kmx git

Commit	Date	Message
5fc7d59c	2018-09-11T15:53:35	index: release the snapshot instead of freeing the index Previously we would assert in index_free because the reader incrementation would not be balanced. Release the snapshot normally, so the variable gets decremented before the index is freed. (cherry picked from commit c70713d6e4af563696563e410864eb4a6507757d)
54e7cf7e	2018-08-24T09:53:39	cmake: detect and use libc-provided iconv While most systems provide a separate iconv library against which applications can link, musl based systems do not provide such a library. Instead, iconv functions are directly included in the C library. As our current CMake module to locate the iconv library only checks whether a library exists somewhere in the typical library directories, we will never build libgit2 with libiconv support on such systems. Extend the iconv module to also search whether libc provides iconv functions, which we do by checking whether the `iconv_open` function exists inside of libc. If this is the case, we will default to use the libc provided one instead of trying to use a separate libiconv. While this changes which iconv we use on systems where both libc and an external libiconv exist, to the best of my knowledge common systems only provide either one or the other. Note that libiconv support in musl is held kind of basic. To quote musl libc's page on functional differences from glibc [1]: The iconv implementation musl is very small and oriented towards being unobtrusive to static link. Its character set/encoding coverage is very strong for its size, but not comprehensive like glibc’s. As we assume iconv to be a lot more capable than what musl provides, some of our tests will fail if using iconv on musl-based platforms. [1]: https://wiki.musl-libc.org/functional-differences-from-glibc.html (cherry picked from commit 2e2d8c6493ec4d151c55d7421c93126267ee8e6d)
c0e038a2	2018-08-21T01:12:11	revwalk: The left operand of '<' is a garbage value At line 594, we do this : if (error < 0) return error; but if nothing was pushed in a GIT_SORT_TIME revwalk, we'd return uninitialized stack data. (cherry picked from commit aa8cb5866f1eabd92c8c08f7a8610d42df07375f)
fad59658	2018-08-09T12:48:26	diff: fix OOM on AIX when finding similar deltas in empty diff The function `git_diff_find_similar` keeps a function of cache similarity metrics signatures, whose size depends on the number of deltas passed in via the `diff` parameter. In case where the diff is empty and thus doesn't have any deltas at all, we may end up allocating this cache via a call to `git__calloc(0, sizeof(void *))`. At least on AIX, allocating 0 bytes will result in a `NULL` pointer being returned, which causes us to erroneously return an OOM error. Fix this situation by simply returning early in case where we are being passed an empty diff, as we cannot find any similarities in that case anyway. (cherry picked from commit c65568d8c8c1bf4920393190e862819cd263f439)
f4a7652a	2018-08-14T04:22:14	Fix the test and comment. (cherry picked from commit 6698e0562d0f782903f28c224c879da7c2abf674)
ef7d7def	2018-08-17T00:51:51	worktree: unlock should return 1 when the worktree isn't locked The documentation states that git_worktree_unlock returns 0 on success, and 1 on success if the worktree wasn't locked. Turns out we were returning 0 in any of those cases. (cherry picked from commit 59c2e70eeee8b2bae79d05060599114a5f6d737a)
ef523712	2018-08-14T03:54:01	Write a test. (cherry picked from commit f140950066cf2989912e18ad92ec088f624b8bf2)
831a709d	2018-08-05T14:37:08	Add a comment (cherry picked from commit ec76a1aa43321db2451e747d7a4408e780991c4a)
01b8bbf4	2018-08-21T01:55:56	remote: set the error before cleanup Otherwise we'll return stack data to the caller. (cherry picked from commit 22d013b657c5957fde31641351cb72d08cc192ae)
a5a0347d	2018-08-16T22:45:43	Fix leak in index.c (cherry picked from commit 581d5492f6afdaf31a10e51187466a80ffc9f76f)
ab3f6099	2018-08-05T14:25:22	Don't error on missing section, just continue (cherry picked from commit 019409be004fb73071415750e98db03d33fada47)
9023f8f6	2018-07-22T23:31:19	config_file: Don't crash on options without a section (cherry picked from commit c4d7fa951acd066fd80d83954dd6082c1c7e9e1e)
0fefd899	2018-08-17T15:56:30	util: make the qsort_r check work on macOS This performs a compile-check by using CMake support, to differentiate the GNU version from the BSD version of qsort_r. Module taken from 4f252abea5f1d17c60f6ff115c9c44cc0b6f1df6, which I've checked against CMake 2.8.11. (cherry picked from commit 1a9cc18260b68b149476adb6f39e37ab47d3d21f)
e1295400	2018-08-04T19:30:40	parse: Do not initialize the content in context to NULL String operations in libgit2 are supposed to never receive `NULL`, e.g. they are not `NULL`-save. In the case of `git__linenlen()`, invocation with `NULL` leads to undefined behavior. In a `git_parse_ctx` however, the `content` field used in these operations was initialized to `NULL` if the `git_parse_ctx_init()` was called with `NULL` for `content` or `0` for `content_len`. For the latter case, the initialization function even contained some logic for initializing `content` with `NULL`. This commit mitigates triggering undefined behavior by rewriting the logic. Now `content` is always initialized to a non-null buffer. Instead of a null buffer, an empty string is used for denoting an empty buffer. (cherry picked from commit d1bfe614aa20a0bdaf76c6d418176320ab11baf4)
b8844566	2018-07-27T12:00:37	tree: rename from_tree to validate and clarify the tree in the test (cherry picked from commit f00db9ed67423b04976f8d20b0de2ee1fb7c3993)
c37c6ed8	2018-07-18T21:04:13	tree: accept null ids in existing trees when updating When we add entries to a treebuilder we validate them. But we validate even those that we're adding because they exist in the base tree. This disables using the normal mechanisms on these trees, even to fix them. Keep track of whether the entry we're appending comes from an existing tree and bypass the name and id validation if it's from existing data. (cherry picked from commit 2dff7e282da77f6b791e843ec267d9ddecabc187)
a051bce7	2018-06-18T20:37:18	patch_parse: populate line numbers while parsing diffs (cherry picked from commit f9e28026753f7b6c871a160ad584b2dc2639d30f)
c62c6379	2018-04-20T08:38:50	worktree: a worktree can be made from a bare repository
a7fbb051	2018-04-18T22:40:46	repository: being a worktree means we're not really bare We were previously conflating any error into GIT_ENOTFOUND, which might or might not be correct. This fixes the code so a config error is bubbled up, as well as preserving the semantics in the face of worktree-repositories
68e55c3a	2018-10-26T14:54:54	Merge pull request #4866 from pks-t/pks/v0.27.6-security Release v0.27.6
6b2b63e5	2018-10-18T11:37:10	util: remove unsafe `git__strtol64` function The function `git__strtol64` does not take a maximum buffer length as parameter. This has led to some unsafe usages of this function, and as such we may consider it as being unsafe to use. As we have now eradicated all usages of this function, let's remove it completely to avoid future misuse. (cherry picked from commit 68deb2cc80ef19bf3a1915c26b5308b283a6d69a)
334e6c69	2018-10-18T11:35:08	config: remove last instance of `git__strntol64` When parsing integers from configuration values, we use `git__strtol64`. This is fine to do, as we always sanitize values and can thus be sure that they'll have a terminating `NUL` byte. But as this is the last call-site of `git__strtol64`, let's just pass in the length explicitly by calling `strlen` on the value to be able to remove `git__strtol64` altogether. (cherry picked from commit 1a2efd10bde66f798375e2f47ba57ef00ad5c193)
