kmx git

Commit	Date	Message
2baf854e	2016-02-22T16:08:56	openssl_stream: fix memory leak when creating new stream
2afb6fa4	2016-02-22T16:05:13	rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.
d0cb11e7	2016-02-22T16:01:03	remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.
0f1e2d20	2016-02-23T11:23:26	index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.
be8479c9	2016-02-22T14:01:50	diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.
859ed5dd	2016-02-23T09:54:26	common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.
bac52ab0	2016-02-22T13:48:45	pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.
7808c937	2016-02-22T15:59:15	index: plug memory leak in `read_conflict_names`
d1c9a48d	2016-02-23T10:45:09	pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC
2129d6df	2016-02-22T13:33:48	crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.
003c5e46	2016-02-22T15:52:49	transports: smart_pkt: fix memory leaks on error paths
b9f28b8d	2016-02-23T10:09:03	refspec: check buffer with GITERR_CHECK_ALLOC_BUF
c5bd70d1	2016-02-23T11:48:30	revwalk: use GITERR_CHECK_ALLOC_BUF
793e0855	2016-02-22T14:06:48	refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.
6e2a3755	2016-02-23T11:45:43	smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
42c05ed5	2016-02-23T10:02:44	path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer
7bab2e8f	2016-02-22T23:04:40	git_libgit2_opts: validate key
c8fe6c09	2016-02-19T16:23:14	openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.
deecaa2e	2016-02-19T13:31:54	openssl: free the context even if we don't connect
bf127eec	2016-02-19T13:24:41	global: remove an unused variable
78e16c34	2016-02-19T13:06:51	Merge pull request #3597 from ethomson/filter_registration Filter registration
038d7af0	2016-02-15T11:30:48	signature: use GITERR_CHECK_ALLOC to check for OOM situation When checking for out of memory situations we usually use the GITERR_CHECK_ALLOC macro. Besides conforming to our current code base it adds the benefit of silencing errors in Coverity due to Coverity handling the macro's error path as abort.
8a62bf11	2016-02-15T11:28:33	netops: fix memory leak when an error occurs
b0f7512f	2016-02-15T11:46:10	transports: smart_pkt: fix memory leaks
704554cd	2016-02-15T11:37:48	transports: smart: fix memory leak on OOM path
c1b75f05	2016-02-18T15:11:31	Merge pull request #3604 from ethomson/nsec_xplat Handle `USE_NSECS`
b85d0afd	2016-02-18T15:11:02	Merge pull request #3606 from ethomson/drop_xp win32: drop xp support in WideCharToMultiByte
5663d4f6	2016-02-18T12:31:56	Merge pull request #3613 from ethomson/fixups Remove most of the silly warnings
594a5d12	2016-02-18T12:28:06	Merge pull request #3619 from ethomson/win32_forbidden win32: allow us to read indexes with forbidden paths on win32
318b825e	2016-02-16T17:11:46	index: allow read of index w/ illegal entries Allow `git_index_read` to handle reading existing indexes with illegal entries. Allow the low-level `git_index_add` to add properly formed `git_index_entry`s even if they contain paths that would be illegal for the current filesystem (eg, `AUX`). Continue to disallow `git_index_add_bypath` from adding entries that are illegal universally illegal (eg, `.git`, `foo/../bar`).
4fea9cff	2016-02-16T13:08:55	iterator: assert tree_iterator has a frame Although a `tree_iterator` that failed to be properly created does not have a frame, all other `tree_iterator`s should. Do not call `pop` in the failure case, but assert that in all other cases there is a frame.
a218b2f6	2016-01-22T16:03:37	Validate pointer before access the member. When Git repository at network locations, sometimes git_iterator_for_tree fails at iterator__update_ignore_case so it goes to git_iterator_free. Null pointer will crash the process if not check. Signed-off-by: Colin Xu <colin.xu@gmail.com>
eadd0f05	2016-02-16T14:06:48	commit: expose the different kinds of errors We should be checking whether the object we're looking up is a commit, and we should let the caller know whether the not-found return code comes from a bad object type or just a missing signature.
9ce0399c	2016-02-12T10:27:05	winhttp: use an unsigned iterator
3b2fa0fb	2016-02-12T10:25:50	submodule: explicitly cast to the teensy time value
