kmx git

Commit	Date	Message
e51e29e8	2017-11-12T13:59:47	config_parse: have `git_config_parse` own entry value and name The function `git_config_parse` uses several callbacks to pass data along to the caller as it parses the file. One design shortcoming here is that strings passed to those callbacks are expected to be freed by them, which is really confusing. Fix the issue by changing memory ownership here. Instead of expecting the `on_variable` callbacks to free memory for `git_config_parse`, just do it inside of `git_config_parse`. While this obviously requires a bit more memory allocation churn due to having to copy both name and value at some places, this shouldn't be too much of a burden.
e212011b	2018-06-18T12:33:34	Merge pull request #4685 from csware/no-git_buf_free Fix last references to deprecated git_buf_free
cc9c9522	2018-06-18T12:10:17	Merge pull request #4606 from libgit2/cmn/revwalk-iteration revwalk: avoid walking the entire history when output is unsorted
b5818dda	2018-06-18T13:05:08	Fix last references to deprecated git_buf_free Signed-off-by: Sven Strickroth <email@cs-ware.de>
ff98fec0	2018-06-18T10:25:07	revwalk: formatting updates
96882f20	2018-06-18T10:13:11	Merge pull request #4586 from emilio/mailmap Add mailmap support.
f98131be	2018-06-17T00:40:25	Require the length argument to git_mailmap_from_buffer and make mailmap_add_buffer internal
0ecf0e33	2018-06-16T09:35:10	Merge pull request #4683 from pks-t/pks/tree-unused-functions tree: remove unused functions
f0a1d76a	2018-06-15T13:21:59	tree: remove unused function `git_tree__prefix_position`
31f6b529	2018-06-15T13:21:08	tree: remove unused function `git_tree_entry_icmp`
678fa45b	2018-06-15T11:34:04	Merge pull request #4678 from staticfloat/sf/mbedtls_linkage Link `mbedTLS` libraries in when `SHA1_BACKEND` == "mbedTLS"
9faf36a6	2018-06-14T22:48:58	mailmap: git_buf_free => git_buf_dispose
56303e1a	2018-05-07T11:59:00	mailmap: API and style cleanup
8ff0504d	2018-04-08T03:01:14	mailmap: Rewrite API to support accurate mailmap resolution
18ff9bab	2018-03-27T22:48:03	mailmap: API and style cleanup
d91d2968	2018-06-14T16:49:48	mailmap: Hide EEXISTS to simplify git_mailmap_add_entry callers
c1a85ae2	2018-06-04T11:36:44	mailmap: Free the mailmap vector
44112db2	2018-03-17T17:34:42	mailmap: Be consistent about checking len vs. len > 0 Not that it matters much anyway but...
ae5ee182	2018-03-17T17:33:48	mailmap: git_vector_get already checks bounds
57cfeab9	2018-03-26T15:05:37	mailmap: Switch mailmap parsing to use the git_parse module
4ff44be8	2018-03-17T18:24:15	mailmap: Fix more bugs which snuck in when I rebased
e3dcaca5	2018-03-17T18:15:01	mailmap: Integrate mailmaps with blame and signatures
b05fbba3	2018-03-17T18:14:31	mailmap: Make everything a bit more style conforming
7bafd175	2018-03-18T01:39:57	mailmap: Don't error out when there's junk at the end of the line Also matches git.
59fbf9cf	2018-03-17T18:29:34	mailmap: Don't return a freed pointer, even if we return an error code
97bc8988	2018-03-17T17:40:24	mailmap: Do not error out when the mailmap contains an invalid line This matches git.
ae222136	2018-03-17T02:33:48	mailmap: Some more style cleanup
49620359	2018-03-17T02:29:41	mailmap: Clean up mailmap parser, and finish API
7a169390	2018-03-15T16:34:30	mailmap: WIP mailmap support
3be73011	2018-06-11T18:26:22	Merge pull request #4436 from pks-t/pks/packfile-stream-free pack: rename `git_packfile_stream_free`
b89162af	2018-06-10T17:26:08	Link `mbedTLS` libraries in when `SHA1_BACKEND == "mbedTLS"`
90c6fb0f	2018-06-10T17:33:06	Fix typo in adding `hash_mbedtls.c` to `SRC_SHA1`
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
56ffdfc6	2018-02-08T11:14:30	buffer: deprecate `git_buf_free` in favor of `git_buf_dispose`
c8ee5270	2017-12-08T09:05:58	pack: rename `git_packfile_stream_free` The function `git_packfile_stream_free` frees all state of the packfile stream without freeing the structure itself. This naming makes it hard to spot whether it will try to free the pointer itself or not, causing potential future errors. Due to this reason, we have decided to name a function freeing state without freeing the actual struture a "dispose" function. Rename `git_packfile_stream_free` to `git_packfile_stream_dispose` as a first example following this rule.
795a5b28	2018-06-09T18:36:21	Merge pull request #4668 from novalis/bad-stash Fix stash save bug with fast path index check
44788c96	2018-06-09T18:00:23	Merge pull request #4662 from pks-t/pks/gitfile-api path: unify `git_path_is_*` APIs
bc0f3227	2018-06-09T17:59:46	Merge pull request #4670 from pks-t/pks/ignore-leadingdir Fix negative gitignore rules with leading directories
08b318c0	2018-03-14T10:43:00	stdalloc: extend allocators by file and line Our desired architecture would make allocators completely pluggable, such that users of libgit2 can swap out memory allocators at runtime. While making e.g. debugging easier by not having to do a separate build, this feature can also help maintainers of bindings for libgit2 by tying the memory allocations into the other language's memory system. In order to do so, though, we first need to make our two different pre-existing allocators "stdalloc" and "crtdbg" have the same function signatures, as the "crtdbg" allocators all have an additional file and line argument. This is required to build correct stack traces for debugging memory allocations. As that feature may also be interesting to authors of other applications for debugging libgit2, we now simply add these arguments to our standard allocators. Obviously, this may come with a performance penalty. During some simple benchmarks no real impact could be measured though in contrast to a simple pluggable allocator. The following table summarizes the benchmarks. There were three different builds with our current standard allocator ("standard"), with pluggable authenticators accessed via function pointers ("pluggable") and for pluggable authenticators with file and line being added ("fileline"). Furthermore, there were three scenarios for 100.000.000 allocations of 100B ("small alloc"), 100.000.000 allocations of 100KB ("medium alloc"), and 1.000.000 allocations of 100MB. All results are best of 10 runs. \|------------\|-------------------\|-------------------\|-------------------\| \| build/test \| small alloc \| medium alloc \| big alloc \| \|------------\|-------------------\|-------------------\|-------------------\| \| standard \| 4539779566, +0.0% \| 5912927186, +0.0% \| 5166935308, +0.0% \| \|------------\|-------------------\|-------------------\|-------------------\| \| pluggable \| 4611074505, +1.5% \| 5979185308, +1.1% \| 5388776352, +4.2% \| \|------------\|-------------------\|-------------------\|-------------------\| \| fileline \| 4588338192, +1.1% \| 6004951910, +1.5% \| 4942528135, -4.4% \| \|------------\|-------------------\|-------------------\|-------------------\| As can be seen, there is a performance overhead for pluggable allocators. Furthermore, it can also be seen that there is some big variance between runs, especially in the "big alloc" scenario. This is probably being caused by nondeterministic behaviour in the kernel for dynamic allocations. Still, it can be observed that there should be no real difference between the "pluggable" and "fileline" allocators.