5ce26b18	2018-10-18T11:32:48	signature: avoid out-of-bounds reads when parsing signature dates We use `git__strtol64` and `git__strtol32` to parse the trailing commit or author date and timezone of signatures. As signatures are usually part of a commit or tag object and thus essentially untrusted data, the buffer may be misformatted and may not be `NUL` terminated. This may lead to an out-of-bounds read. Fix the issue by using `git__strntol64` and `git__strntol32` instead. (cherry picked from commit 3db9aa6f79711103a331a2bbbd044a3c37d4f136)
76e57b4e	2018-10-18T11:29:06	index: avoid out-of-bounds read when reading reuc entry stage We use `git__strtol64` to parse file modes of the index entries, which does not limit the parsed buffer length. As the index can be essentially treated as "untrusted" in that the data stems from the file system, it may be misformatted and may not contain terminating `NUL` bytes. This may lead to out-of-bounds reads when trying to parse index entries with such malformatted modes. Fix the issue by using `git__strntol64` instead. (cherry picked from commit 600ceadd1426b874ae0618651210a690a68b27e9)
4dddcafb	2018-10-18T11:25:59	commit_list: avoid use of strtol64 without length limit When quick-parsing a commit, we use `git__strtol64` to parse the commit's time. The buffer that's passed to `commit_quick_parse` is the raw data of an ODB object, though, whose data may not be properly formatted and also does not have to be `NUL` terminated. This may lead to out-of-bound reads. Use `git__strntol64` to avoid this problem. (cherry picked from commit 1a3fa1f5fafd433bdcf1834426d6963eff532125)
54c02f26	2018-09-20T20:11:36	online::clone: free url and username before resetting Before resetting the url and username, ensure that we free them in case they were set by environment variables. (cherry picked from commit e84914fd30edc6702e368c8ccfc77dc5607c213c)
27469ed3	2018-07-20T21:52:24	push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves. (cherry picked from commit d285de73f9a09bc841b329267d1f61b9c03a7b68)
c8826499	2018-07-20T21:51:36	push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well. (cherry picked from commit dad9988121521ccc2ffff39299ca98dba160b857)
1c02b896	2018-07-20T21:50:58	smart subtransport: free url when resetting stream Free the url field when resetting the stream to avoid leaking it. (cherry picked from commit ca2eb4608243162a13c427e74526b6422d5a6659)
b6998178	2018-10-19T14:10:27	version: bump to v0.27.6
c12975bf	2018-10-19T14:10:11	CHANGELOG: update changelog for v0.27.6
4f0e5f70	2018-10-19T10:29:19	commit: fix reading out of bounds when parsing encoding The commit message encoding is currently being parsed by the `git__prefixcmp` function. As this function does not accept a buffer length, it will happily skip over a buffer's end if it is not `NUL` terminated. Fix the issue by using `git__prefixncmp` instead. Add a test that verifies that we are unable to parse the encoding field if it's cut off by the supplied buffer length. (cherry picked from commit 7655b2d89e8275853d9921dd903dcdad9b3d4a7b)
6e40bb3a	2018-10-19T09:47:50	tag: fix out of bounds read when searching for tag message When parsing tags, we skip all unknown fields that appear before the tag message. This skipping is done by using a plain `strstr(buffer, "\n\n")` to search for the two newlines that separate tag fields from tag message. As it is not possible to supply a buffer length to `strstr`, this call may skip over the buffer's end and thus result in an out of bounds read. As `strstr` may return a pointer that is out of bounds, the following computation of `buffer_end - buffer` will overflow and result in an allocation of an invalid length. Fix the issue by using `git__memmem` instead. Add a test that verifies parsing the tag fails not due to the allocation failure but due to the tag having no message. (cherry picked from commit ee11d47e3d907b66eeff99e0ba1e1c71e05164b7)
ab0d9fb2	2018-10-18T16:08:46	util: provide `git__memmem` function Unfortunately, neither the `memmem` nor the `strnstr` functions are part of any C standard but are merely extensions of C that are implemented by e.g. glibc. Thus, there is no standardized way to search for a string in a block of memory with a limited size, and using `strstr` is to be considered unsafe in case where the buffer has not been sanitized. In fact, there are some uses of `strstr` in exactly that unsafe way in our codebase. Provide a new function `git__memmem` that implements the `memmem` semantics. That is in a given haystack of `n` bytes, search for the occurrence of a byte sequence of `m` bytes and return a pointer to the first occurrence. The implementation chosen is the "Not So Naive" algorithm from [1]. It was chosen as the implementation is comparably simple while still being reasonably efficient in most cases. Preprocessing happens in constant time and space, searching has a time complexity of O(n*m) with a slightly sub-linear average case. [1]: http://www-igm.univ-mlv.fr/~lecroq/string/ (cherry picked from commit 83e8a6b36acc67f2702cbbc7d4e334c7f7737719)
c8e94f84	2018-10-18T15:08:56	util: fix out of bounds read in error message When an integer that is parsed with `git__strntol32` is too big to fit into an int32, we will generate an error message that includes the actual string that failed to parse. This does not acknowledge the fact that the string may either not be NUL terminated or alternative include additional characters after the number that is to be parsed. We may thus end up printing characters into the buffer that aren't the number or, worse, read out of bounds. Fix the issue by utilizing the `endptr` that was set by `git__strntol64`. This pointer is guaranteed to be set to the first character following the number, and we can thus use it to compute the width of the number that shall be printed. Create a test to verify that we correctly truncate the number. (cherry picked from commit ea19efc19fa683d632af3e172868bc4350724813)
0f7663a1	2018-10-18T14:37:55	util: avoid signed integer overflows in `git__strntol64` While `git__strntol64` tries to detect integer overflows when doing the necessary arithmetics to come up with the final result, it does the detection only after the fact. This check thus relies on undefined behavior of signed integer overflows. Fix this by instead checking up-front whether the multiplications or additions will overflow. Note that a detected overflow will not cause us to abort parsing the current sequence of digits. In the case of an overflow, previous behavior was to still set up the end pointer correctly to point to the first character immediately after the currently parsed number. We do not want to change this now as code may rely on the end pointer being set up correctly even if the parsed number is too big to be represented as 64 bit integer. (cherry picked from commit b09c1c7b636c4112e247adc24245c65f3f9478d0)
55f4f235	2018-10-18T12:11:33	tests: core::strtol: test for some more edge-cases Some edge cases were currently completely untested, e.g. parsing numbers greater than INT64_{MIN,MAX}, truncating buffers by length and invalid characters. Add tests to verify that the system under test performs as expected. (cherry picked from commit 39087ab8ef77004c9f3b8984c38a834a6cb238bc)
