Log

Author Commit Date CI Message
Edward Thomson 43dd3700 2022-07-13T20:17:27 meta: update version number to v1.6.0-alpha
Edward Thomson fbea439d 2022-07-13T20:06:59 Merge pull request #6351 from libgit2/ethomson/v1.5.0 v1.5.0
Edward Thomson 20303580 2022-07-07T23:11:36 v1.5: update the changelog
Edward Thomson 2be53a5d 2022-07-07T23:13:23 v1.5: update version numbers
Edward Thomson fb02e339 2022-07-13T12:27:43 meta: update release.yml for security information
Edward Thomson 3c8a860d 2022-07-13T10:19:14 Merge pull request #6348 from lya001/fix-invalid-branch-name Fix creation of branches and tags with invalid names
Edward Thomson be08ef7f 2022-07-12T22:39:25 Update src/libgit2/tag.c
Edward Thomson b70dbaa2 2022-07-12T22:12:36 Merge pull request #6347 from libgit2/ethomson/no_pack_v3 pack: don't pretend we support pack files v3
Edward Thomson f6be8c26 2022-07-12T22:09:25 Apply suggestions from code review
Edward Thomson 53cfad9e 2022-07-12T15:07:11 Merge pull request #6350 from libgit2/ethomson/zlib zlib: update bundled zlib to v1.2.12
Edward Thomson 4ae8704b 2022-07-12T14:42:50 Merge pull request #6349 from libgit2/ethomson/cve-2022-29187 Fixes for CVE 2022-29187
Mark Adler af76267a 2022-03-28T10:50:16 zlib: Silence some warnings from Visual Studio C.
Andrzej Hunt 39ba0ee6 2021-06-04T18:25:19 zlib: slide_hash: add MSAN annotation to suppress known read from uninitialised memory slide_hash knowingly reads (possibly) uninitialised memory, see comment lower down about prev[n] potentially being garbage. In this case, the result is never used - so we don't care about MSAN complaining about this read. By adding the no_sanitize("memory") attribute, clients of zlib won't see this (unnecessary) error when building and running with MemorySanitizer. An alternative approach is for clients to build zlib with -fsanitize-ignorelist=... where the ignorelist contains something like 'fun:slide_hash'. But that's more work and needs to be redone for any and all CI systems running a given project with MSAN. Adding this annotation to zlib's sources is overall more convenient - but also won't affect non-MSAN builds. This specific issue was found while running git's test suite, but has also been reported by other clients, see e.g. #518.
Edward Thomson 6febb7d7 2022-07-06T09:52:22 zlib: declare prototypes for new functions The `crc32_combine_gen64` missed a prototype in our define path. Add one.
Edward Thomson 2db6cdcd 2022-07-06T09:50:55 zlib: updated bundled zlib to v1.2.12
Edward Thomson ed24b8ba 2022-07-05T23:47:15 repo: allow users running with sudo to access their repositories In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior.
Edward Thomson af9e0032 2022-07-02T10:19:33 repo: validate gitdir and gitlink ownership To match git's behavior with CVE 2022-29187, validate not only the working directory, but also the gitdir and gitlink (if it exists). This a follow up to CVE-2022-24765 that was fixed earlier.
Edward Thomson d1001fd0 2022-07-12T14:12:15 Merge pull request #6341 from libgit2/ethomson/ownership2 Fix erroneously lax configuration ownership checks
yuangli 760a5acc 2022-07-12T15:07:54 Merge branch 'main' into fix-invalid-branch-name
yuangli 1912f145 2022-07-11T15:53:35 tests: free resources in invalid tag name test
yuangli 7456e819 2022-07-11T15:42:16 tests: error when create tag with invalid name
yuangli fe9bfec4 2022-07-11T15:35:15 tag: refactor tag name validity checks
yuangli 7560ac4d 2022-07-11T15:25:51 branches: fix error message for invalid name
yuangli 724b5a0e 2022-07-11T15:24:34 tests: rename to follow clar naming convention
yuangli 2e9228e8 2022-07-11T15:23:41 tests: rename test for consistency
yuangli 391afec4 2022-07-11T13:54:38 branch: refactor branch name validity checks
yuangli 71fafae1 2022-07-11T12:03:37 tests: error when create branch with invalid name
yuangli e4f98ac4 2022-07-11T12:00:23 tests: follow clar naming convention
Edward Thomson 4597b869 2022-07-08T21:28:15 pack: don't pretend we support pack files v3 Pack files v3 are introduced in the SHA256 hash transition document https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt Obviously we do not support these yet. Stop pretending that we do.
