kmx git

Commit	Date	Message
3a197ea7	2020-06-27T12:33:32	Make the tests pass cleanly with MemorySanitizer This change: * Initializes a few variables that were being read before being initialized. * Includes https://github.com/madler/zlib/pull/393. As such, it only works reliably with `-DUSE_BUNDLED_ZLIB=ON`.
cad7a1ba	2020-06-05T08:42:38	clar: include the function name
f88e12db	2020-05-23T09:35:53	checkout::index: free the index
915f8860	2020-05-16T14:00:11	tests: checkout: fix stylistic issues and static variable The test case checkout::index::can_disable_pathspec_match has some shortcomings when it comes to coding style, which didn't fit our own coding style. Furthermore, it had an unnecessary static local variable. The test has been refactored to address these issues.
d62e44cb	2019-06-03T18:35:08	checkout: Fix removing untracked files by path in subdirectories The checkout code didn't iterate into a subdir if it didn't match the pathspec, but since the pathspec might match files in the subdir we should recurse into it (In contrast to gitignore handling). Fixes #5089
8731e1f4	2020-02-02T19:01:15	tests::checkout: only examine test10 and test11.txt The checkout::index::can_disable_pathspec_match test attempts to set a path filter of `test11.txt` and `test12.txt`, but then validates that `test10.txt` and `test11.txt` were left unmodified. Update the test's path filter to match the expectation.
24bd12c4	2020-02-02T01:00:15	Create test case demonstrating checkout bug w/ pathspec match disabled
3f7851ea	2019-09-18T14:32:05	Disallow NTFS Alternate Data Stream attacks, even on Linux/macOS A little-known feature of NTFS is that it offers to store metadata in so-called "Alternate Data Streams" (inspired by Apple's "resource forks") that are copied together with the file they are associated with. These Alternate Data Streams can be accessed via `<file name>:<stream name>:<stream type>`. Directories, too, have Alternate Data Streams, and they even have a default stream type `$INDEX_ALLOCATION`. Which means that `abc/` and `abc::$INDEX_ALLOCATION/` are actually equivalent. This is of course another attack vector on the Git directory that we definitely want to prevent. On Windows, we already do this incidentally, by disallowing colons in file/directory names. While it looks as if files'/directories' Alternate Data Streams are not accessible in the Windows Subsystem for Linux, and neither via CIFS/SMB-mounted network shares in Linux, it _is_ possible to access them on SMB-mounted network shares on macOS. Therefore, let's go the extra mile and prevent this particular attack _everywhere_. To keep things simple, let's just disallow any Alternate Data Stream of `.git`. This is libgit2's variant of CVE-2019-1352. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
64c612cc	2019-09-18T15:25:02	Protect against 8.3 "short name" attacks also on Linux/macOS The Windows Subsystem for Linux (WSL) is getting increasingly popular, in particular because it makes it _so_ easy to run Linux software on Windows' files, via the auto-mounted Windows drives (`C:\` is mapped to `/mnt/c/`, no need to set that up manually). Unfortunately, files/directories on the Windows drives can be accessed via their _short names_, if that feature is enabled (which it is on the `C:` drive by default). Which means that we have to safeguard even our Linux users against the short name attacks. Further, while the default options of CIFS/SMB-mounts seem to disallow accessing files on network shares via their short names on Linux/macOS, it _is_ possible to do so with the right options. So let's just safe-guard against short name attacks _everywhere_. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
ded77bb1	2019-06-29T09:58:34	path: extract function to check whether a path supports symlinks When initializing a repository, we need to check whether its working directory supports symlinks to correctly set the initial value of the "core.symlinks" config variable. The code to check the filesystem is reusable in other parts of our codebase, like for example in our tests to determine whether certain tests can be expected to succeed or not. Extract the code into a new function `git_path_supports_symlinks` to avoid duplicate implementations. Remove a duplicate implementation in the repo test helper code.
e54343a4	2019-06-29T09:17:32	fileops: rename to "futils.h" to match function signatures Our file utils functions all have a "futils" prefix, e.g. `git_futils_touch`. One would thus naturally guess that their definitions and implementation would live in files "futils.h" and "futils.c", respectively, but in fact they live in "fileops.h". Rename the files to match expectations.
658022c4	2019-07-18T13:53:41	configuration: cvar -> configmap `cvar` is an unhelpful name. Refactor its usage to `configmap` for more clarity.
0b5ba0d7	2019-06-06T16:36:23	Rename opt init functions to `options_init` In libgit2 nomenclature, when we need to verb a direct object, we name a function `git_directobject_verb`. Thus, if we need to init an options structure named `git_foo_options`, then the name of the function that does that should be `git_foo_options_init`. The previous names of `git_foo_init_options` is close - it _sounds_ as if it's initializing the options of a `foo`, but in fact `git_foo_options` is its own noun that should be respected. Deprecate the old names; they'll now call directly to the new ones.
cb28df20	2019-06-07T14:29:47	tests: checkout: fix symlink.git being created outside of sandbox The function `populate_symlink_workdir` creates a new "symlink.git" repository with a relative path "../symlink.git". As the current working directory is the sandbox, the new repository will be created just outside of the sandbox. Fix this by using `clar_sandbox_path`.
f673e232	2018-12-27T13:47:34	git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
ed8cfbf0	2019-01-17T00:32:31	references: use new names in internal usage Update internal usage to use the `git_reference` names for constants.
e385e647	2018-12-19T12:08:17	checkout::crlf: ensure success Wrap function calls in the `checkout::crlf` tests with `cl_git_pass`, `cl_assert`, etc. to ensure that they're successful.
c3169e6f	2018-12-01T19:59:41	checkout::crlf clear the crlf workdir for checkout After sandboxing the crlf directory, remove the working directory contents. This allows us to package data within the crlf directory (for simplicity, this allows us to script the to-odb and to-workdir crlf filter conversion data in a single location).
13a8bc92	2018-12-01T18:32:01	crlf_data: move to a "to_workdir" folder Move the crlf_data folders reponsible for holding the state of the filters going into the working directory to "to_workdir" variations of the folder name to accommodate future growth into the "to odb" filter variation. Update the script to create these new folders as appopriate.
