kmx git

Commit	Date	Message
9b698978	2019-04-12T08:54:06	git_repository_init: stop traversing at windows root Stop traversing the filesystem at the Windows directory root. We were calculating the filesystem root for the given directory to create, and walking up the filesystem hierarchy. We intended to stop when the traversal path length is equal to the root path length (ie, stopping at the root, since no path may be shorter than the root path). However, on Windows, the root path may be specified in two different ways, as either `Z:` or `Z:\`, where `Z:` is the current drive letter. `git_path_dirname_r` returns the path _without_ a trailing slash, even for the Windows root. As a result, during traversal, we need to test that the traversal path is _less than or equal to_ the root path length to determine if we've hit the root to ensure that we stop when our traversal path is `Z:` and our calculated root path was `Z:\`.
21baf7ab	2019-04-05T10:22:46	ignore: treat paths with trailing "/" as directories The function `git_ignore_path_is_ignored` is there to test the ignore status of paths that need not necessarily exist inside of a repository. This has the implication that for a given path, we cannot always decide whether it references a directory or a file, and we need to distinguish those cases because ignore rules may treat those differently. E.g. given the following gitignore file: * !/**/ we'd only want to unignore directories, while keeping files ignored. But still, calling `git_ignore_path_is_ignored("dir/")` will say that this directory is ignored because it treats "dir/" as a file path. As said, the `is_ignored` function cannot always decide whether the given path is a file or directory, and thus it may produce wrong results in some cases. While this is unfixable in the general case, we can do better when we are being passed a path name with a trailing path separator (e.g. "dir/") and always treat them as directories.
4ec209cd	2019-03-29T12:30:37	tests: diff: test parsing diffs with a new file with spaces in its path Add a test that verifies that we are able to parse patches which add a new file that has spaces in its path.
71424f63	2019-03-22T23:56:10	patch_parse.c: Handle CRLF in parse_header_start
93971ca6	2019-03-15T13:08:18	ignore: add additional test cases
12bc7181	2019-03-14T15:51:15	ignore: Do not match on prefix of negated patterns Matching on the prefix of a negated pattern was triggering false negatives on siblings of that pattern. e.g. Given the .gitignore: dir/* !dir/sub1/sub2/** The path `dir/a.text` would not be ignored.
96b6fe11	2019-03-29T12:15:20	patch_parse: fix parsing addition/deletion of file with space The diff header format is a strange beast in that it is inherently unparseable in an unambiguous way. While parsing a/file.txt b/file.txt is obvious and trivially doable, parsing a diff header of a/file b/file ab.txt b/file b/file ab.txt is not (but in fact valid and created by git.git). Due to that, we have relaxed our diff header parser in commit 80226b5f6 (patch_parse: allow parsing ambiguous patch headers, 2017-09-22), so that we started to bail out when seeing diff headers with spaces in their file names. Instead, we try to use the "---" and "+++" lines, which are unambiguous. In some cases, though, we neither have a useable file name from the header nor from the "---" or "+++" lines. This is the case when we have a deletion or addition of a file with spaces: the header is unparseable and the other lines will simply show "/dev/null". This trips our parsing logic when we try to extract the prefix (the "a/" part) that is being used in the path line, where we unconditionally try to dereference a NULL pointer in such a scenario. We can fix this by simply not trying to parse the prefix in cases where we have no useable path name. That'd leave the parsed patch without either `old_prefix` or `new_prefix` populated. But in fact such cases are already handled by users of the patch object, which simply opt to use the default prefixes in that case.
aa877e09	2019-03-14T09:59:27	Implement failing test for gitignore of complex subdirectory negation When a directory's contents are ignored, and then a glob negation is made to a nested subdir, other subdirectories are now unignored
856afc27	2019-02-16T22:06:58	Fix a _very_ improbable memory leak in git_odb_new() This change fixes a mostly theoretical memory leak in got_odb_new() that can only manifest if git_cache_init() fails due to running out of memory or not being able to acquire its lock.
c79f9dae	2019-03-29T11:58:50	patch_parse: improve formatting
5189beb0	2019-02-16T19:55:30	Fix a memory leak in odb_otype_fast() This change frees a copy of a cached object in odb_otype_fast().
1df7d27a	2019-03-20T13:24:07	ignore: move tests from status to attr ignore suite
572e4d8c	2019-02-14T16:36:00	Merge pull request #4983 from libgit2/ethomson/v0_28_1 Release v0.28.1
65fff789	2019-02-14T13:37:00	Release v0.28.1
b8837827	2019-02-14T13:09:23	Merge pull request #4979 from libgit2/ethomson/deprecate Deprecation: export the deprecated functions properly
3f823c2b	2019-02-14T00:00:06	ci: enable hard deprecation Enable hard deprecation in our builds to ensure that we do not call deprecated functions internally.
