kmx git

Commit	Date	Message
94fc83b6	2019-06-13T16:48:35	cmake: Modulize our TLS & hash detection The interactions between `USE_HTTPS` and `SHA1_BACKEND` have been streamlined. Previously we would have accepted not quite working configurations (like, `-DUSE_HTTPS=OFF -DSHA1_BACKEND=OpenSSL`) and, as the OpenSSL detection only ran with `USE_HTTPS`, the link would fail. The detection was moved to a new `USE_SHA1`, modeled after `USE_HTTPS`, which takes the values "CollisionDetection/Backend/Generic", to better match how the "hashing backend" is selected, the default (ON) being "CollisionDetection". Note that, as `SHA1_BACKEND` is still used internally, you might need to check what customization you're using it for.
c0dd7122	2019-06-06T16:48:04	apply: add an options struct initializer
0b5ba0d7	2019-06-06T16:36:23	Rename opt init functions to `options_init` In libgit2 nomenclature, when we need to verb a direct object, we name a function `git_directobject_verb`. Thus, if we need to init an options structure named `git_foo_options`, then the name of the function that does that should be `git_foo_options_init`. The previous names of `git_foo_init_options` is close - it _sounds_ as if it's initializing the options of a `foo`, but in fact `git_foo_options` is its own noun that should be respected. Deprecate the old names; they'll now call directly to the new ones.
a5ddae68	2019-06-13T22:00:48	Merge pull request #5097 from pks-t/pks/ignore-escapes gitignore with escapes
e277ff4d	2019-06-13T21:41:55	Merge pull request #5108 from libgit2/ethomson/urlparse_empty_port Handle URLs with a colon after host but no port
fb529a01	2019-06-11T22:03:29	http-parser: use our bundled http-parser by default Our bundled http-parser includes bugfixes, therefore we should prefer our http-parser until such time as we can identify that the system http-parser has these bugfixes (using a version check). Since these bugs are - at present - minor, retain the ability for users to force that they want to use the system http-parser anyway. This does change the cmake specification so that people _must_ opt-in to the new behavior knowingly.
0c1029be	2019-06-13T11:41:39	Merge pull request #5022 from rcoup/merge-analysis-bare-repo-5017 Merge analysis support for bare repos
3b517351	2019-06-07T10:13:34	attr_file: remove invalid TODO comment In our attributes pattern parsing code, we have a comment that states we might have to convert '\' characters to '/' to have proper POSIX paths. But in fact, '\' characters are valid inside the string and act as escape mechanism for various characters, which is why we never want to convert those to POSIX directory separators. Furthermore, gitignore patterns are specified to only treat '/' as directory separators. Remove the comment to avoid future confusion.
b3b6a39d	2019-06-07T11:12:54	attr_file: account for escaped escapes when searching trailing space When determining the trailing space length, we need to honor whether spaces are escaped or not. Currently, we do not check whether the escape itself is escaped, though, which might generate an off-by-one in that case as we will simply treat the space as escaped. Fix this by checking whether the backslashes preceding the space are themselves escaped.
10ac298c	2019-06-07T11:12:42	attr_file: fix unescaping of escapes required for fnmatch When parsing attribute patterns, we will eventually unescape the parsed pattern. This is required because we require custom escapes for whitespace characters, as normally they are used to terminate the current pattern. Thing is, we don't only unescape those whitespace characters, but in fact all escaped sequences. So for example if the pattern was "\", we unescape that to "". As this is directly passed to fnmatch(3) later, fnmatch would treat it as a simple glob matching all files where it should instead only match a file with name "*". Fix the issue by unescaping spaces, only. Add a bunch of tests to exercise escape parsing.
eb146e58	2019-06-07T09:17:23	attr_file: properly handle escaped '\' when searching non-escaped spaces When parsing attributes, we need to search for the first unescaped whitespace character to determine where the pattern is to be cut off. The scan fails to account for the case where the escaping '\' character is itself escaped, though, and thus we would not recognize the cut-off point in patterns like "\\ ". Refactor the scanning loop to remember whether the last character was an escape character. If it was and the next character is a '\', too, then we will reset to non-escaped mode again. Thus, we now handle escaped whitespaces as well as escaped wildcards correctly.
f7c6795f	2019-06-07T10:20:35	path: only treat paths starting with '\' as absolute on Win32 Windows-based systems treat paths starting with '\' as absolute, either referring to the current drive's root (e.g. "\foo" might refer to "C:\foo") or to a network path (e.g. "\\host\foo"). On the other hand, (most?) systems that are not based on Win32 accept backslashes as valid characters that may be part of the filename, and thus we cannot treat them to identify absolute paths. Change the logic to only paths starting with '\' as absolute on the Win32 platform. Add tests to avoid regressions and document behaviour.
fd734f7d	2019-06-11T12:45:27	Merge pull request #5107 from pks-t/pks/sha1dc-update sha1dc: update to fix endianess issues on AIX/HP-UX
230a451e	2019-06-10T13:54:11	sha1dc: update to fix endianess issues on AIX/HP-UX Update our copy of sha1dc to the upstream commit 855827c (Detect endianess on HP-UX, 2019-05-09). Changes include fixes to endian detection on AIX and HP-UX systems as well as a define that allows us to force aligned access, which we're not using yet.
9af1de5b	2019-03-24T20:49:57	http: stop on server EOF We stop the read loop when we have read all the data. We should also consider the server's feelings. If the server hangs up on us, we need to stop our read loop. Otherwise, we'll try to read from the server - and fail - ad infinitum.
539e6293	2019-03-22T19:06:46	http: teach auth mechanisms about connection affinity Instead of using `is_complete` to decide whether we have connection or request affinity for authentication mechanisms, set a boolean on the mechanism definition itself.
3e0b4b43	2019-03-22T18:52:03	http: maintain authentication across connections For request-based authentication mechanisms (Basic, Digest) we should keep the authentication context alive across socket connections, since the authentication headers must be transmitted with every request. However, we should continue to remove authentication contexts for mechanisms with connection affinity (NTLM, Negotiate) since we need to reauthenticate for every socket connection.
ce72ae95	2019-03-22T10:53:30	http: simplify authentication mechanisms Hold an individual authentication context instead of trying to maintain all the contexts; we can select the preferred context during the initial negotiation. Subsequent authentication steps will re-use the chosen authentication (until such time as it's rejected) instead of trying to manage multiple contexts when all but one will never be used (since we can only authenticate with a single mechanism at a time.) Also, when we're given a 401 or 407 in the middle of challenge/response handling, short-circuit immediately without incrementing the retry count. The multi-step authentication is expected, and not a "retry" and should not be penalized as such. This means that we don't need to keep the contexts around and ensures that we do not unnecessarily fail for too many retries when we have challenge/response auth on a proxy and a server and potentially redirects in play as well.
6d931ba7	2019-03-22T16:35:59	http: don't set the header in the auth token
10718526	2019-03-09T13:53:16	http: don't reset replay count after connection A "connection" to a server is transient, and we may reconnect to a server in the midst of authentication failures (if the remote indicates that we should, via `Connection: close`) or in a redirect.
3192e3c9	2019-03-07T16:57:11	http: provide an NTLM authentication provider