b2ca8d9c	2016-02-12T10:22:54	index: explicitly cast the teeny index entry members
997e0301	2016-02-12T10:11:32	index: don't use `seek` return as an error code
9a634cba	2016-02-12T10:03:29	index: explicitly cast new hash size to an int
c4d23928	2016-02-11T15:41:07	fstat: use our custom `stat`
aadad405	2016-02-11T14:28:31	tree: zap warnings around `size_t` vs `uint16_t`
f28bae0c	2016-02-15T17:16:00	rebase: persist a single in-memory index When performing an in-memory rebase, keep a single index for the duration, so that callers have the expected index lifecycle and do not hold on to an index that is free'd out from under them.
35439f59	2016-02-11T12:24:21	win32: introduce p_timeval that isn't stupid Windows defines `timeval` with `long`, which we cannot sanely cope with. Instead, use a custom timeval struct.
5a296ad0	2016-02-12T00:55:20	Merge pull request #3610 from ethomson/rebase_bare rebase: introduce bare rebasing
3679ebae	2016-02-11T23:37:52	Horrible fix for #3173.
460ae11f	2016-02-11T22:19:20	commit: don't forget the last header field When we moved the logic to handle the first one, wrong loop logic was kept in place which meant we still finished early. But we now notice it because we're not reading past the last LF we find. This was not noticed before as the last field in the tested commit was multi-line which does not trigger the early break.
a202e0d4	2016-02-11T10:11:21	rebase: allow custom merge_options Allow callers of rebase to specify custom merge options. This may allow custom conflict resolution, or failing fast when conflicts are detected.
ee667307	2016-02-11T10:48:48	rebase: introduce inmemory rebasing Introduce the ability to rebase in-memory or in a bare repository. When `rebase_options.inmemory` is specified, the resultant `git_rebase` session will not be persisted to disk. Callers may still analyze the rebase operations, resolve any conflicts against the in-memory index and create the commits. Neither `HEAD` nor the working directory will be updated during this process.
494e61b8	2016-02-09T17:44:59	win32: drop xp support in WideCharToMultiByte
9447b9e5	2016-02-09T10:40:33	xplat: use st_mtimespec everywhere on mac
488e2b85	2016-02-09T16:26:58	Merge pull request #3599 from libgit2/gpgsign Introduce git_commit_extract_signature
534cc5a3	2016-02-09T16:10:43	Merge pull request #3603 from pks-t/pks/coverity-fixes Coverity fixes
a65afb75	2016-02-08T18:51:13	Introduce git_commit_extract_signature This returns the GPG signature for a commit and its contents without the signature block, allowing for the verification of the commit's signature.
ab87cb18	2016-02-09T14:53:10	Merge pull request #3602 from libgit2/cmn/header-field-2 commit: also match the first header field when searching
24b8ed2b	2016-02-09T11:11:38	attr_file: fix resource leak
e2625457	2016-02-09T11:07:50	checkout: fix resource leak
39c9dd24	2016-02-09T10:53:30	pack-objects: fix memory leak in packbuilder_config
0b2437bb	2016-02-09T10:43:28	pack-objects: fix memory leak in compute_write_order
a53d2e39	2016-02-09T09:58:56	pack: do not free passed in poiter on error The function `git_packfile_stream_open` tries to free the passed in stream when an error occurs. The only call site is `git_indexer_append`, though, which passes in the address of a stream struct which has not been allocated on the heap. Fix the issue by simply removing the call to free. In case of an error we did not allocate any memory yet and otherwise it should be the caller's responsibility to manage it's object's lifetime.
f55eca16	2016-02-09T07:17:26	commit: also match the first header field when searching We were searching only past the first header field, which meant we were unable to find e.g. `tree` which is the first field. While here, make sure to set an error message in case we cannot find the field.
2ed855a9	2016-02-07T13:16:30	filter: avoid races during filter registration Previously we would set the global filter registry structure before adding filters to the structure, without a lock, which is quite racy. Now, register default filters during global registration and use an rwlock to read and write the filter registry (as appopriate).
6e0fc1a6	2016-02-07T14:10:38	mingw: use gcc-like memory barrier Use the gcc-like memory barrier (__sync_synchronize) on mingw.
