kmx git

Commit	Date	Message
92159bd4	2018-05-30T12:18:04	path: unify `git_path_is_*` APIs Right now, there's quite a lot of different function calls to determine whether a path component matches a specific name after normalization from the filesystem. We have a function for each of {gitattributes, gitmodules, gitignore} multiplicated with {generic, NTFS, HFS} checks. In the long time, this is unmaintainable in case there are e.g. new filesystems with specific semantics, blowing up the number of functions we need to implement. Replace all functions with a simple `git_path_is_gitfile` function, which accepts an enum pointing out the filename that is to be checked against as well as the filesystem normalizations to check for. This greatly simplifies implementation at the expense of the caller having to invoke a somewhat longer function call.
7f6c1ce9	2018-05-29T21:04:39	Merge pull request #4660 from libgit2/cmn/submodule-traversal Fixes for CVE 2018-11235
57e343d7	2018-05-24T21:58:40	path: hand-code the zero-width joiner as UTF-8
9e723db8	2018-05-24T20:28:36	submodule: plug leaks from the escape detection
a7168b47	2018-05-22T16:13:47	path: reject .gitmodules as a symlink Any part of the library which asks the question can pass in the mode to have it checked against `.gitmodules` being a symlink. This is particularly relevant for adding entries to the index from the worktree and for checking out files.
3fbfae26	2018-05-22T20:37:23	checkout: change symlinked .gitmodules file test to expect failure When dealing with `core.proectNTFS` and `core.protectHFS` we do check against `.gitmodules` but we still have a failing test as the non-filesystem codepath does not check for it.
02c80ad7	2018-05-22T15:21:08	path: accept the name length as a parameter We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.
a145f2b6	2018-05-22T14:16:45	checkout: add a failing test for refusing a symlinked .gitmodules We want to reject these as they cause compatibility issues and can lead to git writing to files outside of the repository.
177dcfc7	2018-05-18T15:16:53	path: hide the dotgit file functions These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.
9de97ae7	2018-05-16T15:42:08	path: add a function to detect an .gitmodules file Given a path component it knows what to pass to the filesystem-specific functions so we're protected even from trees which try to use the 8.3 naming rules to get around us matching on the filename exactly. The logic and test strings come from the equivalent git change.
397abe98	2018-05-14T16:03:15	submodule: also validate Windows-separated paths for validity Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to protect Windows users. Ideally we would check for both separators without the need for the copied string, but this'll get us over the RCE.
6b15ceac	2018-04-30T13:47:15	submodule: ignore submodules which include path traversal in their name If the we decide that the "name" of the submodule (i.e. its path inside `.git/modules/`) is trying to escape that directory or otherwise trick us, we ignore the configuration for that submodule. This leaves us with a half-configured submodule when looking it up by path, but it's the same result as if the configuration really were missing. The name check is potentially more strict than it needs to be, but it lets us re-use the check we're doing for the checkout. The function that encapsulates this logic is ready to be exported but we don't want to do that in a security release so it remains internal for now.
f9cf9a04	2018-05-09T14:51:57	Merge pull request #4642 from pks-t/pks/cmake-resolve-pkgconfig cmake: resolve libraries found by pkg-config
6c2939d6	2018-05-09T13:57:17	Merge pull request #4646 from pks-t/pks/gcc-8.1-warnings Fix GCC 8.1 warnings
8ab470f5	2018-04-27T15:31:43	cmake: remove now-useless LIBGIT2_LIBDIRS handling With the recent change of always resolving pkg-config libraries to their full path, we do not have to manage the LIBGIT2_LIBDIRS variable anymore. The only other remaining user of LIBGIT2_LIBDIRS is winhttp, which is a CMake-style library target and can thus be resolved by CMake automatically. Remove the variable to simplify our build system a bit.
a82082d0	2018-04-20T08:38:50	worktree: a worktree can be made from a bare repository
bb468ada	2018-05-07T13:44:15	Merge pull request #4542 from stanhu/sh-sanitize-utf8-hunk-header Sanitize the hunk header to ensure it contains UTF-8 valid data
9d83a2b0	2018-02-22T22:55:50	Sanitize the hunk header to ensure it contains UTF-8 valid data The diff driver truncates the hunk header text to 80 bytes, which can truncate 4-byte Unicode characters and introduce garbage characters in the diff output. This change sanitizes the hunk header before it is displayed. This mirrors the test in git: https://github.com/git/git/blob/master/t/t4025-hunk-header.sh Closes https://github.com/libgit2/rugged/issues/716
1bf57b5a	2018-05-04T15:27:11	tests: iterator::workdir: fix GCC warning Since GCC 8.1, the compiler performs some bounds checking when copying static data into arrays with a known size. In one test, we print a format string of "%s/sub%02d" into a buffer of 64 bytes. The input buffer for the first "%s" is bounded to at most 63 characters, plus four bytes for the static string "/sub" plus two more bytes for "%02d". Thus, our target buffer needs to be at least 70 bytes in size, including the NUL byte. There seems to be a bug in the analysis, though, because GCC will not account for the limiting "%02" prefix, treating it as requiring the same count of bytes as a "%d". Thus, we end up at 79 bytes that are required to fix the warning. To make it look nicer and less special, we just round the buffer size up to 80 bytes.
0750d0cc	2018-05-04T15:25:22	tests: refs::normalize: simplify code to avoid GCC warning Since version 8.1, GCC will do some automatic bounds checking when printing static content into a buffer with known size. The bounds checking doesn't yet work quite right in all scenarios and may thus lead to false positives. Fix one of these false positives in refs::normalize by simplifying the code.
7553763a	2018-04-30T13:03:44	submodule: add a failing test for a submodule escaping .git/modules We should pretend such submdules do not exist as it can lead to RCE.
b33b6d33	2018-04-30T09:27:47	Merge pull request #4640 from mkeeler/worktree-convenience2 worktree: add functions to get name and path
5ace1494	2018-04-26T11:45:38	Merge pull request #4633 from csware/worktree-delereref Fix deletion of unrelated branch on worktree
3da1ad20	2018-04-24T17:09:34	worktree: add functions to get name and path
45a3b9cd	2018-04-24T17:12:49	tests: fix issue with /tmp paths on macOS[1]
86353a72	2018-04-22T14:57:02	Merge pull request #4173 from tiennou/mbedtls mbedTLS support
5d346c11	2018-04-22T14:51:00	Merge pull request #4525 from pks-t/pks/config-iterate-in-order Configuration entry iteration in order
0ad2372b	2018-04-20T21:25:01	Merge pull request #4636 from tiennou/fix/leaks Fix leaks in master
