kmx git

Commit	Date	Message
b67a93ff	2018-09-04T14:00:49	clar: remove globals; error-check fprintf/fclose Remove the global summary filename and file pointer; pass them in to the summary functions as needed. Error check the results of buffered I/O calls.
a2d73f56	2018-08-24T11:23:19	clar: introduce CLAR_XML option Introduce a CLAR_XML option, to run the `ctest` commands with the new `-r` flag to clar. Permitted values are `OFF`, `ON` and a directory to write the XML test results to.
dbebcb04	2018-08-26T15:25:15	clar: don't use a variable named `time`
59f1e477	2018-07-27T23:00:09	Barebones JUnit XML output
3a9b9631	2018-07-26T23:02:34	Documentation
bf9fc126	2018-07-26T23:02:20	Isolate test reports This makes it possible to keep track of every test status (even successful ones), and their errors, if any.
90753a96	2018-08-26T15:11:21	clar: refactor explicitly run test behavior Previously, supplying `-s` to explicitly enable some test(s) would run the tests immediately from the argument parser. This forces us to set up the entire clar environment (for example: sandboxing) before argument parsing takes place. Refactor the behavior of `-s` to add the explicitly chosen tests to a list that is executed later. This untangles the argument parsing from the setup lifecycle, allowing us to use the arguments to perform the setup.
baa5c20d	2018-08-26T15:31:14	clar: accept a value for the summary filename Accept an (optional) value for the summary filename. Continues to default to summary.xml.
85eb2cb6	2018-08-26T11:33:42	Merge pull request #4727 from libgit2/cmn/null-oid-existing-tree tree: accept null ids in existing trees when updating
50186ce8	2018-08-26T11:26:45	Merge pull request #4374 from pks-t/pks/pack-file-verify Pack file verification
fd7ab1d7	2018-08-24T09:47:09	Merge pull request #4776 from pks-t/pks/test-index-invalid-filemode tests: verify adding index conflicts with invalid filemodes fails
503af775	2018-08-24T10:08:09	Merge pull request #4769 from tiennou/fix/worktree-unlock worktree: unlock should return 1 when the worktree isn't locked
3a1f5df8	2018-08-24T09:15:29	tests: verify adding index conflicts with invalid filemodes fails Commit 581d5492f (Fix leak in index.c, 2018-08-16) was fixing a memory leak in our code adding conflicts to the index when the added index entries have an invalid file mode. The memory leak was previously undiscovered as there are no tests covering this scenario, which is now being added by this commit.
cada553c	2018-08-19T15:54:10	Merge pull request #4754 from libgit2/ethomson/threads threads::diff: use separate git_repository objects
2afd0185	2018-08-19T12:57:29	threads::iterator: use separate repository objects Our thread policies state that we cannot re-use the `git_repository` across threads. Our tests cannot deviate from that. Courtesy of Ximin Luo, https://github.com/infinity0: https://github.com/libgit2/libgit2/issues/4753#issuecomment-412247757
59c2e70e	2018-08-17T00:51:51	worktree: unlock should return 1 when the worktree isn't locked The documentation states that git_worktree_unlock returns 0 on success, and 1 on success if the worktree wasn't locked. Turns out we were returning 0 in any of those cases.
6698e056	2018-08-14T04:22:14	Fix the test and comment.
f1409500	2018-08-14T03:54:01	Write a test.
d1919485	2018-08-05T11:01:14	threads::diff: use separate git_repository objects Our thread policies state that we cannot re-use the `git_repository` across threads. Our tests cannot deviate from that.
f00db9ed	2018-07-27T12:00:37	tree: rename from_tree to validate and clarify the tree in the test
219512e7	2018-07-20T14:14:16	buf tests: allocate a smaller size for the oom On Linux (where we run valgrind) allocate a smaller buffer, but still an insanely large size. This will cause malloc to fail but will not cause valgrind to report a likely error with a negative-sized malloc. Keep the original buffer size on non-Linux platforms: this is well-tested on them and changing it may be problematic. On macOS, for example, using the new size causes `malloc` to print a warning to stderr.
ce798b25	2018-07-04T10:56:56	tests: simplify cmake test configuration Simplify the names for the tests, removing the unnecessary "libgit2-clar" prefix. Make "all" the new default test run, and include the online tests by default (since HTTPS should always be enabled). For the CI tests, create an offline-only test, then the various online tests.
d285de73	2018-07-20T21:52:24	push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves.
dad99881	2018-07-20T21:51:36	push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well.
0652abaa	2018-07-20T12:56:49	Merge pull request #4702 from tiennou/fix/coverity Assorted Coverity fixes
2dff7e28	2018-07-18T21:04:13	tree: accept null ids in existing trees when updating When we add entries to a treebuilder we validate them. But we validate even those that we're adding because they exist in the base tree. This disables using the normal mechanisms on these trees, even to fix them. Keep track of whether the entry we're appending comes from an existing tree and bypass the name and id validation if it's from existing data.
e1a4a8eb	2018-06-25T11:58:34	cmake: enforce C90 standard While the aim of libgit2 was to conform to C90 code, we never instructed the compiler to enforce C90 compliance. Thus, quite a few violations were able to get into our code base, which have been removed with the previous commits. As we are now able to build libgit2 with C90 enforced, we can set the C_STANDARD property for our own build targets. Note that we explicitly avoid setting the C standard for our third-party dependencies. At least the zlib target does not build with C90 enforced, and we do not want to fix them by deviating from upstream. Thus we simply enforce no standard for them.
c13e56f9	2018-06-25T14:12:53	cmake: distinguish internal and system include directories While we want to enforce strict C90 mode, this may cause issues with system provided header files which are themselves not strictly conforming. E.g. if a system header has C++ style comments, a compiler in strict C90 mode would produce an error and abort the build. As the user most likely doesn't want to change the system header, this would completely break the build on such systems. One example of this is mbedtls, which provides such header files. The problem can be worked around by distinguishing between system-provided and project-provided include directories. When adding include directories via "-isystem" instead of "-I", the compiler will skip certain checks and print out less warnings. To use system includes, we can simply add the "SYSTEM" flag to CMake's `INCLUDE_DIRECTORIES` and `TARGET_INCLUDE_DIRECTORIES` functions. Note that we have to split the include directories into two variables because of this, as we definitely still want to check for all warnings produced by our own header files.