8a6d6677	2016-02-08T16:14:03	global: make openssl registration like the rest
bad2702c	2016-02-06T11:25:47	global: refactor setup and cleanup Move the common initialization and cleanup methods to reduce unnecessary duplication.
a001846b	2016-02-08T17:05:57	curl_stream: fix unused cert infos When copying contents of the cURL certiinfo we duplicate the data but forget to actually put it into the vector.
fac42ff9	2016-02-08T16:58:08	merge: fix memory leak
240b6fed	2016-02-05T15:19:24	Merge pull request #3578 from bubaflub/fix_small_memory_leak Free allocated pointer to curl stream on error
0c09753c	2016-01-25T14:06:15	Fix the build when defining USE_NSEC
5c7f2f01	2016-01-19T11:13:23	winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.
8bd1c19e	2016-01-16T19:39:24	Free allocated pointer to curl stream on error
b644e223	2016-01-13T11:02:38	Make packfile_unpack_compressed a private API
700f0aff	2015-12-29T13:38:01	Merge pull request #3562 from mgorny/ssh-read-stderr-fail ssh_stream_read(): fix possible *bytes_read < 0 branch
a3776489	2015-12-28T15:12:37	Merge pull request #3558 from libgit2/cmn/index-nolock index: get rid of the locking
9d81509a	2015-12-23T11:54:52	index: get rid of the locking We don't support using an index object from multiple threads at the same time, so the locking doesn't have any effect when following the rules. If not following the rules, things are going to break down anyway.
62602547	2015-12-26T22:39:22	git_repository_init: include dotfiles when copying templates Include dotfiles when copying template directory, which will handle both a template directory itself that begins with a dotfile, and any dotfiles inside the directory.
869320a8	2015-12-26T16:55:29	Merge pull request #3546 from Cruel/master Fix a couple function signatures
02fdc2db	2015-12-26T17:17:05	ssh_stream_read(): fix possible bytes_read < 0 branch Fix the possibility of returning successfully from ssh_stream_read() with bytes_read < 0. This would occur if stdout channel read resulted in 0, and stderr channel read failed afterwards.
91f0d186	2015-12-21T20:49:14	typos in comments
ef8b7feb	2015-12-16T19:36:50	index: Also size-hint the hash table Note that we're not checking whether the resize succeeds; in OOM cases, we let it run with a "small" vector and hash table and see if by chance we can grow it dynamically as we insert the new entries. Nothing to lose really.
d7d46cfb	2015-12-16T17:00:25	index: Preallocate the entries vector with size hint
0cc20a8c	2015-12-16T16:53:06	index: Adjust namemask & mode when filling
879ebab3	2015-12-16T12:30:52	merge: Use `git_index__fill` to populate the index Instead of calling `git_index_add` in a loop, use the new `git_index_fill` internal API to fill the index with the initial staged entries. The new `fill` helper assumes that all the entries will be unique and valid, so it can append them at the end of the entries vector and only sort it once at the end. It performs no validation checks. This prevents the quadratic behavior caused by having to sort the entries list once after every insertion.
95746a57	2015-12-14T19:21:09	Fix a couple function signatures
7f2c1469	2015-12-14T13:54:02	Merge pull request #3528 from chescock/Passthrough-from-credential-callback Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.
30c8e260	2015-12-14T13:53:26	Merge pull request #3521 from pks-t/blame-line-overflow Line count overflow in git_blame_hunk and git_blame__entry
6aa06b65	2015-12-10T12:14:09	Merge pull request #3522 from pks-t/email-format-commit-message diff: include commit message when formatting patch
dc49eb58	2015-12-10T11:57:44	Merge pull request #3538 from pks-t/pks/index-memory-leak index: always queue `remove_entry` for removal
465c3b38	2015-12-09T19:16:11	reset: perform the checkout before moving HEAD or the index This keeps the state of the workdir the same as one from HEAD, removing a source of possible confusion when calculating the work that is to be done.
21b1e015	2015-12-08T21:11:58	Merge pull request #3539 from libgit2/typedef-submodule-cb Use a typedef for the submodule_foreach callback.
eda726cf	2015-12-08T11:34:00	Use a typedef for the submodule_foreach callback. This fits with the style for the rest of the project, but more importantly, makes life easier for bindings authors who auto-generate code.
