kmx git

Commit	Date	Message
39e76bb3	2017-01-27T16:05:20	Do not discard proxy_options that have been set when auto is specified
87b7a705	2017-01-21T15:44:57	indexer: avoid warning about `idx->pack` It must be non-NULL to have a valid `git_indexer`.
bf339ab0	2017-01-21T14:51:31	indexer: introduce `git_packfile_close` Encapsulation!
98f53872	2017-01-21T18:57:28	Merge pull request #4016 from novalis/submodule-optimization Submodule optimization
52949c80	2017-01-21T18:30:12	Merge branch 'pr/4060'
d030bba9	2017-01-21T17:15:33	indexer: only delete temp file if it was unused Only try to `unlink` our temp file when we know that we didn't copy it into its permanent location.
673dff88	2016-11-23T18:32:55	Skip submodule head/index update when caching. `git_submodule_status` is very slow, bottlenecked on `git_repository_head_tree`, which it uses through `submodule_update_head`. If the user has requested submodule caching, assume that they want this status cached too and skip it. Signed-off-by: David Turner <dturner@twosigma.com>
4d99c4cf	2016-11-23T18:32:48	Allow for caching of submodules. Added `git_repository_submodule_cache_all` to initialze a cache of submodules on the repository so that operations looking up N submodules are O(N) and not O(N^2). Added a `git_repository_submodule_cache_clear` function to remove the cache. Also optimized the function that loads all submodules as it was itself O(N^2) w.r.t the number of submodules, having to loop through the `.gitmodules` file once per submodule. I changed it to process the `.gitmodules` file once, into a map. Signed-off-by: David Turner <dturner@twosigma.com>
ca05857e	2016-11-23T18:26:19	Fix formatting Signed-off-by: David Turner <dturner@twosigma.com>
4e4a1460	2016-12-30T12:13:34	WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.
cb76eed5	2017-01-14T17:41:49	Merge pull request #4054 from jfultz/jfultz/fix_GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH Fix handling of GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH flag.
2854e619	2017-01-14T17:12:23	Merge pull request #4061 from libgit2/ethomson/merge_opts merge: set default rename threshold
f5586f5c	2017-01-14T16:37:00	Addressed review feedback
a6d833a2	2017-01-13T17:05:58	Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages
ee89941f	2017-01-09T20:59:43	Merge remote-tracking branch 'upstream/maint/v0.25'
6850b516	2017-01-06T17:12:16	Merge branch '25_smartpktparse' into maint/v0.25
2fdef641	2016-11-15T11:44:51	smart_pkt: treat empty packet lines as error The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). We currently indicate success, but do not return a packet in the case where we hit an empty line. The smart protocol was not prepared to handle such packets in all cases, though, resulting in a `NULL` pointer dereference. Fix the issue by returning an error instead. As such kind of packets is not even specified by upstream, this is the right thing to do.
66e3774d	2016-11-15T11:36:27	smart_pkt: verify packet length exceeds PKT_LEN_SIZE Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as we directly pass the length to functions which accept a `size_t` length as parameter. Fix the issue by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.
9a64e62f	2016-12-21T21:24:33	http: check certificate validity before clobbering the error variable
96df833b	2017-01-03T19:15:09	Close the file before unlinking I forgot that Windows chokes while trying to delete open files.
19ed4d0c	2017-01-01T22:19:23	merge: set default rename threshold When `GIT_MERGE_FIND_RENAMES` is set, provide a default for `rename_threshold` when it is unset.
db535d0a	2017-01-01T12:45:02	Delete temporary packfile in indexer This change deletes the temporary packfile that the indexer creates to avoid littering the pack/ directory with garbage.
42ad85ef	2016-12-30T16:35:24	Merge pull request #4043 from fudanchii/fudanchii/openbsd Fix BIO_* functions method linking when compiled with libressl (OpenBSD).
5f959dca	2016-12-29T19:26:50	Fix handling of GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH flag. git_checkout_tree() sets up its working directory iterator to respect the pathlist if GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH is present, which is great. What's not so great is that this iterator is then used side-by-side with an iterator created by git_checkout_iterator(), which did not set up its pathlist appropriately (although the iterator mirrors all other iterator options). This could cause git_checkout_tree() to delete working tree files which were not specified in the pathlist when GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH was used, as the unsynchronized iterators causes git_checkout_tree() to think that files have been deleted between the two trees. Oops. And added a test which fails without this fix (specifically, the final check for "testrepo/README" to still be present fails).
909d5494	2016-12-29T12:25:15	giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
f928c69a	2016-12-29T12:54:26	rebase: check the result code of rebase_init_merge
6a8127d7	2016-12-25T22:13:48	mempack: set the odb backend version
567b83de	2016-12-24T17:43:08	Fix BIO_* functions method linking when compiled with libressl. ref: https://github.com/gentoo/libressl/blob/672ac74ce7b7cb2e4799b2d66bc0b1b1efa3454e/media-video/ffmpeg/files/ffmpeg-3.2-libressl.patch
fafafb1f	2016-12-20T16:19:30	http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.
8d7717c4	2016-12-20T15:32:49	Merge pull request #4034 from libgit2/cmn/sysdir-no-reguess sysdir: don't re-guess when using variable substitution
f91f170f	2016-12-20T15:28:46	Merge pull request #4032 from libgit2/cmn/https-cap-no-hardcode Don't hard-code HTTPS cap & clarify the meanings of the features enum
3714c13a	2016-12-19T17:28:41	Merge pull request #4026 from libgit2/cmn/refdb-fs-errors refdb: bubble up recursive rm when locking a ref
