kmx git

Commit	Date	Message
e499b13c	2016-08-24T01:20:39	git_checkout_tree options fix According to the reference the git_checkout_tree and git_checkout_head functions should accept NULL in the opts field This was broken since the opts field was dereferenced and thus lead to a crash.
0dea4299	2016-08-12T09:06:15	ignore: allow unignoring basenames in subdirectories The .gitignore file allows for patterns which unignore previous ignore patterns. When unignoring a previous pattern, there are basically three cases how this is matched when no globbing is used: 1. when a previous file has been ignored, it can be unignored by using its exact name, e.g. foo/bar !foo/bar 2. when a file in a subdirectory has been ignored, it can be unignored by using its basename, e.g. foo/bar !bar 3. when all files with a basename are ignored, a specific file can be unignored again by specifying its path in a subdirectory, e.g. bar !foo/bar The first problem in libgit2 is that we did not correctly treat the second case. While we verified that the negative pattern matches the tail of the positive one, we did not verify if it only matches the basename of the positive pattern. So e.g. we would have also negated a pattern like foo/fruz_bar !bar Furthermore, we did not check for the third case, where a basename is being unignored in a certain subdirectory again. Both issues are fixed with this commit.
12b73ff3	2016-08-17T11:00:05	transports: http: reset `connected` flag when re-connecting transport When calling `http_connect` on a subtransport whose stream is already connected, we first close the stream in case no keep-alive is in use. When doing so, we do not reset the transport's connection state, though. Usually, this will do no harm in case the subsequent connect will succeed. But when the connection fails we are left with a substransport which is tagged as connected but which has no valid stream attached. Fix the issue by resetting the subtransport's connected-state when closing its stream in `http_connect`.
8f342c6d	2016-08-08T14:47:32	stransport: do not use `git_stream_free` on uninitialized stransport When failing to initialize a new stransport stream, we try to release already allocated memory by calling out to `git_stream_free`, which in turn called out to the stream's `free` function pointer. As we only initialize the function pointer later on, this leads to a `NULL` pointer exception. Furthermore, plug another memory leak when failing to create the SSL context.
9aee7bc2	2016-08-08T13:49:17	stransport: make internal functions static
1fafead5	2016-07-29T12:59:42	sysdir: use the standard `init` pattern Don't try to determine when sysdirs are uninitialized. Instead, simply initialize them all at `git_libgit2_init` time and never try to reinitialize, except when consumers explicitly call `git_sysdir_set`. Looking at the buffer length is especially problematic, since there may no appropriate path for that value. (For example, the Windows-specific programdata directory has no value on non-Windows machines.) Previously we would continually trying to re-lookup these values, which could get racy if two different threads are each calling `git_sysdir_get` and trying to lookup / clear the value simultaneously.
85addddf	2016-08-04T13:45:28	refspec: do not set empty rhs for fetch refspecs According to git-fetch(1), "[t]he colon can be omitted when <dst> is empty." So according to git, the refspec "refs/heads/master" is the same as the refspec "refs/heads/master:" when fetching changes. When trying to fetch from a remote with a trailing colon with libgit2, though, the fetch actually fails while it works when the trailing colon is left out. So obviously, libgit2 does _not_ treat these two refspec formats the same for fetches. The problem results from parsing refspecs, where the resulting refspec has its destination set to an empty string in the case of a trailing colon and to a `NULL` pointer in the case of no trailing colon. When passing this to our DWIM machinery, the empty string gets translated to "refs/heads/", which is simply wrong. Fix the problem by having the parsing machinery treat both cases the same for fetch refspecs.
d711165d	2016-07-22T14:02:00	repository: don't cast to `int` for no reason And give it a default so that some compilers don't (unnecessarily) complain.