e2e7a9cb	2018-10-18T12:04:07	util: remove `git__strtol32` The function `git__strtol32` can easily be misused when untrusted data is passed to it that may not have been sanitized with trailing `NUL` bytes. As all usages of this function have now been removed, we can remove this function altogether to avoid future misuse of it. (cherry picked from commit 8d7fa88a9d5011b653035497b0f523e0f177b6a6)
2052a3cd	2018-10-18T11:58:14	global: replace remaining use of `git__strtol32` Replace remaining uses of the `git__strtol32` function. While these uses are all safe as the strings were either sanitized or from a trusted source, we want to remove `git__strtol32` altogether to avoid future misuse. (cherry picked from commit 2613fbb26a3e1a34dda8a5d198c108626cfd6cc3)
61165dd4	2018-10-18T11:43:30	tree-cache: avoid out-of-bound reads when parsing trees We use the `git__strtol32` function to parse the child and entry count of treecaches from the index, which do not accept a buffer length. As the buffer that is being passed in is untrusted data and may thus be malformed and may not contain a terminating `NUL` byte, we can overrun the buffer and thus perform an out-of-bounds read. Fix the issue by uzing `git__strntol32` instead. (cherry picked from commit 21652ee9de439e042cc2e69b208aa2ef8ce31147)
a20b8c21	2018-10-25T14:26:28	ci: fail on test failures PowerShell can _read_ top-level variables in functions, but cannot _update_ top-level variables in functions unless they're explicitly prefixed with `$global`. (cherry picked from commit 0e26717a57169d1222bdebef3f0caa728fd85b75)
a6917dc7	2018-09-17T20:12:59	ci: don't stop on failure Don't stop on test failures; run all the tests, even when a test fails. (cherry picked from commit 429c7f1141f812d266cfd7d33a142871c21f8874)
8f4dc529	2018-09-17T19:57:26	ci: append -r flag to clar on windows Similar to the way we parse the ctest output on POSIX systems, do the same on Windows. This allows us to append the `-r` flag to clar after we've identified the command to run. (cherry picked from commit 7c9769d94799c7bc6341d64e18bbd13bc8993ad6)
2f9b339f	2018-09-11T15:15:26	ci: add SKIP__TESTS for windows builds Introduce SKIP__TEST variables for Windows builds to match POSIX builds. (cherry picked from commit a8301b0c19cc738961604a14b7e132b2b97e064c)
e7a82ec5	2018-09-10T14:59:20	ci: write test result XML Add the clar flags to produce JUnit-style XML output before invocation. (cherry picked from commit fff33a1b65994e1f781f73d06e22d3f8778eff02)
886a0842	2018-09-10T12:36:51	Revert "clar: introduce CLAR_XML option" This reverts commit a2d73f5643814cddf90d5bf489332e14ada89ab8. Using clar to propagate the XML settings was a mistake. (cherry picked from commit 943181c2efe20b705aa40d30197693e7a4c1d0ac)
29922609	2018-09-10T12:27:24	ci: only run the exact named test Our CI test system invokes ctest with the name of the given tests it wishes to invoke. ctest (with the `-R` flag) treats this name as a regular expression. Provide anchors in the regular expression to avoid matching additional tests in this search. (cherry picked from commit 7e353b7a140dade32f1f1db6afd1721cf2c18a4a)
af61ffad	2018-09-18T13:52:08	README: rename "VSTS" to "Azure DevOps" Visual Studio Team Services is now a family of applications named "Azure DevOps". Update the README to refer to it thusly. (cherry picked from commit e2613039b34b9f119ca948c70ba75dd93dc1803f)
a3debcfa	2018-09-18T13:51:25	README: update the build badge to Azure Pipelines VSTS is now a family of components; "Azure Pipelines" is the build and release pipeline application. (cherry picked from commit 464305b74e87bd008cb9b18af632844f16806327)
b79d7cd4	2018-10-12T12:08:53	ci: rename vsts to azure-pipelines (cherry picked from commit d7d0139eb3ef9d306d0229223092a9cac7da1db5)
f5074e28	2018-09-08T18:54:21	clar: iterate errors in report_all / report_errors Instead of trying to have a clever iterator pattern that increments the error number, just iterate over errors in the report errors or report all functions as it's easier to reason about in this fashion. (cherry picked from commit d17e67d08d6e73dbf0daeae5049f92a38c2d8bb6)
f56e1e70	2018-08-27T01:06:37	ci: use more compatible strftime formats Windows lacks %F and %T formats for strftime. Expand them to the year/month/day and hour/minute/second formats, respectively. (cherry picked from commit e595eeb5ab88142b97798ed65e651de6560515e9)
4cf3907a	2018-10-12T12:08:32	ci: use templates for VSTS builds Our build YAML is becoming unweildly and full of copy-pasta. Simplify with templates. (cherry picked from commit 6b2d8f09bc9e5bdf74f98b7470ebc39436be600f)
b974a94f	2018-08-26T17:27:54	ci: explicitly run in the build directory Explicitly run from the build directory, not the source. (I was mistaken about the default working directory for VSTS agents.) (cherry picked from commit 306875bc1c0c4cf82a4feb9436d161750c3f0aad)
b52267b3	2018-08-26T17:12:17	ci: escape xml output path on Windows CMake treats backslashes as escape characters; use forward slashes for the XML output path. (cherry picked from commit f3f2c45ee6d8f46692ebcc71f2ee688868629830)
e46e5191	2018-10-12T12:08:17	ci: upload test results (cherry picked from commit bfcbde5009db3175cb924687d9273e6f7c5aa1b7)
698b0928	2018-07-26T23:02:20	Isolate test reports This makes it possible to keep track of every test status (even successful ones), and their errors, if any. (cherry picked from commit bf9fc126709af948c2a324ceb1b2696046c91cfe)
57f86c22	2018-08-26T15:11:21	clar: refactor explicitly run test behavior Previously, supplying `-s` to explicitly enable some test(s) would run the tests immediately from the argument parser. This forces us to set up the entire clar environment (for example: sandboxing) before argument parsing takes place. Refactor the behavior of `-s` to add the explicitly chosen tests to a list that is executed later. This untangles the argument parsing from the setup lifecycle, allowing us to use the arguments to perform the setup. (cherry picked from commit 90753a96515f85e2d0e79a16d3a06ba5b363c68e)
af405e42	2018-09-03T19:27:30	README: remove travis (cherry picked from commit 76cfeb20fc75f02eee8e1b672889039be282666f)
fc9e051d	2018-08-30T21:53:58	ci: remove travis (cherry picked from commit 6fc946e87025f22315c481509b6658726725b7a4)
ca21af22	2018-08-26T16:07:32	ci: write xml during test runs (cherry picked from commit a84863fc8dfa51cafc1223181e17003383889350)
f42a251c	2018-09-04T14:00:49	clar: remove globals; error-check fprintf/fclose Remove the global summary filename and file pointer; pass them in to the summary functions as needed. Error check the results of buffered I/O calls. (cherry picked from commit b67a93ff81e2fbfcf9ebb52dd15db9aa4e9ca708)
a539205e	2018-08-24T11:23:19	clar: introduce CLAR_XML option Introduce a CLAR_XML option, to run the `ctest` commands with the new `-r` flag to clar. Permitted values are `OFF`, `ON` and a directory to write the XML test results to. (cherry picked from commit a2d73f5643814cddf90d5bf489332e14ada89ab8)
a133caa2	2018-08-26T15:31:14	clar: accept a value for the summary filename Accept an (optional) value for the summary filename. Continues to default to summary.xml. (cherry picked from commit baa5c20d0815441cac2d2135d2b0190cb543e637)
8b68cb23	2018-08-26T15:25:15	clar: don't use a variable named `time` (cherry picked from commit dbebcb04b42047df0d52ad3515077a134c5b7da7)
4c48aeb5	2018-07-27T23:00:09	Barebones JUnit XML output (cherry picked from commit 59f1e477f772c73c76bc654a0853fdcf491a32a7)
564ab8ae	2018-07-26T23:02:34	Documentation (cherry picked from commit 3a9b96311d6f0ff364c6417cf3aab7c9745b18d4)