903955f7	2016-12-19T17:26:09	Merge pull request #4027 from pks-t/pks/pack-deref-cache-on-error pack: dereference cached pack entry on error
9f09f290	2016-12-17T18:20:29	sysdir: don't guess the paths again when $PATH is specified We should replace it with whatever the user set, not start again.
23c9ff86	2016-12-17T17:33:13	Fix off-by-one problems in git_signature__parse Etc/GMT-14 aka UTC+14:00 is a thing.... https://en.wikipedia.org/wiki/UTC%2B14:00 Also allow offsets on the last minute (59). Addresses: https://bugs.debian.org/841532 Fixes: #3970
061a0ad1	2016-12-17T14:23:35	settings: don't hard-code HTTPS capability This partially reverts bdec62dce1c17465b7330100ea2f71e63fc411dd which activates the transport code-paths which allow you to use a custom TLS implementation without having to have one at build-time. However the capabilities describe how libgit2 was built, not what it could potentially support, bring back the ifdefs so we only say we support HTTPS if libgit2 was itself built with a TLS implementation.
6ab65b80	2016-12-11T17:56:38	refdb: bubble up recursive rm when locking a ref Failure to bubble up this error means some locking errors do not get reported as such on Windows.
ff5eea06	2016-12-12T09:36:15	pack: dereference cached pack entry on error When trying to uncompress deltas in a packfile's delta chain, we try to add object bases to the packfile cache, subsequently decrementing its reference count if it has been added successfully. This may lead to a mismatched reference count in the case where we exit the loop early due to an encountered error. Fix the issue by decrementing the reference count in error cleanup.
34b32053	2016-11-25T15:02:34	Fix potential use of uninitialized values
e781a0c5	2016-11-25T15:02:07	graph: flag fields should be declared as unsigned
482d1748	2016-11-25T15:01:35	transports: smart: do not redeclare loop counters
6cf575b1	2016-11-25T15:01:04	path: remove unused local variable
013ecb4f	2016-11-25T15:00:50	revwalk: do not re-declare `commit` variable
8468a440	2016-11-25T15:00:20	odb_mempack: mark zero-length array as GIT_FLEX_ARRAY
8339c660	2016-12-07T17:44:25	Merge pull request #4020 from novalis/rebase-detached git_rebase_init: correctly handle detached HEAD
9af59f5d	2016-12-06T03:08:52	Properly pass `wchar *` type to giterr_set
4db1fc7e	2016-12-01T23:06:41	git_rebase_init: correctly handle detached HEAD git_rebase_finish relies on head_detached being set, but rebase_init_merge was only setting it when branch->ref_name was unset. But branch->ref_name would be set to "HEAD" in the case of detached HEAD being either implicitly (NULL) or explicitly passed to git_rebase_init.
86364af9	2016-11-20T11:30:45	Properly pass `wchar *` type to giterr_set
ae5838f1	2016-11-18T21:01:51	Merge pull request #4010 from libgit2/ethomson/clar_threads Introduce some clar helpers for child threads
82f15896	2016-11-18T07:19:22	threads: introduce `git_thread_exit` Introduce `git_thread_exit`, which will allow threads to terminate at an arbitrary time, returning a `void `. On Windows, this means that we need to store the current `git_thread` in TLS, so that we can set its `return` value when terminating. We cannot simply use `ExitThread`, since Win32 returns `DWORD`s from threads; we return `void `.
65b78ea3	2016-11-17T01:08:49	use `giterr_set_str()` wherever possible `giterr_set()` is used when it is required to format a string, and since we don't really require it for this case, it is better to stick to `giterr_set_str()`. This also suppresses a warning(-Wformat-security) raised by the compiler. Signed-off-by: Pranit Bauva <pranit.bauva@gmail.com>
0cd162be	2016-11-15T16:28:10	Merge pull request #4008 from pks-t/pks/sortedcache-fd-leak sortedcache: plug leaked file descriptor
613381fc	2016-11-15T13:33:05	patch_parse: fix memory leak
24b2182c	2016-11-15T12:53:53	sortedcache: plug leaked file descriptor
1db3035d	2016-11-15T12:18:49	Merge pull request #3996 from pks-t/pks/curl-lastsocket-deprecation curl_stream: use CURLINFO_ACTIVESOCKET if curl is recent enough
5cbd5260	2016-11-11T11:37:00	curl_stream: use CURLINFO_ACTIVESOCKET if curl is recent enough The `CURLINFO_LASTSOCKET` information has been deprecated since curl version 7.45.0 as it may result in an overflow in the returned socket on certain systems, most importantly on 64 bit Windows. Instead, a new call `CURLINFO_ACTIVESOCKET` has been added which instead returns a `curl_socket_t`, which is always sufficiently long to store a socket. As we need to provide backwards compatibility with curl versions smaller than 7.45.0, alias CURLINFO_ACTIVESOCKET to CURLINFO_LASTSOCKET on platforms without CURLINFO_ACTIVESOCKET.
1d683c1d	2016-11-14T19:21:56	Merge pull request #4006 from libgit2/cmn/compress-buf-free Plug a leak in the refs compressor
21e0fc32	2016-11-14T17:55:49	Plug a leak in the refs compressor
a39f18ac	2016-11-14T17:10:43	Merge pull request #3998 from pks-t/pks/repo-discovery Repository discovery starting from files
df045cef	2016-11-14T12:12:38	Merge pull request #4003 from libgit2/cmn/tree-updater-ordering Use the sorted input in the tree updater
89776585	2016-11-14T12:44:52	tree: look for conflicts in the new tree when updating We look at whether we're trying to replace a blob with a tree during the update phase, but we fail to look at whether we've just inserted a blob where we're now trying to insert a tree. Update the check to look at both places. The test for this was previously succeeding due to the bu where we did not look at the sorted output.
b85929c5	2016-11-14T12:44:01	tree: use the sorted update list in our loop The loop is made with the assumption that the inputs are sorted and not using it leads to bad outputs.
ce5553d4	2016-03-10T22:01:09	refdb: bubble up locked files on the read side On Windows we can find locked files even when reading a reference or the packed-refs file. Bubble up the error in this case as well to allow callers on Windows to retry more intelligently.
