src


Log

Author Commit Date CI Message
Edward Thomson b43567d6 2022-07-13T22:25:11 sha256: indirection for experimental functions The experimental function signature is only available when `GIT_EXPERIMENTAL_SHA256` is enabled.
Edward Thomson 433a1334 2022-07-13T21:08:04 Merge pull request #6191 from libgit2/ethomson/sha256_poc RFC: SHA256 proof of concept
Edward Thomson 3c8a860d 2022-07-13T10:19:14 Merge pull request #6348 from lya001/fix-invalid-branch-name Fix creation of branches and tags with invalid names
Edward Thomson be08ef7f 2022-07-12T22:39:25 Update src/libgit2/tag.c
Edward Thomson b70dbaa2 2022-07-12T22:12:36 Merge pull request #6347 from libgit2/ethomson/no_pack_v3 pack: don't pretend we support pack files v3
Edward Thomson f6be8c26 2022-07-12T22:09:25 Apply suggestions from code review
Edward Thomson ed24b8ba 2022-07-05T23:47:15 repo: allow users running with sudo to access their repositories In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior.
Edward Thomson af9e0032 2022-07-02T10:19:33 repo: validate gitdir and gitlink ownership To match git's behavior with CVE 2022-29187, validate not only the working directory, but also the gitdir and gitlink (if it exists). This a follow up to CVE-2022-24765 that was fixed earlier.
yuangli 760a5acc 2022-07-12T15:07:54 Merge branch 'main' into fix-invalid-branch-name
yuangli fe9bfec4 2022-07-11T15:35:15 tag: refactor tag name validity checks
yuangli 7560ac4d 2022-07-11T15:25:51 branches: fix error message for invalid name
yuangli 391afec4 2022-07-11T13:54:38 branch: refactor branch name validity checks
Edward Thomson 4597b869 2022-07-08T21:28:15 pack: don't pretend we support pack files v3 Pack files v3 are introduced in the SHA256 hash transition document https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt Obviously we do not support these yet. Stop pretending that we do.
Edward Thomson 56aaaf53 2022-07-04T16:03:10 repo: allow admin owned configs by admin users Allow users in the administrator group to use git configs that are owned by administrators.
Edward Thomson 5bc01a7d 2022-07-04T16:01:01 fs: allow ownership match if user is in admin group Allow the user ownership to match if the file is owned by the admin group and the user is in the admin group, even if the current process is not running as administrator directly.
Edward Thomson 433f0166 2022-07-04T15:20:59 fs: refactor file ownership checks Refactor the file ownership checks so that callers can provide discrete information about the ownership expectations to a single function.
Edward Thomson df354ec2 2022-07-03T09:07:32 fs: remove mock naming from change ownership constants The file ownership concepts can reflect the actual file ownership, they are not necessarily limited to mocking the interface. Rename them so that they can be more broadly applicable.
Edward Thomson f51f6646 2022-07-02T15:36:07 Revert "repo: allow administrator to own the configuration" This reverts commit cdff2f0237f663e0f68155655a8b66d05c1ec716. This change erroneously allowed system users to own a worktree; this should only be allowed when the current user is in the Administrator group on Windows as well.
Edward Thomson 50a1f637 2022-07-07T00:28:56 Merge pull request #6334 from i-tengfei/fix-rebase-interactive fix interactive rebase detect.
Edward Thomson cdcf5b9c 2022-07-06T23:19:28 rebase: formatting fixes
Kevin Saul 05b2c89d 2022-06-28T21:52:45 config: use correct git_sysdir_find* function within git_config_find* functions
Tengfei 8fa58818 2022-06-28T04:48:57 fix interactive rebase detect.
Edward Thomson 3847522e 2022-06-22T21:14:43 Merge pull request #6303 from zawata/legacy_buffer_stream_segfault filter: Fix Segfault
John Alden f887fd60 2022-06-22T09:22:50 copy back git_buf after callback
Edward Thomson 6c57bac6 2022-06-14T22:29:10 sha256: make sha256 an experimental optional feature libgit2 can be built with optional, experimental sha256 support. This allows consumers to begin testing and providing feedback for our sha256 support while we continue to develop it, and allows us to make API breaking changes while we iterate on a final sha256 implementation. The results will be `git2-experimental.dll` and installed as `git2-experimental.h` to avoid confusion with a production libgit2.
Edward Thomson d1036201 2022-06-18T16:10:38 meta: generated `features.h` is now `git2_features.h` Linux has a /usr/include/features.h, which gets confusing; update this to `git2_features.h` and move it into the `util` directory.