d2e996fa	2018-03-14T10:36:14	util: extract allocators into its own "alloc.h" header Our "util.h" header is a grabbag of various different functions, where many don't have a clear group they belong to. Our set of allocator functions though can be clearly singled out as a single group of functions that always belongs together. Furthermore, we will need to implement additional functions relating to our allocators subsystem when moving to pluggable allocators. Thus, we should just move these functions into their own "alloc" module.
c47f7155	2018-03-14T10:34:59	util: extract `stdalloc` allocator into its own module Right now, the standard allocator is being declared as part of the "util.h" header as a set of inline functions. As with the crtdbg allocator functions, these inline functions make it hard to convert to function pointers for our allocators. Create a new "stdalloc" module containing our standard allocations functions to split these out. Convert the existing allocators to macros which make use of the stdalloc functions.
496b0df2	2018-03-14T10:28:50	win32: crtdbg: provide independent `free` function Currently, the `git__free` function is being defined in a single place, only, disregarding whether we use our standard allocators or the crtdbg allocators. This makes it a bit harder to convert our code base to use pluggable allocators, and furthermore makes the border between our two allocators a bit more blurry. Implement a separate `git__crtdbg__free` function for the crtdbg allocator in order to completely separate both allocator implementations.
aab8f87b	2018-03-14T10:27:13	win32: crtdbg: internalize implementation of allocators The crtdbg allocators are currently being implemented as inline functions as part of the "w32_crtdbg_stacktrace.h" header. As we are moving towards pluggable allocators with the help of function pointers, though, we cannot make use of inlining anymore. Instead, we can only have a single implementation of these allocating functions. Move all implementations of the crtdbg allocators into "w32_crtdbg_stacktrace.c".
74b7ddbf	2018-03-16T10:14:50	settings: allow swapping out memory allocator Tie in the newly created infrastructure for swapping out memory allocators into our settings code. A user can now simply use the new option "GIT_OPT_SET_ALLOCATOR" with `git_libgit2_opts`, passing in an already initialized allocator structure as vararg.
9865cd16	2018-03-20T14:23:49	alloc: make memory allocators use function pointers Currently, our memory allocators are being redirected to the correct implementation at compile time by simply using macros. In order to make them swappable at runtime, this commit reshuffles that by instead making use of a global "git_allocator" structure, whose pointers are set up to reference the allocator functions. Like this, it becomes easy to swap out allocators by simply setting these function pointers. In order to initialize a "git_allocator", our provided allocators "stdalloc" and "crtdbg" both provide an init function. This is being called to initialize a passed in allocator struct and set up its members correctly. No support is yet included to enable users of libgit2 to switch out the memory allocator at a global level.
422cd59b	2018-06-07T12:49:55	Merge pull request #4655 from glaubitz/alignment index: Fix alignment issues in write_disk_entry()
5a7d454b	2018-06-04T12:56:08	Fix stash save bug with fast path index check If the index contains stat data for a modified file, and the file is not racily dirty, and there exists an untracked working tree directory alphabetically after that file, and there are no other changes to the repo, then git_stash_save would fail. It would confuse the untracked working tree directory for the modified file, because they have the same sha: zero. The wt directory has a sha of zero because it's a directory, and the file would have a zero sha because we wouldn't read the file -- we would just know that it doesn't match the index. To fix this confusion, we simply check mode as well as SHA.
20306d36	2018-06-06T14:31:28	Merge pull request #4665 from neithernut/fix-refdb-glob refdb_fs: fix regression: failure when globbing for non-existant references
54990d75	2018-06-06T08:36:43	Merge pull request #4641 from pks-t/pks/submodule-names-memleak Detect duplicated submodules for the same path
d22fd81c	2018-06-05T16:46:07	ignore: remove now-useless check for LEADINGDIR When checking whether a rule negates another rule, we were checking whether a rule had the `GIT_ATTR_FNMATCH_LEADINGDIR` flag set and, if so, added a "/*" to its end before passing it to `fnmatch`. Our code now sets `GIT_ATTR_FNMATCH_NOLEADINGDIR`, thus the `LEADINGDIR` flag shall never be set. Furthermore, due to the `NOLEADINGDIR` flag, trailing globs do not get consumed by our ignore parser anymore. Clean up code by just dropping this now useless logic.
20b4c175	2018-06-05T16:12:58	ignore: fix negative leading directory rules unignoring subdirectory files When computing whether a file is ignored, we simply search for the first matching rule and return whether it is a positive ignore rule (the file is really ignored) or whether it is a negative ignore rule (the file is being unignored). Each rule has a set of flags which are being passed to `fnmatch`, depending on what kind of rule it is. E.g. in case it is a negative ignore we add a flag `GIT_ATTR_FNMATCH_NEGATIVE`, in case it contains a glob we set the `GIT_ATTR_FNMATCH_HASGLOB` flag. One of these flags is the `GIT_ATTR_FNMATCH_LEADINGDIR` flag, which is always set in case the pattern has a trailing "/" or in case the pattern is negative. The flag causes the `fnmatch` function to return a match in case a string is a leading directory of another, e.g. "dir/" matches "dir/foo/bar.c". In case of negative patterns, this is wrong in certain cases. Take the following simple example of a gitignore: dir/ !dir/ The `LEADINGDIR` flag causes "!dir/" to match "dir/foo/bar.c", and we correctly unignore the directory. But take this example: .test !dir/* We expect everything in "dir/" to be unignored, but e.g. a file in a subdirectory of dir should be ignored, as the "" does not cross directory hierarchies. With `LEADINGDIR`, though, we would just see that "dir/" matches and return that the file is unignored, even if it is contained in a subdirectory. Instead, we want to ignore leading directories here and check ".test". Afterwards, we have to iterate up to the parent directory and do the same checks. To fix the issue, disallow matching against leading directories in gitignore files. This can be trivially done by just adding the `GIT_ATTR_FNMATCH_NOLEADINGDIR` to the spec passed to `git_attr_fnmatch__parse`. Due to a bug in that function, though, this flag is being ignored for negative patterns, which is fixed in this commit, as well. As a last fix, we need to ignore rules that are supposed to match a directory when our path itself is a file. All together, these changes fix the described error case.