a7f65f03	2019-03-21T15:42:57	ntlm: add ntlmclient as a dependency Include https://github.com/ethomson/ntlmclient as a dependency.
79fc8281	2019-03-21T16:49:25	http: validate server's authentication types Ensure that the server supports the particular credential type that we're specifying. Previously we considered credential types as an input to an auth mechanism - since the HTTP transport only supported default credentials (via negotiate) and username/password credentials (via basic), this worked. However, if we are to add another mechanism that uses username/password credentials, we'll need to be careful to identify the types that are accepted.
5ad99210	2019-03-07T16:43:45	http: consume body on proxy auth failure We must always consume the full parser body if we're going to keep-alive. So in the authentication failure case, continue advancing the http message parser until it's complete, then we can retry the connection. Not doing so would mean that we have to tear the connection down and start over. Advancing through fully (even though we don't use the data) will ensure that we can retry a connection with keep-alive.
75b20458	2019-03-07T16:34:55	http: always consume body on auth failure When we get an authentication failure, we must consume the entire body of the response. If we only read half of the body (on the assumption that we can ignore the rest) then we will never complete the parsing of the message. This means that we will never set the complete flag, and our replay must actually tear down the connection and try again. This is particularly problematic for stateful authentication mechanisms (SPNEGO, NTLM) that require that we keep the connection alive. Note that the prior code is only a problem when the 401 that we are parsing is too large to be read in a single chunked read from the http parser. But now we will continue to invoke the http parser until we've got a complete message in the authentication failed scenario. Note that we need not do anything with the message, so when we get an authentication failed, we'll stop adding data to our buffer, we'll simply loop in the parser and let it advance its internal state.
e87f912b	2019-03-21T15:29:52	http: don't realloc the request
10e8fe55	2019-03-21T13:55:54	transports: add an `is_complete` function for auth Some authentication mechanisms (like HTTP Basic and Digest) have a one-step mechanism to create credentials, but there are more complex mechanisms like NTLM and Negotiate that require challenge/response after negotiation, requiring several round-trips. Add an `is_complete` function to know when they have round-tripped enough to be a single authentication and should now either have succeeded or failed to authenticate.
9050c69c	2019-03-09T17:24:16	http: examine keepalive status at message end We cannot examine the keep-alive status of the http parser in `http_connect`; it's too late and the critical information about whether keep-alive is supported has been destroyed. Per the documentation for `http_should_keep_alive`: > If http_should_keep_alive() in the on_headers_complete or > on_message_complete callback returns 0, then this should be > the last message on the connection. Query then and set the state.
956ba48b	2019-03-14T10:36:40	http: increase the replay count Increase the permissible replay count; with multiple-step authentication schemes (NTLM, Negotiate), proxy authentication and redirects, we need to be mindful of the number of steps it takes to get connected. 7 seems high but can be exhausted quickly with just a single authentication failure over a redirected multi-state authentication pipeline.
ee3d35cf	2019-04-07T19:15:21	http: support https for proxies
3d11b6c5	2019-03-11T20:36:09	winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
c6ab183e	2019-03-11T11:43:08	net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.
7ea8630e	2019-04-07T20:11:59	http: free auth context on failure When we send HTTP credentials but the server rejects them, tear down the authentication context so that we can start fresh. To maintain this state, additionally move all of the authentication handling into `on_auth_required`.
005b5bc2	2019-04-07T17:55:23	http: reconnect to proxy on connection close When we're issuing a CONNECT to a proxy, we expect to keep-alive to the proxy. However, during authentication negotiations, the proxy may close the connection. Reconnect if the server closes the connection.
d171fbee	2019-04-07T17:40:23	http: allow server to drop a keepalive connection When we have a keep-alive connection to the server, that server may legally drop the connection for any reason once a successful request and response has occurred. It's common for servers to drop the connection after some amount of time or number of requests have occurred.
178df697	2019-06-08T17:16:19	trace: suffix the callbacks with `_cb` The trace logging callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.
810cefd9	2019-06-08T17:14:00	credentials: suffix the callbacks with `_cb` The credential callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.
6d2ab2cf	2019-03-19T23:43:10	merge: analysis support for bare repositories
e50d138e	2019-06-06T09:48:30	Merge pull request #5095 from pks-t/pks/ignore-escaped-trailing-space ignore: handle escaped trailing whitespace
4de6eb5b	2019-06-06T09:47:43	Merge pull request #5074 from libgit2/ethomson/ignore_leading_slash Ignore: only treat one leading slash as a root identifier
d81e7866	2019-06-06T14:11:44	ignore: handle escaped trailing whitespace The gitignore's pattern format specifies that "Trailing spaces are ignored unless they are quoted with backslash ("\")". We do not honor this currently and will treat a pattern "foo\ " as if it was "foo\" only and a pattern "foo\ \ " as "foo\ \". Fix our code to handle those special cases and add tests to avoid regressions.
b6967c39	2019-06-06T14:02:17	attr_file: refactor stripping of trailing spaces The stripping of trailing spaces currently happens as part of `git_attr_fnmatch__parse`. As we aren't currently parsing trailing whitespaces correct in case they're escaped, we'll have to change that code, though. To make actual behavioural change easier to review, refactor the code up-front by pulling it out into its own function that is expected to retain the exact same functionality as before. Like this, the fix will be trivial to apply.
63adcc4e	2019-05-19T16:27:59	attr: optionally treat leading whitespace as significant When `allow_space` is unset, ensure that leading whitespace is not skipped.
add17435	2019-05-24T15:24:26	cache: fix cache eviction using deallocated key When evicting cache entries, we first retrieve the object that is to be evicted, delete the object and then finally delete the key from the cache. In case where the cache eviction caused us to free the cached object, though, its key will point to invalid memory now when trying to remove it from the cache map. On my system, this causes us to not properly remove the key from the map, as its memory has been overwritten already and thus the key lookup it will fail and we cannot delete it. Fix this by only decrementing the refcount of the evictee after we have removed it from our cache map. Add a test that caused a segfault previous to that change.
d668820d	2019-05-24T10:48:47	NetBSD < 7 doesn't have posix_fallocate See: https://www.netbsd.org/changes/changes-7.0.html
9cc904da	2019-05-23T10:49:44	repository: fix garbage return value error was never initialized and a garbage value returned on success.
355b02a1	2019-05-22T11:48:28	config: rename subsection header parser func The `parse_section_header_ext` name suggests that it as an extended function for parsing the section header. It is not. Rename it to `parse_subsection_header` to better reflect its true mission.
23c5699e	2019-05-16T09:37:25	config: validate quoted section value When we reach a whitespace after a section name, we assume that what will follow will be a quoted subsection name. Pass the current position of the line being parsed to the subsection parser, so that it can validate that subsequent characters are additional whitespace or a single quote. Previously we would begin parsing after the section name, looking for the first quotation mark. This allows invalid characters to embed themselves between the end of the section name and the first quotation mark, eg `[section foo "subsection"]`, which is illegal.
