|
21b70f09
|
2022-07-13T20:48:04
|
|
Merge pull request #6352 from libgit2/ethomson/post_1.5.0
meta: update version number to v1.6.0-alpha
|
|
43dd3700
|
2022-07-13T20:17:27
|
|
meta: update version number to v1.6.0-alpha
|
|
fbea439d
|
2022-07-13T20:06:59
|
|
Merge pull request #6351 from libgit2/ethomson/v1.5.0
v1.5.0
|
|
2be53a5d
|
2022-07-07T23:13:23
|
|
v1.5: update version numbers
|
|
20303580
|
2022-07-07T23:11:36
|
|
v1.5: update the changelog
|
|
fb02e339
|
2022-07-13T12:27:43
|
|
meta: update release.yml for security information
|
|
3c8a860d
|
2022-07-13T10:19:14
|
|
Merge pull request #6348 from lya001/fix-invalid-branch-name
Fix creation of branches and tags with invalid names
|
|
be08ef7f
|
2022-07-12T22:39:25
|
|
Update src/libgit2/tag.c
|
|
b70dbaa2
|
2022-07-12T22:12:36
|
|
Merge pull request #6347 from libgit2/ethomson/no_pack_v3
pack: don't pretend we support pack files v3
|
|
f6be8c26
|
2022-07-12T22:09:25
|
|
Apply suggestions from code review
|
|
53cfad9e
|
2022-07-12T15:07:11
|
|
Merge pull request #6350 from libgit2/ethomson/zlib
zlib: update bundled zlib to v1.2.12
|
|
4ae8704b
|
2022-07-12T14:42:50
|
|
Merge pull request #6349 from libgit2/ethomson/cve-2022-29187
Fixes for CVE 2022-29187
|
|
2db6cdcd
|
2022-07-06T09:50:55
|
|
zlib: updated bundled zlib to v1.2.12
|
|
af76267a
|
2022-03-28T10:50:16
|
|
zlib: Silence some warnings from Visual Studio C.
|
|
39ba0ee6
|
2021-06-04T18:25:19
|
|
zlib: slide_hash: add MSAN annotation to suppress known read from uninitialised memory
slide_hash knowingly reads (possibly) uninitialised memory, see comment
lower down about prev[n] potentially being garbage. In this case, the
result is never used - so we don't care about MSAN complaining about
this read.
By adding the no_sanitize("memory") attribute, clients of zlib won't
see this (unnecessary) error when building and running with
MemorySanitizer. An alternative approach is for clients to build zlib
with -fsanitize-ignorelist=... where the ignorelist contains something
like 'fun:slide_hash'. But that's more work and needs to be redone
for any and all CI systems running a given project with MSAN. Adding
this annotation to zlib's sources is overall more convenient - but
also won't affect non-MSAN builds.
This specific issue was found while running git's test suite, but has
also been reported by other clients, see e.g. #518.
|
|
6febb7d7
|
2022-07-06T09:52:22
|
|
zlib: declare prototypes for new functions
The `crc32_combine_gen64` missed a prototype in our define path.
Add one.
|
|
ed24b8ba
|
2022-07-05T23:47:15
|
|
repo: allow users running with sudo to access their repositories
In the ownership checks implemented for CVE-2022-24765, we disallowed
users to access their own repositories when running with `sudo`.
Examine the `SUDO_UID` environment variable and allow users running
with `sudo`. This matches git's behavior.
|
|
af9e0032
|
2022-07-02T10:19:33
|
|
repo: validate gitdir and gitlink ownership
To match git's behavior with CVE 2022-29187, validate not only the
working directory, but also the gitdir and gitlink (if it exists). This
a follow up to CVE-2022-24765 that was fixed earlier.
|
|
d1001fd0
|
2022-07-12T14:12:15
|
|
Merge pull request #6341 from libgit2/ethomson/ownership2
Fix erroneously lax configuration ownership checks
|
|
760a5acc
|
2022-07-12T15:07:54
|
|
Merge branch 'main' into fix-invalid-branch-name
|
|
1912f145
|
2022-07-11T15:53:35
|
|
tests: free resources in invalid tag name test
|
|
7456e819
|
2022-07-11T15:42:16
|
|
tests: error when create tag with invalid name
|
|
fe9bfec4
|
2022-07-11T15:35:15
|
|
tag: refactor tag name validity checks
|
|
7560ac4d
|
2022-07-11T15:25:51
|
|
branches: fix error message for invalid name
|
|
724b5a0e
|
2022-07-11T15:24:34
|
|
tests: rename to follow clar naming convention
|
|
2e9228e8
|
2022-07-11T15:23:41
|
|
tests: rename test for consistency
|
|
391afec4
|
2022-07-11T13:54:38
|
|
branch: refactor branch name validity checks
|
|
71fafae1
|
2022-07-11T12:03:37
|
|
tests: error when create branch with invalid name
|
|
e4f98ac4
|
2022-07-11T12:00:23
|
|
tests: follow clar naming convention
|
|
4597b869
|
2022-07-08T21:28:15
|
|
pack: don't pretend we support pack files v3
Pack files v3 are introduced in the SHA256 hash transition document
https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt
Obviously we do not support these yet. Stop pretending that we do.