b057fdef	2015-12-08T16:00:35	index: always queue `remove_entry` for removal When replacing an index with a new one, we need to iterate through all index entries in order to determine which entries are equal. When it is not possible to re-use old entries for the new index, we move it into a list of entries that are to be removed and thus free'd. When we encounter a non-zero error code, though, we skip adding the current index entry to the remove-queue. `INSERT_MAP_EX`, which is the function last run before adding to the remove-queue, may return a positive non-zero code that indicates what exactly happened while inserting the element. In this case we skip adding the entry to the remove-queue but still continue the current operation, leading to a leak of the current entry. Fix this by checking for a negative return value instead of a non-zero one when we want to add the current index entry to the remove-queue.
fc436469	2015-12-06T22:51:00	tree: mark a tree as already sorted The trees are sorted on-disk, so we don't have to go over them again. This cuts almost a fifth of time spent parsing trees.
5d1f31c6	2015-12-03T17:42:52	Merge pull request #3530 from libgit2/cmn/parse-mode tree: use a specialised mode parse function
626f9e24	2015-12-03T16:27:15	index: canonicalize inserted paths safely When adding to the index, we look to see if a portion of the given path matches a portion of a path in the index. If so, we will use the existing path information. For example, when adding `foo/bar.c`, if there is an index entry to `FOO/other` and the filesystem is case insensitive, then we will put `bar.c` into the existing tree instead of creating a new one with a different case. Use `strncmp` to do that instead of `memcmp`. When we `bsearch` into the index, we locate the position where the new entry would go. The index entry at that position does not necessarily have a relation to the entry we're adding, so we cannot make assumptions and use `memcmp`. Instead, compare them as strings. When canonicalizing paths, we look for the first index entry that matches a given substring.
0174f21b	2015-12-02T18:56:31	tree: use a specialised mode parse function Instead of going out to strtol, which is made to parse generic numbers, copy a parse function from git which is specialised for file modes.
efd9ab56	2015-11-20T11:26:26	Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.
9487585d	2015-12-01T14:19:29	tree: mark cloned tree entries as un-pooled When duplicating a `struct git_tree_entry` with `git_tree_entry_dup` the resulting structure is not allocated inside a memory pool. As we do a 1:1 copy of the original struct, though, we also copy the `pooled` field, which is set to `true` for pooled entries. This results in a huge memory leak as we never free tree entries that were duplicated from a pooled tree entry. Fix this by marking the newly duplicated entry as un-pooled.
254e0a33	2015-11-24T13:43:43	diff: include commit message when formatting patch When formatting a patch as email we do not include the commit's message in the formatted patch output. Implement this and add a test that verifies behavior.
7f8fe1d4	2015-12-01T10:03:56	commit: introduce `git_commit_body` It is already possible to get a commit's summary with the `git_commit_summary` function. It is not possible to get the remaining part of the commit message, that is the commit message's body. Fix this by introducing a new function `git_commit_body`.
944dbd12	2015-11-24T10:52:17	blame: use size_t for line counts in git_blame__entry The `git_blame__entry` struct keeps track of line counts with `int` fields. Since `int` is only guaranteed to be at least 16 bits we may overflow on certain platforms when line counts exceed 2^15. Fix this by instead storing line counts in `size_t`.
cb1cb24c	2015-11-24T10:18:58	blame: use size_t for line counts in git_blame_hunk It is not unreasonable to have versioned files with a line count exceeding 2^16. Upon blaming such files we fail to correctly keep track of the lines as `git_blame_hunk` stores them in `uint16_t` fields. Fix this by converting the line fields of `git_blame_hunk` to `size_t`. Add test to verify behavior.