b83bd037	2019-05-16T08:57:10	config: don't write invalid column When we don't specify a particular column, don't write it in the error message. (column "0" is unhelpful.)
42dd38dd	2019-05-16T08:55:40	config: lowercase error messages Update the configuration parsing error messages to be lower-cased for consistency with the rest of the library.
d97afb93	2019-05-22T11:45:45	Merge pull request #5060 from pks-t/pks/refspec-nested-globs Loosen restriction on wildcard "*" refspecs
3d9e82fd	2019-05-21T14:59:55	Merge pull request #4935 from libgit2/ethomson/pcre Use PCRE for our fallback regex engine when regcomp_l is unavailable
59647e1a	2019-04-08T15:54:25	remote: add callback to resolve URLs before connecting Since libssh2 doesn't read host configuration from the config file, this callback can be used to hand over URL resolving to the client without touching the SSH implementation itself.
ac2b235e	2019-05-21T12:22:40	regex: use REGEX_BACKEND as the cmake option name This avoids any misunderstanding with the REGEX keyword in cmake.
4aa36ff2	2019-05-21T12:18:47	Merge pull request #5075 from libgit2/ethomson/ignore_skip_bom Skip UTF8 BOM in ignore files
ada1cd01	2019-05-21T21:35:57	Use tabs for indentation (#5079).
b575c242	2019-05-21T20:20:04	Fix indentation (#5079).
2c2e924b	2019-05-21T20:17:48	We still need to update pkgconfig variables when zlib is unbundled (#5079).
06dbf734	2019-05-21T15:44:32	We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library (libgit2/#5079).
0fd259ed	2019-05-20T12:44:37	define SYMBOLIC_LINK_FLAG_DIRECTORY if not defined
133bceba	2019-05-19T13:57:13	ignore: skip UTF8 BOM in ignore file
e269b343	2019-05-19T13:12:47	ignore: only skip first leading slash For compatibility with git, only skip the first leading slash in an ignore file. That is: `/a.txt` indicates to ignore a file named `a.txt` at the root. However `//b.txt` does not indicate that a file named `b.txt` at the root should be ignored.
9ceafb57	2019-01-12T22:55:31	regexec: use pcre as our fallback/builtin regex Use PCRE 8.42 as the builtin regex implementation, using its POSIX compatibility layer. PCRE uses ASCII by default and the users locale will not influence its behavior, so its `regcomp` implementation is similar to `regcomp_l` with a C locale.
ce6d624a	2019-05-19T10:30:04	regex: optionally use PCRE2 Use PCRE2 and its POSIX compatibility layer if requested by the user. Although PCRE2 is adequate for our needs, the PCRE2 POSIX layer as installed on Debian and Ubuntu systems is broken, so we do not opt-in to it by default to avoid breaking users on those platforms.
69ecdad5	2019-05-19T10:09:55	regex: use system PCRE if available Attempt to locate a system-installed version of PCRE and use its POSIX compatibility layer, if possible.
622166c4	2019-05-18T19:37:59	regex: disambiguate builtin vs system pcre
c6e48fef	2019-02-17T21:51:34	regex: allow regex selection in cmake Users can now select which regex implementation they want to use: one of the system `regcomp_l`, the system PCRE, the builtin PCRE or the system's `regcomp`. By default the system `regcomp_l` will be used if it exists, otherwise the system PCRE will be used. If neither of those exist, then the builtin PCRE implementation will be used. The system's `regcomp` is not used by default due to problems with locales.
fe1fb36e	2019-01-13T21:10:50	win32: move type definitions for improved inclusion Move some win32 type definitions to a standalone file so that they can be included before other header files try to use the definitions.
31f8f82a	2018-03-02T12:18:59	diff_driver: detect memory allocation errors when loading diff driver When searching for a configuration key for the diff driver, we construct the config key by modifying a buffer and then passing it to `git_config_get_multivar_foreach`. We do not check though whether the modification of the buffer actually succeded, so we could in theory end up passing the OOM buffer to the config function. Fix that by checking return codes. While at it, switch to use `git_buf_PUTS` to avoid repetition of the appended string to calculate its length.
02683b20	2019-01-12T23:06:39	regexec: prefix all regexec function calls with p_ Prefix all the calls to the the regexec family of functions with `p_`. This allows us to swap out all the regular expression functions with our own implementation. Move the declarations to `posix_regex.h` for simpler inclusion.
c9f116f1	2019-05-12T22:06:00	Merge branch 'pr/5061'
ab27c835	2019-05-12T22:05:26	revwalk: update error message for clarity
1e3a639d	2019-05-12T21:54:39	Merge pull request #5065 from danielgindi/feature/win32_symlink_dir Support symlinks for directories in win32
7f562f2c	2019-05-12T11:00:31	Merge pull request #5057 from eaigner/merge-rebase-onto-name rebase: orig_head and onto accessors
6990a492	2019-05-06T11:39:51	revwalk: fix memory leak in error handling This is not implemented and should fail, but it should also not leak. To allow the memory debugger to find leaks and fix this one we test this.
336e98bb	2019-05-06T14:51:52	Moved dwFlags declaration to beginning of scope
37a7adb5	2019-05-05T07:49:09	Support symlinks for directories in win32
d55bb479	2019-04-26T15:59:49	git_revwalk_push_range: do not crash if range is missing If someone passes just one ref (i.e. "master") and misses passing the range we should be nice and return an error code instead of crashing.
604e2811	2019-05-02T12:09:23	Merge pull request #5063 from pks-t/pks/cmake-regcomp-fix cmake: correctly detect if system provides `regcomp`
ee3d71fb	2019-04-26T08:01:56	cmake: fix include ordering issues with bundled deps When linking against bundled libraries, we include their header directories by using "-isystem". The reason for that is that we want to handle our vendored library headers specially, most importantly to ignore warnings generated by including them. By using "-isystem", though, we screw up the order of searched include directories by moving those bundled dependencies towards the end of the lookup order. Like this, chances are high that any other specified include directory contains a file that collides with the actual desired include file. Fix this by not treating the bundled dependencies' include directories as system includes. This will move them to the front of the lookup order and thus cause them to override system-provided headers. While this may cause the compiler to generate additional warnings when processing bundled headers, this is a tradeoff we should make regardless to fix builds on systems hitting this issue.
13cb9f7a	2019-02-25T11:35:16	cmake: correctly detect if system provides `regcomp` We assume that if we are on Win32, Amiga OS, Solaris or SunOS, that the regcomp(3P) function cannot be provided by the system. Thus we will in these cases always include our own, bundled regex sources to make a regcomp implementation available. This test is obviously very fragile, and we have seen it fail on MSYS2/MinGW systems, which do in fact provide the regcomp symbol. The effect is that during compilation, we will use the "regex.h" header provided by MinGW, but use symbols provided by ourselves. This in fact may cause subtle memory layout issues, as the structure made available via MinGW doesn't match what our bundled code expects. There's one more problem with our regex detection: on the listed platforms, we will incorrectly include the bundled regex code even in case where the system provides regcomp_l(3), but it will never be used for anything. Fix the issue by improving our regcomp detection code. Instead of relying on a fragile listing of platforms, we can just use `CHECK_FUNCTION_EXISTS` instead. This will not in fact avoid the header-ordering problem. But we can assume that as soon as a system-provided "regex.h" header is provided, that `CHECK_FUNCTION_EXISTS` will now correctly find the desired symbol and thus not include our bundled regex code.