9994cd3f	2018-06-25T11:56:52	treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.
6dfc8bc2	2018-07-09T23:10:05	Merge pull request #4719 from pks-t/pks/delta-oob Delta OOB access
89091d36	2018-07-06T20:24:21	tests: fix a relative pathname issue The path given to `git_index_add_bypath` is relative to the root of the repository. That `describe/file` path is relative to the root of the sandbox directory, hence if I add the missing `cl_git_pass` I rightfully get an error that `$SANDBOX/describe/describe/file doesn't exist`. The path is thus changed to be made relative to the repository, which makes the failure go away and "restore" the test.
8455a270	2018-07-01T12:04:27	tests: add missing cl_git_pass to tests Reported by Coverity, CID 1393678-1393697.
17bd3b96	2018-06-19T20:15:49	tests: mailmap/parsing: add a missing cl_git_pass Reported by Coverity, CID 1393483
f4633791	2018-07-06T12:36:05	Merge pull request #4687 from tiennou/fix/4672 patch_parse: populate line numbers while parsing diffs
f2a1cece	2018-07-06T11:25:47	Merge pull request #4686 from tiennou/fix/more-worktree-from-bare Fix git_worktree_validate failing on bare repositories
8a00de08	2018-07-06T10:47:06	Merge pull request #4699 from nelhage/fetch-null-dst git_refspec_transform: Handle NULL dst
c43658f6	2018-06-30T13:24:23	Merge pull request #4536 from libgit2/ethomson/index_dirty Add a "dirty" state to the index when it has unsaved changes
ff8edac9	2018-06-29T16:18:36	formatting fix
bfa1f022	2018-06-22T19:17:08	settings: optional unsaved index safety Add the `GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY` option, which will cause commands that reload the on-disk index to fail if the current `git_index` has changed that have not been saved. This will prevent users from - for example - adding a file to the index then calling a function like `git_checkout` and having that file be silently removed from the index since it was re-read from disk. Now calls that would re-read the index will fail if the index is "dirty", meaning changes have been made to it but have not been written. Users can either `git_index_read` to discard those changes explicitly, or `git_index_write` to write them.
787768c2	2018-06-22T19:07:54	index: return a unique error code on dirty index When the index is dirty, return GIT_EINDEXDIRTY so that consumers can identify the exact problem programatically.
5e26391a	2018-06-18T18:28:08	checkout: FORCE doesn't halt on dirty index If the index is dirty, allow `GIT_CHECKOUT_FORCE` to obliterate unsaved changes. This is in keeping with its name and description.
b242cdbf	2017-11-17T00:19:07	index: commit the changes to the index properly Now that the index has a "dirty" state, where it has changes that have not yet been committed or rolled back, our tests need to be adapted to actually commit or rollback the changes instead of assuming that the index can be operated on in its indeterminate state.
dc4a18c7	2017-11-12T08:23:13	index: test dirty index bit Test that any changes to the index will mark the index as dirty. Also ensure that when we initialize a new index, read the index contents from disk, or write the index contents to disk that we reset the dirty flag to zero. Further ensure that an unforced read with dirty contents (when the on-disk index has not changed) does _not_ reset the dirty flag as we have not updated the contents of our index and our unsaved contents remain intact.
55a96606	2018-06-18T16:14:26	checkout tests: validate GIT_CHECKOUT_NO_REFRESH Add tests that ensure that we re-read the on-disk image by default during checkout, but when the `GIT_CHECKOUT_NO_REFRESH` option is specified, we do _not_ re-read the index.
8356bf7e	2018-06-29T14:39:14	tests: worktree/bare: test some paths
d0921127	2018-06-29T14:39:13	tests: add a helper to build sandbox subpaths quickly
83c35f7e	2018-06-29T14:39:11	tests: worktree/bare: fix git_worktree_validate
bd40f0d7	2018-06-29T14:39:10	tests: worktree/bare: check git_worktree_list
7e3c13e0	2018-06-29T14:39:08	tests: worktree/bare: gather all tests
af3088e4	2018-06-29T11:45:15	refspec: rename `git_refspec__free` to `git_refspec__dispose` Since commit 630a67366 (refspec: add public parsing api, 2018-02-07), we now have two functions `git_refspec_free` and `git_refspec__free`. The difference is that the first one will free the structure itself, while the second one will only free the structure's contents. Use our new `dispose` naming pattern for the latter function to help avoid confusion.
7192e26f	2018-06-29T09:43:33	Merge pull request #4519 from cynecx/refspec-parsing refspec: add public parsing api
24597812	2018-06-29T09:11:02	delta: fix out-of-bounds read of delta When computing the offset and length of the delta base, we repeatedly increment the `delta` pointer without checking whether we have advanced past its end already, which can thus result in an out-of-bounds read. Fix this by repeatedly checking whether we have reached the end. Add a test which would cause Valgrind to produce an error. Reported-by: Riccardo Schirone <rschiron@redhat.com> Test-provided-by: Riccardo Schirone <rschiron@redhat.com>
7db25870	2018-06-29T07:45:18	delta: fix sign-extension of big left-shift Our delta code was originally adapted from JGit, which itself adapted it from git itself. Due to this heritage, we inherited a bug from git.git in how we compute the delta offset, which was fixed upstream in 48fb7deb5 (Fix big left-shifts of unsigned char, 2009-06-17). As explained by Linus: Shifting 'unsigned char' or 'unsigned short' left can result in sign extension errors, since the C integer promotion rules means that the unsigned char/short will get implicitly promoted to a signed 'int' due to the shift (or due to other operations). This normally doesn't matter, but if you shift things up sufficiently, it will now set the sign bit in 'int', and a subsequent cast to a bigger type (eg 'long' or 'unsigned long') will now sign-extend the value despite the original expression being unsigned. One example of this would be something like unsigned long size; unsigned char c; size += c << 24; where despite all the variables being unsigned, 'c << 24' ends up being a signed entity, and will get sign-extended when then doing the addition in an 'unsigned long' type. Since git uses 'unsigned char' pointers extensively, we actually have this bug in a couple of places. In our delta code, we inherited such a bogus shift when computing the offset at which the delta base is to be found. Due to the sign extension we can end up with an offset where all the bits are set. This can allow an arbitrary memory read, as the addition in `base_len < off + len` can now overflow if `off` has all its bits set. Fix the issue by casting the result of `*delta++ << 24UL` to an unsigned integer again. Add a test with a crafted delta that would actually succeed with an out-of-bounds read in case where the cast wouldn't exist. Reported-by: Riccardo Schirone <rschiron@redhat.com> Test-provided-by: Riccardo Schirone <rschiron@redhat.com>
