|
a7168b47
|
2018-05-22T16:13:47
|
|
path: reject .gitmodules as a symlink
Any part of the library which asks the question can pass in the mode to have it
checked against `.gitmodules` being a symlink.
This is particularly relevant for adding entries to the index from the worktree
and for checking out files.
|
|
58ff913a
|
2018-05-22T15:48:38
|
|
index: stat before creating the entry
This is so we have it available for the path validity checking. In a later
commit we will start rejecting `.gitmodules` files as symlinks.
|
|
02c80ad7
|
2018-05-22T15:21:08
|
|
path: accept the name length as a parameter
We may take in names from the middle of a string so we want the caller to let us
know how long the path component is that we should be checking.
|
|
a145f2b6
|
2018-05-22T14:16:45
|
|
checkout: add a failing test for refusing a symlinked .gitmodules
We want to reject these as they cause compatibility issues and can lead to git
writing to files outside of the repository.
|
|
490cbaa9
|
2018-05-22T13:58:24
|
|
path: expose dotgit detection functions per filesystem
These will be used by the checkout code to detect them for the particular
filesystem they're on.
|
|
177dcfc7
|
2018-05-18T15:16:53
|
|
path: hide the dotgit file functions
These can't go into the public API yet as we don't want to introduce API or ABI
changes in a security release.
|
|
9de97ae7
|
2018-05-16T15:42:08
|
|
path: add a function to detect an .gitmodules file
Given a path component it knows what to pass to the filesystem-specific
functions so we're protected even from trees which try to use the 8.3 naming
rules to get around us matching on the filename exactly.
The logic and test strings come from the equivalent git change.
|
|
22973e09
|
2018-05-16T14:47:04
|
|
path: provide a generic function for checking dogit files on NTFS
It checks against the 8.3 shortname variants, including the one which includes
the checksum as part of its name.
|
|
0283fc46
|
2018-05-16T11:56:04
|
|
path: provide a generic dogit checking function for HFS
This lets us check for other kinds of reserved files.
|
|
0aa65f8d
|
2018-05-16T15:56:04
|
|
path: add functions to detect .gitconfig and .gitattributes
|
|
397abe98
|
2018-05-14T16:03:15
|
|
submodule: also validate Windows-separated paths for validity
Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to
protect Windows users.
Ideally we would check for both separators without the need for the copied
string, but this'll get us over the RCE.
|
|
6b15ceac
|
2018-04-30T13:47:15
|
|
submodule: ignore submodules which include path traversal in their name
If the we decide that the "name" of the submodule (i.e. its path inside
`.git/modules/`) is trying to escape that directory or otherwise trick us, we
ignore the configuration for that submodule.
This leaves us with a half-configured submodule when looking it up by path, but
it's the same result as if the configuration really were missing.
The name check is potentially more strict than it needs to be, but it lets us
re-use the check we're doing for the checkout. The function that encapsulates
this logic is ready to be exported but we don't want to do that in a security
release so it remains internal for now.
|
|
7553763a
|
2018-04-30T13:03:44
|
|
submodule: add a failing test for a submodule escaping .git/modules
We should pretend such submdules do not exist as it can lead to RCE.
