kmx git

Commit	Date	Message
702b23d7	2016-03-11T11:27:58	checkout: provide internal func to compute target path Many code paths in checkout need the final, full on-disk path of the file they're writing. (No surprise). However, they all munge the `data->path` buffer themselves to get there. Provide a nice helper method for them. Plus, drop the use `git_iterator_current_workdir_path` which does the same thing but different. Checkout is the only caller of this silly function, which lets us remove it.
be30387e	2016-02-25T16:05:18	iterators: refactored tree iterator Refactored the tree iterator to never recurse; simply process the next entry in order in `advance`. Additionally, reduce the number of allocations and sorting as much as possible to provide a ~30% speedup on case-sensitive iteration. (The gains for case-insensitive iteration are less majestic.)
f0224772	2016-02-17T18:04:19	git_object_dup: introduce typesafe versions
684b35c4	2016-02-25T15:11:14	iterator: disambiguate reset and reset_range Disambiguate the reset and reset_range functions. Now reset_range with a NULL path will clear the start or end; reset will leave the existing start and end unchanged.
ac05086c	2016-02-25T14:51:23	iterator: drop unused/unimplemented `seek`
1a2d8bd3	2016-03-23T16:51:52	array: fix search for empty arrays When the array is empty `cmp` never gets set by the comparison function. Initialize it so we return ENOTFOUND in those cases.
661db4f4	2016-03-23T03:45:53	Merge pull request #3704 from ethomson/tree-reuse tree: drop the now-unnecessary entries vector
6669e3e8	2015-11-08T04:28:08	blob: remove _fromchunks() The callback mechanism makes it awkward to write data from an IO source; move to `_fromstream()` which lets the caller remain in control, in the same vein as we prefer iterators over foreach callbacks.
0a5c6028	2015-11-04T10:30:48	blob: introduce creating a blob by writing into a stream The pair of `git_blob_create_frombuffer()` and `git_blob_create_frombuffer_commit()` is meant to replace `git_blob_create_fromchunks()` by providing a way for a user to write a new blob when they want filtering or they do not know the size. This approach allows the caller to retain control over when to add data to this buffer and a more natural fit into higher-level language's own stream abstractions instead of having to handle IO wait in the callback. The in-memory buffer size of 2MB is chosen somewhat arbitrarily to be a round multiple of usual page sizes and a value where most blobs seem likely to be either going to be way below or way over that size. It's also a round number of pages. This implementation re-uses the helper we have from `_fromchunks()` so we end up writing everything to disk, but hopefully more efficiently than with a default filebuf. A later optimisation can be to avoid writing the in-memory contents to disk, with some extra complexity.
3fa764ed	2015-11-04T09:20:14	filebuf: allow using a custom buffer size Allow setting the buffer size on open in order to use this data structure more generally as a spill buffer, with larger buffer sizes for specific use-cases.
e2e4bae9	2016-03-22T00:18:44	tree: drop the now-unnecessary entries vector Remove the now-unnecessary entries vector. Add `git_array_search` to binary search through an array to accomplish this.
e50a49ee	2016-03-22T01:54:49	Merge pull request #3559 from yongthecoder/master Add a sanity check in git_indexer_commit to avoid subtraction overflow.
4ed9e939	2016-03-20T12:01:45	tree: store the entries in a growable array Take advantage of the constant size of tree-owned arrays and store them in an array instead of a pool. This still lets us free them all at once but lets the system allocator do the work of fitting them in.
60a194aa	2016-03-20T11:00:12	tree: re-use the id and filename in the odb object Instead of copying over the data into the individual entries, point to the originals, which are already in a format we can use.
a177756b	2016-03-18T13:00:27	win32: free thread-local data on thread exit
ec5a43b6	2016-03-18T06:37:41	Merge pull request #3699 from libgit2/cmn/win32-free-tls win32: free thread-local data on thread exit
6d8b2cdb	2016-02-28T09:34:11	merge driver: remove `check` callback Since the `apply` callback can defer, the `check` callback is not necessary. Removing the `check` callback further makes the `payload` unnecessary along with the `cleanup` callback.
967e073d	2016-02-27T16:42:02	merge driver: correct global initialization
d953c450	2016-02-28T21:30:00	merge drivers: handle configured but not found driver
7a3ab14f	2016-02-07T15:58:34	merge driver: get a pointer to favor
46625836	2016-02-07T15:19:43	merge driver: correct indentation
30a94ab7	2015-12-24T22:52:23	merge driver: allow custom default driver Allow merge users to configure a custom default merge driver via `git_merge_options`. Similarly, honor the `merge.default` configuration option.
3f04219f	2015-12-23T10:23:08	merge driver: introduce custom merge drivers Consumers can now register custom merged drivers with `git_merge_driver_register`. This allows consumers to support the merge drivers, as configured in `.gitattributes`. Consumers will be asked to perform the file-level merge when a custom driver is configured.
7a74590d	2015-12-03T09:57:56	Fix rebase bug and include test for merge=union
f8787098	2015-10-31T18:50:13	Support union merges via .gitattributes file
ba349322	2016-03-17T06:57:56	Merge pull request #3673 from libgit2/cmn/commit-with-signature commit: add function to attach a signature to a commit
bf804d40	2016-03-17T10:45:22	commit: fix extraction of single-line signatures The function to extract signatures suffers from a similar bug to the header field finding one by having an unecessary line feed check as a break condition of its loop. Fix that and add a test for this single-line signature situation.
87c18197	2016-03-16T19:05:11	Split the page size from the mmap alignment While often similar, these are not the same on Windows. We want to use the page size on Windows for the pools, but for mmap we need to use the allocation granularity as the alignment. On the other platforms these values remain the same.
02d61a3b	2016-03-10T10:53:20	commit: add function to attach a signature to a commit In combination with the function which creates a commit into a buffer, this allows us to more easily create signed commits.
77394a27	2016-03-14T19:15:20	Merge pull request #3677 from pks-t/pks/coverity-fixes-round7 Coverity fixes round 7
