|
e5f32e81
|
2018-04-17T00:08:20
|
|
Merge pull request #4514 from tiennou/fix/pkt-type-enum
Typedef git_pkt_type and clarify recv_pkt return type
|
|
17339cb3
|
2018-04-16T15:35:56
|
|
Merge pull request #4596 from pks-t/pks/ssh-disconnect
transports: ssh: disconnect session before freeing it
|
|
13a77274
|
2018-02-26T21:33:55
|
|
smart: typo
|
|
2cf9b84c
|
2018-04-11T19:13:42
|
|
smart: free the pkt when we fail to store it
|
|
32586d5e
|
2018-04-11T19:03:57
|
|
smart: separate error handling from pkt handling
|
|
01381149
|
2018-02-26T21:27:10
|
|
smart: make out arguments explicit on recv_pkt
|
|
08961c9d
|
2017-08-22T16:29:07
|
|
smart: typedef git_pkt_type and clarify recv_pkt return type
|
|
6c55fbf3
|
2018-04-06T10:39:16
|
|
transports: local: fix assert when fetching into repo with symrefs
When fetching into a repository which has symbolic references via the
"local" transport we run into an assert. The assert is being triggered
while we negotiate the packfile between the two repositories. When
hiding known revisions from the packbuilder revwalk, we unconditionally
hide all references of the local refdb. In case one of these references
is a symbolic reference, though, this means we're trying to hide a
`NULL` OID, which triggers the assert.
Fix the issue by only hiding OID references from the revwalk. Add a test
to catch this issue in the future.
|
|
874ce161
|
2018-03-27T15:03:15
|
|
transports: ssh: replace deprecated function `libssh2_session_startup`
The function `libssh2_session_startup` has been deprecated since libssh2
version 1.2.8 in favor of `libssh2_session_handshake` introduced in the
same version. libssh2 1.2.8 was released in April 2011, so it is already
seven years old. It is available in Debian Wheezy, Ubuntu Trusty and
CentOS 7.4, so the most important and conservative distros already have
it available. As such, it seems safe to just use the new function.
|
|
2785cc8e
|
2018-03-27T14:49:21
|
|
transports: ssh: disconnect session before freeing it
The function `ssh_stream_free` takes over the responsibility of closing
channels and streams just before freeing their memory, but it does not
do so for the session. In fact, we never disconnect the session
ourselves at all, as libssh2 will not do so itself upon freeing the
structure. Quoting the documentation of `libssh2_session_free`:
> Frees all resources associated with a session instance. Typically
> called after libssh2_session_disconnect_ex,
The missing disconnect probably stems from a misunderstanding what it
actually does. As we are already closing the TCP socket ourselves, the
assumption was that no additional disconnect is required. But calling
`libssh2_session_disconnect` will notify the server that we are cleanly
closing the connection, such that the server can free his own resources.
Add a call to `libssh2_session_disconnect` to fix that issue.
[1]: https://www.libssh2.org/libssh2_session_free.html
|
|
6f577906
|
2018-03-03T20:09:09
|
|
ssh urls: use `git_buf_decode_percent`
Use `git_buf_decode_percent` so that we can avoid allocating a temporary
buffer.
|
|
16210877
|
2018-02-28T12:59:47
|
|
Unescape repo before constructing ssh request
|
|
5ecb6220
|
2018-02-25T15:46:51
|
|
winhttp: enable TLS 1.2 on Windows 7 and earlier
Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default,
though support may exist. Try to enable TLS 1.2 support explicitly on
connections.
This request may fail if the operating system does not have TLS 1.2
support - the initial release of Vista lacks TLS 1.2 support (though
it is available as a software update) and XP completely lacks TLS 1.2
support. If this request does fail, the HTTP context is still valid,
and still maintains the original protocol support. So we ignore the
failure from this operation.
|
|
934e6a3b
|
2018-02-27T11:24:30
|
|
winhttp: include constants for TLS 1.1/1.2 support
For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1`
and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.
|
|
8c8db980
|
2018-02-27T10:32:29
|
|
mingw: update TLS option flags
Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and
`WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw.