|
|
86353a72
|
2018-04-22T14:57:02
|
|
Merge pull request #4173 from tiennou/mbedtls
mbedTLS support
|
|
5d346c11
|
2018-04-22T14:51:00
|
|
Merge pull request #4525 from pks-t/pks/config-iterate-in-order
Configuration entry iteration in order
|
|
2b967226
|
2018-04-22T14:43:18
|
|
Merge pull request #4580 from pks-t/pks/diff-like-git-coalesce
blame_git: fix coalescing step never being executed
|
|
0ad2372b
|
2018-04-20T21:25:01
|
|
Merge pull request #4636 from tiennou/fix/leaks
Fix leaks in master
|
|
232dd4de
|
2018-04-20T20:36:31
|
|
Merge pull request #4635 from tiennou/fix/leaks-v0.27.1
Leak fixes for v0.27.1
|
|
8d138f89
|
2018-04-20T20:28:48
|
|
Merge pull request #4577 from csware/reflog-worktree-head
worktree: Read worktree specific reflog for HEAD
|
|
25100d6d
|
2018-04-19T19:17:07
|
|
tests: free the worktree in add_with_explicit_branch
Valgrind log:
==2711== 305 (48 direct, 257 indirect) bytes in 1 blocks are definitely lost in loss record 576 of 624
==2711== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2711== by 0x5E079E: git__calloc (util.h:99)
==2711== by 0x5E0D21: open_worktree_dir (worktree.c:134)
==2711== by 0x5E0F23: git_worktree_lookup (worktree.c:176)
==2711== by 0x5E1972: git_worktree_add (worktree.c:388)
==2711== by 0x551F23: test_worktree_worktree__add_with_explicit_branch (worktree.c:292)
==2711== by 0x45853E: clar_run_test (clar.c:222)
==2711== by 0x4587E1: clar_run_suite (clar.c:286)
==2711== by 0x458B04: clar_parse_args (clar.c:362)
==2711== by 0x458CAB: clar_test_run (clar.c:428)
==2711== by 0x45665C: main (main.c:24)
|
|
592b200c
|
2018-04-18T21:41:44
|
|
refspec: check for valid parameters in git_refspec__dwim_one
CID:1383993, "In git_refspec__dwim_one: All paths that lead to this null pointer comparison already dereference the pointer earlier (CWE-476)"
|
|
df4937b8
|
2018-04-18T20:57:16
|
|
remote: repo is optional here
As per CID:1378747, we might be called with a NULL repo, which would be deferenced in write_add_refspec
|
|
8122ef98
|
2018-04-19T01:08:18
|
|
worktree: fix calloc of the wrong object type
|
|
836ec316
|
2018-04-19T01:05:05
|
|
local: fix a leaking reference when iterating over a symref
Valgrind log :
==17702== 18 bytes in 1 blocks are indirectly lost in loss record 69 of 1,123
==17702== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17702== by 0x5FDBB49: strdup (strdup.c:42)
==17702== by 0x632B3E: git__strdup (util.h:106)
==17702== by 0x632D2C: git_reference__alloc_symbolic (refs.c:64)
==17702== by 0x62E0AF: loose_lookup (refdb_fs.c:408)
==17702== by 0x62E636: refdb_fs_backend__iterator_next (refdb_fs.c:565)
==17702== by 0x62CD8E: git_refdb_iterator_next (refdb.c:147)
==17702== by 0x6347F2: git_reference_next (refs.c:838)
==17702== by 0x6345CB: git_reference_foreach (refs.c:748)
==17702== by 0x66BE62: local_download_pack (local.c:579)
==17702== by 0x5DB48F: git_fetch_download_pack (fetch.c:148)
==17702== by 0x639028: git_remote_download (remote.c:932)
==17702== by 0x63919A: git_remote_fetch (remote.c:969)
==17702== by 0x4ABEDD: test_fetchhead_nonetwork__fetch_into_repo_with_symrefs (nonetwork.c:362)
==17702== by 0x4125D9: clar_run_test (clar.c:222)
==17702== by 0x41287C: clar_run_suite (clar.c:286)
==17702== by 0x412DDE: clar_test_run (clar.c:433)
==17702== by 0x4105E1: main (main.c:24)
|
|
709e099c
|
2018-04-20T11:00:46
|
|
Merge pull request #4631 from andreasbaumann/struct_stat_file_offset_bits
fixed stack smashing due to wrong size of struct stat on the stack
|
|
fac7eac4
|
2018-04-19T15:21:52
|
|
fixed stack smashing due to wrong size of struct stat on the stack
on 32-bit systems with 64-bit file descriptor offsets enabled
(added -D_FILE_OFFSET_BITS=64 when compiling the test suite)
|
|
d906a879
|
2018-04-17T23:39:54
|
|
Merge pull request #4476 from pks-t/pks/backport-script
scripts: add backporting script
|
|
8529ac9b
|
2018-04-17T23:38:46
|
|
Merge pull request #4524 from pks-t/pks/worktree-refs
worktree: add ability to create worktree with pre-existing branch
|
|
1fd26760
|
2018-04-17T23:33:06
|
|
Merge pull request #4618 from tiennou/fix/pwned-references
refs: preserve the owning refdb when duping reference
|
|
d7f413c0
|
2018-04-17T20:07:36
|
|
crlf: update CHANGELOG
|
|
99ec4fdb
|
2018-04-17T20:06:30
|
|
crlf: wrap line
|
|
2ad24a4e
|
2018-04-17T20:05:35
|
|
tests: add information about the crlf data generator
The CRLF data generator is somewhat obscure; add information about how
to use it and what it does.
