|
2f4e7cb0
|
2018-04-20T23:11:14
|
|
travis: split testing from building
|
|
54990d75
|
2018-06-06T08:36:43
|
|
Merge pull request #4641 from pks-t/pks/submodule-names-memleak
Detect duplicated submodules for the same path
|
|
bae6ed62
|
2018-06-01T13:17:28
|
|
Merge pull request #4530 from tiennou/fix/docurium-missing-includes
Fix docurium missing includes
|
|
771dfd1d
|
2018-05-30T10:52:51
|
|
Merge pull request #4627 from libgit2/ethomson/template
github: update issue template
|
|
8a14846b
|
2018-05-30T10:51:10
|
|
Merge pull request #4661 from laomaiweng/patch-1
streams: openssl: add missing check on OPENSSL_LEGACY_API
|
|
9c698a25
|
2018-05-30T10:34:58
|
|
submodule: remove useless mask computations
Previous to dfda2f68e (submodule: remove the per-repo cache,
2015-04-27), we tried to cache our submodules per repository to avoid
having to reload it too frequently. As it created some headaches with
regards to multithreading, we removed that cache.
Previous to that removal, we had to compute what submodule status to
refresh. The mask computation was not removed, though, resulting in
confusing and actually dead code. While it seems like the mask is
currently in use in a conditional, it is not, as we unconditionally
assign to the mask previous to that condition.
Remove all mask computations to clean up stale code.
|
|
b2a389c8
|
2018-05-30T08:35:06
|
|
submodule: detect duplicated submodule paths
When loading submodule names, we build a map of submodule paths and
their respective names. While looping over the configuration keys,
we do not check though whether a submodule path was seen already. This
leads to a memory leak in case we have multiple submodules with the same
path, as we just overwrite the old value in the map in that case.
Fix the error by verifying that the path to be added is not yet part of
the string map. Git does not allow to have multiple submodules for a
path anyway, so we now do the same and detect this duplication,
reporting it to the user.
|
|
cf5030a3
|
2018-05-30T08:38:28
|
|
submodule: refactor loading submodule names
The function `load_submodule_names` was always being called with a
newly allocated string map, which was then getting filled by the
function. Move the string map allocation into `load_submodule_names`,
instead, and pass the whole map back to the caller in case no error
occurs. This change helps to avoid misuse by handing in pre-populated
maps.
|
|
36ae5c93
|
2018-05-30T08:25:19
|
|
Merge pull request #4656 from tiennou/fix/mbedtls-no-pkgconfig
mbedtls: don't require mbedtls from our pkgconfig file
|
|
b1cab70b
|
2018-05-30T02:15:09
|
|
streams: openssl: add missing check on OPENSSL_LEGACY_API
The `CRYPTO_THREADID` type is no longer available in OpenSSL ≥ 1.1.0 with deprecated features disabled, and causes build failures. Since the `threadid_cb()` function is only ever called by `git_openssl_set_locking()` when `defined(OPENSSL_LEGACY_API)`, only define it then.
|
|
7f6c1ce9
|
2018-05-29T21:04:39
|
|
Merge pull request #4660 from libgit2/cmn/submodule-traversal
Fixes for CVE 2018-11235
|
|
491722e8
|
2018-05-29T19:27:59
|
|
CHANGELOG: mention fixes for CVE-2018-11235
|
|
64a78a80
|
2018-05-25T09:28:52
|
|
mbedtls: don't require mbedtls from our pkgconfig file
mbedTLS has no pkgconfig file, hence we can't require it. For now, pass its link flags as our own.
|
|
d050acf7
|
2018-05-25T10:28:15
|
|
Merge pull request #4653 from stinb/junction-point-diff-from-git
Added note about Windows junction points to the differences from git document
|
|
57e343d7
|
2018-05-24T21:58:40
|
|
path: hand-code the zero-width joiner as UTF-8
|
|
9e723db8
|
2018-05-24T20:28:36
|
|
submodule: plug leaks from the escape detection
|
|
c16ebaa6
|
2018-05-24T19:05:59
|
|
submodule: replace index with strchr which exists on Windows
|
|
91a4849d
|
2018-05-24T19:00:13
|
|
submodule: the repostiory for _name_is_valid should not be const
We might modify caches due to us trying to load the configuration to figure out
what kinds of filesystem protections we should have.