b3ea4a51	2018-10-12T12:08:00	Update .vsts-ci.yml (cherry picked from commit 7238a1e8c7e6b48439ce553c99b83915cb33b394)
fe56cd6c	2018-08-31T14:07:59	Update .vsts-nightly.yml (cherry picked from commit 40c3a974656a3a9bb0b63e0bb0eb770bb1648303)
75b0142d	2018-08-14T21:26:14	ci: Correct the status code check so Coverity doesn't force-fail Travis Otherwise you get something like Emitted 525 C/C++ compilation units (100%) successfully 525 C/C++ compilation units (100%) are ready for analysis The cov-build utility completed successfully. Build successfully submitted. Received error code 200 from Coverity travis_time:end:14cf6373:start=1534254309066933889,finish=1534254728190974302,duration=419124040413 The command "if [ -n "$COVERITY" ]; then ../ci/coverity.sh; fi" exited with 1. travis_time:start:01ed61d4 $ if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi travis_time:end:01ed61d4:start=1534254728197560961,finish=1534254728202711214,duration=5150253 The command "if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi" exited with 0. Done. Your build exited with 1. (cherry picked from commit 351ca66126b08530d96556eb4521b601c69125e3)
c94dc053	2018-08-09T09:39:39	readme: remove appveyor build badge (cherry picked from commit 658b8e8a59341a7042a839d0417723d494d7b4cb)
bc8a33c4	2018-08-06T16:33:15	ci: remove appveyor (cherry picked from commit 3ce31df3ff34b494a67f7d18dced9930c69883bd)
75ca6092	2018-08-02T14:57:54	ci: add VSTS build badge to README (cherry picked from commit a1ae41b80b56cd49ecec049b7d2509f17596e116)
b609b5cd	2018-08-06T07:13:56	travis: do not execute Coverity analysis for all cron jobs The new Travis cron job gets executed daily, but our current configuration will cause each job to execute our Coverity script instead of the default build and testing scripts. This cannot work, as Coverity is heavily rate-limiting its API, so our cron builds are doomed to always fail. What we want to do instead is execute our normal builds, but add an additional Coverity jobs. This can easily be done by adding another Coverity-specific job with a conditional "type = cron", which sets the "COVERITY" environment variable. Instead of checking the build type, we then simply check whether "COVERITY" is set or not. (cherry picked from commit 0a6c13a239ef5e1427d8317b36c202ca9a580754)
5e1d64ff	2018-08-06T09:12:48	ci: enable compilation with "-Werror" During the conversion of our CI scripts in bf418f09c (ci: refactor unix ci build/test scripts, 2018-07-14), we accidentally dropped the "-DENABLE_WERROR=ON" switch in our cmake invocation. Re-add it to help us catch compiler warnings early. (cherry picked from commit 900846571905cf7a9530d2680c627fde6044db92)
c7f91f39	2018-08-06T12:00:21	odb: fix use of wrong printf formatters The `git_odb_stream` members `declared_size` and `received_bytes` are both of the type `git_off_t`, which we usually defined to be a 64 bit signed integer. Thus, passing these members to "PRIdZ" formatters is not correct, as they are not guaranteed to accept big enough numbers. Instead, use the "PRId64" formatter, which is able to represent 64 bit signed integers. (cherry picked from commit 0fcd05631a1f59e156e613448262800c155e79d0)
25392688	2018-08-02T20:43:21	ci: run VSTS builds on master and maint branches (cherry picked from commit cd7883145f76a24db47dfd911cc8b0b387813c7c)
c4ec76fa	2018-08-02T14:47:03	ci: set PKG_CONFIG_PATH on travis Homebrew's formula for openssl is "keg-only", which means it does not install it into /usr/local. On macOS builds, we need to set PKG_CONFIG_PATH to include it. (cherry picked from commit abf5336304ad7df85bbca2289a61b7799029fa1b)
5953f789	2018-07-29T17:26:44	ci: run coverity from a nightly VSTS build (cherry picked from commit d076db11a84b278e260139269c25fe692930f238)
1f7bb777	2018-07-28T22:29:53	ci: run coverity from travis's cron Instead of trying to run coverity builds during the regular PR process, run them during a regularly scheduled cron process. These only need to run nightly, so it makes sense to bring them out of the PR process. (cherry picked from commit 6b92368c859d0bf0dcdb15ca8bee520e0f4e84f2)
d752ab97	2018-07-27T16:40:44	ci: remove unused old ci scripts (cherry picked from commit 24d175621b7ca6a218c7150ac47ea296f0766fa4)
6f8cc9b5	2018-07-27T12:31:32	ci: move travis to the new scripts (cherry picked from commit 24b8dd8275adb13acc68281c200623f636690666)
ac46b959	2018-07-26T15:14:37	ci: move appveyor to new scripts (cherry picked from commit 465f8b5163cdee708a6ee81a7c210b2a8baedde4)
612d50b5	2018-07-26T15:06:01	ci: use a single setup script for mingw (cherry picked from commit f7bb4ff80bfa5e5173232685b13f143b572f36de)
99a0a733	2018-10-12T12:07:48	ci: use docker containers from libgit2 account (cherry picked from commit 6fb63c9285b79bc2c6b67845273abdc7eaacaa1c)
6fd065f6	2018-10-12T12:07:30	ci: perform clang builds on Linux (cherry picked from commit dc6e80e2ce7c4d1017ce41a67a0df50b29b36cc4)
3676834a	2018-07-25T01:04:55	ci: dissociate test from leaks process The leaks process is not good about handling children. Ensure that its child is `nohup`ed so that the grandparent shell won't wait for it to exit. (cherry picked from commit 6eb97b6ba93019741e7cf6147f0fab05dd3f831d)
8a54e39c	2018-07-21T10:49:23	ci: some additional debugging (cherry picked from commit 230eeda8e464a4675e82007d0c505617a6c243ed)
bc2fec60	2018-07-20T19:47:40	ci: enable leak checking on osx (cherry picked from commit b00672b9e404adb771601408d4b02711085d6f90)
d68c293a	2018-07-20T18:09:38	ci: msvc leak-checking (cherry picked from commit afecd15cf6de53b8a0d28061fd9ffaeac358b91f)
542a403f	2018-07-20T17:20:15	ci: xcode leaks leak-checking (cherry picked from commit 7f12c12394ce3f5b76a32a312461e95fe9e78ce7)
f2087fc7	2018-07-20T14:14:16	buf tests: allocate a smaller size for the oom On Linux (where we run valgrind) allocate a smaller buffer, but still an insanely large size. This will cause malloc to fail but will not cause valgrind to report a likely error with a negative-sized malloc. Keep the original buffer size on non-Linux platforms: this is well-tested on them and changing it may be problematic. On macOS, for example, using the new size causes `malloc` to print a warning to stderr. (cherry picked from commit 219512e7989340d9efae8480fb79c08b91724014)
7c686457	2018-10-12T12:07:09	ci: valgrind leak-checking (cherry picked from commit 6d6700d23860d21e8e5043e5c7689a6ed4d8fc70)
01d00cd9	2018-07-14T12:42:50	ci: introduce vsts builds (cherry picked from commit 67f5304f552a287dd46951b8ef96695f080c5ff2)
4e1218b4	2018-07-14T13:03:16	ci: scripts to setup mingw build environment (cherry picked from commit 9e588060d93da064ca288db021def3d81fa13790)
95c728de	2018-07-14T12:35:02	ci: set up a macos host Script to set up dependencies on a macOS build system. (cherry picked from commit 8734240417a02930593e3a76b56ce6b51441723c)
064b933d	2018-07-14T12:34:05	ci: setup a linux host Sets up a linux host to prepare for a build. (cherry picked from commit 5bb2087b7c60da5c2ce50b9eefeebfbe255c9a0d)
6dceeb74	2018-07-14T12:25:32	ci: improved flexibility for citest.sh Refactor citest.sh to enable local testing by developers. (cherry picked from commit 451b001725e4a97f0a9f1ff1d87a2bf5666850a3)
ab55feee	2018-07-14T12:24:40	ci: refactor unix ci build/test scripts (cherry picked from commit bf418f09ce20f9e70c416288798bd7054a5e28d0)
4609548d	2018-07-14T12:22:47	ci: move tests into citest.ps1 Add citest.ps1 PowerShell script to run the tests. (cherry picked from commit e2cc5b6d9739591703cfb7f04efa84425ed63332)