168fe39b	2018-11-28T14:26:57	object_type: use new enumeration names Use the new object_type enumeration names within the codebase.
18e71e6d	2018-11-28T13:31:06	index: use new enum and structure names Use the new-style index names throughout our own codebase.
da500cc6	2018-10-20T05:43:40	symlink tests: test symbolic links on windows Test updated symbolic link creation on Windows. Ensure that we emulate Git for Windows behavior. Ensure that when `core.symlinks=true` is set in a global configuration that new repositories are created without a `core.symlinks` setting, and that when `core.symlinks` is unset that `core.symlinks=false` in set in the repository. Further ensure that checkout honors the expected `core.symlinks` defaults on Windows.
628dae8b	2018-10-19T03:14:35	tests: provide symlink support helper function
df1733de	2018-07-16T05:16:41	checkout tests: ensure readlink succeeds Don't try to use `link_size` as an index into a string if `p_readlink` returned <0. That will - obviously - fail and we'll write out of bounds.
e4ac4000	2018-07-02T12:57:56	checkout tests: test symlinks based on support, not platform When testing whether symlinks are correctly checked out, examine the `core.symlinks` configuration option to determine if symlinks are supported in a repository, don't simply assume that Windows means that symbolic links are not supported. Further, when testing the expected default behavior of `core.symlinks`, test the filesystem's support to determine if symlinks are supported. Finally, ensure that `core.symlinks=true` fails on a system where symlinks are actually not supported. This aligns with the behavior of Git for Windows.
7b6875f4	2018-07-02T12:25:45	checkout tests: don't use GetFinalPathNameByHandle To determine the canonical filename for a given path, we previously looked at the directory entries on POSIX systems and used GetFinalPathNameByHandle on Windows. However, GetFinalPathNameByHandle requires a HANDLE - the results of CreateFile - and you cannot CreateFile on a symbolic link. To support finding the canonical path of a symbolic link, simply use the existing POSIX code to look at the directory entries.
0652abaa	2018-07-20T12:56:49	Merge pull request #4702 from tiennou/fix/coverity Assorted Coverity fixes
9994cd3f	2018-06-25T11:56:52	treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.
8455a270	2018-07-01T12:04:27	tests: add missing cl_git_pass to tests Reported by Coverity, CID 1393678-1393697.
5e26391a	2018-06-18T18:28:08	checkout: FORCE doesn't halt on dirty index If the index is dirty, allow `GIT_CHECKOUT_FORCE` to obliterate unsaved changes. This is in keeping with its name and description.
b242cdbf	2017-11-17T00:19:07	index: commit the changes to the index properly Now that the index has a "dirty" state, where it has changes that have not yet been committed or rolled back, our tests need to be adapted to actually commit or rollback the changes instead of assuming that the index can be operated on in its indeterminate state.
55a96606	2018-06-18T16:14:26	checkout tests: validate GIT_CHECKOUT_NO_REFRESH Add tests that ensure that we re-read the on-disk image by default during checkout, but when the `GIT_CHECKOUT_NO_REFRESH` option is specified, we do _not_ re-read the index.
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
3fbfae26	2018-05-22T20:37:23	checkout: change symlinked .gitmodules file test to expect failure When dealing with `core.proectNTFS` and `core.protectHFS` we do check against `.gitmodules` but we still have a failing test as the non-filesystem codepath does not check for it.
a145f2b6	2018-05-22T14:16:45	checkout: add a failing test for refusing a symlinked .gitmodules We want to reject these as they cause compatibility issues and can lead to git writing to files outside of the repository.
bc5ced66	2018-04-04T21:28:31	diff: Add missing GIT_DELTA_TYPECHANGE -> 'T' mapping. This adds the 'T' status character to git_diff_status_char() for diff entries that change type.
275693e2	2018-02-20T12:45:40	checkout test: ensure workdir mode is simplified Ensure that when examining the working directory for checkout that the mode is correctly simplified. Git only pays attention to whether a file is executable or not. When examining a working directory, we should coalesce modes in the working directory to either `0755` (indicating that a file is executable) or `0644` (indicating that it is not). Test this by giving the file an exotic mode, and ensuring that when checkout out a branch that changes the file's contents, that we do not have a checkout conflict.
ec96db57	2018-02-20T00:32:38	checkout test: add core.filemode checkout tests Add two tests for filemode. The first ensures that `core.filemode=true` is honored: if we have changed the filemode such that a file that _was_ executable (mode 0755) is now executable (mode 0644) and we go to check out a branch that has otherwise changed the contents of the file, then we should raise a checkout conflict for that file. The second ensures that `core.filemode=false` is honored: in the same situation, we set a file that was executable to be non-executable, and check out the branch that changes the contents of the file. However, since `core.filemode` is false, we do not detect the filemode change. We run these tests on both operating systems that obey `core.filemode` (eg, POSIX) and those that have no conception of filemode (eg, Win32). This ensures that `core.filemode` is always honored, as it is a cache of the underlying filesystem's settings. This ensures that we do not make assumptions based on the operating system, and honor the configuration setting even if it were misconfigured.
4e4771dc	2018-02-19T22:10:44	checkout test: further ensure workdir perms are updated When both the index _and_ the working directory has changed permissions on a file permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.
8858a684	2018-02-19T22:09:27	checkout test: ensure workdir perms are updated When the working directory has changed permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.
72c28ab0	2017-06-07T10:59:03	tests: status::worktree: indicate skipped tests on Win32 Some function bodies of tests which are not applicable to the Win32 platform are completely #ifdef'd out instead of calling `cl_skip()`. This leaves us with no indication that these tests are not being executed at all and may thus cause decreased scrutiny when investigating skipped tests. Improve the situation by calling `cl_skip()` instead of just doing nothing.
09c15a7f	2017-10-09T09:08:19	tests: checkout::tree: check that the status list catches mode changes While we verify that we have no mode changes after calling `git_checkout_tree`, we do not verify that the `p_chmod` calls actually resulted in a changed entry. While we should assume that this works due to separate tests for the status list, we should test for the change being listed to avoid programming errors in the test.