|
|
a5115842
|
2017-01-28T18:31:11
|
|
crlf: update checkout logic to reflect Git 2.9+ behaviour
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
ad5a696e
|
2017-01-28T17:11:55
|
|
tests: crlf: update POSIX test data to reflect Git 2.9+ behavior
Update with vanilla Git 2.11.0 on Debian
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
f65eea44
|
2017-01-28T17:08:59
|
|
tests: crlf: update Windows test data to reflect Git 2.9+ behavior
Update with "git version 2.11.0.windows.3"
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
286a6765
|
2018-04-17T14:32:56
|
|
Merge pull request #4522 from csware/submodules-should-report-parse-errors
Submodules-API should report .gitmodules parse errors instead of ignoring them
|
|
e5f32e81
|
2018-04-17T00:08:20
|
|
Merge pull request #4514 from tiennou/fix/pkt-type-enum
Typedef git_pkt_type and clarify recv_pkt return type
|
|
fd634019
|
2018-04-16T15:42:35
|
|
Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env
online::clone: validate user:pass in HTTP_PROXY
|
|
17339cb3
|
2018-04-16T15:35:56
|
|
Merge pull request #4596 from pks-t/pks/ssh-disconnect
transports: ssh: disconnect session before freeing it
|
|
1926163a
|
2018-04-16T15:33:43
|
|
Merge pull request #4622 from pks-t/pks/revwalk-hide-newer-parents
revwalk: fix uninteresting revs sometimes not limiting graphwalk
|
|
69870a67
|
2018-04-16T15:19:37
|
|
Merge pull request #4614 from pks-t/pks/gitignore-trailing-spaces
attr_file: fix handling of directory patterns with trailing spaces
|
|
54fd80e3
|
2018-04-12T13:32:27
|
|
revwalk: fix uninteresting revs sometimes not limiting graphwalk
When we want to limit our graphwalk, we use the heuristic of checking
whether the newest limiting (uninteresting) revision is newer than the
oldest interesting revision. We do so by inspecting whether the first
item's commit time of the user-supplied list of revisions is newer than
the last added interesting revision. This is wrong though, as the user
supplied list is in no way guaranteed to be sorted by increasing commit
dates. This could lead us to abort the revwalk early before applying all
relevant limiting revisions, outputting revisions which should in fact
have been hidden.
Fix the heuristic by instead checking whether _any_ of the limiting
commits was made earlier than the last interesting commit. Add a test.
|
|
c587d806
|
2018-04-12T09:11:26
|
|
Merge pull request #4613 from pks-t/pks/local-fetch-symrefs
transports: local: fix assert when fetching into repo with symrefs
|
|
251d8771
|
2018-04-06T12:24:10
|
|
attr_file: fix handling of directory patterns with trailing spaces
When comparing whether a path matches a directory rule, we pass the
both the path and directory name to `fnmatch` with
`GIT_ATTR_FNMATCH_DIRECTORY` being set. `fnmatch` expects the pattern to
contain no trailing directory '/', which is why we try to always strip
patterns of trailing slashes. We do not handle that case correctly
though when the pattern itself has trailing spaces, causing the match to
fail.
