kmx git

Commit	Date	Message
6062032e	2018-01-16T20:54:05	try and fix windows build
d43974fb	2018-01-16T13:40:26	Change trailer API to return a simple array
5734768b	2018-01-10T19:19:34	Merge remote-tracking branch 'origin/master' into charliesome/trailer-info
f1323d9c	2018-01-10T18:19:09	Merge pull request #4472 from libgit2/ethomson/libgit2deps_azure travis: fetch trusty dependencies from Bintray
6e748130	2018-01-10T15:13:23	travis: we use bintray's own key for signing The VM on Travis apparently will still proceed, but it's good practice.
da9898ab	2018-01-10T12:33:56	travis: fetch trusty dependencies from bintray The trusty dependencies are now hosted on Bintray.
0b967396	2018-01-10T12:45:41	Merge pull request #4471 from libgit2/cmn/cmake-feature-302 cmake: use a FEATURE_SUMMARY call compatible with 3.0.2
6d452600	2018-01-10T11:52:15	cmake: use a FEATURE_SUMMARY call compatible with 3.0.2 When we print features, we make an effort to support all the way back to pre-3.0. However, in the code for versions from 3 onward we call `FEATURE_SUMMARY` with multiple kinds of elements to print in the same line. This is only supported in CMake 3.1 and later, making the rather popular CMake 3.0.2 unable to build the library. Use a single kind of element per invocation. This means we need to provide a "description" text, which CMake provides for us if provide multiple kinds of elements.
a7e36d3d	2018-01-08T13:30:04	Merge pull request #4468 from libgit2/cmn/openssl-pc Make sure to include 'openssl' as a dep when building statically with SHA1DC
b21c5408	2018-01-08T12:33:07	cmake: add openssl to the private deps list when it's the TLS implementation We might want OpenSSL to be the implementation for SHA-1 and/or TLS. If we only want it for TLS (e.g. we're building with the collision-detecting SHA-1 implementation) then we did not indicate this to the systems including us a static library. Add OpenSSL to the list also during the TLS decision to make sure we say we should link to it if we use it for TLS.
b85548ed	2018-01-08T12:30:50	cmake: treat LIBGIT2_PC_REQUIRES as a list It is indeed a list of dependencies for those which include the static archive. This is in preparation for adding two possible places where we might add openssl as a dependency.
ddd36510	2018-01-07T15:40:06	Merge pull request #4467 from libgit2/cmn/static-archive-later cmake: move the rule to find static archives close to building clar
85e40bbf	2018-01-07T12:51:26	cmake: move the rule to find static archives close to building clar If we're building static libraries, we want to use that for building our clar binary. This is done in 49551254 (2017-09-22; cmake: use static dependencies when building static libgit2) but that commit included the rule too early, making it affect the search for iconv, meaning we did not find it when we were building a static libgit2. Move the rule to just before building clar, after we've included the rules for building the library itself. This lets us find and link to the dynamic libiconv.
70db57d4	2018-01-05T15:31:51	Merge pull request #4398 from pks-t/pks/generic-sha1 cmake: allow explicitly choosing SHA1 backend
f4f0e7eb	2018-01-04T08:24:43	switch back to braced array initializers
70aa6146	2017-12-05T08:48:31	cmake: allow explicitly choosing SHA1 backend Right now, if SHA1DC is disabled, the SHA1 backend is mostly chosen based on which system libgit2 is being compiled on and which libraries have been found. To give developers and distributions more choice, enable them to request specific backends by passing in a `-DSHA1_BACKEND=<BACKEND>` option instead. This completely replaces the previous auto-selection.
e7495ce6	2017-12-05T08:47:57	cmake: default to using SHA1DC Upstream git.git has changed their default SHA1 implementation to the collision-detection algorithm SHA1DC in commit e6b07da27 (Makefile: make DC_SHA1 the default, 2017-03-17). To match upstream, align ourselves and switch over to SHA1DC by default.
f315cd14	2018-01-03T18:44:12	make separators const a macro as well
fb29ba09	2018-01-03T18:32:09	remove empty lines between @-lines
1cda43ba	2018-01-03T18:30:04	make comment_line_char const a macro
6bc7301e	2018-01-03T16:16:22	Don't use newer C syntax for declaration in tests
eebc5e0d	2018-01-03T15:15:16	Merge pull request #4257 from pks-t/pks/stale-test Execute stale tests
a223bae5	2018-01-03T14:57:25	Merge pull request #4437 from pks-t/pks/openssl-hash-errors hash: openssl: check return values of SHA1_* functions
399c0b19	2018-01-03T14:55:06	Merge pull request #4462 from pks-t/pks/diff-generated-excessive-stats diff_generate: avoid excessive stats of .gitattribute files
d8896bda	2018-01-03T16:07:36	diff_generate: avoid excessive stats of .gitattribute files When generating a diff between two trees, for each file that is to be diffed we have to determine whether it shall be treated as text or as binary files. While git has heuristics to determine which kind of diff to generate, users can also that default behaviour by setting or unsetting the 'diff' attribute for specific files. Because of that, we have to query gitattributes in order to determine how to diff the current files. Instead of hitting the '.gitattributes' file every time we need to query an attribute, which can get expensive especially on networked file systems, we try to cache them instead. This works perfectly fine for every '.gitattributes' file that is found, but we hit cache invalidation problems when we determine that an attribuse file is _not_ existing. We do create an entry in the cache for missing '.gitattributes' files, but as soon as we hit that file again we invalidate it and stat it again to see if it has now appeared. In the case of diffing large trees with each other, this behaviour is very suboptimal. For each pair of files that is to be diffed, we will repeatedly query every directory component leading towards their respective location for an attributes file. This leads to thousands or even hundreds of thousands of wasted syscalls. The attributes cache already has a mechanism to help in that scenario in form of the `git_attr_session`. As long as the same attributes session is still active, we will not try to re-query the gitmodules files at all but simply retain our currently cached results. To fix our problem, we can create a session at the top-most level, which is the initialization of the `git_diff` structure, and use it in order to look up the correct diff driver. As the `git_diff` structure is used to generate patches for multiple files at once, this neatly solves our problem by retaining the session until patches for all files have been generated. The fix has been tested with linux.git by calling `git_diff_tree_to_tree` and `git_diff_to_buf` with v4.10^{tree} and v4.14^{tree}. \| time \| .gitattributes stats without fix \| 33.201s \| 844614 with fix \| 30.327s \| 4441 While execution only improved by roughly 10%, the stat(3) syscalls for .gitattributes files decreased by 99.5%. The benchmarks were quite simple with best-of-three timings on Linux ext4 systems. One can assume that for network based file systems the performance gain will be a lot larger due to a much higher latency.