8d138f89	2018-04-20T20:28:48	Merge pull request #4577 from csware/reflog-worktree-head worktree: Read worktree specific reflog for HEAD
25100d6d	2018-04-19T19:17:07	tests: free the worktree in add_with_explicit_branch Valgrind log: ==2711== 305 (48 direct, 257 indirect) bytes in 1 blocks are definitely lost in loss record 576 of 624 ==2711== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2711== by 0x5E079E: git__calloc (util.h:99) ==2711== by 0x5E0D21: open_worktree_dir (worktree.c:134) ==2711== by 0x5E0F23: git_worktree_lookup (worktree.c:176) ==2711== by 0x5E1972: git_worktree_add (worktree.c:388) ==2711== by 0x551F23: test_worktree_worktree__add_with_explicit_branch (worktree.c:292) ==2711== by 0x45853E: clar_run_test (clar.c:222) ==2711== by 0x4587E1: clar_run_suite (clar.c:286) ==2711== by 0x458B04: clar_parse_args (clar.c:362) ==2711== by 0x458CAB: clar_test_run (clar.c:428) ==2711== by 0x45665C: main (main.c:24)
fd7b5bc3	2018-04-20T12:54:41	Fix deletion of unrelated branch on worktree Signed-off-by: Sven Strickroth <email@cs-ware.de>
fac7eac4	2018-04-19T15:21:52	fixed stack smashing due to wrong size of struct stat on the stack on 32-bit systems with 64-bit file descriptor offsets enabled (added -D_FILE_OFFSET_BITS=64 when compiling the test suite)
8529ac9b	2018-04-17T23:38:46	Merge pull request #4524 from pks-t/pks/worktree-refs worktree: add ability to create worktree with pre-existing branch
1fd26760	2018-04-17T23:33:06	Merge pull request #4618 from tiennou/fix/pwned-references refs: preserve the owning refdb when duping reference
2ad24a4e	2018-04-17T20:05:35	tests: add information about the crlf data generator The CRLF data generator is somewhat obscure; add information about how to use it and what it does.
ad5a696e	2017-01-28T17:11:55	tests: crlf: update POSIX test data to reflect Git 2.9+ behavior Update with vanilla Git 2.11.0 on Debian Signed-off-by: Sven Strickroth <email@cs-ware.de>
f65eea44	2017-01-28T17:08:59	tests: crlf: update Windows test data to reflect Git 2.9+ behavior Update with "git version 2.11.0.windows.3" Signed-off-by: Sven Strickroth <email@cs-ware.de>
286a6765	2018-04-17T14:32:56	Merge pull request #4522 from csware/submodules-should-report-parse-errors Submodules-API should report .gitmodules parse errors instead of ignoring them
fd634019	2018-04-16T15:42:35	Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env online::clone: validate user:pass in HTTP_PROXY
1926163a	2018-04-16T15:33:43	Merge pull request #4622 from pks-t/pks/revwalk-hide-newer-parents revwalk: fix uninteresting revs sometimes not limiting graphwalk
69870a67	2018-04-16T15:19:37	Merge pull request #4614 from pks-t/pks/gitignore-trailing-spaces attr_file: fix handling of directory patterns with trailing spaces
54fd80e3	2018-04-12T13:32:27	revwalk: fix uninteresting revs sometimes not limiting graphwalk When we want to limit our graphwalk, we use the heuristic of checking whether the newest limiting (uninteresting) revision is newer than the oldest interesting revision. We do so by inspecting whether the first item's commit time of the user-supplied list of revisions is newer than the last added interesting revision. This is wrong though, as the user supplied list is in no way guaranteed to be sorted by increasing commit dates. This could lead us to abort the revwalk early before applying all relevant limiting revisions, outputting revisions which should in fact have been hidden. Fix the heuristic by instead checking whether _any_ of the limiting commits was made earlier than the last interesting commit. Add a test.
251d8771	2018-04-06T12:24:10	attr_file: fix handling of directory patterns with trailing spaces When comparing whether a path matches a directory rule, we pass the both the path and directory name to `fnmatch` with `GIT_ATTR_FNMATCH_DIRECTORY` being set. `fnmatch` expects the pattern to contain no trailing directory '/', which is why we try to always strip patterns of trailing slashes. We do not handle that case correctly though when the pattern itself has trailing spaces, causing the match to fail. Fix the issue by stripping trailing spaces and tabs for a rule previous to checking whether the pattern is a directory pattern with a trailing '/'. This replaces the whitespace-stripping in our ignore file parsing code, which was stripping whitespaces too late. Add a test to catch future breakage.
e3d764a4	2018-03-29T22:14:12	tests: clarify comment
2dc54855	2018-04-10T23:49:44	tests: ensure worktrees' head have owners too
5e19a7f9	2018-04-10T21:16:43	refs: preserve the owning refdb when duping reference This fixes a segfault in git_reference_owner on references returned from git_reference__read_head and git_reference_dup ones.
6c55fbf3	2018-04-06T10:39:16	transports: local: fix assert when fetching into repo with symrefs When fetching into a repository which has symbolic references via the "local" transport we run into an assert. The assert is being triggered while we negotiate the packfile between the two repositories. When hiding known revisions from the packbuilder revwalk, we unconditionally hide all references of the local refdb. In case one of these references is a symbolic reference, though, this means we're trying to hide a `NULL` OID, which triggers the assert. Fix the issue by only hiding OID references from the revwalk. Add a test to catch this issue in the future.
cd6a4323	2018-04-04T21:29:03	typo: Fixed a trivial typo in test function.
bc5ced66	2018-04-04T21:28:31	diff: Add missing GIT_DELTA_TYPECHANGE -> 'T' mapping. This adds the 'T' status character to git_diff_status_char() for diff entries that change type.
69a282da	2018-03-28T06:48:55	submodule: add more robust error handling when a submodule path is found on add
eb0a3afd	2018-03-11T15:35:56	worktree: Read worktree specific reflog for HEAD Signed-off-by: Sven Strickroth <email@cs-ware.de>
e55b5373	2018-02-08T12:36:47	Submodule API should report .gitmodules parse errors Signed-off-by: Sven Strickroth <email@cs-ware.de>
677d393c	2017-12-18T10:28:37	tests: submodule: insert index entries directly into index
ef9a7749	2017-11-19T20:59:59	submodule: update index check to check path before directory and fix tests
9371149f	2017-10-20T14:24:01	submodule: fix styling errors
3e500fc8	2017-10-16T19:55:45	test: submodule: add: join path without slashes
0a74f391	2017-10-16T16:16:03	test: submodule: add: use p_mkdir to create directories
ad1c4350	2017-10-16T15:30:47	submodule: check index for prefix before adding submodule submodule: check path and prefix before adding submodule submodule: fix test errors
6a15f657	2018-02-09T13:02:26	config_file: iterate over keys in the order they were added Currently, all configuration entries were only held in a string map, making iteration order mostly based on the hash of each entry's key. Now that we have extended the `diskfile_entries` structure by a list of config entries, we can effectively iterate through entries in the order they were added, though.