7330ae67	2018-06-26T10:45:57	index::addall tests: write the index When running `git_index_add_all`, we should write the index to disk so that we can re-read it safely during status.
08ea0d7d	2018-02-18T11:49:08	index::reuc tests: test that checkout succeeds The index::reuc tests must test that the checkout itself succeeds, otherwise subsequent tests are not valid. In fact, the checkouts were failing because when checking out `SAFE`, they cannot update the files that are in conflict. Change the checkout level to `FORCE` to ensure that they get updated correctly.
c4ce017f	2018-02-18T22:27:34	index::names tests: add conflicts with high stages We add entries into the main index to correspond with the NAME entries that we're going to test. NAME entries store the results of conflicts occuring with rename detection during merge, and they must correspond to conflicts in the index. This test was mistakenly adding regular entries. The checkout validation failed, since it requires NAME entries to correspond to high-stage (conflict) entries. Correct the test to actually create conflicts.
46c9f26f	2018-06-25T15:47:31	Add a test. Verified that this breaks before the fix and passes afterwards.
4fd81c53	2018-06-18T19:43:53	Clear revwalk sorting when resetting Currently we fail to clear the sorting flag for revwalks when resetting. This caused a poor interaction with the limited flag during a recent patch. This patch clears the revwalk sorting flag and causes it to no longer persist over resets.
630a6736	2018-02-07T22:30:27	refspec: add public parsing api Fix typo Fix some type issues More fixes Address requested changes Add test Fix naming Fix condition and tests Address requested changes Fix typo
65a4b06e	2017-11-12T10:43:28	tests: indexer: add test to exercise our connectivity checking The new connectivity tests are not currently being verified at all due to being turned off by default. Create two test cases for a pack file which fails our checks and one which suceeds.
c16556aa	2017-11-12T10:31:48	indexer: introduce options struct to `git_indexer_new` We strive to keep an options structure to many functions to be able to extend options in the future without breaking the API. `git_indexer_new` doesn't have one right now, but we want to be able to add an option for enabling strict packfile verification. Add a new `git_indexer_options` structure and adjust callers to use that.
f9e28026	2018-06-18T20:37:18	patch_parse: populate line numbers while parsing diffs
b5818dda	2018-06-18T13:05:08	Fix last references to deprecated git_buf_free Signed-off-by: Sven Strickroth <email@cs-ware.de>
f98131be	2018-06-17T00:40:25	Require the length argument to git_mailmap_from_buffer and make mailmap_add_buffer internal
9faf36a6	2018-06-14T22:48:58	mailmap: git_buf_free => git_buf_dispose
56303e1a	2018-05-07T11:59:00	mailmap: API and style cleanup
a140c138	2018-04-08T03:01:37	mailmap: Updates tests for new API and features
18ff9bab	2018-03-27T22:48:03	mailmap: API and style cleanup
57cfeab9	2018-03-26T15:05:37	mailmap: Switch mailmap parsing to use the git_parse module
aa3a24a4	2018-03-26T14:44:15	mailmap: Clean up the mailmap fixture's .gitted directory
5c6c8a9b	2018-03-18T01:26:30	mailmap: Fix some other minor style nits
4ff44be8	2018-03-17T18:24:15	mailmap: Fix more bugs which snuck in when I rebased
983b8c2d	2018-03-17T18:15:41	mailmap: Add a bunch of tests for the new mailmap functionality
939d8d57	2018-03-17T18:14:03	mailmap: Support path fixtures in cl_git_repository_init()
b88cbf8c	2018-03-18T01:40:47	mailmap: Add some super-basic tests
3be73011	2018-06-11T18:26:22	Merge pull request #4436 from pks-t/pks/packfile-stream-free pack: rename `git_packfile_stream_free`
96212813	2018-06-11T17:11:36	stash test: free the commit
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
123f01f0	2018-06-10T12:21:43	stash test: free the reference
795a5b28	2018-06-09T18:36:21	Merge pull request #4668 from novalis/bad-stash Fix stash save bug with fast path index check
44788c96	2018-06-09T18:00:23	Merge pull request #4662 from pks-t/pks/gitfile-api path: unify `git_path_is_*` APIs
bc0f3227	2018-06-09T17:59:46	Merge pull request #4670 from pks-t/pks/ignore-leadingdir Fix negative gitignore rules with leading directories
9865cd16	2018-03-20T14:23:49	alloc: make memory allocators use function pointers Currently, our memory allocators are being redirected to the correct implementation at compile time by simply using macros. In order to make them swappable at runtime, this commit reshuffles that by instead making use of a global "git_allocator" structure, whose pointers are set up to reference the allocator functions. Like this, it becomes easy to swap out allocators by simply setting these function pointers. In order to initialize a "git_allocator", our provided allocators "stdalloc" and "crtdbg" both provide an init function. This is being called to initialize a passed in allocator struct and set up its members correctly. No support is yet included to enable users of libgit2 to switch out the memory allocator at a global level.
5a7d454b	2018-06-04T12:56:08	Fix stash save bug with fast path index check If the index contains stat data for a modified file, and the file is not racily dirty, and there exists an untracked working tree directory alphabetically after that file, and there are no other changes to the repo, then git_stash_save would fail. It would confuse the untracked working tree directory for the modified file, because they have the same sha: zero. The wt directory has a sha of zero because it's a directory, and the file would have a zero sha because we wouldn't read the file -- we would just know that it doesn't match the index. To fix this confusion, we simply check mode as well as SHA.
20306d36	2018-06-06T14:31:28	Merge pull request #4665 from neithernut/fix-refdb-glob refdb_fs: fix regression: failure when globbing for non-existant references