33248b9e	2016-03-10T12:22:34	refdb: remove a check-delete race when removing a loose ref It does not help us to check whether the file exists before trying to unlink it since it might be gone by the time unlink is called. Instead try to remove it and handle the resulting error if it did not exist.
40ffa07f	2015-12-31T14:51:42	sortedcache: check file size after opening the file Checking the size before we open the file descriptor can lead to the file being replaced from under us when renames aren't quite atomic, so we can end up reading too little of the file, leading to us thinking the file is corrupted.
2e09106e	2015-12-24T17:49:49	refdb: bubble up the error code when compressing the db This allows the caller to know the errors was e.g. due to the packed-refs file being already locked and they can try again later.
dd1ca6f1	2015-12-24T17:38:41	refdb: refactor the lockfile cleanup We can reduce the duplication by cleaning up at the beginning of the loop, since it's something we want to do every time we continue.
7ea4710a	2015-12-24T17:30:24	refdb: don't report failure for expected errors There might be a few threads or processes working with references concurrently, so fortify the code to ignore errors which come from concurrent access which do not stop us from continuing the work. This includes ignoring an unlinking error. Either someone else removed it or we leave the file around. In the former case the job is done, and in the latter case, the ref is still in a valid state.
f94825c1	2015-12-24T17:21:51	fileops: save errno and report file existence We need to save the errno, lest we clobber it in the giterr_set() call. Also add code for reporting that a path component is missing, which is a distinct failure mode.
2d9aec99	2015-12-24T14:01:38	refdb: make ref deletion after pack safer In order not to undo concurrent modifications to references, we must make sure that we only delete a loose reference if it still has the same value as when we packed it. This means we need to lock it and then compare the value with the one we put in the packed file.
9914efec	2015-12-24T14:00:48	refdb: bubble up errors We can get useful information like GIT_ELOCKED out of this instead of just -1.
0f316096	2016-11-11T16:55:33	repository: do not interpret all files as gitlinks in discovery When trying to find a discovery, we walk up the directory structure checking if there is a ".git" file or directory and, if so, check its validity. But in the case that we've got a ".git" file, we do not want to unconditionally assume that the file is in fact a ".git" file and treat it as such, as we would error out if it is not. Fix the issue by only treating a file as a gitlink file if it ends with "/.git". This allows users of the function to discover a repository by handing in any path contained inside of a git repository.
e1c14335	2016-11-14T10:48:57	Merge pull request #4002 from pks-t/pks/giterr-format giterr format
cc5966b0	2016-11-14T10:39:45	Merge pull request #3983 from pks-t/pks/smart-early-eof transports: smart: abort on early end of stream
b81fe7c9	2016-11-14T10:07:13	path: pass string instead of git_buf to giterr_set
90a934a5	2016-11-14T10:06:17	checkout: pass string instead of git_buf to `giterr_set`
901434b0	2016-11-14T10:07:37	common: cast precision specifiers to int
c77a55a9	2016-11-14T10:05:31	common: use PRIuZ for size_t in `giterr_set` calls
8effd26f	2016-11-14T09:54:08	common: mark printf-style formatting for `giterr_set`
2d205516	2016-11-14T09:38:44	Merge pull request #3992 from joshtriplett/env-namespace git_repository_open_ext: fix handling of $GIT_NAMESPACE
7b3f49f0	2016-11-14T09:27:15	fileops: fix typos in `git_futils_creat_locked{,with_path}`
c9e967a1	2016-11-10T03:51:12	git_repository_open_ext: fix handling of $GIT_NAMESPACE The existing code would set a namespace of "" (empty string) with GIT_NAMESPACE unset. In a repository where refs/heads/namespaces/ exists, that can produce incorrect results. Detect that case and avoid setting the namespace at all. Since that makes the last assignment to error conditional, and the previous assignment can potentially get GIT_ENOTFOUND, set error to 0 explicitly to prevent the call from incorrectly failing with GIT_ENOTFOUND.
5ca75fd5	2016-11-10T08:00:22	curl_stream: check for -1 after CURLINFO_LASTSOCKET We're recently trying to upgrade to the current master of libgit2 in Cargo but we're unfortunately hitting a segfault in one of our tests. This particular test is just a small smoke test that https works (e.g. it's configured in libgit2). It attempts to clone from a URL which simply immediately drops connections after they're accepted (e.g. terminate abnormally). We expect to see a standard error from libgit2 but unfortunately we're seeing a segfault. This segfault is happening inside of the `wait_for` function of `curl_stream.c` at the line `FD_SET(fd, &errfd)` because `fd` is -1. This ends up doing an out-of-bounds array access that faults the program. I tracked back to where this -1 came from to the line here (returned by `CURLINFO_LASTSOCKET`) and added a check to return an error.
5fe5557e	2016-11-04T18:18:46	Merge pull request #3974 from libgit2/pks/synchronize-shutdown global: synchronize initialization and shutdown with pthreads
6e2fab9e	2016-11-04T18:14:00	Merge pull request #3977 from jfultz/fix-forced-branch-creation-on-bare-repo
f9793884	2016-10-28T14:32:01	branch: fix forced branch creation on HEAD of a bare repo The code correctly detects that forced creation of a branch on a nonbare repo should not be able to overwrite a branch which is the HEAD reference. But there's no reason to prevent this on a bare repo, and in fact, git allows this. I.e., git branch -f master new_sha works on a bare repo with HEAD set to master. This change fixes that problem, and updates tests so that, for this case, both the bare and nonbare cases are checked for correct behavior.