Fix the issue by stripping trailing spaces and tabs for a rule previous
to checking whether the pattern is a directory pattern with a trailing
'/'. This replaces the whitespace-stripping in our ignore file parsing
code, which was stripping whitespaces too late. Add a test to catch
future breakage.
|
|
13a77274
|
2018-02-26T21:33:55
|
|
smart: typo
|
|
2cf9b84c
|
2018-04-11T19:13:42
|
|
smart: free the pkt when we fail to store it
|
|
32586d5e
|
2018-04-11T19:03:57
|
|
smart: separate error handling from pkt handling
|
|
01381149
|
2018-02-26T21:27:10
|
|
smart: make out arguments explicit on recv_pkt
|
|
08961c9d
|
2017-08-22T16:29:07
|
|
smart: typedef git_pkt_type and clarify recv_pkt return type
|
|
cb2da47e
|
2018-03-29T22:14:17
|
|
travis: pass -fPIC when configuring mbedtls
|
|
ca3b2234
|
2018-03-29T22:13:56
|
|
mbedtls: initial support
|
|
10aff3d5
|
2018-03-29T22:14:15
|
|
travis: just grab what we need from mbedtls
|
|
54554757
|
2018-03-29T22:14:14
|
|
cmake: make our preferred backend ordering consistent
|
|
e3d764a4
|
2018-03-29T22:14:12
|
|
tests: clarify comment
|
|
b3e0280d
|
2018-03-29T22:14:11
|
|
mbedtls: display error codes as hex for consistency with mbedTLS docs
Remaining parts of https://github.com/JuliaLang/julia/blob/8d47a314537779c8fb86642c54925613628a91b0/deps/patches/libgit2-mbedtls-fixup.patch
|
|
382ed1e8
|
2018-03-29T22:14:09
|
|
mbedtls: load default CA certificates
|
|
1edde0bc
|
2018-03-29T22:14:08
|
|
mbedtls: use mbedTLS certificate verification
Taken from https://github.com/JuliaLang/julia/blob/8d47a314537779c8fb86642c54925613628a91b0/deps/patches/libgit2-mbedtls-verify.patch, with some modifications.
|
|
4165bb7f
|
2018-03-29T22:14:06
|
|
mbedtls: use our own certificate validation
Otherwise REQUIRED means that `git_stream_certificate` will always error.
We're doing the mbedtls check in verify_server_cert though.
|
|
262dfcf0
|
2018-03-29T22:14:05
|
|
mbedtls: enable Travis CI tests
|
|
ec79b0fd
|
2018-03-29T22:14:04
|
|
mbedtls: fix libgit2 hanging due to incomplete writes
|
|
2419cccd
|
2018-03-29T22:14:02
|
|
mbedtls: default cipher list support
|
|
60e1ad92
|
2018-03-29T22:14:01
|
|
mbedtls: add global initialization
|
|
6c6be3ce
|
2018-03-29T22:13:59
|
|
mbedtls: use libmbedcrypto for hashing
|
|
1a1875f3
|
2018-03-29T22:13:58
|
|
mbedtls: proper certificate verification
|
|
2dc54855
|
2018-04-10T23:49:44
|
|
tests: ensure worktrees' head have owners too
|
|
5e19a7f9
|
2018-04-10T21:16:43
|
|
refs: preserve the owning refdb when duping reference
This fixes a segfault in git_reference_owner on references returned from git_reference__read_head and git_reference_dup ones.
|
|
6c55fbf3
|
2018-04-06T10:39:16
|
|
transports: local: fix assert when fetching into repo with symrefs
When fetching into a repository which has symbolic references via the
"local" transport we run into an assert. The assert is being triggered
while we negotiate the packfile between the two repositories. When
hiding known revisions from the packbuilder revwalk, we unconditionally
hide all references of the local refdb. In case one of these references
is a symbolic reference, though, this means we're trying to hide a
`NULL` OID, which triggers the assert.