5fc7d59c

2018-09-11T15:53:35

index: release the snapshot instead of freeing the index Previously we would assert in index_free because the reader incrementation would not be balanced. Release the snapshot normally, so the variable gets decremented before the index is freed. (cherry picked from commit c70713d6e4af563696563e410864eb4a6507757d)

54e7cf7e

2018-08-24T09:53:39

cmake: detect and use libc-provided iconv While most systems provide a separate iconv library against which applications can link, musl based systems do not provide such a library. Instead, iconv functions are directly included in the C library. As our current CMake module to locate the iconv library only checks whether a library exists somewhere in the typical library directories, we will never build libgit2 with libiconv support on such systems. Extend the iconv module to also search whether libc provides iconv functions, which we do by checking whether the `iconv_open` function exists inside of libc. If this is the case, we will default to use the libc provided one instead of trying to use a separate libiconv. While this changes which iconv we use on systems where both libc and an external libiconv exist, to the best of my knowledge common systems only provide either one or the other. Note that libiconv support in musl is held kind of basic. To quote musl libc's page on functional differences from glibc [1]: The iconv implementation musl is very small and oriented towards being unobtrusive to static link. Its character set/encoding coverage is very strong for its size, but not comprehensive like glibc’s. As we assume iconv to be a lot more capable than what musl provides, some of our tests will fail if using iconv on musl-based platforms. [1]: https://wiki.musl-libc.org/functional-differences-from-glibc.html (cherry picked from commit 2e2d8c6493ec4d151c55d7421c93126267ee8e6d)

c0e038a2

2018-08-21T01:12:11

revwalk: The left operand of '<' is a garbage value At line 594, we do this : if (error < 0) return error; but if nothing was pushed in a GIT_SORT_TIME revwalk, we'd return uninitialized stack data. (cherry picked from commit aa8cb5866f1eabd92c8c08f7a8610d42df07375f)

fad59658

2018-08-09T12:48:26

diff: fix OOM on AIX when finding similar deltas in empty diff The function `git_diff_find_similar` keeps a function of cache similarity metrics signatures, whose size depends on the number of deltas passed in via the `diff` parameter. In case where the diff is empty and thus doesn't have any deltas at all, we may end up allocating this cache via a call to `git__calloc(0, sizeof(void *))`. At least on AIX, allocating 0 bytes will result in a `NULL` pointer being returned, which causes us to erroneously return an OOM error. Fix this situation by simply returning early in case where we are being passed an empty diff, as we cannot find any similarities in that case anyway. (cherry picked from commit c65568d8c8c1bf4920393190e862819cd263f439)

f4a7652a

2018-08-14T04:22:14

Fix the test and comment. (cherry picked from commit 6698e0562d0f782903f28c224c879da7c2abf674)

ef7d7def

2018-08-17T00:51:51

worktree: unlock should return 1 when the worktree isn't locked The documentation states that git_worktree_unlock returns 0 on success, and 1 on success if the worktree wasn't locked. Turns out we were returning 0 in any of those cases. (cherry picked from commit 59c2e70eeee8b2bae79d05060599114a5f6d737a)

ef523712

2018-08-14T03:54:01

Write a test. (cherry picked from commit f140950066cf2989912e18ad92ec088f624b8bf2)

831a709d

2018-08-05T14:37:08

Add a comment (cherry picked from commit ec76a1aa43321db2451e747d7a4408e780991c4a)

01b8bbf4

2018-08-21T01:55:56

remote: set the error before cleanup Otherwise we'll return stack data to the caller. (cherry picked from commit 22d013b657c5957fde31641351cb72d08cc192ae)

a5a0347d

2018-08-16T22:45:43

Fix leak in index.c (cherry picked from commit 581d5492f6afdaf31a10e51187466a80ffc9f76f)

ab3f6099

2018-08-05T14:25:22

Don't error on missing section, just continue (cherry picked from commit 019409be004fb73071415750e98db03d33fada47)

9023f8f6

2018-07-22T23:31:19

config_file: Don't crash on options without a section (cherry picked from commit c4d7fa951acd066fd80d83954dd6082c1c7e9e1e)

0fefd899

2018-08-17T15:56:30

util: make the qsort_r check work on macOS This performs a compile-check by using CMake support, to differentiate the GNU version from the BSD version of qsort_r. Module taken from 4f252abea5f1d17c60f6ff115c9c44cc0b6f1df6, which I've checked against CMake 2.8.11. (cherry picked from commit 1a9cc18260b68b149476adb6f39e37ab47d3d21f)

e1295400

2018-08-04T19:30:40

parse: Do not initialize the content in context to NULL String operations in libgit2 are supposed to never receive `NULL`, e.g. they are not `NULL`-save. In the case of `git__linenlen()`, invocation with `NULL` leads to undefined behavior. In a `git_parse_ctx` however, the `content` field used in these operations was initialized to `NULL` if the `git_parse_ctx_init()` was called with `NULL` for `content` or `0` for `content_len`. For the latter case, the initialization function even contained some logic for initializing `content` with `NULL`. This commit mitigates triggering undefined behavior by rewriting the logic. Now `content` is always initialized to a non-null buffer. Instead of a null buffer, an empty string is used for denoting an empty buffer. (cherry picked from commit d1bfe614aa20a0bdaf76c6d418176320ab11baf4)

b8844566

2018-07-27T12:00:37

tree: rename from_tree to validate and clarify the tree in the test (cherry picked from commit f00db9ed67423b04976f8d20b0de2ee1fb7c3993)

c37c6ed8

2018-07-18T21:04:13

tree: accept null ids in existing trees when updating When we add entries to a treebuilder we validate them. But we validate even those that we're adding because they exist in the base tree. This disables using the normal mechanisms on these trees, even to fix them. Keep track of whether the entry we're appending comes from an existing tree and bypass the name and id validation if it's from existing data. (cherry picked from commit 2dff7e282da77f6b791e843ec267d9ddecabc187)

a051bce7

2018-06-18T20:37:18

patch_parse: populate line numbers while parsing diffs (cherry picked from commit f9e28026753f7b6c871a160ad584b2dc2639d30f)

c62c6379

2018-04-20T08:38:50

worktree: a worktree can be made from a bare repository

a7fbb051

2018-04-18T22:40:46

repository: being a worktree means we're not really bare We were previously conflating any error into GIT_ENOTFOUND, which might or might not be correct. This fixes the code so a config error is bubbled up, as well as preserving the semantics in the face of worktree-repositories

68e55c3a

2018-10-26T14:54:54

Merge pull request #4866 from pks-t/pks/v0.27.6-security Release v0.27.6

6b2b63e5

2018-10-18T11:37:10

util: remove unsafe `git__strtol64` function The function `git__strtol64` does not take a maximum buffer length as parameter. This has led to some unsafe usages of this function, and as such we may consider it as being unsafe to use. As we have now eradicated all usages of this function, let's remove it completely to avoid future misuse. (cherry picked from commit 68deb2cc80ef19bf3a1915c26b5308b283a6d69a)

334e6c69

2018-10-18T11:35:08

config: remove last instance of `git__strntol64` When parsing integers from configuration values, we use `git__strtol64`. This is fine to do, as we always sanitize values and can thus be sure that they'll have a terminating `NUL` byte. But as this is the last call-site of `git__strtol64`, let's just pass in the length explicitly by calling `strlen` on the value to be able to remove `git__strtol64` altogether. (cherry picked from commit 1a2efd10bde66f798375e2f47ba57ef00ad5c193)