4848dd32	2016-03-14T17:45:15	Merge pull request #3647 from pks-t/pks/coverity-fixes-round6 Coverity fixes round 6
8f4cbc76	2016-03-14T12:41:12	Start error string with lower case character
fa72d6da	2016-03-14T12:02:00	Setup better defaults for OpenSSL ciphers This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682
13c371dc	2016-03-10T17:21:02	config_cache: check return value of `git_config__lookup_entry` Callers of `git_config__cvar` already handle the case where the function returns an error due to a failed configuration variable lookup, but we are actually swallowing errors when calling `git_config__lookup_entry` inside of the function. Fix this by returning early when `git_config__lookup_entry` returns an error. As we call `git_config__lookup_entry` with `no_errors == false` which leads us to call `get_entry` with `GET_NO_MISSING` we will not return early when the lookup fails due to a missing entry. Like this we are still able to set the default value of the cvar and exit successfully.
6ff8a7c4	2016-03-10T17:05:30	filebuf: handle write error in `lock_file` When writing to a file with locking not check if writing the locked file actually succeeds. Fix the issue by returning error code and message when writing fails.
836447e5	2016-03-10T16:52:09	config_file: handle error when trying to lock strmap Accessing the current values map is handled through the `refcounder_strmap_take` function, which first acquires a mutex before accessing its values. While this assures everybody is trying to access the values with the mutex only we do not check if the locking actually succeeds. Fix the issue by checking if acquiring the lock succeeds and returning `NULL` if we encounter an error. Adjust callers.
e850e98d	2016-03-10T16:42:55	blame: handle error when resoling HEAD in normalize_options When normalizing options we try to look up HEAD's OID. While this action may fail in malformed repositories we never check the return value of the function. Fix the issue by converting `normalize_options` to actually return an error and handle the error in `git_blame_file`.
8a4a343a	2016-03-10T16:33:49	blame_git: handle error returned by `git_commit_parent`
b27ccad2	2016-03-10T16:11:51	refdb_fs: fail if refcache returns NULL pointer We usually check entries returned by `git_sortedcache_entry` for NULL pointers. As we have a write lock in `packed_write`, though, it really should not happen that the function returns NULL. Assert that ref is not NULL to silence a Coverity warning.
1a8c11f4	2016-03-10T10:40:47	diff_tform: fix potential NULL pointer access When the user passes in a diff which has no repository associated we may call `git_config__get_int_force` with a NULL-pointer configuration. Even though `git_config__get_int_force` is designed to swallow errors, it is not intended to be called with a NULL pointer configuration. Fix the issue by only calling `git_config__get_int_force` only when configuration could be retrieved from the repository.
486302d6	2016-03-01T19:11:33	submodule: avoid passing NULL pointers to strncmp In C89 it is undefined behavior to pass `NULL` pointers to `strncmp` and later on in C99 it has been explicitly stated that functions with an argument declared as `size_t nmemb` specifying the array length shall always have valid parameters, no matter if `nmemb` is 0 or not (see ISO 9899 §7.21.1.2). The function `str_equal_no_trailing_slash` always passes its parameters to `strncmp` if their lengths match. This means if one parameter is `NULL` and the other one either `NULL` or a string with length 0 we will pass the pointers to `strncmp` and cause undefined behavior. Fix this by explicitly handling the case when both lengths are 0.
3fe5768b	2016-03-01T17:55:40	pack-objects: fix memory leak on overflow
80a834a5	2016-03-01T16:00:49	index: assert required OID are non-NULL
61d7328d	2016-03-01T15:35:45	object: avoid call of memset with ouf of bounds pointer When computing a short OID we do this by first copying the leading parts into the new OID structure and then setting the trailing part to zero. In the case of the desired length being `GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds pointer and a length of 0. While this seems to cause no problems for common platforms the C89 standard does not explicitly state that calling `memset` with an out of bounds pointer and length of 0 is valid. Fix the potential issue by using the newly introduced `git_oid__cpy_prefix` function.
e126bc95	2016-03-01T14:40:17	config_file: handle missing quotation marks in section header When parsing a section header we expect something along the format of '[section "subsection"]'. When a section is mal-formated and is entirely missing its quotation marks we catch this case by observing that `strchr(line, '"') - strrchr(line, '"') = NULL - NULL = 0` and error out. Unfortunately, the error message is misleading though, as we state that we are missing the closing quotation mark while we in fact miss both quotation marks. Improve the error message by explicitly checking if the first quotation mark could be found and, if not, stating that quotation marks are completely missing.
345758ad	2016-03-01T14:24:09	describe: handle error code returned by git_pqueue_insert
997c67da	2016-03-09T18:12:34	Merge pull request #3670 from libgit2/vmg/expand-fixes Fixes for `gid_odb_expand_ids`
1bbcb2b2	2016-03-09T17:47:53	odb: Try to lookup headers in all backends before passthrough
e78d2ac9	2016-03-09T16:41:08	odb: Refactor `git_odb_expand_ids`
4416aa77	2016-03-09T11:29:46	odb: Implement new helper to read types without refreshing
d50fd571	2016-03-09T11:16:16	mwindow: free unused windows if we fail to mmap The first time may be due to memory fragmentation or just bad luck on a 32-bit system. When we hit the mmap error for the first time, free up the unused windows and try again.
9a786650	2016-03-09T11:00:27	odb: Handle corner cases in `git_odb_expand_ids` The old implementation had two issues: 1. OIDs that were too short as to be ambiguous were not being handled properly. 2. If the last OID to expand in the array was missing from the ODB, we would leak a `GIT_ENOTFOUND` error code from the function.
c68044a8	2016-03-08T21:17:38	Merge pull request #3656 from ethomson/exists_prefixes Introduce `git_odb_expand_ids`
62484f52	2016-03-08T14:09:55	git_odb_expand_ids: accept git_odb_expand_id array Take (and write to) an array of a struct, `git_odb_expand_id`.
