kmx git

Commit	Date	Message
1bbdec69	2019-06-11T21:55:31	http_parser: handle URLs with colon but no port When the end of the host is reached, and we're at the colon separating the host with the port (ie, there is no numeric port) then do not error. This is allowed by RFC 3986.
938cbd03	2019-06-11T21:53:35	net: handle urls with a colon after host but no port Core git copes with URLs that have a colon after the port, but no actual numeric value. eg `http://example.com:/foo.git` or `http://example.com:`. That's horrible, but RFC 3986 says: > URI producers and normalizers should omit the port component and its > ":" delimiter if port is empty or if its value would be the same as > that of the scheme's default. Which indicates that they may and therefore we must accept it. Test that we can handle URLs with a colon but no following port number.
ff7652c1	2019-06-11T17:05:27	Merge pull request #5098 from pks-t/pks/clar-data-driven Data-driven tests
fd734f7d	2019-06-11T12:45:27	Merge pull request #5107 from pks-t/pks/sha1dc-update sha1dc: update to fix endianess issues on AIX/HP-UX
110b5895	2019-06-11T08:07:48	Merge pull request #5052 from libgit2/ethomson/netrefactor Add NTLM support for HTTP(s) servers and proxies
230a451e	2019-06-10T13:54:11	sha1dc: update to fix endianess issues on AIX/HP-UX Update our copy of sha1dc to the upstream commit 855827c (Detect endianess on HP-UX, 2019-05-09). Changes include fixes to endian detection on AIX and HP-UX systems as well as a define that allows us to force aligned access, which we're not using yet.
005b5bc2	2019-04-07T17:55:23	http: reconnect to proxy on connection close When we're issuing a CONNECT to a proxy, we expect to keep-alive to the proxy. However, during authentication negotiations, the proxy may close the connection. Reconnect if the server closes the connection.
10718526	2019-03-09T13:53:16	http: don't reset replay count after connection A "connection" to a server is transient, and we may reconnect to a server in the midst of authentication failures (if the remote indicates that we should, via `Connection: close`) or in a redirect.
c6ab183e	2019-03-11T11:43:08	net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.
3192e3c9	2019-03-07T16:57:11	http: provide an NTLM authentication provider
d171fbee	2019-04-07T17:40:23	http: allow server to drop a keepalive connection When we have a keep-alive connection to the server, that server may legally drop the connection for any reason once a successful request and response has occurred. It's common for servers to drop the connection after some amount of time or number of requests have occurred.
a7f65f03	2019-03-21T15:42:57	ntlm: add ntlmclient as a dependency Include https://github.com/ethomson/ntlmclient as a dependency.
79fc8281	2019-03-21T16:49:25	http: validate server's authentication types Ensure that the server supports the particular credential type that we're specifying. Previously we considered credential types as an input to an auth mechanism - since the HTTP transport only supported default credentials (via negotiate) and username/password credentials (via basic), this worked. However, if we are to add another mechanism that uses username/password credentials, we'll need to be careful to identify the types that are accepted.
9af1de5b	2019-03-24T20:49:57	http: stop on server EOF We stop the read loop when we have read all the data. We should also consider the server's feelings. If the server hangs up on us, we need to stop our read loop. Otherwise, we'll try to read from the server - and fail - ad infinitum.
5ad99210	2019-03-07T16:43:45	http: consume body on proxy auth failure We must always consume the full parser body if we're going to keep-alive. So in the authentication failure case, continue advancing the http message parser until it's complete, then we can retry the connection. Not doing so would mean that we have to tear the connection down and start over. Advancing through fully (even though we don't use the data) will ensure that we can retry a connection with keep-alive.
75b20458	2019-03-07T16:34:55	http: always consume body on auth failure When we get an authentication failure, we must consume the entire body of the response. If we only read half of the body (on the assumption that we can ignore the rest) then we will never complete the parsing of the message. This means that we will never set the complete flag, and our replay must actually tear down the connection and try again. This is particularly problematic for stateful authentication mechanisms (SPNEGO, NTLM) that require that we keep the connection alive. Note that the prior code is only a problem when the 401 that we are parsing is too large to be read in a single chunked read from the http parser. But now we will continue to invoke the http parser until we've got a complete message in the authentication failed scenario. Note that we need not do anything with the message, so when we get an authentication failed, we'll stop adding data to our buffer, we'll simply loop in the parser and let it advance its internal state.
4c2ca1ba	2019-03-23T12:10:57	ci: test NTLM proxy authentication on Unix
e87f912b	2019-03-21T15:29:52	http: don't realloc the request
10e8fe55	2019-03-21T13:55:54	transports: add an `is_complete` function for auth Some authentication mechanisms (like HTTP Basic and Digest) have a one-step mechanism to create credentials, but there are more complex mechanisms like NTLM and Negotiate that require challenge/response after negotiation, requiring several round-trips. Add an `is_complete` function to know when they have round-tripped enough to be a single authentication and should now either have succeeded or failed to authenticate.
539e6293	2019-03-22T19:06:46	http: teach auth mechanisms about connection affinity Instead of using `is_complete` to decide whether we have connection or request affinity for authentication mechanisms, set a boolean on the mechanism definition itself.
9050c69c	2019-03-09T17:24:16	http: examine keepalive status at message end We cannot examine the keep-alive status of the http parser in `http_connect`; it's too late and the critical information about whether keep-alive is supported has been destroyed. Per the documentation for `http_should_keep_alive`: > If http_should_keep_alive() in the on_headers_complete or > on_message_complete callback returns 0, then this should be > the last message on the connection. Query then and set the state.