dcf81cdb	2019-02-13T23:56:40	deprecation: optionally enable hard deprecation Add a CMake option to enable hard deprecation; the resultant library will _not_ include any deprecated functions. This may be useful for internal CI builds that create libraries that are not shared with end-users to ensure that we do not use deprecated bits internally.
24ac9e0c	2019-02-13T23:26:54	deprecation: ensure we GIT_EXTERN deprecated funcs Although the error functions were deprecated, we did not properly mark them as deprecated. We need to include the `deprecated.h` file in order to ensure that the functions get their export attributes. Similarly, do not define `GIT_DEPRECATE_HARD` within the library, or those functions will also not get their export attributes. Define that only on the tests and examples.
e1916376	2019-02-14T09:22:57	Merge pull request #4980 from libgit2/ethomson/ci_nightly ci: skip ssh tests on macOS nightly
ef91917f	2019-02-14T09:19:32	ci: skip ssh tests on macOS nightly Like 811c1c0f8f80521dccc746a7bff180cd77a783ff, disable the SSH tests on macOS until we can resolve the newly introduced infrastructure issues.
85b2bd41	2019-02-14T01:13:33	Merge pull request #4976 from libgit2/ethomson/readme_v028 CI build fixups
811c1c0f	2019-02-14T00:51:39	ci: skip ssh tests on macOS SSH tests on macOS have begun failing for an unknown reason after an infrastructure upgrade to macOS 10.13.6. Disable those tests temporarily, until we can resolve it.
44f82134	2019-02-13T11:18:35	ci: provide more information about OS Subtle changes in the host OS can have impacts in the CI system that may be hard to debug. We previously showed the results of `uname` which can be difficult to interpret. Provide more information where available.
6f778351	2019-02-13T11:15:12	README: use correct badge for nightlies The URL was incorrect for the nightly badge image; it was erroneously showing the master branch continuous integration build badge.
f34faaa8	2019-02-12T16:45:57	README: include build badge for v0.28 builds Include a build badge for `maint/v0.28` builds.
1a107fac	2019-02-02T10:25:54	Merge pull request #4970 from libgit2/ethomson/0_28 v0.28 rc1
3fe29c4d	2019-01-31T19:10:03	version: 0.28
63f96cd0	2019-01-31T19:09:42	changelog: this is 0.28
214457c6	2019-01-31T18:51:36	Merge pull request #4968 from tiennou/fix/documentation Docs
6853a250	2019-01-31T14:46:21	Merge branch 'pks/stream-truncated-writes'
75918aba	2019-01-23T14:43:54	mbedtls: make global variables static The mbedtls stream implementation makes use of some global variables which are not marked as `static`, even though they're only used in this compilation unit. Fix this and remove a duplicate declaration.
0ceac0d0	2019-01-23T14:45:19	mbedtls: fix potential size overflow when reading or writing data The mbedtls library uses a callback mechanism to allow downstream users to plug in their own receive and send functions. We implement `bio_read` and `bio_write` functions, which simply wrap the `git_stream_read` and `git_stream_write` functions, respectively. The problem arises due to the return value of the callback functions: mbedtls expects us to return an `int` containing the actual number of bytes that were read or written. But this is in fact completely misdesigned, as callers are allowed to pass in a buffer with length `SIZE_MAX`. We thus may be unable to represent the number of bytes written via the return value. Fix this by only ever reading or writing at most `INT_MAX` bytes.
657197e6	2019-01-23T15:54:05	openssl: fix potential size overflow when writing data Our `openssl_write` function calls `SSL_write` by passing in both `data` and `len` arguments directly. Thing is, our `len` parameter is of type `size_t` and theirs is of type `int`. We thus need to clamp our length to be at most `INT_MAX`.
7613086d	2019-01-23T15:49:28	streams: handle short writes only in generic stream Now that the function `git_stream__write_full` exists and callers of `git_stream_write` have been adjusted, we can lift logic for short writes out of the stream implementations. Instead, this is now handled either by `git_stream__write_full` or by callers of `git_stream_write` directly.
5265b31c	2019-01-23T15:00:20	streams: fix callers potentially only writing partial data Similar to the write(3) function, implementations of `git_stream_write` do not guarantee that all bytes are written. Instead, they return the number of bytes that actually have been written, which may be smaller than the total number of bytes. Furthermore, due to an interface design issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as otherwise we cannot represent the number of bytes written to the caller. Unfortunately, no caller of `git_stream_write` ever checks the return value, except to verify that no error occurred. Due to this, they are susceptible to the case where only partial data has been written. Fix this by introducing a new function `git_stream__write_full`. In contrast to `git_stream_write`, it will always return either success or failure, without returning the number of bytes written. Thus, it is able to write all `SIZE_MAX` bytes and loop around `git_stream_write` until all data has been written. Adjust all callers except the BIO callbacks in our mbedtls and OpenSSL streams, which already do the right thing and require the amount of bytes written.
