|
3ff0e3b5
|
2019-02-15T11:16:05
|
|
refdb_fs: remove ordering dependency on loose/packed refs loading
Right now, loading loose refs has the side-effect of setting the
`PACKREF_SHADOWED` flag for references that exist both in the loose and the
packed refs. Because of this, we are force do first look up packed refs and only
afterwards loading the packed refs. This is susceptible to a race, though, when
refs are being repacked: when first loading the packed cache, then it may not
yet have the migrated loose ref. But when now trying to look up the loose
reference afterwards, then it may already have been migrated. Thus, we would
fail to find this reference in this scenario.
Remove this ordering dependency to allow fixing the above race. Instead of
setting the flag when loading loose refs, we will now instead set it lazily when
iterating over the loose refs. This even has the added benefit of not requiring
us to lock the packed refs cache, as we already have an owned copy of it.
|
|
83333814
|
2019-02-15T10:56:50
|
|
refdb_fs: do not lazily copy packed ref cache
When creating a new iterator, we eagerly load loose refs but only lazily create
a copy of packed refs. The lazy load only happens as soon as we have iterated
over all loose refs, opening up a potentially wide window for races. This
may lead to an inconsistent view e.g. when the caller decides to reload packed
references somewhen between iterating the loose refs, which is unexpected.
Fix the issue by eagerly copying the sorted cache. Note that right now, we are
heavily dependent on ordering here: we first need to reload packed refs, then we
have to load loose refs and only as a last step are we allowed to copy the
cache. This is because loading loose refs has the side-effect of setting the
`PACKED_SHADOWED` flag in the packed refs cache, which we require to avoid
outputting packed refs that already exist as loose refs.
|
|
32063d82
|
2019-02-15T10:41:30
|
|
refdb_fs: refactor error handling in iterator creation
Refactor the error handling in `refdb_fs_backend__iterator` to always return the
correct error code returned by the failing function.
|
|
8c773438
|
2019-02-15T10:15:39
|
|
refdb_fs: fix potential race with ref repacking in `exists` callback
When repacking references, git.git will first update the packed refs and only
afterwards delete any existing loose references that have now been moved to the
new packed refs file. Due to this, there is a potential for racing if one first
reads the packfile (which has not been updated yet) and only then trying to read
the loose reference (which has just been deleted). In this case, one will
incorrectly fail to lookup the reference and it will be reported as missing.
Naturally, this is exactly what we've been doing in `refdb_fs_backend__exists`.
Fix the race by reversing the lookup: we will now first check if the loose
reference exists and only afterwards refresh the packed file.
|
|
bda08397
|
2019-02-14T16:57:47
|
|
Merge pull request #4982 from pks-t/pks/worktree-add-bare-head
Enable creation of worktree from bare repo's default branch
|
|
48005936
|
2019-02-14T16:55:18
|
|
Merge pull request #4965 from hackworks/eliminate-check-for-keep-file
Allow bypassing check for '.keep' file
|
|
b8837827
|
2019-02-14T13:09:23
|
|
Merge pull request #4979 from libgit2/ethomson/deprecate
Deprecation: export the deprecated functions properly
|
|
bf013fc0
|
2019-02-14T13:30:33
|
|
branch: fix `branch_is_checked_out` with bare repos
In a bare repository, HEAD usually points to the branch that is
considered the "default" branch. As the current implementation for
`git_branch_is_checked_out` only does a comparison of HEAD with the
branch that is to be checked, it will say that the branch pointed to by
HEAD in such a bare repo is checked out.
Fix this by skipping the main repo's HEAD when it is bare.
|
|
efb20825
|
2019-02-14T13:05:49
|
|
branches: introduce flag to skip enumeration of certain HEADs
Right now, the function `git_repository_foreach_head` will always
iterate over all HEADs of the main repository and its worktrees. In some
cases, it might be required to skip either of those, though. Add a flag
in preparation for the following commit that enables this behaviour.
|
|
788cd2d5
|
2019-02-14T13:49:35
|
|
branches: do not assert that the given ref is a branch
Libraries should use assert(3P) only very scarcely. First, we usually
shouldn't cause the caller of our library to abort in case where the
assert fails. Second, if code is compiled with -DNDEBUG, then the assert
will not be included at all.