956ba48b	2019-03-14T10:36:40	http: increase the replay count Increase the permissible replay count; with multiple-step authentication schemes (NTLM, Negotiate), proxy authentication and redirects, we need to be mindful of the number of steps it takes to get connected. 7 seems high but can be exhausted quickly with just a single authentication failure over a redirected multi-state authentication pipeline.
3e0b4b43	2019-03-22T18:52:03	http: maintain authentication across connections For request-based authentication mechanisms (Basic, Digest) we should keep the authentication context alive across socket connections, since the authentication headers must be transmitted with every request. However, we should continue to remove authentication contexts for mechanisms with connection affinity (NTLM, Negotiate) since we need to reauthenticate for every socket connection.
7912db49	2019-03-14T10:35:03	ci: enable all proxy tests
ad5419b5	2019-03-14T10:32:09	ci: enable SKIP_OFFLINE_TESTS for windows
7ea8630e	2019-04-07T20:11:59	http: free auth context on failure When we send HTTP credentials but the server rejects them, tear down the authentication context so that we can start fresh. To maintain this state, additionally move all of the authentication handling into `on_auth_required`.
ce72ae95	2019-03-22T10:53:30	http: simplify authentication mechanisms Hold an individual authentication context instead of trying to maintain all the contexts; we can select the preferred context during the initial negotiation. Subsequent authentication steps will re-use the chosen authentication (until such time as it's rejected) instead of trying to manage multiple contexts when all but one will never be used (since we can only authenticate with a single mechanism at a time.) Also, when we're given a 401 or 407 in the middle of challenge/response handling, short-circuit immediately without incrementing the retry count. The multi-step authentication is expected, and not a "retry" and should not be penalized as such. This means that we don't need to keep the contexts around and ensures that we do not unnecessarily fail for too many retries when we have challenge/response auth on a proxy and a server and potentially redirects in play as well.
1ef77e37	2019-03-11T23:33:20	ci: test NTLM proxy authentication on Windows Update our CI tests to start a proxy that requires NTLM authentication; ensure that our WIndows HTTP client can speak NTLM.
ee3d35cf	2019-04-07T19:15:21	http: support https for proxies
6d931ba7	2019-03-22T16:35:59	http: don't set the header in the auth token
3d11b6c5	2019-03-11T20:36:09	winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
757411a0	2019-03-11T12:56:09	network: don't add arbitrary url rules There's no reason a git repository couldn't be at the root of a server, and URLs should have an implicit path of '/' when one is not specified.
f4584a1e	2019-06-10T12:08:57	Merge pull request #5102 from libgit2/ethomson/callback_names Callback type names should be suffixed with `_cb`
dd47a3ef	2019-06-10T11:49:17	Merge pull request #5099 from pks-t/pks/tests-fix-symlink-outside-sandbox tests: checkout: fix symlink.git being created outside of sandbox
178df697	2019-06-08T17:16:19	trace: suffix the callbacks with `_cb` The trace logging callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.
810cefd9	2019-06-08T17:14:00	credentials: suffix the callbacks with `_cb` The credential callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.
cb28df20	2019-06-07T14:29:47	tests: checkout: fix symlink.git being created outside of sandbox The function `populate_symlink_workdir` creates a new "symlink.git" repository with a relative path "../symlink.git". As the current working directory is the sandbox, the new repository will be created just outside of the sandbox. Fix this by using `clar_sandbox_path`.
1f47efc4	2019-06-07T14:20:54	tests: object: consolidate cache tests The object::cache test module has two tests that do nearly the same thing: given a cache limit, load a certain set of objects and verify if those objects have been cached or not. Convert those tests to the new data-driven initializers to demonstrate how these are to be used. Furthermore, add some additional test data. This conversion is mainly done to show this new facility.
394951ad	2019-06-07T14:11:29	tests: allow for simple data-driven tests Right now, we're not able to use data-driven tests at all. E.g. given a set of tests which we'd like to repeat with different test data, one has to hand-write any outer loop that iterates over the test data and then call each of the test functions. Next to being bothersome, this also has the downside that error reporting is quite lacking, as one never knows which test data actually produced failures. So let's implement the ability to re-run complete test modules with changing test data. To retain backwards compatibility and enable trivial addition of new runs with changed test data, we simply extend clar's generate.py. Instead of scanning for a single `_initialize` function, each test module may now implement multiple `_initialize_foo` functions. The generated test harness will then run all test functions for each of the provided initializer functions, making it possible to provide different test data inside of each of the initializer functions. Example: ``` void test_git_example__initialize_with_nonbare_repo(void) { g_repo = cl_git_sandbox_init("testrepo"); } void test_git_example__initialize_with_bare_repo(void) { g_repo = cl_git_sandbox_init("testrepo.git"); } void test_git_example__cleanup(void) { cl_git_sandbox_cleanup(); } void test_git_example__test1(void) { test1(); } void test_git_example__test2(void) { test2(); } ``` Executing this test module will cause the following output: ``` $ ./libgit2_clar -sgit::example git::example (with nonbare repo).. git::example (with bare repo).. ```
e50d138e	2019-06-06T09:48:30	Merge pull request #5095 from pks-t/pks/ignore-escaped-trailing-space ignore: handle escaped trailing whitespace
4de6eb5b	2019-06-06T09:47:43	Merge pull request #5074 from libgit2/ethomson/ignore_leading_slash Ignore: only treat one leading slash as a root identifier
