|
9eb098d8
|
2019-02-21T11:37:04
|
|
Merge pull request #4991 from libgit2/ethomson/inttypes
Remove public 'inttypes.h' header
|
|
247e6d90
|
2019-02-18T07:22:20
|
|
Remove public 'inttypes.h' header
Remove an `inttypes.h` header that is too large in scope, and far too
public.
For Visual Studio 2012 and earlier (ie, `_MSC_VER < 1800`), we do need
to include `stdint.h` in our public headers, for types like `uint32_t`.
Internally, we also need to define `PRId64` as a printf formatting
string when it is not available.
|
|
554b3b9a
|
2019-02-21T10:31:21
|
|
Merge pull request #4996 from eaigner/master
Prevent reading out of bounds memory
|
|
966b9440
|
2019-02-21T08:30:22
|
|
tests: apply: verify that we correctly truncate the source buffer
Previously, we would fail to correctly truncate the source buffer
if the source has more than one line and ends with a non-newline
character. In the following call, we thus truncate the source
string in the middle of the second line. Without the bug fixed,
we would successfully apply the patch to the source and return
success. With the overflow being fixed, we should return an
error now.
|
|
014d4955
|
2019-02-20T15:30:11
|
|
apply: prevent OOB read when parsing source buffer
When parsing the patch image from a string, we split the string
by newlines to get a line-based view of it. To split, we use
`memchr` on the buffer and limit the buffer length by the
original length provided by the caller. This works just fine for
the first line, but for every subsequent line we need to actually
subtract the amount of bytes that we have already read.
The above issue can be easily triggered by having a source buffer
with at least two lines, where the second line does _not_ end in
a newline. Given a string "foo\nb", we have an original length of
five bytes. After having extracted the first line, we will point
to 'b' and again try to `memchr(p, '\n', 5)`, resulting in an
out-of-bounds read of four bytes.
Fix the issue by correctly subtracting the amount of bytes
already read.
|
|
6eb4947d
|
2019-02-21T08:02:45
|
|
Merge pull request #4987 from lhchavez/fix-odb_otype_fast-leak
Fix a memory leak in odb_otype_fast()
|
|
6b3730d4
|
2019-02-16T19:55:30
|
|
Fix a memory leak in odb_otype_fast()
This change frees a copy of a cached object in odb_otype_fast().
|
|
12c6e1fa
|
2019-02-20T10:54:00
|
|
Merge pull request #4986 from lhchavez/realloc
Make stdalloc__reallocarray call stdalloc__realloc
|
|
9f388e9f
|
2019-02-20T10:51:33
|
|
Merge pull request #4990 from libgit2/remove_time_monotonic
Remove `git_time_monotonic`
|
|
d900dde4
|
2019-02-20T10:37:20
|
|
Merge pull request #4988 from lhchavez/fix-improbable-odb-initialization-leak
Fix a _very_ improbable memory leak in git_odb_new()
|
|
e6c6d3bb
|
2019-02-17T22:31:37
|
|
Remove `git_time_monotonic`
`git_time_monotonic` was added so that non-native bindings like rugged
could get high-resolution timing for benchmarking. However, this is
outside the scope of libgit2 *and* rugged decided not to use this
function in the first place.
Google suggests that absolutely _nobody_ is using this function and we
don't want to be in the benchmarking business. Remove the function.
|
|
cb150e60
|
2019-02-17T19:31:11
|
|
Merge pull request #4989 from libgit2/ethomson/ci_docs
ci: publish documentation on merge
|
|
fbfa41a1
|
2019-02-17T19:07:37
|
|
ci: publish documentation on merge
When a commit is pushed or merged into one of the release branches
(master, maint/*) then push the documentation update to gh-pages.
|
|
b5b3aa93
|
2019-02-17T12:50:51
|
|
Revert "ci: publish documentation after merge"
This reverts commit 2a4e866a43e3db1e2be8e2a3d986ddc9f855d2bc.