e44110db	2019-03-20T12:28:45	Correctly write to missing locked global config Opening a default config when ~/.gitconfig doesn't exist, locking it, and attempting to write to it causes an assertion failure. Treat non-existent global config file content as an empty string.
bc5b19e6	2019-04-29T09:01:45	Merge pull request #4561 from pks-t/pks/downcasting [RFC] util: introduce GIT_DOWNCAST macro
0c71e4cb	2019-04-26T10:38:02	refspec: fix transforming nested stars When we transform a refspec with a component containing a glob, then we simply copy over the component until the next separator from the matching ref. E.g. if we have a ref "refs/heads/foo/bar" and a refspec "refs/heads//bar:refs/remotes/origin//bar", we: 1. Copy over everything until hitting the glob from the <dst> part: "refs/remotes/origin/". 2. Strip the common prefix of ref and <src> part until the glob, which is "refs/heads/". This leaves us with a ref of "foo/bar". 3. Copy from the ref until the next "/" separator, resulting in "refs/remotes/origin/foo". 4. Copy over the remaining part of the <dst> spec, which is "bar": "refs/remotes/origin/foo/bar". This worked just fine in a world where globs in refspecs were restricted such that a globbing component may only contain a single "", only. But this restriction has been lifted, so that a glob component may be nested between other characters, causing the above algorithm to fail. Most notably the third step, where we copy until hitting the next "/" separator, might result in a wrong transformation. Given e.g. a ref "refs/gbranchg/head" and a refspec "refs/gg/head:refs/remotes/origin/", we'd also be copying the "g" between "branch" and "/" and end up with the wrong transformed ref "refs/remotes/origin/branchg". Instead of copying until the next component separator, we should copy until we hit the pattern after the "". So in the above example, we'd copy until hitting the string "g/head".
51214b85	2019-04-26T10:15:49	refs: loosen restriction on wildcard "" refspecs In commit cd377f45c9 (refs: loosen restriction on wildcard "" refspecs, 2015-07-22) in git.git, the restrictions on wildcard "" refspecs has been loosened. While wildcards were previously only allowed if the component is a single "", this was changed to also accept other patterns as part of the component. We never adapted to that change and still reject any wildcard patterns that aren't a single "*" only. Update our tests to reflect the upstream change and adjust our own code accordingly.
e215f475	2019-04-21T21:36:36	rebase: orig_head and onto accessors The rebase struct stores fields with information about the current rebase process, which were not accessible via a public interface. Accessors for getting the `orig_head` and `onto` branch names and object ids have been added.
b3923cf7	2019-04-17T13:43:52	Merge pull request #5050 from libgit2/ethomson/windows_init_traversal git_repository_init: stop traversing at windows root
45f24e78	2019-04-12T08:54:06	git_repository_init: stop traversing at windows root Stop traversing the filesystem at the Windows directory root. We were calculating the filesystem root for the given directory to create, and walking up the filesystem hierarchy. We intended to stop when the traversal path length is equal to the root path length (ie, stopping at the root, since no path may be shorter than the root path). However, on Windows, the root path may be specified in two different ways, as either `Z:` or `Z:\`, where `Z:` is the current drive letter. `git_path_dirname_r` returns the path _without_ a trailing slash, even for the Windows root. As a result, during traversal, we need to test that the traversal path is _less than or equal to_ the root path length to determine if we've hit the root to ensure that we stop when our traversal path is `Z:` and our calculated root path was `Z:\`.
cc8a9892	2019-04-16T18:13:31	config_file: check result of git_array_alloc git_array_alloc can return NULL if no memory is available, causing a segmentation fault in memset. This adds GIT_ERROR_CHECK_ALLOC similar to how other parts of the code base deal with the return value of git_array_alloc.
431601f2	2019-04-05T15:05:10	iterator: make use the `GIT_CONTAINER_OF` macro
b51789ac	2019-04-16T13:20:08	transports: make use of the `GIT_CONTAINER_OF` macro
2e246474	2019-04-16T13:19:53	refdb_fs: make use of the `GIT_CONTAINER_OF` macro
65203b5a	2019-04-16T13:21:16	config_file: make use of `GIT_CONTAINER_OF` macro
b5f40441	2019-04-16T13:21:03	util: introduce GIT_CONTAINER_OF macro In some parts of our code, we make rather heavy use of casting structures to their respective specialized implementation. One example is the configuration code with the general `git_config_backend` and the specialized `diskfile_header` structures. At some occasions, it can get confusing though with regards to the correct inheritance structure, which led to the recent bug fixed in 2424e64c4 (config: harden our use of the backend objects a bit, 2018-02-28). Object-oriented programming in C is hard, but we can at least try to have some checks when it comes to casting around stuff. Thus, this commit introduces a `GIT_CONTAINER_OF` macro, which accepts as parameters the pointer that is to be casted, the pointer it should be cast to as well as the member inside of the target structure that is the containing structure. This macro then tries hard to detect mis-casts: - It checks whether the source and target pointers are of the same type. This requires support by the compiler, as it makes use of the builtin `__builtin_types_compatible_p`. - It checks whether the embedded member of the target structure is the first member. In order to make this a compile-time constant, the compiler-provided `__builtin_offsetof` is being used for this. - It ties these two checks together by the compiler-builtin `__builtin_choose_expr`. Based on whether the previous two checks evaluate to `true`, the compiler will either compile in the correct cast, or it will output `(void)0`. The second case results in a compiler error, resulting in a compile-time check for wrong casts. The only downside to this is that it relies heavily on compiler-specific extensions. As both GCC and Clang support these features, only define this macro like explained above in case `__GNUC__` is set (Clang also defines `__GNUC__`). If the compiler is not Clang or GCC, just go with a simple cast without any additional checks.
ed959ca2	2019-04-16T12:36:24	Merge pull request #5027 from ddevault/master patch_parse.c: Handle CRLF in parse_header_start
c4cd69b2	2019-04-07T19:10:16	Merge pull request #5039 from libgit2/ethomson/win32_hash sha1: don't inline `git_hash_global_init` for win32
30c06b60	2019-03-22T23:56:10	patch_parse.c: Handle CRLF in parse_header_start
9d117e20	2019-04-05T10:22:46	ignore: treat paths with trailing "/" as directories The function `git_ignore_path_is_ignored` is there to test the ignore status of paths that need not necessarily exist inside of a repository. This has the implication that for a given path, we cannot always decide whether it references a directory or a file, and we need to distinguish those cases because ignore rules may treat those differently. E.g. given the following gitignore file: * !/**/ we'd only want to unignore directories, while keeping files ignored. But still, calling `git_ignore_path_is_ignored("dir/")` will say that this directory is ignored because it treats "dir/" as a file path. As said, the `is_ignored` function cannot always decide whether the given path is a file or directory, and thus it may produce wrong results in some cases. While this is unfixable in the general case, we can do better when we are being passed a path name with a trailing path separator (e.g. "dir/") and always treat them as directories.
aeea1c46	2019-04-04T15:06:44	Merge pull request #4874 from tiennou/test/4615 Test that largefiles can be read through the tree API
6bcb7357	2019-04-04T14:04:59	Merge pull request #5035 from pks-t/pks/diff-with-space-in-filenames patch_parse: fix parsing addition/deletion of file with space