a52b4c51	2018-03-23T09:59:46	odb: fix writing to fake write streams In commit 7ec7aa4a7 (odb: assert on logic errors when writing objects, 2018-02-01), the check for whether we are trying to overflowing the fake stream buffer was changed from returning an error to raising an assert. The conversion forgot though that the logic around `assert`s are basically inverted. Previously, if the statement stream->written + len > steram->size evaluated to true, we would return a `-1`. Now we are asserting that this statement is true, and in case it is not we will raise an error. So the conversion to the `assert` in fact changed the behaviour to the complete opposite intention. Fix the assert by inverting its condition again and add a regression test.
904307af	2018-03-23T09:58:57	tests: add tests for the mempack ODB backend Our mempack ODB backend has no test coverage at all right now. Add a simple test suite to at least have some coverage of the most basic operations on the ODB.
54bf4d14	2018-03-20T07:47:27	online tests: update auth for bitbucket test Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.
9108959a	2018-03-14T15:03:35	buf: add tests for percent decoding
30333e82	2018-02-28T13:00:04	Update tests
03c58778	2018-03-19T09:20:35	online::clone: skip creds fallback test At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.
e380eae0	2018-02-28T16:10:53	online::clone: validate user:pass in HTTP_PROXY Validate using the http://user:pass@host/ format in HTTP_PROXY and HTTPS_PROXY environment variables.
a554d588	2018-02-28T12:21:08	tree: initialize the id we use for testing submodule insertions Instead of laving it uninitialized and relying on luck for it to be non-zero, let's give it a dummy hash so we make valgrind happy (in this case the hash comes from `sha1sum </dev/null`.
275693e2	2018-02-20T12:45:40	checkout test: ensure workdir mode is simplified Ensure that when examining the working directory for checkout that the mode is correctly simplified. Git only pays attention to whether a file is executable or not. When examining a working directory, we should coalesce modes in the working directory to either `0755` (indicating that a file is executable) or `0644` (indicating that it is not). Test this by giving the file an exotic mode, and ensuring that when checkout out a branch that changes the file's contents, that we do not have a checkout conflict.
ec96db57	2018-02-20T00:32:38	checkout test: add core.filemode checkout tests Add two tests for filemode. The first ensures that `core.filemode=true` is honored: if we have changed the filemode such that a file that _was_ executable (mode 0755) is now executable (mode 0644) and we go to check out a branch that has otherwise changed the contents of the file, then we should raise a checkout conflict for that file. The second ensures that `core.filemode=false` is honored: in the same situation, we set a file that was executable to be non-executable, and check out the branch that changes the contents of the file. However, since `core.filemode` is false, we do not detect the filemode change. We run these tests on both operating systems that obey `core.filemode` (eg, POSIX) and those that have no conception of filemode (eg, Win32). This ensures that `core.filemode` is always honored, as it is a cache of the underlying filesystem's settings. This ensures that we do not make assumptions based on the operating system, and honor the configuration setting even if it were misconfigured.
18d9c847	2018-02-20T00:32:38	testrepo: add new branch Add a new branch to the `testrepo` repository, where the `README` file has changed to executable. This branch enables typechange tests between the new `executable` branch and `master`.
894ccf4b	2018-02-20T16:14:54	Merge pull request #4535 from libgit2/ethomson/checkout_typechange_with_index_and_wd checkout: when examining index (instead of workdir), also examine mode
4e4771dc	2018-02-19T22:10:44	checkout test: further ensure workdir perms are updated When both the index _and_ the working directory has changed permissions on a file permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.
8858a684	2018-02-19T22:09:27	checkout test: ensure workdir perms are updated When the working directory has changed permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.
ce7080a0	2018-02-20T10:38:27	diff_tform: fix rename detection with rewrite/delete pair A rewritten file can either be classified as a modification of its contents or of a delete of the complete file followed by an addition of the new content. This distinction becomes important when we want to detect renames for rewrites. Given a scenario where a file "a" has been deleted and another file "b" has been renamed to "a", this should be detected as a deletion of "a" followed by a rename of "a" -> "b". Thus, splitting of the original rewrite into a delete/add pair is important here. This splitting is represented by a flag we can set at the current delta. While the flag is already being set in case we want to break rewrites, we do not do so in case where the `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` flag is set. This can trigger an assert when we try to match the source and target deltas. Fix the issue by setting the `GIT_DIFF_FLAG__TO_SPLIT` flag at the delta when it is a rename target and `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` is set.
80e77b87	2018-02-20T10:03:48	tests: add rename-rewrite scenarios to "renames" repository Add two more scenarios to the "renames" repository. The first scenario has a major rewrite of a file and a delete of another file, the second scenario has a deletion of a file and rename of another file to the deleted file. Both scenarios will be used in the following commit.
d91da1da	2018-02-20T09:54:58	tests: diff::rename: use defines for commit OIDs While we frequently reuse commit OIDs throughout the file, we do not have any constants to refer to these commits. Make this a bit easier to read by giving the commit OIDs somewhat descriptive names of what kind of commit they refer to.
cabe16df	2018-02-19T10:18:59	tests: index::filemodes: fix use of uninitialized memory The new index entry structure was not being initialized to all-zeroes. As that structure is used to add a new entry to the current index, and the hashing algorithm of the index making use of the uninitialized flags to calculate the state, we might miscompute the hash of the entry and add it at the wrong position. Later lookups would then fail. Initialize the structure with `memset` to fix the test breaking on some platforms.
5f774dbf	2018-02-11T10:14:13	git_index_add_frombuffer: only accept files/links Ensure that the buffer given to `git_index_add_frombuffer` represents a regular blob, an executable blob, or a link. Explicitly reject commit entries (submodules) - it makes little sense to allow users to add a submodule from a string; there's no possible path to success.