30455a56	2018-01-03T13:09:21	Merge pull request #4439 from tiennou/fix/4352 cmake: create a dummy file for Xcode
ba56f781	2018-01-03T12:54:42	streams: openssl: fix thread-safety for OpenSSL error messages The function `ERR_error_string` can be invoked without providing a buffer, in which case OpenSSL will simply return a string printed into a static buffer. Obviously and as documented in ERR_error_string(3), this is not thread-safe at all. As libgit2 is a library, though, it is easily possible that other threads may be using OpenSSL at the same time, which might lead to clobbered error strings. Fix the issue by instead using a stack-allocated buffer. According to the documentation, the caller has to provide a buffer of at least 256 bytes of size. While we do so, make sure that the buffer will never get overflown by switching to `ERR_error_string_n` to specify the buffer's size.
75e1737a	2017-12-08T10:10:19	hash: openssl: check return values of SHA1_* functions The OpenSSL functions `SHA1_Init`, `SHA1_Update` and `SHA1_Final` all return 1 for success and 0 otherwise, but we never check their return values. Do so.
543ec149	2017-06-07T11:06:01	tests: perf: build but exclude performance tests by default Our performance tests (or to be more concrete, our single performance test) are not built by default, as they are always #ifdef'd out. While it is true that we don't want to run performance tests by default, not compiling them at all may cause code rot and is thus an unfavorable approach to handle this. We can easily improve this situation: this commit removes the #ifdef, causing the code to always be compiled. Furthermore, we add `-xperf` to the default command line parameters of `generate.py`, thus causing the tests to be excluded by default. Due to this approach, we are now able to execute the performance tests by passing `-sperf` to `libgit2_clar`. Unfortunately, we cannot execute the performance tests on Travis or AppVeyor as they rely on history being available for the libgit2 repository. As both do a shallow clone only, though, this is not given.
5874e151	2017-11-20T13:26:33	tests: create new test target for all SSH-based tests Some tests shall be run against our own SSH server we spin up in Travis. As those need to be run separate from our previous tests which run against git-daemon, we have to do this in a separate step. Instead of bundling all that knowledge in the CI script, move it into the test build instructions by creating a new test target.
54a1bf05	2017-06-07T13:06:53	tests: online::clone: inline creds-test with nonexistent URL Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.
fea60920	2017-06-07T12:48:48	tests: online::clone: construct credential-URL from environment We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.
b8c14499	2017-06-07T11:00:26	tests: iterator::workdir: fix reference count in stale test The test `iterator::workdir::filesystem_gunk` is usually not executed, as it is guarded by the environment variable "GITTEST_INVASIVE_SPEED" due to its effects on speed. As such, it has become stale and does not account for new references which have meanwhile been added to the testrepo, causing it to fail. Fix this by raising the number of expected references to 15.
9aba7636	2017-06-07T10:59:31	tests: iterator_helpers: assert number of iterator items When the function `expect_iterator_items` surpasses the number of expected items, we simply break the loop. This causes us to trigger an assert later on which has message attached, which is annoying when trying to locate the root error cause. Instead, directly assert that the current count is still smaller or equal to the expected count inside of the loop.
72c28ab0	2017-06-07T10:59:03	tests: status::worktree: indicate skipped tests on Win32 Some function bodies of tests which are not applicable to the Win32 platform are completely #ifdef'd out instead of calling `cl_skip()`. This leaves us with no indication that these tests are not being executed at all and may thus cause decreased scrutiny when investigating skipped tests. Improve the situation by calling `cl_skip()` instead of just doing nothing.
8999f6ac	2017-06-07T11:01:28	travis: build sources with tracing enabled Our tracing architecture is not built by default, causing the Travis CI to not execute some code and skip several tests. As AppVeyor has already enabled the tracing architecture when building the code, we should do the same for Travis CI to have this code being tested on macOS and Linux. Add "-DENABLE_TRACE=ON" to our release-build options of Travis.
4964aea0	2018-01-03T11:28:26	Merge pull request #4456 from libgit2/ethomson/treebuilder_docs docs: git_treebuilder_insert validates entries
98303ea3	2018-01-03T11:27:12	Merge pull request #4457 from libgit2/ethomson/tree_error_messages tree: standard error messages are lowercase
e8bc8558	2018-01-02T13:29:49	Merge remote-tracking branch 'origin/master' into charliesome/trailer-info
7610638e	2018-01-01T17:52:06	Merge pull request #4453 from libgit2/ethomson/spnego winhttp: properly support ntlm and negotiate
2c99011a	2017-12-31T09:33:19	tree: standard error messages are lowercase Our standard error messages begin with a lower case letter so that they can be prefixed or embedded nicely. These error messages were missed during the standardization pass since they use the `tree_error` helper function.
346c1b16	2017-12-31T09:25:42	docs: git_treebuilder_insert validates entries The documentation for `git_treebuilder_insert` erroneously states that we do not validate that the entry being inserted exists. We do, as of https://github.com/libgit2/libgit2/pull/3633. Update the documentation to reflect the new reality.