5ce26b18

2018-10-18T11:32:48

signature: avoid out-of-bounds reads when parsing signature dates We use `git__strtol64` and `git__strtol32` to parse the trailing commit or author date and timezone of signatures. As signatures are usually part of a commit or tag object and thus essentially untrusted data, the buffer may be misformatted and may not be `NUL` terminated. This may lead to an out-of-bounds read. Fix the issue by using `git__strntol64` and `git__strntol32` instead. (cherry picked from commit 3db9aa6f79711103a331a2bbbd044a3c37d4f136)

76e57b4e

2018-10-18T11:29:06

index: avoid out-of-bounds read when reading reuc entry stage We use `git__strtol64` to parse file modes of the index entries, which does not limit the parsed buffer length. As the index can be essentially treated as "untrusted" in that the data stems from the file system, it may be misformatted and may not contain terminating `NUL` bytes. This may lead to out-of-bounds reads when trying to parse index entries with such malformatted modes. Fix the issue by using `git__strntol64` instead. (cherry picked from commit 600ceadd1426b874ae0618651210a690a68b27e9)

4dddcafb

2018-10-18T11:25:59

commit_list: avoid use of strtol64 without length limit When quick-parsing a commit, we use `git__strtol64` to parse the commit's time. The buffer that's passed to `commit_quick_parse` is the raw data of an ODB object, though, whose data may not be properly formatted and also does not have to be `NUL` terminated. This may lead to out-of-bound reads. Use `git__strntol64` to avoid this problem. (cherry picked from commit 1a3fa1f5fafd433bdcf1834426d6963eff532125)

54c02f26

2018-09-20T20:11:36

online::clone: free url and username before resetting Before resetting the url and username, ensure that we free them in case they were set by environment variables. (cherry picked from commit e84914fd30edc6702e368c8ccfc77dc5607c213c)

27469ed3

2018-07-20T21:52:24

push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves. (cherry picked from commit d285de73f9a09bc841b329267d1f61b9c03a7b68)

c8826499

2018-07-20T21:51:36

push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well. (cherry picked from commit dad9988121521ccc2ffff39299ca98dba160b857)

1c02b896

2018-07-20T21:50:58

smart subtransport: free url when resetting stream Free the url field when resetting the stream to avoid leaking it. (cherry picked from commit ca2eb4608243162a13c427e74526b6422d5a6659)

b6998178

2018-10-19T14:10:27

version: bump to v0.27.6

c12975bf

2018-10-19T14:10:11

CHANGELOG: update changelog for v0.27.6

4f0e5f70

2018-10-19T10:29:19

commit: fix reading out of bounds when parsing encoding The commit message encoding is currently being parsed by the `git__prefixcmp` function. As this function does not accept a buffer length, it will happily skip over a buffer's end if it is not `NUL` terminated. Fix the issue by using `git__prefixncmp` instead. Add a test that verifies that we are unable to parse the encoding field if it's cut off by the supplied buffer length. (cherry picked from commit 7655b2d89e8275853d9921dd903dcdad9b3d4a7b)

6e40bb3a

2018-10-19T09:47:50

tag: fix out of bounds read when searching for tag message When parsing tags, we skip all unknown fields that appear before the tag message. This skipping is done by using a plain `strstr(buffer, "\n\n")` to search for the two newlines that separate tag fields from tag message. As it is not possible to supply a buffer length to `strstr`, this call may skip over the buffer's end and thus result in an out of bounds read. As `strstr` may return a pointer that is out of bounds, the following computation of `buffer_end - buffer` will overflow and result in an allocation of an invalid length. Fix the issue by using `git__memmem` instead. Add a test that verifies parsing the tag fails not due to the allocation failure but due to the tag having no message. (cherry picked from commit ee11d47e3d907b66eeff99e0ba1e1c71e05164b7)

ab0d9fb2

2018-10-18T16:08:46

util: provide `git__memmem` function Unfortunately, neither the `memmem` nor the `strnstr` functions are part of any C standard but are merely extensions of C that are implemented by e.g. glibc. Thus, there is no standardized way to search for a string in a block of memory with a limited size, and using `strstr` is to be considered unsafe in case where the buffer has not been sanitized. In fact, there are some uses of `strstr` in exactly that unsafe way in our codebase. Provide a new function `git__memmem` that implements the `memmem` semantics. That is in a given haystack of `n` bytes, search for the occurrence of a byte sequence of `m` bytes and return a pointer to the first occurrence. The implementation chosen is the "Not So Naive" algorithm from [1]. It was chosen as the implementation is comparably simple while still being reasonably efficient in most cases. Preprocessing happens in constant time and space, searching has a time complexity of O(n*m) with a slightly sub-linear average case. [1]: http://www-igm.univ-mlv.fr/~lecroq/string/ (cherry picked from commit 83e8a6b36acc67f2702cbbc7d4e334c7f7737719)

c8e94f84

2018-10-18T15:08:56

util: fix out of bounds read in error message When an integer that is parsed with `git__strntol32` is too big to fit into an int32, we will generate an error message that includes the actual string that failed to parse. This does not acknowledge the fact that the string may either not be NUL terminated or alternative include additional characters after the number that is to be parsed. We may thus end up printing characters into the buffer that aren't the number or, worse, read out of bounds. Fix the issue by utilizing the `endptr` that was set by `git__strntol64`. This pointer is guaranteed to be set to the first character following the number, and we can thus use it to compute the width of the number that shall be printed. Create a test to verify that we correctly truncate the number. (cherry picked from commit ea19efc19fa683d632af3e172868bc4350724813)

0f7663a1

2018-10-18T14:37:55

util: avoid signed integer overflows in `git__strntol64` While `git__strntol64` tries to detect integer overflows when doing the necessary arithmetics to come up with the final result, it does the detection only after the fact. This check thus relies on undefined behavior of signed integer overflows. Fix this by instead checking up-front whether the multiplications or additions will overflow. Note that a detected overflow will not cause us to abort parsing the current sequence of digits. In the case of an overflow, previous behavior was to still set up the end pointer correctly to point to the first character immediately after the currently parsed number. We do not want to change this now as code may rely on the end pointer being set up correctly even if the parsed number is too big to be represented as 64 bit integer. (cherry picked from commit b09c1c7b636c4112e247adc24245c65f3f9478d0)

55f4f235

2018-10-18T12:11:33

tests: core::strtol: test for some more edge-cases Some edge cases were currently completely untested, e.g. parsing numbers greater than INT64_{MIN,MAX}, truncating buffers by length and invalid characters. Add tests to verify that the system under test performs as expected. (cherry picked from commit 39087ab8ef77004c9f3b8984c38a834a6cb238bc)

e2e7a9cb

2018-10-18T12:04:07

util: remove `git__strtol32` The function `git__strtol32` can easily be misused when untrusted data is passed to it that may not have been sanitized with trailing `NUL` bytes. As all usages of this function have now been removed, we can remove this function altogether to avoid future misuse of it. (cherry picked from commit 8d7fa88a9d5011b653035497b0f523e0f177b6a6)

2052a3cd

2018-10-18T11:58:14

global: replace remaining use of `git__strtol32` Replace remaining uses of the `git__strtol32` function. While these uses are all safe as the strings were either sanitized or from a trusted source, we want to remove `git__strtol32` altogether to avoid future misuse. (cherry picked from commit 2613fbb26a3e1a34dda8a5d198c108626cfd6cc3)