|
|
56aaaf53
|
2022-07-04T16:03:10
|
|
repo: allow admin owned configs by admin users
Allow users in the administrator group to use git configs that are owned
by administrators.
|
|
5bc01a7d
|
2022-07-04T16:01:01
|
|
fs: allow ownership match if user is in admin group
Allow the user ownership to match if the file is owned by the admin
group and the user is in the admin group, even if the current process is
not running as administrator directly.
|
|
433f0166
|
2022-07-04T15:20:59
|
|
fs: refactor file ownership checks
Refactor the file ownership checks so that callers can provide discrete
information about the ownership expectations to a single function.
|
|
df354ec2
|
2022-07-03T09:07:32
|
|
fs: remove mock naming from change ownership constants
The file ownership concepts can reflect the actual file ownership, they
are not necessarily limited to mocking the interface. Rename them so
that they can be more broadly applicable.
|
|
78af6b5e
|
2022-07-02T15:21:55
|
|
repo: add tests for bare repo permissions
Ensure that we test opening a bare repository with odd permissions.
|
|
f51f6646
|
2022-07-02T15:36:07
|
|
Revert "repo: allow administrator to own the configuration"
This reverts commit cdff2f0237f663e0f68155655a8b66d05c1ec716.
This change erroneously allowed system users to own a worktree; this
should only be allowed when the current user is in the Administrator
group on Windows as well.
|
|
92ffdd2c
|
2022-07-07T09:43:56
|
|
Merge pull request #6333 from jpalus/pcre2-detection
cmake: drop posix dependency from pcre* detection
|
|
636a2752
|
2022-06-27T10:04:23
|
|
cmake: drop posix dependency from pcre* detection
since f585b12 neither PCRE nor PCRE2 backends rely on POSIX regex, so
reflect it in library detection logic
|
|
50a1f637
|
2022-07-07T00:28:56
|
|
Merge pull request #6334 from i-tengfei/fix-rebase-interactive
fix interactive rebase detect.
|
|
b34b831c
|
2022-07-06T23:21:30
|
|
Merge pull request #6335 from kcsaul/fix/config-find-system-file
Fix internal git_sysdir_find* function usage within public git_config_find* functions
|
|
cdcf5b9c
|
2022-07-06T23:19:28
|
|
rebase: formatting fixes
|
|
c2dc51e8
|
2022-07-06T23:14:17
|
|
Merge pull request #6340 from vishwin/main
ntlmclient: LibreSSL 3.5 removed HMAC_CTX_cleanup
|
|
1a94d97e
|
2022-07-06T13:33:06
|
|
Merge pull request #6343 from libgit2/ethomson/ci
ci: update dockerfiles for mbedTLS new url
|
|
5afc146a
|
2022-07-06T11:45:08
|
|
ci: update dockerfiles for mbedTLS new url
Update the new URL for mbedTLS.
|
|
c70035dc
|
2022-07-06T13:10:29
|
|
actions: pass UID and GID to PR builds of dockerfiles
|
|
a2d2769b
|
2022-07-06T11:14:55
|
|
Merge pull request #6342 from libgit2/ethomson/actions_limits
CI: limits actions scheduled workflows to the main repo
|
|
69c1fe0f
|
2022-07-06T10:47:01
|
|
actions: move CodeQL workflow into nightly
|
|
e72af290
|
2022-07-06T10:45:27
|
|
actions: limit secheduled workflows to our main repo
Only run scheduled workflows on the main repository; prevents people
from using build minutes on their forks.
|
|
628ebbde
|
2022-07-03T20:44:41
|
|
ntlmclient: LibreSSL 3.5 removed HMAC_CTX_cleanup
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt
Modify guard to declare dummy function.