9894c7dd	2016-07-15T13:32:23	remote: Handle missing config values when deleting a remote Somehow I ended up with the following in my ~/.gitconfig: [branch "master"] remote = origin merge = master rebase = true I assume something went crazy while I was running the git.git tests some time ago, and that I never noticed until now. This is not a good configuration, but it shouldn't cause problems. But it does. Specifically, if you have this in your config, and you perform the following set of actions: create a remote fetch from that remote create a branch off of the remote master branch called "master" delete the branch delete the remote The remote delete fails with the message "Could not find key 'branch.master.rebase' to delete". This is because it's iterating over the config entries (including the ones in the global config) and believes that there is a master branch which must therefore have these config keys. https://github.com/libgit2/libgit2/issues/3856
49188d2b	2016-06-27T15:20:20	blame: do not decrement commit refcount in make_origin When we create a blame origin, we try to look up the blob that is to be blamed at a certain revision. When this lookup fails, e.g. because the file did not exist at that certain revision, we fail to create the blame origin and return `NULL`. The blame origin that we have just allocated is thereby free'd with `origin_decref`. The `origin_decref` function does not only decrement reference counts for the blame origin, though, but also for its commit and blob. When this is done in the error case, we will cause an uneven reference count for these objects. This may result in hard-to-debug failures at seemingly unrelated code paths, where we try to access these objects when they in fact have already been free'd. Fix the issue by refactoring `make_origin` such that we only allocate the object after the only function that may fail so that we do not have to call `origin_decref` at all. Also fix the `pass_blame` function, which indirectly calls `make_origin`, to free the commit when `make_origin` failed.
b64722fd	2016-08-05T18:40:37	SecureTransport: handle NULL trust on success The `SSLCopyPeerTrust` call can succeed but fail to return a trust object if it can't load the certificate chain and thus cannot check the validity of a certificate. This can lead to us calling `CFRelease` on a `NULL` trust object, causing a crash. Handle this by returning ECERTIFICATE.
bb582f07	2016-06-20T20:07:33	threads: add platform-independent thread initialization function
1edbfa1f	2016-06-28T20:19:52	Fixed bug while parsing INT64_MIN
a200dc9e	2016-04-03T19:24:15	Fix repository discovery with ceiling_dirs at current directory git only checks ceiling directories when its search ascends to a parent directory. A ceiling directory matching the starting directory will not prevent git from finding a repository in the starting directory or a parent directory. libgit2 handled the former case correctly, but differed from git in the latter case: given a ceiling directory matching the starting directory, but no repository at the starting directory, libgit2 would stop the search at that point rather than finding a repository in a parent directory. Test case using git command-line tools: /tmp$ git init x Initialized empty Git repository in /tmp/x/.git/ /tmp$ cd x/ /tmp/x$ mkdir subdir /tmp/x$ cd subdir/ /tmp/x/subdir$ GIT_CEILING_DIRECTORIES=/tmp/x git rev-parse --git-dir fatal: Not a git repository (or any of the parent directories): .git /tmp/x/subdir$ GIT_CEILING_DIRECTORIES=/tmp/x/subdir git rev-parse --git-dir /tmp/x/.git Fix the testsuite to test this case (in one case fixing a test that depended on the current behavior), and then fix find_repo to handle this case correctly. In the process, simplify and document the logic in find_repo(): - Separate the concepts of "currently checking a .git directory" and "number of iterations left before going further counts as a search" into two separate variables, in_dot_git and min_iterations. - Move the logic to handle in_dot_git and append /.git to the top of the loop. - Only search ceiling_dirs and find ceiling_offset after running out of min_iterations; since ceiling_offset only tracks the longest matching ceiling directory, if ceiling_dirs contained both the current directory and a parent directory, this change makes find_repo stop the search at the parent directory.
5d03db81	2016-06-20T18:21:42	win32: rename pthread.{c,h} to thread.{c,h} The old pthread-file did re-implement the pthreads API with exact symbol matching. As the thread-abstraction has now been split up between Unix- and Windows-specific files within the `git_` namespace to avoid symbol-clashes between libgit2 and pthreads, the rewritten wrappers have nothing to do with pthreads anymore. Rename the Windows-specific pthread-files to honor this change.
961bdbdf	2016-06-20T18:28:00	threads: remove now-useless typedefs
2aa5c6ff	2016-06-20T19:40:45	threads: remove unused function pthread_num_processors_np The function pthread_num_processors_np is currently unused and superseded by the function `git_online_cpus`. Remove the function.
68343f26	2016-06-20T17:49:47	threads: split up OS-dependent rwlock code