|
|
1f570a29
|
2018-05-23T08:40:17
|
|
path: check for a symlinked .gitmodules in fs-agnostic code
We still compare case-insensitively to protect more thoroughly as we don't know
what specifics we'll see on the system and it's the behaviour from git.
|
|
3fbfae26
|
2018-05-22T20:37:23
|
|
checkout: change symlinked .gitmodules file test to expect failure
When dealing with `core.proectNTFS` and `core.protectHFS` we do check
against `.gitmodules` but we still have a failing test as the non-filesystem
codepath does not check for it.
|
|
a7168b47
|
2018-05-22T16:13:47
|
|
path: reject .gitmodules as a symlink
Any part of the library which asks the question can pass in the mode to have it
checked against `.gitmodules` being a symlink.
This is particularly relevant for adding entries to the index from the worktree
and for checking out files.
|
|
58ff913a
|
2018-05-22T15:48:38
|
|
index: stat before creating the entry
This is so we have it available for the path validity checking. In a later
commit we will start rejecting `.gitmodules` files as symlinks.
|
|
02c80ad7
|
2018-05-22T15:21:08
|
|
path: accept the name length as a parameter
We may take in names from the middle of a string so we want the caller to let us
know how long the path component is that we should be checking.
|
|
a145f2b6
|
2018-05-22T14:16:45
|
|
checkout: add a failing test for refusing a symlinked .gitmodules
We want to reject these as they cause compatibility issues and can lead to git
writing to files outside of the repository.
|
|
490cbaa9
|
2018-05-22T13:58:24
|
|
path: expose dotgit detection functions per filesystem
These will be used by the checkout code to detect them for the particular
filesystem they're on.
|
|
d54c34a7
|
2018-05-21T17:04:11
|
|
docs: added note regarding difference in treatment of junction points from git
|
|
177dcfc7
|
2018-05-18T15:16:53
|
|
path: hide the dotgit file functions
These can't go into the public API yet as we don't want to introduce API or ABI
changes in a security release.
|
|
0aa65f8d
|
2018-05-16T15:56:04
|
|
path: add functions to detect .gitconfig and .gitattributes
|
|
9de97ae7
|
2018-05-16T15:42:08
|
|
path: add a function to detect an .gitmodules file
Given a path component it knows what to pass to the filesystem-specific
functions so we're protected even from trees which try to use the 8.3 naming
rules to get around us matching on the filename exactly.
The logic and test strings come from the equivalent git change.
|
|
22973e09
|
2018-05-16T14:47:04
|
|
path: provide a generic function for checking dogit files on NTFS
It checks against the 8.3 shortname variants, including the one which includes
the checksum as part of its name.
|
|
0283fc46
|
2018-05-16T11:56:04
|
|
path: provide a generic dogit checking function for HFS
This lets us check for other kinds of reserved files.
|
|
397abe98
|
2018-05-14T16:03:15
|
|
submodule: also validate Windows-separated paths for validity
Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to
protect Windows users.
Ideally we would check for both separators without the need for the copied
string, but this'll get us over the RCE.
|
|
6b15ceac
|
2018-04-30T13:47:15
|
|
submodule: ignore submodules which include path traversal in their name
If the we decide that the "name" of the submodule (i.e. its path inside
`.git/modules/`) is trying to escape that directory or otherwise trick us, we
ignore the configuration for that submodule.
This leaves us with a half-configured submodule when looking it up by path, but
it's the same result as if the configuration really were missing.