619f61a8	2018-02-01T06:22:36	odb: error when we can't create object header Return an error to the caller when we can't create an object header for some reason (printf failure) instead of simply asserting.
a22f19e6	2018-02-09T10:38:11	worktree: add ability to create worktree with pre-existing branch Currently, we always create a new branch after the new worktree's name when creating a worktree. In some workflows, though, the caller may want to check out an already existing reference instead of creating a new one, which is impossible to do right now. Add a new option `ref` to the options structure for adding worktrees. In case it is set, a branch and not already checked out by another worktree, we will re-use this reference instead of creating a new one.
0fd0bfe4	2018-02-08T22:51:46	Merge pull request #4450 from libgit2/ethomson/odb_loose_readstream Streaming read support for the loose ODB backend
d749822c	2018-02-08T22:50:58	Merge pull request #4491 from libgit2/ethomson/recursive Recursive merge: reverse the order of merge bases
2eea5f1c	2018-02-08T10:27:31	config_parse: fix reading files with BOM The function `skip_bom` is being used to detect and skip BOM marks previously to parsing a configuration file. To do so, it simply uses `git_buf_text_detect_bom`. But since the refactoring to use the parser interface in commit 9e66590bd (config_parse: use common parser interface, 2017-07-21), the BOM detection was actually broken. The issue stems from a misunderstanding of `git_buf_text_detect_bom`. It was assumed that its third parameter limits the length of the character sequence that is to be analyzed, while in fact it was an offset at which we want to detect the BOM. Fix the parameter to be `0` instead of the buffer length, as we always want to check the beginning of the configuration file.
848153f3	2018-02-08T10:02:29	config_parse: handle empty lines with CRLF Currently, the configuration parser will fail reading empty lines with just an CRLF-style line ending. Special-case the '\r' character in order to handle it the same as Unix-style line endings. Add tests to spot this regression in the future.
b8823c2b	2018-01-22T23:56:22	Add failing test case for virtual commit merge base issue
afcaf35e	2018-01-21T16:50:40	merge::trees::recursive: test for virtual base building Virtual base building: ensure that the virtual base is created and revwalked in the same way as git.
b924df1e	2018-01-21T18:05:45	merge: reverse merge bases for recursive merge When the commits being merged have multiple merge bases, reverse the order when creating the virtual merge base. This is for compatibility with git's merge-recursive algorithm, and ensures that we build identical trees. Git does this to try to use older merge bases first. Per 8918b0c: > It seems to be the only sane way to do it: when a two-head merge is > done, and the merge-base and one of the two branches agree, the > merge assumes that the other branch has something new. > > If we start creating virtual commits from newer merge-bases, and go > back to older merge-bases, and then merge with newer commits again, > chances are that a patch is lost, _because_ the merge-base and the > head agree on it. Unlikely, yes, but it happened to me.
7bd89502	2018-01-21T16:41:49	Introduce additional criss-cross merge branches
26f5d36d	2018-02-04T10:27:39	Merge pull request #4489 from libgit2/ethomson/conflicts_crlf Conflict markers should match EOL style in conflicting files
909a1992	2017-12-31T09:56:30	odb_loose: largefile tests only on 64 bit platforms Only run the large file tests on 64 bit platforms. Even though we support streaming reads on objects, and do not need to fit them in memory, we use `size_t` in various places to reflect the size of an object.
27078e58	2017-12-18T23:11:42	odb_loose: test read_header on large blobs Test that we can read_header on large blobs. This should succeed on all platforms since we read only a few bytes into memory to be able to parse the header.
e118231b	2017-12-18T23:11:24	odb_loose: test read_header explicitly
b1e66bfc	2017-12-17T16:31:35	odb: test loose object streaming
dbe3d3e9	2017-12-17T02:12:19	odb_loose: test reading a large file in stream Since some test situations may have generous disk space, but limited RAM (eg hosted build agents), test that we can stream a large file into a loose object, and then stream it out of the loose object storage.
9d8510b3	2018-01-31T09:28:43	Merge pull request #4488 from libgit2/ethomson/conflict_marker_size Use longer conflict markers in recursive merge base
cdab165d	2018-01-31T09:27:39	Merge pull request #4490 from libgit2/ethomson/apfs_precompose_fixes status::renames: test update for APFS (write NFD instead of NFC filename)
275f103d	2018-01-12T08:59:40	odb: reject reading and writing null OIDs The null OID (hash with all zeroes) indicates a missing object in upstream git and is thus not a valid object ID. Add defensive measurements to avoid writing such a hash to the object database in the very unlikely case where some data results in the null OID. Furthermore, add shortcuts when reading the null OID from the ODB to avoid ever returning an object when a faulty repository may contain the null OID.
c0487bde	2018-01-12T08:23:43	tree: reject writing null-OID entries to a tree In commit a96d3cc3f (cache-tree: reject entries with null sha1, 2017-04-21), the git.git project has changed its stance on null OIDs in tree objects. Previously, null OIDs were accepted in tree entries to help tools repair broken history. This resulted in some problems though in that many code paths mistakenly passed null OIDs to be added to a tree, which was not properly detected. Align our own code base according to the upstream change and reject writing tree entries early when the OID is all-zero.
9af7fbc3	2018-01-21T14:00:50	status::renames: write NFD instead of NFC filename Update the status::renames test to create an NFD format filename in the core.precomposedunicode tests. Previously, we would create an NFC format filename. This was to take advantage of HFS+ filesystems, which always use canonically decomposed formats, and would actually write the filename to disk as an NFD filename. So previously, we could create an NFC filename, but read it normally as an NFD filename. But APFS formats do not force canonically decomposed formats for filenames, so creating an NFC filename does not get converted to NFD. Instead, the filename will be written in NFC format. Our test, therefore, does not work - when we write an NFC filename, it will _remain_ NFC. Update the test to write NFD always. This will ensure that the file will actually be canonically decomposed on all platforms: HFS+, which forces NFD, and APFS, which does not. Thus, our test will continue to ensure that an NFD filename is canonically precomposed on all filesystems.
2a8841ae	2018-01-21T12:28:13	merge: test CR/LF conflicts for CR/LF files Ensure that when the files being merged have CR/LF line endings that the conflict markers produced in the conflict file also have CR/LF line endings.

