:43

pack: make sure we don't go out of bounds for extended entries A corrupt index might have data that tells us to go look past the end of the file for data. Catch these cases and return an appropriate error message.

9dfe1140

2016-02-25T09:08:23

Merge pull request #3637 from libgit2/cmn/conventions CONVENTIONS: update to include general public API principles

1f8cb02f

2016-02-25T14:51:00

CONVENTIONS: update to include general public API principles

68ad3156

2016-02-24T17:17:57

openssl: we already had the function, just needed the header

f3d1be7d

2016-02-24T16:38:22

openssl: export the locking function when building without OpenSSL This got lost duing the move and it lets the users call this function just in case.

43955927

2016-02-23T22:27:36

Merge pull request #3631 from ethomson/giterr_fixups Minor `giterr` fixups

cd59e0c0

2016-02-23T13:05:49

giterr_set_str: remove `GITERR_OS` documentation The `giterr_set_str` does not actually honor `GITERR_OS`. Remove the documentation that claims that we do.

04c3b35f

2016-02-23T13:02:07

map: use `giterr_set` internally Use the `giterr_set` function, which actually supports `GITERR_OS`. The `giterr_set_str` function is exposed for external users and will not append the operating system's error message.

32f07984

2016-02-23T11:07:03

diff_tform: fix potential NULL pointer access The `normalize_find_opts` function in theory allows for the incoming diff to have no repository. When the caller does not pass in diff find options or if the GIT_DIFF_FIND_BY_CONFIG value is set, though, we try to derive the configuration from the diff's repository configuration without first verifying that the repository is actually set to a non-NULL value. Fix this issue by explicitly checking if the repository is set and if it is not, fall back to a default value of GIT_DIFF_FIND_RENAMES.

3d1abc5a

2016-02-22T17:13:23

xmerge: fix memory leak on error path

05bf67b9

2016-02-23T11:16:36

openssl_stream: fix NULL pointer dereference

2baf854e

2016-02-22T16:08:56

openssl_stream: fix memory leak when creating new stream

2afb6fa4

2016-02-22T16:05:13

rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.

d0cb11e7

2016-02-22T16:01:03

remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.

0f1e2d20

2016-02-23T11:23:26

index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.

7808c937

2016-02-22T15:59:15

index: plug memory leak in `read_conflict_names`

003c5e46

2016-02-22T15:52:49

transports: smart_pkt: fix memory leaks on error paths

793e0855

2016-02-22T14:06:48

refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.

be8479c9

2016-02-22T14:01:50

diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.

bac52ab0

2016-02-22T13:48:45

pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.

d1c9a48d

2016-02-23T10:45:09

pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC

2129d6df

2016-02-22T13:33:48

crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.

b9f28b8d

2016-02-23T10:09:03

refspec: check buffer with GITERR_CHECK_ALLOC_BUF

c5bd70d1

2016-02-23T11:48:30

revwalk: use GITERR_CHECK_ALLOC_BUF

6e2a3755

2016-02-23T11:45:43

smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF

42c05ed5

2016-02-23T10:02:44

path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer

859ed5dd

2016-02-23T09:54:26

common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.

f2a554b4

2016-02-22T14:43:28

coverity: hint git_vector_foreach does not deref NULL contents Coverity does not comprehend the connection between a vector's size and the contents pointer, that is that the vector's pointer is non-NULL when its size is positive. As the vector code should be reasonably well tested and users are expected to not manually modify a vector's contents it seems save to assume that the macros will never dereference a NULL pointer. Fix Coverity warnings by overriding the foreach macros with macros that explicitly aborting when (v)->contents is NULL.

fb96b28c

2016-02-23T08:16:12

Merge pull request #3629 from ethomson/set_user_agent_doc git_libgit2_opts: minor documentation & usage fixes

7bab2e8f

2016-02-22T23:04:40

git_libgit2_opts: validate key

5bc93eae

2016-02-22T22:26:01

git_libgit2_opts: document GIT_OPT_SET_USER_AGENT

305c4f95

2016-02-22T10:16:49

Merge pull request #3627 from libgit2/cmn/typo Fix a few checkout -> rebase typos

88ab3be6

2016-02-22T15:41:01

Fix a few checkout -> rebase typos

c8fe6c09

2016-02-19T16:23:14

openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.

f1260e03

2016-02-19T09:13:40

Remove unnecessary ifdef in pool.h

f596946f

2016-02-19T13:52:04

CHANGELOG: add a few missing changes

deecaa2e

2016-02-19T13:31:54

openssl: free the context even if we don't connect

bf127eec

2016-02-19T13:24:41

global: remove an unused variable

78e16c34

2016-02-19T13:06:51

Merge pull request #3597 from ethomson/filter_registration Filter registration

b643501d

2016-02-19T10:21:37

Merge pull request #3614 from pks-t/pks/coverity-fixes Coverity fixes

8a62bf11

2016-02-15T11:28:33

netops: fix memory leak when an error occurs

thodg/libgit2

Log