Log

Author Commit Date CI Message
Edward Thomson 8858a684 2018-02-19T22:09:27 checkout test: ensure workdir perms are updated When the working directory has changed permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.
Edward Thomson d7fea1e1 2018-02-18T16:10:33 checkout: take mode into account when comparing index to baseline When checking out a file, we determine whether the baseline (what we expect to be in the working directory) actually matches the contents of the working directory. This is safe behavior to prevent us from overwriting changes in the working directory. We look at the index to optimize this test: if we know that the index matches the working directory, then we can simply look at the index data compared to the baseline. We have historically compared the baseline to the index entry by oid. However, we must also compare the mode of the two items to ensure that they are identical. Otherwise, we will refuse to update the working directory for a mode change.
Edward Thomson 952cf714 2018-02-19T10:51:29 Merge pull request #4537 from pks-t/pks/tests-filemode-uninitialized-memory tests: index::filemodes: fix use of uninitialized memory
Patrick Steinhardt cabe16df 2018-02-19T10:18:59 tests: index::filemodes: fix use of uninitialized memory The new index entry structure was not being initialized to all-zeroes. As that structure is used to add a new entry to the current index, and the hashing algorithm of the index making use of the uninitialized flags to calculate the state, we might miscompute the hash of the entry and add it at the wrong position. Later lookups would then fail. Initialize the structure with `memset` to fix the test breaking on some platforms.
Edward Thomson f1ad004c 2018-02-18T22:29:48 Merge pull request #4529 from libgit2/ethomson/index_add_requires_files git_index_add_frombuffer: only accept files/links
Edward Thomson 574671ba 2018-02-18T10:16:15 Merge pull request #4534 from pks-t/pks/build-warnings Fix build warnings
Edward Thomson 5f774dbf 2018-02-11T10:14:13 git_index_add_frombuffer: only accept files/links Ensure that the buffer given to `git_index_add_frombuffer` represents a regular blob, an executable blob, or a link. Explicitly reject commit entries (submodules) - it makes little sense to allow users to add a submodule from a string; there's no possible path to success.
Patrick Steinhardt 92324d84 2018-02-16T11:28:53 util: clean up header includes While "util.h" declares the macro `git__tolower`, which simply resorts to tolower(3P) on Unix-like systems, the <ctype.h> header is only being included in "util.c". Thus, anybody who has included "util.h" without having <ctype.h> included will fail to compile as soon as the macro is in use. Furthermore, we can clean up additional includes in "util.c" and simply replace them with an include for "common.h".
Patrick Steinhardt 06b8a40f 2018-02-16T11:29:46 Explicitly mark fallthrough cases with comments A lot of compilers nowadays generate warnings when there are cases in a switch statement which implicitly fall through to the next case. To avoid this warning, the last line in the case that is falling through can have a comment matching a regular expression, where one possible comment body would be `/* fall through */`. An alternative to the comment would be an explicit attribute like e.g. `[[clang::fallthrough]` or `__attribute__ ((fallthrough))`. But GCC only introduced support for such an attribute recently with GCC 7. Thus, and also because the fallthrough comment is supported by most compilers, we settle for using comments instead. One shortcoming of that method is that compilers are very strict about that. Most interestingly, that comment _really_ has to be the last line. In case a closing brace follows the comment, the heuristic will fail.
Patrick Steinhardt 7c6e9175 2018-02-16T11:11:11 index: shut up warning on uninitialized variable Even though the `entry` variable will always be initialized when `read_entry` returns success and even though we never dereference `entry` in case `read_entry` fails, GCC prints a warning about uninitialized use. Just initialize the pointer to `NULL` in order to shut GCC up.
Patrick Steinhardt 522f3e4b 2018-02-16T10:50:54 CMakeLists: increase strict aliasing level to 3 The strict aliasing rules disallow dereferencing the pointer to a variable of a certain type as another type, which is frequently used e.g. when casting structs to their base type. We currently have the warning level for strict aliasing rules set to `2`, which is described by gcc(1) as being "Aggressive, quick, not too precise." And in fact, we experience quite a lot of warnings when doing a release build due to that. GCC provides multiple levels, where higher levels are more accurate, but also slower due to the additional analysis required. Still, we want to have warning level 3 instead of 2 to avoid the current warnings we have in the Travis CI release builds. As this is the default warning level when no level is passed to `-Wstrict-aliasing`, we can just remove the level and use that default.