92159bd4

2018-05-30T12:18:04

path: unify `git_path_is_*` APIs Right now, there's quite a lot of different function calls to determine whether a path component matches a specific name after normalization from the filesystem. We have a function for each of {gitattributes, gitmodules, gitignore} multiplicated with {generic, NTFS, HFS} checks. In the long time, this is unmaintainable in case there are e.g. new filesystems with specific semantics, blowing up the number of functions we need to implement. Replace all functions with a simple `git_path_is_gitfile` function, which accepts an enum pointing out the filename that is to be checked against as well as the filesystem normalizations to check for. This greatly simplifies implementation at the expense of the caller having to invoke a somewhat longer function call.

7f6c1ce9

2018-05-29T21:04:39

Merge pull request #4660 from libgit2/cmn/submodule-traversal Fixes for CVE 2018-11235

57e343d7

2018-05-24T21:58:40

path: hand-code the zero-width joiner as UTF-8

9e723db8

2018-05-24T20:28:36

submodule: plug leaks from the escape detection

a7168b47

2018-05-22T16:13:47

path: reject .gitmodules as a symlink Any part of the library which asks the question can pass in the mode to have it checked against `.gitmodules` being a symlink. This is particularly relevant for adding entries to the index from the worktree and for checking out files.

3fbfae26

2018-05-22T20:37:23

checkout: change symlinked .gitmodules file test to expect failure When dealing with `core.proectNTFS` and `core.protectHFS` we do check against `.gitmodules` but we still have a failing test as the non-filesystem codepath does not check for it.

02c80ad7

2018-05-22T15:21:08

path: accept the name length as a parameter We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.

a145f2b6

2018-05-22T14:16:45

checkout: add a failing test for refusing a symlinked .gitmodules We want to reject these as they cause compatibility issues and can lead to git writing to files outside of the repository.

177dcfc7

2018-05-18T15:16:53

path: hide the dotgit file functions These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.

9de97ae7

2018-05-16T15:42:08

path: add a function to detect an .gitmodules file Given a path component it knows what to pass to the filesystem-specific functions so we're protected even from trees which try to use the 8.3 naming rules to get around us matching on the filename exactly. The logic and test strings come from the equivalent git change.

397abe98

2018-05-14T16:03:15

submodule: also validate Windows-separated paths for validity Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to protect Windows users. Ideally we would check for both separators without the need for the copied string, but this'll get us over the RCE.

6b15ceac

2018-04-30T13:47:15

submodule: ignore submodules which include path traversal in their name If the we decide that the "name" of the submodule (i.e. its path inside `.git/modules/`) is trying to escape that directory or otherwise trick us, we ignore the configuration for that submodule. This leaves us with a half-configured submodule when looking it up by path, but it's the same result as if the configuration really were missing. The name check is potentially more strict than it needs to be, but it lets us re-use the check we're doing for the checkout. The function that encapsulates this logic is ready to be exported but we don't want to do that in a security release so it remains internal for now.

f9cf9a04

2018-05-09T14:51:57

Merge pull request #4642 from pks-t/pks/cmake-resolve-pkgconfig cmake: resolve libraries found by pkg-config

6c2939d6

2018-05-09T13:57:17

Merge pull request #4646 from pks-t/pks/gcc-8.1-warnings Fix GCC 8.1 warnings

8ab470f5

2018-04-27T15:31:43

cmake: remove now-useless LIBGIT2_LIBDIRS handling With the recent change of always resolving pkg-config libraries to their full path, we do not have to manage the LIBGIT2_LIBDIRS variable anymore. The only other remaining user of LIBGIT2_LIBDIRS is winhttp, which is a CMake-style library target and can thus be resolved by CMake automatically. Remove the variable to simplify our build system a bit.

a82082d0

2018-04-20T08:38:50

worktree: a worktree can be made from a bare repository

bb468ada

2018-05-07T13:44:15

Merge pull request #4542 from stanhu/sh-sanitize-utf8-hunk-header Sanitize the hunk header to ensure it contains UTF-8 valid data

9d83a2b0

2018-02-22T22:55:50

Sanitize the hunk header to ensure it contains UTF-8 valid data The diff driver truncates the hunk header text to 80 bytes, which can truncate 4-byte Unicode characters and introduce garbage characters in the diff output. This change sanitizes the hunk header before it is displayed. This mirrors the test in git: https://github.com/git/git/blob/master/t/t4025-hunk-header.sh Closes https://github.com/libgit2/rugged/issues/716

1bf57b5a

2018-05-04T15:27:11

tests: iterator::workdir: fix GCC warning Since GCC 8.1, the compiler performs some bounds checking when copying static data into arrays with a known size. In one test, we print a format string of "%s/sub%02d" into a buffer of 64 bytes. The input buffer for the first "%s" is bounded to at most 63 characters, plus four bytes for the static string "/sub" plus two more bytes for "%02d". Thus, our target buffer needs to be at least 70 bytes in size, including the NUL byte. There seems to be a bug in the analysis, though, because GCC will not account for the limiting "%02" prefix, treating it as requiring the same count of bytes as a "%d". Thus, we end up at 79 bytes that are required to fix the warning. To make it look nicer and less special, we just round the buffer size up to 80 bytes.

0750d0cc

2018-05-04T15:25:22

tests: refs::normalize: simplify code to avoid GCC warning Since version 8.1, GCC will do some automatic bounds checking when printing static content into a buffer with known size. The bounds checking doesn't yet work quite right in all scenarios and may thus lead to false positives. Fix one of these false positives in refs::normalize by simplifying the code.