d6210245	2017-12-30T13:09:43	Merge pull request #4159 from richardipsum/notes-commit Support using notes via a commit rather than a ref
8cdf439b	2017-12-30T13:07:03	Merge pull request #4028 from chescock/improve-local-fetch Transfer fewer objects on push and local fetch
2b7a3393	2017-12-30T12:47:57	Merge pull request #4455 from libgit2/ethomson/branch_symlinks refs: traverse symlinked directories
e14bf97e	2017-12-30T08:09:22	Merge pull request #4443 from libgit2/ethomson/large_loose_blobs Inflate large loose blobs
7a830f28	2017-12-30T00:46:17	refs:iterator: add tests to recurse symlinks Ensure that we can recurse into directories via symbolic links.
9e94b6af	2017-12-30T00:12:46	iterator: cleanups with symlink dir handling Perform some error checking when examining symlink directories.
e9628e7b	2017-10-30T11:38:33	branches: Check symlinked subdirectories Native Git allows symlinked directories under .git/refs. This change allows libgit2 to also look for references that live under symlinked directories. Signed-off-by: Andy Doan <andy@opensourcefoundries.com>
526dea1c	2017-12-29T17:41:24	winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.
083b1a2e	2017-12-28T10:38:31	Merge pull request #4021 from carlosmn/cmn/refspecs-fetchhead FETCH_HEAD and multiple refspecs
c081f0d0	2017-12-26T17:50:59	fetch: go over FETCH_HEAD just once when counting the prefixes in test
1b4fbf2e	2017-11-19T09:47:07	remote: append to FETCH_HEAD rather than overwrite for each refspec We treat each refspec on its own, but the code currently overwrites the contents of FETCH_HEAD so we end up with the entries for the last refspec we processed. Instead, truncate it before performing the updates and append to it when updating the references.
3ccc1a4d	2017-11-19T09:46:02	futils: add a function to truncate a file We want to do this in order to get FETCH_HEAD to be empty when we start updating it due to fetching from the remote.
c0bfda87	2016-12-02T17:36:04	fetch: add a failing test for FETCH_HEAD with multiple fetch refspecs
4110fc84	2017-12-23T23:30:29	Merge pull request #4285 from pks-t/pks/patches-with-whitespace patch_parse: fix parsing unquoted filenames with spaces
d734466c	2017-12-23T16:38:20	Merge pull request #4045 from lhchavez/fix-unpack-double-free Fix unpack double free
c3514b0b	2017-12-23T14:59:07	Fix unpack double free If an element has been cached, but then the call to packfile_unpack_compressed() fails, the very next thing that happens is that its data is freed and then the element is not removed from the cache, which frees the data again. This change sets obj->data to NULL to avoid the double-free. It also stops trying to resolve deltas after two continuous failed rounds of resolution, and adds a test for this.
9f7ad3c5	2017-12-23T10:55:13	Merge pull request #4430 from tiennou/fix/openssl-x509-leak Free OpenSSL peer certificate
30d91760	2017-12-23T10:52:08	Merge pull request #4435 from lhchavez/ubsan-shift-overflow libFuzzer: Prevent a potential shift overflow
1ddc57b3	2017-12-23T10:09:12	Merge pull request #4402 from libgit2/ethomson/iconv cmake: let USE_ICONV be optional on macOS
06f3aa5f	2017-12-23T10:07:44	Merge pull request #4429 from novalis/delete-modify-submodule-merge Do not attempt to check out submodule as blob when merging a submodule modify/deltete conflict
456e5218	2017-12-20T16:13:31	tests: add GITTEST_SLOW env var check Writing very large files may be slow, particularly on inefficient filesystems and when running instrumented code to detect invalid memory accesses (eg within valgrind or similar tools). Introduce `GITTEST_SLOW` so that tests that are slow can be skipped by the CI system.
bdb54214	2017-12-11T16:46:05	hash: commoncrypto hash should support large files Teach the CommonCrypto hash mechanisms to support large files. The hash primitives take a `CC_LONG` (aka `uint32_t`) at a time. So loop to give the hash function at most an unsigned 32 bit's worth of bytes until we have hashed the entire file.
a89560d5	2017-12-10T17:26:43	hash: win32 hash mechanism should support large files Teach the win32 hash mechanisms to support large files. The hash primitives take at most `ULONG_MAX` bytes at a time. Loop, giving the hash function the maximum supported number of bytes, until we have hashed the entire file.
3e6533ba	2017-12-10T17:25:00	odb_loose: reject objects that cannot fit in memory Check the size of objects being read from the loose odb backend and reject those that would not fit in memory with an error message that reflects the actual problem, instead of error'ing later with an unintuitive error message regarding truncation or invalid hashes.
8642feba	2017-12-10T17:23:44	zstream: use UINT_MAX sized chunks Instead of paging to zlib in INT_MAX sized chunks, we can give it as many as UINT_MAX bytes at a time. zlib doesn't care how big a buffer we give it, this simply results in fewer calls into zlib.
ddefea75	2017-11-30T15:55:59	odb: support large loose objects zlib will only inflate/deflate an `int`s worth of data at a time. We need to loop through large files in order to ensure that we inflate the entire file, not just an `int`s worth of data. Thankfully, we already have this loop in our `git_zstream` layer. Handle large objects using the `git_zstream`.
d1e44655	2017-11-30T15:52:47	object: introduce git_object_stringn2type Introduce an internal API to get the object type based on a length-specified (not null terminated) string representation. This can be used to compare the (space terminated) object type name in a loose object. Reimplement `git_object_string2type` based on this API.
dacc3291	2017-11-30T15:49:05	odb: test loose reading/writing large objects Introduce a test for very large objects in the ODB. Write a large object (5 GB) and ensure that the write succeeds and provides us the expected object ID. Introduce a test that writes that file and ensures that we can subsequently read it.
86219f40	2017-11-30T15:40:13	util: introduce `git__prefixncmp` and consolidate implementations Introduce `git_prefixncmp` that will search up to the first `n` characters of a string to see if it is prefixed by another string. This is useful for examining if a non-null terminated character array is prefixed by a particular substring. Consolidate the various implementations of `git__prefixcmp` around a single core implementation and add some test cases to validate its behavior.