d81e7866	2019-06-06T14:11:44	ignore: handle escaped trailing whitespace The gitignore's pattern format specifies that "Trailing spaces are ignored unless they are quoted with backslash ("\")". We do not honor this currently and will treat a pattern "foo\ " as if it was "foo\" only and a pattern "foo\ \ " as "foo\ \". Fix our code to handle those special cases and add tests to avoid regressions.
b6967c39	2019-06-06T14:02:17	attr_file: refactor stripping of trailing spaces The stripping of trailing spaces currently happens as part of `git_attr_fnmatch__parse`. As we aren't currently parsing trailing whitespaces correct in case they're escaped, we'll have to change that code, though. To make actual behavioural change easier to review, refactor the code up-front by pulling it out into its own function that is expected to retain the exact same functionality as before. Like this, the fix will be trivial to apply.
b1795e0d	2019-06-05T15:02:33	Merge pull request #5094 from libgit2/ethomson/auth_failure online tests: use gitlab for auth failures
e66a4eb3	2019-06-05T14:19:14	online tests: use gitlab for auth failures GitHub recently changed their behavior from returning 401s for private or nonexistent repositories on a clone to returning 404s. For our tests that require an auth failure (and 401), move to GitLab to request a missing repository. This lets us continue to test our auth failure case, at least until they decide to mimic that decision.
e2d4f09d	2019-06-05T13:04:25	Merge pull request #5076 from libgit2/ethomson/ignore_spaces Ignore files: don't ignore whitespace
4bcebe2c	2019-05-19T16:34:44	attr: ensure regular attr files can have whitespace Unlike ignore files, gitattribute files can have flexible whitespace at the beginning of the line. Ensure that by adding new ignore rules that we have not impeded correct parsing of attribute files.
63adcc4e	2019-05-19T16:27:59	attr: optionally treat leading whitespace as significant When `allow_space` is unset, ensure that leading whitespace is not skipped.
7d330541	2019-05-19T16:33:28	ignore: test that comments begin at position 0 Comments must have a '#' at the beginning of the line. For compatibility with git, '#' after a whitespace is a literal part of the filename.
19164901	2019-05-19T16:27:02	ignore: test that leading whitespace is significant Ensure that leading whitespace is treated as being part of the filename, eg ` foo` in an ignore file indicates that a file literally named ` foo` is ignored.
ac070afe	2019-05-24T15:54:00	Merge pull request #5088 from pks-t/pks/cache-eviction-segfault cache: fix cache eviction using deallocated key
bcb4d1d0	2019-05-24T15:39:25	Merge pull request #5085 from pks-t/pks/security.md SECURITY.md: split out security-relevant bits from readme
add17435	2019-05-24T15:24:26	cache: fix cache eviction using deallocated key When evicting cache entries, we first retrieve the object that is to be evicted, delete the object and then finally delete the key from the cache. In case where the cache eviction caused us to free the cached object, though, its key will point to invalid memory now when trying to remove it from the cache map. On my system, this causes us to not properly remove the key from the map, as its memory has been overwritten already and thus the key lookup it will fail and we cannot delete it. Fix this by only decrementing the refcount of the evictee after we have removed it from our cache map. Add a test that caused a segfault previous to that change.
2b8a05cc	2019-05-24T13:33:22	Merge pull request #5086 from jacquesg/netbsd Restore NetBSD support
d668820d	2019-05-24T10:48:47	NetBSD < 7 doesn't have posix_fallocate See: https://www.netbsd.org/changes/changes-7.0.html
62bbec5a	2019-05-24T11:09:51	SECURITY.md: split out security-relevant bits from readme GitHub has recently introduced a new set of tools that aims to ease the process around vulnerability reports and security fixes. Part of those tools is a new security tab for projects that will display contents from a new SECURITY.md file. Move relevant parts from README.md to this new file to make use of this feature.
7a0238b1	2019-05-24T11:06:38	Merge pull request #5084 from eaigner/garbage-value repository: fix garbage return value
9cc904da	2019-05-23T10:49:44	repository: fix garbage return value error was never initialized and a garbage value returned on success.
2f7b6ad5	2019-05-23T00:41:16	Merge pull request #5083 from libgit2/ethomson/pcre_warnings cmake: disable fallthrough warnings for PCRE
1f9b7222	2019-05-22T12:47:04	cmake: disable fallthrough warnings for PCRE Our PCRE dependency has uncommented fallthroughs in switch statements. Turn off warnings for those in the PCRE code.
ca046360	2019-05-22T12:18:30	Merge pull request #5073 from libgit2/ethomson/config_section_validity Configuration parsing: validate section headers with quotes
355b02a1	2019-05-22T11:48:28	config: rename subsection header parser func The `parse_section_header_ext` name suggests that it as an extended function for parsing the section header. It is not. Rename it to `parse_subsection_header` to better reflect its true mission.
b83bd037	2019-05-16T08:57:10	config: don't write invalid column When we don't specify a particular column, don't write it in the error message. (column "0" is unhelpful.)
42dd38dd	2019-05-16T08:55:40	config: lowercase error messages Update the configuration parsing error messages to be lower-cased for consistency with the rest of the library.
23c5699e	2019-05-16T09:37:25	config: validate quoted section value When we reach a whitespace after a section name, we assume that what will follow will be a quoted subsection name. Pass the current position of the line being parsed to the subsection parser, so that it can validate that subsequent characters are additional whitespace or a single quote. Previously we would begin parsing after the section name, looking for the first quotation mark. This allows invalid characters to embed themselves between the end of the section name and the first quotation mark, eg `[section foo "subsection"]`, which is illegal.
d97afb93	2019-05-22T11:45:45	Merge pull request #5060 from pks-t/pks/refspec-nested-globs Loosen restriction on wildcard "*" refspecs
3d9e82fd	2019-05-21T14:59:55	Merge pull request #4935 from libgit2/ethomson/pcre Use PCRE for our fallback regex engine when regcomp_l is unavailable
954f5357	2019-05-21T14:33:37	Merge pull request #5062 from tiennou/fix/ssh-url-substitution Remote URL last-chance resolution