Patrick Steinhardt 84f03b3a 2018-02-16T10:48:55 streams: openssl: fix use of uninitialized variable When verifying the server certificate, we do try to make sure that the hostname actually matches the certificate alternative names. In cases where the host is either an IPv4 or IPv6 address, we have to compare the binary representations of the hostname with the declared IP address of the certificate. We only do that comparison in case we were successfully able to parse the hostname as an IP, which would always result in the memory region being initialized. Still, GCC 6.4.0 was complaining about usage of non-initialized memory. Fix the issue by simply asserting that `addr` needs to be initialized. This shuts up the GCC warning.
Patrick Steinhardt b8cb7536 2018-02-15T11:07:29 Merge pull request #4532 from pks-t/pks/release-doc-filename docs: fix typo in "release.md" filename
Patrick Steinhardt bb7c672a 2018-02-15T11:06:40 docs: fix typo in "release.md" filename
Patrick Steinhardt 9d8cbbb1 2018-02-15T11:04:52 Merge pull request #4485 from libgit2/cmn/release-docs docs: add release documentation
Patrick Steinhardt a4fb57bc 2018-02-15T10:52:45 Merge pull request #4501 from pks-t/pks/v0.27.0-release-notes CHANGELOG: update for v0.27.0
Edward Thomson 408b16c1 2018-02-10T08:00:36 Merge pull request #4508 from libgit2/ethomson/user_agent http: standardize user-agent addition
Edward Thomson ee6be190 2018-01-31T08:36:19 http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
Edward Thomson 05c24c44 2018-02-09T18:25:46 Merge pull request #4527 from pks-t/pks/resource-leaks Plug resource leaks
Patrick Steinhardt 178fda8a 2018-02-09T17:55:18 hash: win32: fix missing comma in `giterr_set`
Patrick Steinhardt 638c6b8c 2018-02-09T17:32:15 odb_loose: only close file descriptor if it was opened successfully
Patrick Steinhardt a43bcd2c 2018-02-09T17:31:50 odb: fix memory leaks due to not freeing hash context
Edward Thomson 028a2806 2018-02-09T13:56:23 Merge pull request #4509 from libgit2/ethomson/odb_alloc_error odb: error when we can't alloc an object
Edward Thomson 9985edb5 2018-02-01T06:32:55 hash: set error messages on failure
Edward Thomson 619f61a8 2018-02-01T06:22:36 odb: error when we can't create object header Return an error to the caller when we can't create an object header for some reason (printf failure) instead of simply asserting.
Edward Thomson 7ec7aa4a 2018-02-01T05:54:57 odb: assert on logic errors when writing objects There's no recovery possible if we're so confused or corrupted that we're trying to overwrite our memory. Simply assert.
Edward Thomson 138e4c2b 2018-02-01T06:35:31 git_odb__hashfd: propagate error on failures
Edward Thomson 35ed256b 2018-02-01T05:11:05 git_odb__hashobj: provide errors messages on failures Provide error messages on hash failures: assert when given invalid input instead of failing with a user error; provide error messages on program errors.
Edward Thomson 59d99adc 2018-01-31T09:34:52 odb: check for alloc errors on hardcoded objects It's unlikely that we'll fail to allocate a single byte, but let's check for allocation failures for good measure. Untangle `-1` being a marker of not having found the hardcoded odb object; use that to reflect actual errors.
Edward Thomson ef902864 2018-01-31T09:30:51 odb: error when we can't alloc an object At the moment, we're swallowing the allocation failure. We need to return the error to the caller.