b7d36ef4	2017-12-12T12:24:11	zstream: treat `Z_BUF_ERROR` as non-fatal zlib will return `Z_BUF_ERROR` whenever there is more input to inflate or deflate than there is output to store the result. This is normal for us as we iterate through the input, particularly with very large input buffers.
72fbf05c	2017-12-20T15:24:30	trailer: use git__prefixcmp instead of starts_with
13722611	2017-12-20T15:24:23	trailer: remove inline specifier on is_blank_line
e24f3b59	2017-12-19T13:49:55	tests: add message trailer parsing test cases
1c43edca	2017-12-14T18:37:10	message: add routine for parsing trailers from messages This is implemented in trailer.c and borrows a large amount of logic from Git core to ensure compatibility.
a0867242	2017-12-19T00:02:52	Merge pull request #4449 from libgit2/charliesome/git-authors-jonathan-tan Add Jonathan Tan to git.git-authors
1ee0628d	2017-12-19T10:09:44	Add Jonathan Tan to git.git-authors Jonathan has consented via email to have his contributions to git reused in libgit2
fa8cf14f	2017-12-16T21:49:45	Merge pull request #4447 from pks-t/pks/diff-file-contents-refcount-blob diff_file: properly refcount blobs when initializing file contents
8be2a790	2017-12-05T23:21:05	openssl: free the peer certificate Per SSL_get_peer_certificate docs: ``` The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using X509_free(). ```
2518eb81	2017-11-24T14:04:10	openssl: merge all the exit paths of verify_server_cert This makes it easier to cleanup allocated resources on exit.
53f2c6b1	2017-12-15T15:01:50	Simplified overflow condition
2482559d	2017-12-15T05:52:02	Merge pull request #4432 from lhchavez/fix-missing-trailer libFuzzer: Fix missing trailer crash
2388a9e2	2017-12-15T10:47:01	diff_file: properly refcount blobs when initializing file contents When initializing a `git_diff_file_content` from a source whose data is derived from a blob, we simply assign the blob's pointer to the resulting struct without incrementing its refcount. Thus, the structure can only be used as long as the blob is kept alive by the caller. Fix the issue by using `git_blob_dup` instead of a direct assignment. This function will increment the refcount of the blob without allocating new memory, so it does exactly what we want. As `git_diff_file_content__unload` already frees the blob when `GIT_DIFF_FLAG__FREE_BLOB` is set, we don't need to add new code handling the free but only have to set that flag correctly.
c342c131	2017-12-15T04:01:13	Merge pull request #4444 from tiennou/fix/4440 stransport: provide error message on trust failures
4969a672	2017-12-10T02:19:34	cmake: create a dummy file for Xcode Otherwise Xcode will happily not-link our git2 target, resulting in a "missing file" error when building eg. examples
1b2e83a9	2017-12-13T00:19:41	stransport: provide error message on trust failures Fixes #4440
e7fac2af	2017-12-09T05:26:27	Using unsigned instead
c8aaba24	2017-12-06T03:03:18	libFuzzer: Fix missing trailer crash This change fixes an invalid memory access when the trailer is missing / corrupt. Found using libFuzzer.
1bf173c3	2017-12-08T03:02:32	Merge pull request #4431 from lhchavez/fix-stream-leak libFuzzer: Fix a git_packfile_stream leak
28662c13	2017-12-08T06:00:27	libFuzzer: Prevent a potential shift overflow The type of \|base_offset\| in get_delta_base() is `git_off_t`, which is a signed `long`. That means that we need to make sure that the 8 most significant bits are zero (instead of 7) to avoid an overflow when it is shifted by 7 bits. Found using libFuzzer.
400caed3	2017-12-06T03:22:58	libFuzzer: Fix a git_packfile_stream leak This change ensures that the git_packfile_stream object in git_indexer_append() does not leak when the stream has errors. Found using libFuzzer.
2a3e0635	2017-12-04T16:56:07	Do not attempt to check out submodule as blob when merging a submodule modify/deltete conflict
4623c25f	2017-09-23T17:19:58	notes: Add test that read of noteless commit fails
d788f42a	2017-04-09T14:06:23	notes: Rewrite funcs in terms of note_commit funcs
429bb357	2017-12-01T11:45:53	Merge pull request #4318 from Uncommon/amend_status Add git_status_file_at
344b4ead	2017-12-01T11:27:15	Merge pull request #4427 from pks-t/pks/openssl-threadid openssl: fix thread-safety on non-glibc POSIX systems
494a2f23	2017-11-30T21:45:27	Merge pull request #4426 from pks-t/pks/diff-flag-set-fix diff_generate: fix unsetting diff flags
6cf53e8f	2017-11-30T21:41:16	Merge pull request #4424 from tiennou/fix/incorrect-winhttp-cert-payload Use the same cert checking payload in WinHTTP
2d2e70f8	2017-11-30T18:10:28	openssl: fix thread-safety on non-glibc POSIX systems While the OpenSSL library provides all means to work safely in a multi-threaded application, we fail to do so correctly. Quoting from crypto_lock(3): OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set, locking_function and threadid_func. We do in fact provide the means to set up the locking function via `git_openssl_set_locking()`, where we initialize a set of locks by using the POSIX threads API and set the correct callback function to lock and unlock them. But what we do not do is setting the `threadid_func` callback. This function is being used to correctly locate thread-local data of the OpenSSL library and should thus return per-thread identifiers. Digging deeper into OpenSSL's documentation, the library does provide a fallback in case that locking function is not provided by the user. On Windows and BeOS we should be safe, as it simply "uses the system's default thread identifying API". On other platforms though OpenSSL will fall back to using the address of `errno`, assuming it is thread-local. While this assumption holds true for glibc-based systems, POSIX in fact does not specify whether it is thread-local or not. Quoting from errno(3p): It is unspecified whether errno is a macro or an identifier declared with external linkage. And in fact, with musl there is at least one libc implementation which simply declares `errno` as a simple `int` without being thread-local. On those systems, the fallback threadid function of OpenSSL will not be thread-safe. Fix this by setting up our own callback for this setting. As users of libgit2 may want to set it themselves, we obviously cannot always set that function on initialization. But as we already set up primitives for threading in `git_openssl_set_locking()`, this function becomes the obvious choice where to implement the additional setup.