193e7ce9	2019-01-23T15:42:07	streams: make file-local functions static The callback functions that implement the `git_stream` structure are only used inside of their respective implementation files, but they are not marked as `static`. Fix this.
9fd9126e	2019-01-30T21:19:18	docs: minor changes
2f1d6eff	2019-01-30T19:59:43	Merge pull request #4954 from tiennou/fix/documentation Documentation fixes
cf14215d	2019-01-28T12:41:22	Merge pull request #4964 from libgit2/ethomson/ci_nightly ci: add an individual coverity pipeline
52a97eed	2019-01-28T12:16:50	ci: add coverity badge to the README
0cf5b6b1	2019-01-28T10:48:49	ci: ignore coverity failures in nightly runs Coverity is back but it's only read-only! Agh. Just allow it to fail and not impact the overall job run.
690e55e0	2019-01-04T19:09:42	repo: split git_repository_open_flag_t options documentation inline
f6412c26	2019-01-15T13:35:41	transport: enhance documentation
2964fed0	2019-01-15T13:30:42	docs: document GIT_EUSER/GIT_EPASSTHROUGH
9e4d421e	2019-01-15T11:32:13	doc: clarify that git_time_t is seconds from the epoch
e9a34864	2019-01-27T22:47:09	Merge pull request #4961 from libgit2/ethomson/ci_docurium ci: run docurium to create documentation
92b52f36	2019-01-27T22:46:53	Merge pull request #4962 from libgit2/ethomson/ci_nightly ci: return coverity to the nightlies
08d71f72	2019-01-27T22:46:07	ci: return coverity to the nightlies
b1e28625	2019-01-26T19:43:33	Merge pull request #4950 from libgit2/ethomson/warnings Clean up some warnings
f56634f8	2019-01-26T19:40:19	Merge pull request #4869 from libgit2/ethomson/ci_nightly Nightlies: use `latest` docker images
ace20c6a	2019-01-26T16:59:32	ci: run docurium to create documentation Run docurium as part of the build. The goal of this is to be able to evaluate the documentation in a given pull request; as such, this does not implement any sort of deployment pipeline. This will allow us to download a snapshot of the documentation from the CI build and evaluate the docs for a particular pull request; before it's been merged.
4a798a91	2018-10-28T17:57:53	nightly: use latest images, not test images
fac08837	2019-01-21T11:38:46	filter: return an int Validate that the return value of the read is not less than INT_MAX, then cast.
89bd4ddb	2019-01-21T11:32:53	diff_generate: validate oid file size Index entries are 32 bit unsigned ints, not `size_t`s.
fd9d4e28	2019-01-21T11:29:16	describe: don't mix and match abbreviated size types The git_describe_format_options.abbreviated_size type is an unsigned int. There's no need for it to be anything else; keep it what it is.
751eb462	2019-01-21T11:20:18	delta: validate sizes and cast safely Quiet down a warning from MSVC about how we're potentially losing data. Validate that our data will fit into the type provided then cast.
4947216f	2019-01-21T11:11:27	git transport: only write INT_MAX bytes The transport code returns an `int` with the number of bytes written; thus only attempt to write at most `INT_MAX`.
a861839d	2019-01-21T10:55:59	windows: add SSIZE_MAX Windows doesn't include ssize_t or its _MAX value by default. We are already declaring ssize_t as SSIZE_T, which is __int64_t on Win64 and long otherwise. Include its _MAX value as a correspondence to its type.
f1986a23	2019-01-21T09:56:23	streams: don't write more than SSIZE_MAX Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).
e5e2fac8	2019-01-21T00:57:39	buffer: explicitly cast Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested it.
f4ebb2d4	2019-01-21T00:56:35	blame: make hunk_cmp handle unsigned differences
ae681d3f	2019-01-21T00:49:07	apply: make update_hunk accept a size_t
7ed2baf7	2019-01-21T00:41:50	MSVC: ignore empty compilation units (warning LNK4221) A number of source files have their implementation #ifdef'd out (because they target another platform). MSVC warns on empty compilation units (with warning LNK4221). Ignore warning 4221 when creating the object library.
3fba5891	2019-01-20T23:53:33	test: cast to a char the zstream test
f25bb508	2019-01-20T23:52:50	index test: cast times explicitly Cast actual filesystem data to the int32_t that index entries store.
1d4ddb8e	2019-01-20T23:42:08	iterator: cast filesystem iterator entry values explicitly The filesystem iterator takes `stat` data from disk and puts them into index entries, which use 32 bit ints for time (the seconds portion) and filesize. However, on most systems these are not 32 bit, thus will typically invoke a warning. Most users ignore these fields entirely. Diff and checkout code do use the values, however only for the cache to determine if they should check file modification. Thus, this is not a critical error (and will cause a hash recomputation at worst).
c6cac733	2019-01-20T22:40:38	blob: validate that blob sizes fit in a size_t Our blob size is a `git_off_t`, which is a signed 64 bit int. This may be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob size fits into a `size_t` before casting.
3aa6d96a	2019-01-20T20:38:25	tree: cast filename length in git_tree__parse_raw Quiet down a warning from MSVC about how we're potentially losing data. Ensure that we're within a uint16_t before we do.