94fc83b6

2019-06-13T16:48:35

cmake: Modulize our TLS & hash detection The interactions between `USE_HTTPS` and `SHA1_BACKEND` have been streamlined. Previously we would have accepted not quite working configurations (like, `-DUSE_HTTPS=OFF -DSHA1_BACKEND=OpenSSL`) and, as the OpenSSL detection only ran with `USE_HTTPS`, the link would fail. The detection was moved to a new `USE_SHA1`, modeled after `USE_HTTPS`, which takes the values "CollisionDetection/Backend/Generic", to better match how the "hashing backend" is selected, the default (ON) being "CollisionDetection". Note that, as `SHA1_BACKEND` is still used internally, you might need to check what customization you're using it for.

c0dd7122

2019-06-06T16:48:04

apply: add an options struct initializer

0b5ba0d7

2019-06-06T16:36:23

Rename opt init functions to `options_init` In libgit2 nomenclature, when we need to verb a direct object, we name a function `git_directobject_verb`. Thus, if we need to init an options structure named `git_foo_options`, then the name of the function that does that should be `git_foo_options_init`. The previous names of `git_foo_init_options` is close - it _sounds_ as if it's initializing the options of a `foo`, but in fact `git_foo_options` is its own noun that should be respected. Deprecate the old names; they'll now call directly to the new ones.

a5ddae68

2019-06-13T22:00:48

Merge pull request #5097 from pks-t/pks/ignore-escapes gitignore with escapes

e277ff4d

2019-06-13T21:41:55

Merge pull request #5108 from libgit2/ethomson/urlparse_empty_port Handle URLs with a colon after host but no port

fb529a01

2019-06-11T22:03:29

http-parser: use our bundled http-parser by default Our bundled http-parser includes bugfixes, therefore we should prefer our http-parser until such time as we can identify that the system http-parser has these bugfixes (using a version check). Since these bugs are - at present - minor, retain the ability for users to force that they want to use the system http-parser anyway. This does change the cmake specification so that people _must_ opt-in to the new behavior knowingly.

0c1029be

2019-06-13T11:41:39

Merge pull request #5022 from rcoup/merge-analysis-bare-repo-5017 Merge analysis support for bare repos

3b517351

2019-06-07T10:13:34

attr_file: remove invalid TODO comment In our attributes pattern parsing code, we have a comment that states we might have to convert '\' characters to '/' to have proper POSIX paths. But in fact, '\' characters are valid inside the string and act as escape mechanism for various characters, which is why we never want to convert those to POSIX directory separators. Furthermore, gitignore patterns are specified to only treat '/' as directory separators. Remove the comment to avoid future confusion.

b3b6a39d

2019-06-07T11:12:54

attr_file: account for escaped escapes when searching trailing space When determining the trailing space length, we need to honor whether spaces are escaped or not. Currently, we do not check whether the escape itself is escaped, though, which might generate an off-by-one in that case as we will simply treat the space as escaped. Fix this by checking whether the backslashes preceding the space are themselves escaped.

10ac298c

2019-06-07T11:12:42

attr_file: fix unescaping of escapes required for fnmatch When parsing attribute patterns, we will eventually unescape the parsed pattern. This is required because we require custom escapes for whitespace characters, as normally they are used to terminate the current pattern. Thing is, we don't only unescape those whitespace characters, but in fact all escaped sequences. So for example if the pattern was "\*", we unescape that to "*". As this is directly passed to fnmatch(3) later, fnmatch would treat it as a simple glob matching all files where it should instead only match a file with name "*". Fix the issue by unescaping spaces, only. Add a bunch of tests to exercise escape parsing.

eb146e58

2019-06-07T09:17:23

attr_file: properly handle escaped '\' when searching non-escaped spaces When parsing attributes, we need to search for the first unescaped whitespace character to determine where the pattern is to be cut off. The scan fails to account for the case where the escaping '\' character is itself escaped, though, and thus we would not recognize the cut-off point in patterns like "\\ ". Refactor the scanning loop to remember whether the last character was an escape character. If it was and the next character is a '\', too, then we will reset to non-escaped mode again. Thus, we now handle escaped whitespaces as well as escaped wildcards correctly.

f7c6795f

2019-06-07T10:20:35

path: only treat paths starting with '\' as absolute on Win32 Windows-based systems treat paths starting with '\' as absolute, either referring to the current drive's root (e.g. "\foo" might refer to "C:\foo") or to a network path (e.g. "\\host\foo"). On the other hand, (most?) systems that are not based on Win32 accept backslashes as valid characters that may be part of the filename, and thus we cannot treat them to identify absolute paths. Change the logic to only paths starting with '\' as absolute on the Win32 platform. Add tests to avoid regressions and document behaviour.

fd734f7d

2019-06-11T12:45:27

Merge pull request #5107 from pks-t/pks/sha1dc-update sha1dc: update to fix endianess issues on AIX/HP-UX

230a451e

2019-06-10T13:54:11

sha1dc: update to fix endianess issues on AIX/HP-UX Update our copy of sha1dc to the upstream commit 855827c (Detect endianess on HP-UX, 2019-05-09). Changes include fixes to endian detection on AIX and HP-UX systems as well as a define that allows us to force aligned access, which we're not using yet.

9af1de5b

2019-03-24T20:49:57

http: stop on server EOF We stop the read loop when we have read all the data. We should also consider the server's feelings. If the server hangs up on us, we need to stop our read loop. Otherwise, we'll try to read from the server - and fail - ad infinitum.

539e6293

2019-03-22T19:06:46

http: teach auth mechanisms about connection affinity Instead of using `is_complete` to decide whether we have connection or request affinity for authentication mechanisms, set a boolean on the mechanism definition itself.

3e0b4b43

2019-03-22T18:52:03

http: maintain authentication across connections For request-based authentication mechanisms (Basic, Digest) we should keep the authentication context alive across socket connections, since the authentication headers must be transmitted with every request. However, we should continue to remove authentication contexts for mechanisms with connection affinity (NTLM, Negotiate) since we need to reauthenticate for every socket connection.

ce72ae95

2019-03-22T10:53:30

http: simplify authentication mechanisms Hold an individual authentication context instead of trying to maintain all the contexts; we can select the preferred context during the initial negotiation. Subsequent authentication steps will re-use the chosen authentication (until such time as it's rejected) instead of trying to manage multiple contexts when all but one will never be used (since we can only authenticate with a single mechanism at a time.) Also, when we're given a 401 or 407 in the middle of challenge/response handling, short-circuit immediately without incrementing the retry count. The multi-step authentication is expected, and not a "retry" and should not be penalized as such. This means that we don't need to keep the contexts around and ensures that we do not unnecessarily fail for too many retries when we have challenge/response auth on a proxy and a server and potentially redirects in play as well.

6d931ba7

2019-03-22T16:35:59

http: don't set the header in the auth token

10718526

2019-03-09T13:53:16

http: don't reset replay count after connection A "connection" to a server is transient, and we may reconnect to a server in the midst of authentication failures (if the remote indicates that we should, via `Connection: close`) or in a redirect.

3192e3c9

2019-03-07T16:57:11

http: provide an NTLM authentication provider

a7f65f03

2019-03-21T15:42:57

ntlm: add ntlmclient as a dependency Include https://github.com/ethomson/ntlmclient as a dependency.