8178c70f	2018-06-06T09:23:01	tests: submodule: do not rely on config iteration order The test submodule::lookup::duplicated_path, which tries to verify that we detect submodules with duplicated paths, currently relies on the gitmodules file of "submod2_target". While this file has two gitmodules with the same path, one of these gitmodules has an empty name and thus does not pass `git_submodule_name_is_valid`. Because of this, the test is in fact dependent on the iteration order in which we process the submodules. In fact the "valid" submodule comes first, the "invalid" submodule will cause the desired error. In fact the "invalid" submodule comes first, it will be skipped due to its name being invalid, and we will not see the desired error. While this works on the master branch just right due to the refactoring of our config code, where iteration order is now deterministic, this breaks on all older maintenance branches. Fix the issue by simply using `cl_git_rewritefile` to rewrite the gitmodules file. This greatly simplifies the test and also makes the intentions of it much clearer.
20b4c175	2018-06-05T16:12:58	ignore: fix negative leading directory rules unignoring subdirectory files When computing whether a file is ignored, we simply search for the first matching rule and return whether it is a positive ignore rule (the file is really ignored) or whether it is a negative ignore rule (the file is being unignored). Each rule has a set of flags which are being passed to `fnmatch`, depending on what kind of rule it is. E.g. in case it is a negative ignore we add a flag `GIT_ATTR_FNMATCH_NEGATIVE`, in case it contains a glob we set the `GIT_ATTR_FNMATCH_HASGLOB` flag. One of these flags is the `GIT_ATTR_FNMATCH_LEADINGDIR` flag, which is always set in case the pattern has a trailing "/" or in case the pattern is negative. The flag causes the `fnmatch` function to return a match in case a string is a leading directory of another, e.g. "dir/" matches "dir/foo/bar.c". In case of negative patterns, this is wrong in certain cases. Take the following simple example of a gitignore: dir/ !dir/ The `LEADINGDIR` flag causes "!dir/" to match "dir/foo/bar.c", and we correctly unignore the directory. But take this example: .test !dir/* We expect everything in "dir/" to be unignored, but e.g. a file in a subdirectory of dir should be ignored, as the "" does not cross directory hierarchies. With `LEADINGDIR`, though, we would just see that "dir/" matches and return that the file is unignored, even if it is contained in a subdirectory. Instead, we want to ignore leading directories here and check ".test". Afterwards, we have to iterate up to the parent directory and do the same checks. To fix the issue, disallow matching against leading directories in gitignore files. This can be trivially done by just adding the `GIT_ATTR_FNMATCH_NOLEADINGDIR` to the spec passed to `git_attr_fnmatch__parse`. Due to a bug in that function, though, this flag is being ignored for negative patterns, which is fixed in this commit, as well. As a last fix, we need to ignore rules that are supposed to match a directory when our path itself is a file. All together, these changes fix the described error case.
9beb73ed	2018-06-05T16:45:23	tests: status::ignore: fix style of a test
d7eca4c3	2018-06-01T08:57:17	refdb_fs: add test for globbing of nonexistant refs
92159bd4	2018-05-30T12:18:04	path: unify `git_path_is_*` APIs Right now, there's quite a lot of different function calls to determine whether a path component matches a specific name after normalization from the filesystem. We have a function for each of {gitattributes, gitmodules, gitignore} multiplicated with {generic, NTFS, HFS} checks. In the long time, this is unmaintainable in case there are e.g. new filesystems with specific semantics, blowing up the number of functions we need to implement. Replace all functions with a simple `git_path_is_gitfile` function, which accepts an enum pointing out the filename that is to be checked against as well as the filesystem normalizations to check for. This greatly simplifies implementation at the expense of the caller having to invoke a somewhat longer function call.
b2a389c8	2018-05-30T08:35:06	submodule: detect duplicated submodule paths When loading submodule names, we build a map of submodule paths and their respective names. While looping over the configuration keys, we do not check though whether a submodule path was seen already. This leads to a memory leak in case we have multiple submodules with the same path, as we just overwrite the old value in the map in that case. Fix the error by verifying that the path to be added is not yet part of the string map. Git does not allow to have multiple submodules for a path anyway, so we now do the same and detect this duplication, reporting it to the user.
7f6c1ce9	2018-05-29T21:04:39	Merge pull request #4660 from libgit2/cmn/submodule-traversal Fixes for CVE 2018-11235
57e343d7	2018-05-24T21:58:40	path: hand-code the zero-width joiner as UTF-8
9e723db8	2018-05-24T20:28:36	submodule: plug leaks from the escape detection
3fbfae26	2018-05-22T20:37:23	checkout: change symlinked .gitmodules file test to expect failure When dealing with `core.proectNTFS` and `core.protectHFS` we do check against `.gitmodules` but we still have a failing test as the non-filesystem codepath does not check for it.
a7168b47	2018-05-22T16:13:47	path: reject .gitmodules as a symlink Any part of the library which asks the question can pass in the mode to have it checked against `.gitmodules` being a symlink. This is particularly relevant for adding entries to the index from the worktree and for checking out files.
02c80ad7	2018-05-22T15:21:08	path: accept the name length as a parameter We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.
a145f2b6	2018-05-22T14:16:45	checkout: add a failing test for refusing a symlinked .gitmodules We want to reject these as they cause compatibility issues and can lead to git writing to files outside of the repository.
177dcfc7	2018-05-18T15:16:53	path: hide the dotgit file functions These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.
9de97ae7	2018-05-16T15:42:08	path: add a function to detect an .gitmodules file Given a path component it knows what to pass to the filesystem-specific functions so we're protected even from trees which try to use the 8.3 naming rules to get around us matching on the filename exactly. The logic and test strings come from the equivalent git change.