This updates both the `deps/winhttp` framework (for classic mingw) and
adds the defines for mingw64, which does not use that framework.
|
|
ee6be190
|
2018-01-31T08:36:19
|
|
http: standardize user-agent addition
The winhttp and posix http each need to add the user-agent to their
requests. Standardize on a single function to include this so that we
do not get the version numbers we're sending out of sync.
Assemble the complete user agent in `git_http__user_agent`, returning
assembled strings.
Co-authored-by: Patrick Steinhardt <ps@pks.im>
|
|
abb04caa
|
2018-02-01T15:55:48
|
|
consistent header guards
use consistent names for the #include / #define header guard pattern.
|
|
90f81f9f
|
2018-01-12T12:56:57
|
|
transports: local: fix memory leak in reference walk
Upon downloading the pack file, the local transport will iterate through
every reference using `git_reference_foreach`. The function is a bit
tricky though in that it requires the passed callback to free the
references, which does not currently happen.
Fix the memory leak by freeing all passed references in the callback.
|
|
7610638e
|
2018-01-01T17:52:06
|
|
Merge pull request #4453 from libgit2/ethomson/spnego
winhttp: properly support ntlm and negotiate
|
|
8cdf439b
|
2017-12-30T13:07:03
|
|
Merge pull request #4028 from chescock/improve-local-fetch
Transfer fewer objects on push and local fetch
|
|
526dea1c
|
2017-12-29T17:41:24
|
|
winhttp: properly support ntlm and negotiate
When parsing unauthorized responses, properly parse headers looking for
both NTLM and Negotiate challenges. Set the HTTP credentials to default
credentials (using a `NULL` username and password) with the schemes
supported by ourselves and the server.
|
|
38eaa7ab
|
2017-11-24T12:28:19
|
|
winhttp: pass the same payload as ssh & http transports when checking certificates
|
|
88450c1c
|
2017-11-09T21:49:30
|
|
Merge pull request #4283 from tiennou/generic-tls
CMake: make HTTPS support more generic
|
|
e9369856
|
2017-03-21T00:25:15
|
|
stream: Gather streams to src/streams
|
|
f2f14724
|
2017-09-21T15:51:52
|
|
transports: ssh: ask for credentials again when passphrase is wrong
When trying to decode the private key it looks like LibSSH2 returns a
LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.
|
|
7cb705cb
|
2017-10-06T12:05:26
|
|
transports: smart: fix memory leak when skipping symbolic refs
When we setup the revision walk for negotiating references with a
remote, we iterate over all references, ignoring tags and symbolic
references. While skipping over symbolic references, we forget to free
the looked up reference, resulting in a memory leak when the next
iteration simply overwrites the variable.
Fix that issue by freeing the reference at the beginning of each
iteration and collapsing return paths for error and success.
|
|
0c7f49dd
|
2017-06-30T13:39:01
|
|
Make sure to always include "common.h" first
Next to including several files, our "common.h" header also declares
various macros which are then used throughout the project. As such, we
have to make sure to always include this file first in all
implementation files. Otherwise, we might encounter problems or even
silent behavioural differences due to macros or defines not being
defined as they should be. So in fact, our header and implementation
files should make sure to always include "common.h" first.
This commit does so by establishing a common include pattern. Header
files inside of "src" will now always include "common.h" as its first
other file, separated by a newline from all the other includes to make
it stand out as special. There are two cases for the implementation
files. If they do have a matching header file, they will always include
this one first, leading to "common.h" being transitively included as
first file. If they do not have a matching header file, they instead
include "common.h" as first file themselves.