61165dd4

2018-10-18T11:43:30

tree-cache: avoid out-of-bound reads when parsing trees We use the `git__strtol32` function to parse the child and entry count of treecaches from the index, which do not accept a buffer length. As the buffer that is being passed in is untrusted data and may thus be malformed and may not contain a terminating `NUL` byte, we can overrun the buffer and thus perform an out-of-bounds read. Fix the issue by uzing `git__strntol32` instead. (cherry picked from commit 21652ee9de439e042cc2e69b208aa2ef8ce31147)

a20b8c21

2018-10-25T14:26:28

ci: fail on test failures PowerShell can _read_ top-level variables in functions, but cannot _update_ top-level variables in functions unless they're explicitly prefixed with `$global`. (cherry picked from commit 0e26717a57169d1222bdebef3f0caa728fd85b75)

a6917dc7

2018-09-17T20:12:59

ci: don't stop on failure Don't stop on test failures; run all the tests, even when a test fails. (cherry picked from commit 429c7f1141f812d266cfd7d33a142871c21f8874)

8f4dc529

2018-09-17T19:57:26

ci: append -r flag to clar on windows Similar to the way we parse the ctest output on POSIX systems, do the same on Windows. This allows us to append the `-r` flag to clar after we've identified the command to run. (cherry picked from commit 7c9769d94799c7bc6341d64e18bbd13bc8993ad6)

2f9b339f

2018-09-11T15:15:26

ci: add SKIP_*_TESTS for windows builds Introduce SKIP_*_TEST variables for Windows builds to match POSIX builds. (cherry picked from commit a8301b0c19cc738961604a14b7e132b2b97e064c)

e7a82ec5

2018-09-10T14:59:20

ci: write test result XML Add the clar flags to produce JUnit-style XML output before invocation. (cherry picked from commit fff33a1b65994e1f781f73d06e22d3f8778eff02)

886a0842

2018-09-10T12:36:51

Revert "clar: introduce CLAR_XML option" This reverts commit a2d73f5643814cddf90d5bf489332e14ada89ab8. Using clar to propagate the XML settings was a mistake. (cherry picked from commit 943181c2efe20b705aa40d30197693e7a4c1d0ac)

29922609

2018-09-10T12:27:24

ci: only run the exact named test Our CI test system invokes ctest with the name of the given tests it wishes to invoke. ctest (with the `-R` flag) treats this name as a regular expression. Provide anchors in the regular expression to avoid matching additional tests in this search. (cherry picked from commit 7e353b7a140dade32f1f1db6afd1721cf2c18a4a)

af61ffad

2018-09-18T13:52:08

README: rename "VSTS" to "Azure DevOps" Visual Studio Team Services is now a family of applications named "Azure DevOps". Update the README to refer to it thusly. (cherry picked from commit e2613039b34b9f119ca948c70ba75dd93dc1803f)

a3debcfa

2018-09-18T13:51:25

README: update the build badge to Azure Pipelines VSTS is now a family of components; "Azure Pipelines" is the build and release pipeline application. (cherry picked from commit 464305b74e87bd008cb9b18af632844f16806327)

b79d7cd4

2018-10-12T12:08:53

ci: rename vsts to azure-pipelines (cherry picked from commit d7d0139eb3ef9d306d0229223092a9cac7da1db5)

f5074e28

2018-09-08T18:54:21

clar: iterate errors in report_all / report_errors Instead of trying to have a clever iterator pattern that increments the error number, just iterate over errors in the report errors or report all functions as it's easier to reason about in this fashion. (cherry picked from commit d17e67d08d6e73dbf0daeae5049f92a38c2d8bb6)

f56e1e70

2018-08-27T01:06:37

ci: use more compatible strftime formats Windows lacks %F and %T formats for strftime. Expand them to the year/month/day and hour/minute/second formats, respectively. (cherry picked from commit e595eeb5ab88142b97798ed65e651de6560515e9)

4cf3907a

2018-10-12T12:08:32

ci: use templates for VSTS builds Our build YAML is becoming unweildly and full of copy-pasta. Simplify with templates. (cherry picked from commit 6b2d8f09bc9e5bdf74f98b7470ebc39436be600f)

b974a94f

2018-08-26T17:27:54

ci: explicitly run in the build directory Explicitly run from the build directory, not the source. (I was mistaken about the default working directory for VSTS agents.) (cherry picked from commit 306875bc1c0c4cf82a4feb9436d161750c3f0aad)

b52267b3

2018-08-26T17:12:17

ci: escape xml output path on Windows CMake treats backslashes as escape characters; use forward slashes for the XML output path. (cherry picked from commit f3f2c45ee6d8f46692ebcc71f2ee688868629830)

e46e5191

2018-10-12T12:08:17

ci: upload test results (cherry picked from commit bfcbde5009db3175cb924687d9273e6f7c5aa1b7)

698b0928

2018-07-26T23:02:20

Isolate test reports This makes it possible to keep track of every test status (even successful ones), and their errors, if any. (cherry picked from commit bf9fc126709af948c2a324ceb1b2696046c91cfe)

57f86c22

2018-08-26T15:11:21

clar: refactor explicitly run test behavior Previously, supplying `-s` to explicitly enable some test(s) would run the tests immediately from the argument parser. This forces us to set up the entire clar environment (for example: sandboxing) before argument parsing takes place. Refactor the behavior of `-s` to add the explicitly chosen tests to a list that is executed later. This untangles the argument parsing from the setup lifecycle, allowing us to use the arguments to perform the setup. (cherry picked from commit 90753a96515f85e2d0e79a16d3a06ba5b363c68e)

af405e42

2018-09-03T19:27:30

README: remove travis (cherry picked from commit 76cfeb20fc75f02eee8e1b672889039be282666f)

fc9e051d

2018-08-30T21:53:58

ci: remove travis (cherry picked from commit 6fc946e87025f22315c481509b6658726725b7a4)

ca21af22

2018-08-26T16:07:32

ci: write xml during test runs (cherry picked from commit a84863fc8dfa51cafc1223181e17003383889350)

f42a251c

2018-09-04T14:00:49

clar: remove globals; error-check fprintf/fclose Remove the global summary filename and file pointer; pass them in to the summary functions as needed. Error check the results of buffered I/O calls. (cherry picked from commit b67a93ff81e2fbfcf9ebb52dd15db9aa4e9ca708)

a539205e

2018-08-24T11:23:19

clar: introduce CLAR_XML option Introduce a CLAR_XML option, to run the `ctest` commands with the new `-r` flag to clar. Permitted values are `OFF`, `ON` and a directory to write the XML test results to. (cherry picked from commit a2d73f5643814cddf90d5bf489332e14ada89ab8)

a133caa2

2018-08-26T15:31:14

clar: accept a value for the summary filename Accept an (optional) value for the summary filename. Continues to default to summary.xml. (cherry picked from commit baa5c20d0815441cac2d2135d2b0190cb543e637)

8b68cb23

2018-08-26T15:25:15

clar: don't use a variable named `time` (cherry picked from commit dbebcb04b42047df0d52ad3515077a134c5b7da7)

4c48aeb5

2018-07-27T23:00:09

Barebones JUnit XML output (cherry picked from commit 59f1e477f772c73c76bc654a0853fdcf491a32a7)

564ab8ae

2018-07-26T23:02:34

Documentation (cherry picked from commit 3a9b96311d6f0ff364c6417cf3aab7c9745b18d4)

b3ea4a51

2018-10-12T12:08:00

Update .vsts-ci.yml (cherry picked from commit 7238a1e8c7e6b48439ce553c99b83915cb33b394)

fe56cd6c

2018-08-31T14:07:59

Update .vsts-nightly.yml (cherry picked from commit 40c3a974656a3a9bb0b63e0bb0eb770bb1648303)