6062032e

2018-01-16T20:54:05

try and fix windows build

d43974fb

2018-01-16T13:40:26

Change trailer API to return a simple array

5734768b

2018-01-10T19:19:34

Merge remote-tracking branch 'origin/master' into charliesome/trailer-info

f1323d9c

2018-01-10T18:19:09

Merge pull request #4472 from libgit2/ethomson/libgit2deps_azure travis: fetch trusty dependencies from Bintray

6e748130

2018-01-10T15:13:23

travis: we use bintray's own key for signing The VM on Travis apparently will still proceed, but it's good practice.

da9898ab

2018-01-10T12:33:56

travis: fetch trusty dependencies from bintray The trusty dependencies are now hosted on Bintray.

0b967396

2018-01-10T12:45:41

Merge pull request #4471 from libgit2/cmn/cmake-feature-302 cmake: use a FEATURE_SUMMARY call compatible with 3.0.2

6d452600

2018-01-10T11:52:15

cmake: use a FEATURE_SUMMARY call compatible with 3.0.2 When we print features, we make an effort to support all the way back to pre-3.0. However, in the code for versions from 3 onward we call `FEATURE_SUMMARY` with multiple kinds of elements to print in the same line. This is only supported in CMake 3.1 and later, making the rather popular CMake 3.0.2 unable to build the library. Use a single kind of element per invocation. This means we need to provide a "description" text, which CMake provides for us if provide multiple kinds of elements.

a7e36d3d

2018-01-08T13:30:04

Merge pull request #4468 from libgit2/cmn/openssl-pc Make sure to include 'openssl' as a dep when building statically with SHA1DC

b21c5408

2018-01-08T12:33:07

cmake: add openssl to the private deps list when it's the TLS implementation We might want OpenSSL to be the implementation for SHA-1 and/or TLS. If we only want it for TLS (e.g. we're building with the collision-detecting SHA-1 implementation) then we did not indicate this to the systems including us a static library. Add OpenSSL to the list also during the TLS decision to make sure we say we should link to it if we use it for TLS.

b85548ed

2018-01-08T12:30:50

cmake: treat LIBGIT2_PC_REQUIRES as a list It is indeed a list of dependencies for those which include the static archive. This is in preparation for adding two possible places where we might add openssl as a dependency.

ddd36510

2018-01-07T15:40:06

Merge pull request #4467 from libgit2/cmn/static-archive-later cmake: move the rule to find static archives close to building clar

85e40bbf

2018-01-07T12:51:26

cmake: move the rule to find static archives close to building clar If we're building static libraries, we want to use that for building our clar binary. This is done in 49551254 (2017-09-22; cmake: use static dependencies when building static libgit2) but that commit included the rule too early, making it affect the search for iconv, meaning we did not find it when we were building a static libgit2. Move the rule to just before building clar, after we've included the rules for building the library itself. This lets us find and link to the dynamic libiconv.

70db57d4

2018-01-05T15:31:51

Merge pull request #4398 from pks-t/pks/generic-sha1 cmake: allow explicitly choosing SHA1 backend

f4f0e7eb

2018-01-04T08:24:43

switch back to braced array initializers

70aa6146

2017-12-05T08:48:31

cmake: allow explicitly choosing SHA1 backend Right now, if SHA1DC is disabled, the SHA1 backend is mostly chosen based on which system libgit2 is being compiled on and which libraries have been found. To give developers and distributions more choice, enable them to request specific backends by passing in a `-DSHA1_BACKEND=<BACKEND>` option instead. This completely replaces the previous auto-selection.

e7495ce6

2017-12-05T08:47:57

cmake: default to using SHA1DC Upstream git.git has changed their default SHA1 implementation to the collision-detection algorithm SHA1DC in commit e6b07da27 (Makefile: make DC_SHA1 the default, 2017-03-17). To match upstream, align ourselves and switch over to SHA1DC by default.

f315cd14

2018-01-03T18:44:12

make separators const a macro as well

fb29ba09

2018-01-03T18:32:09

remove empty lines between @-lines

1cda43ba

2018-01-03T18:30:04

make comment_line_char const a macro

6bc7301e

2018-01-03T16:16:22

Don't use newer C syntax for declaration in tests

eebc5e0d

2018-01-03T15:15:16

Merge pull request #4257 from pks-t/pks/stale-test Execute stale tests

a223bae5

2018-01-03T14:57:25

Merge pull request #4437 from pks-t/pks/openssl-hash-errors hash: openssl: check return values of SHA1_* functions

399c0b19

2018-01-03T14:55:06

Merge pull request #4462 from pks-t/pks/diff-generated-excessive-stats diff_generate: avoid excessive stats of .gitattribute files

d8896bda

2018-01-03T16:07:36

diff_generate: avoid excessive stats of .gitattribute files When generating a diff between two trees, for each file that is to be diffed we have to determine whether it shall be treated as text or as binary files. While git has heuristics to determine which kind of diff to generate, users can also that default behaviour by setting or unsetting the 'diff' attribute for specific files. Because of that, we have to query gitattributes in order to determine how to diff the current files. Instead of hitting the '.gitattributes' file every time we need to query an attribute, which can get expensive especially on networked file systems, we try to cache them instead. This works perfectly fine for every '.gitattributes' file that is found, but we hit cache invalidation problems when we determine that an attribuse file is _not_ existing. We do create an entry in the cache for missing '.gitattributes' files, but as soon as we hit that file again we invalidate it and stat it again to see if it has now appeared. In the case of diffing large trees with each other, this behaviour is very suboptimal. For each pair of files that is to be diffed, we will repeatedly query every directory component leading towards their respective location for an attributes file. This leads to thousands or even hundreds of thousands of wasted syscalls. The attributes cache already has a mechanism to help in that scenario in form of the `git_attr_session`. As long as the same attributes session is still active, we will not try to re-query the gitmodules files at all but simply retain our currently cached results. To fix our problem, we can create a session at the top-most level, which is the initialization of the `git_diff` structure, and use it in order to look up the correct diff driver. As the `git_diff` structure is used to generate patches for multiple files at once, this neatly solves our problem by retaining the session until patches for all files have been generated. The fix has been tested with linux.git by calling `git_diff_tree_to_tree` and `git_diff_to_buf` with v4.10^{tree} and v4.14^{tree}. | time | .gitattributes stats without fix | 33.201s | 844614 with fix | 30.327s | 4441 While execution only improved by roughly 10%, the stat(3) syscalls for .gitattributes files decreased by 99.5%. The benchmarks were quite simple with best-of-three timings on Linux ext4 systems. One can assume that for network based file systems the performance gain will be a lot larger due to a much higher latency.