880dfc50	2017-10-09T09:06:24	tests: checkout::tree: extract check for status entrycount There are multiple locations where we have the same code to check whether the count of status list entries of a repository matches an expected number. Extract that into a common function.
19e8faba	2016-06-15T01:59:56	checkout: test force checkout when mode changes Test that we can successfully force checkout a target when the file contents are identical, but the mode has changed.
0ef405b3	2017-02-15T14:05:10	checkout: do not delete directories with untracked entries If the `GIT_CHECKOUT_FORCE` flag is given to any of the `git_checkout` invocations, we remove files which were previously staged. But while doing so, we unfortunately also remove unstaged files in a directory which contains at least one staged file, resulting in potential data loss. This commit adds two tests to verify behavior.
78b8f039	2017-02-15T14:00:38	tests: fix indentation in checkout::head::with_index_only_tree
1f813cf2	2017-01-23T17:32:13	checkout::tree test: cleanup memory leak
5f959dca	2016-12-29T19:26:50	Fix handling of GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH flag. git_checkout_tree() sets up its working directory iterator to respect the pathlist if GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH is present, which is great. What's not so great is that this iterator is then used side-by-side with an iterator created by git_checkout_iterator(), which did not set up its pathlist appropriately (although the iterator mirrors all other iterator options). This could cause git_checkout_tree() to delete working tree files which were not specified in the pathlist when GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH was used, as the unsynchronized iterators causes git_checkout_tree() to think that files have been deleted between the two trees. Oops. And added a test which fails without this fix (specifically, the final check for "testrepo/README" to still be present fails).
88cfe614	2016-08-24T01:20:39	git_checkout_tree options fix According to the reference the git_checkout_tree and git_checkout_head functions should accept NULL in the opts field This was broken since the opts field was dereferenced and thus lead to a crash.
bb0bd71a	2016-06-15T15:47:28	checkout: use empty baseline when no index When no index file exists and a baseline is not explicitly provided, use an empty baseline instead of trying to load `HEAD`.
292c6027	2016-06-07T12:29:16	tests: fix memory leaks in checkout::typechange
c2f18b9b	2016-05-26T10:51:16	cleanup: unused warning
e102daa4	2016-05-26T10:25:40	Merge pull request #3798 from mmuman/stat-test-fix test: Fix stat() test to mask out unwanted bits
afab1fff	2016-02-16T21:02:41	checkout: handle dirty submodules correctly Don't generate conflicts when checking out a modified submodule and the submodule is dirty or modified in the workdir.
407f2e9f	2016-05-24T19:07:09	test: Fix stat() test to mask out unwanted bits Haiku and Hurd both pass extra bits in struct stat::st_mode.
35439f59	2016-02-11T12:24:21	win32: introduce p_timeval that isn't stupid Windows defines `timeval` with `long`, which we cannot sanely cope with. Instead, use a custom timeval struct.
326c9fc2	2015-12-01T20:41:23	checkout test: Apply umask to file-mode test as well Fix the file-mode test to expect system umask being applied to the created file as well (it is currently applied to the directory only). This fixes the test on systems where umask != 022. Signed-off-by: Michał Górny <mgorny@gentoo.org>
87428c55	2015-11-20T20:48:51	Fix some warnings
de999f26	2015-11-13T15:36:45	checkout::crlf test: don't crash when no idx entry When there's no matching index entry (for whatever reason), don't try to dereference the null return value to get at the id. Otherwise when we break something in the index API, the checkout test crashes for confusing reasons and causes us to step through it in a debugger thinking that we had broken much more than we actually did.
0226f7dd	2015-08-29T13:59:20	diff/index: respect USE_NSEC for racily clean file detection
ac2fba0e	2015-09-16T15:07:27	git_futils_mkdir_*: make a relative-to-base mkdir Untangle git_futils_mkdir from git_futils_mkdir_ext - the latter assumes that we own everything beneath the base, as if it were being called with a base of the repository or working directory, and is tailored towards checkout and ensuring that there is no bogosity beneath the base that must be cleaned up. This is (at best) slow and (at worst) unsafe in the larger context of a filesystem where we do not own things and cannot do things like unlink symlinks that are in our way.
eea7c850	2015-09-16T05:44:27	checkout: overwrite files with differing modes When a file exists on disk and we're checking out a file that differs in executableness, remove the old file. This allows us to recreate the new file with p_open, which will take the new mode into account and handle setting the umask properly. Remove any notion of chmod'ing existing files, since it is now handled by the aforementioned removal and was incorrect, as it did not take umask into account.
6fe32284	2015-09-16T10:17:54	checkout::tree tests: don't use hardcoded mode
b4d183a7	2015-09-16T04:12:47	checkout::tree tests: don't use static buffer
33cad995	2015-06-01T14:31:49	Check that checkout preserves filemode in working directory.
6124d983	2015-06-01T11:16:36	Check that an executable in index is not an executable after checkout.
504b0697	2015-06-30T14:25:00	checkout test: mark unused vars
64c415c2	2015-06-29T22:12:20	checkout test: check getcwd return value
afd8a94e	2015-06-26T18:49:39	checkout: plug a few leaks
1e46d545	2015-06-09T03:50:00	crlf tests: ensure that Unix obeys autocrlf=true All platforms do terrible, horrible, no good, very bad translation when core.autocrlf=true. It's not just Windows!
3d92b9ab	2015-06-08T09:08:01	crlf tests: use known-good data produced by git Given a variety of combinations of core.autocrlf settings and attributes settings, test that we check out data into the working directory the same as a known-good test resource created by git.git.
bd5e59ee	2015-06-08T09:04:39	crlf: include utf8 resources in master branch Include the UTF8 and UTF8 BOM tests in the master crlf test branch for completeness.
863dd89a	2015-06-18T12:45:40	tests: tick over five seconds instead of one When ticking over one second, it can happen that the actual time ticks over the same second between the time that we undermine our own race protections and the time in which we perform the index update. Such timing would make the time in the entries match the index' timestamp and we have not gained anything. Ticking over five seconds makes it so that if real-time rolls over that second, our index is still ahead. This is still suboptimal as we're dealing with timing, but five seconds should be long enough for any reasonable test runner to finish the tests.