In our `git_branch_is_checked_out` function, we have an assert that
verifies that the given reference parameter is non-NULL and in fact a
branch. While the first check is fine, the second is not. E.g. when
compiled with -DNDEBUG, we'd proceed and treat the given reference as a
branch in all cases.
Fix the issue by instead treating a non-branch reference as not being
checked out. This is the obvious solution, as references other than
branches cannot be directly checked out.
|
|
a0f87e16
|
2019-02-14T13:26:30
|
|
branches: add tests for `git_branch_is_checked_out`
We currently do not have any tests at all for the
`git_branch_is_checked_out` function. Add some basic ones.
|
|
698eae13
|
2019-02-14T12:52:25
|
|
worktree: error out early if given ref is not valid
When adding a new worktree, we only verify that an optionally given
reference is valid half-way through the function. At this point, some
data structures have already been created on-disk. If we bail out due to
an invalid reference, these will be left behind and need to be manually
cleaned up by the user.
Improve the situation by moving the reference checks to the function's
preamble. Like this, we error out as early as possible and will not
leave behind any files.
|
|
3f823c2b
|
2019-02-14T00:00:06
|
|
ci: enable hard deprecation
Enable hard deprecation in our builds to ensure that we do not call
deprecated functions internally.
|
|
dcf81cdb
|
2019-02-13T23:56:40
|
|
deprecation: optionally enable hard deprecation
Add a CMake option to enable hard deprecation; the resultant library
will _not_ include any deprecated functions. This may be useful for
internal CI builds that create libraries that are not shared with
end-users to ensure that we do not use deprecated bits internally.
|
|
24ac9e0c
|
2019-02-13T23:26:54
|
|
deprecation: ensure we GIT_EXTERN deprecated funcs
Although the error functions were deprecated, we did not properly mark
them as deprecated. We need to include the `deprecated.h` file in order
to ensure that the functions get their export attributes.
Similarly, do not define `GIT_DEPRECATE_HARD` within the library, or
those functions will also not get their export attributes. Define that
only on the tests and examples.
|
|
e1916376
|
2019-02-14T09:22:57
|
|
Merge pull request #4980 from libgit2/ethomson/ci_nightly
ci: skip ssh tests on macOS nightly
|
|
ef91917f
|
2019-02-14T09:19:32
|
|
ci: skip ssh tests on macOS nightly
Like 811c1c0f8f80521dccc746a7bff180cd77a783ff, disable the SSH tests on
macOS until we can resolve the newly introduced infrastructure issues.
|
|
85b2bd41
|
2019-02-14T01:13:33
|
|
Merge pull request #4976 from libgit2/ethomson/readme_v028
CI build fixups
|
|
811c1c0f
|
2019-02-14T00:51:39
|
|
ci: skip ssh tests on macOS
SSH tests on macOS have begun failing for an unknown reason after an
infrastructure upgrade to macOS 10.13.6. Disable those tests
temporarily, until we can resolve it.
|
|
44f82134
|
2019-02-13T11:18:35
|
|
ci: provide more information about OS
Subtle changes in the host OS can have impacts in the CI system that
may be hard to debug. We previously showed the results of `uname` which
can be difficult to interpret. Provide more information where
available.
|
|
6f778351
|
2019-02-13T11:15:12
|
|
README: use correct badge for nightlies
The URL was incorrect for the nightly badge image; it was erroneously
showing the master branch continuous integration build badge.
|
|
f34faaa8
|
2019-02-12T16:45:57
|
|
README: include build badge for v0.28 builds
Include a build badge for `maint/v0.28` builds.