This fixes the outlined problems and will become our standard practice
for header and source files inside of the "src/" from now on.
|
|
e141f079
|
2017-06-10T11:46:09
|
|
smart_protocol: fix parsing of server ACK responses
Fix ACK parsing in wait_while_ack() internal function. This patch
handles the case where multi_ack_detailed mode sends 'ready' ACKs. The
existing functionality would bail out too early, thus causing the
processing of the ensuing packfile to fail if/when 'ready' ACKs were
sent.
|
|
97eb5ef0
|
2017-06-07T10:05:54
|
|
buffer: rely on `GITERR_OOM` set by `git_buf_try_grow`
The function `git_buf_try_grow` consistently calls `giterr_set_oom`
whenever growing the buffer fails due to insufficient memory being
available. So in fact, we do not have to do this ourselves when a call
to any buffer-growing function has failed due to an OOM situation. But
we still do so in two functions, which this patch cleans up.
|
|
9b1260d3
|
2017-05-20T14:18:32
|
|
Merge pull request #4097 from implausible/fix/auto-detect-proxy-callbacks
Fix proxy auto detect not utilizing callbacks
|
|
2ce2a48f
|
2017-05-02T13:37:15
|
|
transports: ssh: clean up after libssh2 on exit
After calling `libssh2_init`, we need to clean up after the library by
executing `libssh2_exit` as soon as we exit. Register a shutdown handler
to do so which simply calls `libssh2_exit`. This fixes several memory
leaks.
|
|
8c027351
|
2017-05-02T13:35:09
|
|
transports: ssh: report failure initializing libssh2
We unconditionally return success when initializing libssh2, regardless
of whether `libgssh2_init` signals success or an error. Fix this by
checking its return code.
|
|
5c760960
|
2017-04-17T13:03:03
|
|
transport: provide a getter for the proxy options
As with the callbacks, third-party implementations of smart subtransports cannot
reach into the opaque struct and thus cannot know what options the user set.
Add a getter for these options to copy the proxy options into something external
implementors can use.
|
|
b65a5e9b
|
2017-03-01T07:58:40
|
|
winhttp: disambiguate error messages when sending requests
|
|
c576d4ff
|
2017-02-13T12:46:00
|
|
Merge pull request #4115 from gsaralms/users/gsaral/optionalOfsDelta
Changes to provide option to turn off/on ofs_delta
|
|
c5f3da96
|
2016-11-11T14:36:43
|
|
repository: use `git_repository_item_path`
The recent introduction of the commondir variable of a repository
requires callers to distinguish whether their files are part of
the dot-git directory or the common directory shared between
multpile worktrees. In order to take the burden from callers and
unify knowledge on which files reside where, the
`git_repository_item_path` function has been introduced which
encapsulate this knowledge.
Modify most existing callers of `git_repository_path` to use
`git_repository_item_path` instead, thus making them implicitly
aware of the common directory.
|
|
61acc9fa
|
2017-02-08T16:22:44
|
|
Changes to provide option to turn off/on ofs_delta
This change provides an option in git_libgit2_opt_t which can be used in git_libgit2_opts to turn off/on ofs_delta capability in libGit2
|
|
1e929eb5
|
2017-02-06T11:00:06
|
|
Pass proxy options payload to credentials callback
|
|
fa2dfcf9
|
2017-02-01T09:28:30
|
|
Fix digest credentials for proxy in windows
|
|
39e76bb3
|
2017-01-27T16:05:20
|
|
Do not discard proxy_options that have been set when auto is specified
|
|
1910a04a
|
2016-12-30T12:42:42
|
|
winhttp: set proper cert failure error messages
Set up a WinHTTP status callback; inspect the WinHTTP status for
WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code
to a useful message for callers.
|
|
4e4a1460
|
2016-12-30T12:13:34
|
|
WinHTTP: support best auth mechanism
For username/password credentials, support NTLM or Basic (in that order
of priority). Use the WinHTTP built-in authentication support for both,
and maintain a bitfield of the supported mechanisms from the response.
|
|
a6d833a2
|
2017-01-13T17:05:58
|
|
Merge pull request #4049 from libgit2/ethomson/error_msgs
giterr_set: consistent error messages
|
|
6850b516
|
2017-01-06T17:12:16
|
|
Merge branch '25_smartpktparse' into maint/v0.25
|
|
2fdef641
|
2016-11-15T11:44:51
|
|
smart_pkt: treat empty packet lines as error
The Git protocol does not specify what should happen in the case
of an empty packet line (that is a packet line "0004"). We
currently indicate success, but do not return a packet in the
case where we hit an empty line. The smart protocol was not
prepared to handle such packets in all cases, though, resulting
in a `NULL` pointer dereference.