05e891f1	2018-06-01T08:44:30	refdb_fs: test whether the base directory exists when globbing This commit fixes a regression introduced by 20a2b02d9a1bcb4825ec49605146223c565dcacf The commit introduced an optimization for finding references using a glob: rather than iterating over all references and matching each one against the glob, we would iterate only over references within the directory common to all possible references which may match against the glob. However, contrary to the `ref/` directory, which was the previous entry point for the iteration, this directory may not exist. In this case, the optimization causes an error (`ENOENT`) rather than the iterator simply yielding no references. This patch fixes the regression by checkign for this specific case.
93271f59	2018-05-25T01:41:33	index: Fix alignment issues in write_disk_entry() In order to avoid alignment issues on certain target architectures, it is necessary to use memcpy() when modifying elements of a struct inside a buffer returned by git_filebuf_reserve().
92159bd4	2018-05-30T12:18:04	path: unify `git_path_is_*` APIs Right now, there's quite a lot of different function calls to determine whether a path component matches a specific name after normalization from the filesystem. We have a function for each of {gitattributes, gitmodules, gitignore} multiplicated with {generic, NTFS, HFS} checks. In the long time, this is unmaintainable in case there are e.g. new filesystems with specific semantics, blowing up the number of functions we need to implement. Replace all functions with a simple `git_path_is_gitfile` function, which accepts an enum pointing out the filename that is to be checked against as well as the filesystem normalizations to check for. This greatly simplifies implementation at the expense of the caller having to invoke a somewhat longer function call.
8a14846b	2018-05-30T10:51:10	Merge pull request #4661 from laomaiweng/patch-1 streams: openssl: add missing check on OPENSSL_LEGACY_API
9c698a25	2018-05-30T10:34:58	submodule: remove useless mask computations Previous to dfda2f68e (submodule: remove the per-repo cache, 2015-04-27), we tried to cache our submodules per repository to avoid having to reload it too frequently. As it created some headaches with regards to multithreading, we removed that cache. Previous to that removal, we had to compute what submodule status to refresh. The mask computation was not removed, though, resulting in confusing and actually dead code. While it seems like the mask is currently in use in a conditional, it is not, as we unconditionally assign to the mask previous to that condition. Remove all mask computations to clean up stale code.
cf5030a3	2018-05-30T08:38:28	submodule: refactor loading submodule names The function `load_submodule_names` was always being called with a newly allocated string map, which was then getting filled by the function. Move the string map allocation into `load_submodule_names`, instead, and pass the whole map back to the caller in case no error occurs. This change helps to avoid misuse by handing in pre-populated maps.
b2a389c8	2018-05-30T08:35:06	submodule: detect duplicated submodule paths When loading submodule names, we build a map of submodule paths and their respective names. While looping over the configuration keys, we do not check though whether a submodule path was seen already. This leads to a memory leak in case we have multiple submodules with the same path, as we just overwrite the old value in the map in that case. Fix the error by verifying that the path to be added is not yet part of the string map. Git does not allow to have multiple submodules for a path anyway, so we now do the same and detect this duplication, reporting it to the user.
36ae5c93	2018-05-30T08:25:19	Merge pull request #4656 from tiennou/fix/mbedtls-no-pkgconfig mbedtls: don't require mbedtls from our pkgconfig file
b1cab70b	2018-05-30T02:15:09	streams: openssl: add missing check on OPENSSL_LEGACY_API The `CRYPTO_THREADID` type is no longer available in OpenSSL ≥ 1.1.0 with deprecated features disabled, and causes build failures. Since the `threadid_cb()` function is only ever called by `git_openssl_set_locking()` when `defined(OPENSSL_LEGACY_API)`, only define it then.
7f6c1ce9	2018-05-29T21:04:39	Merge pull request #4660 from libgit2/cmn/submodule-traversal Fixes for CVE 2018-11235
64a78a80	2018-05-25T09:28:52	mbedtls: don't require mbedtls from our pkgconfig file mbedTLS has no pkgconfig file, hence we can't require it. For now, pass its link flags as our own.
9e723db8	2018-05-24T20:28:36	submodule: plug leaks from the escape detection
c16ebaa6	2018-05-24T19:05:59	submodule: replace index with strchr which exists on Windows
91a4849d	2018-05-24T19:00:13	submodule: the repostiory for _name_is_valid should not be const We might modify caches due to us trying to load the configuration to figure out what kinds of filesystem protections we should have.
1f570a29	2018-05-23T08:40:17	path: check for a symlinked .gitmodules in fs-agnostic code We still compare case-insensitively to protect more thoroughly as we don't know what specifics we'll see on the system and it's the behaviour from git.
a7168b47	2018-05-22T16:13:47	path: reject .gitmodules as a symlink Any part of the library which asks the question can pass in the mode to have it checked against `.gitmodules` being a symlink. This is particularly relevant for adding entries to the index from the worktree and for checking out files.
58ff913a	2018-05-22T15:48:38	index: stat before creating the entry This is so we have it available for the path validity checking. In a later commit we will start rejecting `.gitmodules` files as symlinks.
02c80ad7	2018-05-22T15:21:08	path: accept the name length as a parameter We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.
490cbaa9	2018-05-22T13:58:24	path: expose dotgit detection functions per filesystem These will be used by the checkout code to detect them for the particular filesystem they're on.
177dcfc7	2018-05-18T15:16:53	path: hide the dotgit file functions These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.
0aa65f8d	2018-05-16T15:56:04	path: add functions to detect .gitconfig and .gitattributes
9de97ae7	2018-05-16T15:42:08	path: add a function to detect an .gitmodules file Given a path component it knows what to pass to the filesystem-specific functions so we're protected even from trees which try to use the 8.3 naming rules to get around us matching on the filename exactly. The logic and test strings come from the equivalent git change.
22973e09	2018-05-16T14:47:04	path: provide a generic function for checking dogit files on NTFS It checks against the 8.3 shortname variants, including the one which includes the checksum as part of its name.
0283fc46	2018-05-16T11:56:04	path: provide a generic dogit checking function for HFS This lets us check for other kinds of reserved files.