|
|
004a3398
|
2019-01-28T18:31:21
|
|
Allow bypassing check '.keep' files using libgit2 option 'GIT_OPT_IGNORE_PACK_KEEP_FILE_CHECK'
|
|
1a107fac
|
2019-02-02T10:25:54
|
|
Merge pull request #4970 from libgit2/ethomson/0_28
v0.28 rc1
|
|
3fe29c4d
|
2019-01-31T19:10:03
|
|
version: 0.28
|
|
63f96cd0
|
2019-01-31T19:09:42
|
|
changelog: this is 0.28
|
|
214457c6
|
2019-01-31T18:51:36
|
|
Merge pull request #4968 from tiennou/fix/documentation
Docs
|
|
6853a250
|
2019-01-31T14:46:21
|
|
Merge branch 'pks/stream-truncated-writes'
|
|
0ceac0d0
|
2019-01-23T14:45:19
|
|
mbedtls: fix potential size overflow when reading or writing data
The mbedtls library uses a callback mechanism to allow downstream users
to plug in their own receive and send functions. We implement `bio_read`
and `bio_write` functions, which simply wrap the `git_stream_read` and
`git_stream_write` functions, respectively.
The problem arises due to the return value of the callback functions:
mbedtls expects us to return an `int` containing the actual number of
bytes that were read or written. But this is in fact completely
misdesigned, as callers are allowed to pass in a buffer with length
`SIZE_MAX`. We thus may be unable to represent the number of bytes
written via the return value.
Fix this by only ever reading or writing at most `INT_MAX` bytes.
|
|
75918aba
|
2019-01-23T14:43:54
|
|
mbedtls: make global variables static
The mbedtls stream implementation makes use of some global variables
which are not marked as `static`, even though they're only used in this
compilation unit. Fix this and remove a duplicate declaration.
|
|
657197e6
|
2019-01-23T15:54:05
|
|
openssl: fix potential size overflow when writing data
Our `openssl_write` function calls `SSL_write` by passing in both `data`
and `len` arguments directly. Thing is, our `len` parameter is of type
`size_t` and theirs is of type `int`. We thus need to clamp our length
to be at most `INT_MAX`.
|
|
7613086d
|
2019-01-23T15:49:28
|
|
streams: handle short writes only in generic stream
Now that the function `git_stream__write_full` exists and callers of
`git_stream_write` have been adjusted, we can lift logic for short
writes out of the stream implementations. Instead, this is now handled
either by `git_stream__write_full` or by callers of `git_stream_write`
directly.
|
|
5265b31c
|
2019-01-23T15:00:20
|
|
streams: fix callers potentially only writing partial data
Similar to the write(3) function, implementations of `git_stream_write`
do not guarantee that all bytes are written. Instead, they return the
number of bytes that actually have been written, which may be smaller
than the total number of bytes. Furthermore, due to an interface design
issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as
otherwise we cannot represent the number of bytes written to the caller.
Unfortunately, no caller of `git_stream_write` ever checks the return
value, except to verify that no error occurred. Due to this, they are
susceptible to the case where only partial data has been written.
Fix this by introducing a new function `git_stream__write_full`. In
contrast to `git_stream_write`, it will always return either success or
failure, without returning the number of bytes written. Thus, it is able
to write all `SIZE_MAX` bytes and loop around `git_stream_write` until
all data has been written. Adjust all callers except the BIO callbacks
in our mbedtls and OpenSSL streams, which already do the right thing and
require the amount of bytes written.
|
|
193e7ce9
|
2019-01-23T15:42:07
|
|
streams: make file-local functions static
The callback functions that implement the `git_stream` structure are
only used inside of their respective implementation files, but they are
not marked as `static`. Fix this.
|
|
9fd9126e
|
2019-01-30T21:19:18
|
|
docs: minor changes
|
|
2f1d6eff
|
2019-01-30T19:59:43
|
|
Merge pull request #4954 from tiennou/fix/documentation
Documentation fixes
|
|
cf14215d
|
2019-01-28T12:41:22
|
|
Merge pull request #4964 from libgit2/ethomson/ci_nightly
ci: add an individual coverity pipeline
|
|
52a97eed
|
2019-01-28T12:16:50
|
|
ci: add coverity badge to the README
|
|
0cf5b6b1
|
2019-01-28T10:48:49
|
|
ci: ignore coverity failures in nightly runs
Coverity is back but it's only read-only! Agh. Just allow it to fail
and not impact the overall job run.