7175222c	2016-11-02T14:50:59	Merge pull request #3960 from ignatenkobrain/openssl-1.1.0 add support for OpenSSL 1.1.0 for BIO filter
3b832a08	2016-11-02T13:11:31	openssl: include OpenSSL headers only when we're buliding against it We need to include the initialisation and construction functions in all backend, so we include this header when building against SecureTransport and WinHTTP as well.
2f3adf95	2016-11-02T12:35:46	openssl: use ASN1_STRING_get0_data when compiling against 1.1 For older versions we can fall back on the deprecated ASN1_STRING_data.
f15eedb3	2016-11-02T12:28:25	openssl: recreate the OpenSSL 1.1 BIO interface for older versions We want to program against the interface, so recreate it when we compile against pre-1.1 versions.
0cf15e39	2016-11-02T12:23:12	pack: fix race in pack_entry_find_offset In `pack_entry_find_offset`, we try to find the offset of a certain object in the pack file. To do so, we first assert if the packfile has already been opened and open it if not. Opening the packfile is guarded with a mutex, so concurrent access to this is in fact safe. What is not thread-safe though is our calculation of offsets inside the packfile. Assume two threads calling `pack_entry_find_offset` at the same time. We first calculate the offset and index location and only then determine if the pack has already been opened. If so, we re-calculate the offset and index address. Now the case for two threads: thread 1 first calculates the addresses and is subsequently suspended. The second thread will now call `pack_index_open` and initialize the pack file, calculating its addresses correctly. When the first thread is resumed now, he'll see that the pack file has already been initialized and will happily proceed with the addresses it has already calculated before the check. As the pack file was not initialized before, these addresses are bogus. Fix the issue by only calculating the addresses after having checked if the pack file is open.
62494bf2	2016-11-02T09:38:40	transports: smart: abort receiving packets on end of stream When trying to receive packets from the remote, we loop until either an error distinct to `GIT_EBUFS` occurs or until we successfully parsed the packet. This does not honor the case where we are looping over an already closed socket which has no more data, leaving us in an infinite loop if we got a bogus packet size or if the remote hang up. Fix the issue by returning `GIT_EEOF` when we cannot read data from the socket anymore.
61530c49	2016-11-01T16:56:07	transports: smart: abort ref announcement on early end of stream When reading a server's reference announcements via the smart protocol, we expect the server to send multiple flushes before the protocol is finished. If we fail to receive new data from the socket, we will only return an end of stream error if we have not seen any flush yet. This logic is flawed in that we may run into an infinite loop when receiving a server's reference announcement with a bogus flush packet. E.g. assume the last flushing package is changed to not be '0000' but instead any other value. In this case, we will still await one more flush package and ignore the fact that we are not receiving any data from the socket, causing an infinite loop. Fix the issue by always returning `GIT_EEOF` if the socket indicates an end of stream.
19001ca7	2016-11-02T09:23:53	Merge pull request #3976 from pks-t/pks/pqueue-null-deref pqueue: resolve possible NULL pointer dereference
038f0e1b	2016-11-02T08:49:24	global: reset global state on shutdown without threading When threading is not enabled for libgit2, we keep global state in a simple static variable. When libgit2 is shut down, we clean up the global state by freeing the global state's dynamically allocated memory. When libgit2 is built with threading, we additionally free the thread-local storage and thus completely remove the global state. In a non-threaded build, though, we simply leave the global state as-is, which may result in an error upon reinitializing libgit2. Fix the issue by zeroing out the variable on a shutdown, thus returning it to its initial state.
59c6c286	2016-10-27T12:31:17	global: synchronize initialization and shutdown with pthreads When trying to initialize and tear down global data structures from different threads at once with `git_libgit2_init` and `git_libgit2_shutdown`, we race around initializing data. While we use `pthread_once` to assert that we only initilize data a single time, we actually reset the `pthread_once_t` on the last call to `git_libgit2_shutdown`. As resetting this variable is not synchronized with other threads trying to access it, this is actually racy when one thread tries to do a complete shutdown of libgit2 while another thread tries to initialize it. Fix the issue by creating a mutex which synchronizes `init_once` and the library shutdown.
dc98cb28	2016-10-31T13:50:23	openssl_stream: fix typo
95fa3880	2016-10-28T16:07:40	pqueue: resolve possible NULL pointer dereference The `git_pqueue` struct allows being fixed in its total number of entries. In this case, we simply throw away items that are inserted into the priority queue by examining wether the new item to be inserted has a higher priority than the previous smallest one. This feature somewhat contradicts our pqueue implementation in that it is allowed to not have a comparison function. In fact, we also fail to check if the comparison function is actually set in the case where we add a new item into a fully filled fixed-size pqueue. As we cannot determine which item is the smallest item in absence of a comparison function, we fix the `NULL` pointer dereference by simply dropping all new items which are about to be inserted into a full fixed-size pqueue.
feb330d5	2016-10-12T12:41:36	add support for OpenSSL 1.1.0 for BIO filter Closes: https://github.com/libgit2/libgit2/issues/3959 Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
610cff13	2016-10-09T16:05:48	Merge branch 'pr/3809'