4b1f0f79	2016-03-08T11:44:21	git_odb_expand_ids: rename func, return the type
b7809b84	2016-03-08T13:38:55	Merge pull request #3555 from cbargren/ssh-git-protocols Support for ssh+git and git+ssh protocols
47cb42da	2016-03-03T22:56:02	commit: split creating the commit and writing it out Sometimes you want to create a commit but not write it out to the objectdb immediately. For these cases, provide a new function to retrieve the buffer instead of having to go through the db.
6c04269c	2016-03-04T00:50:35	git_odb_exists_many_prefixes: query odb for multiple short ids Query the object database for multiple objects at a time, given their object ID (which may be abbreviated) and optional type.
e10144ae	2016-03-04T01:18:30	odb: improved not found error messages When looking up an abbreviated oid, show the actual (abbreviated) oid the caller passed instead of a full (but ambiguously truncated) oid.
ea5bf6bb	2016-03-04T12:34:38	treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.
22f3d3aa	2016-03-03T22:26:31	ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.
66a530eb	2016-03-03T20:11:18	Merge pull request #3648 from libgit2/cmn/auth-retry test: make sure we retry the auth callback on all platforms
778fb695	2016-03-03T12:14:02	Merge pull request #3646 from pks-t/pks/xdiff-fix-from-upstream xdiff: fix memleak on error case
a4cba9d4	2016-03-03T10:48:24	winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
edaffe22	2016-03-01T17:16:27	Merge pull request #3633 from ethomson/safe_creation Stricter object dependency checking during creation
a4ea7faa	2016-03-01T08:54:00	xdiff: fix memleak on error case Commit 3d1abc5afce fixes a memory leak in the xdiff code. In the process of upstreaming the fix it was pointed out by Johannes Schindelin that there is another memory leak present (see [1]). Fix the second memory leak by applying the upstream fix to our code base. [1]: http://thread.gmane.org/gmane.comp.version-control.git/287034
dbee6835	2016-02-28T20:13:24	Merge pull request #3567 from sba1/few-p_getaddrinfo-fixes Few p_getaddrinfo fixes
f2dddf52	2016-02-28T15:51:38	turn on strict object validation by default
3ef01e77	2016-02-28T14:37:37	git_object__is_valid: use `odb_read_header` This allows lighter weight validation in `git_object__is_valid` that does not require reading the entire object.
6ddf533a	2016-02-23T18:29:16	git_index_add: validate objects in index entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the index entries given to `git_index_add`.
98c34149	2016-02-28T15:11:15	refs: honor strict object creation
2bbc7d3e	2016-02-23T15:00:27	treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.
ef63bab3	2016-02-23T13:34:35	git_commit: validate tree and parent ids When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to commit creation functions.
7565dc65	2016-02-23T13:33:10	git_object__is_valid: simple object validity test
22a19f5b	2016-02-22T23:46:50	git_libgit2_opts: introduce `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION`
6cc4bac8	2016-02-28T11:31:10	Merge pull request #3577 from rossdylan/rossdylan/pooldebug Add a new build flag to disable the pool allocator
93e16642	2016-02-26T12:51:13	Fixed typo in one of the ifndef's in pool.h used to enable/disable debug mode
9f4e7c84	2016-02-25T18:42:09	Merge pull request #3638 from ethomson/nsec USE_NSECS fixes
0d9a7498	2016-02-25T12:09:49	Merge pull request #3628 from pks-t/pks/coverity-fixes Coverity fixes
fd129f28	2016-02-25T11:59:00	Merge pull request #3630 from libgit2/cmn/idx-extra-check Extra checks for packfile indices
3d6a42d1	2016-02-25T11:23:19	nsec: support NDK's crazy nanoseconds Android NDK does not have a `struct timespec` in its `struct stat` for nanosecond support, instead it has a single nanosecond member inside the struct stat itself. We will use that and use a macro to expand to the `st_mtim` / `st_mtimespec` definition on other systems (much like the existing `st_mtime` backcompat definition).
6d97beb9	2016-02-25T15:46:59	pack: don't allow a negative offset
ea9e00cb	2016-02-23T18:15:43	pack: make sure we don't go out of bounds for extended entries A corrupt index might have data that tells us to go look past the end of the file for data. Catch these cases and return an appropriate error message.
68ad3156	2016-02-24T17:17:57	openssl: we already had the function, just needed the header
f3d1be7d	2016-02-24T16:38:22	openssl: export the locking function when building without OpenSSL This got lost duing the move and it lets the users call this function just in case.
04c3b35f	2016-02-23T13:02:07	map: use `giterr_set` internally Use the `giterr_set` function, which actually supports `GITERR_OS`. The `giterr_set_str` function is exposed for external users and will not append the operating system's error message.
32f07984	2016-02-23T11:07:03	diff_tform: fix potential NULL pointer access The `normalize_find_opts` function in theory allows for the incoming diff to have no repository. When the caller does not pass in diff find options or if the GIT_DIFF_FIND_BY_CONFIG value is set, though, we try to derive the configuration from the diff's repository configuration without first verifying that the repository is actually set to a non-NULL value. Fix this issue by explicitly checking if the repository is set and if it is not, fall back to a default value of GIT_DIFF_FIND_RENAMES.
3d1abc5a	2016-02-22T17:13:23	xmerge: fix memory leak on error path
05bf67b9	2016-02-23T11:16:36	openssl_stream: fix NULL pointer dereference
2baf854e	2016-02-22T16:08:56	openssl_stream: fix memory leak when creating new stream
2afb6fa4	2016-02-22T16:05:13	rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.
d0cb11e7	2016-02-22T16:01:03	remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.
0f1e2d20	2016-02-23T11:23:26	index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.
7808c937	2016-02-22T15:59:15	index: plug memory leak in `read_conflict_names`
003c5e46	2016-02-22T15:52:49	transports: smart_pkt: fix memory leaks on error paths
793e0855	2016-02-22T14:06:48	refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.
be8479c9	2016-02-22T14:01:50	diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.
bac52ab0	2016-02-22T13:48:45	pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.
d1c9a48d	2016-02-23T10:45:09	pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC
2129d6df	2016-02-22T13:33:48	crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.