b67a93ff

2018-09-04T14:00:49

clar: remove globals; error-check fprintf/fclose Remove the global summary filename and file pointer; pass them in to the summary functions as needed. Error check the results of buffered I/O calls.

a2d73f56

2018-08-24T11:23:19

clar: introduce CLAR_XML option Introduce a CLAR_XML option, to run the `ctest` commands with the new `-r` flag to clar. Permitted values are `OFF`, `ON` and a directory to write the XML test results to.

dbebcb04

2018-08-26T15:25:15

clar: don't use a variable named `time`

59f1e477

2018-07-27T23:00:09

Barebones JUnit XML output

3a9b9631

2018-07-26T23:02:34

Documentation

bf9fc126

2018-07-26T23:02:20

Isolate test reports This makes it possible to keep track of every test status (even successful ones), and their errors, if any.

90753a96

2018-08-26T15:11:21

clar: refactor explicitly run test behavior Previously, supplying `-s` to explicitly enable some test(s) would run the tests immediately from the argument parser. This forces us to set up the entire clar environment (for example: sandboxing) before argument parsing takes place. Refactor the behavior of `-s` to add the explicitly chosen tests to a list that is executed later. This untangles the argument parsing from the setup lifecycle, allowing us to use the arguments to perform the setup.

baa5c20d

2018-08-26T15:31:14

clar: accept a value for the summary filename Accept an (optional) value for the summary filename. Continues to default to summary.xml.

85eb2cb6

2018-08-26T11:33:42

Merge pull request #4727 from libgit2/cmn/null-oid-existing-tree tree: accept null ids in existing trees when updating

50186ce8

2018-08-26T11:26:45

Merge pull request #4374 from pks-t/pks/pack-file-verify Pack file verification

fd7ab1d7

2018-08-24T09:47:09

Merge pull request #4776 from pks-t/pks/test-index-invalid-filemode tests: verify adding index conflicts with invalid filemodes fails

503af775

2018-08-24T10:08:09

Merge pull request #4769 from tiennou/fix/worktree-unlock worktree: unlock should return 1 when the worktree isn't locked

3a1f5df8

2018-08-24T09:15:29

tests: verify adding index conflicts with invalid filemodes fails Commit 581d5492f (Fix leak in index.c, 2018-08-16) was fixing a memory leak in our code adding conflicts to the index when the added index entries have an invalid file mode. The memory leak was previously undiscovered as there are no tests covering this scenario, which is now being added by this commit.

cada553c

2018-08-19T15:54:10

Merge pull request #4754 from libgit2/ethomson/threads threads::diff: use separate git_repository objects

2afd0185

2018-08-19T12:57:29

threads::iterator: use separate repository objects Our thread policies state that we cannot re-use the `git_repository` across threads. Our tests cannot deviate from that. Courtesy of Ximin Luo, https://github.com/infinity0: https://github.com/libgit2/libgit2/issues/4753#issuecomment-412247757

59c2e70e

2018-08-17T00:51:51

worktree: unlock should return 1 when the worktree isn't locked The documentation states that git_worktree_unlock returns 0 on success, and 1 on success if the worktree wasn't locked. Turns out we were returning 0 in any of those cases.

6698e056

2018-08-14T04:22:14

Fix the test and comment.

f1409500

2018-08-14T03:54:01

Write a test.

d1919485

2018-08-05T11:01:14

threads::diff: use separate git_repository objects Our thread policies state that we cannot re-use the `git_repository` across threads. Our tests cannot deviate from that.

f00db9ed

2018-07-27T12:00:37

tree: rename from_tree to validate and clarify the tree in the test

219512e7

2018-07-20T14:14:16

buf tests: allocate a smaller size for the oom On Linux (where we run valgrind) allocate a smaller buffer, but still an insanely large size. This will cause malloc to fail but will not cause valgrind to report a likely error with a negative-sized malloc. Keep the original buffer size on non-Linux platforms: this is well-tested on them and changing it may be problematic. On macOS, for example, using the new size causes `malloc` to print a warning to stderr.

ce798b25

2018-07-04T10:56:56

tests: simplify cmake test configuration Simplify the names for the tests, removing the unnecessary "libgit2-clar" prefix. Make "all" the new default test run, and include the online tests by default (since HTTPS should always be enabled). For the CI tests, create an offline-only test, then the various online tests.

d285de73

2018-07-20T21:52:24

push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves.

dad99881

2018-07-20T21:51:36

push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well.

0652abaa

2018-07-20T12:56:49

Merge pull request #4702 from tiennou/fix/coverity Assorted Coverity fixes

2dff7e28

2018-07-18T21:04:13

tree: accept null ids in existing trees when updating When we add entries to a treebuilder we validate them. But we validate even those that we're adding because they exist in the base tree. This disables using the normal mechanisms on these trees, even to fix them. Keep track of whether the entry we're appending comes from an existing tree and bypass the name and id validation if it's from existing data.

e1a4a8eb

2018-06-25T11:58:34

cmake: enforce C90 standard While the aim of libgit2 was to conform to C90 code, we never instructed the compiler to enforce C90 compliance. Thus, quite a few violations were able to get into our code base, which have been removed with the previous commits. As we are now able to build libgit2 with C90 enforced, we can set the C_STANDARD property for our own build targets. Note that we explicitly avoid setting the C standard for our third-party dependencies. At least the zlib target does not build with C90 enforced, and we do not want to fix them by deviating from upstream. Thus we simply enforce no standard for them.

c13e56f9

2018-06-25T14:12:53

cmake: distinguish internal and system include directories While we want to enforce strict C90 mode, this may cause issues with system provided header files which are themselves not strictly conforming. E.g. if a system header has C++ style comments, a compiler in strict C90 mode would produce an error and abort the build. As the user most likely doesn't want to change the system header, this would completely break the build on such systems. One example of this is mbedtls, which provides such header files. The problem can be worked around by distinguishing between system-provided and project-provided include directories. When adding include directories via "-isystem" instead of "-I", the compiler will skip certain checks and print out less warnings. To use system includes, we can simply add the "SYSTEM" flag to CMake's `INCLUDE_DIRECTORIES` and `TARGET_INCLUDE_DIRECTORIES` functions. Note that we have to split the include directories into two variables because of this, as we definitely still want to check for all warnings produced by our own header files.