2baf854e

2016-02-22T16:08:56

openssl_stream: fix memory leak when creating new stream

2afb6fa4

2016-02-22T16:05:13

rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.

d0cb11e7

2016-02-22T16:01:03

remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.

0f1e2d20

2016-02-23T11:23:26

index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.

be8479c9

2016-02-22T14:01:50

diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.

859ed5dd

2016-02-23T09:54:26

common: introduce GITERR_CHECK_ALLOC_BUF We commonly have to check if a git_buf has been allocated correctly or if we ran out of memory. Introduce a new macro similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if so returns an error. Provide a `#nodef` for Coverity to mark the error case as an abort path.

bac52ab0

2016-02-22T13:48:45

pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.

7808c937

2016-02-22T15:59:15

index: plug memory leak in `read_conflict_names`

d1c9a48d

2016-02-23T10:45:09

pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC

2129d6df

2016-02-22T13:33:48

crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.

003c5e46

2016-02-22T15:52:49

transports: smart_pkt: fix memory leaks on error paths

b9f28b8d

2016-02-23T10:09:03

refspec: check buffer with GITERR_CHECK_ALLOC_BUF

c5bd70d1

2016-02-23T11:48:30

revwalk: use GITERR_CHECK_ALLOC_BUF

793e0855

2016-02-22T14:06:48

refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.

6e2a3755

2016-02-23T11:45:43

smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF

42c05ed5

2016-02-23T10:02:44

path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer

7bab2e8f

2016-02-22T23:04:40

git_libgit2_opts: validate key

c8fe6c09

2016-02-19T16:23:14

openssl: re-export the last-resort locking function We need to include the header where we define the function. Otherwise it won't be available on the DLL.

deecaa2e

2016-02-19T13:31:54

openssl: free the context even if we don't connect

bf127eec

2016-02-19T13:24:41

global: remove an unused variable

78e16c34

2016-02-19T13:06:51

Merge pull request #3597 from ethomson/filter_registration Filter registration

038d7af0

2016-02-15T11:30:48

signature: use GITERR_CHECK_ALLOC to check for OOM situation When checking for out of memory situations we usually use the GITERR_CHECK_ALLOC macro. Besides conforming to our current code base it adds the benefit of silencing errors in Coverity due to Coverity handling the macro's error path as abort.

8a62bf11

2016-02-15T11:28:33

netops: fix memory leak when an error occurs

b0f7512f

2016-02-15T11:46:10

transports: smart_pkt: fix memory leaks

704554cd

2016-02-15T11:37:48

transports: smart: fix memory leak on OOM path

c1b75f05

2016-02-18T15:11:31

Merge pull request #3604 from ethomson/nsec_xplat Handle `USE_NSECS`

b85d0afd

2016-02-18T15:11:02

Merge pull request #3606 from ethomson/drop_xp win32: drop xp support in WideCharToMultiByte

5663d4f6

2016-02-18T12:31:56

Merge pull request #3613 from ethomson/fixups Remove most of the silly warnings

594a5d12

2016-02-18T12:28:06

Merge pull request #3619 from ethomson/win32_forbidden win32: allow us to read indexes with forbidden paths on win32

318b825e

2016-02-16T17:11:46

index: allow read of index w/ illegal entries Allow `git_index_read` to handle reading existing indexes with illegal entries. Allow the low-level `git_index_add` to add properly formed `git_index_entry`s even if they contain paths that would be illegal for the current filesystem (eg, `AUX`). Continue to disallow `git_index_add_bypath` from adding entries that are illegal universally illegal (eg, `.git`, `foo/../bar`).

4fea9cff

2016-02-16T13:08:55

iterator: assert tree_iterator has a frame Although a `tree_iterator` that failed to be properly created does not have a frame, all other `tree_iterator`s should. Do not call `pop` in the failure case, but assert that in all other cases there is a frame.

a218b2f6

2016-01-22T16:03:37

Validate pointer before access the member. When Git repository at network locations, sometimes git_iterator_for_tree fails at iterator__update_ignore_case so it goes to git_iterator_free. Null pointer will crash the process if not check. Signed-off-by: Colin Xu <colin.xu@gmail.com>

eadd0f05

2016-02-16T14:06:48

commit: expose the different kinds of errors We should be checking whether the object we're looking up is a commit, and we should let the caller know whether the not-found return code comes from a bad object type or just a missing signature.