7553763a

2018-04-30T13:03:44

submodule: add a failing test for a submodule escaping .git/modules We should pretend such submdules do not exist as it can lead to RCE.

b33b6d33

2018-04-30T09:27:47

Merge pull request #4640 from mkeeler/worktree-convenience2 worktree: add functions to get name and path

5ace1494

2018-04-26T11:45:38

Merge pull request #4633 from csware/worktree-delereref Fix deletion of unrelated branch on worktree

3da1ad20

2018-04-24T17:09:34

worktree: add functions to get name and path

45a3b9cd

2018-04-24T17:12:49

tests: fix issue with /tmp paths on macOS[1]

86353a72

2018-04-22T14:57:02

Merge pull request #4173 from tiennou/mbedtls mbedTLS support

5d346c11

2018-04-22T14:51:00

Merge pull request #4525 from pks-t/pks/config-iterate-in-order Configuration entry iteration in order

0ad2372b

2018-04-20T21:25:01

Merge pull request #4636 from tiennou/fix/leaks Fix leaks in master

8d138f89

2018-04-20T20:28:48

Merge pull request #4577 from csware/reflog-worktree-head worktree: Read worktree specific reflog for HEAD

25100d6d

2018-04-19T19:17:07

tests: free the worktree in add_with_explicit_branch Valgrind log: ==2711== 305 (48 direct, 257 indirect) bytes in 1 blocks are definitely lost in loss record 576 of 624 ==2711== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2711== by 0x5E079E: git__calloc (util.h:99) ==2711== by 0x5E0D21: open_worktree_dir (worktree.c:134) ==2711== by 0x5E0F23: git_worktree_lookup (worktree.c:176) ==2711== by 0x5E1972: git_worktree_add (worktree.c:388) ==2711== by 0x551F23: test_worktree_worktree__add_with_explicit_branch (worktree.c:292) ==2711== by 0x45853E: clar_run_test (clar.c:222) ==2711== by 0x4587E1: clar_run_suite (clar.c:286) ==2711== by 0x458B04: clar_parse_args (clar.c:362) ==2711== by 0x458CAB: clar_test_run (clar.c:428) ==2711== by 0x45665C: main (main.c:24)

fd7b5bc3

2018-04-20T12:54:41

Fix deletion of unrelated branch on worktree Signed-off-by: Sven Strickroth <email@cs-ware.de>

fac7eac4

2018-04-19T15:21:52

fixed stack smashing due to wrong size of struct stat on the stack on 32-bit systems with 64-bit file descriptor offsets enabled (added -D_FILE_OFFSET_BITS=64 when compiling the test suite)

8529ac9b

2018-04-17T23:38:46

Merge pull request #4524 from pks-t/pks/worktree-refs worktree: add ability to create worktree with pre-existing branch

1fd26760

2018-04-17T23:33:06

Merge pull request #4618 from tiennou/fix/pwned-references refs: preserve the owning refdb when duping reference

2ad24a4e

2018-04-17T20:05:35

tests: add information about the crlf data generator The CRLF data generator is somewhat obscure; add information about how to use it and what it does.

ad5a696e

2017-01-28T17:11:55

tests: crlf: update POSIX test data to reflect Git 2.9+ behavior Update with vanilla Git 2.11.0 on Debian Signed-off-by: Sven Strickroth <email@cs-ware.de>

f65eea44

2017-01-28T17:08:59

tests: crlf: update Windows test data to reflect Git 2.9+ behavior Update with "git version 2.11.0.windows.3" Signed-off-by: Sven Strickroth <email@cs-ware.de>

286a6765

2018-04-17T14:32:56

Merge pull request #4522 from csware/submodules-should-report-parse-errors Submodules-API should report .gitmodules parse errors instead of ignoring them

fd634019

2018-04-16T15:42:35

Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env online::clone: validate user:pass in HTTP_PROXY

1926163a

2018-04-16T15:33:43

Merge pull request #4622 from pks-t/pks/revwalk-hide-newer-parents revwalk: fix uninteresting revs sometimes not limiting graphwalk

69870a67

2018-04-16T15:19:37

Merge pull request #4614 from pks-t/pks/gitignore-trailing-spaces attr_file: fix handling of directory patterns with trailing spaces

54fd80e3

2018-04-12T13:32:27

revwalk: fix uninteresting revs sometimes not limiting graphwalk When we want to limit our graphwalk, we use the heuristic of checking whether the newest limiting (uninteresting) revision is newer than the oldest interesting revision. We do so by inspecting whether the first item's commit time of the user-supplied list of revisions is newer than the last added interesting revision. This is wrong though, as the user supplied list is in no way guaranteed to be sorted by increasing commit dates. This could lead us to abort the revwalk early before applying all relevant limiting revisions, outputting revisions which should in fact have been hidden. Fix the heuristic by instead checking whether _any_ of the limiting commits was made earlier than the last interesting commit. Add a test.

251d8771

2018-04-06T12:24:10

attr_file: fix handling of directory patterns with trailing spaces When comparing whether a path matches a directory rule, we pass the both the path and directory name to `fnmatch` with `GIT_ATTR_FNMATCH_DIRECTORY` being set. `fnmatch` expects the pattern to contain no trailing directory '/', which is why we try to always strip patterns of trailing slashes. We do not handle that case correctly though when the pattern itself has trailing spaces, causing the match to fail. Fix the issue by stripping trailing spaces and tabs for a rule previous to checking whether the pattern is a directory pattern with a trailing '/'. This replaces the whitespace-stripping in our ignore file parsing code, which was stripping whitespaces too late. Add a test to catch future breakage.

e3d764a4

2018-03-29T22:14:12

tests: clarify comment

2dc54855

2018-04-10T23:49:44

tests: ensure worktrees' head have owners too

5e19a7f9

2018-04-10T21:16:43

refs: preserve the owning refdb when duping reference This fixes a segfault in git_reference_owner on references returned from git_reference__read_head and git_reference_dup ones.

6c55fbf3

2018-04-06T10:39:16

transports: local: fix assert when fetching into repo with symrefs When fetching into a repository which has symbolic references via the "local" transport we run into an assert. The assert is being triggered while we negotiate the packfile between the two repositories. When hiding known revisions from the packbuilder revwalk, we unconditionally hide all references of the local refdb. In case one of these references is a symbolic reference, though, this means we're trying to hide a `NULL` OID, which triggers the assert. Fix the issue by only hiding OID references from the revwalk. Add a test to catch this issue in the future.

cd6a4323

2018-04-04T21:29:03

typo: Fixed a trivial typo in test function.

bc5ced66

2018-04-04T21:28:31

diff: Add missing GIT_DELTA_TYPECHANGE -> 'T' mapping. This adds the 'T' status character to git_diff_status_char() for diff entries that change type.