Fix the issue by only hiding OID references from the revwalk. Add a test
to catch this issue in the future.
|
|
0eca4230
|
2018-04-06T10:03:09
|
|
Merge pull request #4597 from cjhoward92/fix/cert-check-docs
remote/proxy: fix git_transport_certificate_check_db description
|
|
a57f42ac
|
2018-04-06T09:40:34
|
|
Merge pull request #4587 from rcjsuen/patch-2
Flag options in describe.h as being optional
|
|
83d6327d
|
2018-04-06T09:39:03
|
|
Merge pull request #4611 from erikvanzijst/erik/status_char
diff: Add missing GIT_DELTA_TYPECHANGE -> 'T' mapping.
|
|
e0af6d12
|
2018-04-06T09:33:38
|
|
Merge pull request #4609 from pks-t/pks/appveyor-kxe-typo
appveyor: fix typo in registry key to disable DHE
|
|
cd6a4323
|
2018-04-04T21:29:03
|
|
typo: Fixed a trivial typo in test function.
|
|
bc5ced66
|
2018-04-04T21:28:31
|
|
diff: Add missing GIT_DELTA_TYPECHANGE -> 'T' mapping.
This adds the 'T' status character to git_diff_status_char() for diff
entries that change type.
|
|
3a72b0e2
|
2018-04-03T12:31:35
|
|
appveyor: fix typo in registry key to disable DHE
Commit 723e1e976 (appveyor: disable DHE to avoid spurious failures,
2018-03-29) added a workaround to fix spurious test failures due to a
bug in Windows' SChannel implementation. The workaround only worked by
accident, though, as the registry key was in fact mistyped. Fix the
typo.
|
|
d9007dc8
|
2018-04-03T11:36:27
|
|
Merge pull request #4607 from Sp1l/private/fix-libressl-2.7
Fix build with LibreSSL 2.7
|
|
c42261a3
|
2018-04-03T09:38:38
|
|
Merge pull request #4603 from pks-t/pks/appveyor-winhttp-workaround
appveyor: workaround for intermittent test failures
|
|
b5e0cfa7
|
2018-04-03T09:32:33
|
|
Merge pull request #4601 from bgermann/master
sha1dc: update to fix errors with endianess
|
|
7490d449
|
2018-04-02T20:00:07
|
|
Fix build with LibreSSL 2.7
LibreSSL 2.7 adds OpenSSL 1.1 API
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
|
|
dc27772c
|
2018-03-30T13:12:26
|
|
Merge pull request #4378 from cjhoward92/fix/submodule-add-check-index
submodule: check index for path and prefix before adding submodule
|
|
b3c3415d
|
2018-03-29T14:20:21
|
|
Merge pull request #4602 from pks-t/pks/mempack-memleak
odb: mempack: fix leaking objects when freeing mempacks
|
|
723e1e97
|
2018-03-29T13:35:27
|
|
appveyor: disable DHE to avoid spurious failures
Our CI builds have intermittent failures in our online tests, e.g. with
the message "A provided buffer was too small". This is not a programming
error in libgit2 but rather an error in the SChannel component of
Windows. Under certain circumstances involving Diffie-Hellman key
exchange, SChannel is unable to correctly handle input from the server.
This bug has already been fixed in recent patches for Windows 10 and
Windows Server 2016, but they are not yet available for AppVeyor.
Manually pamper over that issue by disabling all ciphersuites using DHE
via the registry. While this disables more ciphers than necessary, we
really don't care for that at all but just want to avoid build failures
due to that bug.
See [1], [2] or [3] for additional information.
1: https://github.com/aws/aws-sdk-cpp/issues/671
2: https://github.com/dotnet/corefx/issues/7812
3: https://support.microsoft.com/en-us/help/2992611/ms14-066-vulnerability-in-schannel-could-allow-remote-code-execution-n
|
|
fbe52fa3
|
2018-03-29T10:18:51
|
|
util: fix missing headers for MinGW environments
There are multiple references to undefined functions in the Microsoft
builds. Add headers to make them known.
|
|
b6276ae0
|
2018-03-29T09:15:48
|
|
odb: mempack: fix leaking objects when freeing mempacks
When a ODB mempack gets free'd, we take no measures at all to free its
contents, most notably the objects added to the database, resulting in a
memory leak. Call `git_mempack_reset` previous to freeing the ODB
structures themselves, which takes care of releasing all associated
data structures.