The name check is potentially more strict than it needs to be, but it lets us
re-use the check we're doing for the checkout. The function that encapsulates
this logic is ready to be exported but we don't want to do that in a security
release so it remains internal for now.
|
|
f9cf9a04
|
2018-05-09T14:51:57
|
|
Merge pull request #4642 from pks-t/pks/cmake-resolve-pkgconfig
cmake: resolve libraries found by pkg-config
|
|
0a19c151
|
2018-05-09T14:14:06
|
|
Merge pull request #4629 from neithernut/enhance-glob-perf
refdb_fs: enhance performance of globbing
|
|
81c9894f
|
2018-05-09T14:06:57
|
|
Merge pull request #4645 from pks-t/pks/racy-init-deinit
global: adjust init count under lock
|
|
6c2939d6
|
2018-05-09T13:57:17
|
|
Merge pull request #4646 from pks-t/pks/gcc-8.1-warnings
Fix GCC 8.1 warnings
|
|
8ab470f5
|
2018-04-27T15:31:43
|
|
cmake: remove now-useless LIBGIT2_LIBDIRS handling
With the recent change of always resolving pkg-config libraries to their
full path, we do not have to manage the LIBGIT2_LIBDIRS variable
anymore. The only other remaining user of LIBGIT2_LIBDIRS is winhttp,
which is a CMake-style library target and can thus be resolved by CMake
automatically.
Remove the variable to simplify our build system a bit.
|
|
0f62e4c7
|
2018-04-27T10:38:49
|
|
cmake: resolve libraries found by pkg-config
Libraries found by CMake modules are usually handled with their full
path. This makes linking against those libraries a lot more robust when
it comes to libraries in non-standard locations, as otherwise we might
mix up libraries from different locations when link directories are
given.
One excemption are libraries found by PKG_CHECK_MODULES. Instead of
returning libraries with their complete path, it will return the
variable names as well as a set of link directories. In case where
multiple sets of the same library are installed in different locations,
this can lead the compiler to link against the wrong libraries in the
end, when link directories of other dependencies are added.
To fix this shortcoming, we need to manually resolve library paths
returned by CMake against their respective library directories. This is
an easy task to do with `FIND_LIBRARY`.
|
|
04c48afc
|
2018-04-20T21:07:17
|
|
docs: standardize struct git_*_options comments
|
|
c7b42f44
|
2018-04-11T22:26:31
|
|
docs: fix comment style
|
|
3ec35d9c
|
2018-03-26T20:23:59
|
|
attr: fix typo
|
|
78ea5adc
|
2018-03-22T23:27:35
|
|
branch: typo
|
|
bf46d458
|
2018-03-22T23:27:34
|
|
docs: move blame options struct field comments
|
|
132f2ce0
|
2018-03-22T23:27:33
|
|
docs: change Docurium input directory
Most files under `git2/sys` have their includes prefixed with `git2`. Since Docurium exports its input headers in a temporary directory without the `git2` prefix, all those headers fail to parse.
|
|
25e8a293
|
2018-03-22T23:27:31
|
|
docs: correct defgroup
|
|
29afb257
|
2018-03-22T23:27:30
|
|
docs: fix incorrect codeblock on output
|
|
bf70fa4b
|
2018-03-22T23:27:28
|
|
docs: move comment so docurium sees it
|
|
ca5a15e5
|
2018-03-22T23:27:27
|
|
docs: standardize comment block for git_*_init_options functions
|
|
8ee183a2
|
2018-03-22T23:27:25
|
|
docs: missing documentation comment
|
|
f46c360e
|
2018-03-22T23:27:24
|
|
docs: move callback-specific documentation to the callback
|
|
efad967a
|
2018-03-22T23:27:23
|
|
docs: fix some comment-marker typos
|
|
96576372
|
2018-03-22T23:27:21
|
|
docs: fix more missing includes
|
|
84bcae6c
|
2018-03-22T23:27:20
|
|
docs: add buffer.h & oid.h to types.h
Otherwise docurium/clang chokes on the types, and ignores the documentation comments altogether.