39e76bb3

2017-01-27T16:05:20

Do not discard proxy_options that have been set when auto is specified

87b7a705

2017-01-21T15:44:57

indexer: avoid warning about `idx->pack` It must be non-NULL to have a valid `git_indexer`.

bf339ab0

2017-01-21T14:51:31

indexer: introduce `git_packfile_close` Encapsulation!

98f53872

2017-01-21T18:57:28

Merge pull request #4016 from novalis/submodule-optimization Submodule optimization

52949c80

2017-01-21T18:30:12

Merge branch 'pr/4060'

d030bba9

2017-01-21T17:15:33

indexer: only delete temp file if it was unused Only try to `unlink` our temp file when we know that we didn't copy it into its permanent location.

673dff88

2016-11-23T18:32:55

Skip submodule head/index update when caching. `git_submodule_status` is very slow, bottlenecked on `git_repository_head_tree`, which it uses through `submodule_update_head`. If the user has requested submodule caching, assume that they want this status cached too and skip it. Signed-off-by: David Turner <dturner@twosigma.com>

4d99c4cf

2016-11-23T18:32:48

Allow for caching of submodules. Added `git_repository_submodule_cache_all` to initialze a cache of submodules on the repository so that operations looking up N submodules are O(N) and not O(N^2). Added a `git_repository_submodule_cache_clear` function to remove the cache. Also optimized the function that loads all submodules as it was itself O(N^2) w.r.t the number of submodules, having to loop through the `.gitmodules` file once per submodule. I changed it to process the `.gitmodules` file once, into a map. Signed-off-by: David Turner <dturner@twosigma.com>

ca05857e

2016-11-23T18:26:19

Fix formatting Signed-off-by: David Turner <dturner@twosigma.com>

4e4a1460

2016-12-30T12:13:34

WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.

cb76eed5

2017-01-14T17:41:49

Merge pull request #4054 from jfultz/jfultz/fix_GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH Fix handling of GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH flag.

2854e619

2017-01-14T17:12:23

Merge pull request #4061 from libgit2/ethomson/merge_opts merge: set default rename threshold

f5586f5c

2017-01-14T16:37:00

Addressed review feedback

a6d833a2

2017-01-13T17:05:58

Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages

ee89941f

2017-01-09T20:59:43

Merge remote-tracking branch 'upstream/maint/v0.25'

6850b516

2017-01-06T17:12:16

Merge branch '25_smartpktparse' into maint/v0.25

2fdef641

2016-11-15T11:44:51

smart_pkt: treat empty packet lines as error The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). We currently indicate success, but do not return a packet in the case where we hit an empty line. The smart protocol was not prepared to handle such packets in all cases, though, resulting in a `NULL` pointer dereference. Fix the issue by returning an error instead. As such kind of packets is not even specified by upstream, this is the right thing to do.

66e3774d

2016-11-15T11:36:27

smart_pkt: verify packet length exceeds PKT_LEN_SIZE Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as we directly pass the length to functions which accept a `size_t` length as parameter. Fix the issue by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.

9a64e62f

2016-12-21T21:24:33

http: check certificate validity before clobbering the error variable

96df833b

2017-01-03T19:15:09

Close the file before unlinking I forgot that Windows chokes while trying to delete open files.

19ed4d0c

2017-01-01T22:19:23

merge: set default rename threshold When `GIT_MERGE_FIND_RENAMES` is set, provide a default for `rename_threshold` when it is unset.

db535d0a

2017-01-01T12:45:02

Delete temporary packfile in indexer This change deletes the temporary packfile that the indexer creates to avoid littering the pack/ directory with garbage.

42ad85ef

2016-12-30T16:35:24

Merge pull request #4043 from fudanchii/fudanchii/openbsd Fix BIO_* functions method linking when compiled with libressl (OpenBSD).

5f959dca

2016-12-29T19:26:50

Fix handling of GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH flag. git_checkout_tree() sets up its working directory iterator to respect the pathlist if GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH is present, which is great. What's not so great is that this iterator is then used side-by-side with an iterator created by git_checkout_iterator(), which did not set up its pathlist appropriately (although the iterator mirrors all other iterator options). This could cause git_checkout_tree() to delete working tree files which were not specified in the pathlist when GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH was used, as the unsynchronized iterators causes git_checkout_tree() to think that files have been deleted between the two trees. Oops. And added a test which fails without this fix (specifically, the final check for "testrepo/README" to still be present fails).

909d5494

2016-12-29T12:25:15

giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one

f928c69a

2016-12-29T12:54:26

rebase: check the result code of rebase_init_merge

6a8127d7

2016-12-25T22:13:48

mempack: set the odb backend version

567b83de

2016-12-24T17:43:08

Fix BIO_* functions method linking when compiled with libressl. ref: https://github.com/gentoo/libressl/blob/672ac74ce7b7cb2e4799b2d66bc0b1b1efa3454e/media-video/ffmpeg/files/ffmpeg-3.2-libressl.patch

fafafb1f

2016-12-20T16:19:30

http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.

8d7717c4

2016-12-20T15:32:49

Merge pull request #4034 from libgit2/cmn/sysdir-no-reguess sysdir: don't re-guess when using variable substitution

f91f170f

2016-12-20T15:28:46

Merge pull request #4032 from libgit2/cmn/https-cap-no-hardcode Don't hard-code HTTPS cap & clarify the meanings of the features enum

3714c13a

2016-12-19T17:28:41

Merge pull request #4026 from libgit2/cmn/refdb-fs-errors refdb: bubble up recursive rm when locking a ref

903955f7

2016-12-19T17:26:09

Merge pull request #4027 from pks-t/pks/pack-deref-cache-on-error pack: dereference cached pack entry on error

9f09f290

2016-12-17T18:20:29

sysdir: don't guess the paths again when $PATH is specified We should replace it with whatever the user set, not start again.