85a5e8eb	2015-06-17T09:00:23	Fixed Xcode 6.1 build warnings
121c3171	2015-06-16T15:18:04	Introduce p_utimes and p_futimes Provide functionality to set the time on a filesystem entry, using utimes or futimes on POSIX type systems or SetFileTime on Win32.
e44abe16	2015-06-16T08:51:45	tests: tick the index when we count OID calculations These tests want to test that we don't recalculate entries which match the index already. This is however something we force when truncating racily-clean entries. Tick the index forward as we know that we don't perform the modifications which the racily-clean code is trying to avoid.
c4e6ab5f	2015-06-15T14:32:08	crlf: tick the index forward to work around racy-git behaviour In order to avoid racy-git, we zero out the file size for entries with the same timestamp as the index (or during the initial checkout). This is the case in a couple of crlf tests, as the code is fast enough to do everything in the same second. As we know that we do not perform the modification just after writing out the index, which is what this is designed to work around, tick the mtime of the index file such that it doesn't agree with the files anymore, and we do not zero out these entries.
26d5c0b8	2015-06-12T09:28:47	Fix leaks in tests/checkout/icase
885b94aa	2015-05-28T15:26:13	Rename GIT_EMERGECONFLICT to GIT_ECONFLICT We do not error on "merge conflicts"; on the contrary, merge conflicts are a normal part of merging. We only error on "checkout conflicts", where a change exists in the index or the working directory that would otherwise be overwritten by performing the checkout. This may happen during merge (after the production of the new index that we're going to checkout) but it could happen during any checkout.
2f1080ea	2015-05-19T11:17:07	conflict tests: use GIT_IDXENTRY_STAGE_SET
1ecbcd8e	2015-05-26T19:16:27	Fix ident replacement to match Git behavior Git inserts a space after the SHA1 (as of 2.1.4 at least), so do the same.
8f0104ec	2015-04-21T22:10:36	Remove the callbacks struct from the remote Having the setting be different from calling its actions was not a great idea and made for the sake of the wrong convenience. Instead of that, accept either fetch options, push options or the callbacks when dealing with the remote. The fetch options are currently only the callbacks, but more options will be moved from setters and getters on the remote to the options. This does mean passing the same struct along the different functions but the typical use-case will only call git_remote_fetch() or git_remote_push() and so won't notice much difference.
cd79d99a	2015-04-23T15:58:53	checkout test: better case-insensitive test on Mac On Mac OS, `realpath` is deficient in determining the actual filename on-disk as it will simply provide the string you gave it if that file exists, instead of returning the filename as it exists. Instead we must read the directory entries for the parent directory to get the canonical filename.
64842d87	2015-04-23T09:21:33	checkout test: only run icase on icase platform
05f69012	2015-03-31T16:28:13	checkout: remove blocking dir when FORCEd
3520c970	2015-03-27T15:39:28	Revert "Always checkout with case sensitive iterator" This reverts commit 40d791545abfb3cb71553a27dc64129e1a9bec28.
6dfd8506	2015-04-01T15:23:37	checkout test: ensure we write to casechanged dir Ensure that on a case insensitive filesystem that we can checkout into some folder 'FOLDER' that exists on disk, even if the target of the checkout is a different case (eg 'folder').
431f9807	2015-03-27T15:33:44	checkout test: ignore unstaged case-changing renames On Windows, you might sloppily rewrite a file (or have a sloppy text editor that does it for you) and accidentally change its case. (eg, "README" -> "readme"). Git ignores this accidental case changing rename during checkout and will happily write the new content to the file despite the name change. We should, too.
27fa7477	2015-04-23T10:54:08	Merge pull request #3032 from jfultz/index-file-modes Fix git_checkout_tree() to do index filemodes correctly on Windows.
63af449e	2015-04-10T11:33:14	Merge pull request #3030 from linquize/symlink_supported If work_dir is not specified, use repo_dir to test if symlink is supported
67db2bde	2015-03-10T12:02:45	Fix git_checkout_tree() to do index filemodes correctly on Windows. git_checkout_tree() has some fallback behaviors for file systems which don't have full support of filemodes. Generally works fine, but if a given file had a change of type from a 0644 to 0755 (i.e., you add executable permissions), the fallback behavior incorrectly triggers when writing hte updated index. This would cause a git_checkout_tree() command, even with the GIT_CHECKOUT_FORCE option set, to leave a dirty index on Windows. Also added checks to an existing test to catch this case.
7c2a2172	2015-04-04T00:29:01	Test: Create repo in while current dir is readonly and checkout symlink
7c2b9e06	2015-03-22T19:06:53	Illustrate bad checkout on Windows
118e6fdc	2015-03-16T23:08:16	Lower case the include directive of windows header Since the Linux platform has a case sensitive file system, the header name should be lower case for cross compiling purposes. (On Linux, the mingw header is called ```windows.h```).
76f03418	2015-03-03T17:04:38	Remove swp files
4e498646	2015-01-15T16:50:31	repository: remove log message override for switching the active branch We want to use the "checkout: moving from ..." message in order to let git know when a change of branch has happened. Make the convenience functions for this goal write this message.
6bfb990d	2015-01-07T14:47:02	branch: don't accept a reflog message override This namespace is about behaving like git's branch command, so let's do exactly that instead of taking a reflog message. This override is still available via the reference namespace.
23a17803	2015-01-07T14:16:50	reset: remove reflog message override This function is meant to simulate what git does in the reset command, so we should include the reflog message in that.
659cf202	2015-01-07T12:23:05	Remove the signature from ref-modifying functions The signature for the reflog is not something which changes dynamically. Almost all uses will be NULL, since we want for the repository's default identity to be used, making it noise. In order to allow for changing the identity, we instead provide git_repository_set_ident() and git_repository_ident() which allow a user to override the choice of signature.
496b76d4	2015-02-27T11:02:37	checkout tests: just use SAFE where appropriate