Patrick Steinhardt e39d44d9 2018-02-09T10:12:41 CHANGELOG: update for v0.27.0, second batch
Patrick Steinhardt eadb0abb 2018-01-26T12:15:02 CHANGELOG: update for v0.27.0
Edward Thomson 0fd0bfe4 2018-02-08T22:51:46 Merge pull request #4450 from libgit2/ethomson/odb_loose_readstream Streaming read support for the loose ODB backend
Edward Thomson d749822c 2018-02-08T22:50:58 Merge pull request #4491 from libgit2/ethomson/recursive Recursive merge: reverse the order of merge bases
Edward Thomson 2a11eaf3 2018-02-08T22:48:30 Merge pull request #4521 from pks-t/pks/config-crlf-lines config: handle CRLF-only lines and BOM
Patrick Steinhardt ba4faf6e 2018-02-08T17:15:33 buf_text: remove `offset` parameter of BOM detection function The function to detect a BOM takes an offset where it shall look for a BOM. No caller uses that, and searching for the BOM in the middle of a buffer seems to be very unlikely, as a BOM should only ever exist at file start. Remove the parameter, as it has already caused confusion due to its weirdness.
Patrick Steinhardt 2eea5f1c 2018-02-08T10:27:31 config_parse: fix reading files with BOM The function `skip_bom` is being used to detect and skip BOM marks previously to parsing a configuration file. To do so, it simply uses `git_buf_text_detect_bom`. But since the refactoring to use the parser interface in commit 9e66590bd (config_parse: use common parser interface, 2017-07-21), the BOM detection was actually broken. The issue stems from a misunderstanding of `git_buf_text_detect_bom`. It was assumed that its third parameter limits the length of the character sequence that is to be analyzed, while in fact it was an offset at which we want to detect the BOM. Fix the parameter to be `0` instead of the buffer length, as we always want to check the beginning of the configuration file.
Patrick Steinhardt 848153f3 2018-02-08T10:02:29 config_parse: handle empty lines with CRLF Currently, the configuration parser will fail reading empty lines with just an CRLF-style line ending. Special-case the '\r' character in order to handle it the same as Unix-style line endings. Add tests to spot this regression in the future.
Patrick Steinhardt 5340ca77 2018-02-08T09:31:51 config_parse: add comment to clarify logic getting next character Upon each line, the configuration parser tries to get either the first non-whitespace character or the first whitespace character, in case there is no non-whitespace character. The logic handling this looks rather odd and doesn't immediately convey this meaning, so add a comment to clarify what happens.
Edward Thomson f7225946 2018-02-07T17:35:57 Merge pull request #4513 from libgit2/ethomson/cmake_fixes CMake: minor fixups
Edward Thomson f8a2dda8 2018-02-05T15:21:37 cmake: move ENABLE_WARNINGS to a module
Tyrie Vella 1403c612 2018-01-22T14:44:31 merge: virtual commit should be last argument to merge-base Our virtual commit must be the last argument to merge-base: since our algorithm pushes _both_ parents of the virtual commit, it needs to be the last argument, since merge-base: > Given three commits A, B and C, git merge-base A B C will compute the > merge base between A and a hypothetical commit M We want to calculate the merge base between the actual commit ("two") and the virtual commit ("one") - since one actually pushes its parents to the merge-base calculation, we need to calculate the merge base of "two" and the parents of one.
Edward Thomson b8823c2b 2018-01-22T23:56:22 Add failing test case for virtual commit merge base issue
Edward Thomson afcaf35e 2018-01-21T16:50:40 merge::trees::recursive: test for virtual base building Virtual base building: ensure that the virtual base is created and revwalked in the same way as git.
Edward Thomson b924df1e 2018-01-21T18:05:45 merge: reverse merge bases for recursive merge When the commits being merged have multiple merge bases, reverse the order when creating the virtual merge base. This is for compatibility with git's merge-recursive algorithm, and ensures that we build identical trees. Git does this to try to use older merge bases first. Per 8918b0c: > It seems to be the only sane way to do it: when a two-head merge is > done, and the merge-base and one of the two branches agree, the > merge assumes that the other branch has something new. > > If we start creating virtual commits from newer merge-bases, and go > back to older merge-bases, and then merge with newer commits again, > chances are that a patch is lost, _because_ the merge-base and the > head agree on it. Unlikely, yes, but it happened to me.
Edward Thomson ed51feb7 2018-01-21T18:01:20 oidarray: introduce git_oidarray__reverse Provide a simple function to reverse an oidarray.