fabd4771	2016-06-20T17:20:13	threads: split up OS-dependent thread-condition code
1b825316	2016-06-20T19:48:19	threads: remove unused function pthread_cond_broadcast
40b243bf	2016-06-20T17:07:14	threads: split up OS-dependent mutex code
fc2b97dd	2016-06-20T17:44:04	threads: split up OS-dependent thread code
286e7dbd	2016-06-09T22:50:53	fix error message SHA truncation in git_odb__error_notfound()
4c06f3e7	2016-06-19T11:46:43	HTTP authentication scheme name is case insensitive.
ac44d354	2016-06-15T15:47:28	checkout: use empty baseline when no index When no index file exists and a baseline is not explicitly provided, use an empty baseline instead of trying to load `HEAD`.
27008e84	2016-06-14T14:46:12	fetch: Fixed spurious update callback for existing tags.
d1fb89dd	2016-06-07T12:55:17	global: clean up crt only after freeing tls data The thread local storage is used to hold some global state that is dynamically allocated and should be freed upon exit. On Windows, we clean up the C run-time right after execution of registered shutdown callbacks and before cleaning up the TLS. When we clean up the CRT, we also cause it to analyze for memory leaks. As we did not free the TLS yet this will lead to false positives. Fix the issue by first freeing the TLS and cleaning up the CRT only afterwards.
246d25b3	2016-06-07T08:35:26	index: fix NULL pointer access in index_remove_entry When removing an entry from the index by its position, we first retrieve the position from the index's entries and then try to remove the retrieved value from the index map with `DELETE_IN_MAP`. When `index_remove_entry` returns `NULL` we try to feed it into the `DELETE_IN_MAP` macro, which will unconditionally call `idxentry_hash` and then happily dereference the `NULL` entry pointer. Fix the issue by not passing a `NULL` entry into `DELETE_IN_MAP`.
1a709604	2016-06-06T12:59:17	transports: smart: fix potential invalid memory dereferences When we receive a packet of exactly four bytes encoding its length as those four bytes it can be treated as an empty line. While it is not really specified how those empty lines should be treated, we currently ignore them and do not return an error when trying to parse it but simply advance the data pointer. Callers invoking `git_pkt_parse_line` are currently not prepared to handle this case as they do not explicitly check this case. While they could always reset the passed out-pointer to `NULL` before calling `git_pkt_parse_line` and determine if the pointer has been set afterwards, it makes more sense to update `git_pkt_parse_line` to set the out-pointer to `NULL` itself when it encounters such an empty packet. Like this it is guaranteed that there will be no invalid memory references to free'd pointers. As such, the issue has been fixed such that `git_pkt_parse_line` always sets the packet out pointer to `NULL` when an empty packet has been received and callers check for this condition, skipping such packets.
11408f0e	2016-06-02T02:34:03	index_read_index: invalidate new paths in tree cache When adding a new entry to an existing index via `git_index_read_index`, be sure to remove the tree cache entry for that new path. This will mark all parent trees as dirty.
80745b12	2016-06-02T01:04:58	index_read_index: set flags for path_len correctly Update the flags to reset the path_len (to emulate `index_insert`)
e755f79f	2016-06-02T00:47:51	index_read_index: differentiate on mode Treat index entries with different modes as different, which they are, at least for the purposes of up-to-date calculations.
e6a0a850	2016-06-01T14:56:27	index_read_index: reset error correctly Clear any error state upon each iteration. If one of the iterations ends (with an error of `GIT_ITEROVER`) we need to reset that error to 0, lest we stop the whole process prematurely.
feea2849	2016-05-26T12:52:29	win32: clean up unused warnings in DllMain
efadf28d	2016-05-26T12:39:09	filebuf: fix uninitialized warning
85ef6ec5	2016-05-12T13:18:07	Ignore submodules when checking for merge conflicts in the workdir.
70681ff7	2016-02-16T21:02:41	checkout: handle dirty submodules correctly Don't generate conflicts when checking out a modified submodule and the submodule is dirty or modified in the workdir.
78b5702e	2016-05-18T16:00:01	Fix comment for GIT_FILEMODE_LINK 0120000 is symbolic link, not commit
849a1a43	2016-05-05T23:34:23	Fix unused variable 'message' warning
cf0396a5	2016-05-02T16:49:59	delta-apply: fix sign extension We compute offsets by executing `off \|= (*delta++ << 24)` for multiple constants, where `off` is of type `size_t` and `delta` is of type `unsigned char`. The usual arithmetic conversions (see ISO C89 §3.2.1.5 "Usual arithmetic conversions") kick in here, causing us to promote both operands to `int` and then extending the result to an `unsigned long` when OR'ing it with `off`. The integer promotion to `int` may result in wrong size calculations for big values. Fix the issue by making the constants `unsigned long`, causing both operands to be promoted to `unsigned long`.