9994cd3f

2018-06-25T11:56:52

treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.

6dfc8bc2

2018-07-09T23:10:05

Merge pull request #4719 from pks-t/pks/delta-oob Delta OOB access

89091d36

2018-07-06T20:24:21

tests: fix a relative pathname issue The path given to `git_index_add_bypath` is relative to the root of the repository. That `describe/file` path is relative to the root of the sandbox directory, hence if I add the missing `cl_git_pass` I rightfully get an error that `$SANDBOX/describe/describe/file doesn't exist`. The path is thus changed to be made relative to the repository, which makes the failure go away and "restore" the test.

8455a270

2018-07-01T12:04:27

tests: add missing cl_git_pass to tests Reported by Coverity, CID 1393678-1393697.

17bd3b96

2018-06-19T20:15:49

tests: mailmap/parsing: add a missing cl_git_pass Reported by Coverity, CID 1393483

f4633791

2018-07-06T12:36:05

Merge pull request #4687 from tiennou/fix/4672 patch_parse: populate line numbers while parsing diffs

f2a1cece

2018-07-06T11:25:47

Merge pull request #4686 from tiennou/fix/more-worktree-from-bare Fix git_worktree_validate failing on bare repositories

8a00de08

2018-07-06T10:47:06

Merge pull request #4699 from nelhage/fetch-null-dst git_refspec_transform: Handle NULL dst

c43658f6

2018-06-30T13:24:23

Merge pull request #4536 from libgit2/ethomson/index_dirty Add a "dirty" state to the index when it has unsaved changes

ff8edac9

2018-06-29T16:18:36

formatting fix

bfa1f022

2018-06-22T19:17:08

settings: optional unsaved index safety Add the `GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY` option, which will cause commands that reload the on-disk index to fail if the current `git_index` has changed that have not been saved. This will prevent users from - for example - adding a file to the index then calling a function like `git_checkout` and having that file be silently removed from the index since it was re-read from disk. Now calls that would re-read the index will fail if the index is "dirty", meaning changes have been made to it but have not been written. Users can either `git_index_read` to discard those changes explicitly, or `git_index_write` to write them.

787768c2

2018-06-22T19:07:54

index: return a unique error code on dirty index When the index is dirty, return GIT_EINDEXDIRTY so that consumers can identify the exact problem programatically.

5e26391a

2018-06-18T18:28:08

checkout: FORCE doesn't halt on dirty index If the index is dirty, allow `GIT_CHECKOUT_FORCE` to obliterate unsaved changes. This is in keeping with its name and description.

b242cdbf

2017-11-17T00:19:07

index: commit the changes to the index properly Now that the index has a "dirty" state, where it has changes that have not yet been committed or rolled back, our tests need to be adapted to actually commit or rollback the changes instead of assuming that the index can be operated on in its indeterminate state.

dc4a18c7

2017-11-12T08:23:13

index: test dirty index bit Test that any changes to the index will mark the index as dirty. Also ensure that when we initialize a new index, read the index contents from disk, or write the index contents to disk that we reset the dirty flag to zero. Further ensure that an unforced read with dirty contents (when the on-disk index has not changed) does _not_ reset the dirty flag as we have not updated the contents of our index and our unsaved contents remain intact.

55a96606

2018-06-18T16:14:26

checkout tests: validate GIT_CHECKOUT_NO_REFRESH Add tests that ensure that we re-read the on-disk image by default during checkout, but when the `GIT_CHECKOUT_NO_REFRESH` option is specified, we do _not_ re-read the index.

8356bf7e

2018-06-29T14:39:14

tests: worktree/bare: test some paths

d0921127

2018-06-29T14:39:13

tests: add a helper to build sandbox subpaths quickly

83c35f7e

2018-06-29T14:39:11

tests: worktree/bare: fix git_worktree_validate

bd40f0d7

2018-06-29T14:39:10

tests: worktree/bare: check git_worktree_list

7e3c13e0

2018-06-29T14:39:08

tests: worktree/bare: gather all tests

af3088e4

2018-06-29T11:45:15

refspec: rename `git_refspec__free` to `git_refspec__dispose` Since commit 630a67366 (refspec: add public parsing api, 2018-02-07), we now have two functions `git_refspec_free` and `git_refspec__free`. The difference is that the first one will free the structure itself, while the second one will only free the structure's contents. Use our new `dispose` naming pattern for the latter function to help avoid confusion.

7192e26f

2018-06-29T09:43:33

Merge pull request #4519 from cynecx/refspec-parsing refspec: add public parsing api

24597812

2018-06-29T09:11:02

delta: fix out-of-bounds read of delta When computing the offset and length of the delta base, we repeatedly increment the `delta` pointer without checking whether we have advanced past its end already, which can thus result in an out-of-bounds read. Fix this by repeatedly checking whether we have reached the end. Add a test which would cause Valgrind to produce an error. Reported-by: Riccardo Schirone <rschiron@redhat.com> Test-provided-by: Riccardo Schirone <rschiron@redhat.com>

7db25870

2018-06-29T07:45:18

delta: fix sign-extension of big left-shift Our delta code was originally adapted from JGit, which itself adapted it from git itself. Due to this heritage, we inherited a bug from git.git in how we compute the delta offset, which was fixed upstream in 48fb7deb5 (Fix big left-shifts of unsigned char, 2009-06-17). As explained by Linus: Shifting 'unsigned char' or 'unsigned short' left can result in sign extension errors, since the C integer promotion rules means that the unsigned char/short will get implicitly promoted to a signed 'int' due to the shift (or due to other operations). This normally doesn't matter, but if you shift things up sufficiently, it will now set the sign bit in 'int', and a subsequent cast to a bigger type (eg 'long' or 'unsigned long') will now sign-extend the value despite the original expression being unsigned. One example of this would be something like unsigned long size; unsigned char c; size += c << 24; where despite all the variables being unsigned, 'c << 24' ends up being a signed entity, and will get sign-extended when then doing the addition in an 'unsigned long' type. Since git uses 'unsigned char' pointers extensively, we actually have this bug in a couple of places. In our delta code, we inherited such a bogus shift when computing the offset at which the delta base is to be found. Due to the sign extension we can end up with an offset where all the bits are set. This can allow an arbitrary memory read, as the addition in `base_len < off + len` can now overflow if `off` has all its bits set. Fix the issue by casting the result of `*delta++ << 24UL` to an unsigned integer again. Add a test with a crafted delta that would actually succeed with an out-of-bounds read in case where the cast wouldn't exist. Reported-by: Riccardo Schirone <rschiron@redhat.com> Test-provided-by: Riccardo Schirone <rschiron@redhat.com>