30455a56

2018-01-03T13:09:21

Merge pull request #4439 from tiennou/fix/4352 cmake: create a dummy file for Xcode

ba56f781

2018-01-03T12:54:42

streams: openssl: fix thread-safety for OpenSSL error messages The function `ERR_error_string` can be invoked without providing a buffer, in which case OpenSSL will simply return a string printed into a static buffer. Obviously and as documented in ERR_error_string(3), this is not thread-safe at all. As libgit2 is a library, though, it is easily possible that other threads may be using OpenSSL at the same time, which might lead to clobbered error strings. Fix the issue by instead using a stack-allocated buffer. According to the documentation, the caller has to provide a buffer of at least 256 bytes of size. While we do so, make sure that the buffer will never get overflown by switching to `ERR_error_string_n` to specify the buffer's size.

75e1737a

2017-12-08T10:10:19

hash: openssl: check return values of SHA1_* functions The OpenSSL functions `SHA1_Init`, `SHA1_Update` and `SHA1_Final` all return 1 for success and 0 otherwise, but we never check their return values. Do so.

543ec149

2017-06-07T11:06:01

tests: perf: build but exclude performance tests by default Our performance tests (or to be more concrete, our single performance test) are not built by default, as they are always #ifdef'd out. While it is true that we don't want to run performance tests by default, not compiling them at all may cause code rot and is thus an unfavorable approach to handle this. We can easily improve this situation: this commit removes the #ifdef, causing the code to always be compiled. Furthermore, we add `-xperf` to the default command line parameters of `generate.py`, thus causing the tests to be excluded by default. Due to this approach, we are now able to execute the performance tests by passing `-sperf` to `libgit2_clar`. Unfortunately, we cannot execute the performance tests on Travis or AppVeyor as they rely on history being available for the libgit2 repository. As both do a shallow clone only, though, this is not given.

5874e151

2017-11-20T13:26:33

tests: create new test target for all SSH-based tests Some tests shall be run against our own SSH server we spin up in Travis. As those need to be run separate from our previous tests which run against git-daemon, we have to do this in a separate step. Instead of bundling all that knowledge in the CI script, move it into the test build instructions by creating a new test target.

54a1bf05

2017-06-07T13:06:53

tests: online::clone: inline creds-test with nonexistent URL Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.

fea60920

2017-06-07T12:48:48

tests: online::clone: construct credential-URL from environment We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.

b8c14499

2017-06-07T11:00:26

tests: iterator::workdir: fix reference count in stale test The test `iterator::workdir::filesystem_gunk` is usually not executed, as it is guarded by the environment variable "GITTEST_INVASIVE_SPEED" due to its effects on speed. As such, it has become stale and does not account for new references which have meanwhile been added to the testrepo, causing it to fail. Fix this by raising the number of expected references to 15.

9aba7636

2017-06-07T10:59:31

tests: iterator_helpers: assert number of iterator items When the function `expect_iterator_items` surpasses the number of expected items, we simply break the loop. This causes us to trigger an assert later on which has message attached, which is annoying when trying to locate the root error cause. Instead, directly assert that the current count is still smaller or equal to the expected count inside of the loop.

72c28ab0

2017-06-07T10:59:03

tests: status::worktree: indicate skipped tests on Win32 Some function bodies of tests which are not applicable to the Win32 platform are completely #ifdef'd out instead of calling `cl_skip()`. This leaves us with no indication that these tests are not being executed at all and may thus cause decreased scrutiny when investigating skipped tests. Improve the situation by calling `cl_skip()` instead of just doing nothing.

8999f6ac

2017-06-07T11:01:28

travis: build sources with tracing enabled Our tracing architecture is not built by default, causing the Travis CI to not execute some code and skip several tests. As AppVeyor has already enabled the tracing architecture when building the code, we should do the same for Travis CI to have this code being tested on macOS and Linux. Add "-DENABLE_TRACE=ON" to our release-build options of Travis.

4964aea0

2018-01-03T11:28:26

Merge pull request #4456 from libgit2/ethomson/treebuilder_docs docs: git_treebuilder_insert validates entries

98303ea3

2018-01-03T11:27:12

Merge pull request #4457 from libgit2/ethomson/tree_error_messages tree: standard error messages are lowercase

e8bc8558

2018-01-02T13:29:49

Merge remote-tracking branch 'origin/master' into charliesome/trailer-info

7610638e

2018-01-01T17:52:06

Merge pull request #4453 from libgit2/ethomson/spnego winhttp: properly support ntlm and negotiate

2c99011a

2017-12-31T09:33:19

tree: standard error messages are lowercase Our standard error messages begin with a lower case letter so that they can be prefixed or embedded nicely. These error messages were missed during the standardization pass since they use the `tree_error` helper function.

346c1b16

2017-12-31T09:25:42

docs: git_treebuilder_insert validates entries The documentation for `git_treebuilder_insert` erroneously states that we do not validate that the entry being inserted exists. We do, as of https://github.com/libgit2/libgit2/pull/3633. Update the documentation to reflect the new reality.

d6210245

2017-12-30T13:09:43

Merge pull request #4159 from richardipsum/notes-commit Support using notes via a commit rather than a ref

8cdf439b

2017-12-30T13:07:03

Merge pull request #4028 from chescock/improve-local-fetch Transfer fewer objects on push and local fetch

2b7a3393

2017-12-30T12:47:57

Merge pull request #4455 from libgit2/ethomson/branch_symlinks refs: traverse symlinked directories

e14bf97e

2017-12-30T08:09:22

Merge pull request #4443 from libgit2/ethomson/large_loose_blobs Inflate large loose blobs

7a830f28

2017-12-30T00:46:17

refs:iterator: add tests to recurse symlinks Ensure that we can recurse into directories via symbolic links.