|
|
4a02d24a
|
2019-02-17T12:40:20
|
|
foo
|
|
484fff87
|
2019-02-17T12:36:41
|
|
foo
|
|
2a4e866a
|
2019-02-17T12:34:23
|
|
ci: publish documentation after merge
When a continuous integration build runs (ie a commit is pushed or
merged into one of the CI branches, `master` or `maint/*`) then push the
rebuilt documentation into the `gh-pages` branch.
|
|
dd45539d
|
2019-02-16T22:06:58
|
|
Fix a _very_ improbable memory leak in git_odb_new()
This change fixes a mostly theoretical memory leak in got_odb_new()
that can only manifest if git_cache_init() fails due to running out of
memory or not being able to acquire its lock.
|
|
6e0dfc6f
|
2019-02-16T20:26:17
|
|
Make stdalloc__reallocarray call stdalloc__realloc
This change avoids calling realloc(3) in more than one place.
|
|
bda08397
|
2019-02-14T16:57:47
|
|
Merge pull request #4982 from pks-t/pks/worktree-add-bare-head
Enable creation of worktree from bare repo's default branch
|
|
48005936
|
2019-02-14T16:55:18
|
|
Merge pull request #4965 from hackworks/eliminate-check-for-keep-file
Allow bypassing check for '.keep' file
|
|
b8837827
|
2019-02-14T13:09:23
|
|
Merge pull request #4979 from libgit2/ethomson/deprecate
Deprecation: export the deprecated functions properly
|
|
bf013fc0
|
2019-02-14T13:30:33
|
|
branch: fix `branch_is_checked_out` with bare repos
In a bare repository, HEAD usually points to the branch that is
considered the "default" branch. As the current implementation for
`git_branch_is_checked_out` only does a comparison of HEAD with the
branch that is to be checked, it will say that the branch pointed to by
HEAD in such a bare repo is checked out.
Fix this by skipping the main repo's HEAD when it is bare.
|
|
efb20825
|
2019-02-14T13:05:49
|
|
branches: introduce flag to skip enumeration of certain HEADs
Right now, the function `git_repository_foreach_head` will always
iterate over all HEADs of the main repository and its worktrees. In some
cases, it might be required to skip either of those, though. Add a flag
in preparation for the following commit that enables this behaviour.
|
|
788cd2d5
|
2019-02-14T13:49:35
|
|
branches: do not assert that the given ref is a branch
Libraries should use assert(3P) only very scarcely. First, we usually
shouldn't cause the caller of our library to abort in case where the
assert fails. Second, if code is compiled with -DNDEBUG, then the assert
will not be included at all.
In our `git_branch_is_checked_out` function, we have an assert that
verifies that the given reference parameter is non-NULL and in fact a
branch. While the first check is fine, the second is not. E.g. when
compiled with -DNDEBUG, we'd proceed and treat the given reference as a
branch in all cases.
Fix the issue by instead treating a non-branch reference as not being
checked out. This is the obvious solution, as references other than
branches cannot be directly checked out.
|
|
a0f87e16
|
2019-02-14T13:26:30
|
|
branches: add tests for `git_branch_is_checked_out`
We currently do not have any tests at all for the
`git_branch_is_checked_out` function. Add some basic ones.
|
|
698eae13
|
2019-02-14T12:52:25
|
|
worktree: error out early if given ref is not valid
When adding a new worktree, we only verify that an optionally given
reference is valid half-way through the function. At this point, some
data structures have already been created on-disk. If we bail out due to
an invalid reference, these will be left behind and need to be manually
cleaned up by the user.