69a282da

2018-03-28T06:48:55

submodule: add more robust error handling when a submodule path is found on add

eb0a3afd

2018-03-11T15:35:56

worktree: Read worktree specific reflog for HEAD Signed-off-by: Sven Strickroth <email@cs-ware.de>

e55b5373

2018-02-08T12:36:47

Submodule API should report .gitmodules parse errors Signed-off-by: Sven Strickroth <email@cs-ware.de>

677d393c

2017-12-18T10:28:37

tests: submodule: insert index entries directly into index

ef9a7749

2017-11-19T20:59:59

submodule: update index check to check path before directory and fix tests

9371149f

2017-10-20T14:24:01

submodule: fix styling errors

3e500fc8

2017-10-16T19:55:45

test: submodule: add: join path without slashes

0a74f391

2017-10-16T16:16:03

test: submodule: add: use p_mkdir to create directories

ad1c4350

2017-10-16T15:30:47

submodule: check index for prefix before adding submodule submodule: check path and prefix before adding submodule submodule: fix test errors

6a15f657

2018-02-09T13:02:26

config_file: iterate over keys in the order they were added Currently, all configuration entries were only held in a string map, making iteration order mostly based on the hash of each entry's key. Now that we have extended the `diskfile_entries` structure by a list of config entries, we can effectively iterate through entries in the order they were added, though.

a52b4c51

2018-03-23T09:59:46

odb: fix writing to fake write streams In commit 7ec7aa4a7 (odb: assert on logic errors when writing objects, 2018-02-01), the check for whether we are trying to overflowing the fake stream buffer was changed from returning an error to raising an assert. The conversion forgot though that the logic around `assert`s are basically inverted. Previously, if the statement stream->written + len > steram->size evaluated to true, we would return a `-1`. Now we are asserting that this statement is true, and in case it is not we will raise an error. So the conversion to the `assert` in fact changed the behaviour to the complete opposite intention. Fix the assert by inverting its condition again and add a regression test.

904307af

2018-03-23T09:58:57

tests: add tests for the mempack ODB backend Our mempack ODB backend has no test coverage at all right now. Add a simple test suite to at least have some coverage of the most basic operations on the ODB.

54bf4d14

2018-03-20T07:47:27

online tests: update auth for bitbucket test Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.

9108959a

2018-03-14T15:03:35

buf: add tests for percent decoding

30333e82

2018-02-28T13:00:04

Update tests

03c58778

2018-03-19T09:20:35

online::clone: skip creds fallback test At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.

e380eae0

2018-02-28T16:10:53

online::clone: validate user:pass in HTTP_PROXY Validate using the http://user:pass@host/ format in HTTP_PROXY and HTTPS_PROXY environment variables.

a554d588

2018-02-28T12:21:08

tree: initialize the id we use for testing submodule insertions Instead of laving it uninitialized and relying on luck for it to be non-zero, let's give it a dummy hash so we make valgrind happy (in this case the hash comes from `sha1sum </dev/null`.

275693e2

2018-02-20T12:45:40

checkout test: ensure workdir mode is simplified Ensure that when examining the working directory for checkout that the mode is correctly simplified. Git only pays attention to whether a file is executable or not. When examining a working directory, we should coalesce modes in the working directory to either `0755` (indicating that a file is executable) or `0644` (indicating that it is not). Test this by giving the file an exotic mode, and ensuring that when checkout out a branch that changes the file's contents, that we do not have a checkout conflict.

ec96db57

2018-02-20T00:32:38

checkout test: add core.filemode checkout tests Add two tests for filemode. The first ensures that `core.filemode=true` is honored: if we have changed the filemode such that a file that _was_ executable (mode 0755) is now executable (mode 0644) and we go to check out a branch that has otherwise changed the contents of the file, then we should raise a checkout conflict for that file. The second ensures that `core.filemode=false` is honored: in the same situation, we set a file that was executable to be non-executable, and check out the branch that changes the contents of the file. However, since `core.filemode` is false, we do not detect the filemode change. We run these tests on both operating systems that obey `core.filemode` (eg, POSIX) and those that have no conception of filemode (eg, Win32). This ensures that `core.filemode` is always honored, as it is a cache of the underlying filesystem's settings. This ensures that we do not make assumptions based on the operating system, and honor the configuration setting even if it were misconfigured.

18d9c847

2018-02-20T00:32:38

testrepo: add new branch Add a new branch to the `testrepo` repository, where the `README` file has changed to executable. This branch enables typechange tests between the new `executable` branch and `master`.

894ccf4b

2018-02-20T16:14:54

Merge pull request #4535 from libgit2/ethomson/checkout_typechange_with_index_and_wd checkout: when examining index (instead of workdir), also examine mode

4e4771dc

2018-02-19T22:10:44

checkout test: further ensure workdir perms are updated When both the index _and_ the working directory has changed permissions on a file permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.

8858a684

2018-02-19T22:09:27

checkout test: ensure workdir perms are updated When the working directory has changed permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.

ce7080a0

2018-02-20T10:38:27

diff_tform: fix rename detection with rewrite/delete pair A rewritten file can either be classified as a modification of its contents or of a delete of the complete file followed by an addition of the new content. This distinction becomes important when we want to detect renames for rewrites. Given a scenario where a file "a" has been deleted and another file "b" has been renamed to "a", this should be detected as a deletion of "a" followed by a rename of "a" -> "b". Thus, splitting of the original rewrite into a delete/add pair is important here. This splitting is represented by a flag we can set at the current delta. While the flag is already being set in case we want to break rewrites, we do not do so in case where the `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` flag is set. This can trigger an assert when we try to match the source and target deltas. Fix the issue by setting the `GIT_DIFF_FLAG__TO_SPLIT` flag at the delta when it is a rename target and `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` is set.

80e77b87

2018-02-20T10:03:48

tests: add rename-rewrite scenarios to "renames" repository Add two more scenarios to the "renames" repository. The first scenario has a major rewrite of a file and a delete of another file, the second scenario has a deletion of a file and rename of another file to the deleted file. Both scenarios will be used in the following commit.

d91da1da

2018-02-20T09:54:58

tests: diff::rename: use defines for commit OIDs While we frequently reuse commit OIDs throughout the file, we do not have any constants to refer to these commits. Make this a bit easier to read by giving the commit OIDs somewhat descriptive names of what kind of commit they refer to.

cabe16df

2018-02-19T10:18:59

tests: index::filemodes: fix use of uninitialized memory The new index entry structure was not being initialized to all-zeroes. As that structure is used to add a new entry to the current index, and the hashing algorithm of the index making use of the uninitialized flags to calculate the state, we might miscompute the hash of the entry and add it at the wrong position. Later lookups would then fail. Initialize the structure with `memset` to fix the test breaking on some platforms.

5f774dbf

2018-02-11T10:14:13

git_index_add_frombuffer: only accept files/links Ensure that the buffer given to `git_index_add_frombuffer` represents a regular blob, an executable blob, or a link. Explicitly reject commit entries (submodules) - it makes little sense to allow users to add a submodule from a string; there's no possible path to success.

