|
168fe39b
|
2018-11-28T14:26:57
|
|
object_type: use new enumeration names
Use the new object_type enumeration names within the codebase.
|
|
52f859fd
|
2018-11-09T19:32:08
|
|
signature: fix out-of-bounds read when parsing timezone offset
When parsing a signature's timezone offset, we first check whether there
is a timezone at all by verifying that there are still bytes left to
read following the time itself. The check thus looks like `time_end + 1
< buffer_end`, which is actually correct in this case. After setting the
timezone's start pointer to that location, we compute the remaining
bytes by using the formula `buffer_end - tz_start + 1`, re-using the
previous `time_end + 1`. But this is in fact missing the braces around
`(tz_start + 1)`, thus leading to an overestimation of the remaining
bytes by a length of two. In case of a non-NUL terminated buffer, this
will result in an overflow.
The function `git_signature__parse` is only used in two locations. First
is `git_signature_from_buffer`, which only accepts a string without a
length. The string thus necessarily has to be NUL terminated and cannot
trigger the issue.
The other function is `git_commit__parse_raw`, which can in fact trigger
the error as it may receive non-NUL terminated commit data. But as
objects read from the ODB are always NUL-terminated by us as a
cautionary measure, it cannot trigger the issue either.
In other words, this error does not have any impact on security.
|
|
9994cd3f
|
2018-06-25T11:56:52
|
|
treewide: remove use of C++ style comments
C++ style comment ("//") are not specified by the ISO C90 standard and
thus do not conform to it. While libgit2 aims to conform to C90, we did
not enforce it until now, which is why quite a lot of these
non-conforming comments have snuck into our codebase. Do a tree-wide
conversion of all C++ style comments to the supported C style comments
to allow us enforcing strict C90 compliance in a later commit.
|
|
ecf4f33a
|
2018-02-08T11:14:48
|
|
Convert usage of `git_buf_free` to new `git_buf_dispose`
|
|
f063dafb
|
2017-11-12T10:56:50
|
|
signature: distinguish +0000 and -0000 UTC offsets
Git considers '-0000' a valid offset for signature lines. They need to
be treated as _not_ equal to a '+0000' signature offset. Parsing a
signature line stores the offset in a signed integer which does not
distinguish between `+0` and `-0`.
This patch adds an additional flag `sign` to the `git_time` in the
`signature` object which is populated with the sign of the offset. In
addition to exposing this information to the user, this information is
also used to compare signatures.
/cc @pks-t @ethomson
|
|
5785ae9b
|
2016-05-04T11:14:17
|
|
Fix initial commit test
`test_commit_commit__create_initial_commit_parent_not_current` was not correctly
testing that `HEAD` was not changed. Now we grab the oid that it was pointing to
before the call to `git_commit_create` and the oid that it's pointing to afterwards
and compare those.
|
|
4f22ccb9
|
2016-05-03T13:32:22
|
|
Add tests for creating an initial commit
|
|
d383c39b
|
2016-04-28T12:47:14
|
|
Introduce `git_signature_from_buffer`
Allow users to construct a signature from the type of signature
lines that actually appear in commits.
|
|
ba349322
|
2016-03-17T06:57:56
|
|
Merge pull request #3673 from libgit2/cmn/commit-with-signature
commit: add function to attach a signature to a commit
|
|
bf804d40
|
2016-03-17T10:45:22
|
|
commit: fix extraction of single-line signatures
The function to extract signatures suffers from a similar bug to the
header field finding one by having an unecessary line feed check as a
break condition of its loop.
Fix that and add a test for this single-line signature situation.
|
|
02d61a3b
|
2016-03-10T10:53:20
|
|
commit: add function to attach a signature to a commit
In combination with the function which creates a commit into a buffer,
this allows us to more easily create signed commits.
|
|
47cb42da
|
2016-03-03T22:56:02
|
|
commit: split creating the commit and writing it out
Sometimes you want to create a commit but not write it out to the
objectdb immediately. For these cases, provide a new function to
retrieve the buffer instead of having to go through the db.
|
|
f2dddf52
|
2016-02-28T15:51:38
|
|
turn on strict object validation by default
|
|
ef63bab3
|
2016-02-23T13:34:35
|
|
git_commit: validate tree and parent ids
When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate
the tree and parent ids given to commit creation functions.
|
|
eadd0f05
|
2016-02-16T14:06:48
|
|
commit: expose the different kinds of errors
We should be checking whether the object we're looking up is a commit,
and we should let the caller know whether the not-found return code
comes from a bad object type or just a missing signature.
|
|
460ae11f
|
2016-02-11T22:19:20
|
|
commit: don't forget the last header field
When we moved the logic to handle the first one, wrong loop logic was
kept in place which meant we still finished early. But we now notice it
because we're not reading past the last LF we find.