Improve the situation by moving the reference checks to the function's
preamble. Like this, we error out as early as possible and will not
leave behind any files.
|
|
3f823c2b
|
2019-02-14T00:00:06
|
|
ci: enable hard deprecation
Enable hard deprecation in our builds to ensure that we do not call
deprecated functions internally.
|
|
dcf81cdb
|
2019-02-13T23:56:40
|
|
deprecation: optionally enable hard deprecation
Add a CMake option to enable hard deprecation; the resultant library
will _not_ include any deprecated functions. This may be useful for
internal CI builds that create libraries that are not shared with
end-users to ensure that we do not use deprecated bits internally.
|
|
24ac9e0c
|
2019-02-13T23:26:54
|
|
deprecation: ensure we GIT_EXTERN deprecated funcs
Although the error functions were deprecated, we did not properly mark
them as deprecated. We need to include the `deprecated.h` file in order
to ensure that the functions get their export attributes.
Similarly, do not define `GIT_DEPRECATE_HARD` within the library, or
those functions will also not get their export attributes. Define that
only on the tests and examples.
|
|
e1916376
|
2019-02-14T09:22:57
|
|
Merge pull request #4980 from libgit2/ethomson/ci_nightly
ci: skip ssh tests on macOS nightly
|
|
ef91917f
|
2019-02-14T09:19:32
|
|
ci: skip ssh tests on macOS nightly
Like 811c1c0f8f80521dccc746a7bff180cd77a783ff, disable the SSH tests on
macOS until we can resolve the newly introduced infrastructure issues.
|
|
85b2bd41
|
2019-02-14T01:13:33
|
|
Merge pull request #4976 from libgit2/ethomson/readme_v028
CI build fixups
|
|
811c1c0f
|
2019-02-14T00:51:39
|
|
ci: skip ssh tests on macOS
SSH tests on macOS have begun failing for an unknown reason after an
infrastructure upgrade to macOS 10.13.6. Disable those tests
temporarily, until we can resolve it.
|
|
44f82134
|
2019-02-13T11:18:35
|
|
ci: provide more information about OS
Subtle changes in the host OS can have impacts in the CI system that
may be hard to debug. We previously showed the results of `uname` which
can be difficult to interpret. Provide more information where
available.
|
|
6f778351
|
2019-02-13T11:15:12
|
|
README: use correct badge for nightlies
The URL was incorrect for the nightly badge image; it was erroneously
showing the master branch continuous integration build badge.
|
|
f34faaa8
|
2019-02-12T16:45:57
|
|
README: include build badge for v0.28 builds
Include a build badge for `maint/v0.28` builds.
|
|
004a3398
|
2019-01-28T18:31:21
|
|
Allow bypassing check '.keep' files using libgit2 option 'GIT_OPT_IGNORE_PACK_KEEP_FILE_CHECK'
|
|
1a107fac
|
2019-02-02T10:25:54
|
|
Merge pull request #4970 from libgit2/ethomson/0_28
v0.28 rc1
|
|
3fe29c4d
|
2019-01-31T19:10:03
|
|
version: 0.28
|
|
63f96cd0
|
2019-01-31T19:09:42
|
|
changelog: this is 0.28
|
|
214457c6
|
2019-01-31T18:51:36
|
|
Merge pull request #4968 from tiennou/fix/documentation
Docs
|
|
6853a250
|
2019-01-31T14:46:21
|
|
Merge branch 'pks/stream-truncated-writes'
|
|
0ceac0d0
|
2019-01-23T14:45:19
|
|
mbedtls: fix potential size overflow when reading or writing data
The mbedtls library uses a callback mechanism to allow downstream users
to plug in their own receive and send functions. We implement `bio_read`
and `bio_write` functions, which simply wrap the `git_stream_read` and
`git_stream_write` functions, respectively.
The problem arises due to the return value of the callback functions:
mbedtls expects us to return an `int` containing the actual number of
bytes that were read or written. But this is in fact completely
misdesigned, as callers are allowed to pass in a buffer with length
`SIZE_MAX`. We thus may be unable to represent the number of bytes
written via the return value.