7330ae67

2018-06-26T10:45:57

index::addall tests: write the index When running `git_index_add_all`, we should write the index to disk so that we can re-read it safely during status.

08ea0d7d

2018-02-18T11:49:08

index::reuc tests: test that checkout succeeds The index::reuc tests must test that the checkout itself succeeds, otherwise subsequent tests are not valid. In fact, the checkouts were failing because when checking out `SAFE`, they cannot update the files that are in conflict. Change the checkout level to `FORCE` to ensure that they get updated correctly.

c4ce017f

2018-02-18T22:27:34

index::names tests: add conflicts with high stages We add entries into the main index to correspond with the NAME entries that we're going to test. NAME entries store the results of conflicts occuring with rename detection during merge, and they must correspond to conflicts in the index. This test was mistakenly adding regular entries. The checkout validation failed, since it requires NAME entries to correspond to high-stage (conflict) entries. Correct the test to actually create conflicts.

46c9f26f

2018-06-25T15:47:31

Add a test. Verified that this breaks before the fix and passes afterwards.

4fd81c53

2018-06-18T19:43:53

Clear revwalk sorting when resetting Currently we fail to clear the sorting flag for revwalks when resetting. This caused a poor interaction with the limited flag during a recent patch. This patch clears the revwalk sorting flag and causes it to no longer persist over resets.

630a6736

2018-02-07T22:30:27

refspec: add public parsing api Fix typo Fix some type issues More fixes Address requested changes Add test Fix naming Fix condition and tests Address requested changes Fix typo

65a4b06e

2017-11-12T10:43:28

tests: indexer: add test to exercise our connectivity checking The new connectivity tests are not currently being verified at all due to being turned off by default. Create two test cases for a pack file which fails our checks and one which suceeds.

c16556aa

2017-11-12T10:31:48

indexer: introduce options struct to `git_indexer_new` We strive to keep an options structure to many functions to be able to extend options in the future without breaking the API. `git_indexer_new` doesn't have one right now, but we want to be able to add an option for enabling strict packfile verification. Add a new `git_indexer_options` structure and adjust callers to use that.

f9e28026

2018-06-18T20:37:18

patch_parse: populate line numbers while parsing diffs

b5818dda

2018-06-18T13:05:08

Fix last references to deprecated git_buf_free Signed-off-by: Sven Strickroth <email@cs-ware.de>

f98131be

2018-06-17T00:40:25

Require the length argument to git_mailmap_from_buffer and make mailmap_add_buffer internal

9faf36a6

2018-06-14T22:48:58

mailmap: git_buf_free => git_buf_dispose

56303e1a

2018-05-07T11:59:00

mailmap: API and style cleanup

a140c138

2018-04-08T03:01:37

mailmap: Updates tests for new API and features

18ff9bab

2018-03-27T22:48:03

mailmap: API and style cleanup

57cfeab9

2018-03-26T15:05:37

mailmap: Switch mailmap parsing to use the git_parse module

aa3a24a4

2018-03-26T14:44:15

mailmap: Clean up the mailmap fixture's .gitted directory

5c6c8a9b

2018-03-18T01:26:30

mailmap: Fix some other minor style nits

4ff44be8

2018-03-17T18:24:15

mailmap: Fix more bugs which snuck in when I rebased

983b8c2d

2018-03-17T18:15:41

mailmap: Add a bunch of tests for the new mailmap functionality

939d8d57

2018-03-17T18:14:03

mailmap: Support path fixtures in cl_git_repository_init()

b88cbf8c

2018-03-18T01:40:47

mailmap: Add some super-basic tests

3be73011

2018-06-11T18:26:22

Merge pull request #4436 from pks-t/pks/packfile-stream-free pack: rename `git_packfile_stream_free`

96212813

2018-06-11T17:11:36

stash test: free the commit

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

123f01f0

2018-06-10T12:21:43

stash test: free the reference

795a5b28

2018-06-09T18:36:21

Merge pull request #4668 from novalis/bad-stash Fix stash save bug with fast path index check

44788c96

2018-06-09T18:00:23

Merge pull request #4662 from pks-t/pks/gitfile-api path: unify `git_path_is_*` APIs

bc0f3227

2018-06-09T17:59:46

Merge pull request #4670 from pks-t/pks/ignore-leadingdir Fix negative gitignore rules with leading directories

9865cd16

2018-03-20T14:23:49

alloc: make memory allocators use function pointers Currently, our memory allocators are being redirected to the correct implementation at compile time by simply using macros. In order to make them swappable at runtime, this commit reshuffles that by instead making use of a global "git_allocator" structure, whose pointers are set up to reference the allocator functions. Like this, it becomes easy to swap out allocators by simply setting these function pointers. In order to initialize a "git_allocator", our provided allocators "stdalloc" and "crtdbg" both provide an init function. This is being called to initialize a passed in allocator struct and set up its members correctly. No support is yet included to enable users of libgit2 to switch out the memory allocator at a global level.

5a7d454b

2018-06-04T12:56:08

Fix stash save bug with fast path index check If the index contains stat data for a modified file, and the file is not racily dirty, and there exists an untracked working tree directory alphabetically after that file, and there are no other changes to the repo, then git_stash_save would fail. It would confuse the untracked working tree directory for the modified file, because they have the same sha: zero. The wt directory has a sha of zero because it's a directory, and the file would have a zero sha because we wouldn't read the file -- we would just know that it doesn't match the index. To fix this confusion, we simply check mode as well as SHA.