afb04a95	2019-05-21T14:03:04	ci: use a mix of regex backends Explicitly enable the `builtin` regex backend and the PCRE backend for some Linux builds.
59647e1a	2019-04-08T15:54:25	remote: add callback to resolve URLs before connecting Since libssh2 doesn't read host configuration from the config file, this callback can be used to hand over URL resolving to the client without touching the SSH implementation itself.
ac2b235e	2019-05-21T12:22:40	regex: use REGEX_BACKEND as the cmake option name This avoids any misunderstanding with the REGEX keyword in cmake.
4aa36ff2	2019-05-21T12:18:47	Merge pull request #5075 from libgit2/ethomson/ignore_skip_bom Skip UTF8 BOM in ignore files
6b9cc029	2019-05-21T12:05:50	Merge pull request #5080 from dbrnz/issue-5079 We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library
ada1cd01	2019-05-21T21:35:57	Use tabs for indentation (#5079).
b575c242	2019-05-21T20:20:04	Fix indentation (#5079).
2c2e924b	2019-05-21T20:17:48	We still need to update pkgconfig variables when zlib is unbundled (#5079).
06dbf734	2019-05-21T15:44:32	We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library (libgit2/#5079).
040db8ad	2019-05-20T14:11:32	Merge pull request #5077 from jacquesg/symbolic_link_flag_directory Define SYMBOLIC_LINK_FLAG_DIRECTORY if required
0fd259ed	2019-05-20T12:44:37	define SYMBOLIC_LINK_FLAG_DIRECTORY if not defined
133bceba	2019-05-19T13:57:13	ignore: skip UTF8 BOM in ignore file
73a157e0	2019-05-19T13:29:45	ignore: test we can handle an ignore file with BOM Ensure that we can read and parse an ignore file with a UTF8 BOM.
e269b343	2019-05-19T13:12:47	ignore: only skip first leading slash For compatibility with git, only skip the first leading slash in an ignore file. That is: `/a.txt` indicates to ignore a file named `a.txt` at the root. However `//b.txt` does not indicate that a file named `b.txt` at the root should be ignored.
e6e6b60f	2019-05-19T12:32:06	ignore: test multiple leading slashes
ce6d624a	2019-05-19T10:30:04	regex: optionally use PCRE2 Use PCRE2 and its POSIX compatibility layer if requested by the user. Although PCRE2 is adequate for our needs, the PCRE2 POSIX layer as installed on Debian and Ubuntu systems is broken, so we do not opt-in to it by default to avoid breaking users on those platforms.
69ecdad5	2019-05-19T10:09:55	regex: use system PCRE if available Attempt to locate a system-installed version of PCRE and use its POSIX compatibility layer, if possible.
622166c4	2019-05-18T19:37:59	regex: disambiguate builtin vs system pcre
c6e48fef	2019-02-17T21:51:34	regex: allow regex selection in cmake Users can now select which regex implementation they want to use: one of the system `regcomp_l`, the system PCRE, the builtin PCRE or the system's `regcomp`. By default the system `regcomp_l` will be used if it exists, otherwise the system PCRE will be used. If neither of those exist, then the builtin PCRE implementation will be used. The system's `regcomp` is not used by default due to problems with locales.
09902985	2019-01-13T21:12:10	core::posix: skip some locale tests on win32
fe1fb36e	2019-01-13T21:10:50	win32: move type definitions for improved inclusion Move some win32 type definitions to a standalone file so that they can be included before other header files try to use the definitions.
e4b2ef87	2019-01-13T10:09:13	regex: don't warn on unused functions PCRE includes compatibility functions that may go unused. Don't warn.
8877d7d3	2019-01-13T02:08:43	tests: regcomp: use proper character classes The '[[:digit:]]' and '[[:alpha:]]' classes require double brackets, not single.
ca1b07a2	2019-01-13T02:05:58	tests: regcomp: test that regex functions succeed The regex functions return nonzero (not necessarily negative values) on failure.
aea9a712	2018-03-02T15:12:14	tests: regcomp: assert character groups do match normal alphabet In order to avoid us being unable to match characters which are part of the normal US alphabet in certain weird languages, add two tests to catch this behavior.
e207b2a2	2018-03-02T15:09:20	tests: regex: restructure setup of locales In order to make it easier adding more locale-related tests, add a generalized framework handling initial setup of languages as well as the cleanup of them afterwards.
b055a6b5	2019-01-13T01:24:39	tests: regex: add test with LC_COLLATE being set While we already have a test for `p_regexec` with `LC_CTYPE` being modified, `regexec` also alters behavior as soon as `LC_COLLATE` is being modified. Most importantly, `LC_COLLATE` changes the way how ranges are interpreted to just not handling them at all. Thus, ensure that either we use `regcomp_l` to avoid this, or that we've fallen back to our builtin regex functionality which also behaves properly.
ad4ede91	2018-03-02T13:51:57	tests: fix p_regcomp test not checking return type While the test asserts that the error value indcates a non-value, it is actually never getting assigned to. Fix this.
31f8f82a	2018-03-02T12:18:59	diff_driver: detect memory allocation errors when loading diff driver When searching for a configuration key for the diff driver, we construct the config key by modifying a buffer and then passing it to `git_config_get_multivar_foreach`. We do not check though whether the modification of the buffer actually succeded, so we could in theory end up passing the OOM buffer to the config function. Fix that by checking return codes. While at it, switch to use `git_buf_PUTS` to avoid repetition of the appended string to calculate its length.
9ceafb57	2019-01-12T22:55:31	regexec: use pcre as our fallback/builtin regex Use PCRE 8.42 as the builtin regex implementation, using its POSIX compatibility layer. PCRE uses ASCII by default and the users locale will not influence its behavior, so its `regcomp` implementation is similar to `regcomp_l` with a C locale.
d3a440ca	2019-01-13T10:50:13	fuzzers: use system includes Use the system includes (defined by libgit2) as the fuzzer includes. The fuzzers link against internal libgit2 API and therefore need to have the full include path that libgit2 uses.
02683b20	2019-01-12T23:06:39	regexec: prefix all regexec function calls with p_ Prefix all the calls to the the regexec family of functions with `p_`. This allows us to swap out all the regular expression functions with our own implementation. Move the declarations to `posix_regex.h` for simpler inclusion.