702b23d7

2016-03-11T11:27:58

checkout: provide internal func to compute target path Many code paths in checkout need the final, full on-disk path of the file they're writing. (No surprise). However, they all munge the `data->path` buffer themselves to get there. Provide a nice helper method for them. Plus, drop the use `git_iterator_current_workdir_path` which does the same thing but different. Checkout is the only caller of this silly function, which lets us remove it.

be30387e

2016-02-25T16:05:18

iterators: refactored tree iterator Refactored the tree iterator to never recurse; simply process the next entry in order in `advance`. Additionally, reduce the number of allocations and sorting as much as possible to provide a ~30% speedup on case-sensitive iteration. (The gains for case-insensitive iteration are less majestic.)

f0224772

2016-02-17T18:04:19

git_object_dup: introduce typesafe versions

684b35c4

2016-02-25T15:11:14

iterator: disambiguate reset and reset_range Disambiguate the reset and reset_range functions. Now reset_range with a NULL path will clear the start or end; reset will leave the existing start and end unchanged.

ac05086c

2016-02-25T14:51:23

iterator: drop unused/unimplemented `seek`

1a2d8bd3

2016-03-23T16:51:52

array: fix search for empty arrays When the array is empty `cmp` never gets set by the comparison function. Initialize it so we return ENOTFOUND in those cases.