Fix the issue by returning an error instead. As such kind of
packets is not even specified by upstream, this is the right
thing to do.
|
|
66e3774d
|
2016-11-15T11:36:27
|
|
smart_pkt: verify packet length exceeds PKT_LEN_SIZE
Each packet line in the Git protocol is prefixed by a four-byte
length of how much data will follow, which we parse in
`git_pkt_parse_line`. The transmitted length can either be equal
to zero in case of a flush packet or has to be at least of length
four, as it also includes the encoded length itself. Not
checking this may result in a buffer overflow as we directly pass
the length to functions which accept a `size_t` length as
parameter.
Fix the issue by verifying that non-flush packets have at least a
length of `PKT_LEN_SIZE`.
|
|
9a64e62f
|
2016-12-21T21:24:33
|
|
http: check certificate validity before clobbering the error variable
|
|
909d5494
|
2016-12-29T12:25:15
|
|
giterr_set: consistent error messages
Error messages should be sentence fragments, and therefore:
1. Should not begin with a capital letter,
2. Should not conclude with punctuation, and
3. Should not end a sentence and begin a new one
|
|
709768a8
|
2016-12-09T15:59:52
|
|
Don't fetch objects we don't need in local transport.
Hide all local refs in the revwalk.
Packbuilder should not add hidden trees or blobs.
|
|
fafafb1f
|
2016-12-20T16:19:30
|
|
http: bump the pretend git version in the User-Agent
We want to keep the git UA in order for services to recognise that we're
a Git client and not a browser. But in order to stop dumb HTTP some
services have blocked UAs that claim to be pre-1.6.6 git.
Thread these needles by using the "git/2.0" prefix which is still close
enough to git's yet distinct enough that you can tell it's us.
|
|
34b32053
|
2016-11-25T15:02:34
|
|
Fix potential use of uninitialized values
|
|
482d1748
|
2016-11-25T15:01:35
|
|
transports: smart: do not redeclare loop counters
|
|
62494bf2
|
2016-11-02T09:38:40
|
|
transports: smart: abort receiving packets on end of stream
When trying to receive packets from the remote, we loop until
either an error distinct to `GIT_EBUFS` occurs or until we
successfully parsed the packet. This does not honor the case
where we are looping over an already closed socket which has no
more data, leaving us in an infinite loop if we got a bogus
packet size or if the remote hang up.
Fix the issue by returning `GIT_EEOF` when we cannot read data
from the socket anymore.
|
|
61530c49
|
2016-11-01T16:56:07
|
|
transports: smart: abort ref announcement on early end of stream
When reading a server's reference announcements via the smart
protocol, we expect the server to send multiple flushes before
the protocol is finished. If we fail to receive new data from the
socket, we will only return an end of stream error if we have not
seen any flush yet.
This logic is flawed in that we may run into an infinite loop
when receiving a server's reference announcement with a bogus
flush packet. E.g. assume the last flushing package is changed to
not be '0000' but instead any other value. In this case, we will
still await one more flush package and ignore the fact that we
are not receiving any data from the socket, causing an infinite
loop.
Fix the issue by always returning `GIT_EEOF` if the socket
indicates an end of stream.
|
|
b1453601
|
2016-08-17T11:38:26
|
|
transports: http: reset `connected` flag when closing transport
|
|
c4cba4e9
|
2016-08-17T11:00:05
|
|
transports: http: reset `connected` flag when re-connecting transport
When calling `http_connect` on a subtransport whose stream is already
connected, we first close the stream in case no keep-alive is in use.