759502ed	2019-01-20T20:30:42	odb_loose: explicitly cast to size_t Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested that it's positive and less than SIZE_MAX.
80c3867b	2019-01-20T19:20:12	patch: explicitly cast down in parse_header_percent Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested that it's within the range of 0-100.
494448a5	2019-01-20T19:10:08	index: explicitly cast down to a size_t Quiet down a warning from MSVC about how we're potentially losing data. This cast is safe since we've explicitly tested that `strip_len` <= `last_len`.
c3866fa8	2019-01-20T18:54:16	diff: explicitly cast in flush_hunk Quiet down a warning from MSVC about how we're potentially losing data.
826d9a4d	2019-01-25T09:43:20	Merge pull request #4858 from tiennou/fix/index-ext-read index: preserve extension parsing errors
859d9229	2019-01-25T09:41:41	Merge pull request #4952 from libgit2/ethomson/deprecation Deprecate functions and constants more gently
c951b825	2019-01-23T00:32:40	deprecation: define GIT_DEPRECATE_HARD internally Ensure that we do not use any deprecated functions in the library source, test code or examples.
9f3a5a64	2019-01-23T00:29:03	deprecation: offer GIT_DEPRECATE_HARD Users can define `GIT_DEPRECATE_HARD` if they want to remove all functions that we've "softly" deprecated.
9c5e05ad	2019-01-23T10:43:29	deprecation: move deprecated tests into their own file Move the deprecated stream tests into their own compilation unit. This will allow us to disable any preprocessor directives that apply to deprecation just for these tests (eg, disabling `GIT_DEPRECATED_HARD`).
e09f0c10	2019-01-23T10:21:42	deprecation: don't use deprecated stream cb Avoid the deprecated `git_stream_cb` typedef since we want to compile the library without deprecated functions or types. Instead, we can unroll the alias to its actual type.
09e2ea2f	2019-01-23T09:44:40	deprecation: provide docurium deprecation note Add `@deprecated` to the functions that are, so that they'll appear that way in docurium.
53d13fb3	2019-01-23T09:42:55	deprecation: deprecated stream registration in if guard `git_stream_register_tls` is now deprecated; mark it in an if guard with the deprecation. This should not be included in `deprecated.h` since it is an uncommonly used `sys` header file.
769e9274	2019-01-23T00:42:22	deprecation: update changelog to reflect new policies
a7d0d14f	2019-01-23T00:07:40	deprecation: move deprecated bits to deprecated.h
1c3daccf	2019-01-23T09:51:50	fuzzers: don't use deprecated types
cc5da0a6	2019-01-23T09:36:52	examples: don't use deprecated types
5524a467	2019-01-25T09:06:27	Merge pull request #4957 from csware/deprecated Don't use deprecated constants
bff7aed2	2019-01-24T16:44:04	Don't use deprecated constants Follow up for PR #4917. Signed-off-by: Sven Strickroth <email@cs-ware.de>
0bf7e043	2019-01-24T12:12:04	index: preserve extension parsing errors Previously, we would clobber any extension-specific error message with an "extension is truncated" message. This makes `read_extension` correctly preserve those errors, takes responsibility for truncation errors, and adds a new message with the actual extension signature for unsupported mandatory extensions.
80be19b9	2019-01-24T11:59:48	Merge pull request #4955 from csware/c4098 Fix VS warning C4098: 'giterr_set_str' : void function returning a value
53bf0bde	2019-01-24T11:29:36	Fix VS warning C4098: 'giterr_set_str' : void function returning a value Signed-off-by: Sven Strickroth <email@cs-ware.de>
635693d3	2019-01-22T22:52:06	Merge pull request #4917 from libgit2/ethomson/giterr Move `giterr` to `git_error`
a27a4de6	2019-01-10T22:48:03	errors: update docs for giterr changes
00c66dfd	2019-01-10T22:43:59	errors: update static analysis tools for giterr Update GITERR and giterr usages in the static code analysis tools to use the new names.
fcc7dcb1	2019-01-10T22:39:56	errors: remove giterr usage in examples
115a6c50	2019-01-10T21:44:26	errors: remove giterr usage in fuzzers
f673e232	2018-12-27T13:47:34	git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
647dfdb4	2019-01-10T22:13:07	git_error: deprecate error values Replace the `GITERR` values with a `const int` to deprecate error values.
20961b98	2018-12-26T14:06:21	git_error: use full class name in public error API Move to the `git_error` name in error-related functions, deprecating the `giterr` functions. This means, for example, that `giterr_last` is now `git_error_last`. The old names are retained for compatibility. This only updates the public API; internal API and function usage remains unchanged.
6b2cd0ed	2019-01-20T20:55:00	Merge pull request #4949 from zlikavac32/fix-odb-foreach-cb-positive-error-code odb: Fix odb foreach to also close on positive error code
f7416509	2019-01-20T20:15:31	Fix odb foreach to also close on positive error code In include/git2/odb.h it states that callback can also return positive value which should break looping. Implementations of git_odb_foreach() and pack_backend__foreach() did not respect that.
68166017	2019-01-20T18:33:36	Merge pull request #4948 from libgit2/ethomson/memleaks repository: free memory in symlink detection function