Edward Thomson 56aaaf53 2022-07-04T16:03:10 repo: allow admin owned configs by admin users Allow users in the administrator group to use git configs that are owned by administrators.
Edward Thomson 5bc01a7d 2022-07-04T16:01:01 fs: allow ownership match if user is in admin group Allow the user ownership to match if the file is owned by the admin group and the user is in the admin group, even if the current process is not running as administrator directly.
Edward Thomson 433f0166 2022-07-04T15:20:59 fs: refactor file ownership checks Refactor the file ownership checks so that callers can provide discrete information about the ownership expectations to a single function.
Edward Thomson df354ec2 2022-07-03T09:07:32 fs: remove mock naming from change ownership constants The file ownership concepts can reflect the actual file ownership, they are not necessarily limited to mocking the interface. Rename them so that they can be more broadly applicable.
Edward Thomson 78af6b5e 2022-07-02T15:21:55 repo: add tests for bare repo permissions Ensure that we test opening a bare repository with odd permissions.
Edward Thomson f51f6646 2022-07-02T15:36:07 Revert "repo: allow administrator to own the configuration" This reverts commit cdff2f0237f663e0f68155655a8b66d05c1ec716. This change erroneously allowed system users to own a worktree; this should only be allowed when the current user is in the Administrator group on Windows as well.
Edward Thomson 92ffdd2c 2022-07-07T09:43:56 Merge pull request #6333 from jpalus/pcre2-detection cmake: drop posix dependency from pcre* detection
Jan Palus 636a2752 2022-06-27T10:04:23 cmake: drop posix dependency from pcre* detection since f585b12 neither PCRE nor PCRE2 backends rely on POSIX regex, so reflect it in library detection logic
Edward Thomson 50a1f637 2022-07-07T00:28:56 Merge pull request #6334 from i-tengfei/fix-rebase-interactive fix interactive rebase detect.
Edward Thomson b34b831c 2022-07-06T23:21:30 Merge pull request #6335 from kcsaul/fix/config-find-system-file Fix internal git_sysdir_find* function usage within public git_config_find* functions
Edward Thomson cdcf5b9c 2022-07-06T23:19:28 rebase: formatting fixes
Edward Thomson c2dc51e8 2022-07-06T23:14:17 Merge pull request #6340 from vishwin/main ntlmclient: LibreSSL 3.5 removed HMAC_CTX_cleanup
Edward Thomson 1a94d97e 2022-07-06T13:33:06 Merge pull request #6343 from libgit2/ethomson/ci ci: update dockerfiles for mbedTLS new url
Edward Thomson 5afc146a 2022-07-06T11:45:08 ci: update dockerfiles for mbedTLS new url Update the new URL for mbedTLS.
Edward Thomson c70035dc 2022-07-06T13:10:29 actions: pass UID and GID to PR builds of dockerfiles
Edward Thomson a2d2769b 2022-07-06T11:14:55 Merge pull request #6342 from libgit2/ethomson/actions_limits CI: limits actions scheduled workflows to the main repo
Edward Thomson 69c1fe0f 2022-07-06T10:47:01 actions: move CodeQL workflow into nightly
Edward Thomson e72af290 2022-07-06T10:45:27 actions: limit secheduled workflows to our main repo Only run scheduled workflows on the main repository; prevents people from using build minutes on their forks.
Charlie Li 628ebbde 2022-07-03T20:44:41 ntlmclient: LibreSSL 3.5 removed HMAC_CTX_cleanup https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt Modify guard to declare dummy function.
Kevin Saul 05b2c89d 2022-06-28T21:52:45 config: use correct git_sysdir_find* function within git_config_find* functions
Tengfei 8fa58818 2022-06-28T04:48:57 fix interactive rebase detect.