3a197ea7

2020-06-27T12:33:32

Make the tests pass cleanly with MemorySanitizer This change: * Initializes a few variables that were being read before being initialized. * Includes https://github.com/madler/zlib/pull/393. As such, it only works reliably with `-DUSE_BUNDLED_ZLIB=ON`.

cad7a1ba

2020-06-05T08:42:38

clar: include the function name

f88e12db

2020-05-23T09:35:53

checkout::index: free the index

915f8860

2020-05-16T14:00:11

tests: checkout: fix stylistic issues and static variable The test case checkout::index::can_disable_pathspec_match has some shortcomings when it comes to coding style, which didn't fit our own coding style. Furthermore, it had an unnecessary static local variable. The test has been refactored to address these issues.

d62e44cb

2019-06-03T18:35:08

checkout: Fix removing untracked files by path in subdirectories The checkout code didn't iterate into a subdir if it didn't match the pathspec, but since the pathspec might match files in the subdir we should recurse into it (In contrast to gitignore handling). Fixes #5089

8731e1f4

2020-02-02T19:01:15

tests::checkout: only examine test10 and test11.txt The checkout::index::can_disable_pathspec_match test attempts to set a path filter of `test11.txt` and `test12.txt`, but then validates that `test10.txt` and `test11.txt` were left unmodified. Update the test's path filter to match the expectation.

24bd12c4

2020-02-02T01:00:15

Create test case demonstrating checkout bug w/ pathspec match disabled

3f7851ea

2019-09-18T14:32:05

Disallow NTFS Alternate Data Stream attacks, even on Linux/macOS A little-known feature of NTFS is that it offers to store metadata in so-called "Alternate Data Streams" (inspired by Apple's "resource forks") that are copied together with the file they are associated with. These Alternate Data Streams can be accessed via `<file name>:<stream name>:<stream type>`. Directories, too, have Alternate Data Streams, and they even have a default stream type `$INDEX_ALLOCATION`. Which means that `abc/` and `abc::$INDEX_ALLOCATION/` are actually equivalent. This is of course another attack vector on the Git directory that we definitely want to prevent. On Windows, we already do this incidentally, by disallowing colons in file/directory names. While it looks as if files'/directories' Alternate Data Streams are not accessible in the Windows Subsystem for Linux, and neither via CIFS/SMB-mounted network shares in Linux, it _is_ possible to access them on SMB-mounted network shares on macOS. Therefore, let's go the extra mile and prevent this particular attack _everywhere_. To keep things simple, let's just disallow *any* Alternate Data Stream of `.git`. This is libgit2's variant of CVE-2019-1352. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

64c612cc

2019-09-18T15:25:02

Protect against 8.3 "short name" attacks also on Linux/macOS The Windows Subsystem for Linux (WSL) is getting increasingly popular, in particular because it makes it _so_ easy to run Linux software on Windows' files, via the auto-mounted Windows drives (`C:\` is mapped to `/mnt/c/`, no need to set that up manually). Unfortunately, files/directories on the Windows drives can be accessed via their _short names_, if that feature is enabled (which it is on the `C:` drive by default). Which means that we have to safeguard even our Linux users against the short name attacks. Further, while the default options of CIFS/SMB-mounts seem to disallow accessing files on network shares via their short names on Linux/macOS, it _is_ possible to do so with the right options. So let's just safe-guard against short name attacks _everywhere_. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

ded77bb1

2019-06-29T09:58:34

path: extract function to check whether a path supports symlinks When initializing a repository, we need to check whether its working directory supports symlinks to correctly set the initial value of the "core.symlinks" config variable. The code to check the filesystem is reusable in other parts of our codebase, like for example in our tests to determine whether certain tests can be expected to succeed or not. Extract the code into a new function `git_path_supports_symlinks` to avoid duplicate implementations. Remove a duplicate implementation in the repo test helper code.

e54343a4

2019-06-29T09:17:32

fileops: rename to "futils.h" to match function signatures Our file utils functions all have a "futils" prefix, e.g. `git_futils_touch`. One would thus naturally guess that their definitions and implementation would live in files "futils.h" and "futils.c", respectively, but in fact they live in "fileops.h". Rename the files to match expectations.

658022c4

2019-07-18T13:53:41

configuration: cvar -> configmap `cvar` is an unhelpful name. Refactor its usage to `configmap` for more clarity.

0b5ba0d7

2019-06-06T16:36:23

Rename opt init functions to `options_init` In libgit2 nomenclature, when we need to verb a direct object, we name a function `git_directobject_verb`. Thus, if we need to init an options structure named `git_foo_options`, then the name of the function that does that should be `git_foo_options_init`. The previous names of `git_foo_init_options` is close - it _sounds_ as if it's initializing the options of a `foo`, but in fact `git_foo_options` is its own noun that should be respected. Deprecate the old names; they'll now call directly to the new ones.

cb28df20

2019-06-07T14:29:47

tests: checkout: fix symlink.git being created outside of sandbox The function `populate_symlink_workdir` creates a new "symlink.git" repository with a relative path "../symlink.git". As the current working directory is the sandbox, the new repository will be created just outside of the sandbox. Fix this by using `clar_sandbox_path`.

f673e232

2018-12-27T13:47:34

git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.

ed8cfbf0

2019-01-17T00:32:31

references: use new names in internal usage Update internal usage to use the `git_reference` names for constants.

e385e647

2018-12-19T12:08:17

checkout::crlf: ensure success Wrap function calls in the `checkout::crlf` tests with `cl_git_pass`, `cl_assert`, etc. to ensure that they're successful.

c3169e6f

2018-12-01T19:59:41

checkout::crlf clear the crlf workdir for checkout After sandboxing the crlf directory, remove the working directory contents. This allows us to package data within the crlf directory (for simplicity, this allows us to script the to-odb and to-workdir crlf filter conversion data in a single location).

13a8bc92

2018-12-01T18:32:01

crlf_data: move to a "to_workdir" folder Move the crlf_data folders reponsible for holding the state of the filters going into the working directory to "to_workdir" variations of the folder name to accommodate future growth into the "to odb" filter variation. Update the script to create these new folders as appopriate.