Edward Thomson 7bd89502 2018-01-21T16:41:49 Introduce additional criss-cross merge branches
Edward Thomson 26f5d36d 2018-02-04T10:27:39 Merge pull request #4489 from libgit2/ethomson/conflicts_crlf Conflict markers should match EOL style in conflicting files
Edward Thomson fc6e38c2 2018-02-02T18:03:38 cmake: Move IDE source munging to a module Move the odd code that provides a hierarchical display for projects within the IDEs to its own module.
Edward Thomson ed298c8e 2018-02-02T18:01:51 cmake: move nanosecond detection to a module Move the nanosecond detection in time structures to its own module.
Edward Thomson 6416b91f 2018-02-02T17:58:44 cmake: enable policy CMP0042 Enable CMake policy CMP0042, if supported: > CMake 2.8.12 and newer has support for using ``@rpath`` in a target's > install name. This was enabled by setting the target property > ``MACOSX_RPATH``. The ``@rpath`` in an install name is a more > flexible and powerful mechanism than ``@executable_path`` or > ``@loader_path`` for locating shared libraries.
Edward Thomson 94aa36ef 2018-02-02T17:56:15 cmake: test for CMP0051 instead of version check We can use policy checks to see if a policy exists in cmake, like CMP0051, instead of relying on the version.
Edward Thomson 8abd514c 2018-02-02T17:37:12 Merge pull request #4499 from pks-t/pks/setuid-config sysdir: do not use environment in setuid case
Edward Thomson 2553cbe3 2018-02-02T11:33:46 Merge pull request #4512 from libgit2/ethomson/header_guards Consistent header guards
Edward Thomson 53454b68 2018-02-02T11:31:15 Merge pull request #4510 from pks-t/pks/attr-file-bare-stat attr: avoid stat'ting files for bare repositories
Patrick Steinhardt 0967459e 2018-01-25T13:11:34 sysdir: do not use environment in setuid case In order to derive the location of some Git directories, we currently use the environment variables $HOME and $XDG_CONFIG_HOME. This might prove to be problematic whenever the binary is run with setuid, that is when the effective user does not equal the real user. In case the environment variables do not get sanitized by the caller, we thus might end up using the real user's configuration when doing stuff as the effective user. The fix is to use the passwd entry's directory instead of $HOME in this situation. As this might break scenarios where the user explicitly sets $HOME to another path, this fix is only applied in case the effective user does not equal the real user.
Edward Thomson 09df354e 2018-02-01T16:52:43 odb_loose: HEADER_LEN -> MAX_HEADER_LEN `MAX_HEADER_LEN` is a more descriptive constant name.
Edward Thomson 6155e06b 2017-12-17T18:44:02 zstream: introduce a single chunk reader Introduce `get_output_chunk` that will inflate/deflate all the available input buffer into the output buffer. `get_output` will call `get_output_chunk` in a loop, while other consumers can use it to inflate only a piece of the data.
Edward Thomson b1e66bfc 2017-12-17T16:31:35 odb: test loose object streaming
Edward Thomson 909a1992 2017-12-31T09:56:30 odb_loose: largefile tests only on 64 bit platforms Only run the large file tests on 64 bit platforms. Even though we support streaming reads on objects, and do not need to fit them in memory, we use `size_t` in various places to reflect the size of an object.
Edward Thomson 624614b2 2017-12-19T00:43:49 odb_loose: validate length when checking for zlib content When checking to see if a file has zlib deflate content, make sure that we actually have read at least two bytes before examining the array.
Edward Thomson 27078e58 2017-12-18T23:11:42 odb_loose: test read_header on large blobs Test that we can read_header on large blobs. This should succeed on all platforms since we read only a few bytes into memory to be able to parse the header.
Edward Thomson e118231b 2017-12-18T23:11:24 odb_loose: test read_header explicitly
Edward Thomson 1118ba3e 2017-12-18T23:08:40 odb_loose: `read_header` for packlike loose objects Support `read_header` for "packlike loose objects", which were a temporarily and uncommonly used format loose object format that encodes the header before the zlib deflate data. This will never actually be seen in the wild, but add support for it for completeness and (more importantly) because our corpus of test data has objects in this format, so it's easier to support it than to try to special case it.