9b698978

2019-04-12T08:54:06

git_repository_init: stop traversing at windows root Stop traversing the filesystem at the Windows directory root. We were calculating the filesystem root for the given directory to create, and walking up the filesystem hierarchy. We intended to stop when the traversal path length is equal to the root path length (ie, stopping at the root, since no path may be shorter than the root path). However, on Windows, the root path may be specified in two different ways, as either `Z:` or `Z:\`, where `Z:` is the current drive letter. `git_path_dirname_r` returns the path _without_ a trailing slash, even for the Windows root. As a result, during traversal, we need to test that the traversal path is _less than or equal to_ the root path length to determine if we've hit the root to ensure that we stop when our traversal path is `Z:` and our calculated root path was `Z:\`.

21baf7ab

2019-04-05T10:22:46

ignore: treat paths with trailing "/" as directories The function `git_ignore_path_is_ignored` is there to test the ignore status of paths that need not necessarily exist inside of a repository. This has the implication that for a given path, we cannot always decide whether it references a directory or a file, and we need to distinguish those cases because ignore rules may treat those differently. E.g. given the following gitignore file: * !/**/ we'd only want to unignore directories, while keeping files ignored. But still, calling `git_ignore_path_is_ignored("dir/")` will say that this directory is ignored because it treats "dir/" as a file path. As said, the `is_ignored` function cannot always decide whether the given path is a file or directory, and thus it may produce wrong results in some cases. While this is unfixable in the general case, we can do better when we are being passed a path name with a trailing path separator (e.g. "dir/") and always treat them as directories.

4ec209cd

2019-03-29T12:30:37

tests: diff: test parsing diffs with a new file with spaces in its path Add a test that verifies that we are able to parse patches which add a new file that has spaces in its path.

71424f63

2019-03-22T23:56:10

patch_parse.c: Handle CRLF in parse_header_start

93971ca6

2019-03-15T13:08:18

ignore: add additional test cases

12bc7181

2019-03-14T15:51:15

ignore: Do not match on prefix of negated patterns Matching on the prefix of a negated pattern was triggering false negatives on siblings of that pattern. e.g. Given the .gitignore: dir/* !dir/sub1/sub2/** The path `dir/a.text` would not be ignored.

96b6fe11

2019-03-29T12:15:20

patch_parse: fix parsing addition/deletion of file with space The diff header format is a strange beast in that it is inherently unparseable in an unambiguous way. While parsing a/file.txt b/file.txt is obvious and trivially doable, parsing a diff header of a/file b/file ab.txt b/file b/file ab.txt is not (but in fact valid and created by git.git). Due to that, we have relaxed our diff header parser in commit 80226b5f6 (patch_parse: allow parsing ambiguous patch headers, 2017-09-22), so that we started to bail out when seeing diff headers with spaces in their file names. Instead, we try to use the "---" and "+++" lines, which are unambiguous. In some cases, though, we neither have a useable file name from the header nor from the "---" or "+++" lines. This is the case when we have a deletion or addition of a file with spaces: the header is unparseable and the other lines will simply show "/dev/null". This trips our parsing logic when we try to extract the prefix (the "a/" part) that is being used in the path line, where we unconditionally try to dereference a NULL pointer in such a scenario. We can fix this by simply not trying to parse the prefix in cases where we have no useable path name. That'd leave the parsed patch without either `old_prefix` or `new_prefix` populated. But in fact such cases are already handled by users of the patch object, which simply opt to use the default prefixes in that case.

aa877e09

2019-03-14T09:59:27

Implement failing test for gitignore of complex subdirectory negation When a directory's contents are ignored, and then a glob negation is made to a nested subdir, other subdirectories are now unignored

856afc27

2019-02-16T22:06:58

Fix a _very_ improbable memory leak in git_odb_new() This change fixes a mostly theoretical memory leak in got_odb_new() that can only manifest if git_cache_init() fails due to running out of memory or not being able to acquire its lock.

c79f9dae

2019-03-29T11:58:50

patch_parse: improve formatting

5189beb0

2019-02-16T19:55:30

Fix a memory leak in odb_otype_fast() This change frees a copy of a cached object in odb_otype_fast().

1df7d27a

2019-03-20T13:24:07

ignore: move tests from status to attr ignore suite

572e4d8c

2019-02-14T16:36:00

Merge pull request #4983 from libgit2/ethomson/v0_28_1 Release v0.28.1

65fff789

2019-02-14T13:37:00

Release v0.28.1

b8837827

2019-02-14T13:09:23

Merge pull request #4979 from libgit2/ethomson/deprecate Deprecation: export the deprecated functions properly

3f823c2b

2019-02-14T00:00:06

ci: enable hard deprecation Enable hard deprecation in our builds to ensure that we do not call deprecated functions internally.

dcf81cdb

2019-02-13T23:56:40

deprecation: optionally enable hard deprecation Add a CMake option to enable hard deprecation; the resultant library will _not_ include any deprecated functions. This may be useful for internal CI builds that create libraries that are not shared with end-users to ensure that we do not use deprecated bits internally.