168fe39b

2018-11-28T14:26:57

object_type: use new enumeration names Use the new object_type enumeration names within the codebase.

18e71e6d

2018-11-28T13:31:06

index: use new enum and structure names Use the new-style index names throughout our own codebase.

da500cc6

2018-10-20T05:43:40

symlink tests: test symbolic links on windows Test updated symbolic link creation on Windows. Ensure that we emulate Git for Windows behavior. Ensure that when `core.symlinks=true` is set in a global configuration that new repositories are created without a `core.symlinks` setting, and that when `core.symlinks` is unset that `core.symlinks=false` in set in the repository. Further ensure that checkout honors the expected `core.symlinks` defaults on Windows.

628dae8b

2018-10-19T03:14:35

tests: provide symlink support helper function

df1733de

2018-07-16T05:16:41

checkout tests: ensure readlink succeeds Don't try to use `link_size` as an index into a string if `p_readlink` returned <0. That will - obviously - fail and we'll write out of bounds.

e4ac4000

2018-07-02T12:57:56

checkout tests: test symlinks based on support, not platform When testing whether symlinks are correctly checked out, examine the `core.symlinks` configuration option to determine if symlinks are supported in a repository, don't simply assume that Windows means that symbolic links are not supported. Further, when testing the expected default behavior of `core.symlinks`, test the filesystem's support to determine if symlinks are supported. Finally, ensure that `core.symlinks=true` fails on a system where symlinks are actually not supported. This aligns with the behavior of Git for Windows.

7b6875f4

2018-07-02T12:25:45

checkout tests: don't use GetFinalPathNameByHandle To determine the canonical filename for a given path, we previously looked at the directory entries on POSIX systems and used GetFinalPathNameByHandle on Windows. However, GetFinalPathNameByHandle requires a HANDLE - the results of CreateFile - and you cannot CreateFile on a symbolic link. To support finding the canonical path of a symbolic link, simply use the existing POSIX code to look at the directory entries.

0652abaa

2018-07-20T12:56:49

Merge pull request #4702 from tiennou/fix/coverity Assorted Coverity fixes

9994cd3f

2018-06-25T11:56:52

treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.

8455a270

2018-07-01T12:04:27

tests: add missing cl_git_pass to tests Reported by Coverity, CID 1393678-1393697.

5e26391a

2018-06-18T18:28:08

checkout: FORCE doesn't halt on dirty index If the index is dirty, allow `GIT_CHECKOUT_FORCE` to obliterate unsaved changes. This is in keeping with its name and description.

b242cdbf

2017-11-17T00:19:07

index: commit the changes to the index properly Now that the index has a "dirty" state, where it has changes that have not yet been committed or rolled back, our tests need to be adapted to actually commit or rollback the changes instead of assuming that the index can be operated on in its indeterminate state.

55a96606

2018-06-18T16:14:26

checkout tests: validate GIT_CHECKOUT_NO_REFRESH Add tests that ensure that we re-read the on-disk image by default during checkout, but when the `GIT_CHECKOUT_NO_REFRESH` option is specified, we do _not_ re-read the index.

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

3fbfae26

2018-05-22T20:37:23

checkout: change symlinked .gitmodules file test to expect failure When dealing with `core.proectNTFS` and `core.protectHFS` we do check against `.gitmodules` but we still have a failing test as the non-filesystem codepath does not check for it.

a145f2b6

2018-05-22T14:16:45

checkout: add a failing test for refusing a symlinked .gitmodules We want to reject these as they cause compatibility issues and can lead to git writing to files outside of the repository.

bc5ced66

2018-04-04T21:28:31

diff: Add missing GIT_DELTA_TYPECHANGE -> 'T' mapping. This adds the 'T' status character to git_diff_status_char() for diff entries that change type.

275693e2

2018-02-20T12:45:40

checkout test: ensure workdir mode is simplified Ensure that when examining the working directory for checkout that the mode is correctly simplified. Git only pays attention to whether a file is executable or not. When examining a working directory, we should coalesce modes in the working directory to either `0755` (indicating that a file is executable) or `0644` (indicating that it is not). Test this by giving the file an exotic mode, and ensuring that when checkout out a branch that changes the file's contents, that we do not have a checkout conflict.

ec96db57

2018-02-20T00:32:38

checkout test: add core.filemode checkout tests Add two tests for filemode. The first ensures that `core.filemode=true` is honored: if we have changed the filemode such that a file that _was_ executable (mode 0755) is now executable (mode 0644) and we go to check out a branch that has otherwise changed the contents of the file, then we should raise a checkout conflict for that file. The second ensures that `core.filemode=false` is honored: in the same situation, we set a file that was executable to be non-executable, and check out the branch that changes the contents of the file. However, since `core.filemode` is false, we do not detect the filemode change. We run these tests on both operating systems that obey `core.filemode` (eg, POSIX) and those that have no conception of filemode (eg, Win32). This ensures that `core.filemode` is always honored, as it is a cache of the underlying filesystem's settings. This ensures that we do not make assumptions based on the operating system, and honor the configuration setting even if it were misconfigured.

4e4771dc

2018-02-19T22:10:44

checkout test: further ensure workdir perms are updated When both the index _and_ the working directory has changed permissions on a file permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.

8858a684

2018-02-19T22:09:27

checkout test: ensure workdir perms are updated When the working directory has changed permissions on a file - but only the permissions, such that the contents of the file are identical - ensure that `git_checkout` updates the permissions to match the checkout target.

72c28ab0

2017-06-07T10:59:03

tests: status::worktree: indicate skipped tests on Win32 Some function bodies of tests which are not applicable to the Win32 platform are completely #ifdef'd out instead of calling `cl_skip()`. This leaves us with no indication that these tests are not being executed at all and may thus cause decreased scrutiny when investigating skipped tests. Improve the situation by calling `cl_skip()` instead of just doing nothing.

09c15a7f

2017-10-09T09:08:19

tests: checkout::tree: check that the status list catches mode changes While we verify that we have no mode changes after calling `git_checkout_tree`, we do not verify that the `p_chmod` calls actually resulted in a changed entry. While we should assume that this works due to separate tests for the status list, we should test for the change being listed to avoid programming errors in the test.

