|
433a1334
|
2022-07-13T21:08:04
|
|
Merge pull request #6191 from libgit2/ethomson/sha256_poc
RFC: SHA256 proof of concept
|
|
3c8a860d
|
2022-07-13T10:19:14
|
|
Merge pull request #6348 from lya001/fix-invalid-branch-name
Fix creation of branches and tags with invalid names
|
|
be08ef7f
|
2022-07-12T22:39:25
|
|
Update src/libgit2/tag.c
|
|
b70dbaa2
|
2022-07-12T22:12:36
|
|
Merge pull request #6347 from libgit2/ethomson/no_pack_v3
pack: don't pretend we support pack files v3
|
|
f6be8c26
|
2022-07-12T22:09:25
|
|
Apply suggestions from code review
|
|
ed24b8ba
|
2022-07-05T23:47:15
|
|
repo: allow users running with sudo to access their repositories
In the ownership checks implemented for CVE-2022-24765, we disallowed
users to access their own repositories when running with `sudo`.
Examine the `SUDO_UID` environment variable and allow users running
with `sudo`. This matches git's behavior.
|
|
af9e0032
|
2022-07-02T10:19:33
|
|
repo: validate gitdir and gitlink ownership
To match git's behavior with CVE 2022-29187, validate not only the
working directory, but also the gitdir and gitlink (if it exists). This
a follow up to CVE-2022-24765 that was fixed earlier.
|
|
760a5acc
|
2022-07-12T15:07:54
|
|
Merge branch 'main' into fix-invalid-branch-name
|
|
4597b869
|
2022-07-08T21:28:15
|
|
pack: don't pretend we support pack files v3
Pack files v3 are introduced in the SHA256 hash transition document
https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt
Obviously we do not support these yet. Stop pretending that we do.
|
|
56aaaf53
|
2022-07-04T16:03:10
|
|
repo: allow admin owned configs by admin users
Allow users in the administrator group to use git configs that are owned
by administrators.
|
|
433f0166
|
2022-07-04T15:20:59
|
|
fs: refactor file ownership checks
Refactor the file ownership checks so that callers can provide discrete
information about the ownership expectations to a single function.
|
|
f51f6646
|
2022-07-02T15:36:07
|
|
Revert "repo: allow administrator to own the configuration"
This reverts commit cdff2f0237f663e0f68155655a8b66d05c1ec716.
This change erroneously allowed system users to own a worktree; this
should only be allowed when the current user is in the Administrator
group on Windows as well.
|
|
50a1f637
|
2022-07-07T00:28:56
|
|
Merge pull request #6334 from i-tengfei/fix-rebase-interactive
fix interactive rebase detect.
|
|
cdcf5b9c
|
2022-07-06T23:19:28
|
|
rebase: formatting fixes
|
|
05b2c89d
|
2022-06-28T21:52:45
|
|
config: use correct git_sysdir_find* function within git_config_find* functions
|
|
8fa58818
|
2022-06-28T04:48:57
|
|
fix interactive rebase detect.
|
|
3847522e
|
2022-06-22T21:14:43
|
|
Merge pull request #6303 from zawata/legacy_buffer_stream_segfault
filter: Fix Segfault
|
|
f887fd60
|
2022-06-22T09:22:50
|
|
copy back git_buf after callback
|
|
6c57bac6
|
2022-06-14T22:29:10
|
|
sha256: make sha256 an experimental optional feature
libgit2 can be built with optional, experimental sha256 support. This
allows consumers to begin testing and providing feedback for our sha256
support while we continue to develop it, and allows us to make API
breaking changes while we iterate on a final sha256 implementation.
The results will be `git2-experimental.dll` and installed as
`git2-experimental.h` to avoid confusion with a production libgit2.
|
|
d1036201
|
2022-06-18T16:10:38
|
|
meta: generated `features.h` is now `git2_features.h`
Linux has a /usr/include/features.h, which gets confusing; update this
to `git2_features.h` and move it into the `util` directory.
|
|
04f34688
|
2022-01-26T13:10:01
|
|
odb_loose: SHA256 support for loose object storage
Teach the loose object database how to cope with SHA256 objects.
|
|
162c996b
|
2022-01-25T13:43:02
|
|
oid: add git_oid_fmt_substr
Tidy up `nfmt` / `pathfmt`.