9ce0399c

2016-02-12T10:27:05

winhttp: use an unsigned iterator

3b2fa0fb

2016-02-12T10:25:50

submodule: explicitly cast to the teensy time value

b2ca8d9c

2016-02-12T10:22:54

index: explicitly cast the teeny index entry members

997e0301

2016-02-12T10:11:32

index: don't use `seek` return as an error code

9a634cba

2016-02-12T10:03:29

index: explicitly cast new hash size to an int

c4d23928

2016-02-11T15:41:07

fstat: use our custom `stat`

aadad405

2016-02-11T14:28:31

tree: zap warnings around `size_t` vs `uint16_t`

f28bae0c

2016-02-15T17:16:00

rebase: persist a single in-memory index When performing an in-memory rebase, keep a single index for the duration, so that callers have the expected index lifecycle and do not hold on to an index that is free'd out from under them.

35439f59

2016-02-11T12:24:21

win32: introduce p_timeval that isn't stupid Windows defines `timeval` with `long`, which we cannot sanely cope with. Instead, use a custom timeval struct.

5a296ad0

2016-02-12T00:55:20

Merge pull request #3610 from ethomson/rebase_bare rebase: introduce bare rebasing

3679ebae

2016-02-11T23:37:52

Horrible fix for #3173.

460ae11f

2016-02-11T22:19:20

commit: don't forget the last header field When we moved the logic to handle the first one, wrong loop logic was kept in place which meant we still finished early. But we now notice it because we're not reading past the last LF we find. This was not noticed before as the last field in the tested commit was multi-line which does not trigger the early break.

a202e0d4

2016-02-11T10:11:21

rebase: allow custom merge_options Allow callers of rebase to specify custom merge options. This may allow custom conflict resolution, or failing fast when conflicts are detected.

ee667307

2016-02-11T10:48:48

rebase: introduce inmemory rebasing Introduce the ability to rebase in-memory or in a bare repository. When `rebase_options.inmemory` is specified, the resultant `git_rebase` session will not be persisted to disk. Callers may still analyze the rebase operations, resolve any conflicts against the in-memory index and create the commits. Neither `HEAD` nor the working directory will be updated during this process.

494e61b8

2016-02-09T17:44:59

win32: drop xp support in WideCharToMultiByte

9447b9e5

2016-02-09T10:40:33

xplat: use st_mtimespec everywhere on mac

488e2b85

2016-02-09T16:26:58

Merge pull request #3599 from libgit2/gpgsign Introduce git_commit_extract_signature

534cc5a3

2016-02-09T16:10:43

Merge pull request #3603 from pks-t/pks/coverity-fixes Coverity fixes

a65afb75

2016-02-08T18:51:13

Introduce git_commit_extract_signature This returns the GPG signature for a commit and its contents without the signature block, allowing for the verification of the commit's signature.

ab87cb18

2016-02-09T14:53:10

Merge pull request #3602 from libgit2/cmn/header-field-2 commit: also match the first header field when searching

24b8ed2b

2016-02-09T11:11:38

attr_file: fix resource leak

e2625457

2016-02-09T11:07:50

checkout: fix resource leak

39c9dd24

2016-02-09T10:53:30

pack-objects: fix memory leak in packbuilder_config

0b2437bb

2016-02-09T10:43:28

pack-objects: fix memory leak in compute_write_order

a53d2e39

2016-02-09T09:58:56

pack: do not free passed in poiter on error The function `git_packfile_stream_open` tries to free the passed in stream when an error occurs. The only call site is `git_indexer_append`, though, which passes in the address of a stream struct which has not been allocated on the heap. Fix the issue by simply removing the call to free. In case of an error we did not allocate any memory yet and otherwise it should be the caller's responsibility to manage it's object's lifetime.

f55eca16

2016-02-09T07:17:26

commit: also match the first header field when searching We were searching only past the first header field, which meant we were unable to find e.g. `tree` which is the first field. While here, make sure to set an error message in case we cannot find the field.