1bbdec69

2019-06-11T21:55:31

http_parser: handle URLs with colon but no port When the end of the host is reached, and we're at the colon separating the host with the port (ie, there is no numeric port) then do not error. This is allowed by RFC 3986.

938cbd03

2019-06-11T21:53:35

net: handle urls with a colon after host but no port Core git copes with URLs that have a colon after the port, but no actual numeric value. eg `http://example.com:/foo.git` or `http://example.com:`. That's horrible, but RFC 3986 says: > URI producers and normalizers should omit the port component and its > ":" delimiter if port is empty or if its value would be the same as > that of the scheme's default. Which indicates that they may and therefore we must accept it. Test that we can handle URLs with a colon but no following port number.

ff7652c1

2019-06-11T17:05:27

Merge pull request #5098 from pks-t/pks/clar-data-driven Data-driven tests

fd734f7d

2019-06-11T12:45:27

Merge pull request #5107 from pks-t/pks/sha1dc-update sha1dc: update to fix endianess issues on AIX/HP-UX

110b5895

2019-06-11T08:07:48

Merge pull request #5052 from libgit2/ethomson/netrefactor Add NTLM support for HTTP(s) servers and proxies

230a451e

2019-06-10T13:54:11

sha1dc: update to fix endianess issues on AIX/HP-UX Update our copy of sha1dc to the upstream commit 855827c (Detect endianess on HP-UX, 2019-05-09). Changes include fixes to endian detection on AIX and HP-UX systems as well as a define that allows us to force aligned access, which we're not using yet.

005b5bc2

2019-04-07T17:55:23

http: reconnect to proxy on connection close When we're issuing a CONNECT to a proxy, we expect to keep-alive to the proxy. However, during authentication negotiations, the proxy may close the connection. Reconnect if the server closes the connection.

10718526

2019-03-09T13:53:16

http: don't reset replay count after connection A "connection" to a server is transient, and we may reconnect to a server in the midst of authentication failures (if the remote indicates that we should, via `Connection: close`) or in a redirect.

c6ab183e

2019-03-11T11:43:08

net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.

3192e3c9

2019-03-07T16:57:11

http: provide an NTLM authentication provider

d171fbee

2019-04-07T17:40:23

http: allow server to drop a keepalive connection When we have a keep-alive connection to the server, that server may legally drop the connection for any reason once a successful request and response has occurred. It's common for servers to drop the connection after some amount of time or number of requests have occurred.

a7f65f03

2019-03-21T15:42:57

ntlm: add ntlmclient as a dependency Include https://github.com/ethomson/ntlmclient as a dependency.

79fc8281

2019-03-21T16:49:25

http: validate server's authentication types Ensure that the server supports the particular credential type that we're specifying. Previously we considered credential types as an input to an auth mechanism - since the HTTP transport only supported default credentials (via negotiate) and username/password credentials (via basic), this worked. However, if we are to add another mechanism that uses username/password credentials, we'll need to be careful to identify the types that are accepted.

9af1de5b

2019-03-24T20:49:57

http: stop on server EOF We stop the read loop when we have read all the data. We should also consider the server's feelings. If the server hangs up on us, we need to stop our read loop. Otherwise, we'll try to read from the server - and fail - ad infinitum.

5ad99210

2019-03-07T16:43:45

http: consume body on proxy auth failure We must always consume the full parser body if we're going to keep-alive. So in the authentication failure case, continue advancing the http message parser until it's complete, then we can retry the connection. Not doing so would mean that we have to tear the connection down and start over. Advancing through fully (even though we don't use the data) will ensure that we can retry a connection with keep-alive.

75b20458

2019-03-07T16:34:55

http: always consume body on auth failure When we get an authentication failure, we must consume the entire body of the response. If we only read half of the body (on the assumption that we can ignore the rest) then we will never complete the parsing of the message. This means that we will never set the complete flag, and our replay must actually tear down the connection and try again. This is particularly problematic for stateful authentication mechanisms (SPNEGO, NTLM) that require that we keep the connection alive. Note that the prior code is only a problem when the 401 that we are parsing is too large to be read in a single chunked read from the http parser. But now we will continue to invoke the http parser until we've got a complete message in the authentication failed scenario. Note that we need not do anything with the message, so when we get an authentication failed, we'll stop adding data to our buffer, we'll simply loop in the parser and let it advance its internal state.

4c2ca1ba

2019-03-23T12:10:57

ci: test NTLM proxy authentication on Unix

e87f912b

2019-03-21T15:29:52

http: don't realloc the request

10e8fe55

2019-03-21T13:55:54

transports: add an `is_complete` function for auth Some authentication mechanisms (like HTTP Basic and Digest) have a one-step mechanism to create credentials, but there are more complex mechanisms like NTLM and Negotiate that require challenge/response after negotiation, requiring several round-trips. Add an `is_complete` function to know when they have round-tripped enough to be a single authentication and should now either have succeeded or failed to authenticate.

539e6293

2019-03-22T19:06:46

http: teach auth mechanisms about connection affinity Instead of using `is_complete` to decide whether we have connection or request affinity for authentication mechanisms, set a boolean on the mechanism definition itself.

9050c69c

2019-03-09T17:24:16

http: examine keepalive status at message end We cannot examine the keep-alive status of the http parser in `http_connect`; it's too late and the critical information about whether keep-alive is supported has been destroyed. Per the documentation for `http_should_keep_alive`: > If http_should_keep_alive() in the on_headers_complete or > on_message_complete callback returns 0, then this should be > the last message on the connection. Query then and set the state.

956ba48b

2019-03-14T10:36:40

http: increase the replay count Increase the permissible replay count; with multiple-step authentication schemes (NTLM, Negotiate), proxy authentication and redirects, we need to be mindful of the number of steps it takes to get connected. 7 seems high but can be exhausted quickly with just a single authentication failure over a redirected multi-state authentication pipeline.