Fix this by only ever reading or writing at most `INT_MAX` bytes.
|
|
75918aba
|
2019-01-23T14:43:54
|
|
mbedtls: make global variables static
The mbedtls stream implementation makes use of some global variables
which are not marked as `static`, even though they're only used in this
compilation unit. Fix this and remove a duplicate declaration.
|
|
657197e6
|
2019-01-23T15:54:05
|
|
openssl: fix potential size overflow when writing data
Our `openssl_write` function calls `SSL_write` by passing in both `data`
and `len` arguments directly. Thing is, our `len` parameter is of type
`size_t` and theirs is of type `int`. We thus need to clamp our length
to be at most `INT_MAX`.
|
|
7613086d
|
2019-01-23T15:49:28
|
|
streams: handle short writes only in generic stream
Now that the function `git_stream__write_full` exists and callers of
`git_stream_write` have been adjusted, we can lift logic for short
writes out of the stream implementations. Instead, this is now handled
either by `git_stream__write_full` or by callers of `git_stream_write`
directly.
|
|
5265b31c
|
2019-01-23T15:00:20
|
|
streams: fix callers potentially only writing partial data
Similar to the write(3) function, implementations of `git_stream_write`
do not guarantee that all bytes are written. Instead, they return the
number of bytes that actually have been written, which may be smaller
than the total number of bytes. Furthermore, due to an interface design
issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as
otherwise we cannot represent the number of bytes written to the caller.
Unfortunately, no caller of `git_stream_write` ever checks the return
value, except to verify that no error occurred. Due to this, they are
susceptible to the case where only partial data has been written.
Fix this by introducing a new function `git_stream__write_full`. In
contrast to `git_stream_write`, it will always return either success or
failure, without returning the number of bytes written. Thus, it is able
to write all `SIZE_MAX` bytes and loop around `git_stream_write` until
all data has been written. Adjust all callers except the BIO callbacks
in our mbedtls and OpenSSL streams, which already do the right thing and
require the amount of bytes written.
|
|
193e7ce9
|
2019-01-23T15:42:07
|
|
streams: make file-local functions static
The callback functions that implement the `git_stream` structure are
only used inside of their respective implementation files, but they are
not marked as `static`. Fix this.
|
|
9fd9126e
|
2019-01-30T21:19:18
|
|
docs: minor changes
|
|
2f1d6eff
|
2019-01-30T19:59:43
|
|
Merge pull request #4954 from tiennou/fix/documentation
Documentation fixes
|
|
cf14215d
|
2019-01-28T12:41:22
|
|
Merge pull request #4964 from libgit2/ethomson/ci_nightly
ci: add an individual coverity pipeline
|
|
52a97eed
|
2019-01-28T12:16:50
|
|
ci: add coverity badge to the README
|
|
0cf5b6b1
|
2019-01-28T10:48:49
|
|
ci: ignore coverity failures in nightly runs
Coverity is back but it's only read-only! Agh. Just allow it to fail
and not impact the overall job run.
|
|
690e55e0
|
2019-01-04T19:09:42
|
|
repo: split git_repository_open_flag_t options documentation inline
|
|
f6412c26
|
2019-01-15T13:35:41
|
|
transport: enhance documentation
|
|
2964fed0
|
2019-01-15T13:30:42
|
|
docs: document GIT_EUSER/GIT_EPASSTHROUGH
|
|
9e4d421e
|
2019-01-15T11:32:13
|
|
doc: clarify that git_time_t is seconds from the epoch
|
|
e9a34864
|
2019-01-27T22:47:09
|
|
Merge pull request #4961 from libgit2/ethomson/ci_docurium
ci: run docurium to create documentation
|
|
92b52f36
|
2019-01-27T22:46:53
|
|
Merge pull request #4962 from libgit2/ethomson/ci_nightly
ci: return coverity to the nightlies
|
|
08d71f72
|
2019-01-27T22:46:07
|
|
ci: return coverity to the nightlies
|
|
b1e28625
|
2019-01-26T19:43:33
|
|
Merge pull request #4950 from libgit2/ethomson/warnings
Clean up some warnings
|
|
f56634f8
|
2019-01-26T19:40:19
|
|
Merge pull request #4869 from libgit2/ethomson/ci_nightly
Nightlies: use `latest` docker images
|
|
ace20c6a
|
2019-01-26T16:59:32
|
|
ci: run docurium to create documentation
Run docurium as part of the build. The goal of this is to be able to
evaluate the documentation in a given pull request; as such, this does
not implement any sort of deployment pipeline.