|
|
81ea9957
|
2018-05-07T15:36:40
|
|
Merge pull request #4630 from tiennou/fix/worktree-from-bare
Worktrees can be made from bare repositories
|
|
a82082d0
|
2018-04-20T08:38:50
|
|
worktree: a worktree can be made from a bare repository
|
|
c7964c22
|
2018-04-18T22:40:46
|
|
repository: being a worktree means we're not really bare
We were previously conflating any error into GIT_ENOTFOUND, which might
or might not be correct. This fixes the code so a config error is
bubbled up, as well as preserving the semantics in the face of
worktree-repositories
|
|
a5723236
|
2018-05-07T13:46:55
|
|
Merge pull request #4605 from cjhoward92/docs/cli-differences
docs: add documentation to state differences from the git cli
|
|
bb468ada
|
2018-05-07T13:44:15
|
|
Merge pull request #4542 from stanhu/sh-sanitize-utf8-hunk-header
Sanitize the hunk header to ensure it contains UTF-8 valid data
|
|
9d83a2b0
|
2018-02-22T22:55:50
|
|
Sanitize the hunk header to ensure it contains UTF-8 valid data
The diff driver truncates the hunk header text to 80 bytes, which can truncate
4-byte Unicode characters and introduce garbage characters in the diff
output. This change sanitizes the hunk header before it is displayed.
This mirrors the test in git: https://github.com/git/git/blob/master/t/t4025-hunk-header.sh
Closes https://github.com/libgit2/rugged/issues/716
|
|
0c6f631c
|
2018-05-04T16:20:29
|
|
Merge pull request #4380 from cjhoward92/examples/ls-files
examples: ls-files: add ls-files to list paths in the index
|
|
1bf57b5a
|
2018-05-04T15:27:11
|
|
tests: iterator::workdir: fix GCC warning
Since GCC 8.1, the compiler performs some bounds checking when
copying static data into arrays with a known size. In one test,
we print a format string of "%s/sub%02d" into a buffer of 64
bytes. The input buffer for the first "%s" is bounded to at most
63 characters, plus four bytes for the static string "/sub" plus
two more bytes for "%02d". Thus, our target buffer needs to be at
least 70 bytes in size, including the NUL byte. There seems to be
a bug in the analysis, though, because GCC will not account for
the limiting "%02" prefix, treating it as requiring the same
count of bytes as a "%d".
Thus, we end up at 79 bytes that are required to fix the
warning. To make it look nicer and less special, we just round
the buffer size up to 80 bytes.
|
|
0750d0cc
|
2018-05-04T15:25:22
|
|
tests: refs::normalize: simplify code to avoid GCC warning
Since version 8.1, GCC will do some automatic bounds checking
when printing static content into a buffer with known size. The
bounds checking doesn't yet work quite right in all scenarios and
may thus lead to false positives. Fix one of these false
positives in refs::normalize by simplifying the code.
|
|
ba5e39ac
|
2018-05-04T15:25:11
|
|
streams: openssl: fix bogus warning on unused parameter
Our provided callback function `threadid_cb(CRYPTO_THREADID
*threadid)` sets up a unique thread ID by asking pthread for the
current thread ID. Since openssl version 1.1,
`CRYPTO_THREADID_set_numeric` is simply a no-op macro, leaving
the `threadid` argument unused after the preprocessor has
processed the macro. GCC does not account for that situation and
will thus complain about `threadid` being unused.
Silence this warning by using `GIT_UNUSED(threadid)`.
|
|
0933fdc5
|
2018-05-04T13:40:54
|
|
global: adjust init count under lock
Our global initialization functions `git_libgit2_init()` and
`git_libgit2_shutdown()` both adjust a global init counter to determine
whether we are the first respectively last user of libgit2. On
Unix-systems do not do so under lock, though, which opens the
possibility of a race between these two functions:
Thread 1 Thread 2
git__n_inits = 0;
git_libgit2_init();
git_atomic_inc(&git__n_inits);
/* git__n_inits == 1 */
git_libgit2_shutdown();
if (git_atomic_dec(&git__n_inits) != 0)
/* git__n_inits == 0, no early exit here */
pthread_mutex_lock(&_init_mutex);
shutdown_common();
pthread_mutex_unlock(&_init_mutex);
pthread_mutex_lock(&_init_mutex);
init_once();
pthread_mutex_unlock(&_init_mutex);
So we can end up in a situation where we try to shutdown shared data
structures before they have been initialized.