|
|
05b2c89d
|
2022-06-28T21:52:45
|
|
config: use correct git_sysdir_find* function within git_config_find* functions
|
|
8fa58818
|
2022-06-28T04:48:57
|
|
fix interactive rebase detect.
|
|
3847522e
|
2022-06-22T21:14:43
|
|
Merge pull request #6303 from zawata/legacy_buffer_stream_segfault
filter: Fix Segfault
|
|
f887fd60
|
2022-06-22T09:22:50
|
|
copy back git_buf after callback
|
|
e0a8b4e8
|
2022-06-16T13:26:52
|
|
fix indentation, copy asize
|
|
e2ea138d
|
2022-06-14T08:47:50
|
|
Address feedback
Co-authored-by: Edward Thomson <ethomson@github.com>
|
|
f98dd543
|
2022-06-13T22:14:37
|
|
Merge pull request #6321 from libgit2/ethomson/ownership
repo: allow administrator to own the configuration
|
|
05f21154
|
2022-06-13T21:56:01
|
|
Merge pull request #6322 from libgit2/ethomson/stat
status: update documentation for default options
|
|
fb68f180
|
2022-06-13T21:44:05
|
|
status: update documentation for default options
|
|
70a182c6
|
2022-06-13T21:38:32
|
|
Merge pull request #6320 from libgit2/ethomson/config-docs
config: update config entry iteration lifecycle
|
|
cdff2f02
|
2022-06-13T21:34:01
|
|
repo: allow administrator to own the configuration
Update our ownership checks that were introduced in libgit2 v1.4.3
(to combat CVE 2022-24765). These were not compatible with git's; git
itself allows administrators to own the path. Our checks now match
this behavior.
|
|
1ed1e19a
|
2022-06-13T21:23:42
|
|
config: update config entry iteration lifecycle
|
|
96c61174
|
2022-06-13T11:19:55
|
|
cmake: only use `getloadavg` where it exists
|
|
3809ab0e
|
2022-06-13T10:50:40
|
|
cmake: add `gnu` library for Haiku
|
|
9bc82c8f
|
2022-06-13T10:46:21
|
|
cmake: detect `getentropy`
Look for `getentropy` and flag its existence.
|
|
7eb7edd4
|
2022-06-12T10:51:13
|
|
Merge pull request #6278 from lhchavez/git_transport_smart_remote_connect_options
transport: introduce `git_transport_smart_remote_connect_options`
|
|
cc4c37ca
|
2022-06-12T10:50:43
|
|
transport: remove `git_transport_smart_proxy_options`
Snuck in during refactoring; let's get rid of it.
|
|
d333dbea
|
2022-06-12T10:40:12
|
|
Merge pull request #6288 from libgit2/cmn/mwindow-simplifications
A couple of simplications around mwindow
|
|
660e6bd5
|
2022-06-11T21:21:01
|
|
Merge pull request #6023 from libgit2/ethomson/clang-format
Add a .clang-format with our style
|
|
0a7c00be
|
2022-06-11T14:31:16
|
|
Merge remote-tracking branch 'origin/main' into main
|
|
a7541676
|
2022-06-11T14:29:15
|
|
Apply suggestions from code review
Co-authored-by: Edward Thomson <ethomson@github.com>
|
|
2b28ee77
|
2022-06-11T16:51:04
|
|
Merge pull request #6319 from libgit2/ethomson/progress_32bit
CLI: progress updates
|
|
28d2ea1d
|
2022-06-11T16:50:56
|
|
Merge pull request #6305 from zawata/fix_refdb_error_msg
refs: fix missing error message
|
|
3b8a06c0
|
2022-06-11T16:50:35
|
|
Merge pull request #6287 from SkinnyMind/docs-typos
docs: fix couple of typos
|
|
565a3317
|
2022-06-11T16:28:12
|
|
Merge pull request #6299 from dongcarl/patch-1
revparse: Remove error-prone, redundant test
|
|
4f7b568d
|
2022-06-11T16:26:50
|
|
Merge pull request #6291 from libgit2/cmn/midx-no-hash
midx: do not verify the checksum on load
|
|
3a737169
|
2022-06-11T16:14:11
|
|
progress: fewer updates about throughput
Avoid too much flashing on the console with updates about throughput.