9e94b6af

2017-12-30T00:12:46

iterator: cleanups with symlink dir handling Perform some error checking when examining symlink directories.

e9628e7b

2017-10-30T11:38:33

branches: Check symlinked subdirectories Native Git allows symlinked directories under .git/refs. This change allows libgit2 to also look for references that live under symlinked directories. Signed-off-by: Andy Doan <andy@opensourcefoundries.com>

526dea1c

2017-12-29T17:41:24

winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.

083b1a2e

2017-12-28T10:38:31

Merge pull request #4021 from carlosmn/cmn/refspecs-fetchhead FETCH_HEAD and multiple refspecs

c081f0d0

2017-12-26T17:50:59

fetch: go over FETCH_HEAD just once when counting the prefixes in test

1b4fbf2e

2017-11-19T09:47:07

remote: append to FETCH_HEAD rather than overwrite for each refspec We treat each refspec on its own, but the code currently overwrites the contents of FETCH_HEAD so we end up with the entries for the last refspec we processed. Instead, truncate it before performing the updates and append to it when updating the references.

3ccc1a4d

2017-11-19T09:46:02

futils: add a function to truncate a file We want to do this in order to get FETCH_HEAD to be empty when we start updating it due to fetching from the remote.

c0bfda87

2016-12-02T17:36:04

fetch: add a failing test for FETCH_HEAD with multiple fetch refspecs

4110fc84

2017-12-23T23:30:29

Merge pull request #4285 from pks-t/pks/patches-with-whitespace patch_parse: fix parsing unquoted filenames with spaces

d734466c

2017-12-23T16:38:20

Merge pull request #4045 from lhchavez/fix-unpack-double-free Fix unpack double free

c3514b0b

2017-12-23T14:59:07

Fix unpack double free If an element has been cached, but then the call to packfile_unpack_compressed() fails, the very next thing that happens is that its data is freed and then the element is not removed from the cache, which frees the data again. This change sets obj->data to NULL to avoid the double-free. It also stops trying to resolve deltas after two continuous failed rounds of resolution, and adds a test for this.

9f7ad3c5

2017-12-23T10:55:13

Merge pull request #4430 from tiennou/fix/openssl-x509-leak Free OpenSSL peer certificate

30d91760

2017-12-23T10:52:08

Merge pull request #4435 from lhchavez/ubsan-shift-overflow libFuzzer: Prevent a potential shift overflow

1ddc57b3

2017-12-23T10:09:12

Merge pull request #4402 from libgit2/ethomson/iconv cmake: let USE_ICONV be optional on macOS

06f3aa5f

2017-12-23T10:07:44

Merge pull request #4429 from novalis/delete-modify-submodule-merge Do not attempt to check out submodule as blob when merging a submodule modify/deltete conflict

456e5218

2017-12-20T16:13:31

tests: add GITTEST_SLOW env var check Writing very large files may be slow, particularly on inefficient filesystems and when running instrumented code to detect invalid memory accesses (eg within valgrind or similar tools). Introduce `GITTEST_SLOW` so that tests that are slow can be skipped by the CI system.

bdb54214

2017-12-11T16:46:05

hash: commoncrypto hash should support large files Teach the CommonCrypto hash mechanisms to support large files. The hash primitives take a `CC_LONG` (aka `uint32_t`) at a time. So loop to give the hash function at most an unsigned 32 bit's worth of bytes until we have hashed the entire file.

a89560d5

2017-12-10T17:26:43

hash: win32 hash mechanism should support large files Teach the win32 hash mechanisms to support large files. The hash primitives take at most `ULONG_MAX` bytes at a time. Loop, giving the hash function the maximum supported number of bytes, until we have hashed the entire file.

3e6533ba

2017-12-10T17:25:00

odb_loose: reject objects that cannot fit in memory Check the size of objects being read from the loose odb backend and reject those that would not fit in memory with an error message that reflects the actual problem, instead of error'ing later with an unintuitive error message regarding truncation or invalid hashes.

8642feba

2017-12-10T17:23:44

zstream: use UINT_MAX sized chunks Instead of paging to zlib in INT_MAX sized chunks, we can give it as many as UINT_MAX bytes at a time. zlib doesn't care how big a buffer we give it, this simply results in fewer calls into zlib.

ddefea75

2017-11-30T15:55:59

odb: support large loose objects zlib will only inflate/deflate an `int`s worth of data at a time. We need to loop through large files in order to ensure that we inflate the entire file, not just an `int`s worth of data. Thankfully, we already have this loop in our `git_zstream` layer. Handle large objects using the `git_zstream`.

d1e44655

2017-11-30T15:52:47

object: introduce git_object_stringn2type Introduce an internal API to get the object type based on a length-specified (not null terminated) string representation. This can be used to compare the (space terminated) object type name in a loose object. Reimplement `git_object_string2type` based on this API.

dacc3291

2017-11-30T15:49:05

odb: test loose reading/writing large objects Introduce a test for very large objects in the ODB. Write a large object (5 GB) and ensure that the write succeeds and provides us the expected object ID. Introduce a test that writes that file and ensures that we can subsequently read it.

86219f40

2017-11-30T15:40:13

util: introduce `git__prefixncmp` and consolidate implementations Introduce `git_prefixncmp` that will search up to the first `n` characters of a string to see if it is prefixed by another string. This is useful for examining if a non-null terminated character array is prefixed by a particular substring. Consolidate the various implementations of `git__prefixcmp` around a single core implementation and add some test cases to validate its behavior.

b7d36ef4

2017-12-12T12:24:11

zstream: treat `Z_BUF_ERROR` as non-fatal zlib will return `Z_BUF_ERROR` whenever there is more input to inflate or deflate than there is output to store the result. This is normal for us as we iterate through the input, particularly with very large input buffers.