661db4f4

2016-03-23T03:45:53

Merge pull request #3704 from ethomson/tree-reuse tree: drop the now-unnecessary entries vector

6669e3e8

2015-11-08T04:28:08

blob: remove _fromchunks() The callback mechanism makes it awkward to write data from an IO source; move to `_fromstream()` which lets the caller remain in control, in the same vein as we prefer iterators over foreach callbacks.

0a5c6028

2015-11-04T10:30:48

blob: introduce creating a blob by writing into a stream The pair of `git_blob_create_frombuffer()` and `git_blob_create_frombuffer_commit()` is meant to replace `git_blob_create_fromchunks()` by providing a way for a user to write a new blob when they want filtering or they do not know the size. This approach allows the caller to retain control over when to add data to this buffer and a more natural fit into higher-level language's own stream abstractions instead of having to handle IO wait in the callback. The in-memory buffer size of 2MB is chosen somewhat arbitrarily to be a round multiple of usual page sizes and a value where most blobs seem likely to be either going to be way below or way over that size. It's also a round number of pages. This implementation re-uses the helper we have from `_fromchunks()` so we end up writing everything to disk, but hopefully more efficiently than with a default filebuf. A later optimisation can be to avoid writing the in-memory contents to disk, with some extra complexity.

3fa764ed

2015-11-04T09:20:14

filebuf: allow using a custom buffer size Allow setting the buffer size on open in order to use this data structure more generally as a spill buffer, with larger buffer sizes for specific use-cases.

e2e4bae9

2016-03-22T00:18:44

tree: drop the now-unnecessary entries vector Remove the now-unnecessary entries vector. Add `git_array_search` to binary search through an array to accomplish this.

e50a49ee

2016-03-22T01:54:49

Merge pull request #3559 from yongthecoder/master Add a sanity check in git_indexer_commit to avoid subtraction overflow.

4ed9e939

2016-03-20T12:01:45

tree: store the entries in a growable array Take advantage of the constant size of tree-owned arrays and store them in an array instead of a pool. This still lets us free them all at once but lets the system allocator do the work of fitting them in.

60a194aa

2016-03-20T11:00:12

tree: re-use the id and filename in the odb object Instead of copying over the data into the individual entries, point to the originals, which are already in a format we can use.

a177756b

2016-03-18T13:00:27

win32: free thread-local data on thread exit

ec5a43b6

2016-03-18T06:37:41

Merge pull request #3699 from libgit2/cmn/win32-free-tls win32: free thread-local data on thread exit

6d8b2cdb

2016-02-28T09:34:11

merge driver: remove `check` callback Since the `apply` callback can defer, the `check` callback is not necessary. Removing the `check` callback further makes the `payload` unnecessary along with the `cleanup` callback.

967e073d

2016-02-27T16:42:02

merge driver: correct global initialization

d953c450

2016-02-28T21:30:00

merge drivers: handle configured but not found driver

7a3ab14f

2016-02-07T15:58:34

merge driver: get a pointer to favor

46625836

2016-02-07T15:19:43

merge driver: correct indentation

30a94ab7

2015-12-24T22:52:23

merge driver: allow custom default driver Allow merge users to configure a custom default merge driver via `git_merge_options`. Similarly, honor the `merge.default` configuration option.

3f04219f

2015-12-23T10:23:08

merge driver: introduce custom merge drivers Consumers can now register custom merged drivers with `git_merge_driver_register`. This allows consumers to support the merge drivers, as configured in `.gitattributes`. Consumers will be asked to perform the file-level merge when a custom driver is configured.

7a74590d

2015-12-03T09:57:56

Fix rebase bug and include test for merge=union

f8787098

2015-10-31T18:50:13

Support union merges via .gitattributes file

ba349322

2016-03-17T06:57:56

Merge pull request #3673 from libgit2/cmn/commit-with-signature commit: add function to attach a signature to a commit

bf804d40

2016-03-17T10:45:22

commit: fix extraction of single-line signatures The function to extract signatures suffers from a similar bug to the header field finding one by having an unecessary line feed check as a break condition of its loop. Fix that and add a test for this single-line signature situation.

87c18197

2016-03-16T19:05:11

Split the page size from the mmap alignment While often similar, these are not the same on Windows. We want to use the page size on Windows for the pools, but for mmap we need to use the allocation granularity as the alignment. On the other platforms these values remain the same.

02d61a3b

2016-03-10T10:53:20

commit: add function to attach a signature to a commit In combination with the function which creates a commit into a buffer, this allows us to more easily create signed commits.