20306d36

2018-06-06T14:31:28

Merge pull request #4665 from neithernut/fix-refdb-glob refdb_fs: fix regression: failure when globbing for non-existant references

8178c70f

2018-06-06T09:23:01

tests: submodule: do not rely on config iteration order The test submodule::lookup::duplicated_path, which tries to verify that we detect submodules with duplicated paths, currently relies on the gitmodules file of "submod2_target". While this file has two gitmodules with the same path, one of these gitmodules has an empty name and thus does not pass `git_submodule_name_is_valid`. Because of this, the test is in fact dependent on the iteration order in which we process the submodules. In fact the "valid" submodule comes first, the "invalid" submodule will cause the desired error. In fact the "invalid" submodule comes first, it will be skipped due to its name being invalid, and we will not see the desired error. While this works on the master branch just right due to the refactoring of our config code, where iteration order is now deterministic, this breaks on all older maintenance branches. Fix the issue by simply using `cl_git_rewritefile` to rewrite the gitmodules file. This greatly simplifies the test and also makes the intentions of it much clearer.

20b4c175

2018-06-05T16:12:58

ignore: fix negative leading directory rules unignoring subdirectory files When computing whether a file is ignored, we simply search for the first matching rule and return whether it is a positive ignore rule (the file is really ignored) or whether it is a negative ignore rule (the file is being unignored). Each rule has a set of flags which are being passed to `fnmatch`, depending on what kind of rule it is. E.g. in case it is a negative ignore we add a flag `GIT_ATTR_FNMATCH_NEGATIVE`, in case it contains a glob we set the `GIT_ATTR_FNMATCH_HASGLOB` flag. One of these flags is the `GIT_ATTR_FNMATCH_LEADINGDIR` flag, which is always set in case the pattern has a trailing "/*" or in case the pattern is negative. The flag causes the `fnmatch` function to return a match in case a string is a leading directory of another, e.g. "dir/" matches "dir/foo/bar.c". In case of negative patterns, this is wrong in certain cases. Take the following simple example of a gitignore: dir/ !dir/ The `LEADINGDIR` flag causes "!dir/" to match "dir/foo/bar.c", and we correctly unignore the directory. But take this example: *.test !dir/* We expect everything in "dir/" to be unignored, but e.g. a file in a subdirectory of dir should be ignored, as the "*" does not cross directory hierarchies. With `LEADINGDIR`, though, we would just see that "dir/" matches and return that the file is unignored, even if it is contained in a subdirectory. Instead, we want to ignore leading directories here and check "*.test". Afterwards, we have to iterate up to the parent directory and do the same checks. To fix the issue, disallow matching against leading directories in gitignore files. This can be trivially done by just adding the `GIT_ATTR_FNMATCH_NOLEADINGDIR` to the spec passed to `git_attr_fnmatch__parse`. Due to a bug in that function, though, this flag is being ignored for negative patterns, which is fixed in this commit, as well. As a last fix, we need to ignore rules that are supposed to match a directory when our path itself is a file. All together, these changes fix the described error case.

9beb73ed

2018-06-05T16:45:23

tests: status::ignore: fix style of a test

d7eca4c3

2018-06-01T08:57:17

refdb_fs: add test for globbing of nonexistant refs

92159bd4

2018-05-30T12:18:04

path: unify `git_path_is_*` APIs Right now, there's quite a lot of different function calls to determine whether a path component matches a specific name after normalization from the filesystem. We have a function for each of {gitattributes, gitmodules, gitignore} multiplicated with {generic, NTFS, HFS} checks. In the long time, this is unmaintainable in case there are e.g. new filesystems with specific semantics, blowing up the number of functions we need to implement. Replace all functions with a simple `git_path_is_gitfile` function, which accepts an enum pointing out the filename that is to be checked against as well as the filesystem normalizations to check for. This greatly simplifies implementation at the expense of the caller having to invoke a somewhat longer function call.

b2a389c8

2018-05-30T08:35:06

submodule: detect duplicated submodule paths When loading submodule names, we build a map of submodule paths and their respective names. While looping over the configuration keys, we do not check though whether a submodule path was seen already. This leads to a memory leak in case we have multiple submodules with the same path, as we just overwrite the old value in the map in that case. Fix the error by verifying that the path to be added is not yet part of the string map. Git does not allow to have multiple submodules for a path anyway, so we now do the same and detect this duplication, reporting it to the user.

7f6c1ce9

2018-05-29T21:04:39

Merge pull request #4660 from libgit2/cmn/submodule-traversal Fixes for CVE 2018-11235

57e343d7

2018-05-24T21:58:40

path: hand-code the zero-width joiner as UTF-8

9e723db8

2018-05-24T20:28:36

submodule: plug leaks from the escape detection

3fbfae26

2018-05-22T20:37:23

checkout: change symlinked .gitmodules file test to expect failure When dealing with `core.proectNTFS` and `core.protectHFS` we do check against `.gitmodules` but we still have a failing test as the non-filesystem codepath does not check for it.

a7168b47

2018-05-22T16:13:47

path: reject .gitmodules as a symlink Any part of the library which asks the question can pass in the mode to have it checked against `.gitmodules` being a symlink. This is particularly relevant for adding entries to the index from the worktree and for checking out files.

02c80ad7

2018-05-22T15:21:08

path: accept the name length as a parameter We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.

a145f2b6

2018-05-22T14:16:45

checkout: add a failing test for refusing a symlinked .gitmodules We want to reject these as they cause compatibility issues and can lead to git writing to files outside of the repository.

177dcfc7

2018-05-18T15:16:53

path: hide the dotgit file functions These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.

9de97ae7

2018-05-16T15:42:08

path: add a function to detect an .gitmodules file Given a path component it knows what to pass to the filesystem-specific functions so we're protected even from trees which try to use the 8.3 naming rules to get around us matching on the filename exactly. The logic and test strings come from the equivalent git change.

thodg/libgit2/tests

tests

Log