1fb8a951	2016-05-02T16:24:14	odb_loose: fix undefined behavior when computing size An object's size is computed by reading the object header's size field until the most significant bit is not set anymore. To get the total size, we increase the shift on each iteration and add the shifted value to the total size. We read the current value into a variable of type `unsigned char`, from which we then take all bits except the most significant bit and shift the result. We will end up with a maximum shift of 60, but this exceeds the width of the value's type, resulting in undefined behavior. Fix the issue by instead reading the values into a variable of type `unsigned long`, which matches the required width. This is equivalent to git.git, which uses an `unsigned long` as well.
f627e196	2016-05-02T15:47:54	checkout: set ignorecase=0 when config lookup fails When `git_repository__cvar` fails we may end up with a `ignorecase` value of `-1`. As we subsequently check if `ignorecase` is non-zero, we may end up reporting that data should be removed when in fact it should not. Err on the safer side and set `ignorecase = 0` when `git_repository__cvar` fails.
66633e83	2016-04-27T12:00:31	odb: avoid inflating the full delta to read the header When we read the header, we want to know the size and type of the object. We're currently inflating the full delta in order to read the first few bytes. This can mean hundreds of kB needlessly inflated for large objects. Instead use a packfile stream to read just enough so we can read the two varints in the header and avoid inflating most of the delta.
fc2ef514	2016-05-02T14:30:14	index: fix memory leak on error case
b726c539	2016-04-26T18:04:03	Fix return value of openssl_read (infinite loop) openssl_read should return -1 in case of error. SSL_read returns values <= 0 in case of error. A return value of 0 can lead to an infinite loop, so the return value of ssl_set_error will be returned if SSL_read is not successful (analog to openssl_write).
16541b86	2016-04-25T12:16:05	tag: ignore extra header fields While no extra header fields are defined for tags, git accepts them by ignoring them and continuing the search for the message. There are a few tags like this in the wild which git parses just fine, so we should do the same.
ccfacb8b	2016-03-31T10:43:57	leaks: call `xdl_free_classifier`
2c1bc36d	2016-03-29T14:47:31	Plug a few leaks
af753aba	2016-03-22T00:18:44	tree: drop the now-unnecessary entries vector Remove the now-unnecessary entries vector. Add `git_array_search` to binary search through an array to accomplish this.
13ebf7bd	2016-03-20T12:01:45	tree: store the entries in a growable array Take advantage of the constant size of tree-owned arrays and store them in an array instead of a pool. This still lets us free them all at once but lets the system allocator do the work of fitting them in.
26f2cefb	2016-03-20T11:00:12	tree: re-use the id and filename in the odb object Instead of copying over the data into the individual entries, point to the originals, which are already in a format we can use.
17789083	2016-04-01T14:33:42	ignore: don't use realpath to canonicalize path If we're looking for a symlink, realpath will give us the resolved path, which is not what we're after, but a canonicalized version of the path the user asked for.
a13c1ec2	2016-03-28T11:13:51	config: don't write section header if we're in it If we hit the EOF while trying to write a new value, it may be that we're already in the section that we were looking for. If so, do not write a (duplicate) section header, just write the value.
3e2e8240	2016-04-11T17:43:07	refs: provide a more general error message for dwim If we cannot dwim the input, set the error message to be explicit about that. Otherwise we leave the error for the last failed lookup, which can be rather unexpected as it mentions a remote when the user thought they were trying to look up a branch.
56da07cb	2016-03-31T11:32:36	xdiff/xprepare: fix a memory leak The xdl_prepare_env() function may initialise an xdlclassifier_t data structure via xdl_init_classifier(), which allocates memory to several fields, for example 'rchash', 'rcrecs' and 'ncha'. If this function later exits due to the failure of xdl_optimize_ctxs(), then this xdlclassifier_t structure, and the memory allocated to it, is not cleaned up. In order to fix the memory leak, insert a call to xdl_free_classifier() before returning. This patch was originally written by Ramsay Jones (see commit 87f16258367a3b9a62663b11f898a4a6f3c19d31 in git.git).