This was not noticed before as the last field in the tested commit was
multi-line which does not trigger the early break.
|
|
488e2b85
|
2016-02-09T16:26:58
|
|
Merge pull request #3599 from libgit2/gpgsign
Introduce git_commit_extract_signature
|
|
a65afb75
|
2016-02-08T18:51:13
|
|
Introduce git_commit_extract_signature
This returns the GPG signature for a commit and its contents without the
signature block, allowing for the verification of the commit's
signature.
|
|
f55eca16
|
2016-02-09T07:17:26
|
|
commit: also match the first header field when searching
We were searching only past the first header field, which meant we were
unable to find e.g. `tree` which is the first field.
While here, make sure to set an error message in case we cannot find the
field.
|
|
5951445f
|
2015-12-17T10:13:04
|
|
commit: Fix memory leak in test suite
|
|
7f8fe1d4
|
2015-12-01T10:03:56
|
|
commit: introduce `git_commit_body`
It is already possible to get a commit's summary with the
`git_commit_summary` function. It is not possible to get the
remaining part of the commit message, that is the commit
message's body.
Fix this by introducing a new function `git_commit_body`.
|
|
f5f96a23
|
2015-10-09T10:41:06
|
|
Fix git_commit_summary to convert newlines to spaces even after
whitespace. Collapse spaces around newlines for the summary.
|
|
307c4a2b
|
2015-10-21T11:58:44
|
|
signature: Strip crud just like Git does
|
|
a3f42fe8
|
2015-06-22T15:32:29
|
|
commit: allow retrieving an arbitrary header field
This allows the user to look up fields which we don't parse in libgit2,
and allows them to access gpgsig or mergetag fields if they wish to
check the signature.
|
|
65d69fe8
|
2015-06-11T08:24:58
|
|
commit: ignore multiple author fields
Some tools create multiple author fields. git is rather lax when parsing
them, although fsck does complain about them. This means that they exist
in the wild.
As it's not too taxing to check for them, and there shouldn't be a
noticeable slowdown when dealing with correct commits, add logic to skip
over these extra fields when parsing the commit.
|
|
659cf202
|
2015-01-07T12:23:05
|
|
Remove the signature from ref-modifying functions
The signature for the reflog is not something which changes
dynamically. Almost all uses will be NULL, since we want for the
repository's default identity to be used, making it noise.
In order to allow for changing the identity, we instead provide
git_repository_set_ident() and git_repository_ident() which allow a user
to override the choice of signature.
|
|
76e3c43f
|
2014-09-10T18:13:34
|
|
signature: don't allow empty emails
A signature is made up of a non-empty name and a non-empty email so
let's validate that. This also brings us more in line with git, which
also rejects ident with an empty email.
|
|
0cee70eb
|
2014-07-01T14:09:01
|
|
Introduce cl_assert_equal_oid
|
|
217c029b
|
2014-04-09T14:08:22
|
|
commit: safer commit creation with reference update
The current version of the commit creation and amend function are unsafe
to use when passing the update_ref parameter, as they do not check that
the reference at the moment of update points to what the user expects.
Make sure that we're moving history forward when we ask the library to
update the reference for us by checking that the first parent of the new
commit is the current value of the reference. We also make sure that the
ref we're updating hasn't moved between the read and the write.
Similarly, when amending a commit, make sure that the current tip of the
branch is the commit we're amending.
|
|
0adb0606
|
2014-02-04T15:32:57
|
|
Fix reflog message when creating commits
|
|
238e8149
|
2014-01-22T14:41:04
|
|
Summarize empty messages
|
|
0b28217b
|
2014-01-15T12:51:31
|
|
refs: remove the _with_log differentiation
Any well-behaved program should write a descriptive message to the
reflog whenever it updates a reference. Let's make this more prominent
by removing the version without the reflog parameters.
|
|
300d192f
|
2013-12-02T11:15:27
|
|
Introduce git_revert to revert a single commit
|
|
17820381
|
2013-11-14T14:05:52
|
|
Rename tests-clar to tests
|