24ac9e0c

2019-02-13T23:26:54

deprecation: ensure we GIT_EXTERN deprecated funcs Although the error functions were deprecated, we did not properly mark them as deprecated. We need to include the `deprecated.h` file in order to ensure that the functions get their export attributes. Similarly, do not define `GIT_DEPRECATE_HARD` within the library, or those functions will also not get their export attributes. Define that only on the tests and examples.

e1916376

2019-02-14T09:22:57

Merge pull request #4980 from libgit2/ethomson/ci_nightly ci: skip ssh tests on macOS nightly

ef91917f

2019-02-14T09:19:32

ci: skip ssh tests on macOS nightly Like 811c1c0f8f80521dccc746a7bff180cd77a783ff, disable the SSH tests on macOS until we can resolve the newly introduced infrastructure issues.

85b2bd41

2019-02-14T01:13:33

Merge pull request #4976 from libgit2/ethomson/readme_v028 CI build fixups

811c1c0f

2019-02-14T00:51:39

ci: skip ssh tests on macOS SSH tests on macOS have begun failing for an unknown reason after an infrastructure upgrade to macOS 10.13.6. Disable those tests temporarily, until we can resolve it.

44f82134

2019-02-13T11:18:35

ci: provide more information about OS Subtle changes in the host OS can have impacts in the CI system that may be hard to debug. We previously showed the results of `uname` which can be difficult to interpret. Provide more information where available.

6f778351

2019-02-13T11:15:12

README: use correct badge for nightlies The URL was incorrect for the nightly badge image; it was erroneously showing the master branch continuous integration build badge.

f34faaa8

2019-02-12T16:45:57

README: include build badge for v0.28 builds Include a build badge for `maint/v0.28` builds.

1a107fac

2019-02-02T10:25:54

Merge pull request #4970 from libgit2/ethomson/0_28 v0.28 rc1

3fe29c4d

2019-01-31T19:10:03

version: 0.28

63f96cd0

2019-01-31T19:09:42

changelog: this is 0.28

214457c6

2019-01-31T18:51:36

Merge pull request #4968 from tiennou/fix/documentation Docs

6853a250

2019-01-31T14:46:21

Merge branch 'pks/stream-truncated-writes'

75918aba

2019-01-23T14:43:54

mbedtls: make global variables static The mbedtls stream implementation makes use of some global variables which are not marked as `static`, even though they're only used in this compilation unit. Fix this and remove a duplicate declaration.

0ceac0d0

2019-01-23T14:45:19

mbedtls: fix potential size overflow when reading or writing data The mbedtls library uses a callback mechanism to allow downstream users to plug in their own receive and send functions. We implement `bio_read` and `bio_write` functions, which simply wrap the `git_stream_read` and `git_stream_write` functions, respectively. The problem arises due to the return value of the callback functions: mbedtls expects us to return an `int` containing the actual number of bytes that were read or written. But this is in fact completely misdesigned, as callers are allowed to pass in a buffer with length `SIZE_MAX`. We thus may be unable to represent the number of bytes written via the return value. Fix this by only ever reading or writing at most `INT_MAX` bytes.

657197e6

2019-01-23T15:54:05

openssl: fix potential size overflow when writing data Our `openssl_write` function calls `SSL_write` by passing in both `data` and `len` arguments directly. Thing is, our `len` parameter is of type `size_t` and theirs is of type `int`. We thus need to clamp our length to be at most `INT_MAX`.

7613086d

2019-01-23T15:49:28

streams: handle short writes only in generic stream Now that the function `git_stream__write_full` exists and callers of `git_stream_write` have been adjusted, we can lift logic for short writes out of the stream implementations. Instead, this is now handled either by `git_stream__write_full` or by callers of `git_stream_write` directly.

5265b31c

2019-01-23T15:00:20

streams: fix callers potentially only writing partial data Similar to the write(3) function, implementations of `git_stream_write` do not guarantee that all bytes are written. Instead, they return the number of bytes that actually have been written, which may be smaller than the total number of bytes. Furthermore, due to an interface design issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as otherwise we cannot represent the number of bytes written to the caller. Unfortunately, no caller of `git_stream_write` ever checks the return value, except to verify that no error occurred. Due to this, they are susceptible to the case where only partial data has been written. Fix this by introducing a new function `git_stream__write_full`. In contrast to `git_stream_write`, it will always return either success or failure, without returning the number of bytes written. Thus, it is able to write all `SIZE_MAX` bytes and loop around `git_stream_write` until all data has been written. Adjust all callers except the BIO callbacks in our mbedtls and OpenSSL streams, which already do the right thing and require the amount of bytes written.

193e7ce9

2019-01-23T15:42:07

streams: make file-local functions static The callback functions that implement the `git_stream` structure are only used inside of their respective implementation files, but they are not marked as `static`. Fix this.