|
|
690e55e0
|
2019-01-04T19:09:42
|
|
repo: split git_repository_open_flag_t options documentation inline
|
|
f6412c26
|
2019-01-15T13:35:41
|
|
transport: enhance documentation
|
|
2964fed0
|
2019-01-15T13:30:42
|
|
docs: document GIT_EUSER/GIT_EPASSTHROUGH
|
|
9e4d421e
|
2019-01-15T11:32:13
|
|
doc: clarify that git_time_t is seconds from the epoch
|
|
e9a34864
|
2019-01-27T22:47:09
|
|
Merge pull request #4961 from libgit2/ethomson/ci_docurium
ci: run docurium to create documentation
|
|
92b52f36
|
2019-01-27T22:46:53
|
|
Merge pull request #4962 from libgit2/ethomson/ci_nightly
ci: return coverity to the nightlies
|
|
08d71f72
|
2019-01-27T22:46:07
|
|
ci: return coverity to the nightlies
|
|
b1e28625
|
2019-01-26T19:43:33
|
|
Merge pull request #4950 from libgit2/ethomson/warnings
Clean up some warnings
|
|
f56634f8
|
2019-01-26T19:40:19
|
|
Merge pull request #4869 from libgit2/ethomson/ci_nightly
Nightlies: use `latest` docker images
|
|
ace20c6a
|
2019-01-26T16:59:32
|
|
ci: run docurium to create documentation
Run docurium as part of the build. The goal of this is to be able to
evaluate the documentation in a given pull request; as such, this does
not implement any sort of deployment pipeline.
This will allow us to download a snapshot of the documentation from the
CI build and evaluate the docs for a particular pull request; before
it's been merged.
|
|
4a798a91
|
2018-10-28T17:57:53
|
|
nightly: use latest images, not test images
|
|
fac08837
|
2019-01-21T11:38:46
|
|
filter: return an int
Validate that the return value of the read is not less than INT_MAX,
then cast.
|
|
89bd4ddb
|
2019-01-21T11:32:53
|
|
diff_generate: validate oid file size
Index entries are 32 bit unsigned ints, not `size_t`s.
|
|
fd9d4e28
|
2019-01-21T11:29:16
|
|
describe: don't mix and match abbreviated size types
The git_describe_format_options.abbreviated_size type is an unsigned
int. There's no need for it to be anything else; keep it what it is.
|
|
751eb462
|
2019-01-21T11:20:18
|
|
delta: validate sizes and cast safely
Quiet down a warning from MSVC about how we're potentially losing data.
Validate that our data will fit into the type provided then cast.
|
|
4947216f
|
2019-01-21T11:11:27
|
|
git transport: only write INT_MAX bytes
The transport code returns an `int` with the number of bytes written;
thus only attempt to write at most `INT_MAX`.
|
|
a861839d
|
2019-01-21T10:55:59
|
|
windows: add SSIZE_MAX
Windows doesn't include ssize_t or its _MAX value by default. We are
already declaring ssize_t as SSIZE_T, which is __int64_t on Win64 and
long otherwise. Include its _MAX value as a correspondence to its type.
|
|
f1986a23
|
2019-01-21T09:56:23
|
|
streams: don't write more than SSIZE_MAX
Our streams implementation takes a `size_t` that indicates the length of
the data buffer to be written, and returns an `ssize_t` that indicates
the length that _was_ written. Clearly no such implementation can write
more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation
does not try to write more than `SSIZE_MAX` bytes (or smaller; if the
given implementation takes a smaller size).
|
|
e5e2fac8
|
2019-01-21T00:57:39
|
|
buffer: explicitly cast
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested it.