|
|
c9e5ba09
|
2018-03-28T17:37:39
|
|
sha1dc: update to fix errors with endianess
This updates the version of SHA1DC to c3e1304ea3.
|
|
69a282da
|
2018-03-28T06:48:55
|
|
submodule: add more robust error handling when a submodule path is found on add
|
|
75203d03
|
2018-03-16T11:18:02
|
|
blame_git: fix coalescing step never being executed
Since blame has been imported from git.git and had its first share of
refactorings in b6f60a4d9 (Clean up ported code, 2013-09-21), the code
is actually not doing the coalescing step of the generated blame. While
the code to do the coalescing does exist, it is never being called as
the function `git_blame__like_git` will directly return from its `while
(true)` loop.
The function that was being imported from git.git was the `assign_blame`
function from "builtin/blame.c" from 717d1462b (git-blame --incremental,
2007-01-28), which hasn't really changed much. Upon taking an initial
look, one can seet hat `coalesce` is actually never getting called in
`assign_blame`, as well, so one may assume that not calling `coalesce`
by accident is actually the right thing. But it is not, as `coalesce` is
being called ever since cee7f245d (git-pickaxe: blame rewritten.,
2006-10-19) after the blame has been done in the caller of
`assign_blame`. Thus we can conclude the code of libgit2 is actually
buggy since forever.
To fix the issue, simply break out of the loop instead of doing a direct
return. Note that this does not alter behaviour in any way visible to
our tests, which is unfortunate. But in order to not diverge from what
git.git does, I'd rather adapt to how it is being done upstream in order
to avoid breaking certain edge cases than to just remove that code.
|
|
9e8bc726
|
2018-03-28T08:55:59
|
|
Merge pull request #4598 from cjhoward92/fix/remove-unused-merge-result
types: remove unused git_merge_result
|
|
370ecdb2
|
2018-03-27T10:10:09
|
|
types: remove unused git_merge_result
`git_merge_result` is currently unused in the codebase and generates a blank page in the [documentation](https://libgit2.github.com/libgit2/#HEAD/type/git_merge_result).
|
|
e6c720ea
|
2018-03-27T10:05:21
|
|
remote/proxy: fix git_transport_certificate_check_db comment
|
|
eb0a3afd
|
2018-03-11T15:35:56
|
|
worktree: Read worktree specific reflog for HEAD
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
e55b5373
|
2018-02-08T12:36:47
|
|
Submodule API should report .gitmodules parse errors
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
c07abd65
|
2018-03-27T07:37:34
|
|
submodule: add better error handling to is_path_occupied
|
|
b282ca79
|
2018-01-06T10:57:32
|
|
submodule: change can_add_submodule to is_path_occupied
|
|
677d393c
|
2017-12-18T10:28:37
|
|
tests: submodule: insert index entries directly into index
|
|
ef9a7749
|
2017-11-19T20:59:59
|
|
submodule: update index check to check path before directory and fix tests
|
|
9371149f
|
2017-10-20T14:24:01
|
|
submodule: fix styling errors
|
|
3e500fc8
|
2017-10-16T19:55:45
|
|
test: submodule: add: join path without slashes
|
|
0a74f391
|
2017-10-16T16:16:03
|
|
test: submodule: add: use p_mkdir to create directories
|
|
ad1c4350
|
2017-10-16T15:30:47
|
|
submodule: check index for prefix before adding submodule
submodule: check path and prefix before adding submodule
submodule: fix test errors
|
|
874ce161
|
2018-03-27T15:03:15
|
|
transports: ssh: replace deprecated function `libssh2_session_startup`
The function `libssh2_session_startup` has been deprecated since libssh2
version 1.2.8 in favor of `libssh2_session_handshake` introduced in the
same version. libssh2 1.2.8 was released in April 2011, so it is already
seven years old. It is available in Debian Wheezy, Ubuntu Trusty and
CentOS 7.4, so the most important and conservative distros already have
it available. As such, it seems safe to just use the new function.
|