79fc8281

2019-03-21T16:49:25

http: validate server's authentication types Ensure that the server supports the particular credential type that we're specifying. Previously we considered credential types as an input to an auth mechanism - since the HTTP transport only supported default credentials (via negotiate) and username/password credentials (via basic), this worked. However, if we are to add another mechanism that uses username/password credentials, we'll need to be careful to identify the types that are accepted.

5ad99210

2019-03-07T16:43:45

http: consume body on proxy auth failure We must always consume the full parser body if we're going to keep-alive. So in the authentication failure case, continue advancing the http message parser until it's complete, then we can retry the connection. Not doing so would mean that we have to tear the connection down and start over. Advancing through fully (even though we don't use the data) will ensure that we can retry a connection with keep-alive.

75b20458

2019-03-07T16:34:55

http: always consume body on auth failure When we get an authentication failure, we must consume the entire body of the response. If we only read half of the body (on the assumption that we can ignore the rest) then we will never complete the parsing of the message. This means that we will never set the complete flag, and our replay must actually tear down the connection and try again. This is particularly problematic for stateful authentication mechanisms (SPNEGO, NTLM) that require that we keep the connection alive. Note that the prior code is only a problem when the 401 that we are parsing is too large to be read in a single chunked read from the http parser. But now we will continue to invoke the http parser until we've got a complete message in the authentication failed scenario. Note that we need not do anything with the message, so when we get an authentication failed, we'll stop adding data to our buffer, we'll simply loop in the parser and let it advance its internal state.

e87f912b

2019-03-21T15:29:52

http: don't realloc the request

10e8fe55

2019-03-21T13:55:54

transports: add an `is_complete` function for auth Some authentication mechanisms (like HTTP Basic and Digest) have a one-step mechanism to create credentials, but there are more complex mechanisms like NTLM and Negotiate that require challenge/response after negotiation, requiring several round-trips. Add an `is_complete` function to know when they have round-tripped enough to be a single authentication and should now either have succeeded or failed to authenticate.

9050c69c

2019-03-09T17:24:16

http: examine keepalive status at message end We cannot examine the keep-alive status of the http parser in `http_connect`; it's too late and the critical information about whether keep-alive is supported has been destroyed. Per the documentation for `http_should_keep_alive`: > If http_should_keep_alive() in the on_headers_complete or > on_message_complete callback returns 0, then this should be > the last message on the connection. Query then and set the state.

956ba48b

2019-03-14T10:36:40

http: increase the replay count Increase the permissible replay count; with multiple-step authentication schemes (NTLM, Negotiate), proxy authentication and redirects, we need to be mindful of the number of steps it takes to get connected. 7 seems high but can be exhausted quickly with just a single authentication failure over a redirected multi-state authentication pipeline.

ee3d35cf

2019-04-07T19:15:21

http: support https for proxies

3d11b6c5

2019-03-11T20:36:09

winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.

c6ab183e

2019-03-11T11:43:08

net: rename gitno_connection_data to git_net_url "Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.

7ea8630e

2019-04-07T20:11:59

http: free auth context on failure When we send HTTP credentials but the server rejects them, tear down the authentication context so that we can start fresh. To maintain this state, additionally move all of the authentication handling into `on_auth_required`.

005b5bc2

2019-04-07T17:55:23

http: reconnect to proxy on connection close When we're issuing a CONNECT to a proxy, we expect to keep-alive to the proxy. However, during authentication negotiations, the proxy may close the connection. Reconnect if the server closes the connection.

d171fbee

2019-04-07T17:40:23

http: allow server to drop a keepalive connection When we have a keep-alive connection to the server, that server may legally drop the connection for any reason once a successful request and response has occurred. It's common for servers to drop the connection after some amount of time or number of requests have occurred.

178df697

2019-06-08T17:16:19

trace: suffix the callbacks with `_cb` The trace logging callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.

810cefd9

2019-06-08T17:14:00

credentials: suffix the callbacks with `_cb` The credential callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.

6d2ab2cf

2019-03-19T23:43:10

merge: analysis support for bare repositories

e50d138e

2019-06-06T09:48:30

Merge pull request #5095 from pks-t/pks/ignore-escaped-trailing-space ignore: handle escaped trailing whitespace

4de6eb5b

2019-06-06T09:47:43

Merge pull request #5074 from libgit2/ethomson/ignore_leading_slash Ignore: only treat one leading slash as a root identifier

d81e7866

2019-06-06T14:11:44

ignore: handle escaped trailing whitespace The gitignore's pattern format specifies that "Trailing spaces are ignored unless they are quoted with backslash ("\")". We do not honor this currently and will treat a pattern "foo\ " as if it was "foo\" only and a pattern "foo\ \ " as "foo\ \". Fix our code to handle those special cases and add tests to avoid regressions.

b6967c39

2019-06-06T14:02:17

attr_file: refactor stripping of trailing spaces The stripping of trailing spaces currently happens as part of `git_attr_fnmatch__parse`. As we aren't currently parsing trailing whitespaces correct in case they're escaped, we'll have to change that code, though. To make actual behavioural change easier to review, refactor the code up-front by pulling it out into its own function that is expected to retain the exact same functionality as before. Like this, the fix will be trivial to apply.

63adcc4e

2019-05-19T16:27:59

attr: optionally treat leading whitespace as significant When `allow_space` is unset, ensure that leading whitespace is not skipped.

add17435

2019-05-24T15:24:26

cache: fix cache eviction using deallocated key When evicting cache entries, we first retrieve the object that is to be evicted, delete the object and then finally delete the key from the cache. In case where the cache eviction caused us to free the cached object, though, its key will point to invalid memory now when trying to remove it from the cache map. On my system, this causes us to not properly remove the key from the map, as its memory has been overwritten already and thus the key lookup it will fail and we cannot delete it. Fix this by only decrementing the refcount of the evictee after we have removed it from our cache map. Add a test that caused a segfault previous to that change.

d668820d

2019-05-24T10:48:47

NetBSD < 7 doesn't have posix_fallocate See: https://www.netbsd.org/changes/changes-7.0.html

9cc904da

2019-05-23T10:49:44

repository: fix garbage return value error was never initialized and a garbage value returned on success.

355b02a1

2019-05-22T11:48:28

config: rename subsection header parser func The `parse_section_header_ext` name suggests that it as an extended function for parsing the section header. It is not. Rename it to `parse_subsection_header` to better reflect its true mission.

23c5699e

2019-05-16T09:37:25

config: validate quoted section value When we reach a whitespace after a section name, we assume that what will follow will be a quoted subsection name. Pass the current position of the line being parsed to the subsection parser, so that it can validate that subsequent characters are additional whitespace or a single quote. Previously we would begin parsing after the section name, looking for the first quotation mark. This allows invalid characters to embed themselves between the end of the section name and the first quotation mark, eg `[section foo "subsection"]`, which is illegal.

b83bd037

2019-05-16T08:57:10

config: don't write invalid column When we don't specify a particular column, don't write it in the error message. (column "0" is unhelpful.)