23c9ff86

2016-12-17T17:33:13

Fix off-by-one problems in git_signature__parse Etc/GMT-14 aka UTC+14:00 is a thing.... https://en.wikipedia.org/wiki/UTC%2B14:00 Also allow offsets on the last minute (59). Addresses: https://bugs.debian.org/841532 Fixes: #3970

061a0ad1

2016-12-17T14:23:35

settings: don't hard-code HTTPS capability This partially reverts bdec62dce1c17465b7330100ea2f71e63fc411dd which activates the transport code-paths which allow you to use a custom TLS implementation without having to have one at build-time. However the capabilities describe how libgit2 was built, not what it could potentially support, bring back the ifdefs so we only say we support HTTPS if libgit2 was itself built with a TLS implementation.

6ab65b80

2016-12-11T17:56:38

refdb: bubble up recursive rm when locking a ref Failure to bubble up this error means some locking errors do not get reported as such on Windows.

ff5eea06

2016-12-12T09:36:15

pack: dereference cached pack entry on error When trying to uncompress deltas in a packfile's delta chain, we try to add object bases to the packfile cache, subsequently decrementing its reference count if it has been added successfully. This may lead to a mismatched reference count in the case where we exit the loop early due to an encountered error. Fix the issue by decrementing the reference count in error cleanup.

34b32053

2016-11-25T15:02:34

Fix potential use of uninitialized values

e781a0c5

2016-11-25T15:02:07

graph: flag fields should be declared as unsigned

482d1748

2016-11-25T15:01:35

transports: smart: do not redeclare loop counters

6cf575b1

2016-11-25T15:01:04

path: remove unused local variable

013ecb4f

2016-11-25T15:00:50

revwalk: do not re-declare `commit` variable

8468a440

2016-11-25T15:00:20

odb_mempack: mark zero-length array as GIT_FLEX_ARRAY

8339c660

2016-12-07T17:44:25

Merge pull request #4020 from novalis/rebase-detached git_rebase_init: correctly handle detached HEAD

9af59f5d

2016-12-06T03:08:52

Properly pass `wchar *` type to giterr_set

4db1fc7e

2016-12-01T23:06:41

git_rebase_init: correctly handle detached HEAD git_rebase_finish relies on head_detached being set, but rebase_init_merge was only setting it when branch->ref_name was unset. But branch->ref_name would be set to "HEAD" in the case of detached HEAD being either implicitly (NULL) or explicitly passed to git_rebase_init.

86364af9

2016-11-20T11:30:45

Properly pass `wchar *` type to giterr_set

ae5838f1

2016-11-18T21:01:51

Merge pull request #4010 from libgit2/ethomson/clar_threads Introduce some clar helpers for child threads

82f15896

2016-11-18T07:19:22

threads: introduce `git_thread_exit` Introduce `git_thread_exit`, which will allow threads to terminate at an arbitrary time, returning a `void *`. On Windows, this means that we need to store the current `git_thread` in TLS, so that we can set its `return` value when terminating. We cannot simply use `ExitThread`, since Win32 returns `DWORD`s from threads; we return `void *`.

65b78ea3

2016-11-17T01:08:49

use `giterr_set_str()` wherever possible `giterr_set()` is used when it is required to format a string, and since we don't really require it for this case, it is better to stick to `giterr_set_str()`. This also suppresses a warning(-Wformat-security) raised by the compiler. Signed-off-by: Pranit Bauva <pranit.bauva@gmail.com>

0cd162be

2016-11-15T16:28:10

Merge pull request #4008 from pks-t/pks/sortedcache-fd-leak sortedcache: plug leaked file descriptor

613381fc

2016-11-15T13:33:05

patch_parse: fix memory leak

24b2182c

2016-11-15T12:53:53

sortedcache: plug leaked file descriptor

1db3035d

2016-11-15T12:18:49

Merge pull request #3996 from pks-t/pks/curl-lastsocket-deprecation curl_stream: use CURLINFO_ACTIVESOCKET if curl is recent enough

5cbd5260

2016-11-11T11:37:00

curl_stream: use CURLINFO_ACTIVESOCKET if curl is recent enough The `CURLINFO_LASTSOCKET` information has been deprecated since curl version 7.45.0 as it may result in an overflow in the returned socket on certain systems, most importantly on 64 bit Windows. Instead, a new call `CURLINFO_ACTIVESOCKET` has been added which instead returns a `curl_socket_t`, which is always sufficiently long to store a socket. As we need to provide backwards compatibility with curl versions smaller than 7.45.0, alias CURLINFO_ACTIVESOCKET to CURLINFO_LASTSOCKET on platforms without CURLINFO_ACTIVESOCKET.

1d683c1d

2016-11-14T19:21:56

Merge pull request #4006 from libgit2/cmn/compress-buf-free Plug a leak in the refs compressor

21e0fc32

2016-11-14T17:55:49

Plug a leak in the refs compressor

a39f18ac

2016-11-14T17:10:43

Merge pull request #3998 from pks-t/pks/repo-discovery Repository discovery starting from files

df045cef

2016-11-14T12:12:38

Merge pull request #4003 from libgit2/cmn/tree-updater-ordering Use the sorted input in the tree updater

89776585

2016-11-14T12:44:52

tree: look for conflicts in the new tree when updating We look at whether we're trying to replace a blob with a tree during the update phase, but we fail to look at whether we've just inserted a blob where we're now trying to insert a tree. Update the check to look at both places. The test for this was previously succeeding due to the bu where we did not look at the sorted output.

b85929c5

2016-11-14T12:44:01

tree: use the sorted update list in our loop The loop is made with the assumption that the inputs are sorted and not using it leads to bad outputs.

ce5553d4

2016-03-10T22:01:09

refdb: bubble up locked files on the read side On Windows we can find locked files even when reading a reference or the packed-refs file. Bubble up the error in this case as well to allow callers on Windows to retry more intelligently.