397abe98	2018-05-14T16:03:15	submodule: also validate Windows-separated paths for validity Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to protect Windows users. Ideally we would check for both separators without the need for the copied string, but this'll get us over the RCE.
6b15ceac	2018-04-30T13:47:15	submodule: ignore submodules which include path traversal in their name If the we decide that the "name" of the submodule (i.e. its path inside `.git/modules/`) is trying to escape that directory or otherwise trick us, we ignore the configuration for that submodule. This leaves us with a half-configured submodule when looking it up by path, but it's the same result as if the configuration really were missing. The name check is potentially more strict than it needs to be, but it lets us re-use the check we're doing for the checkout. The function that encapsulates this logic is ready to be exported but we don't want to do that in a security release so it remains internal for now.
f9cf9a04	2018-05-09T14:51:57	Merge pull request #4642 from pks-t/pks/cmake-resolve-pkgconfig cmake: resolve libraries found by pkg-config
0a19c151	2018-05-09T14:14:06	Merge pull request #4629 from neithernut/enhance-glob-perf refdb_fs: enhance performance of globbing
81c9894f	2018-05-09T14:06:57	Merge pull request #4645 from pks-t/pks/racy-init-deinit global: adjust init count under lock
6c2939d6	2018-05-09T13:57:17	Merge pull request #4646 from pks-t/pks/gcc-8.1-warnings Fix GCC 8.1 warnings
8ab470f5	2018-04-27T15:31:43	cmake: remove now-useless LIBGIT2_LIBDIRS handling With the recent change of always resolving pkg-config libraries to their full path, we do not have to manage the LIBGIT2_LIBDIRS variable anymore. The only other remaining user of LIBGIT2_LIBDIRS is winhttp, which is a CMake-style library target and can thus be resolved by CMake automatically. Remove the variable to simplify our build system a bit.
0f62e4c7	2018-04-27T10:38:49	cmake: resolve libraries found by pkg-config Libraries found by CMake modules are usually handled with their full path. This makes linking against those libraries a lot more robust when it comes to libraries in non-standard locations, as otherwise we might mix up libraries from different locations when link directories are given. One excemption are libraries found by PKG_CHECK_MODULES. Instead of returning libraries with their complete path, it will return the variable names as well as a set of link directories. In case where multiple sets of the same library are installed in different locations, this can lead the compiler to link against the wrong libraries in the end, when link directories of other dependencies are added. To fix this shortcoming, we need to manually resolve library paths returned by CMake against their respective library directories. This is an easy task to do with `FIND_LIBRARY`.
a82082d0	2018-04-20T08:38:50	worktree: a worktree can be made from a bare repository
c7964c22	2018-04-18T22:40:46	repository: being a worktree means we're not really bare We were previously conflating any error into GIT_ENOTFOUND, which might or might not be correct. This fixes the code so a config error is bubbled up, as well as preserving the semantics in the face of worktree-repositories
bb468ada	2018-05-07T13:44:15	Merge pull request #4542 from stanhu/sh-sanitize-utf8-hunk-header Sanitize the hunk header to ensure it contains UTF-8 valid data
9d83a2b0	2018-02-22T22:55:50	Sanitize the hunk header to ensure it contains UTF-8 valid data The diff driver truncates the hunk header text to 80 bytes, which can truncate 4-byte Unicode characters and introduce garbage characters in the diff output. This change sanitizes the hunk header before it is displayed. This mirrors the test in git: https://github.com/git/git/blob/master/t/t4025-hunk-header.sh Closes https://github.com/libgit2/rugged/issues/716
ba5e39ac	2018-05-04T15:25:11	streams: openssl: fix bogus warning on unused parameter Our provided callback function `threadid_cb(CRYPTO_THREADID *threadid)` sets up a unique thread ID by asking pthread for the current thread ID. Since openssl version 1.1, `CRYPTO_THREADID_set_numeric` is simply a no-op macro, leaving the `threadid` argument unused after the preprocessor has processed the macro. GCC does not account for that situation and will thus complain about `threadid` being unused. Silence this warning by using `GIT_UNUSED(threadid)`.
0933fdc5	2018-05-04T13:40:54	global: adjust init count under lock Our global initialization functions `git_libgit2_init()` and `git_libgit2_shutdown()` both adjust a global init counter to determine whether we are the first respectively last user of libgit2. On Unix-systems do not do so under lock, though, which opens the possibility of a race between these two functions: Thread 1 Thread 2 git__n_inits = 0; git_libgit2_init(); git_atomic_inc(&git__n_inits); /* git__n_inits == 1 / git_libgit2_shutdown(); if (git_atomic_dec(&git__n_inits) != 0) / git__n_inits == 0, no early exit here */ pthread_mutex_lock(&_init_mutex); shutdown_common(); pthread_mutex_unlock(&_init_mutex); pthread_mutex_lock(&_init_mutex); init_once(); pthread_mutex_unlock(&_init_mutex); So we can end up in a situation where we try to shutdown shared data structures before they have been initialized. Fix the race by always locking `_init_mutex` before incrementing or decrementing `git__n_inits`.
26a09a93	2018-04-30T21:34:36	Merge pull request #4608 from pks-t/pks/openssl-api-cleanup OpenSSL legacy API cleanups
173a0375	2018-02-08T23:50:14	openssl: remove leftover #ifdef This is the "OpenSSL available" global init function after all
b33b6d33	2018-04-30T09:27:47	Merge pull request #4640 from mkeeler/worktree-convenience2 worktree: add functions to get name and path
20a2b02d	2018-04-18T19:23:40	refdb_fs: enable root arbitration for fixed portion of globs A glob used for iteration may start with an entire path containing no special characters. If we start scanning for references within that path rather than in `refs/`, we may end up scanning only a small fraction of all references.
27e98cf7	2018-04-18T19:21:22	refdb_fs: prepare arbitration of the root used for ref iteration Instead of a hardcoded "refs", we may choose a different directory within the git directory as the root from which we look for references.
5ace1494	2018-04-26T11:45:38	Merge pull request #4633 from csware/worktree-delereref Fix deletion of unrelated branch on worktree
3da1ad20	2018-04-24T17:09:34	worktree: add functions to get name and path
86353a72	2018-04-22T14:57:02	Merge pull request #4173 from tiennou/mbedtls mbedTLS support
5d346c11	2018-04-22T14:51:00	Merge pull request #4525 from pks-t/pks/config-iterate-in-order Configuration entry iteration in order
2b967226	2018-04-22T14:43:18	Merge pull request #4580 from pks-t/pks/diff-like-git-coalesce blame_git: fix coalescing step never being executed
0ad2372b	2018-04-20T21:25:01	Merge pull request #4636 from tiennou/fix/leaks Fix leaks in master