Fix the race by always locking `_init_mutex` before incrementing or
decrementing `git__n_inits`.
|
|
8aa437ef
|
2018-05-02T07:55:26
|
|
tests: ls-files: use puts instead of printf and fix typos
|
|
77799325
|
2018-05-02T07:46:53
|
|
docs: update differences-from-git to be more concise
|
|
26a09a93
|
2018-04-30T21:34:36
|
|
Merge pull request #4608 from pks-t/pks/openssl-api-cleanup
OpenSSL legacy API cleanups
|
|
7553763a
|
2018-04-30T13:03:44
|
|
submodule: add a failing test for a submodule escaping .git/modules
We should pretend such submdules do not exist as it can lead to RCE.
|
|
173a0375
|
2018-02-08T23:50:14
|
|
openssl: remove leftover #ifdef
This is the "OpenSSL available" global init function after all
|
|
b33b6d33
|
2018-04-30T09:27:47
|
|
Merge pull request #4640 from mkeeler/worktree-convenience2
worktree: add functions to get name and path
|
|
20a2b02d
|
2018-04-18T19:23:40
|
|
refdb_fs: enable root arbitration for fixed portion of globs
A glob used for iteration may start with an entire path containing no
special characters. If we start scanning for references within that path
rather than in `refs/`, we may end up scanning only a small fraction of
all references.
|
|
27e98cf7
|
2018-04-18T19:21:22
|
|
refdb_fs: prepare arbitration of the root used for ref iteration
Instead of a hardcoded "refs", we may choose a different directory
within the git directory as the root from which we look for references.
|
|
5ace1494
|
2018-04-26T11:45:38
|
|
Merge pull request #4633 from csware/worktree-delereref
Fix deletion of unrelated branch on worktree
|
|
3da1ad20
|
2018-04-24T17:09:34
|
|
worktree: add functions to get name and path
|
|
45a3b9cd
|
2018-04-24T17:12:49
|
|
tests: fix issue with /tmp paths on macOS[1]
|
|
86353a72
|
2018-04-22T14:57:02
|
|
Merge pull request #4173 from tiennou/mbedtls
mbedTLS support
|
|
5d346c11
|
2018-04-22T14:51:00
|
|
Merge pull request #4525 from pks-t/pks/config-iterate-in-order
Configuration entry iteration in order
|
|
2b967226
|
2018-04-22T14:43:18
|
|
Merge pull request #4580 from pks-t/pks/diff-like-git-coalesce
blame_git: fix coalescing step never being executed
|
|
0ad2372b
|
2018-04-20T21:25:01
|
|
Merge pull request #4636 from tiennou/fix/leaks
Fix leaks in master
|
|
232dd4de
|
2018-04-20T20:36:31
|
|
Merge pull request #4635 from tiennou/fix/leaks-v0.27.1
Leak fixes for v0.27.1
|
|
8d138f89
|
2018-04-20T20:28:48
|
|
Merge pull request #4577 from csware/reflog-worktree-head
worktree: Read worktree specific reflog for HEAD
|
|
25100d6d
|
2018-04-19T19:17:07
|
|
tests: free the worktree in add_with_explicit_branch
Valgrind log:
==2711== 305 (48 direct, 257 indirect) bytes in 1 blocks are definitely lost in loss record 576 of 624
==2711== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2711== by 0x5E079E: git__calloc (util.h:99)
==2711== by 0x5E0D21: open_worktree_dir (worktree.c:134)
==2711== by 0x5E0F23: git_worktree_lookup (worktree.c:176)
==2711== by 0x5E1972: git_worktree_add (worktree.c:388)
==2711== by 0x551F23: test_worktree_worktree__add_with_explicit_branch (worktree.c:292)
==2711== by 0x45853E: clar_run_test (clar.c:222)
==2711== by 0x4587E1: clar_run_suite (clar.c:286)
==2711== by 0x458B04: clar_parse_args (clar.c:362)
==2711== by 0x458CAB: clar_test_run (clar.c:428)
==2711== by 0x45665C: main (main.c:24)
|
|
592b200c
|
2018-04-18T21:41:44
|
|
refspec: check for valid parameters in git_refspec__dwim_one
CID:1383993, "In git_refspec__dwim_one: All paths that lead to this null pointer comparison already dereference the pointer earlier (CWE-476)"