3e0b4b43

2019-03-22T18:52:03

http: maintain authentication across connections For request-based authentication mechanisms (Basic, Digest) we should keep the authentication context alive across socket connections, since the authentication headers must be transmitted with every request. However, we should continue to remove authentication contexts for mechanisms with connection affinity (NTLM, Negotiate) since we need to reauthenticate for every socket connection.

7912db49

2019-03-14T10:35:03

ci: enable all proxy tests

ad5419b5

2019-03-14T10:32:09

ci: enable SKIP_OFFLINE_TESTS for windows

7ea8630e

2019-04-07T20:11:59

http: free auth context on failure When we send HTTP credentials but the server rejects them, tear down the authentication context so that we can start fresh. To maintain this state, additionally move all of the authentication handling into `on_auth_required`.

ce72ae95

2019-03-22T10:53:30

http: simplify authentication mechanisms Hold an individual authentication context instead of trying to maintain all the contexts; we can select the preferred context during the initial negotiation. Subsequent authentication steps will re-use the chosen authentication (until such time as it's rejected) instead of trying to manage multiple contexts when all but one will never be used (since we can only authenticate with a single mechanism at a time.) Also, when we're given a 401 or 407 in the middle of challenge/response handling, short-circuit immediately without incrementing the retry count. The multi-step authentication is expected, and not a "retry" and should not be penalized as such. This means that we don't need to keep the contexts around and ensures that we do not unnecessarily fail for too many retries when we have challenge/response auth on a proxy and a server and potentially redirects in play as well.

1ef77e37

2019-03-11T23:33:20

ci: test NTLM proxy authentication on Windows Update our CI tests to start a proxy that requires NTLM authentication; ensure that our WIndows HTTP client can speak NTLM.

ee3d35cf

2019-04-07T19:15:21

http: support https for proxies

6d931ba7

2019-03-22T16:35:59

http: don't set the header in the auth token

3d11b6c5

2019-03-11T20:36:09

winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.

757411a0

2019-03-11T12:56:09

network: don't add arbitrary url rules There's no reason a git repository couldn't be at the root of a server, and URLs should have an implicit path of '/' when one is not specified.

f4584a1e

2019-06-10T12:08:57

Merge pull request #5102 from libgit2/ethomson/callback_names Callback type names should be suffixed with `_cb`

dd47a3ef

2019-06-10T11:49:17

Merge pull request #5099 from pks-t/pks/tests-fix-symlink-outside-sandbox tests: checkout: fix symlink.git being created outside of sandbox

178df697

2019-06-08T17:16:19

trace: suffix the callbacks with `_cb` The trace logging callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.

810cefd9

2019-06-08T17:14:00

credentials: suffix the callbacks with `_cb` The credential callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.

cb28df20

2019-06-07T14:29:47

tests: checkout: fix symlink.git being created outside of sandbox The function `populate_symlink_workdir` creates a new "symlink.git" repository with a relative path "../symlink.git". As the current working directory is the sandbox, the new repository will be created just outside of the sandbox. Fix this by using `clar_sandbox_path`.

1f47efc4

2019-06-07T14:20:54

tests: object: consolidate cache tests The object::cache test module has two tests that do nearly the same thing: given a cache limit, load a certain set of objects and verify if those objects have been cached or not. Convert those tests to the new data-driven initializers to demonstrate how these are to be used. Furthermore, add some additional test data. This conversion is mainly done to show this new facility.

394951ad

2019-06-07T14:11:29

tests: allow for simple data-driven tests Right now, we're not able to use data-driven tests at all. E.g. given a set of tests which we'd like to repeat with different test data, one has to hand-write any outer loop that iterates over the test data and then call each of the test functions. Next to being bothersome, this also has the downside that error reporting is quite lacking, as one never knows which test data actually produced failures. So let's implement the ability to re-run complete test modules with changing test data. To retain backwards compatibility and enable trivial addition of new runs with changed test data, we simply extend clar's generate.py. Instead of scanning for a single `_initialize` function, each test module may now implement multiple `_initialize_foo` functions. The generated test harness will then run all test functions for each of the provided initializer functions, making it possible to provide different test data inside of each of the initializer functions. Example: ``` void test_git_example__initialize_with_nonbare_repo(void) { g_repo = cl_git_sandbox_init("testrepo"); } void test_git_example__initialize_with_bare_repo(void) { g_repo = cl_git_sandbox_init("testrepo.git"); } void test_git_example__cleanup(void) { cl_git_sandbox_cleanup(); } void test_git_example__test1(void) { test1(); } void test_git_example__test2(void) { test2(); } ``` Executing this test module will cause the following output: ``` $ ./libgit2_clar -sgit::example git::example (with nonbare repo).. git::example (with bare repo).. ```

e50d138e

2019-06-06T09:48:30

Merge pull request #5095 from pks-t/pks/ignore-escaped-trailing-space ignore: handle escaped trailing whitespace

4de6eb5b

2019-06-06T09:47:43

Merge pull request #5074 from libgit2/ethomson/ignore_leading_slash Ignore: only treat one leading slash as a root identifier

d81e7866

2019-06-06T14:11:44

ignore: handle escaped trailing whitespace The gitignore's pattern format specifies that "Trailing spaces are ignored unless they are quoted with backslash ("\")". We do not honor this currently and will treat a pattern "foo\ " as if it was "foo\" only and a pattern "foo\ \ " as "foo\ \". Fix our code to handle those special cases and add tests to avoid regressions.

b6967c39

2019-06-06T14:02:17

attr_file: refactor stripping of trailing spaces The stripping of trailing spaces currently happens as part of `git_attr_fnmatch__parse`. As we aren't currently parsing trailing whitespaces correct in case they're escaped, we'll have to change that code, though. To make actual behavioural change easier to review, refactor the code up-front by pulling it out into its own function that is expected to retain the exact same functionality as before. Like this, the fix will be trivial to apply.