Edward Thomson 3847522e 2022-06-22T21:14:43 Merge pull request #6303 from zawata/legacy_buffer_stream_segfault filter: Fix Segfault
John Alden f887fd60 2022-06-22T09:22:50 copy back git_buf after callback
John Alden e0a8b4e8 2022-06-16T13:26:52 fix indentation, copy asize
John Alden e2ea138d 2022-06-14T08:47:50 Address feedback Co-authored-by: Edward Thomson <ethomson@github.com>
Edward Thomson f98dd543 2022-06-13T22:14:37 Merge pull request #6321 from libgit2/ethomson/ownership repo: allow administrator to own the configuration
Edward Thomson 05f21154 2022-06-13T21:56:01 Merge pull request #6322 from libgit2/ethomson/stat status: update documentation for default options
Edward Thomson fb68f180 2022-06-13T21:44:05 status: update documentation for default options
Edward Thomson 70a182c6 2022-06-13T21:38:32 Merge pull request #6320 from libgit2/ethomson/config-docs config: update config entry iteration lifecycle
Edward Thomson cdff2f02 2022-06-13T21:34:01 repo: allow administrator to own the configuration Update our ownership checks that were introduced in libgit2 v1.4.3 (to combat CVE 2022-24765). These were not compatible with git's; git itself allows administrators to own the path. Our checks now match this behavior.
Edward Thomson 1ed1e19a 2022-06-13T21:23:42 config: update config entry iteration lifecycle
Edward Thomson 96c61174 2022-06-13T11:19:55 cmake: only use `getloadavg` where it exists
Edward Thomson 3809ab0e 2022-06-13T10:50:40 cmake: add `gnu` library for Haiku
Edward Thomson 9bc82c8f 2022-06-13T10:46:21 cmake: detect `getentropy` Look for `getentropy` and flag its existence.
Edward Thomson 7eb7edd4 2022-06-12T10:51:13 Merge pull request #6278 from lhchavez/git_transport_smart_remote_connect_options transport: introduce `git_transport_smart_remote_connect_options`
Edward Thomson cc4c37ca 2022-06-12T10:50:43 transport: remove `git_transport_smart_proxy_options` Snuck in during refactoring; let's get rid of it.
Edward Thomson d333dbea 2022-06-12T10:40:12 Merge pull request #6288 from libgit2/cmn/mwindow-simplifications A couple of simplications around mwindow
Edward Thomson 660e6bd5 2022-06-11T21:21:01 Merge pull request #6023 from libgit2/ethomson/clang-format Add a .clang-format with our style
lhchavez 0a7c00be 2022-06-11T14:31:16 Merge remote-tracking branch 'origin/main' into main
lhchavez a7541676 2022-06-11T14:29:15 Apply suggestions from code review Co-authored-by: Edward Thomson <ethomson@github.com>
Edward Thomson 2b28ee77 2022-06-11T16:51:04 Merge pull request #6319 from libgit2/ethomson/progress_32bit CLI: progress updates
Edward Thomson 28d2ea1d 2022-06-11T16:50:56 Merge pull request #6305 from zawata/fix_refdb_error_msg refs: fix missing error message
Edward Thomson 3b8a06c0 2022-06-11T16:50:35 Merge pull request #6287 from SkinnyMind/docs-typos docs: fix couple of typos
Edward Thomson 565a3317 2022-06-11T16:28:12 Merge pull request #6299 from dongcarl/patch-1 revparse: Remove error-prone, redundant test
Edward Thomson 4f7b568d 2022-06-11T16:26:50 Merge pull request #6291 from libgit2/cmn/midx-no-hash midx: do not verify the checksum on load
Edward Thomson 3a737169 2022-06-11T16:14:11 progress: fewer updates about throughput Avoid too much flashing on the console with updates about throughput. Only update throughput once a second.
Edward Thomson 286e7f0a 2022-06-11T16:08:28 cli: show progress on 32 bit machines
Edward Thomson 4f0ee02f 2022-06-11T15:40:10 Merge pull request #6306 from libgit2/ethomson/ci_test Include test results data in CI
Edward Thomson 6bd024aa 2022-06-11T15:38:33 Merge pull request #6309 from ccstolley/ccs_fix_midx_offset midx: fix large offset table check.