This will allow us to download a snapshot of the documentation from the
CI build and evaluate the docs for a particular pull request; before
it's been merged.
|
|
4a798a91
|
2018-10-28T17:57:53
|
|
nightly: use latest images, not test images
|
|
fac08837
|
2019-01-21T11:38:46
|
|
filter: return an int
Validate that the return value of the read is not less than INT_MAX,
then cast.
|
|
89bd4ddb
|
2019-01-21T11:32:53
|
|
diff_generate: validate oid file size
Index entries are 32 bit unsigned ints, not `size_t`s.
|
|
fd9d4e28
|
2019-01-21T11:29:16
|
|
describe: don't mix and match abbreviated size types
The git_describe_format_options.abbreviated_size type is an unsigned
int. There's no need for it to be anything else; keep it what it is.
|
|
751eb462
|
2019-01-21T11:20:18
|
|
delta: validate sizes and cast safely
Quiet down a warning from MSVC about how we're potentially losing data.
Validate that our data will fit into the type provided then cast.
|
|
4947216f
|
2019-01-21T11:11:27
|
|
git transport: only write INT_MAX bytes
The transport code returns an `int` with the number of bytes written;
thus only attempt to write at most `INT_MAX`.
|
|
a861839d
|
2019-01-21T10:55:59
|
|
windows: add SSIZE_MAX
Windows doesn't include ssize_t or its _MAX value by default. We are
already declaring ssize_t as SSIZE_T, which is __int64_t on Win64 and
long otherwise. Include its _MAX value as a correspondence to its type.
|
|
f1986a23
|
2019-01-21T09:56:23
|
|
streams: don't write more than SSIZE_MAX
Our streams implementation takes a `size_t` that indicates the length of
the data buffer to be written, and returns an `ssize_t` that indicates
the length that _was_ written. Clearly no such implementation can write
more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation
does not try to write more than `SSIZE_MAX` bytes (or smaller; if the
given implementation takes a smaller size).
|
|
e5e2fac8
|
2019-01-21T00:57:39
|
|
buffer: explicitly cast
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested it.
|
|
f4ebb2d4
|
2019-01-21T00:56:35
|
|
blame: make hunk_cmp handle unsigned differences
|
|
ae681d3f
|
2019-01-21T00:49:07
|
|
apply: make update_hunk accept a size_t
|
|
7ed2baf7
|
2019-01-21T00:41:50
|
|
MSVC: ignore empty compilation units (warning LNK4221)
A number of source files have their implementation #ifdef'd out (because
they target another platform). MSVC warns on empty compilation units
(with warning LNK4221). Ignore warning 4221 when creating the object
library.
|
|
3fba5891
|
2019-01-20T23:53:33
|
|
test: cast to a char the zstream test
|
|
f25bb508
|
2019-01-20T23:52:50
|
|
index test: cast times explicitly
Cast actual filesystem data to the int32_t that index entries store.
|
|
1d4ddb8e
|
2019-01-20T23:42:08
|
|
iterator: cast filesystem iterator entry values explicitly
The filesystem iterator takes `stat` data from disk and puts them into
index entries, which use 32 bit ints for time (the seconds portion) and
filesize. However, on most systems these are not 32 bit, thus will
typically invoke a warning.
Most users ignore these fields entirely. Diff and checkout code do use
the values, however only for the cache to determine if they should check
file modification. Thus, this is not a critical error (and will cause a
hash recomputation at worst).
|
|
c6cac733
|
2019-01-20T22:40:38
|
|
blob: validate that blob sizes fit in a size_t
Our blob size is a `git_off_t`, which is a signed 64 bit int. This may
be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob
size fits into a `size_t` before casting.
|
|
3aa6d96a
|
2019-01-20T20:38:25
|
|
tree: cast filename length in git_tree__parse_raw
Quiet down a warning from MSVC about how we're potentially losing data.