When doing so, we do not reset the transport's connection state,
though. Usually, this will do no harm in case the subsequent connect
will succeed. But when the connection fails we are left with a
substransport which is tagged as connected but which has no valid
stream attached.
Fix the issue by resetting the subtransport's connected-state when
closing its stream in `http_connect`.
|
|
bdec62dc
|
2016-07-06T13:06:25
|
|
remove conditions that prevent use of custom TLS stream
|
|
6c9eb86f
|
2016-06-19T11:46:43
|
|
HTTP authentication scheme name is case insensitive.
|
|
2a09de91
|
2016-06-14T04:33:55
|
|
Merge pull request #3816 from pks-t/pks/memory-leaks
Memory leak fixes
|
|
43c55111
|
2016-06-07T14:14:07
|
|
winhttp: plug several memory leaks
|
|
7d02019a
|
2016-06-06T12:59:17
|
|
transports: smart: fix potential invalid memory dereferences
When we receive a packet of exactly four bytes encoding its
length as those four bytes it can be treated as an empty line.
While it is not really specified how those empty lines should be
treated, we currently ignore them and do not return an error when
trying to parse it but simply advance the data pointer.
Callers invoking `git_pkt_parse_line` are currently not prepared
to handle this case as they do not explicitly check this case.
While they could always reset the passed out-pointer to `NULL`
before calling `git_pkt_parse_line` and determine if the pointer
has been set afterwards, it makes more sense to update
`git_pkt_parse_line` to set the out-pointer to `NULL` itself when
it encounters such an empty packet. Like this it is guaranteed
that there will be no invalid memory references to free'd
pointers.
As such, the issue has been fixed such that `git_pkt_parse_line`
always sets the packet out pointer to `NULL` when an empty packet
has been received and callers check for this condition, skipping
such packets.
|
|
375bb2fe
|
2016-04-21T11:02:31
|
|
transport: cast away constness for free
|
|
0d72f67f
|
2016-03-14T17:36:04
|
|
proxy: don't specify the protocol in the type
We leave this up to the scheme in the url field. The type should only
tell us about whether we want a proxy and whether we want to auto-detect
it.
|
|
bf6f7ad2
|
2015-09-30T17:42:53
|
|
winhttp: correctly detect HTTPS usage
|
|
b373e9a6
|
2015-09-21T22:38:50
|
|
net: use proxy options struct in the stream config
|
|
22e6aa0d
|
2015-09-23T04:39:05
|
|
proxy: don't require the trailing slash on WinHTTP
The path is not something that you use for proxies, so make use of the
new optionality of the path when extracting URL parts.
|
|
b117721d
|
2015-07-29T21:23:56
|
|
proxy: use poxy to test our Windows proxy support
|
|
07bd3e57
|
2015-05-07T12:57:56
|
|
proxy: ask the user for credentials if necessary
|
|
d4763c98
|
2016-03-24T06:56:25
|
|
Merge pull request #3574 from chescock/buffer-sideband-pack-data
Buffer sideband packet data
|
|
9028a8a2
|
2016-03-08T10:16:37
|
|
Only buffer if necessary.
|
|
b7809b84
|
2016-03-08T13:38:55
|
|
Merge pull request #3555 from cbargren/ssh-git-protocols
Support for ssh+git and git+ssh protocols
|
|
22f3d3aa
|
2016-03-03T22:26:31
|
|
ssh: initialize libssh2
We should have been doing this, but it initializes itself upon first
use, which works as long as nobody's doing concurrent network
operations. Initialize it on our init to make sure it's not getting
initialized concurrently.
|
|
a4cba9d4
|
2016-03-03T10:48:24
|
|
winhttp: retry authentication
If the caller has provided bad authentication, give them another
apportunity to get it right until they give up. This brings WinHTTP in
line with the other transports.