Edward Thomson 4c7a16b7 2017-12-18T15:56:21 odb_loose: read_header should use zstream Make `read_header` use the common zstream implementation. Remove the now unnecessary zlib wrapper in odb_loose.
Edward Thomson 80dc3946 2017-12-17T16:26:48 odb_loose: packlike loose objects use `git_zstream` Refactor packlike loose object reads to use `git_zstream` for simplification.
Edward Thomson 7cb5bae7 2017-12-17T11:55:18 odb: loose object streaming for packlike loose objects A "packlike" loose object was a briefly lived loose object format where the type and size were encoded in uncompressed space at the beginning of the file, followed by the compressed object contents. Handle these in a streaming manner as well.
Edward Thomson dbe3d3e9 2017-12-17T02:12:19 odb_loose: test reading a large file in stream Since some test situations may have generous disk space, but limited RAM (eg hosted build agents), test that we can stream a large file into a loose object, and then stream it out of the loose object storage.
Edward Thomson b61846f2 2017-12-17T02:14:29 odb: introduce streaming loose object reader Provide a streaming loose object reader.
Edward Thomson 97f9a5f0 2017-12-17T01:12:49 odb: provide length and type with streaming read The streaming read functionality should provide the length and the type of the object, like the normal read functionality does.
Edward Thomson c74e9271 2017-12-16T22:10:11 odb_loose: stream -> writestream There are two streaming functions; one for reading, one for writing. Disambiguate function names between `stream` and `writestream` to make allowances for a read stream.
Edward Thomson abb04caa 2018-02-01T15:55:48 consistent header guards use consistent names for the #include / #define header guard pattern.
Patrick Steinhardt e28e17e6 2018-02-01T10:36:33 attr: avoid stat'ting files for bare repositories Depending on whether the path we want to look up an attribute for is a file or a directory, the fnmatch function will be called with different flags. Because of this, we have to first stat(3) the path to determine whether it is a file or directory in `git_attr_path__init`. This is wasteful though in bare repositories, where we can already be assured that the path will never exist at all due to there being no worktree. In this case, we will execute an unnecessary syscall, which might be noticeable on networked file systems. What happens right now is that we always pass the `GIT_DIR_FLAG_UNKOWN` flag to `git_attr_path__init`, which causes it to `stat` the file itself to determine its type. As it is calling `git_path_isdir` on the path, which will always return `false` in case the path does not exist, we end up with the path always being treated as a file in case of a bare repository. As such, we can just check the bare-repository case in all callers and then pass in `GIT_DIR_FLAG_FALSE` ourselves, avoiding the need to `stat`. While this may not always be correct, it at least is no different from our current behavior.
Patrick Steinhardt f55accce 2018-02-01T09:42:33 Merge pull request #4040 from tiennou/examples/merge Merge example
Edward Thomson 341608dc 2018-01-31T14:48:42 Merge pull request #4507 from tomas/patch-1 Honor 'GIT_USE_NSEC' option in `filesystem_iterator_set_current`
Edward Thomson 9d8510b3 2018-01-31T09:28:43 Merge pull request #4488 from libgit2/ethomson/conflict_marker_size Use longer conflict markers in recursive merge base
Tomás Pollak 054e4c08 2018-01-31T14:28:25 Set ctime/mtime nanosecs to 0 if USE_NSEC is not defined
Edward Thomson cdab165d 2018-01-31T09:27:39 Merge pull request #4490 from libgit2/ethomson/apfs_precompose_fixes status::renames: test update for APFS (write NFD instead of NFC filename)
Tomás Pollak 752006dd 2018-01-30T23:21:19 Honor 'GIT_USE_NSEC' option in `filesystem_iterator_set_current` This should have been part of PR #3638. Without this we still get nsec-related errors, even when using -DGIT_USE_NSEC: error: ‘struct stat’ has no member named ‘st_mtime_nsec’
Edward Thomson 895fd51a 2018-01-29T22:37:12 Merge pull request #4474 from pks-t/pks/null-oid Special-casing null OIDs
Edward Thomson c935b926 2018-01-29T22:35:50 Merge pull request #4502 from pks-t/pks/security-reporting README.md: add notes on how to report security issues
Patrick Steinhardt 699a48f8 2018-01-29T07:41:54 README.md: add notes on how to report security issues
Carlos Martín Nieto adc90b47 2018-01-27T21:00:53 docs: udpates to wording in release documentation
Patrick Steinhardt 275f103d 2018-01-12T08:59:40 odb: reject reading and writing null OIDs The null OID (hash with all zeroes) indicates a missing object in upstream git and is thus not a valid object ID. Add defensive measurements to avoid writing such a hash to the object database in the very unlikely case where some data results in the null OID. Furthermore, add shortcuts when reading the null OID from the ODB to avoid ever returning an object when a faulty repository may contain the null OID.