77394a27

2016-03-14T19:15:20

Merge pull request #3677 from pks-t/pks/coverity-fixes-round7 Coverity fixes round 7

4848dd32

2016-03-14T17:45:15

Merge pull request #3647 from pks-t/pks/coverity-fixes-round6 Coverity fixes round 6

8f4cbc76

2016-03-14T12:41:12

Start error string with lower case character

fa72d6da

2016-03-14T12:02:00

Setup better defaults for OpenSSL ciphers This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682

13c371dc

2016-03-10T17:21:02

config_cache: check return value of `git_config__lookup_entry` Callers of `git_config__cvar` already handle the case where the function returns an error due to a failed configuration variable lookup, but we are actually swallowing errors when calling `git_config__lookup_entry` inside of the function. Fix this by returning early when `git_config__lookup_entry` returns an error. As we call `git_config__lookup_entry` with `no_errors == false` which leads us to call `get_entry` with `GET_NO_MISSING` we will not return early when the lookup fails due to a missing entry. Like this we are still able to set the default value of the cvar and exit successfully.

6ff8a7c4

2016-03-10T17:05:30

filebuf: handle write error in `lock_file` When writing to a file with locking not check if writing the locked file actually succeeds. Fix the issue by returning error code and message when writing fails.

836447e5

2016-03-10T16:52:09

config_file: handle error when trying to lock strmap Accessing the current values map is handled through the `refcounder_strmap_take` function, which first acquires a mutex before accessing its values. While this assures everybody is trying to access the values with the mutex only we do not check if the locking actually succeeds. Fix the issue by checking if acquiring the lock succeeds and returning `NULL` if we encounter an error. Adjust callers.

e850e98d

2016-03-10T16:42:55

blame: handle error when resoling HEAD in normalize_options When normalizing options we try to look up HEAD's OID. While this action may fail in malformed repositories we never check the return value of the function. Fix the issue by converting `normalize_options` to actually return an error and handle the error in `git_blame_file`.

8a4a343a

2016-03-10T16:33:49

blame_git: handle error returned by `git_commit_parent`

b27ccad2

2016-03-10T16:11:51

refdb_fs: fail if refcache returns NULL pointer We usually check entries returned by `git_sortedcache_entry` for NULL pointers. As we have a write lock in `packed_write`, though, it really should not happen that the function returns NULL. Assert that ref is not NULL to silence a Coverity warning.

1a8c11f4

2016-03-10T10:40:47

diff_tform: fix potential NULL pointer access When the user passes in a diff which has no repository associated we may call `git_config__get_int_force` with a NULL-pointer configuration. Even though `git_config__get_int_force` is designed to swallow errors, it is not intended to be called with a NULL pointer configuration. Fix the issue by only calling `git_config__get_int_force` only when configuration could be retrieved from the repository.

486302d6

2016-03-01T19:11:33

submodule: avoid passing NULL pointers to strncmp In C89 it is undefined behavior to pass `NULL` pointers to `strncmp` and later on in C99 it has been explicitly stated that functions with an argument declared as `size_t nmemb` specifying the array length shall always have valid parameters, no matter if `nmemb` is 0 or not (see ISO 9899 §7.21.1.2). The function `str_equal_no_trailing_slash` always passes its parameters to `strncmp` if their lengths match. This means if one parameter is `NULL` and the other one either `NULL` or a string with length 0 we will pass the pointers to `strncmp` and cause undefined behavior. Fix this by explicitly handling the case when both lengths are 0.

3fe5768b

2016-03-01T17:55:40

pack-objects: fix memory leak on overflow

80a834a5

2016-03-01T16:00:49

index: assert required OID are non-NULL

61d7328d

2016-03-01T15:35:45

object: avoid call of memset with ouf of bounds pointer When computing a short OID we do this by first copying the leading parts into the new OID structure and then setting the trailing part to zero. In the case of the desired length being `GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds pointer and a length of 0. While this seems to cause no problems for common platforms the C89 standard does not explicitly state that calling `memset` with an out of bounds pointer and length of 0 is valid. Fix the potential issue by using the newly introduced `git_oid__cpy_prefix` function.

e126bc95

2016-03-01T14:40:17

config_file: handle missing quotation marks in section header When parsing a section header we expect something along the format of '[section "subsection"]'. When a section is mal-formated and is entirely missing its quotation marks we catch this case by observing that `strchr(line, '"') - strrchr(line, '"') = NULL - NULL = 0` and error out. Unfortunately, the error message is misleading though, as we state that we are missing the closing quotation mark while we in fact miss both quotation marks. Improve the error message by explicitly checking if the first quotation mark could be found and, if not, stating that quotation marks are completely missing.

345758ad

2016-03-01T14:24:09

describe: handle error code returned by git_pqueue_insert

997c67da

2016-03-09T18:12:34

Merge pull request #3670 from libgit2/vmg/expand-fixes Fixes for `gid_odb_expand_ids`

1bbcb2b2

2016-03-09T17:47:53

odb: Try to lookup headers in all backends before passthrough

e78d2ac9

2016-03-09T16:41:08

odb: Refactor `git_odb_expand_ids`

4416aa77

2016-03-09T11:29:46

odb: Implement new helper to read types without refreshing

d50fd571

2016-03-09T11:16:16

mwindow: free unused windows if we fail to mmap The first time may be due to memory fragmentation or just bad luck on a 32-bit system. When we hit the mmap error for the first time, free up the unused windows and try again.