|
|
df4937b8
|
2018-04-18T20:57:16
|
|
remote: repo is optional here
As per CID:1378747, we might be called with a NULL repo, which would be deferenced in write_add_refspec
|
|
8122ef98
|
2018-04-19T01:08:18
|
|
worktree: fix calloc of the wrong object type
|
|
836ec316
|
2018-04-19T01:05:05
|
|
local: fix a leaking reference when iterating over a symref
Valgrind log :
==17702== 18 bytes in 1 blocks are indirectly lost in loss record 69 of 1,123
==17702== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17702== by 0x5FDBB49: strdup (strdup.c:42)
==17702== by 0x632B3E: git__strdup (util.h:106)
==17702== by 0x632D2C: git_reference__alloc_symbolic (refs.c:64)
==17702== by 0x62E0AF: loose_lookup (refdb_fs.c:408)
==17702== by 0x62E636: refdb_fs_backend__iterator_next (refdb_fs.c:565)
==17702== by 0x62CD8E: git_refdb_iterator_next (refdb.c:147)
==17702== by 0x6347F2: git_reference_next (refs.c:838)
==17702== by 0x6345CB: git_reference_foreach (refs.c:748)
==17702== by 0x66BE62: local_download_pack (local.c:579)
==17702== by 0x5DB48F: git_fetch_download_pack (fetch.c:148)
==17702== by 0x639028: git_remote_download (remote.c:932)
==17702== by 0x63919A: git_remote_fetch (remote.c:969)
==17702== by 0x4ABEDD: test_fetchhead_nonetwork__fetch_into_repo_with_symrefs (nonetwork.c:362)
==17702== by 0x4125D9: clar_run_test (clar.c:222)
==17702== by 0x41287C: clar_run_suite (clar.c:286)
==17702== by 0x412DDE: clar_test_run (clar.c:433)
==17702== by 0x4105E1: main (main.c:24)
|
|
fd7b5bc3
|
2018-04-20T12:54:41
|
|
Fix deletion of unrelated branch on worktree
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
709e099c
|
2018-04-20T11:00:46
|
|
Merge pull request #4631 from andreasbaumann/struct_stat_file_offset_bits
fixed stack smashing due to wrong size of struct stat on the stack
|
|
fac7eac4
|
2018-04-19T15:21:52
|
|
fixed stack smashing due to wrong size of struct stat on the stack
on 32-bit systems with 64-bit file descriptor offsets enabled
(added -D_FILE_OFFSET_BITS=64 when compiling the test suite)
|
|
ec5d1880
|
2018-04-18T09:40:44
|
|
github: update issue template
Update the issue template to point to the discussions repo.
|
|
d906a879
|
2018-04-17T23:39:54
|
|
Merge pull request #4476 from pks-t/pks/backport-script
scripts: add backporting script
|
|
8529ac9b
|
2018-04-17T23:38:46
|
|
Merge pull request #4524 from pks-t/pks/worktree-refs
worktree: add ability to create worktree with pre-existing branch
|
|
1fd26760
|
2018-04-17T23:33:06
|
|
Merge pull request #4618 from tiennou/fix/pwned-references
refs: preserve the owning refdb when duping reference
|
|
d7f413c0
|
2018-04-17T20:07:36
|
|
crlf: update CHANGELOG
|
|
99ec4fdb
|
2018-04-17T20:06:30
|
|
crlf: wrap line
|
|
2ad24a4e
|
2018-04-17T20:05:35
|
|
tests: add information about the crlf data generator
The CRLF data generator is somewhat obscure; add information about how
to use it and what it does.
|
|
a5115842
|
2017-01-28T18:31:11
|
|
crlf: update checkout logic to reflect Git 2.9+ behaviour
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
ad5a696e
|
2017-01-28T17:11:55
|
|
tests: crlf: update POSIX test data to reflect Git 2.9+ behavior
Update with vanilla Git 2.11.0 on Debian
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
f65eea44
|
2017-01-28T17:08:59
|
|
tests: crlf: update Windows test data to reflect Git 2.9+ behavior
Update with "git version 2.11.0.windows.3"
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|