2ed855a9

2016-02-07T13:16:30

filter: avoid races during filter registration Previously we would set the global filter registry structure before adding filters to the structure, without a lock, which is quite racy. Now, register default filters during global registration and use an rwlock to read and write the filter registry (as appopriate).

6e0fc1a6

2016-02-07T14:10:38

mingw: use gcc-like memory barrier Use the gcc-like memory barrier (__sync_synchronize) on mingw.

8a6d6677

2016-02-08T16:14:03

global: make openssl registration like the rest

bad2702c

2016-02-06T11:25:47

global: refactor setup and cleanup Move the common initialization and cleanup methods to reduce unnecessary duplication.

a001846b

2016-02-08T17:05:57

curl_stream: fix unused cert infos When copying contents of the cURL certiinfo we duplicate the data but forget to actually put it into the vector.

fac42ff9

2016-02-08T16:58:08

merge: fix memory leak

240b6fed

2016-02-05T15:19:24

Merge pull request #3578 from bubaflub/fix_small_memory_leak Free allocated pointer to curl stream on error

0c09753c

2016-01-25T14:06:15

Fix the build when defining USE_NSEC

5c7f2f01

2016-01-19T11:13:23

winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.

8bd1c19e

2016-01-16T19:39:24

Free allocated pointer to curl stream on error

b644e223

2016-01-13T11:02:38

Make packfile_unpack_compressed a private API

700f0aff

2015-12-29T13:38:01

Merge pull request #3562 from mgorny/ssh-read-stderr-fail ssh_stream_read(): fix possible *bytes_read < 0 branch

a3776489

2015-12-28T15:12:37

Merge pull request #3558 from libgit2/cmn/index-nolock index: get rid of the locking

9d81509a

2015-12-23T11:54:52

index: get rid of the locking We don't support using an index object from multiple threads at the same time, so the locking doesn't have any effect when following the rules. If not following the rules, things are going to break down anyway.

62602547

2015-12-26T22:39:22

git_repository_init: include dotfiles when copying templates Include dotfiles when copying template directory, which will handle both a template directory itself that begins with a dotfile, and any dotfiles inside the directory.

869320a8

2015-12-26T16:55:29

Merge pull request #3546 from Cruel/master Fix a couple function signatures

02fdc2db

2015-12-26T17:17:05

ssh_stream_read(): fix possible *bytes_read < 0 branch Fix the possibility of returning successfully from ssh_stream_read() with *bytes_read < 0. This would occur if stdout channel read resulted in 0, and stderr channel read failed afterwards.

91f0d186

2015-12-21T20:49:14

typos in comments

ef8b7feb

2015-12-16T19:36:50

index: Also size-hint the hash table Note that we're not checking whether the resize succeeds; in OOM cases, we let it run with a "small" vector and hash table and see if by chance we can grow it dynamically as we insert the new entries. Nothing to lose really.

d7d46cfb

2015-12-16T17:00:25

index: Preallocate the entries vector with size hint

0cc20a8c

2015-12-16T16:53:06

index: Adjust namemask & mode when filling

879ebab3

2015-12-16T12:30:52

merge: Use `git_index__fill` to populate the index Instead of calling `git_index_add` in a loop, use the new `git_index_fill` internal API to fill the index with the initial staged entries. The new `fill` helper assumes that all the entries will be unique and valid, so it can append them at the end of the entries vector and only sort it once at the end. It performs no validation checks. This prevents the quadratic behavior caused by having to sort the entries list once after every insertion.

95746a57

2015-12-14T19:21:09

Fix a couple function signatures

7f2c1469

2015-12-14T13:54:02

Merge pull request #3528 from chescock/Passthrough-from-credential-callback Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.

30c8e260

2015-12-14T13:53:26

Merge pull request #3521 from pks-t/blame-line-overflow Line count overflow in git_blame_hunk and git_blame__entry

6aa06b65

2015-12-10T12:14:09

Merge pull request #3522 from pks-t/email-format-commit-message diff: include commit message when formatting patch

dc49eb58

2015-12-10T11:57:44

Merge pull request #3538 from pks-t/pks/index-memory-leak index: always queue `remove_entry` for removal

465c3b38

2015-12-09T19:16:11

reset: perform the checkout before moving HEAD or the index This keeps the state of the workdir the same as one from HEAD, removing a source of possible confusion when calculating the work that is to be done.