3ec0f2e3	2016-03-31T11:30:31	xdiff/xprepare: use the XDF_DIFF_ALG() macro to access flag bits Commit 307ab20b3 ("xdiff: PATIENCE/HISTOGRAM are not independent option bits", 19-02-2012) introduced the XDF_DIFF_ALG() macro to access the flag bits used to represent the diff algorithm requested. In addition, code which had used explicit manipulation of the flag bits was changed to use the macros. However, one example of direct manipulation remains. Update this code to use the XDF_DIFF_ALG() macro. This patch was originally written by Ramsay Jones (see commit 5cd6978a9cfef58de061a9525f3678ade479564d in git.git).
c86a65be	2016-03-21T21:10:26	config: don't special-case multivars that don't exist yet This special-casing ignores that we might have a locked file, so the hashtable does not represent the contents of the file we want to write. This causes multivar writes to overwrite entries instead of add to them when under lock. There is no need for this as the normal code-path will write to the file just fine, so simply get rid of it.
a1cf2644	2016-03-18T13:00:27	win32: free thread-local data on thread exit
e97d2d70	2016-03-17T10:45:22	commit: fix extraction of single-line signatures The function to extract signatures suffers from a similar bug to the header field finding one by having an unecessary line feed check as a break condition of its loop. Fix that and add a test for this single-line signature situation.
d8fcafb2	2016-03-16T19:05:11	Split the page size from the mmap alignment While often similar, these are not the same on Windows. We want to use the page size on Windows for the pools, but for mmap we need to use the allocation granularity as the alignment. On the other platforms these values remain the same.
4e91020c	2016-03-14T12:41:12	Start error string with lower case character
c1ec732f	2016-03-14T12:02:00	Setup better defaults for OpenSSL ciphers This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682
89e7604c	2016-03-10T17:21:02	config_cache: check return value of `git_config__lookup_entry` Callers of `git_config__cvar` already handle the case where the function returns an error due to a failed configuration variable lookup, but we are actually swallowing errors when calling `git_config__lookup_entry` inside of the function. Fix this by returning early when `git_config__lookup_entry` returns an error. As we call `git_config__lookup_entry` with `no_errors == false` which leads us to call `get_entry` with `GET_NO_MISSING` we will not return early when the lookup fails due to a missing entry. Like this we are still able to set the default value of the cvar and exit successfully.
18c4ae70	2016-03-10T17:05:30	filebuf: handle write error in `lock_file` When writing to a file with locking not check if writing the locked file actually succeeds. Fix the issue by returning error code and message when writing fails.
f17ed637	2016-03-10T16:42:55	blame: handle error when resoling HEAD in normalize_options When normalizing options we try to look up HEAD's OID. While this action may fail in malformed repositories we never check the return value of the function. Fix the issue by converting `normalize_options` to actually return an error and handle the error in `git_blame_file`.
dd78d7d1	2016-03-10T16:33:49	blame_git: handle error returned by `git_commit_parent`
8d3ee96a	2016-03-10T16:11:51	refdb_fs: fail if refcache returns NULL pointer We usually check entries returned by `git_sortedcache_entry` for NULL pointers. As we have a write lock in `packed_write`, though, it really should not happen that the function returns NULL. Assert that ref is not NULL to silence a Coverity warning.
851c51ab	2016-03-10T10:40:47	diff_tform: fix potential NULL pointer access When the user passes in a diff which has no repository associated we may call `git_config__get_int_force` with a NULL-pointer configuration. Even though `git_config__get_int_force` is designed to swallow errors, it is not intended to be called with a NULL pointer configuration. Fix the issue by only calling `git_config__get_int_force` only when configuration could be retrieved from the repository.
d96c0638	2016-03-01T19:11:33	submodule: avoid passing NULL pointers to strncmp In C89 it is undefined behavior to pass `NULL` pointers to `strncmp` and later on in C99 it has been explicitly stated that functions with an argument declared as `size_t nmemb` specifying the array length shall always have valid parameters, no matter if `nmemb` is 0 or not (see ISO 9899 §7.21.1.2). The function `str_equal_no_trailing_slash` always passes its parameters to `strncmp` if their lengths match. This means if one parameter is `NULL` and the other one either `NULL` or a string with length 0 we will pass the pointers to `strncmp` and cause undefined behavior. Fix this by explicitly handling the case when both lengths are 0.