|
|
4d7ec76c
|
2021-12-12T09:19:25
|
|
odb: add git_odb_loose_backend_options
Move the arguments to `git_odb_loose` into an options structure.
|
|
dbccfc20
|
2022-01-26T13:57:48
|
|
odb: accept an oid type in options
Allow the object database to take an oid type that it supports. This
oid type will be used to validate the objects that the backends provide.
|
|
3eba9181
|
2022-01-26T13:02:49
|
|
odb: add git_odb_options
Users will need to be able to specify the object id type for the given
object database; add a new `git_odb_options` with that option.
|
|
c50b280f
|
2022-01-26T13:08:24
|
|
oid: provide an oid type to hash type map
We intentionally separate oid types from hash types; a hash is a generic
hunk of bytes, an object id has meaning and backs an object on disk. As
a result of this separation, we need a 1:1 mapping.
|
|
0db1c57c
|
2022-01-25T10:32:47
|
|
oid: add sha256 typed oids
|
|
3fbf580c
|
2022-01-23T09:47:01
|
|
oid: give oids a type
`git_oid`s now have a type, and we require the oid type when creating
the object id from creation functions.
|
|
8444b6dc
|
2022-01-26T13:07:28
|
|
odb_hash*: accept the oid type to hash into
The git_odb_hash helper functions should not assume SHA1, and instead
should be given the oid type that they're producing.
|
|
e0a8b4e8
|
2022-06-16T13:26:52
|
|
fix indentation, copy asize
|
|
61838295
|
2022-01-26T16:22:04
|
|
object: move oid header printing to object
|
|
b7a46fa8
|
2022-01-23T12:25:03
|
|
object: move oid header parsing to object
|
|
0b068214
|
2021-12-11T15:34:27
|
|
oid: add functions to inspect oid information
Provide helper functions to provide information about the object id size
given its type.
|
|
0acaf3a8
|
2022-01-17T13:40:37
|
|
oid: define GIT_OID_SHA1_ZERO
Callers should not assume the layout of the oid structure; provide them
a macro that defines the null / zero sha1 object id.
|
|
dbc4ac1c
|
2022-01-22T23:10:03
|
|
oid: `GIT_OID_*SZ` is now `GIT_OID_SHA1_*SIZE`
In preparation for SHA256 support, `GIT_OID_RAWSZ` and `GIT_OID_HEXSZ`
need to indicate that they're the size of _SHA1_ OIDs.
|
|
e2ea138d
|
2022-06-14T08:47:50
|
|
Address feedback
Co-authored-by: Edward Thomson <ethomson@github.com>
|
|
cdff2f02
|
2022-06-13T21:34:01
|
|
repo: allow administrator to own the configuration
Update our ownership checks that were introduced in libgit2 v1.4.3
(to combat CVE 2022-24765). These were not compatible with git's; git
itself allows administrators to own the path. Our checks now match
this behavior.
|
|
7eb7edd4
|
2022-06-12T10:51:13
|
|
Merge pull request #6278 from lhchavez/git_transport_smart_remote_connect_options
transport: introduce `git_transport_smart_remote_connect_options`
|
|
d333dbea
|
2022-06-12T10:40:12
|
|
Merge pull request #6288 from libgit2/cmn/mwindow-simplifications
A couple of simplications around mwindow
|
|
0a7c00be
|
2022-06-11T14:31:16
|
|
Merge remote-tracking branch 'origin/main' into main
|
|
a7541676
|
2022-06-11T14:29:15
|
|
Apply suggestions from code review
Co-authored-by: Edward Thomson <ethomson@github.com>
|
|
28d2ea1d
|
2022-06-11T16:50:56
|
|
Merge pull request #6305 from zawata/fix_refdb_error_msg
refs: fix missing error message
|
|
4f7b568d
|
2022-06-11T16:26:50
|
|
Merge pull request #6291 from libgit2/cmn/midx-no-hash
midx: do not verify the checksum on load
|
|
97954ee5
|
2022-05-20T09:06:50
|
|
Replace bitwise AND 0x7fffffff with XOR 0x80000000.
Though both are correct, this makes it clear that we're dealing with
the same value.
|
|
8a765c72
|
2022-05-19T16:33:57
|
|
midx: fix large object offset table check.
It's insufficient to only check if the offset high order bit is set, we
must also check to see if object_large_offsets are in use.