9a786650

2016-03-09T11:00:27

odb: Handle corner cases in `git_odb_expand_ids` The old implementation had two issues: 1. OIDs that were too short as to be ambiguous were not being handled properly. 2. If the last OID to expand in the array was missing from the ODB, we would leak a `GIT_ENOTFOUND` error code from the function.

c68044a8

2016-03-08T21:17:38

Merge pull request #3656 from ethomson/exists_prefixes Introduce `git_odb_expand_ids`

62484f52

2016-03-08T14:09:55

git_odb_expand_ids: accept git_odb_expand_id array Take (and write to) an array of a struct, `git_odb_expand_id`.

4b1f0f79

2016-03-08T11:44:21

git_odb_expand_ids: rename func, return the type

b7809b84

2016-03-08T13:38:55

Merge pull request #3555 from cbargren/ssh-git-protocols Support for ssh+git and git+ssh protocols

47cb42da

2016-03-03T22:56:02

commit: split creating the commit and writing it out Sometimes you want to create a commit but not write it out to the objectdb immediately. For these cases, provide a new function to retrieve the buffer instead of having to go through the db.

6c04269c

2016-03-04T00:50:35

git_odb_exists_many_prefixes: query odb for multiple short ids Query the object database for multiple objects at a time, given their object ID (which may be abbreviated) and optional type.

e10144ae

2016-03-04T01:18:30

odb: improved not found error messages When looking up an abbreviated oid, show the actual (abbreviated) oid the caller passed instead of a full (but ambiguously truncated) oid.

ea5bf6bb

2016-03-04T12:34:38

treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.

22f3d3aa

2016-03-03T22:26:31

ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.

66a530eb

2016-03-03T20:11:18

Merge pull request #3648 from libgit2/cmn/auth-retry test: make sure we retry the auth callback on all platforms

778fb695

2016-03-03T12:14:02

Merge pull request #3646 from pks-t/pks/xdiff-fix-from-upstream xdiff: fix memleak on error case

a4cba9d4

2016-03-03T10:48:24

winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.

edaffe22

2016-03-01T17:16:27

Merge pull request #3633 from ethomson/safe_creation Stricter object dependency checking during creation

a4ea7faa

2016-03-01T08:54:00

xdiff: fix memleak on error case Commit 3d1abc5afce fixes a memory leak in the xdiff code. In the process of upstreaming the fix it was pointed out by Johannes Schindelin that there is another memory leak present (see [1]). Fix the second memory leak by applying the upstream fix to our code base. [1]: http://thread.gmane.org/gmane.comp.version-control.git/287034

dbee6835

2016-02-28T20:13:24

Merge pull request #3567 from sba1/few-p_getaddrinfo-fixes Few p_getaddrinfo fixes

f2dddf52

2016-02-28T15:51:38

turn on strict object validation by default

3ef01e77

2016-02-28T14:37:37

git_object__is_valid: use `odb_read_header` This allows lighter weight validation in `git_object__is_valid` that does not require reading the entire object.

6ddf533a

2016-02-23T18:29:16

git_index_add: validate objects in index entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the index entries given to `git_index_add`.

98c34149

2016-02-28T15:11:15

refs: honor strict object creation

2bbc7d3e

2016-02-23T15:00:27

treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.

ef63bab3

2016-02-23T13:34:35

git_commit: validate tree and parent ids When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to commit creation functions.

7565dc65

2016-02-23T13:33:10

git_object__is_valid: simple object validity test

22a19f5b

2016-02-22T23:46:50

git_libgit2_opts: introduce `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION`

6cc4bac8

2016-02-28T11:31:10

Merge pull request #3577 from rossdylan/rossdylan/pooldebug Add a new build flag to disable the pool allocator

93e16642

2016-02-26T12:51:13

Fixed typo in one of the ifndef's in pool.h used to enable/disable debug mode

9f4e7c84

2016-02-25T18:42:09

Merge pull request #3638 from ethomson/nsec USE_NSECS fixes

0d9a7498

2016-02-25T12:09:49

Merge pull request #3628 from pks-t/pks/coverity-fixes Coverity fixes

fd129f28

2016-02-25T11:59:00

Merge pull request #3630 from libgit2/cmn/idx-extra-check Extra checks for packfile indices

3d6a42d1

2016-02-25T11:23:19

nsec: support NDK's crazy nanoseconds Android NDK does not have a `struct timespec` in its `struct stat` for nanosecond support, instead it has a single nanosecond member inside the struct stat itself. We will use that and use a macro to expand to the `st_mtim` / `st_mtimespec` definition on other systems (much like the existing `st_mtime` backcompat definition).