Ensure that we're within a uint16_t before we do.
|
|
759502ed
|
2019-01-20T20:30:42
|
|
odb_loose: explicitly cast to size_t
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested that it's positive and less
than SIZE_MAX.
|
|
80c3867b
|
2019-01-20T19:20:12
|
|
patch: explicitly cast down in parse_header_percent
Quiet down a warning from MSVC about how we're potentially losing data.
This is safe since we've explicitly tested that it's within the range of
0-100.
|
|
494448a5
|
2019-01-20T19:10:08
|
|
index: explicitly cast down to a size_t
Quiet down a warning from MSVC about how we're potentially losing data.
This cast is safe since we've explicitly tested that `strip_len` <=
`last_len`.
|
|
c3866fa8
|
2019-01-20T18:54:16
|
|
diff: explicitly cast in flush_hunk
Quiet down a warning from MSVC about how we're potentially losing data.
|
|
826d9a4d
|
2019-01-25T09:43:20
|
|
Merge pull request #4858 from tiennou/fix/index-ext-read
index: preserve extension parsing errors
|
|
859d9229
|
2019-01-25T09:41:41
|
|
Merge pull request #4952 from libgit2/ethomson/deprecation
Deprecate functions and constants more gently
|
|
c951b825
|
2019-01-23T00:32:40
|
|
deprecation: define GIT_DEPRECATE_HARD internally
Ensure that we do not use any deprecated functions in the library
source, test code or examples.
|
|
9f3a5a64
|
2019-01-23T00:29:03
|
|
deprecation: offer GIT_DEPRECATE_HARD
Users can define `GIT_DEPRECATE_HARD` if they want to remove all
functions that we've "softly" deprecated.
|
|
9c5e05ad
|
2019-01-23T10:43:29
|
|
deprecation: move deprecated tests into their own file
Move the deprecated stream tests into their own compilation unit. This
will allow us to disable any preprocessor directives that apply to
deprecation just for these tests (eg, disabling `GIT_DEPRECATED_HARD`).
|
|
e09f0c10
|
2019-01-23T10:21:42
|
|
deprecation: don't use deprecated stream cb
Avoid the deprecated `git_stream_cb` typedef since we want to compile
the library without deprecated functions or types. Instead, we can
unroll the alias to its actual type.
|
|
09e2ea2f
|
2019-01-23T09:44:40
|
|
deprecation: provide docurium deprecation note
Add `@deprecated` to the functions that are, so that they'll appear that
way in docurium.
|
|
53d13fb3
|
2019-01-23T09:42:55
|
|
deprecation: deprecated stream registration in if guard
`git_stream_register_tls` is now deprecated; mark it in an if guard with
the deprecation.
This should not be included in `deprecated.h` since it is an uncommonly
used `sys` header file.
|
|
769e9274
|
2019-01-23T00:42:22
|
|
deprecation: update changelog to reflect new policies
|
|
a7d0d14f
|
2019-01-23T00:07:40
|
|
deprecation: move deprecated bits to deprecated.h
|
|
1c3daccf
|
2019-01-23T09:51:50
|
|
fuzzers: don't use deprecated types
|
|
cc5da0a6
|
2019-01-23T09:36:52
|
|
examples: don't use deprecated types
|
|
5524a467
|
2019-01-25T09:06:27
|
|
Merge pull request #4957 from csware/deprecated
Don't use deprecated constants
|
|
bff7aed2
|
2019-01-24T16:44:04
|
|
Don't use deprecated constants
Follow up for PR #4917.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
0bf7e043
|
2019-01-24T12:12:04
|
|
index: preserve extension parsing errors
Previously, we would clobber any extension-specific error message with
an "extension is truncated" message. This makes `read_extension`
correctly preserve those errors, takes responsibility for truncation
errors, and adds a new message with the actual extension signature for
unsupported mandatory extensions.
|