619f61a8

2018-02-01T06:22:36

odb: error when we can't create object header Return an error to the caller when we can't create an object header for some reason (printf failure) instead of simply asserting.

a22f19e6

2018-02-09T10:38:11

worktree: add ability to create worktree with pre-existing branch Currently, we always create a new branch after the new worktree's name when creating a worktree. In some workflows, though, the caller may want to check out an already existing reference instead of creating a new one, which is impossible to do right now. Add a new option `ref` to the options structure for adding worktrees. In case it is set, a branch and not already checked out by another worktree, we will re-use this reference instead of creating a new one.

0fd0bfe4

2018-02-08T22:51:46

Merge pull request #4450 from libgit2/ethomson/odb_loose_readstream Streaming read support for the loose ODB backend

d749822c

2018-02-08T22:50:58

Merge pull request #4491 from libgit2/ethomson/recursive Recursive merge: reverse the order of merge bases

2eea5f1c

2018-02-08T10:27:31

config_parse: fix reading files with BOM The function `skip_bom` is being used to detect and skip BOM marks previously to parsing a configuration file. To do so, it simply uses `git_buf_text_detect_bom`. But since the refactoring to use the parser interface in commit 9e66590bd (config_parse: use common parser interface, 2017-07-21), the BOM detection was actually broken. The issue stems from a misunderstanding of `git_buf_text_detect_bom`. It was assumed that its third parameter limits the length of the character sequence that is to be analyzed, while in fact it was an offset at which we want to detect the BOM. Fix the parameter to be `0` instead of the buffer length, as we always want to check the beginning of the configuration file.

848153f3

2018-02-08T10:02:29

config_parse: handle empty lines with CRLF Currently, the configuration parser will fail reading empty lines with just an CRLF-style line ending. Special-case the '\r' character in order to handle it the same as Unix-style line endings. Add tests to spot this regression in the future.

b8823c2b

2018-01-22T23:56:22

Add failing test case for virtual commit merge base issue

afcaf35e

2018-01-21T16:50:40

merge::trees::recursive: test for virtual base building Virtual base building: ensure that the virtual base is created and revwalked in the same way as git.

b924df1e

2018-01-21T18:05:45

merge: reverse merge bases for recursive merge When the commits being merged have multiple merge bases, reverse the order when creating the virtual merge base. This is for compatibility with git's merge-recursive algorithm, and ensures that we build identical trees. Git does this to try to use older merge bases first. Per 8918b0c: > It seems to be the only sane way to do it: when a two-head merge is > done, and the merge-base and one of the two branches agree, the > merge assumes that the other branch has something new. > > If we start creating virtual commits from newer merge-bases, and go > back to older merge-bases, and then merge with newer commits again, > chances are that a patch is lost, _because_ the merge-base and the > head agree on it. Unlikely, yes, but it happened to me.

7bd89502

2018-01-21T16:41:49

Introduce additional criss-cross merge branches

26f5d36d

2018-02-04T10:27:39

Merge pull request #4489 from libgit2/ethomson/conflicts_crlf Conflict markers should match EOL style in conflicting files

909a1992

2017-12-31T09:56:30

odb_loose: largefile tests only on 64 bit platforms Only run the large file tests on 64 bit platforms. Even though we support streaming reads on objects, and do not need to fit them in memory, we use `size_t` in various places to reflect the size of an object.

27078e58

2017-12-18T23:11:42

odb_loose: test read_header on large blobs Test that we can read_header on large blobs. This should succeed on all platforms since we read only a few bytes into memory to be able to parse the header.

e118231b

2017-12-18T23:11:24

odb_loose: test read_header explicitly

b1e66bfc

2017-12-17T16:31:35

odb: test loose object streaming

dbe3d3e9

2017-12-17T02:12:19

odb_loose: test reading a large file in stream Since some test situations may have generous disk space, but limited RAM (eg hosted build agents), test that we can stream a large file into a loose object, and then stream it out of the loose object storage.

9d8510b3

2018-01-31T09:28:43

Merge pull request #4488 from libgit2/ethomson/conflict_marker_size Use longer conflict markers in recursive merge base

cdab165d

2018-01-31T09:27:39

Merge pull request #4490 from libgit2/ethomson/apfs_precompose_fixes status::renames: test update for APFS (write NFD instead of NFC filename)

275f103d

2018-01-12T08:59:40

odb: reject reading and writing null OIDs The null OID (hash with all zeroes) indicates a missing object in upstream git and is thus not a valid object ID. Add defensive measurements to avoid writing such a hash to the object database in the very unlikely case where some data results in the null OID. Furthermore, add shortcuts when reading the null OID from the ODB to avoid ever returning an object when a faulty repository may contain the null OID.

c0487bde

2018-01-12T08:23:43

tree: reject writing null-OID entries to a tree In commit a96d3cc3f (cache-tree: reject entries with null sha1, 2017-04-21), the git.git project has changed its stance on null OIDs in tree objects. Previously, null OIDs were accepted in tree entries to help tools repair broken history. This resulted in some problems though in that many code paths mistakenly passed null OIDs to be added to a tree, which was not properly detected. Align our own code base according to the upstream change and reject writing tree entries early when the OID is all-zero.

9af7fbc3

2018-01-21T14:00:50

status::renames: write NFD instead of NFC filename Update the status::renames test to create an NFD format filename in the core.precomposedunicode tests. Previously, we would create an NFC format filename. This was to take advantage of HFS+ filesystems, which always use canonically decomposed formats, and would actually write the filename to disk as an NFD filename. So previously, we could create an NFC filename, but read it normally as an NFD filename. But APFS formats do not force canonically decomposed formats for filenames, so creating an NFC filename does not get converted to NFD. Instead, the filename will be written in NFC format. Our test, therefore, does not work - when we write an NFC filename, it will _remain_ NFC. Update the test to write NFD always. This will ensure that the file will actually be canonically decomposed on all platforms: HFS+, which forces NFD, and APFS, which does not. Thus, our test will continue to ensure that an NFD filename is canonically precomposed on all filesystems.

2a8841ae

2018-01-21T12:28:13

merge: test CR/LF conflicts for CR/LF files Ensure that when the files being merged have CR/LF line endings that the conflict markers produced in the conflict file also have CR/LF line endings.

thodg/libgit2/tests

tests

Log