1a16e8b0	2016-03-01T17:55:40	pack-objects: fix memory leak on overflow
e114bbac	2016-03-01T16:00:49	index: assert required OID are non-NULL
d0780b81	2016-03-01T15:35:45	object: avoid call of memset with ouf of bounds pointer When computing a short OID we do this by first copying the leading parts into the new OID structure and then setting the trailing part to zero. In the case of the desired length being `GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds pointer and a length of 0. While this seems to cause no problems for common platforms the C89 standard does not explicitly state that calling `memset` with an out of bounds pointer and length of 0 is valid. Fix the potential issue by using the newly introduced `git_oid__cpy_prefix` function.
fa4b93a6	2016-04-11T15:57:23	backport git_oid__cpy_prefix
e39ad747	2016-03-01T14:40:17	config_file: handle missing quotation marks in section header When parsing a section header we expect something along the format of '[section "subsection"]'. When a section is mal-formated and is entirely missing its quotation marks we catch this case by observing that `strchr(line, '"') - strrchr(line, '"') = NULL - NULL = 0` and error out. Unfortunately, the error message is misleading though, as we state that we are missing the closing quotation mark while we in fact miss both quotation marks. Improve the error message by explicitly checking if the first quotation mark could be found and, if not, stating that quotation marks are completely missing.
ffb1f419	2016-03-01T14:24:09	describe: handle error code returned by git_pqueue_insert
4ebf745f	2016-03-09T11:16:16	mwindow: free unused windows if we fail to mmap The first time may be due to memory fragmentation or just bad luck on a 32-bit system. When we hit the mmap error for the first time, free up the unused windows and try again.
9ee498e8	2016-03-08T10:16:37	Only buffer if necessary.
eb09ead2	2016-03-04T01:18:30	odb: improved not found error messages When looking up an abbreviated oid, show the actual (abbreviated) oid the caller passed instead of a full (but ambiguously truncated) oid.
cdded630	2016-01-13T11:07:14	Remove duplicated calls to git_mwindow_close
e3862c9f	2016-01-11T17:09:32	Buffer sideband packet data The inner packet may be split across multiple sideband packets.
8ec3d88f	2015-12-24T10:04:44	Avoid subtraction overflow in git_indexer_commit
4a93a7fc	2015-12-28T11:37:39	Tabs
e44f6586	2015-12-28T07:43:24	Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers
ff8e3f0e	2015-12-22T10:38:31	Handle git+ssh:// and ssh+git:// protocols support
ea5bf6bb	2016-03-04T12:34:38	treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.
22f3d3aa	2016-03-03T22:26:31	ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.
66a530eb	2016-03-03T20:11:18	Merge pull request #3648 from libgit2/cmn/auth-retry test: make sure we retry the auth callback on all platforms
778fb695	2016-03-03T12:14:02	Merge pull request #3646 from pks-t/pks/xdiff-fix-from-upstream xdiff: fix memleak on error case
a4cba9d4	2016-03-03T10:48:24	winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
edaffe22	2016-03-01T17:16:27	Merge pull request #3633 from ethomson/safe_creation Stricter object dependency checking during creation
a4ea7faa	2016-03-01T08:54:00	xdiff: fix memleak on error case Commit 3d1abc5afce fixes a memory leak in the xdiff code. In the process of upstreaming the fix it was pointed out by Johannes Schindelin that there is another memory leak present (see [1]). Fix the second memory leak by applying the upstream fix to our code base. [1]: http://thread.gmane.org/gmane.comp.version-control.git/287034
dbee6835	2016-02-28T20:13:24	Merge pull request #3567 from sba1/few-p_getaddrinfo-fixes Few p_getaddrinfo fixes
f2dddf52	2016-02-28T15:51:38	turn on strict object validation by default
98c34149	2016-02-28T15:11:15	refs: honor strict object creation
3ef01e77	2016-02-28T14:37:37	git_object__is_valid: use `odb_read_header` This allows lighter weight validation in `git_object__is_valid` that does not require reading the entire object.
6ddf533a	2016-02-23T18:29:16	git_index_add: validate objects in index entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the index entries given to `git_index_add`.
2bbc7d3e	2016-02-23T15:00:27	treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.
ef63bab3	2016-02-23T13:34:35	git_commit: validate tree and parent ids When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to commit creation functions.
7565dc65	2016-02-23T13:33:10	git_object__is_valid: simple object validity test
22a19f5b	2016-02-22T23:46:50	git_libgit2_opts: introduce `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION`