Only update throughput once a second.
|
|
286e7f0a
|
2022-06-11T16:08:28
|
|
cli: show progress on 32 bit machines
|
|
4f0ee02f
|
2022-06-11T15:40:10
|
|
Merge pull request #6306 from libgit2/ethomson/ci_test
Include test results data in CI
|
|
6bd024aa
|
2022-06-11T15:38:33
|
|
Merge pull request #6309 from ccstolley/ccs_fix_midx_offset
midx: fix large offset table check.
|
|
11b81717
|
2022-06-11T15:36:37
|
|
Merge pull request #6318 from apnadkarni/patch-3
Add link to Tcl bindings for libgit2
|
|
529aa173
|
2022-06-11T15:35:42
|
|
Merge pull request #6310 from theseion/add-pharo-to-language-bindings
chore(docs): Add Pharo to language bindings
|
|
f140f69b
|
2022-06-02T16:15:42
|
|
Add link to Tcl bindings for libgit2
|
|
25830642
|
2022-05-22T14:08:34
|
|
chore(docs): add Pharo to language bindings
|
|
97954ee5
|
2022-05-20T09:06:50
|
|
Replace bitwise AND 0x7fffffff with XOR 0x80000000.
Though both are correct, this makes it clear that we're dealing with
the same value.
|
|
8a765c72
|
2022-05-19T16:33:57
|
|
midx: fix large object offset table check.
It's insufficient to only check if the offset high order bit is set, we
must also check to see if object_large_offsets are in use.
This bug is causing objects to appear missing because they can't be
found in the index.
|
|
3fada669
|
2022-05-17T17:15:34
|
|
ci: show test results summary
|
|
8747c004
|
2022-05-17T14:41:02
|
|
ci: upload test result data as artifacts
|
|
fd8d3673
|
2022-05-17T16:23:14
|
|
ci: use uid/gid of actions runner
Avoid mismatches between the container uid/gid and the actions runner,
build the container with the actions runner's uid/gid
|
|
640e8a63
|
2022-05-17T11:01:43
|
|
fix missing error message
|
|
9c3edca5
|
2022-05-13T15:05:05
|
|
Call legacy_write_fn if given
|
|
7f53d7b6
|
2022-05-09T12:09:08
|
|
revparse: Remove error-prone, redundant test
Originally introduced in: 776a6a8e5f8e258d31aded73c0ce38df6ac7bdc4
This test case has recently been fixed in bdab22384cc61d315005a65456a9f9563bb27c8f, but that fix will only last for a year. Next year the same problem will crop up and the test will need to be re-edited.
This is not ideal as
- This test case becomes an unnecessary burden for developers
- Downstream distros or even just users who want to build older versions of libgit2 are guaranteed to have this test fail
Furthermore, this test case is entirely unnecessary, as the functionality that was originally (see 776a6a8e5f8e258d31aded73c0ce38df6ac7bdc4) intended to be tested is well-covered by subsequent tests which specify a date instead of a "x ago" specification.
|
|
a3f9617b
|
2022-05-03T14:09:40
|
|
midx: do not verify the checksum on load
This is something we only want to do during explicit verification rather than on
every load.
Verifying does not seem like a big deal when we're running with test workloads
but once your `multi-pack-index` reaches gigabytes, we spend more time hashing
this than doing any work.
|
|
bdab2238
|
2022-05-03T09:28:43
|
|
revparse: adjust reflog test as we move away from the dates
The dates we use in `refs::revparse::date` has just passed the ten years, so
now everything is beyond ten years, leading to an unexpected commit being
returned.
Adjust it to 11 years so it all looks fine again.
|
|
0f594445
|
2022-04-29T10:50:02
|
|
mwindow: use multiplication instesad of conditionals
This is a very verbose way of performing a comparison where we already
have the identity value with both signs. Instead of chainging several
conditions, we can rely on the maths working out.
|
|
55c84333
|
2022-04-29T10:32:45
|
|
mwindow: include both the offset and the extra in the same call
This makes it a bit easier to read while letting the caller specify
how big the hash size is for this particular call.
|
|
9af5db9a
|
2022-04-28T17:06:54
|
|
docs: fix couple of typos
|
|
13502d9e
|
2022-04-25T09:22:02
|
|
Merge pull request #6274 from libgit2/ethomson/cli_clone
cli: clone
|
|
a1c94e94
|
2022-04-25T09:15:59
|
|
Merge pull request #6277 from cschlack/sys_transport_missing_include
Fix missing include
|
|
70506171
|
2022-04-25T09:15:11
|
|
Merge pull request #6276 from lhchavez/delete-git_transport_smart_proxy_options
remote: Delete a now-inexistent API declaration
|
|
c6416100
|
2022-04-20T09:11:29
|
|
ci: map the build folder in container builds
Now that the containers all set the user id of the libgit2 build user to
the user id of the host runner, we can write to a shared build output
volume.
|