b1795e0d

2019-06-05T15:02:33

Merge pull request #5094 from libgit2/ethomson/auth_failure online tests: use gitlab for auth failures

e66a4eb3

2019-06-05T14:19:14

online tests: use gitlab for auth failures GitHub recently changed their behavior from returning 401s for private or nonexistent repositories on a clone to returning 404s. For our tests that require an auth failure (and 401), move to GitLab to request a missing repository. This lets us continue to test our auth failure case, at least until they decide to mimic that decision.

e2d4f09d

2019-06-05T13:04:25

Merge pull request #5076 from libgit2/ethomson/ignore_spaces Ignore files: don't ignore whitespace

4bcebe2c

2019-05-19T16:34:44

attr: ensure regular attr files can have whitespace Unlike ignore files, gitattribute files can have flexible whitespace at the beginning of the line. Ensure that by adding new ignore rules that we have not impeded correct parsing of attribute files.

63adcc4e

2019-05-19T16:27:59

attr: optionally treat leading whitespace as significant When `allow_space` is unset, ensure that leading whitespace is not skipped.

7d330541

2019-05-19T16:33:28

ignore: test that comments begin at position 0 Comments must have a '#' at the beginning of the line. For compatibility with git, '#' after a whitespace is a literal part of the filename.

19164901

2019-05-19T16:27:02

ignore: test that leading whitespace is significant Ensure that leading whitespace is treated as being part of the filename, eg ` foo` in an ignore file indicates that a file literally named ` foo` is ignored.

ac070afe

2019-05-24T15:54:00

Merge pull request #5088 from pks-t/pks/cache-eviction-segfault cache: fix cache eviction using deallocated key

bcb4d1d0

2019-05-24T15:39:25

Merge pull request #5085 from pks-t/pks/security.md SECURITY.md: split out security-relevant bits from readme

add17435

2019-05-24T15:24:26

cache: fix cache eviction using deallocated key When evicting cache entries, we first retrieve the object that is to be evicted, delete the object and then finally delete the key from the cache. In case where the cache eviction caused us to free the cached object, though, its key will point to invalid memory now when trying to remove it from the cache map. On my system, this causes us to not properly remove the key from the map, as its memory has been overwritten already and thus the key lookup it will fail and we cannot delete it. Fix this by only decrementing the refcount of the evictee after we have removed it from our cache map. Add a test that caused a segfault previous to that change.

2b8a05cc

2019-05-24T13:33:22

Merge pull request #5086 from jacquesg/netbsd Restore NetBSD support

d668820d

2019-05-24T10:48:47

NetBSD < 7 doesn't have posix_fallocate See: https://www.netbsd.org/changes/changes-7.0.html

62bbec5a

2019-05-24T11:09:51

SECURITY.md: split out security-relevant bits from readme GitHub has recently introduced a new set of tools that aims to ease the process around vulnerability reports and security fixes. Part of those tools is a new security tab for projects that will display contents from a new SECURITY.md file. Move relevant parts from README.md to this new file to make use of this feature.

7a0238b1

2019-05-24T11:06:38

Merge pull request #5084 from eaigner/garbage-value repository: fix garbage return value

9cc904da

2019-05-23T10:49:44

repository: fix garbage return value error was never initialized and a garbage value returned on success.

2f7b6ad5

2019-05-23T00:41:16

Merge pull request #5083 from libgit2/ethomson/pcre_warnings cmake: disable fallthrough warnings for PCRE

1f9b7222

2019-05-22T12:47:04

cmake: disable fallthrough warnings for PCRE Our PCRE dependency has uncommented fallthroughs in switch statements. Turn off warnings for those in the PCRE code.

ca046360

2019-05-22T12:18:30

Merge pull request #5073 from libgit2/ethomson/config_section_validity Configuration parsing: validate section headers with quotes

355b02a1

2019-05-22T11:48:28

config: rename subsection header parser func The `parse_section_header_ext` name suggests that it as an extended function for parsing the section header. It is not. Rename it to `parse_subsection_header` to better reflect its true mission.

b83bd037

2019-05-16T08:57:10

config: don't write invalid column When we don't specify a particular column, don't write it in the error message. (column "0" is unhelpful.)

42dd38dd

2019-05-16T08:55:40

config: lowercase error messages Update the configuration parsing error messages to be lower-cased for consistency with the rest of the library.

23c5699e

2019-05-16T09:37:25

config: validate quoted section value When we reach a whitespace after a section name, we assume that what will follow will be a quoted subsection name. Pass the current position of the line being parsed to the subsection parser, so that it can validate that subsequent characters are additional whitespace or a single quote. Previously we would begin parsing after the section name, looking for the first quotation mark. This allows invalid characters to embed themselves between the end of the section name and the first quotation mark, eg `[section foo "subsection"]`, which is illegal.

d97afb93

2019-05-22T11:45:45

Merge pull request #5060 from pks-t/pks/refspec-nested-globs Loosen restriction on wildcard "*" refspecs

3d9e82fd

2019-05-21T14:59:55

Merge pull request #4935 from libgit2/ethomson/pcre Use PCRE for our fallback regex engine when regcomp_l is unavailable

954f5357

2019-05-21T14:33:37

Merge pull request #5062 from tiennou/fix/ssh-url-substitution Remote URL last-chance resolution

afb04a95

2019-05-21T14:03:04

ci: use a mix of regex backends Explicitly enable the `builtin` regex backend and the PCRE backend for some Linux builds.

59647e1a

2019-04-08T15:54:25

remote: add callback to resolve URLs before connecting Since libssh2 doesn't read host configuration from the config file, this callback can be used to hand over URL resolving to the client without touching the SSH implementation itself.

ac2b235e

2019-05-21T12:22:40

regex: use REGEX_BACKEND as the cmake option name This avoids any misunderstanding with the REGEX keyword in cmake.