e51e29e8

2017-11-12T13:59:47

config_parse: have `git_config_parse` own entry value and name The function `git_config_parse` uses several callbacks to pass data along to the caller as it parses the file. One design shortcoming here is that strings passed to those callbacks are expected to be freed by them, which is really confusing. Fix the issue by changing memory ownership here. Instead of expecting the `on_variable` callbacks to free memory for `git_config_parse`, just do it inside of `git_config_parse`. While this obviously requires a bit more memory allocation churn due to having to copy both name and value at some places, this shouldn't be too much of a burden.

e212011b

2018-06-18T12:33:34

Merge pull request #4685 from csware/no-git_buf_free Fix last references to deprecated git_buf_free

cc9c9522

2018-06-18T12:10:17

Merge pull request #4606 from libgit2/cmn/revwalk-iteration revwalk: avoid walking the entire history when output is unsorted

b5818dda

2018-06-18T13:05:08

Fix last references to deprecated git_buf_free Signed-off-by: Sven Strickroth <email@cs-ware.de>

ff98fec0

2018-06-18T10:25:07

revwalk: formatting updates

96882f20

2018-06-18T10:13:11

Merge pull request #4586 from emilio/mailmap Add mailmap support.

f98131be

2018-06-17T00:40:25

Require the length argument to git_mailmap_from_buffer and make mailmap_add_buffer internal

0ecf0e33

2018-06-16T09:35:10

Merge pull request #4683 from pks-t/pks/tree-unused-functions tree: remove unused functions

f0a1d76a

2018-06-15T13:21:59

tree: remove unused function `git_tree__prefix_position`

31f6b529

2018-06-15T13:21:08

tree: remove unused function `git_tree_entry_icmp`

678fa45b

2018-06-15T11:34:04

Merge pull request #4678 from staticfloat/sf/mbedtls_linkage Link `mbedTLS` libraries in when `SHA1_BACKEND` == "mbedTLS"

9faf36a6

2018-06-14T22:48:58

mailmap: git_buf_free => git_buf_dispose

56303e1a

2018-05-07T11:59:00

mailmap: API and style cleanup

8ff0504d

2018-04-08T03:01:14

mailmap: Rewrite API to support accurate mailmap resolution

18ff9bab

2018-03-27T22:48:03

mailmap: API and style cleanup

d91d2968

2018-06-14T16:49:48

mailmap: Hide EEXISTS to simplify git_mailmap_add_entry callers

c1a85ae2

2018-06-04T11:36:44

mailmap: Free the mailmap vector

44112db2

2018-03-17T17:34:42

mailmap: Be consistent about checking len vs. len > 0 Not that it matters much anyway but...

ae5ee182

2018-03-17T17:33:48

mailmap: git_vector_get already checks bounds

57cfeab9

2018-03-26T15:05:37

mailmap: Switch mailmap parsing to use the git_parse module

4ff44be8

2018-03-17T18:24:15

mailmap: Fix more bugs which snuck in when I rebased

e3dcaca5

2018-03-17T18:15:01

mailmap: Integrate mailmaps with blame and signatures

b05fbba3

2018-03-17T18:14:31

mailmap: Make everything a bit more style conforming

7bafd175

2018-03-18T01:39:57

mailmap: Don't error out when there's junk at the end of the line Also matches git.

59fbf9cf

2018-03-17T18:29:34

mailmap: Don't return a freed pointer, even if we return an error code

97bc8988

2018-03-17T17:40:24

mailmap: Do not error out when the mailmap contains an invalid line This matches git.

ae222136

2018-03-17T02:33:48

mailmap: Some more style cleanup

49620359

2018-03-17T02:29:41

mailmap: Clean up mailmap parser, and finish API

7a169390

2018-03-15T16:34:30

mailmap: WIP mailmap support

3be73011

2018-06-11T18:26:22

Merge pull request #4436 from pks-t/pks/packfile-stream-free pack: rename `git_packfile_stream_free`

b89162af

2018-06-10T17:26:08

Link `mbedTLS` libraries in when `SHA1_BACKEND == "mbedTLS"`

90c6fb0f

2018-06-10T17:33:06

Fix typo in adding `hash_mbedtls.c` to `SRC_SHA1`

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

56ffdfc6

2018-02-08T11:14:30

buffer: deprecate `git_buf_free` in favor of `git_buf_dispose`

c8ee5270

2017-12-08T09:05:58

pack: rename `git_packfile_stream_free` The function `git_packfile_stream_free` frees all state of the packfile stream without freeing the structure itself. This naming makes it hard to spot whether it will try to free the pointer itself or not, causing potential future errors. Due to this reason, we have decided to name a function freeing state without freeing the actual struture a "dispose" function. Rename `git_packfile_stream_free` to `git_packfile_stream_dispose` as a first example following this rule.

795a5b28

2018-06-09T18:36:21

Merge pull request #4668 from novalis/bad-stash Fix stash save bug with fast path index check

44788c96

2018-06-09T18:00:23

Merge pull request #4662 from pks-t/pks/gitfile-api path: unify `git_path_is_*` APIs

bc0f3227

2018-06-09T17:59:46

Merge pull request #4670 from pks-t/pks/ignore-leadingdir Fix negative gitignore rules with leading directories

08b318c0

2018-03-14T10:43:00

stdalloc: extend allocators by file and line Our desired architecture would make allocators completely pluggable, such that users of libgit2 can swap out memory allocators at runtime. While making e.g. debugging easier by not having to do a separate build, this feature can also help maintainers of bindings for libgit2 by tying the memory allocations into the other language's memory system. In order to do so, though, we first need to make our two different pre-existing allocators "stdalloc" and "crtdbg" have the same function signatures, as the "crtdbg" allocators all have an additional file and line argument. This is required to build correct stack traces for debugging memory allocations. As that feature may also be interesting to authors of other applications for debugging libgit2, we now simply add these arguments to our standard allocators. Obviously, this may come with a performance penalty. During some simple benchmarks no real impact could be measured though in contrast to a simple pluggable allocator. The following table summarizes the benchmarks. There were three different builds with our current standard allocator ("standard"), with pluggable authenticators accessed via function pointers ("pluggable") and for pluggable authenticators with file and line being added ("fileline"). Furthermore, there were three scenarios for 100.000.000 allocations of 100B ("small alloc"), 100.000.000 allocations of 100KB ("medium alloc"), and 1.000.000 allocations of 100MB. All results are best of 10 runs. |------------|-------------------|-------------------|-------------------| | build/test | small alloc | medium alloc | big alloc | |------------|-------------------|-------------------|-------------------| | standard | 4539779566, +0.0% | 5912927186, +0.0% | 5166935308, +0.0% | |------------|-------------------|-------------------|-------------------| | pluggable | 4611074505, +1.5% | 5979185308, +1.1% | 5388776352, +4.2% | |------------|-------------------|-------------------|-------------------| | fileline | 4588338192, +1.1% | 6004951910, +1.5% | 4942528135, -4.4% | |------------|-------------------|-------------------|-------------------| As can be seen, there is a performance overhead for pluggable allocators. Furthermore, it can also be seen that there is some big variance between runs, especially in the "big alloc" scenario. This is probably being caused by nondeterministic behaviour in the kernel for dynamic allocations. Still, it can be observed that there should be no real difference between the "pluggable" and "fileline" allocators.