9fd9126e

2019-01-30T21:19:18

docs: minor changes

2f1d6eff

2019-01-30T19:59:43

Merge pull request #4954 from tiennou/fix/documentation Documentation fixes

cf14215d

2019-01-28T12:41:22

Merge pull request #4964 from libgit2/ethomson/ci_nightly ci: add an individual coverity pipeline

52a97eed

2019-01-28T12:16:50

ci: add coverity badge to the README

0cf5b6b1

2019-01-28T10:48:49

ci: ignore coverity failures in nightly runs Coverity is back but it's only read-only! Agh. Just allow it to fail and not impact the overall job run.

690e55e0

2019-01-04T19:09:42

repo: split git_repository_open_flag_t options documentation inline

f6412c26

2019-01-15T13:35:41

transport: enhance documentation

2964fed0

2019-01-15T13:30:42

docs: document GIT_EUSER/GIT_EPASSTHROUGH

9e4d421e

2019-01-15T11:32:13

doc: clarify that git_time_t is seconds from the epoch

e9a34864

2019-01-27T22:47:09

Merge pull request #4961 from libgit2/ethomson/ci_docurium ci: run docurium to create documentation

92b52f36

2019-01-27T22:46:53

Merge pull request #4962 from libgit2/ethomson/ci_nightly ci: return coverity to the nightlies

08d71f72

2019-01-27T22:46:07

ci: return coverity to the nightlies

b1e28625

2019-01-26T19:43:33

Merge pull request #4950 from libgit2/ethomson/warnings Clean up some warnings

f56634f8

2019-01-26T19:40:19

Merge pull request #4869 from libgit2/ethomson/ci_nightly Nightlies: use `latest` docker images

ace20c6a

2019-01-26T16:59:32

ci: run docurium to create documentation Run docurium as part of the build. The goal of this is to be able to evaluate the documentation in a given pull request; as such, this does not implement any sort of deployment pipeline. This will allow us to download a snapshot of the documentation from the CI build and evaluate the docs for a particular pull request; before it's been merged.

4a798a91

2018-10-28T17:57:53

nightly: use latest images, not test images

fac08837

2019-01-21T11:38:46

filter: return an int Validate that the return value of the read is not less than INT_MAX, then cast.

89bd4ddb

2019-01-21T11:32:53

diff_generate: validate oid file size Index entries are 32 bit unsigned ints, not `size_t`s.

fd9d4e28

2019-01-21T11:29:16

describe: don't mix and match abbreviated size types The git_describe_format_options.abbreviated_size type is an unsigned int. There's no need for it to be anything else; keep it what it is.

751eb462

2019-01-21T11:20:18

delta: validate sizes and cast safely Quiet down a warning from MSVC about how we're potentially losing data. Validate that our data will fit into the type provided then cast.

4947216f

2019-01-21T11:11:27

git transport: only write INT_MAX bytes The transport code returns an `int` with the number of bytes written; thus only attempt to write at most `INT_MAX`.

a861839d

2019-01-21T10:55:59

windows: add SSIZE_MAX Windows doesn't include ssize_t or its _MAX value by default. We are already declaring ssize_t as SSIZE_T, which is __int64_t on Win64 and long otherwise. Include its _MAX value as a correspondence to its type.

f1986a23

2019-01-21T09:56:23

streams: don't write more than SSIZE_MAX Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).

e5e2fac8

2019-01-21T00:57:39

buffer: explicitly cast Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested it.

f4ebb2d4

2019-01-21T00:56:35

blame: make hunk_cmp handle unsigned differences

ae681d3f

2019-01-21T00:49:07

apply: make update_hunk accept a size_t

7ed2baf7

2019-01-21T00:41:50

MSVC: ignore empty compilation units (warning LNK4221) A number of source files have their implementation #ifdef'd out (because they target another platform). MSVC warns on empty compilation units (with warning LNK4221). Ignore warning 4221 when creating the object library.

3fba5891

2019-01-20T23:53:33

test: cast to a char the zstream test

f25bb508

2019-01-20T23:52:50

index test: cast times explicitly Cast actual filesystem data to the int32_t that index entries store.

1d4ddb8e

2019-01-20T23:42:08

iterator: cast filesystem iterator entry values explicitly The filesystem iterator takes `stat` data from disk and puts them into index entries, which use 32 bit ints for time (the seconds portion) and filesize. However, on most systems these are not 32 bit, thus will typically invoke a warning. Most users ignore these fields entirely. Diff and checkout code do use the values, however only for the cache to determine if they should check file modification. Thus, this is not a critical error (and will cause a hash recomputation at worst).

c6cac733

2019-01-20T22:40:38

blob: validate that blob sizes fit in a size_t Our blob size is a `git_off_t`, which is a signed 64 bit int. This may be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob size fits into a `size_t` before casting.

3aa6d96a

2019-01-20T20:38:25

tree: cast filename length in git_tree__parse_raw Quiet down a warning from MSVC about how we're potentially losing data. Ensure that we're within a uint16_t before we do.

759502ed

2019-01-20T20:30:42

odb_loose: explicitly cast to size_t Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested that it's positive and less than SIZE_MAX.