42dd38dd

2019-05-16T08:55:40

config: lowercase error messages Update the configuration parsing error messages to be lower-cased for consistency with the rest of the library.

d97afb93

2019-05-22T11:45:45

Merge pull request #5060 from pks-t/pks/refspec-nested-globs Loosen restriction on wildcard "*" refspecs

3d9e82fd

2019-05-21T14:59:55

Merge pull request #4935 from libgit2/ethomson/pcre Use PCRE for our fallback regex engine when regcomp_l is unavailable

59647e1a

2019-04-08T15:54:25

remote: add callback to resolve URLs before connecting Since libssh2 doesn't read host configuration from the config file, this callback can be used to hand over URL resolving to the client without touching the SSH implementation itself.

ac2b235e

2019-05-21T12:22:40

regex: use REGEX_BACKEND as the cmake option name This avoids any misunderstanding with the REGEX keyword in cmake.

4aa36ff2

2019-05-21T12:18:47

Merge pull request #5075 from libgit2/ethomson/ignore_skip_bom Skip UTF8 BOM in ignore files

ada1cd01

2019-05-21T21:35:57

Use tabs for indentation (#5079).

b575c242

2019-05-21T20:20:04

Fix indentation (#5079).

2c2e924b

2019-05-21T20:17:48

We still need to update pkgconfig variables when zlib is unbundled (#5079).

06dbf734

2019-05-21T15:44:32

We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library (libgit2/#5079).

0fd259ed

2019-05-20T12:44:37

define SYMBOLIC_LINK_FLAG_DIRECTORY if not defined

133bceba

2019-05-19T13:57:13

ignore: skip UTF8 BOM in ignore file

e269b343

2019-05-19T13:12:47

ignore: only skip first leading slash For compatibility with git, only skip the first leading slash in an ignore file. That is: `/a.txt` indicates to ignore a file named `a.txt` at the root. However `//b.txt` does not indicate that a file named `b.txt` at the root should be ignored.

9ceafb57

2019-01-12T22:55:31

regexec: use pcre as our fallback/builtin regex Use PCRE 8.42 as the builtin regex implementation, using its POSIX compatibility layer. PCRE uses ASCII by default and the users locale will not influence its behavior, so its `regcomp` implementation is similar to `regcomp_l` with a C locale.

ce6d624a

2019-05-19T10:30:04

regex: optionally use PCRE2 Use PCRE2 and its POSIX compatibility layer if requested by the user. Although PCRE2 is adequate for our needs, the PCRE2 POSIX layer as installed on Debian and Ubuntu systems is broken, so we do not opt-in to it by default to avoid breaking users on those platforms.

69ecdad5

2019-05-19T10:09:55

regex: use system PCRE if available Attempt to locate a system-installed version of PCRE and use its POSIX compatibility layer, if possible.

622166c4

2019-05-18T19:37:59

regex: disambiguate builtin vs system pcre

c6e48fef

2019-02-17T21:51:34

regex: allow regex selection in cmake Users can now select which regex implementation they want to use: one of the system `regcomp_l`, the system PCRE, the builtin PCRE or the system's `regcomp`. By default the system `regcomp_l` will be used if it exists, otherwise the system PCRE will be used. If neither of those exist, then the builtin PCRE implementation will be used. The system's `regcomp` is not used by default due to problems with locales.

fe1fb36e

2019-01-13T21:10:50

win32: move type definitions for improved inclusion Move some win32 type definitions to a standalone file so that they can be included before other header files try to use the definitions.

31f8f82a

2018-03-02T12:18:59

diff_driver: detect memory allocation errors when loading diff driver When searching for a configuration key for the diff driver, we construct the config key by modifying a buffer and then passing it to `git_config_get_multivar_foreach`. We do not check though whether the modification of the buffer actually succeded, so we could in theory end up passing the OOM buffer to the config function. Fix that by checking return codes. While at it, switch to use `git_buf_PUTS` to avoid repetition of the appended string to calculate its length.

02683b20

2019-01-12T23:06:39

regexec: prefix all regexec function calls with p_ Prefix all the calls to the the regexec family of functions with `p_`. This allows us to swap out all the regular expression functions with our own implementation. Move the declarations to `posix_regex.h` for simpler inclusion.

c9f116f1

2019-05-12T22:06:00

Merge branch 'pr/5061'

ab27c835

2019-05-12T22:05:26

revwalk: update error message for clarity

1e3a639d

2019-05-12T21:54:39

Merge pull request #5065 from danielgindi/feature/win32_symlink_dir Support symlinks for directories in win32

7f562f2c

2019-05-12T11:00:31

Merge pull request #5057 from eaigner/merge-rebase-onto-name rebase: orig_head and onto accessors

6990a492

2019-05-06T11:39:51

revwalk: fix memory leak in error handling This is not implemented and should fail, but it should also not leak. To allow the memory debugger to find leaks and fix this one we test this.

336e98bb

2019-05-06T14:51:52

Moved dwFlags declaration to beginning of scope

37a7adb5

2019-05-05T07:49:09

Support symlinks for directories in win32

d55bb479

2019-04-26T15:59:49

git_revwalk_push_range: do not crash if range is missing If someone passes just one ref (i.e. "master") and misses passing the range we should be nice and return an error code instead of crashing.

604e2811

2019-05-02T12:09:23

Merge pull request #5063 from pks-t/pks/cmake-regcomp-fix cmake: correctly detect if system provides `regcomp`

ee3d71fb

2019-04-26T08:01:56

cmake: fix include ordering issues with bundled deps When linking against bundled libraries, we include their header directories by using "-isystem". The reason for that is that we want to handle our vendored library headers specially, most importantly to ignore warnings generated by including them. By using "-isystem", though, we screw up the order of searched include directories by moving those bundled dependencies towards the end of the lookup order. Like this, chances are high that any other specified include directory contains a file that collides with the actual desired include file. Fix this by not treating the bundled dependencies' include directories as system includes. This will move them to the front of the lookup order and thus cause them to override system-provided headers. While this may cause the compiler to generate additional warnings when processing bundled headers, this is a tradeoff we should make regardless to fix builds on systems hitting this issue.

13cb9f7a

2019-02-25T11:35:16

cmake: correctly detect if system provides `regcomp` We assume that if we are on Win32, Amiga OS, Solaris or SunOS, that the regcomp(3P) function cannot be provided by the system. Thus we will in these cases always include our own, bundled regex sources to make a regcomp implementation available. This test is obviously very fragile, and we have seen it fail on MSYS2/MinGW systems, which do in fact provide the regcomp symbol. The effect is that during compilation, we will use the "regex.h" header provided by MinGW, but use symbols provided by ourselves. This in fact may cause subtle memory layout issues, as the structure made available via MinGW doesn't match what our bundled code expects. There's one more problem with our regex detection: on the listed platforms, we will incorrectly include the bundled regex code even in case where the system provides regcomp_l(3), but it will never be used for anything. Fix the issue by improving our regcomp detection code. Instead of relying on a fragile listing of platforms, we can just use `CHECK_FUNCTION_EXISTS` instead. This will not in fact avoid the header-ordering problem. But we can assume that as soon as a system-provided "regex.h" header is provided, that `CHECK_FUNCTION_EXISTS` will now correctly find the desired symbol and thus not include our bundled regex code.