d2e996fa

2018-03-14T10:36:14

util: extract allocators into its own "alloc.h" header Our "util.h" header is a grabbag of various different functions, where many don't have a clear group they belong to. Our set of allocator functions though can be clearly singled out as a single group of functions that always belongs together. Furthermore, we will need to implement additional functions relating to our allocators subsystem when moving to pluggable allocators. Thus, we should just move these functions into their own "alloc" module.

c47f7155

2018-03-14T10:34:59

util: extract `stdalloc` allocator into its own module Right now, the standard allocator is being declared as part of the "util.h" header as a set of inline functions. As with the crtdbg allocator functions, these inline functions make it hard to convert to function pointers for our allocators. Create a new "stdalloc" module containing our standard allocations functions to split these out. Convert the existing allocators to macros which make use of the stdalloc functions.

496b0df2

2018-03-14T10:28:50

win32: crtdbg: provide independent `free` function Currently, the `git__free` function is being defined in a single place, only, disregarding whether we use our standard allocators or the crtdbg allocators. This makes it a bit harder to convert our code base to use pluggable allocators, and furthermore makes the border between our two allocators a bit more blurry. Implement a separate `git__crtdbg__free` function for the crtdbg allocator in order to completely separate both allocator implementations.

aab8f87b

2018-03-14T10:27:13

win32: crtdbg: internalize implementation of allocators The crtdbg allocators are currently being implemented as inline functions as part of the "w32_crtdbg_stacktrace.h" header. As we are moving towards pluggable allocators with the help of function pointers, though, we cannot make use of inlining anymore. Instead, we can only have a single implementation of these allocating functions. Move all implementations of the crtdbg allocators into "w32_crtdbg_stacktrace.c".

74b7ddbf

2018-03-16T10:14:50

settings: allow swapping out memory allocator Tie in the newly created infrastructure for swapping out memory allocators into our settings code. A user can now simply use the new option "GIT_OPT_SET_ALLOCATOR" with `git_libgit2_opts`, passing in an already initialized allocator structure as vararg.

9865cd16

2018-03-20T14:23:49

alloc: make memory allocators use function pointers Currently, our memory allocators are being redirected to the correct implementation at compile time by simply using macros. In order to make them swappable at runtime, this commit reshuffles that by instead making use of a global "git_allocator" structure, whose pointers are set up to reference the allocator functions. Like this, it becomes easy to swap out allocators by simply setting these function pointers. In order to initialize a "git_allocator", our provided allocators "stdalloc" and "crtdbg" both provide an init function. This is being called to initialize a passed in allocator struct and set up its members correctly. No support is yet included to enable users of libgit2 to switch out the memory allocator at a global level.

422cd59b

2018-06-07T12:49:55

Merge pull request #4655 from glaubitz/alignment index: Fix alignment issues in write_disk_entry()

5a7d454b

2018-06-04T12:56:08

Fix stash save bug with fast path index check If the index contains stat data for a modified file, and the file is not racily dirty, and there exists an untracked working tree directory alphabetically after that file, and there are no other changes to the repo, then git_stash_save would fail. It would confuse the untracked working tree directory for the modified file, because they have the same sha: zero. The wt directory has a sha of zero because it's a directory, and the file would have a zero sha because we wouldn't read the file -- we would just know that it doesn't match the index. To fix this confusion, we simply check mode as well as SHA.

20306d36

2018-06-06T14:31:28

Merge pull request #4665 from neithernut/fix-refdb-glob refdb_fs: fix regression: failure when globbing for non-existant references

54990d75

2018-06-06T08:36:43

Merge pull request #4641 from pks-t/pks/submodule-names-memleak Detect duplicated submodules for the same path

d22fd81c

2018-06-05T16:46:07

ignore: remove now-useless check for LEADINGDIR When checking whether a rule negates another rule, we were checking whether a rule had the `GIT_ATTR_FNMATCH_LEADINGDIR` flag set and, if so, added a "/*" to its end before passing it to `fnmatch`. Our code now sets `GIT_ATTR_FNMATCH_NOLEADINGDIR`, thus the `LEADINGDIR` flag shall never be set. Furthermore, due to the `NOLEADINGDIR` flag, trailing globs do not get consumed by our ignore parser anymore. Clean up code by just dropping this now useless logic.

20b4c175

2018-06-05T16:12:58

ignore: fix negative leading directory rules unignoring subdirectory files When computing whether a file is ignored, we simply search for the first matching rule and return whether it is a positive ignore rule (the file is really ignored) or whether it is a negative ignore rule (the file is being unignored). Each rule has a set of flags which are being passed to `fnmatch`, depending on what kind of rule it is. E.g. in case it is a negative ignore we add a flag `GIT_ATTR_FNMATCH_NEGATIVE`, in case it contains a glob we set the `GIT_ATTR_FNMATCH_HASGLOB` flag. One of these flags is the `GIT_ATTR_FNMATCH_LEADINGDIR` flag, which is always set in case the pattern has a trailing "/*" or in case the pattern is negative. The flag causes the `fnmatch` function to return a match in case a string is a leading directory of another, e.g. "dir/" matches "dir/foo/bar.c". In case of negative patterns, this is wrong in certain cases. Take the following simple example of a gitignore: dir/ !dir/ The `LEADINGDIR` flag causes "!dir/" to match "dir/foo/bar.c", and we correctly unignore the directory. But take this example: *.test !dir/* We expect everything in "dir/" to be unignored, but e.g. a file in a subdirectory of dir should be ignored, as the "*" does not cross directory hierarchies. With `LEADINGDIR`, though, we would just see that "dir/" matches and return that the file is unignored, even if it is contained in a subdirectory. Instead, we want to ignore leading directories here and check "*.test". Afterwards, we have to iterate up to the parent directory and do the same checks. To fix the issue, disallow matching against leading directories in gitignore files. This can be trivially done by just adding the `GIT_ATTR_FNMATCH_NOLEADINGDIR` to the spec passed to `git_attr_fnmatch__parse`. Due to a bug in that function, though, this flag is being ignored for negative patterns, which is fixed in this commit, as well. As a last fix, we need to ignore rules that are supposed to match a directory when our path itself is a file. All together, these changes fix the described error case.