21b1e015

2015-12-08T21:11:58

Merge pull request #3539 from libgit2/typedef-submodule-cb Use a typedef for the submodule_foreach callback.

eda726cf

2015-12-08T11:34:00

Use a typedef for the submodule_foreach callback. This fits with the style for the rest of the project, but more importantly, makes life easier for bindings authors who auto-generate code.

b057fdef

2015-12-08T16:00:35

index: always queue `remove_entry` for removal When replacing an index with a new one, we need to iterate through all index entries in order to determine which entries are equal. When it is not possible to re-use old entries for the new index, we move it into a list of entries that are to be removed and thus free'd. When we encounter a non-zero error code, though, we skip adding the current index entry to the remove-queue. `INSERT_MAP_EX`, which is the function last run before adding to the remove-queue, may return a positive non-zero code that indicates what exactly happened while inserting the element. In this case we skip adding the entry to the remove-queue but still continue the current operation, leading to a leak of the current entry. Fix this by checking for a negative return value instead of a non-zero one when we want to add the current index entry to the remove-queue.

fc436469

2015-12-06T22:51:00

tree: mark a tree as already sorted The trees are sorted on-disk, so we don't have to go over them again. This cuts almost a fifth of time spent parsing trees.

5d1f31c6

2015-12-03T17:42:52

Merge pull request #3530 from libgit2/cmn/parse-mode tree: use a specialised mode parse function

626f9e24

2015-12-03T16:27:15

index: canonicalize inserted paths safely When adding to the index, we look to see if a portion of the given path matches a portion of a path in the index. If so, we will use the existing path information. For example, when adding `foo/bar.c`, if there is an index entry to `FOO/other` and the filesystem is case insensitive, then we will put `bar.c` into the existing tree instead of creating a new one with a different case. Use `strncmp` to do that instead of `memcmp`. When we `bsearch` into the index, we locate the position where the new entry would go. The index entry at that position does not necessarily have a relation to the entry we're adding, so we cannot make assumptions and use `memcmp`. Instead, compare them as strings. When canonicalizing paths, we look for the first index entry that matches a given substring.

0174f21b

2015-12-02T18:56:31

tree: use a specialised mode parse function Instead of going out to strtol, which is made to parse generic numbers, copy a parse function from git which is specialised for file modes.

efd9ab56

2015-11-20T11:26:26

Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.

9487585d

2015-12-01T14:19:29

tree: mark cloned tree entries as un-pooled When duplicating a `struct git_tree_entry` with `git_tree_entry_dup` the resulting structure is not allocated inside a memory pool. As we do a 1:1 copy of the original struct, though, we also copy the `pooled` field, which is set to `true` for pooled entries. This results in a huge memory leak as we never free tree entries that were duplicated from a pooled tree entry. Fix this by marking the newly duplicated entry as un-pooled.

254e0a33

2015-11-24T13:43:43

diff: include commit message when formatting patch When formatting a patch as email we do not include the commit's message in the formatted patch output. Implement this and add a test that verifies behavior.

7f8fe1d4

2015-12-01T10:03:56

commit: introduce `git_commit_body` It is already possible to get a commit's summary with the `git_commit_summary` function. It is not possible to get the remaining part of the commit message, that is the commit message's body. Fix this by introducing a new function `git_commit_body`.

944dbd12

2015-11-24T10:52:17

blame: use size_t for line counts in git_blame__entry The `git_blame__entry` struct keeps track of line counts with `int` fields. Since `int` is only guaranteed to be at least 16 bits we may overflow on certain platforms when line counts exceed 2^15. Fix this by instead storing line counts in `size_t`.

cb1cb24c

2015-11-24T10:18:58

blame: use size_t for line counts in git_blame_hunk It is not unreasonable to have versioned files with a line count exceeding 2^16. Upon blaming such files we fail to correctly keep track of the lines as `git_blame_hunk` stores them in `uint16_t` fields. Fix this by converting the line fields of `git_blame_hunk` to `size_t`. Add test to verify behavior.

thodg/libgit2/src

src

Log