80c3867b

2019-01-20T19:20:12

patch: explicitly cast down in parse_header_percent Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested that it's within the range of 0-100.

494448a5

2019-01-20T19:10:08

index: explicitly cast down to a size_t Quiet down a warning from MSVC about how we're potentially losing data. This cast is safe since we've explicitly tested that `strip_len` <= `last_len`.

c3866fa8

2019-01-20T18:54:16

diff: explicitly cast in flush_hunk Quiet down a warning from MSVC about how we're potentially losing data.

826d9a4d

2019-01-25T09:43:20

Merge pull request #4858 from tiennou/fix/index-ext-read index: preserve extension parsing errors

859d9229

2019-01-25T09:41:41

Merge pull request #4952 from libgit2/ethomson/deprecation Deprecate functions and constants more gently

c951b825

2019-01-23T00:32:40

deprecation: define GIT_DEPRECATE_HARD internally Ensure that we do not use any deprecated functions in the library source, test code or examples.

9f3a5a64

2019-01-23T00:29:03

deprecation: offer GIT_DEPRECATE_HARD Users can define `GIT_DEPRECATE_HARD` if they want to remove all functions that we've "softly" deprecated.

9c5e05ad

2019-01-23T10:43:29

deprecation: move deprecated tests into their own file Move the deprecated stream tests into their own compilation unit. This will allow us to disable any preprocessor directives that apply to deprecation just for these tests (eg, disabling `GIT_DEPRECATED_HARD`).

e09f0c10

2019-01-23T10:21:42

deprecation: don't use deprecated stream cb Avoid the deprecated `git_stream_cb` typedef since we want to compile the library without deprecated functions or types. Instead, we can unroll the alias to its actual type.

09e2ea2f

2019-01-23T09:44:40

deprecation: provide docurium deprecation note Add `@deprecated` to the functions that are, so that they'll appear that way in docurium.

53d13fb3

2019-01-23T09:42:55

deprecation: deprecated stream registration in if guard `git_stream_register_tls` is now deprecated; mark it in an if guard with the deprecation. This should not be included in `deprecated.h` since it is an uncommonly used `sys` header file.

769e9274

2019-01-23T00:42:22

deprecation: update changelog to reflect new policies

a7d0d14f

2019-01-23T00:07:40

deprecation: move deprecated bits to deprecated.h

1c3daccf

2019-01-23T09:51:50

fuzzers: don't use deprecated types

cc5da0a6

2019-01-23T09:36:52

examples: don't use deprecated types

5524a467

2019-01-25T09:06:27

Merge pull request #4957 from csware/deprecated Don't use deprecated constants

bff7aed2

2019-01-24T16:44:04

Don't use deprecated constants Follow up for PR #4917. Signed-off-by: Sven Strickroth <email@cs-ware.de>

0bf7e043

2019-01-24T12:12:04

index: preserve extension parsing errors Previously, we would clobber any extension-specific error message with an "extension is truncated" message. This makes `read_extension` correctly preserve those errors, takes responsibility for truncation errors, and adds a new message with the actual extension signature for unsupported mandatory extensions.

80be19b9

2019-01-24T11:59:48

Merge pull request #4955 from csware/c4098 Fix VS warning C4098: 'giterr_set_str' : void function returning a value

53bf0bde

2019-01-24T11:29:36

Fix VS warning C4098: 'giterr_set_str' : void function returning a value Signed-off-by: Sven Strickroth <email@cs-ware.de>

635693d3

2019-01-22T22:52:06

Merge pull request #4917 from libgit2/ethomson/giterr Move `giterr` to `git_error`

a27a4de6

2019-01-10T22:48:03

errors: update docs for giterr changes

00c66dfd

2019-01-10T22:43:59

errors: update static analysis tools for giterr Update GITERR and giterr usages in the static code analysis tools to use the new names.

fcc7dcb1

2019-01-10T22:39:56

errors: remove giterr usage in examples

115a6c50

2019-01-10T21:44:26

errors: remove giterr usage in fuzzers

f673e232

2018-12-27T13:47:34

git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.

647dfdb4

2019-01-10T22:13:07

git_error: deprecate error values Replace the `GITERR` values with a `const int` to deprecate error values.

20961b98

2018-12-26T14:06:21

git_error: use full class name in public error API Move to the `git_error` name in error-related functions, deprecating the `giterr` functions. This means, for example, that `giterr_last` is now `git_error_last`. The old names are retained for compatibility. This only updates the public API; internal API and function usage remains unchanged.

6b2cd0ed

2019-01-20T20:55:00

Merge pull request #4949 from zlikavac32/fix-odb-foreach-cb-positive-error-code odb: Fix odb foreach to also close on positive error code

f7416509

2019-01-20T20:15:31

Fix odb foreach to also close on positive error code In include/git2/odb.h it states that callback can also return positive value which should break looping. Implementations of git_odb_foreach() and pack_backend__foreach() did not respect that.

68166017

2019-01-20T18:33:36

Merge pull request #4948 from libgit2/ethomson/memleaks repository: free memory in symlink detection function

thodg/libgit2

Log