Edward Thomson 04f34688 2022-01-26T13:10:01 odb_loose: SHA256 support for loose object storage Teach the loose object database how to cope with SHA256 objects.
Edward Thomson 162c996b 2022-01-25T13:43:02 oid: add git_oid_fmt_substr Tidy up `nfmt` / `pathfmt`.
Edward Thomson 4d7ec76c 2021-12-12T09:19:25 odb: add git_odb_loose_backend_options Move the arguments to `git_odb_loose` into an options structure.
Edward Thomson dbccfc20 2022-01-26T13:57:48 odb: accept an oid type in options Allow the object database to take an oid type that it supports. This oid type will be used to validate the objects that the backends provide.
Edward Thomson 3eba9181 2022-01-26T13:02:49 odb: add git_odb_options Users will need to be able to specify the object id type for the given object database; add a new `git_odb_options` with that option.
Edward Thomson 8444b6dc 2022-01-26T13:07:28 odb_hash*: accept the oid type to hash into The git_odb_hash helper functions should not assume SHA1, and instead should be given the oid type that they're producing.
Edward Thomson c50b280f 2022-01-26T13:08:24 oid: provide an oid type to hash type map We intentionally separate oid types from hash types; a hash is a generic hunk of bytes, an object id has meaning and backs an object on disk. As a result of this separation, we need a 1:1 mapping.
Edward Thomson 0db1c57c 2022-01-25T10:32:47 oid: add sha256 typed oids
Edward Thomson 3fbf580c 2022-01-23T09:47:01 oid: give oids a type `git_oid`s now have a type, and we require the oid type when creating the object id from creation functions.
John Alden e0a8b4e8 2022-06-16T13:26:52 fix indentation, copy asize
Edward Thomson 61838295 2022-01-26T16:22:04 object: move oid header printing to object
Edward Thomson b7a46fa8 2022-01-23T12:25:03 object: move oid header parsing to object
Edward Thomson 0b068214 2021-12-11T15:34:27 oid: add functions to inspect oid information Provide helper functions to provide information about the object id size given its type.
Edward Thomson 0acaf3a8 2022-01-17T13:40:37 oid: define GIT_OID_SHA1_ZERO Callers should not assume the layout of the oid structure; provide them a macro that defines the null / zero sha1 object id.
Edward Thomson dbc4ac1c 2022-01-22T23:10:03 oid: `GIT_OID_*SZ` is now `GIT_OID_SHA1_*SIZE` In preparation for SHA256 support, `GIT_OID_RAWSZ` and `GIT_OID_HEXSZ` need to indicate that they're the size of _SHA1_ OIDs.
John Alden e2ea138d 2022-06-14T08:47:50 Address feedback Co-authored-by: Edward Thomson <ethomson@github.com>
Edward Thomson cdff2f02 2022-06-13T21:34:01 repo: allow administrator to own the configuration Update our ownership checks that were introduced in libgit2 v1.4.3 (to combat CVE 2022-24765). These were not compatible with git's; git itself allows administrators to own the path. Our checks now match this behavior.
Edward Thomson 96c61174 2022-06-13T11:19:55 cmake: only use `getloadavg` where it exists
Edward Thomson 3809ab0e 2022-06-13T10:50:40 cmake: add `gnu` library for Haiku
Edward Thomson 9bc82c8f 2022-06-13T10:46:21 cmake: detect `getentropy` Look for `getentropy` and flag its existence.
Edward Thomson 7eb7edd4 2022-06-12T10:51:13 Merge pull request #6278 from lhchavez/git_transport_smart_remote_connect_options transport: introduce `git_transport_smart_remote_connect_options`
Edward Thomson d333dbea 2022-06-12T10:40:12 Merge pull request #6288 from libgit2/cmn/mwindow-simplifications A couple of simplications around mwindow
lhchavez 0a7c00be 2022-06-11T14:31:16 Merge remote-tracking branch 'origin/main' into main
lhchavez a7541676 2022-06-11T14:29:15 Apply suggestions from code review Co-authored-by: Edward Thomson <ethomson@github.com>
Edward Thomson 2b28ee77 2022-06-11T16:51:04 Merge pull request #6319 from libgit2/ethomson/progress_32bit CLI: progress updates
Edward Thomson 28d2ea1d 2022-06-11T16:50:56 Merge pull request #6305 from zawata/fix_refdb_error_msg refs: fix missing error message
Edward Thomson 4f7b568d 2022-06-11T16:26:50 Merge pull request #6291 from libgit2/cmn/midx-no-hash midx: do not verify the checksum on load
Edward Thomson 3a737169 2022-06-11T16:14:11 progress: fewer updates about throughput Avoid too much flashing on the console with updates about throughput. Only update throughput once a second.