4aa36ff2

2019-05-21T12:18:47

Merge pull request #5075 from libgit2/ethomson/ignore_skip_bom Skip UTF8 BOM in ignore files

6b9cc029

2019-05-21T12:05:50

Merge pull request #5080 from dbrnz/issue-5079 We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library

ada1cd01

2019-05-21T21:35:57

Use tabs for indentation (#5079).

b575c242

2019-05-21T20:20:04

Fix indentation (#5079).

2c2e924b

2019-05-21T20:17:48

We still need to update pkgconfig variables when zlib is unbundled (#5079).

06dbf734

2019-05-21T15:44:32

We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library (libgit2/#5079).

040db8ad

2019-05-20T14:11:32

Merge pull request #5077 from jacquesg/symbolic_link_flag_directory Define SYMBOLIC_LINK_FLAG_DIRECTORY if required

0fd259ed

2019-05-20T12:44:37

define SYMBOLIC_LINK_FLAG_DIRECTORY if not defined

133bceba

2019-05-19T13:57:13

ignore: skip UTF8 BOM in ignore file

73a157e0

2019-05-19T13:29:45

ignore: test we can handle an ignore file with BOM Ensure that we can read and parse an ignore file with a UTF8 BOM.

e269b343

2019-05-19T13:12:47

ignore: only skip first leading slash For compatibility with git, only skip the first leading slash in an ignore file. That is: `/a.txt` indicates to ignore a file named `a.txt` at the root. However `//b.txt` does not indicate that a file named `b.txt` at the root should be ignored.

e6e6b60f

2019-05-19T12:32:06

ignore: test multiple leading slashes

ce6d624a

2019-05-19T10:30:04

regex: optionally use PCRE2 Use PCRE2 and its POSIX compatibility layer if requested by the user. Although PCRE2 is adequate for our needs, the PCRE2 POSIX layer as installed on Debian and Ubuntu systems is broken, so we do not opt-in to it by default to avoid breaking users on those platforms.

69ecdad5

2019-05-19T10:09:55

regex: use system PCRE if available Attempt to locate a system-installed version of PCRE and use its POSIX compatibility layer, if possible.

622166c4

2019-05-18T19:37:59

regex: disambiguate builtin vs system pcre

c6e48fef

2019-02-17T21:51:34

regex: allow regex selection in cmake Users can now select which regex implementation they want to use: one of the system `regcomp_l`, the system PCRE, the builtin PCRE or the system's `regcomp`. By default the system `regcomp_l` will be used if it exists, otherwise the system PCRE will be used. If neither of those exist, then the builtin PCRE implementation will be used. The system's `regcomp` is not used by default due to problems with locales.

09902985

2019-01-13T21:12:10

core::posix: skip some locale tests on win32

fe1fb36e

2019-01-13T21:10:50

win32: move type definitions for improved inclusion Move some win32 type definitions to a standalone file so that they can be included before other header files try to use the definitions.

e4b2ef87

2019-01-13T10:09:13

regex: don't warn on unused functions PCRE includes compatibility functions that may go unused. Don't warn.

8877d7d3

2019-01-13T02:08:43

tests: regcomp: use proper character classes The '[[:digit:]]' and '[[:alpha:]]' classes require double brackets, not single.

ca1b07a2

2019-01-13T02:05:58

tests: regcomp: test that regex functions succeed The regex functions return nonzero (not necessarily negative values) on failure.

aea9a712

2018-03-02T15:12:14

tests: regcomp: assert character groups do match normal alphabet In order to avoid us being unable to match characters which are part of the normal US alphabet in certain weird languages, add two tests to catch this behavior.

e207b2a2

2018-03-02T15:09:20

tests: regex: restructure setup of locales In order to make it easier adding more locale-related tests, add a generalized framework handling initial setup of languages as well as the cleanup of them afterwards.

b055a6b5

2019-01-13T01:24:39

tests: regex: add test with LC_COLLATE being set While we already have a test for `p_regexec` with `LC_CTYPE` being modified, `regexec` also alters behavior as soon as `LC_COLLATE` is being modified. Most importantly, `LC_COLLATE` changes the way how ranges are interpreted to just not handling them at all. Thus, ensure that either we use `regcomp_l` to avoid this, or that we've fallen back to our builtin regex functionality which also behaves properly.

ad4ede91

2018-03-02T13:51:57

tests: fix p_regcomp test not checking return type While the test asserts that the error value indcates a non-value, it is actually never getting assigned to. Fix this.

31f8f82a

2018-03-02T12:18:59

diff_driver: detect memory allocation errors when loading diff driver When searching for a configuration key for the diff driver, we construct the config key by modifying a buffer and then passing it to `git_config_get_multivar_foreach`. We do not check though whether the modification of the buffer actually succeded, so we could in theory end up passing the OOM buffer to the config function. Fix that by checking return codes. While at it, switch to use `git_buf_PUTS` to avoid repetition of the appended string to calculate its length.

9ceafb57

2019-01-12T22:55:31

regexec: use pcre as our fallback/builtin regex Use PCRE 8.42 as the builtin regex implementation, using its POSIX compatibility layer. PCRE uses ASCII by default and the users locale will not influence its behavior, so its `regcomp` implementation is similar to `regcomp_l` with a C locale.

d3a440ca

2019-01-13T10:50:13

fuzzers: use system includes Use the system includes (defined by libgit2) as the fuzzer includes. The fuzzers link against internal libgit2 API and therefore need to have the full include path that libgit2 uses.

02683b20

2019-01-12T23:06:39

regexec: prefix all regexec function calls with p_ Prefix all the calls to the the regexec family of functions with `p_`. This allows us to swap out all the regular expression functions with our own implementation. Move the declarations to `posix_regex.h` for simpler inclusion.

thodg/libgit2

Log