e44110db

2019-03-20T12:28:45

Correctly write to missing locked global config Opening a default config when ~/.gitconfig doesn't exist, locking it, and attempting to write to it causes an assertion failure. Treat non-existent global config file content as an empty string.

bc5b19e6

2019-04-29T09:01:45

Merge pull request #4561 from pks-t/pks/downcasting [RFC] util: introduce GIT_DOWNCAST macro

0c71e4cb

2019-04-26T10:38:02

refspec: fix transforming nested stars When we transform a refspec with a component containing a glob, then we simply copy over the component until the next separator from the matching ref. E.g. if we have a ref "refs/heads/foo/bar" and a refspec "refs/heads/*/bar:refs/remotes/origin/*/bar", we: 1. Copy over everything until hitting the glob from the <dst> part: "refs/remotes/origin/". 2. Strip the common prefix of ref and <src> part until the glob, which is "refs/heads/". This leaves us with a ref of "foo/bar". 3. Copy from the ref until the next "/" separator, resulting in "refs/remotes/origin/foo". 4. Copy over the remaining part of the <dst> spec, which is "bar": "refs/remotes/origin/foo/bar". This worked just fine in a world where globs in refspecs were restricted such that a globbing component may only contain a single "*", only. But this restriction has been lifted, so that a glob component may be nested between other characters, causing the above algorithm to fail. Most notably the third step, where we copy until hitting the next "/" separator, might result in a wrong transformation. Given e.g. a ref "refs/gbranchg/head" and a refspec "refs/g*g/head:refs/remotes/origin/*", we'd also be copying the "g" between "branch" and "/" and end up with the wrong transformed ref "refs/remotes/origin/branchg". Instead of copying until the next component separator, we should copy until we hit the pattern after the "*". So in the above example, we'd copy until hitting the string "g/head".

51214b85

2019-04-26T10:15:49

refs: loosen restriction on wildcard "*" refspecs In commit cd377f45c9 (refs: loosen restriction on wildcard "*" refspecs, 2015-07-22) in git.git, the restrictions on wildcard "*" refspecs has been loosened. While wildcards were previously only allowed if the component is a single "*", this was changed to also accept other patterns as part of the component. We never adapted to that change and still reject any wildcard patterns that aren't a single "*" only. Update our tests to reflect the upstream change and adjust our own code accordingly.

e215f475

2019-04-21T21:36:36

rebase: orig_head and onto accessors The rebase struct stores fields with information about the current rebase process, which were not accessible via a public interface. Accessors for getting the `orig_head` and `onto` branch names and object ids have been added.

b3923cf7

2019-04-17T13:43:52

Merge pull request #5050 from libgit2/ethomson/windows_init_traversal git_repository_init: stop traversing at windows root

45f24e78

2019-04-12T08:54:06

git_repository_init: stop traversing at windows root Stop traversing the filesystem at the Windows directory root. We were calculating the filesystem root for the given directory to create, and walking up the filesystem hierarchy. We intended to stop when the traversal path length is equal to the root path length (ie, stopping at the root, since no path may be shorter than the root path). However, on Windows, the root path may be specified in two different ways, as either `Z:` or `Z:\`, where `Z:` is the current drive letter. `git_path_dirname_r` returns the path _without_ a trailing slash, even for the Windows root. As a result, during traversal, we need to test that the traversal path is _less than or equal to_ the root path length to determine if we've hit the root to ensure that we stop when our traversal path is `Z:` and our calculated root path was `Z:\`.

cc8a9892

2019-04-16T18:13:31

config_file: check result of git_array_alloc git_array_alloc can return NULL if no memory is available, causing a segmentation fault in memset. This adds GIT_ERROR_CHECK_ALLOC similar to how other parts of the code base deal with the return value of git_array_alloc.

431601f2

2019-04-05T15:05:10

iterator: make use the `GIT_CONTAINER_OF` macro

b51789ac

2019-04-16T13:20:08

transports: make use of the `GIT_CONTAINER_OF` macro

2e246474

2019-04-16T13:19:53

refdb_fs: make use of the `GIT_CONTAINER_OF` macro

65203b5a

2019-04-16T13:21:16

config_file: make use of `GIT_CONTAINER_OF` macro

b5f40441

2019-04-16T13:21:03

util: introduce GIT_CONTAINER_OF macro In some parts of our code, we make rather heavy use of casting structures to their respective specialized implementation. One example is the configuration code with the general `git_config_backend` and the specialized `diskfile_header` structures. At some occasions, it can get confusing though with regards to the correct inheritance structure, which led to the recent bug fixed in 2424e64c4 (config: harden our use of the backend objects a bit, 2018-02-28). Object-oriented programming in C is hard, but we can at least try to have some checks when it comes to casting around stuff. Thus, this commit introduces a `GIT_CONTAINER_OF` macro, which accepts as parameters the pointer that is to be casted, the pointer it should be cast to as well as the member inside of the target structure that is the containing structure. This macro then tries hard to detect mis-casts: - It checks whether the source and target pointers are of the same type. This requires support by the compiler, as it makes use of the builtin `__builtin_types_compatible_p`. - It checks whether the embedded member of the target structure is the first member. In order to make this a compile-time constant, the compiler-provided `__builtin_offsetof` is being used for this. - It ties these two checks together by the compiler-builtin `__builtin_choose_expr`. Based on whether the previous two checks evaluate to `true`, the compiler will either compile in the correct cast, or it will output `(void)0`. The second case results in a compiler error, resulting in a compile-time check for wrong casts. The only downside to this is that it relies heavily on compiler-specific extensions. As both GCC and Clang support these features, only define this macro like explained above in case `__GNUC__` is set (Clang also defines `__GNUC__`). If the compiler is not Clang or GCC, just go with a simple cast without any additional checks.

ed959ca2

2019-04-16T12:36:24

Merge pull request #5027 from ddevault/master patch_parse.c: Handle CRLF in parse_header_start

c4cd69b2

2019-04-07T19:10:16

Merge pull request #5039 from libgit2/ethomson/win32_hash sha1: don't inline `git_hash_global_init` for win32

30c06b60

2019-03-22T23:56:10

patch_parse.c: Handle CRLF in parse_header_start

9d117e20

2019-04-05T10:22:46

ignore: treat paths with trailing "/" as directories The function `git_ignore_path_is_ignored` is there to test the ignore status of paths that need not necessarily exist inside of a repository. This has the implication that for a given path, we cannot always decide whether it references a directory or a file, and we need to distinguish those cases because ignore rules may treat those differently. E.g. given the following gitignore file: * !/**/ we'd only want to unignore directories, while keeping files ignored. But still, calling `git_ignore_path_is_ignored("dir/")` will say that this directory is ignored because it treats "dir/" as a file path. As said, the `is_ignored` function cannot always decide whether the given path is a file or directory, and thus it may produce wrong results in some cases. While this is unfixable in the general case, we can do better when we are being passed a path name with a trailing path separator (e.g. "dir/") and always treat them as directories.

aeea1c46

2019-04-04T15:06:44

Merge pull request #4874 from tiennou/test/4615 Test that largefiles can be read through the tree API

6bcb7357

2019-04-04T14:04:59

Merge pull request #5035 from pks-t/pks/diff-with-space-in-filenames patch_parse: fix parsing addition/deletion of file with space

thodg/libgit2/src

src

Log