Edward Thomson 286e7f0a 2022-06-11T16:08:28 cli: show progress on 32 bit machines
Colin Stolley 97954ee5 2022-05-20T09:06:50 Replace bitwise AND 0x7fffffff with XOR 0x80000000. Though both are correct, this makes it clear that we're dealing with the same value.
Colin Stolley 8a765c72 2022-05-19T16:33:57 midx: fix large object offset table check. It's insufficient to only check if the offset high order bit is set, we must also check to see if object_large_offsets are in use. This bug is causing objects to appear missing because they can't be found in the index.
John Alden 640e8a63 2022-05-17T11:01:43 fix missing error message
John Alden 9c3edca5 2022-05-13T15:05:05 Call legacy_write_fn if given
Carlos Martín Nieto a3f9617b 2022-05-03T14:09:40 midx: do not verify the checksum on load This is something we only want to do during explicit verification rather than on every load. Verifying does not seem like a big deal when we're running with test workloads but once your `multi-pack-index` reaches gigabytes, we spend more time hashing this than doing any work.
Carlos Martín Nieto 0f594445 2022-04-29T10:50:02 mwindow: use multiplication instesad of conditionals This is a very verbose way of performing a comparison where we already have the identity value with both signs. Instead of chainging several conditions, we can rely on the maths working out.
Carlos Martín Nieto 55c84333 2022-04-29T10:32:45 mwindow: include both the offset and the extra in the same call This makes it a bit easier to read while letting the caller specify how big the hash size is for this particular call.
Edward Thomson 13502d9e 2022-04-25T09:22:02 Merge pull request #6274 from libgit2/ethomson/cli_clone cli: clone
Edward Thomson 3b52e5f5 2022-04-18T17:12:27 Merge pull request #6265 from libgit2/ethomson/sha256_two sha256: refactoring in preparation for sha256
lhchavez 1d88605c 2022-04-16T08:19:38 transport: introduce `git_transport_smart_remote_connect_options` 6fc6eeb66c40310086c8f059cae41de69ad4c6da removed `git_transport_smart_proxy_option`, and there was nothing added to replace it. That made it hard for custom transports / smart subtransports to know what remote connect options to use (e.g. proxy options). This change introduces `git_transport_smart_remote_connect_options` to replace it.
Edward Thomson 8a757ae2 2020-04-04T18:31:00 cli: introduce a clone command
Edward Thomson 7babe76f 2020-05-12T08:56:55 cli: introduce signal handler Provide a mechanism to add a signal handler for Unix or Win32.
Edward Thomson 48506f2b 2020-04-04T18:29:34 cli: introduce a progress class Provide a class that will display progress information to the console. Initially, it contains callbacks for fetch progress and checkout progress.
Edward Thomson 4161ebdd 2022-04-11T21:31:25 repo: make ownership checks optional Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can disable repository ownership validation.
Edward Thomson fa366921 2022-04-11T15:18:44 repo: honor safe.directory during ownership checks Obey the `safe.directory` configuration variable if it is set in the global or system configuration. (Do not try to load this from the repository configuration - to avoid malicious repositories that then mark themselves as safe.)
Edward Thomson f7f7e835 2022-04-11T13:04:26 repo: refactor global config loader function Pull the global configuration loader out of the symlink check so that it can be re-used.
Edward Thomson c0b7f88e 2022-04-11T17:06:55 fs_path: mock ownership checks Provide a mock for file ownership for testability.
Edward Thomson c0dfd1ad 2022-04-11T09:56:26 repo: ensure that repo dir is owned by current user Ensure that the repository directory is owned by the current user; this prevents us from opening configuration files that may have been created by an attacker.
Edward Thomson bf2620bc 2022-04-10T21:29:43 fs_path: refactor ownership checks into current user and system Provide individual file ownership checks for both the current user and the system user, as well as a combined current user and system user check.
Edward Thomson 71049b4a 2022-01-22T09:03:34 midx: use raw oid data A multi-pack index uses raw oid data, use a byte array to index into them.
Edward Thomson 41d4ac51 2022-01-22T08:49:06 index: use raw oid data The index contains entries with raw oid data, use a byte array for the raw entry data.
Edward Thomson 4fc3ce15 2022-01-22T07:46:41 pack: use raw oid data A packfile contains arrays of raw oid data, use a byte array to index into them.
Edward Thomson c2b3b0d8 2022-01-21T19:38:13 commit_graph: use raw oid data The commit graph contains arrays of raw oid data, use a byte array to index into them.