05e891f1

2018-06-01T08:44:30

refdb_fs: test whether the base directory exists when globbing This commit fixes a regression introduced by 20a2b02d9a1bcb4825ec49605146223c565dcacf The commit introduced an optimization for finding references using a glob: rather than iterating over all references and matching each one against the glob, we would iterate only over references within the directory common to all possible references which may match against the glob. However, contrary to the `ref/` directory, which was the previous entry point for the iteration, this directory may not exist. In this case, the optimization causes an error (`ENOENT`) rather than the iterator simply yielding no references. This patch fixes the regression by checkign for this specific case.

93271f59

2018-05-25T01:41:33

index: Fix alignment issues in write_disk_entry() In order to avoid alignment issues on certain target architectures, it is necessary to use memcpy() when modifying elements of a struct inside a buffer returned by git_filebuf_reserve().

92159bd4

2018-05-30T12:18:04

path: unify `git_path_is_*` APIs Right now, there's quite a lot of different function calls to determine whether a path component matches a specific name after normalization from the filesystem. We have a function for each of {gitattributes, gitmodules, gitignore} multiplicated with {generic, NTFS, HFS} checks. In the long time, this is unmaintainable in case there are e.g. new filesystems with specific semantics, blowing up the number of functions we need to implement. Replace all functions with a simple `git_path_is_gitfile` function, which accepts an enum pointing out the filename that is to be checked against as well as the filesystem normalizations to check for. This greatly simplifies implementation at the expense of the caller having to invoke a somewhat longer function call.

8a14846b

2018-05-30T10:51:10

Merge pull request #4661 from laomaiweng/patch-1 streams: openssl: add missing check on OPENSSL_LEGACY_API

9c698a25

2018-05-30T10:34:58

submodule: remove useless mask computations Previous to dfda2f68e (submodule: remove the per-repo cache, 2015-04-27), we tried to cache our submodules per repository to avoid having to reload it too frequently. As it created some headaches with regards to multithreading, we removed that cache. Previous to that removal, we had to compute what submodule status to refresh. The mask computation was not removed, though, resulting in confusing and actually dead code. While it seems like the mask is currently in use in a conditional, it is not, as we unconditionally assign to the mask previous to that condition. Remove all mask computations to clean up stale code.

cf5030a3

2018-05-30T08:38:28

submodule: refactor loading submodule names The function `load_submodule_names` was always being called with a newly allocated string map, which was then getting filled by the function. Move the string map allocation into `load_submodule_names`, instead, and pass the whole map back to the caller in case no error occurs. This change helps to avoid misuse by handing in pre-populated maps.

b2a389c8

2018-05-30T08:35:06

submodule: detect duplicated submodule paths When loading submodule names, we build a map of submodule paths and their respective names. While looping over the configuration keys, we do not check though whether a submodule path was seen already. This leads to a memory leak in case we have multiple submodules with the same path, as we just overwrite the old value in the map in that case. Fix the error by verifying that the path to be added is not yet part of the string map. Git does not allow to have multiple submodules for a path anyway, so we now do the same and detect this duplication, reporting it to the user.

36ae5c93

2018-05-30T08:25:19

Merge pull request #4656 from tiennou/fix/mbedtls-no-pkgconfig mbedtls: don't require mbedtls from our pkgconfig file

b1cab70b

2018-05-30T02:15:09

streams: openssl: add missing check on OPENSSL_LEGACY_API The `CRYPTO_THREADID` type is no longer available in OpenSSL ≥ 1.1.0 with deprecated features disabled, and causes build failures. Since the `threadid_cb()` function is only ever called by `git_openssl_set_locking()` when `defined(OPENSSL_LEGACY_API)`, only define it then.

7f6c1ce9

2018-05-29T21:04:39

Merge pull request #4660 from libgit2/cmn/submodule-traversal Fixes for CVE 2018-11235

64a78a80

2018-05-25T09:28:52

mbedtls: don't require mbedtls from our pkgconfig file mbedTLS has no pkgconfig file, hence we can't require it. For now, pass its link flags as our own.

9e723db8

2018-05-24T20:28:36

submodule: plug leaks from the escape detection

c16ebaa6

2018-05-24T19:05:59

submodule: replace index with strchr which exists on Windows

91a4849d

2018-05-24T19:00:13

submodule: the repostiory for _name_is_valid should not be const We might modify caches due to us trying to load the configuration to figure out what kinds of filesystem protections we should have.

1f570a29

2018-05-23T08:40:17

path: check for a symlinked .gitmodules in fs-agnostic code We still compare case-insensitively to protect more thoroughly as we don't know what specifics we'll see on the system and it's the behaviour from git.

a7168b47

2018-05-22T16:13:47

path: reject .gitmodules as a symlink Any part of the library which asks the question can pass in the mode to have it checked against `.gitmodules` being a symlink. This is particularly relevant for adding entries to the index from the worktree and for checking out files.

58ff913a

2018-05-22T15:48:38

index: stat before creating the entry This is so we have it available for the path validity checking. In a later commit we will start rejecting `.gitmodules` files as symlinks.

02c80ad7

2018-05-22T15:21:08

path: accept the name length as a parameter We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.

490cbaa9

2018-05-22T13:58:24

path: expose dotgit detection functions per filesystem These will be used by the checkout code to detect them for the particular filesystem they're on.

177dcfc7

2018-05-18T15:16:53

path: hide the dotgit file functions These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.

0aa65f8d

2018-05-16T15:56:04

path: add functions to detect .gitconfig and .gitattributes

9de97ae7

2018-05-16T15:42:08

path: add a function to detect an .gitmodules file Given a path component it knows what to pass to the filesystem-specific functions so we're protected even from trees which try to use the 8.3 naming rules to get around us matching on the filename exactly. The logic and test strings come from the equivalent git change.

22973e09

2018-05-16T14:47:04

path: provide a generic function for checking dogit files on NTFS It checks against the 8.3 shortname variants, including the one which includes the checksum as part of its name.

0283fc46

2018-05-16T11:56:04

path: provide a generic dogit checking function for HFS This lets us check for other kinds of reserved files.

397abe98

2018-05-14T16:03:15

submodule: also validate Windows-separated paths for validity Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to protect Windows users. Ideally we would check for both separators without the need for the copied string, but this'll get us over the RCE.