This bug is causing objects to appear missing because they can't be
found in the index.
|
|
640e8a63
|
2022-05-17T11:01:43
|
|
fix missing error message
|
|
9c3edca5
|
2022-05-13T15:05:05
|
|
Call legacy_write_fn if given
|
|
a3f9617b
|
2022-05-03T14:09:40
|
|
midx: do not verify the checksum on load
This is something we only want to do during explicit verification rather than on
every load.
Verifying does not seem like a big deal when we're running with test workloads
but once your `multi-pack-index` reaches gigabytes, we spend more time hashing
this than doing any work.
|
|
0f594445
|
2022-04-29T10:50:02
|
|
mwindow: use multiplication instesad of conditionals
This is a very verbose way of performing a comparison where we already
have the identity value with both signs. Instead of chainging several
conditions, we can rely on the maths working out.
|
|
55c84333
|
2022-04-29T10:32:45
|
|
mwindow: include both the offset and the extra in the same call
This makes it a bit easier to read while letting the caller specify
how big the hash size is for this particular call.
|
|
3b52e5f5
|
2022-04-18T17:12:27
|
|
Merge pull request #6265 from libgit2/ethomson/sha256_two
sha256: refactoring in preparation for sha256
|
|
1d88605c
|
2022-04-16T08:19:38
|
|
transport: introduce `git_transport_smart_remote_connect_options`
6fc6eeb66c40310086c8f059cae41de69ad4c6da removed
`git_transport_smart_proxy_option`, and there was nothing added to
replace it. That made it hard for custom transports / smart
subtransports to know what remote connect options to use (e.g. proxy
options).
This change introduces `git_transport_smart_remote_connect_options` to
replace it.
|
|
4161ebdd
|
2022-04-11T21:31:25
|
|
repo: make ownership checks optional
Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can
disable repository ownership validation.
|
|
fa366921
|
2022-04-11T15:18:44
|
|
repo: honor safe.directory during ownership checks
Obey the `safe.directory` configuration variable if it is set in the
global or system configuration. (Do not try to load this from the
repository configuration - to avoid malicious repositories that then
mark themselves as safe.)
|
|
f7f7e835
|
2022-04-11T13:04:26
|
|
repo: refactor global config loader function
Pull the global configuration loader out of the symlink check so that it
can be re-used.
|
|
c0dfd1ad
|
2022-04-11T09:56:26
|
|
repo: ensure that repo dir is owned by current user
Ensure that the repository directory is owned by the current user; this
prevents us from opening configuration files that may have been created
by an attacker.
|
|
bf2620bc
|
2022-04-10T21:29:43
|
|
fs_path: refactor ownership checks into current user and system
Provide individual file ownership checks for both the current user and
the system user, as well as a combined current user and system user
check.
|
|
71049b4a
|
2022-01-22T09:03:34
|
|
midx: use raw oid data
A multi-pack index uses raw oid data, use a byte array to index
into them.
|
|
41d4ac51
|
2022-01-22T08:49:06
|
|
index: use raw oid data
The index contains entries with raw oid data, use a byte array for the
raw entry data.
|
|
4fc3ce15
|
2022-01-22T07:46:41
|
|
pack: use raw oid data
A packfile contains arrays of raw oid data, use a byte array to index
into them.
|
|
c2b3b0d8
|
2022-01-21T19:38:13
|
|
commit_graph: use raw oid data
The commit graph contains arrays of raw oid data, use a byte array to
index into them.
|
|
9ffa33a1
|
2022-01-22T08:48:43
|
|
oid: introduce `git_oid_raw_cpy`
Now that oids are type-aware, they use their type to understand how many
bytes to copy. Some callers may need to copy the raw bytes of the
object id.
This is equivalent to a memcpy that is a little more semantic.
|
|
6d8c7cab
|
2022-01-21T19:37:53
|
|
oid: introduce `git_oid_raw_ncmp`
|
|
526e8869
|
2022-01-21T19:17:40
|
|
oid: `hashcmp` is now `raw_cmp`
We will talk about "raw" oids as untyped blobs of data; use a name for
the comparison function that is in keeping with that.
|
|
c569738c
|
2022-01-22T08:55:41
|
|
indexer: write raw id data
Don't write the object id structure, write its raw oid data.
|
|
563751d1
|
2022-01-22T06:42:50
|
|
treecache: write the raw id not the object
We explicitly want to write on the id data, not the beginning of the
object data, which may contain other information in the future.