Edward Thomson 11b81717 2022-06-11T15:36:37 Merge pull request #6318 from apnadkarni/patch-3 Add link to Tcl bindings for libgit2
Edward Thomson 529aa173 2022-06-11T15:35:42 Merge pull request #6310 from theseion/add-pharo-to-language-bindings chore(docs): Add Pharo to language bindings
apnadkarni f140f69b 2022-06-02T16:15:42 Add link to Tcl bindings for libgit2
Max Leske 25830642 2022-05-22T14:08:34 chore(docs): add Pharo to language bindings
Colin Stolley 97954ee5 2022-05-20T09:06:50 Replace bitwise AND 0x7fffffff with XOR 0x80000000. Though both are correct, this makes it clear that we're dealing with the same value.
Colin Stolley 8a765c72 2022-05-19T16:33:57 midx: fix large object offset table check. It's insufficient to only check if the offset high order bit is set, we must also check to see if object_large_offsets are in use. This bug is causing objects to appear missing because they can't be found in the index.
Edward Thomson 3fada669 2022-05-17T17:15:34 ci: show test results summary
Edward Thomson 8747c004 2022-05-17T14:41:02 ci: upload test result data as artifacts
Edward Thomson fd8d3673 2022-05-17T16:23:14 ci: use uid/gid of actions runner Avoid mismatches between the container uid/gid and the actions runner, build the container with the actions runner's uid/gid
John Alden 640e8a63 2022-05-17T11:01:43 fix missing error message
John Alden 9c3edca5 2022-05-13T15:05:05 Call legacy_write_fn if given
Carl Dong 7f53d7b6 2022-05-09T12:09:08 revparse: Remove error-prone, redundant test Originally introduced in: 776a6a8e5f8e258d31aded73c0ce38df6ac7bdc4 This test case has recently been fixed in bdab22384cc61d315005a65456a9f9563bb27c8f, but that fix will only last for a year. Next year the same problem will crop up and the test will need to be re-edited. This is not ideal as - This test case becomes an unnecessary burden for developers - Downstream distros or even just users who want to build older versions of libgit2 are guaranteed to have this test fail Furthermore, this test case is entirely unnecessary, as the functionality that was originally (see 776a6a8e5f8e258d31aded73c0ce38df6ac7bdc4) intended to be tested is well-covered by subsequent tests which specify a date instead of a "x ago" specification.
Carlos Martín Nieto a3f9617b 2022-05-03T14:09:40 midx: do not verify the checksum on load This is something we only want to do during explicit verification rather than on every load. Verifying does not seem like a big deal when we're running with test workloads but once your `multi-pack-index` reaches gigabytes, we spend more time hashing this than doing any work.
Carlos Martín Nieto bdab2238 2022-05-03T09:28:43 revparse: adjust reflog test as we move away from the dates The dates we use in `refs::revparse::date` has just passed the ten years, so now everything is beyond ten years, leading to an unexpected commit being returned. Adjust it to 11 years so it all looks fine again.
Carlos Martín Nieto 0f594445 2022-04-29T10:50:02 mwindow: use multiplication instesad of conditionals This is a very verbose way of performing a comparison where we already have the identity value with both signs. Instead of chainging several conditions, we can rely on the maths working out.
Carlos Martín Nieto 55c84333 2022-04-29T10:32:45 mwindow: include both the offset and the extra in the same call This makes it a bit easier to read while letting the caller specify how big the hash size is for this particular call.
Aleksey Kulikov 9af5db9a 2022-04-28T17:06:54 docs: fix couple of typos
Edward Thomson 13502d9e 2022-04-25T09:22:02 Merge pull request #6274 from libgit2/ethomson/cli_clone cli: clone
Edward Thomson a1c94e94 2022-04-25T09:15:59 Merge pull request #6277 from cschlack/sys_transport_missing_include Fix missing include
Edward Thomson 70506171 2022-04-25T09:15:11 Merge pull request #6276 from lhchavez/delete-git_transport_smart_proxy_options remote: Delete a now-inexistent API declaration
Edward Thomson c6416100 2022-04-20T09:11:29 ci: map the build folder in container builds Now that the containers all set the user id of the libgit2 build user to the user id of the host runner, we can write to a shared build output volume.
Edward Thomson 06b32a3f 2022-04-20T14:45:44 ci: move centos8 to centos stream CentOS 8 is no longer supported; use CentOS stream.