Edward Thomson 9ffa33a1 2022-01-22T08:48:43 oid: introduce `git_oid_raw_cpy` Now that oids are type-aware, they use their type to understand how many bytes to copy. Some callers may need to copy the raw bytes of the object id. This is equivalent to a memcpy that is a little more semantic.
Edward Thomson 6d8c7cab 2022-01-21T19:37:53 oid: introduce `git_oid_raw_ncmp`
Edward Thomson 526e8869 2022-01-21T19:17:40 oid: `hashcmp` is now `raw_cmp` We will talk about "raw" oids as untyped blobs of data; use a name for the comparison function that is in keeping with that.
Edward Thomson c569738c 2022-01-22T08:55:41 indexer: write raw id data Don't write the object id structure, write its raw oid data.
Edward Thomson 563751d1 2022-01-22T06:42:50 treecache: write the raw id not the object We explicitly want to write on the id data, not the beginning of the object data, which may contain other information in the future.
Edward Thomson 831e20ac 2022-01-22T06:39:38 oidmap: hash on the id, not the object We explicitly want to hash on the id data, not the beginning of the object data, which may contain other information in the future.
Edward Thomson 590ff981 2022-01-21T19:49:09 oid: don't assume the size of an oid Don't assume that a `git_oid` is a particular size; allocate `sizeof(git_oid)` instead.
Edward Thomson ab042161 2022-01-18T08:12:18 tree: move git_oid into tree entry A tree entry previously pointed directly into the object id within the tree object itself; this is useful to avoid any unnecessary memory copy (and an unnecessary use of 40 bytes per tree entry) but difficult if we change the underlying `git_oid` object to not simply be a raw object id but have additional structure. This commit moves the `git_oid` directly into the tree entry; this simplifies the tree entry creation from user data. We now copy the `git_oid` into place when parsing.
Edward Thomson 7e8d9be0 2022-04-10T09:45:51 Merge pull request #6260 from lhchavez/midx-fix-ub midx: Fix an undefined behavior (left-shift signed overflow)
Edward Thomson 606afeda 2022-04-10T09:44:41 Merge pull request #6244 from jorio/fix-diff_delta_format_path-crash Fix crash when regenerating a patch with unquoted spaces in filename
Edward Thomson 71bb92b5 2022-04-10T09:25:54 Update src/libgit2/diff_print.c
Edward Thomson cd8fde82 2022-04-05T22:40:28 Merge pull request #6258 from libgit2/ethomson/sha256_openssl_dynamic sha256: support dynamically loaded openssl
lhchavez 33b1d3fd 2022-04-05T13:10:33 [midx] Fix an undefined behavior (left-shift signed overflow) There was a missing check to ensure that the `off64_t` (which is a signed value) didn't overflow when parsing it from the midx file. This shouldn't have huge repercusions since the parsed value is immediately validated afterwards, but then again, there is no such thing as "benign" undefined behavior. This change makes all the bitwise arithmetic happen with unsigned types and is only casted to `off64_t` until the very end. Thanks to Taotao Gu for finding and reporting this!
Edward Thomson d8015d28 2022-04-04T13:30:27 Merge pull request #6251 from libgit2/ethomson/oid_fetch fetch: support OID refspec without dst
Edward Thomson 3bd9bb8d 2022-04-04T13:28:40 sha256: support dynamically loaded openssl
Edward Thomson 0e30becc 2021-12-13T17:49:57 sha: cast nonsense for obnoxious gcc warnings gcc (mingw) warns when you cast the result of `GetProcAddress`; cast the results to `void *` before casting them to the actual result.
Edward Thomson ce78c83b 2021-12-13T15:31:21 sha: ensure we test both cng and cryptoapi on windows When GIT_SHA1_WIN32 or GIT_SHA256_WIN32 is used, ensure that we test both CryptoNG ("cng") and CryptoAPI.
Edward Thomson 6a7d5d23 2021-12-13T11:54:49 sha: support Win32 for SHA256 Adding SHA256 support prompted an overdue refactoring of some of the unnecessary complexity around the CNG/CryptoAPI abstraction.
Edward Thomson 6b4a6faa 2021-12-12T15:41:47 sha: support OpenSSL for SHA256
Edward Thomson b3e3fa10 2021-12-12T15:34:35 sha: support mbedTLS for SHA256
Edward Thomson 83c27786 2021-12-12T15:14:21 sha: support CommonCrypto for SHA256
Edward Thomson b900981c 2021-12-12T14:25:25 sha: add sha256 algorithm Add support for a SHA256 hash algorithm, and add the "builtin" SHA256 hash engine (from RFC 6234).