6d97beb9

2016-02-25T15:46:59

pack: don't allow a negative offset

ea9e00cb

2016-02-23T18:15:43

pack: make sure we don't go out of bounds for extended entries A corrupt index might have data that tells us to go look past the end of the file for data. Catch these cases and return an appropriate error message.

68ad3156

2016-02-24T17:17:57

openssl: we already had the function, just needed the header

f3d1be7d

2016-02-24T16:38:22

openssl: export the locking function when building without OpenSSL This got lost duing the move and it lets the users call this function just in case.

04c3b35f

2016-02-23T13:02:07

map: use `giterr_set` internally Use the `giterr_set` function, which actually supports `GITERR_OS`. The `giterr_set_str` function is exposed for external users and will not append the operating system's error message.

32f07984

2016-02-23T11:07:03

diff_tform: fix potential NULL pointer access The `normalize_find_opts` function in theory allows for the incoming diff to have no repository. When the caller does not pass in diff find options or if the GIT_DIFF_FIND_BY_CONFIG value is set, though, we try to derive the configuration from the diff's repository configuration without first verifying that the repository is actually set to a non-NULL value. Fix this issue by explicitly checking if the repository is set and if it is not, fall back to a default value of GIT_DIFF_FIND_RENAMES.

3d1abc5a

2016-02-22T17:13:23

xmerge: fix memory leak on error path

05bf67b9

2016-02-23T11:16:36

openssl_stream: fix NULL pointer dereference

2baf854e

2016-02-22T16:08:56

openssl_stream: fix memory leak when creating new stream

2afb6fa4

2016-02-22T16:05:13

rebase: plug memory leak in `rebase_alloc` Convert `rebase_alloc` to use our usual error propagation patterns, that is accept an out-parameter and return an error code that is to be checked by the caller. This allows us to use the GITERR_CHECK_ALLOC macro, which helps static analysis.

d0cb11e7

2016-02-22T16:01:03

remote: set error code in `create_internal` Set the error code when an error occurs in any of the called functions. This ensures we pass the error up to callers and actually free the remote when an error occurs.

0f1e2d20

2016-02-23T11:23:26

index: fix contradicting comparison The overflow check in `read_reuc` tries to verify if the `git__strtol32` parses an integer bigger than UINT_MAX. The `tmp` variable is casted to an unsigned int for this and then checked for being greater than UINT_MAX, which obviously can never be true. Fix this by instead fixing the `mode` field's size in `struct git_index_reuc_entry` to `uint32_t`. We can now parse the int with `git__strtol64`, which can never return a value bigger than `UINT32_MAX`, and additionally checking if the returned value is smaller than zero. We do not need to handle overflows explicitly here, as `git__strtol64` returns an error when the returned value would overflow.

7808c937

2016-02-22T15:59:15

index: plug memory leak in `read_conflict_names`

003c5e46

2016-02-22T15:52:49

transports: smart_pkt: fix memory leaks on error paths

793e0855

2016-02-22T14:06:48

refdb_fs: remove unnecessary check for NULL The fail-label of `reflog_parse` explicitly checks the entry poitner for NULL before freeing it. When we jump to the label the variable has to be set to a non-NULL and valid pointer though: if the allocation fails we immediately return with an error code and if the loop was not entered we return with a success code, withouth executing the label's code. Remove the useless NULL-check to silence Coverity.

be8479c9

2016-02-22T14:01:50

diff_print: assert patch is non-NULL When invoking `diff_print_info_init_frompatch` it is obvious that the patch should be non-NULL. We explicitly check if the variable is set and continue afterwards, happily dereferencing the potential NULL-pointer. Fix this by instead asserting that patch is set. This also silences Coverity.

bac52ab0

2016-02-22T13:48:45

pack-objects: return early when computing write order fails The function `compute_write_order` may return a `NULL`-pointer when an error occurs. In such cases we jump to the `done`-label where we try to clean up allocated memory. Unfortunately we try to deallocate the `write_order` array, though, which may be NULL here. Fix this error by returning early instead of jumping to the `done` label. There is no data to be cleaned up anyway.

d1c9a48d

2016-02-23T10:45:09

pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC

2129d6df

2016-02-22T13:33:48

crlf: do not ignore GIT_PASSTHROUGH error When no payload is set for `crlf_apply` we try to compute the crlf attributes ourselves with `crlf_check`. When the function determines that the current file does not require any treatment we return the GIT_PASSTHROUGH error code without actually allocating the out-pointer, which indicates the file should not be passed through the filter. The `crlf_apply` function explicitly checks for the GIT_PASSTHROUGH return code and ignores it. This means we will try to apply the crlf-filter to the current file, leading us to dereference the unallocated payload-pointer. Fix this obviously incorrect behavior by not treating GIT_PASSTHROUGH in any special way. This is the correct thing to do anyway, as the code indicates that the file should not be passed through the filter.

thodg/libgit2/src

src

Log