33248b9e

2016-03-10T12:22:34

refdb: remove a check-delete race when removing a loose ref It does not help us to check whether the file exists before trying to unlink it since it might be gone by the time unlink is called. Instead try to remove it and handle the resulting error if it did not exist.

40ffa07f

2015-12-31T14:51:42

sortedcache: check file size after opening the file Checking the size before we open the file descriptor can lead to the file being replaced from under us when renames aren't quite atomic, so we can end up reading too little of the file, leading to us thinking the file is corrupted.

2e09106e

2015-12-24T17:49:49

refdb: bubble up the error code when compressing the db This allows the caller to know the errors was e.g. due to the packed-refs file being already locked and they can try again later.

dd1ca6f1

2015-12-24T17:38:41

refdb: refactor the lockfile cleanup We can reduce the duplication by cleaning up at the beginning of the loop, since it's something we want to do every time we continue.

7ea4710a

2015-12-24T17:30:24

refdb: don't report failure for expected errors There might be a few threads or processes working with references concurrently, so fortify the code to ignore errors which come from concurrent access which do not stop us from continuing the work. This includes ignoring an unlinking error. Either someone else removed it or we leave the file around. In the former case the job is done, and in the latter case, the ref is still in a valid state.

f94825c1

2015-12-24T17:21:51

fileops: save errno and report file existence We need to save the errno, lest we clobber it in the giterr_set() call. Also add code for reporting that a path component is missing, which is a distinct failure mode.

2d9aec99

2015-12-24T14:01:38

refdb: make ref deletion after pack safer In order not to undo concurrent modifications to references, we must make sure that we only delete a loose reference if it still has the same value as when we packed it. This means we need to lock it and then compare the value with the one we put in the packed file.

9914efec

2015-12-24T14:00:48

refdb: bubble up errors We can get useful information like GIT_ELOCKED out of this instead of just -1.

0f316096

2016-11-11T16:55:33

repository: do not interpret all files as gitlinks in discovery When trying to find a discovery, we walk up the directory structure checking if there is a ".git" file or directory and, if so, check its validity. But in the case that we've got a ".git" file, we do not want to unconditionally assume that the file is in fact a ".git" file and treat it as such, as we would error out if it is not. Fix the issue by only treating a file as a gitlink file if it ends with "/.git". This allows users of the function to discover a repository by handing in any path contained inside of a git repository.

e1c14335

2016-11-14T10:48:57

Merge pull request #4002 from pks-t/pks/giterr-format giterr format

cc5966b0

2016-11-14T10:39:45

Merge pull request #3983 from pks-t/pks/smart-early-eof transports: smart: abort on early end of stream

b81fe7c9

2016-11-14T10:07:13

path: pass string instead of git_buf to giterr_set

90a934a5

2016-11-14T10:06:17

checkout: pass string instead of git_buf to `giterr_set`

901434b0

2016-11-14T10:07:37

common: cast precision specifiers to int

c77a55a9

2016-11-14T10:05:31

common: use PRIuZ for size_t in `giterr_set` calls

8effd26f

2016-11-14T09:54:08

common: mark printf-style formatting for `giterr_set`

2d205516

2016-11-14T09:38:44

Merge pull request #3992 from joshtriplett/env-namespace git_repository_open_ext: fix handling of $GIT_NAMESPACE

7b3f49f0

2016-11-14T09:27:15

fileops: fix typos in `git_futils_creat_locked{,with_path}`

c9e967a1

2016-11-10T03:51:12

git_repository_open_ext: fix handling of $GIT_NAMESPACE The existing code would set a namespace of "" (empty string) with GIT_NAMESPACE unset. In a repository where refs/heads/namespaces/ exists, that can produce incorrect results. Detect that case and avoid setting the namespace at all. Since that makes the last assignment to error conditional, and the previous assignment can potentially get GIT_ENOTFOUND, set error to 0 explicitly to prevent the call from incorrectly failing with GIT_ENOTFOUND.

5ca75fd5

2016-11-10T08:00:22

curl_stream: check for -1 after CURLINFO_LASTSOCKET We're recently trying to upgrade to the current master of libgit2 in Cargo but we're unfortunately hitting a segfault in one of our tests. This particular test is just a small smoke test that https works (e.g. it's configured in libgit2). It attempts to clone from a URL which simply immediately drops connections after they're accepted (e.g. terminate abnormally). We expect to see a standard error from libgit2 but unfortunately we're seeing a segfault. This segfault is happening inside of the `wait_for` function of `curl_stream.c` at the line `FD_SET(fd, &errfd)` because `fd` is -1. This ends up doing an out-of-bounds array access that faults the program. I tracked back to where this -1 came from to the line here (returned by `CURLINFO_LASTSOCKET`) and added a check to return an error.