|
|
003c5e46
|
2016-02-22T15:52:49
|
|
transports: smart_pkt: fix memory leaks on error paths
|
|
6e2a3755
|
2016-02-23T11:45:43
|
|
smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
|
|
b0f7512f
|
2016-02-15T11:46:10
|
|
transports: smart_pkt: fix memory leaks
|
|
704554cd
|
2016-02-15T11:37:48
|
|
transports: smart: fix memory leak on OOM path
|
|
9ce0399c
|
2016-02-12T10:27:05
|
|
winhttp: use an unsigned iterator
|
|
5c7f2f01
|
2016-01-19T11:13:23
|
|
winhttp: name mangle class / iid on mingw
Standard Windows type systems define CLSID_InternetSecurityManager
and IID_IInternetSecurityManager, but MinGW lacks these definitions.
As a result, we must hardcode these definitions ourselves. However,
we should not use a public struct with those names, lest another
library do the same thing and consumers cannot link to both.
|
|
a7d9d93d
|
2016-01-11T17:09:32
|
|
Buffer sideband packet data
The inner packet may be split across multiple sideband packets.
|
|
4df17045
|
2015-12-28T07:43:24
|
|
Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead
Also moving var declarations to top of blocks to support bad old compilers
|
|
02fdc2db
|
2015-12-26T17:17:05
|
|
ssh_stream_read(): fix possible *bytes_read < 0 branch
Fix the possibility of returning successfully from ssh_stream_read()
with *bytes_read < 0. This would occur if stdout channel read resulted
in 0, and stderr channel read failed afterwards.
|
|
ed21fd74
|
2015-12-22T10:38:31
|
|
Handle git+ssh:// and ssh+git:// protocols support
|
|
efd9ab56
|
2015-11-20T11:26:26
|
|
Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.
|
|
1411cb9e
|
2015-10-02T03:57:14
|
|
winhttp: use a custom user-agent if the user has set it
We also keep the "git/1.0" prefix in order to maintain compatibility
with hosters.
|
|
94bac76c
|
2015-10-02T03:46:34
|
|
http: use a custom user-agent if the user has set it
We still prefix it with "git/1.0" since that's required in many
situations, but we replace the area which mentions libgit2.
|
|
e0be1d60
|
2015-10-30T18:23:17
|
|
git: put NULL check at the top
|
|
45d295e0
|
2015-10-30T17:51:50
|
|
git: accept NULL as argument to its stream free
|
|
72b7c570
|
2015-09-30T09:17:18
|
|
Merge pull request #3411 from spraints/custom-push-headers
Include custom HTTP headers
|
|
d7375662
|
2015-09-25T10:16:16
|
|
Copy custom_headers insteach of referencing the caller's copy
|
|
d16c1b97
|
2015-09-24T10:30:37
|
|
These can be static
|
|
e60db3c7
|
2015-09-24T09:24:10
|
|
Revise custom header error messages
If the header doesn't look like a header (e.g. if it doesn't have a ":"
or if it has newlines), report "custom HTTP header '%s' is malformed".
If the header has the same name as a header already set by libgit2 (e.g.
"Host"), report "HTTP header '%s' is already set by libgit2".
|
|
63cc5723
|
2015-09-24T09:13:05
|
|
Don't null-check
|
|
098f1e6e
|
2015-09-24T09:09:48
|
|
Use an array of forbidden custom headers
|
|
3245896b
|
2015-09-10T13:18:26
|
|
Add a test for custom header validation
Also, *some* custom headers actually are valid.
|
|
66d90e70
|
2015-09-10T09:14:20
|
|
More specific names
|
|
8c876fa9
|
2015-09-10T09:11:16
|
|
Validate custom http headers
|
|
35969c68
|
2015-09-10T08:58:23
|
|
Ignore NULL headers
|
|
6c21211c
|
2015-09-09T13:59:38
|
|
Merge pull request #3379 from theseion/additional_libssh2_error_reporting
report libssh2 error if list of authentication methods can't be retrieved
|
|
c82c2ba6
|
2015-09-08T14:17:59
|
|
o i
|