75b0142d

2018-08-14T21:26:14

ci: Correct the status code check so Coverity doesn't force-fail Travis Otherwise you get something like Emitted 525 C/C++ compilation units (100%) successfully 525 C/C++ compilation units (100%) are ready for analysis The cov-build utility completed successfully. Build successfully submitted. Received error code 200 from Coverity travis_time:end:14cf6373:start=1534254309066933889,finish=1534254728190974302,duration=419124040413 The command "if [ -n "$COVERITY" ]; then ../ci/coverity.sh; fi" exited with 1. travis_time:start:01ed61d4 $ if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi travis_time:end:01ed61d4:start=1534254728197560961,finish=1534254728202711214,duration=5150253 The command "if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi" exited with 0. Done. Your build exited with 1. (cherry picked from commit 351ca66126b08530d96556eb4521b601c69125e3)

c94dc053

2018-08-09T09:39:39

readme: remove appveyor build badge (cherry picked from commit 658b8e8a59341a7042a839d0417723d494d7b4cb)

bc8a33c4

2018-08-06T16:33:15

ci: remove appveyor (cherry picked from commit 3ce31df3ff34b494a67f7d18dced9930c69883bd)

75ca6092

2018-08-02T14:57:54

ci: add VSTS build badge to README (cherry picked from commit a1ae41b80b56cd49ecec049b7d2509f17596e116)

b609b5cd

2018-08-06T07:13:56

travis: do not execute Coverity analysis for all cron jobs The new Travis cron job gets executed daily, but our current configuration will cause each job to execute our Coverity script instead of the default build and testing scripts. This cannot work, as Coverity is heavily rate-limiting its API, so our cron builds are doomed to always fail. What we want to do instead is execute our normal builds, but add an additional Coverity jobs. This can easily be done by adding another Coverity-specific job with a conditional "type = cron", which sets the "COVERITY" environment variable. Instead of checking the build type, we then simply check whether "COVERITY" is set or not. (cherry picked from commit 0a6c13a239ef5e1427d8317b36c202ca9a580754)

5e1d64ff

2018-08-06T09:12:48

ci: enable compilation with "-Werror" During the conversion of our CI scripts in bf418f09c (ci: refactor unix ci build/test scripts, 2018-07-14), we accidentally dropped the "-DENABLE_WERROR=ON" switch in our cmake invocation. Re-add it to help us catch compiler warnings early. (cherry picked from commit 900846571905cf7a9530d2680c627fde6044db92)

c7f91f39

2018-08-06T12:00:21

odb: fix use of wrong printf formatters The `git_odb_stream` members `declared_size` and `received_bytes` are both of the type `git_off_t`, which we usually defined to be a 64 bit signed integer. Thus, passing these members to "PRIdZ" formatters is not correct, as they are not guaranteed to accept big enough numbers. Instead, use the "PRId64" formatter, which is able to represent 64 bit signed integers. (cherry picked from commit 0fcd05631a1f59e156e613448262800c155e79d0)

25392688

2018-08-02T20:43:21

ci: run VSTS builds on master and maint branches (cherry picked from commit cd7883145f76a24db47dfd911cc8b0b387813c7c)

c4ec76fa

2018-08-02T14:47:03

ci: set PKG_CONFIG_PATH on travis Homebrew's formula for openssl is "keg-only", which means it does not install it into /usr/local. On macOS builds, we need to set PKG_CONFIG_PATH to include it. (cherry picked from commit abf5336304ad7df85bbca2289a61b7799029fa1b)

5953f789

2018-07-29T17:26:44

ci: run coverity from a nightly VSTS build (cherry picked from commit d076db11a84b278e260139269c25fe692930f238)

1f7bb777

2018-07-28T22:29:53

ci: run coverity from travis's cron Instead of trying to run coverity builds during the regular PR process, run them during a regularly scheduled cron process. These only need to run nightly, so it makes sense to bring them out of the PR process. (cherry picked from commit 6b92368c859d0bf0dcdb15ca8bee520e0f4e84f2)

d752ab97

2018-07-27T16:40:44

ci: remove unused old ci scripts (cherry picked from commit 24d175621b7ca6a218c7150ac47ea296f0766fa4)

6f8cc9b5

2018-07-27T12:31:32

ci: move travis to the new scripts (cherry picked from commit 24b8dd8275adb13acc68281c200623f636690666)

ac46b959

2018-07-26T15:14:37

ci: move appveyor to new scripts (cherry picked from commit 465f8b5163cdee708a6ee81a7c210b2a8baedde4)

612d50b5

2018-07-26T15:06:01

ci: use a single setup script for mingw (cherry picked from commit f7bb4ff80bfa5e5173232685b13f143b572f36de)

99a0a733

2018-10-12T12:07:48

ci: use docker containers from libgit2 account (cherry picked from commit 6fb63c9285b79bc2c6b67845273abdc7eaacaa1c)

6fd065f6

2018-10-12T12:07:30

ci: perform clang builds on Linux (cherry picked from commit dc6e80e2ce7c4d1017ce41a67a0df50b29b36cc4)

3676834a

2018-07-25T01:04:55

ci: dissociate test from leaks process The leaks process is not good about handling children. Ensure that its child is `nohup`ed so that the grandparent shell won't wait for it to exit. (cherry picked from commit 6eb97b6ba93019741e7cf6147f0fab05dd3f831d)

8a54e39c

2018-07-21T10:49:23

ci: some additional debugging (cherry picked from commit 230eeda8e464a4675e82007d0c505617a6c243ed)

bc2fec60

2018-07-20T19:47:40

ci: enable leak checking on osx (cherry picked from commit b00672b9e404adb771601408d4b02711085d6f90)

d68c293a

2018-07-20T18:09:38

ci: msvc leak-checking (cherry picked from commit afecd15cf6de53b8a0d28061fd9ffaeac358b91f)

542a403f

2018-07-20T17:20:15

ci: xcode leaks leak-checking (cherry picked from commit 7f12c12394ce3f5b76a32a312461e95fe9e78ce7)

f2087fc7

2018-07-20T14:14:16

buf tests: allocate a smaller size for the oom On Linux (where we run valgrind) allocate a smaller buffer, but still an insanely large size. This will cause malloc to fail but will not cause valgrind to report a likely error with a negative-sized malloc. Keep the original buffer size on non-Linux platforms: this is well-tested on them and changing it may be problematic. On macOS, for example, using the new size causes `malloc` to print a warning to stderr. (cherry picked from commit 219512e7989340d9efae8480fb79c08b91724014)

7c686457

2018-10-12T12:07:09

ci: valgrind leak-checking (cherry picked from commit 6d6700d23860d21e8e5043e5c7689a6ed4d8fc70)

01d00cd9

2018-07-14T12:42:50

ci: introduce vsts builds (cherry picked from commit 67f5304f552a287dd46951b8ef96695f080c5ff2)

4e1218b4

2018-07-14T13:03:16

ci: scripts to setup mingw build environment (cherry picked from commit 9e588060d93da064ca288db021def3d81fa13790)

95c728de

2018-07-14T12:35:02

ci: set up a macos host Script to set up dependencies on a macOS build system. (cherry picked from commit 8734240417a02930593e3a76b56ce6b51441723c)

064b933d

2018-07-14T12:34:05

ci: setup a linux host Sets up a linux host to prepare for a build. (cherry picked from commit 5bb2087b7c60da5c2ce50b9eefeebfbe255c9a0d)

6dceeb74

2018-07-14T12:25:32

ci: improved flexibility for citest.sh Refactor citest.sh to enable local testing by developers. (cherry picked from commit 451b001725e4a97f0a9f1ff1d87a2bf5666850a3)

ab55feee

2018-07-14T12:24:40

ci: refactor unix ci build/test scripts (cherry picked from commit bf418f09ce20f9e70c416288798bd7054a5e28d0)

4609548d

2018-07-14T12:22:47

ci: move tests into citest.ps1 Add citest.ps1 PowerShell script to run the tests. (cherry picked from commit e2cc5b6d9739591703cfb7f04efa84425ed63332)

thodg/libgit2

Log