|
|
831e20ac
|
2022-01-22T06:39:38
|
|
oidmap: hash on the id, not the object
We explicitly want to hash on the id data, not the beginning of the
object data, which may contain other information in the future.
|
|
590ff981
|
2022-01-21T19:49:09
|
|
oid: don't assume the size of an oid
Don't assume that a `git_oid` is a particular size; allocate
`sizeof(git_oid)` instead.
|
|
ab042161
|
2022-01-18T08:12:18
|
|
tree: move git_oid into tree entry
A tree entry previously pointed directly into the object id within the
tree object itself; this is useful to avoid any unnecessary memory copy
(and an unnecessary use of 40 bytes per tree entry) but difficult if we
change the underlying `git_oid` object to not simply be a raw object id
but have additional structure.
This commit moves the `git_oid` directly into the tree entry; this
simplifies the tree entry creation from user data. We now copy the
`git_oid` into place when parsing.
|
|
7e8d9be0
|
2022-04-10T09:45:51
|
|
Merge pull request #6260 from lhchavez/midx-fix-ub
midx: Fix an undefined behavior (left-shift signed overflow)
|
|
606afeda
|
2022-04-10T09:44:41
|
|
Merge pull request #6244 from jorio/fix-diff_delta_format_path-crash
Fix crash when regenerating a patch with unquoted spaces in filename
|
|
71bb92b5
|
2022-04-10T09:25:54
|
|
Update src/libgit2/diff_print.c
|
|
33b1d3fd
|
2022-04-05T13:10:33
|
|
[midx] Fix an undefined behavior (left-shift signed overflow)
There was a missing check to ensure that the `off64_t` (which is a
signed value) didn't overflow when parsing it from the midx file. This
shouldn't have huge repercusions since the parsed value is immediately
validated afterwards, but then again, there is no such thing as "benign"
undefined behavior.
This change makes all the bitwise arithmetic happen with unsigned types
and is only casted to `off64_t` until the very end.
Thanks to Taotao Gu for finding and reporting this!
|
|
a9a7967a
|
2022-03-22T22:16:57
|
|
fetch: support OID refspec without dst
Support the ability to create a refspec that is a single object ID
without a destination.
|
|
ecc722c3
|
2022-03-16T10:25:11
|
|
Fix a string parsing bug when validating extensions from the configuration
As builtin extensions are evaluated in the latter half of `check_valid_extension`, a string `cfg` is concatenated with the static string 'extension.' and the value from `builtin_extension`, before being compared with the configured value. This string is not being cleared while iterating through the names of the extensions. Because there is currently only one extension ('noop'), the bug was never noticible.
This patch corrects the behavior by clearing the string on each iteration, as is done in the first block.
|
|
d427f952
|
2022-03-13T17:40:54
|
|
diff_delta_format_path: handle null filename
This fixes a crash in test cases
test_diff_parse__new_file_with_space_and_regenerate_patch
and
test_diff_parse__delete_file_with_space_and_regenerate_patch
|
|
073e63d0
|
2022-02-27T10:05:24
|
|
object: validate that `odb_obj` was set
|
|
241d838f
|
2022-02-27T10:02:05
|
|
http: skip processing when body is null or 0 length
Mistakenly `&&` when we should have `||`d.
|
|
043a87a0
|
2022-02-27T09:21:53
|
|
refdb: unlock mutex on assertion failure
If we're safely asserting (and returning an error to the caller), we
should still unlock our mutex.
|
|
91ba0896
|
2021-11-15T09:54:00
|
|
cmake: rename git2internal target to libgit2
The `git2internal` target is actually the git library; call it such so
that IDE users have visibility into it.
|
|
d7b49ed4
|
2021-11-15T14:54:17
|
|
cmake: remove unnecessary xcode hack
|
|
5fcfada5
|
2021-11-15T07:45:16
|
|
cmake: document CMakeLists.txt hierarchy
|
|
c3b7ace9
|
2021-11-14T16:43:53
|
|
refactor: make util an object library
Instead of simply including the utility files directly, make them a
cmake object library for easy reusability between other projects within
libgit2.
Now the top-level `src` is responsible for platform selection, while the
next-level `libgit2` and `util` configurations are responsible for
identifying what objects they include.
|
|
ef4ab298
|
2021-11-14T08:47:40
|
|
refactor: `src` is now `src/libgit2`
|