880dfc50

2017-10-09T09:06:24

tests: checkout::tree: extract check for status entrycount There are multiple locations where we have the same code to check whether the count of status list entries of a repository matches an expected number. Extract that into a common function.

19e8faba

2016-06-15T01:59:56

checkout: test force checkout when mode changes Test that we can successfully force checkout a target when the file contents are identical, but the mode has changed.

0ef405b3

2017-02-15T14:05:10

checkout: do not delete directories with untracked entries If the `GIT_CHECKOUT_FORCE` flag is given to any of the `git_checkout` invocations, we remove files which were previously staged. But while doing so, we unfortunately also remove unstaged files in a directory which contains at least one staged file, resulting in potential data loss. This commit adds two tests to verify behavior.

78b8f039

2017-02-15T14:00:38

tests: fix indentation in checkout::head::with_index_only_tree

1f813cf2

2017-01-23T17:32:13

checkout::tree test: cleanup memory leak

5f959dca

2016-12-29T19:26:50

Fix handling of GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH flag. git_checkout_tree() sets up its working directory iterator to respect the pathlist if GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH is present, which is great. What's not so great is that this iterator is then used side-by-side with an iterator created by git_checkout_iterator(), which did not set up its pathlist appropriately (although the iterator mirrors all other iterator options). This could cause git_checkout_tree() to delete working tree files which were not specified in the pathlist when GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH was used, as the unsynchronized iterators causes git_checkout_tree() to think that files have been deleted between the two trees. Oops. And added a test which fails without this fix (specifically, the final check for "testrepo/README" to still be present fails).

88cfe614

2016-08-24T01:20:39

git_checkout_tree options fix According to the reference the git_checkout_tree and git_checkout_head functions should accept NULL in the opts field This was broken since the opts field was dereferenced and thus lead to a crash.

bb0bd71a

2016-06-15T15:47:28

checkout: use empty baseline when no index When no index file exists and a baseline is not explicitly provided, use an empty baseline instead of trying to load `HEAD`.

292c6027

2016-06-07T12:29:16

tests: fix memory leaks in checkout::typechange

c2f18b9b

2016-05-26T10:51:16

cleanup: unused warning

e102daa4

2016-05-26T10:25:40

Merge pull request #3798 from mmuman/stat-test-fix test: Fix stat() test to mask out unwanted bits

afab1fff

2016-02-16T21:02:41

checkout: handle dirty submodules correctly Don't generate conflicts when checking out a modified submodule and the submodule is dirty or modified in the workdir.

407f2e9f

2016-05-24T19:07:09

test: Fix stat() test to mask out unwanted bits Haiku and Hurd both pass extra bits in struct stat::st_mode.

35439f59

2016-02-11T12:24:21

win32: introduce p_timeval that isn't stupid Windows defines `timeval` with `long`, which we cannot sanely cope with. Instead, use a custom timeval struct.

326c9fc2

2015-12-01T20:41:23

checkout test: Apply umask to file-mode test as well Fix the file-mode test to expect system umask being applied to the created file as well (it is currently applied to the directory only). This fixes the test on systems where umask != 022. Signed-off-by: Michał Górny <mgorny@gentoo.org>

87428c55

2015-11-20T20:48:51

Fix some warnings

de999f26

2015-11-13T15:36:45

checkout::crlf test: don't crash when no idx entry When there's no matching index entry (for whatever reason), don't try to dereference the null return value to get at the id. Otherwise when we break something in the index API, the checkout test crashes for confusing reasons and causes us to step through it in a debugger thinking that we had broken much more than we actually did.

0226f7dd

2015-08-29T13:59:20

diff/index: respect USE_NSEC for racily clean file detection

ac2fba0e

2015-09-16T15:07:27

git_futils_mkdir_*: make a relative-to-base mkdir Untangle git_futils_mkdir from git_futils_mkdir_ext - the latter assumes that we own everything beneath the base, as if it were being called with a base of the repository or working directory, and is tailored towards checkout and ensuring that there is no bogosity beneath the base that must be cleaned up. This is (at best) slow and (at worst) unsafe in the larger context of a filesystem where we do not own things and cannot do things like unlink symlinks that are in our way.

eea7c850

2015-09-16T05:44:27

checkout: overwrite files with differing modes When a file exists on disk and we're checking out a file that differs in executableness, remove the old file. This allows us to recreate the new file with p_open, which will take the new mode into account and handle setting the umask properly. Remove any notion of chmod'ing existing files, since it is now handled by the aforementioned removal and was incorrect, as it did not take umask into account.

6fe32284

2015-09-16T10:17:54

checkout::tree tests: don't use hardcoded mode

b4d183a7

2015-09-16T04:12:47

checkout::tree tests: don't use static buffer

33cad995

2015-06-01T14:31:49

Check that checkout preserves filemode in working directory.

6124d983

2015-06-01T11:16:36

Check that an executable in index is not an executable after checkout.

504b0697

2015-06-30T14:25:00

checkout test: mark unused vars

64c415c2

2015-06-29T22:12:20

checkout test: check getcwd return value

afd8a94e

2015-06-26T18:49:39

checkout: plug a few leaks

1e46d545

2015-06-09T03:50:00

crlf tests: ensure that Unix obeys autocrlf=true All platforms do terrible, horrible, no good, very bad translation when core.autocrlf=true. It's not just Windows!

3d92b9ab

2015-06-08T09:08:01

crlf tests: use known-good data produced by git Given a variety of combinations of core.autocrlf settings and attributes settings, test that we check out data into the working directory the same as a known-good test resource created by git.git.

bd5e59ee

2015-06-08T09:04:39

crlf: include utf8 resources in master branch Include the UTF8 and UTF8 BOM tests in the master crlf test branch for completeness.

863dd89a

2015-06-18T12:45:40

tests: tick over five seconds instead of one When ticking over one second, it can happen that the actual time ticks over the same second between the time that we undermine our own race protections and the time in which we perform the index update. Such timing would make the time in the entries match the index' timestamp and we have not gained anything. Ticking over five seconds makes it so that if real-time rolls over that second, our index is still ahead. This is still suboptimal as we're dealing with timing, but five seconds should be long enough for any reasonable test runner to finish the tests.