72fbf05c

2017-12-20T15:24:30

trailer: use git__prefixcmp instead of starts_with

13722611

2017-12-20T15:24:23

trailer: remove inline specifier on is_blank_line

e24f3b59

2017-12-19T13:49:55

tests: add message trailer parsing test cases

1c43edca

2017-12-14T18:37:10

message: add routine for parsing trailers from messages This is implemented in trailer.c and borrows a large amount of logic from Git core to ensure compatibility.

a0867242

2017-12-19T00:02:52

Merge pull request #4449 from libgit2/charliesome/git-authors-jonathan-tan Add Jonathan Tan to git.git-authors

1ee0628d

2017-12-19T10:09:44

Add Jonathan Tan to git.git-authors Jonathan has consented via email to have his contributions to git reused in libgit2

fa8cf14f

2017-12-16T21:49:45

Merge pull request #4447 from pks-t/pks/diff-file-contents-refcount-blob diff_file: properly refcount blobs when initializing file contents

8be2a790

2017-12-05T23:21:05

openssl: free the peer certificate Per SSL_get_peer_certificate docs: ``` The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using X509_free(). ```

2518eb81

2017-11-24T14:04:10

openssl: merge all the exit paths of verify_server_cert This makes it easier to cleanup allocated resources on exit.

53f2c6b1

2017-12-15T15:01:50

Simplified overflow condition

2482559d

2017-12-15T05:52:02

Merge pull request #4432 from lhchavez/fix-missing-trailer libFuzzer: Fix missing trailer crash

2388a9e2

2017-12-15T10:47:01

diff_file: properly refcount blobs when initializing file contents When initializing a `git_diff_file_content` from a source whose data is derived from a blob, we simply assign the blob's pointer to the resulting struct without incrementing its refcount. Thus, the structure can only be used as long as the blob is kept alive by the caller. Fix the issue by using `git_blob_dup` instead of a direct assignment. This function will increment the refcount of the blob without allocating new memory, so it does exactly what we want. As `git_diff_file_content__unload` already frees the blob when `GIT_DIFF_FLAG__FREE_BLOB` is set, we don't need to add new code handling the free but only have to set that flag correctly.

c342c131

2017-12-15T04:01:13

Merge pull request #4444 from tiennou/fix/4440 stransport: provide error message on trust failures

4969a672

2017-12-10T02:19:34

cmake: create a dummy file for Xcode Otherwise Xcode will happily not-link our git2 target, resulting in a "missing file" error when building eg. examples

1b2e83a9

2017-12-13T00:19:41

stransport: provide error message on trust failures Fixes #4440

e7fac2af

2017-12-09T05:26:27

Using unsigned instead

c8aaba24

2017-12-06T03:03:18

libFuzzer: Fix missing trailer crash This change fixes an invalid memory access when the trailer is missing / corrupt. Found using libFuzzer.

1bf173c3

2017-12-08T03:02:32

Merge pull request #4431 from lhchavez/fix-stream-leak libFuzzer: Fix a git_packfile_stream leak

28662c13

2017-12-08T06:00:27

libFuzzer: Prevent a potential shift overflow The type of |base_offset| in get_delta_base() is `git_off_t`, which is a signed `long`. That means that we need to make sure that the 8 most significant bits are zero (instead of 7) to avoid an overflow when it is shifted by 7 bits. Found using libFuzzer.

400caed3

2017-12-06T03:22:58

libFuzzer: Fix a git_packfile_stream leak This change ensures that the git_packfile_stream object in git_indexer_append() does not leak when the stream has errors. Found using libFuzzer.

2a3e0635

2017-12-04T16:56:07

Do not attempt to check out submodule as blob when merging a submodule modify/deltete conflict

4623c25f

2017-09-23T17:19:58

notes: Add test that read of noteless commit fails

d788f42a

2017-04-09T14:06:23

notes: Rewrite funcs in terms of note_commit funcs

429bb357

2017-12-01T11:45:53

Merge pull request #4318 from Uncommon/amend_status Add git_status_file_at

344b4ead

2017-12-01T11:27:15

Merge pull request #4427 from pks-t/pks/openssl-threadid openssl: fix thread-safety on non-glibc POSIX systems

494a2f23

2017-11-30T21:45:27

Merge pull request #4426 from pks-t/pks/diff-flag-set-fix diff_generate: fix unsetting diff flags

6cf53e8f

2017-11-30T21:41:16

Merge pull request #4424 from tiennou/fix/incorrect-winhttp-cert-payload Use the same cert checking payload in WinHTTP

2d2e70f8

2017-11-30T18:10:28

openssl: fix thread-safety on non-glibc POSIX systems While the OpenSSL library provides all means to work safely in a multi-threaded application, we fail to do so correctly. Quoting from crypto_lock(3): OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set, locking_function and threadid_func. We do in fact provide the means to set up the locking function via `git_openssl_set_locking()`, where we initialize a set of locks by using the POSIX threads API and set the correct callback function to lock and unlock them. But what we do not do is setting the `threadid_func` callback. This function is being used to correctly locate thread-local data of the OpenSSL library and should thus return per-thread identifiers. Digging deeper into OpenSSL's documentation, the library does provide a fallback in case that locking function is not provided by the user. On Windows and BeOS we should be safe, as it simply "uses the system's default thread identifying API". On other platforms though OpenSSL will fall back to using the address of `errno`, assuming it is thread-local. While this assumption holds true for glibc-based systems, POSIX in fact does not specify whether it is thread-local or not. Quoting from errno(3p): It is unspecified whether errno is a macro or an identifier declared with external linkage. And in fact, with musl there is at least one libc implementation which simply declares `errno` as a simple `int` without being thread-local. On those systems, the fallback threadid function of OpenSSL will not be thread-safe. Fix this by setting up our own callback for this setting. As users of libgit2 may want to set it themselves, we obviously cannot always set that function on initialization. But as we already set up primitives for threading in `git_openssl_set_locking()`, this function becomes the obvious choice where to implement the additional setup.

thodg/libgit2

Log