|
|
f4ebb2d4
|
2019-01-21T00:56:35
|
|
blame: make hunk_cmp handle unsigned differences
|
|
ae681d3f
|
2019-01-21T00:49:07
|
|
apply: make update_hunk accept a size_t
|
|
7ed2baf7
|
2019-01-21T00:41:50
|
|
MSVC: ignore empty compilation units (warning LNK4221)
A number of source files have their implementation #ifdef'd out (because
they target another platform). MSVC warns on empty compilation units
(with warning LNK4221). Ignore warning 4221 when creating the object
library.
|
|
3fba5891
|
2019-01-20T23:53:33
|
|
test: cast to a char the zstream test
|
|
1d4ddb8e
|
2019-01-20T23:42:08
|
|
iterator: cast filesystem iterator entry values explicitly
The filesystem iterator takes `stat` data from disk and puts them into
index entries, which use 32 bit ints for time (the seconds portion) and
filesize. However, on most systems these are not 32 bit, thus will
typically invoke a warning.
Most users ignore these fields entirely. Diff and checkout code do use
the values, however only for the cache to determine if they should check
file modification. Thus, this is not a critical error (and will cause a
hash recomputation at worst).
|
|
f25bb508
|
2019-01-20T23:52:50
|
|
index test: cast times explicitly
Cast actual filesystem data to the int32_t that index entries store.
|
|
c6cac733
|
2019-01-20T22:40:38
|
|
blob: validate that blob sizes fit in a size_t
Our blob size is a `git_off_t`, which is a signed 64 bit int. This may
be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob
size fits into a `size_t` before casting.
|
|
3aa6d96a
|
2019-01-20T20:38:25
|
|
tree: cast filename length in git_tree__parse_raw
Quiet down a warning from MSVC about how we're potentially losing data.
Ensure that we're within a uint16_t before we do.
|
|
759502ed
|
2019-01-20T20:30:42
|
|
odb_loose: explicitly cast to size_t
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested that it's positive and less
than SIZE_MAX.
|
|
80c3867b
|
2019-01-20T19:20:12
|
|
patch: explicitly cast down in parse_header_percent
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested that it's within the range of
0-100.
|
|
494448a5
|
2019-01-20T19:10:08
|
|
index: explicitly cast down to a size_t
Quiet down a warning from MSVC about how we're potentially losing data.
This cast is safe since we've explicitly tested that `strip_len` <=
`last_len`.
|
|
c3866fa8
|
2019-01-20T18:54:16
|
|
diff: explicitly cast in flush_hunk
Quiet down a warning from MSVC about how we're potentially losing data.
|
|
826d9a4d
|
2019-01-25T09:43:20
|
|
Merge pull request #4858 from tiennou/fix/index-ext-read
index: preserve extension parsing errors
|
|
859d9229
|
2019-01-25T09:41:41
|
|
Merge pull request #4952 from libgit2/ethomson/deprecation
Deprecate functions and constants more gently
|
|
c951b825
|
2019-01-23T00:32:40
|
|
deprecation: define GIT_DEPRECATE_HARD internally
Ensure that we do not use any deprecated functions in the library
source, test code or examples.
|
|
9f3a5a64
|
2019-01-23T00:29:03
|
|
deprecation: offer GIT_DEPRECATE_HARD
Users can define `GIT_DEPRECATE_HARD` if they want to remove all
functions that we've "softly" deprecated.
|
|
9c5e05ad
|
2019-01-23T10:43:29
|
|
deprecation: move deprecated tests into their own file
Move the deprecated stream tests into their own compilation unit. This
will allow us to disable any preprocessor directives that apply to
deprecation just for these tests (eg, disabling `GIT_DEPRECATED_HARD`).
|
|
e09f0c10
|
2019-01-23T10:21:42
|
|
deprecation: don't use deprecated stream cb
Avoid the deprecated `git_stream_cb` typedef since we want to compile
the library without deprecated functions or types. Instead, we can
unroll the alias to its actual type.
|
|
09e2ea2f
|
2019-01-23T09:44:40
|
|
deprecation: provide docurium deprecation note
Add `@deprecated` to the functions that are, so that they'll appear that
way in docurium.
|
|
53d13fb3
|
2019-01-23T09:42:55
|
|
deprecation: deprecated stream registration in if guard
`git_stream_register_tls` is now deprecated; mark it in an if guard with
the deprecation.