Patrick Steinhardt c0487bde 2018-01-12T08:23:43 tree: reject writing null-OID entries to a tree In commit a96d3cc3f (cache-tree: reject entries with null sha1, 2017-04-21), the git.git project has changed its stance on null OIDs in tree objects. Previously, null OIDs were accepted in tree entries to help tools repair broken history. This resulted in some problems though in that many code paths mistakenly passed null OIDs to be added to a tree, which was not properly detected. Align our own code base according to the upstream change and reject writing tree entries early when the OID is all-zero.
Etienne Samson 33f44db9 2018-01-25T22:17:39 examples: zero out our options memory before use
Etienne Samson fb79d7d1 2018-01-17T02:34:32 examples: our/their can be NULL
Etienne Samson cc845595 2018-01-17T02:25:36 examples: fix remaining review comments
Etienne Samson 5ce4f19b 2018-01-17T02:25:36 examples: move support code into static functions
Etienne Samson 503b30d5 2018-01-17T02:25:36 examples: hoist the merge analysis back into main
Etienne Samson 60c6547c 2018-01-17T02:25:36 examples: minor review fixups
Etienne Samson 59ea2c58 2018-01-17T02:25:36 examples: add merge
Etienne Samson bb9353cf 2018-01-17T02:25:36 examples: Dead code & warnings
Etienne Samson 3fa5e577 2018-01-17T02:25:36 examples: Move xrealloc to common example code
Etienne Samson b6720018 2018-01-17T02:25:36 examples: Switch to the nifty argv helpers from common
Patrick Steinhardt 71c43065 2018-01-25T11:10:42 Merge pull request #4497 from medranocalvo/export-mempack odb: export mempack backend
Adrián Medraño Calvo d23ce187 2018-01-22T11:55:28 odb: export mempack backend Fixes #4492, #4496.
Edward Thomson 9af7fbc3 2018-01-21T14:00:50 status::renames: write NFD instead of NFC filename Update the status::renames test to create an NFD format filename in the core.precomposedunicode tests. Previously, we would create an NFC format filename. This was to take advantage of HFS+ filesystems, which always use canonically decomposed formats, and would actually write the filename to disk as an NFD filename. So previously, we could create an NFC filename, but read it normally as an NFD filename. But APFS formats do not force canonically decomposed formats for filenames, so creating an NFC filename does not get converted to NFD. Instead, the filename will be written in NFC format. Our test, therefore, does not work - when we write an NFC filename, it will _remain_ NFC. Update the test to write NFD always. This will ensure that the file will actually be canonically decomposed on all platforms: HFS+, which forces NFD, and APFS, which does not. Thus, our test will continue to ensure that an NFD filename is canonically precomposed on all filesystems.
Edward Thomson 2a8841ae 2018-01-21T12:28:13 merge: test CR/LF conflicts for CR/LF files Ensure that when the files being merged have CR/LF line endings that the conflict markers produced in the conflict file also have CR/LF line endings.
Edward Thomson 7f52bc5a 2018-01-20T18:19:26 xdiff: upgrade to git's included xdiff Upgrade xdiff to git's most recent version, which includes changes to CR/LF handling. Now CR/LF included in the input files will be detected and conflict markers will be emitted with CR/LF when appropriate.