85a5e8eb

2015-06-17T09:00:23

Fixed Xcode 6.1 build warnings

121c3171

2015-06-16T15:18:04

Introduce p_utimes and p_futimes Provide functionality to set the time on a filesystem entry, using utimes or futimes on POSIX type systems or SetFileTime on Win32.

e44abe16

2015-06-16T08:51:45

tests: tick the index when we count OID calculations These tests want to test that we don't recalculate entries which match the index already. This is however something we force when truncating racily-clean entries. Tick the index forward as we know that we don't perform the modifications which the racily-clean code is trying to avoid.

c4e6ab5f

2015-06-15T14:32:08

crlf: tick the index forward to work around racy-git behaviour In order to avoid racy-git, we zero out the file size for entries with the same timestamp as the index (or during the initial checkout). This is the case in a couple of crlf tests, as the code is fast enough to do everything in the same second. As we know that we do not perform the modification just after writing out the index, which is what this is designed to work around, tick the mtime of the index file such that it doesn't agree with the files anymore, and we do not zero out these entries.

26d5c0b8

2015-06-12T09:28:47

Fix leaks in tests/checkout/icase

885b94aa

2015-05-28T15:26:13

Rename GIT_EMERGECONFLICT to GIT_ECONFLICT We do not error on "merge conflicts"; on the contrary, merge conflicts are a normal part of merging. We only error on "checkout conflicts", where a change exists in the index or the working directory that would otherwise be overwritten by performing the checkout. This *may* happen during merge (after the production of the new index that we're going to checkout) but it could happen during any checkout.

2f1080ea

2015-05-19T11:17:07

conflict tests: use GIT_IDXENTRY_STAGE_SET

1ecbcd8e

2015-05-26T19:16:27

Fix ident replacement to match Git behavior Git inserts a space after the SHA1 (as of 2.1.4 at least), so do the same.

8f0104ec

2015-04-21T22:10:36

Remove the callbacks struct from the remote Having the setting be different from calling its actions was not a great idea and made for the sake of the wrong convenience. Instead of that, accept either fetch options, push options or the callbacks when dealing with the remote. The fetch options are currently only the callbacks, but more options will be moved from setters and getters on the remote to the options. This does mean passing the same struct along the different functions but the typical use-case will only call git_remote_fetch() or git_remote_push() and so won't notice much difference.

cd79d99a

2015-04-23T15:58:53

checkout test: better case-insensitive test on Mac On Mac OS, `realpath` is deficient in determining the actual filename on-disk as it will simply provide the string you gave it if that file exists, instead of returning the filename as it exists. Instead we must read the directory entries for the parent directory to get the canonical filename.

64842d87

2015-04-23T09:21:33

checkout test: only run icase on icase platform

05f69012

2015-03-31T16:28:13

checkout: remove blocking dir when FORCEd

3520c970

2015-03-27T15:39:28

Revert "Always checkout with case sensitive iterator" This reverts commit 40d791545abfb3cb71553a27dc64129e1a9bec28.

6dfd8506

2015-04-01T15:23:37

checkout test: ensure we write to casechanged dir Ensure that on a case insensitive filesystem that we can checkout into some folder 'FOLDER' that exists on disk, even if the target of the checkout is a different case (eg 'folder').

431f9807

2015-03-27T15:33:44

checkout test: ignore unstaged case-changing renames On Windows, you might sloppily rewrite a file (or have a sloppy text editor that does it for you) and accidentally change its case. (eg, "README" -> "readme"). Git ignores this accidental case changing rename during checkout and will happily write the new content to the file despite the name change. We should, too.

27fa7477

2015-04-23T10:54:08

Merge pull request #3032 from jfultz/index-file-modes Fix git_checkout_tree() to do index filemodes correctly on Windows.

63af449e

2015-04-10T11:33:14

Merge pull request #3030 from linquize/symlink_supported If work_dir is not specified, use repo_dir to test if symlink is supported

67db2bde

2015-03-10T12:02:45

Fix git_checkout_tree() to do index filemodes correctly on Windows. git_checkout_tree() has some fallback behaviors for file systems which don't have full support of filemodes. Generally works fine, but if a given file had a change of type from a 0644 to 0755 (i.e., you add executable permissions), the fallback behavior incorrectly triggers when writing hte updated index. This would cause a git_checkout_tree() command, even with the GIT_CHECKOUT_FORCE option set, to leave a dirty index on Windows. Also added checks to an existing test to catch this case.

7c2a2172

2015-04-04T00:29:01

Test: Create repo in while current dir is readonly and checkout symlink

7c2b9e06

2015-03-22T19:06:53

Illustrate bad checkout on Windows

118e6fdc

2015-03-16T23:08:16

Lower case the include directive of windows header Since the Linux platform has a case sensitive file system, the header name should be lower case for cross compiling purposes. (On Linux, the mingw header is called ```windows.h```).

76f03418

2015-03-03T17:04:38

Remove swp files

4e498646

2015-01-15T16:50:31

repository: remove log message override for switching the active branch We want to use the "checkout: moving from ..." message in order to let git know when a change of branch has happened. Make the convenience functions for this goal write this message.

6bfb990d

2015-01-07T14:47:02

branch: don't accept a reflog message override This namespace is about behaving like git's branch command, so let's do exactly that instead of taking a reflog message. This override is still available via the reference namespace.

23a17803

2015-01-07T14:16:50

reset: remove reflog message override This function is meant to simulate what git does in the reset command, so we should include the reflog message in that.

659cf202

2015-01-07T12:23:05

Remove the signature from ref-modifying functions The signature for the reflog is not something which changes dynamically. Almost all uses will be NULL, since we want for the repository's default identity to be used, making it noise. In order to allow for changing the identity, we instead provide git_repository_set_ident() and git_repository_ident() which allow a user to override the choice of signature.

496b76d4

2015-02-27T11:02:37

checkout tests: just use SAFE where appropriate

thodg/libgit2/tests/checkout

tests/checkout

Log