5fe5557e

2016-11-04T18:18:46

Merge pull request #3974 from libgit2/pks/synchronize-shutdown global: synchronize initialization and shutdown with pthreads

6e2fab9e

2016-11-04T18:14:00

Merge pull request #3977 from jfultz/fix-forced-branch-creation-on-bare-repo

f9793884

2016-10-28T14:32:01

branch: fix forced branch creation on HEAD of a bare repo The code correctly detects that forced creation of a branch on a nonbare repo should not be able to overwrite a branch which is the HEAD reference. But there's no reason to prevent this on a bare repo, and in fact, git allows this. I.e., git branch -f master new_sha works on a bare repo with HEAD set to master. This change fixes that problem, and updates tests so that, for this case, both the bare and nonbare cases are checked for correct behavior.

7175222c

2016-11-02T14:50:59

Merge pull request #3960 from ignatenkobrain/openssl-1.1.0 add support for OpenSSL 1.1.0 for BIO filter

3b832a08

2016-11-02T13:11:31

openssl: include OpenSSL headers only when we're buliding against it We need to include the initialisation and construction functions in all backend, so we include this header when building against SecureTransport and WinHTTP as well.

2f3adf95

2016-11-02T12:35:46

openssl: use ASN1_STRING_get0_data when compiling against 1.1 For older versions we can fall back on the deprecated ASN1_STRING_data.

f15eedb3

2016-11-02T12:28:25

openssl: recreate the OpenSSL 1.1 BIO interface for older versions We want to program against the interface, so recreate it when we compile against pre-1.1 versions.

0cf15e39

2016-11-02T12:23:12

pack: fix race in pack_entry_find_offset In `pack_entry_find_offset`, we try to find the offset of a certain object in the pack file. To do so, we first assert if the packfile has already been opened and open it if not. Opening the packfile is guarded with a mutex, so concurrent access to this is in fact safe. What is not thread-safe though is our calculation of offsets inside the packfile. Assume two threads calling `pack_entry_find_offset` at the same time. We first calculate the offset and index location and only then determine if the pack has already been opened. If so, we re-calculate the offset and index address. Now the case for two threads: thread 1 first calculates the addresses and is subsequently suspended. The second thread will now call `pack_index_open` and initialize the pack file, calculating its addresses correctly. When the first thread is resumed now, he'll see that the pack file has already been initialized and will happily proceed with the addresses it has already calculated before the check. As the pack file was not initialized before, these addresses are bogus. Fix the issue by only calculating the addresses after having checked if the pack file is open.

62494bf2

2016-11-02T09:38:40

transports: smart: abort receiving packets on end of stream When trying to receive packets from the remote, we loop until either an error distinct to `GIT_EBUFS` occurs or until we successfully parsed the packet. This does not honor the case where we are looping over an already closed socket which has no more data, leaving us in an infinite loop if we got a bogus packet size or if the remote hang up. Fix the issue by returning `GIT_EEOF` when we cannot read data from the socket anymore.

61530c49

2016-11-01T16:56:07

transports: smart: abort ref announcement on early end of stream When reading a server's reference announcements via the smart protocol, we expect the server to send multiple flushes before the protocol is finished. If we fail to receive new data from the socket, we will only return an end of stream error if we have not seen any flush yet. This logic is flawed in that we may run into an infinite loop when receiving a server's reference announcement with a bogus flush packet. E.g. assume the last flushing package is changed to not be '0000' but instead any other value. In this case, we will still await one more flush package and ignore the fact that we are not receiving any data from the socket, causing an infinite loop. Fix the issue by always returning `GIT_EEOF` if the socket indicates an end of stream.

19001ca7

2016-11-02T09:23:53

Merge pull request #3976 from pks-t/pks/pqueue-null-deref pqueue: resolve possible NULL pointer dereference

038f0e1b

2016-11-02T08:49:24

global: reset global state on shutdown without threading When threading is not enabled for libgit2, we keep global state in a simple static variable. When libgit2 is shut down, we clean up the global state by freeing the global state's dynamically allocated memory. When libgit2 is built with threading, we additionally free the thread-local storage and thus completely remove the global state. In a non-threaded build, though, we simply leave the global state as-is, which may result in an error upon reinitializing libgit2. Fix the issue by zeroing out the variable on a shutdown, thus returning it to its initial state.

59c6c286

2016-10-27T12:31:17

global: synchronize initialization and shutdown with pthreads When trying to initialize and tear down global data structures from different threads at once with `git_libgit2_init` and `git_libgit2_shutdown`, we race around initializing data. While we use `pthread_once` to assert that we only initilize data a single time, we actually reset the `pthread_once_t` on the last call to `git_libgit2_shutdown`. As resetting this variable is not synchronized with other threads trying to access it, this is actually racy when one thread tries to do a complete shutdown of libgit2 while another thread tries to initialize it. Fix the issue by creating a mutex which synchronizes `init_once` and the library shutdown.

dc98cb28

2016-10-31T13:50:23

openssl_stream: fix typo

95fa3880

2016-10-28T16:07:40

pqueue: resolve possible NULL pointer dereference The `git_pqueue` struct allows being fixed in its total number of entries. In this case, we simply throw away items that are inserted into the priority queue by examining wether the new item to be inserted has a higher priority than the previous smallest one. This feature somewhat contradicts our pqueue implementation in that it is allowed to not have a comparison function. In fact, we also fail to check if the comparison function is actually set in the case where we add a new item into a fully filled fixed-size pqueue. As we cannot determine which item is the smallest item in absence of a comparison function, we fix the `NULL` pointer dereference by simply dropping all new items which are about to be inserted into a full fixed-size pqueue.

feb330d5

2016-10-12T12:41:36

add support for OpenSSL 1.1.0 for BIO filter Closes: https://github.com/libgit2/libgit2/issues/3959 Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>

610cff13

2016-10-09T16:05:48

Merge branch 'pr/3809'

thodg/libgit2/src

src

Log