6b15ceac

2018-04-30T13:47:15

submodule: ignore submodules which include path traversal in their name If the we decide that the "name" of the submodule (i.e. its path inside `.git/modules/`) is trying to escape that directory or otherwise trick us, we ignore the configuration for that submodule. This leaves us with a half-configured submodule when looking it up by path, but it's the same result as if the configuration really were missing. The name check is potentially more strict than it needs to be, but it lets us re-use the check we're doing for the checkout. The function that encapsulates this logic is ready to be exported but we don't want to do that in a security release so it remains internal for now.

f9cf9a04

2018-05-09T14:51:57

Merge pull request #4642 from pks-t/pks/cmake-resolve-pkgconfig cmake: resolve libraries found by pkg-config

0a19c151

2018-05-09T14:14:06

Merge pull request #4629 from neithernut/enhance-glob-perf refdb_fs: enhance performance of globbing

81c9894f

2018-05-09T14:06:57

Merge pull request #4645 from pks-t/pks/racy-init-deinit global: adjust init count under lock

6c2939d6

2018-05-09T13:57:17

Merge pull request #4646 from pks-t/pks/gcc-8.1-warnings Fix GCC 8.1 warnings

8ab470f5

2018-04-27T15:31:43

cmake: remove now-useless LIBGIT2_LIBDIRS handling With the recent change of always resolving pkg-config libraries to their full path, we do not have to manage the LIBGIT2_LIBDIRS variable anymore. The only other remaining user of LIBGIT2_LIBDIRS is winhttp, which is a CMake-style library target and can thus be resolved by CMake automatically. Remove the variable to simplify our build system a bit.

0f62e4c7

2018-04-27T10:38:49

cmake: resolve libraries found by pkg-config Libraries found by CMake modules are usually handled with their full path. This makes linking against those libraries a lot more robust when it comes to libraries in non-standard locations, as otherwise we might mix up libraries from different locations when link directories are given. One excemption are libraries found by PKG_CHECK_MODULES. Instead of returning libraries with their complete path, it will return the variable names as well as a set of link directories. In case where multiple sets of the same library are installed in different locations, this can lead the compiler to link against the wrong libraries in the end, when link directories of other dependencies are added. To fix this shortcoming, we need to manually resolve library paths returned by CMake against their respective library directories. This is an easy task to do with `FIND_LIBRARY`.

a82082d0

2018-04-20T08:38:50

worktree: a worktree can be made from a bare repository

c7964c22

2018-04-18T22:40:46

repository: being a worktree means we're not really bare We were previously conflating any error into GIT_ENOTFOUND, which might or might not be correct. This fixes the code so a config error is bubbled up, as well as preserving the semantics in the face of worktree-repositories

bb468ada

2018-05-07T13:44:15

Merge pull request #4542 from stanhu/sh-sanitize-utf8-hunk-header Sanitize the hunk header to ensure it contains UTF-8 valid data

9d83a2b0

2018-02-22T22:55:50

Sanitize the hunk header to ensure it contains UTF-8 valid data The diff driver truncates the hunk header text to 80 bytes, which can truncate 4-byte Unicode characters and introduce garbage characters in the diff output. This change sanitizes the hunk header before it is displayed. This mirrors the test in git: https://github.com/git/git/blob/master/t/t4025-hunk-header.sh Closes https://github.com/libgit2/rugged/issues/716

ba5e39ac

2018-05-04T15:25:11

streams: openssl: fix bogus warning on unused parameter Our provided callback function `threadid_cb(CRYPTO_THREADID *threadid)` sets up a unique thread ID by asking pthread for the current thread ID. Since openssl version 1.1, `CRYPTO_THREADID_set_numeric` is simply a no-op macro, leaving the `threadid` argument unused after the preprocessor has processed the macro. GCC does not account for that situation and will thus complain about `threadid` being unused. Silence this warning by using `GIT_UNUSED(threadid)`.

0933fdc5

2018-05-04T13:40:54

global: adjust init count under lock Our global initialization functions `git_libgit2_init()` and `git_libgit2_shutdown()` both adjust a global init counter to determine whether we are the first respectively last user of libgit2. On Unix-systems do not do so under lock, though, which opens the possibility of a race between these two functions: Thread 1 Thread 2 git__n_inits = 0; git_libgit2_init(); git_atomic_inc(&git__n_inits); /* git__n_inits == 1 */ git_libgit2_shutdown(); if (git_atomic_dec(&git__n_inits) != 0) /* git__n_inits == 0, no early exit here */ pthread_mutex_lock(&_init_mutex); shutdown_common(); pthread_mutex_unlock(&_init_mutex); pthread_mutex_lock(&_init_mutex); init_once(); pthread_mutex_unlock(&_init_mutex); So we can end up in a situation where we try to shutdown shared data structures before they have been initialized. Fix the race by always locking `_init_mutex` before incrementing or decrementing `git__n_inits`.

26a09a93

2018-04-30T21:34:36

Merge pull request #4608 from pks-t/pks/openssl-api-cleanup OpenSSL legacy API cleanups

173a0375

2018-02-08T23:50:14

openssl: remove leftover #ifdef This is the "OpenSSL available" global init function after all

b33b6d33

2018-04-30T09:27:47

Merge pull request #4640 from mkeeler/worktree-convenience2 worktree: add functions to get name and path

20a2b02d

2018-04-18T19:23:40

refdb_fs: enable root arbitration for fixed portion of globs A glob used for iteration may start with an entire path containing no special characters. If we start scanning for references within that path rather than in `refs/`, we may end up scanning only a small fraction of all references.

27e98cf7

2018-04-18T19:21:22

refdb_fs: prepare arbitration of the root used for ref iteration Instead of a hardcoded "refs", we may choose a different directory within the git directory as the root from which we look for references.

5ace1494

2018-04-26T11:45:38

Merge pull request #4633 from csware/worktree-delereref Fix deletion of unrelated branch on worktree

3da1ad20

2018-04-24T17:09:34

worktree: add functions to get name and path

86353a72

2018-04-22T14:57:02

Merge pull request #4173 from tiennou/mbedtls mbedTLS support

5d346c11

2018-04-22T14:51:00

Merge pull request #4525 from pks-t/pks/config-iterate-in-order Configuration entry iteration in order

2b967226

2018-04-22T14:43:18

Merge pull request #4580 from pks-t/pks/diff-like-git-coalesce blame_git: fix coalescing step never being executed

0ad2372b

2018-04-20T21:25:01

Merge pull request #4636 from tiennou/fix/leaks Fix leaks in master

thodg/libgit2/src

src

Log