This should not be included in `deprecated.h` since it is an uncommonly
used `sys` header file.
|
|
769e9274
|
2019-01-23T00:42:22
|
|
deprecation: update changelog to reflect new policies
|
|
a7d0d14f
|
2019-01-23T00:07:40
|
|
deprecation: move deprecated bits to deprecated.h
|
|
1c3daccf
|
2019-01-23T09:51:50
|
|
fuzzers: don't use deprecated types
|
|
cc5da0a6
|
2019-01-23T09:36:52
|
|
examples: don't use deprecated types
|
|
5524a467
|
2019-01-25T09:06:27
|
|
Merge pull request #4957 from csware/deprecated
Don't use deprecated constants
|
|
bff7aed2
|
2019-01-24T16:44:04
|
|
Don't use deprecated constants
Follow up for PR #4917.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
0bf7e043
|
2019-01-24T12:12:04
|
|
index: preserve extension parsing errors
Previously, we would clobber any extension-specific error message with
an "extension is truncated" message. This makes `read_extension`
correctly preserve those errors, takes responsibility for truncation
errors, and adds a new message with the actual extension signature for
unsupported mandatory extensions.
|
|
80be19b9
|
2019-01-24T11:59:48
|
|
Merge pull request #4955 from csware/c4098
Fix VS warning C4098: 'giterr_set_str' : void function returning a value
|
|
53bf0bde
|
2019-01-24T11:29:36
|
|
Fix VS warning C4098: 'giterr_set_str' : void function returning a value
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
635693d3
|
2019-01-22T22:52:06
|
|
Merge pull request #4917 from libgit2/ethomson/giterr
Move `giterr` to `git_error`
|
|
a27a4de6
|
2019-01-10T22:48:03
|
|
errors: update docs for giterr changes
|
|
00c66dfd
|
2019-01-10T22:43:59
|
|
errors: update static analysis tools for giterr
Update GITERR and giterr usages in the static code analysis tools to use
the new names.
|
|
fcc7dcb1
|
2019-01-10T22:39:56
|
|
errors: remove giterr usage in examples
|
|
115a6c50
|
2019-01-10T21:44:26
|
|
errors: remove giterr usage in fuzzers
|
|
f673e232
|
2018-12-27T13:47:34
|
|
git_error: use new names in internal APIs and usage
Move to the `git_error` name in the internal API for error-related
functions.
|
|
647dfdb4
|
2019-01-10T22:13:07
|
|
git_error: deprecate error values
Replace the `GITERR` values with a `const int` to deprecate error
values.
|
|
20961b98
|
2018-12-26T14:06:21
|
|
git_error: use full class name in public error API
Move to the `git_error` name in error-related functions, deprecating the
`giterr` functions. This means, for example, that `giterr_last` is now
`git_error_last`. The old names are retained for compatibility.
This only updates the public API; internal API and function usage
remains unchanged.
|
|
6b2cd0ed
|
2019-01-20T20:55:00
|
|
Merge pull request #4949 from zlikavac32/fix-odb-foreach-cb-positive-error-code
odb: Fix odb foreach to also close on positive error code
|
|
f7416509
|
2019-01-20T20:15:31
|
|
Fix odb foreach to also close on positive error code
In include/git2/odb.h it states that callback can also return
positive value which should break looping.
Implementations of git_odb_foreach() and pack_backend__foreach()
did not respect that.
|
|
68166017
|
2019-01-20T18:33:36
|
|
Merge pull request #4948 from libgit2/ethomson/memleaks
repository: free memory in symlink detection function
|
|
b8b796c1
|
2019-01-20T18:09:43
|
|
repository: free memory in symlink detection function
|
|
1e92a036
|
2019-01-20T17:59:50
|
|
Merge pull request #4947 from libgit2/ethomson/proxyupdate
ci: update poxyproxy, run in quiet mode
|