e499b13c

2016-08-24T01:20:39

git_checkout_tree options fix According to the reference the git_checkout_tree and git_checkout_head functions should accept NULL in the opts field This was broken since the opts field was dereferenced and thus lead to a crash.

0dea4299

2016-08-12T09:06:15

ignore: allow unignoring basenames in subdirectories The .gitignore file allows for patterns which unignore previous ignore patterns. When unignoring a previous pattern, there are basically three cases how this is matched when no globbing is used: 1. when a previous file has been ignored, it can be unignored by using its exact name, e.g. foo/bar !foo/bar 2. when a file in a subdirectory has been ignored, it can be unignored by using its basename, e.g. foo/bar !bar 3. when all files with a basename are ignored, a specific file can be unignored again by specifying its path in a subdirectory, e.g. bar !foo/bar The first problem in libgit2 is that we did not correctly treat the second case. While we verified that the negative pattern matches the tail of the positive one, we did not verify if it only matches the basename of the positive pattern. So e.g. we would have also negated a pattern like foo/fruz_bar !bar Furthermore, we did not check for the third case, where a basename is being unignored in a certain subdirectory again. Both issues are fixed with this commit.

12b73ff3

2016-08-17T11:00:05

transports: http: reset `connected` flag when re-connecting transport When calling `http_connect` on a subtransport whose stream is already connected, we first close the stream in case no keep-alive is in use. When doing so, we do not reset the transport's connection state, though. Usually, this will do no harm in case the subsequent connect will succeed. But when the connection fails we are left with a substransport which is tagged as connected but which has no valid stream attached. Fix the issue by resetting the subtransport's connected-state when closing its stream in `http_connect`.

8f342c6d

2016-08-08T14:47:32

stransport: do not use `git_stream_free` on uninitialized stransport When failing to initialize a new stransport stream, we try to release already allocated memory by calling out to `git_stream_free`, which in turn called out to the stream's `free` function pointer. As we only initialize the function pointer later on, this leads to a `NULL` pointer exception. Furthermore, plug another memory leak when failing to create the SSL context.

9aee7bc2

2016-08-08T13:49:17

stransport: make internal functions static

1fafead5

2016-07-29T12:59:42

sysdir: use the standard `init` pattern Don't try to determine when sysdirs are uninitialized. Instead, simply initialize them all at `git_libgit2_init` time and never try to reinitialize, except when consumers explicitly call `git_sysdir_set`. Looking at the buffer length is especially problematic, since there may no appropriate path for that value. (For example, the Windows-specific programdata directory has no value on non-Windows machines.) Previously we would continually trying to re-lookup these values, which could get racy if two different threads are each calling `git_sysdir_get` and trying to lookup / clear the value simultaneously.

85addddf

2016-08-04T13:45:28

refspec: do not set empty rhs for fetch refspecs According to git-fetch(1), "[t]he colon can be omitted when <dst> is empty." So according to git, the refspec "refs/heads/master" is the same as the refspec "refs/heads/master:" when fetching changes. When trying to fetch from a remote with a trailing colon with libgit2, though, the fetch actually fails while it works when the trailing colon is left out. So obviously, libgit2 does _not_ treat these two refspec formats the same for fetches. The problem results from parsing refspecs, where the resulting refspec has its destination set to an empty string in the case of a trailing colon and to a `NULL` pointer in the case of no trailing colon. When passing this to our DWIM machinery, the empty string gets translated to "refs/heads/", which is simply wrong. Fix the problem by having the parsing machinery treat both cases the same for fetch refspecs.

d711165d

2016-07-22T14:02:00

repository: don't cast to `int` for no reason And give it a default so that some compilers don't (unnecessarily) complain.

9894c7dd

2016-07-15T13:32:23

remote: Handle missing config values when deleting a remote Somehow I ended up with the following in my ~/.gitconfig: [branch "master"] remote = origin merge = master rebase = true I assume something went crazy while I was running the git.git tests some time ago, and that I never noticed until now. This is not a good configuration, but it shouldn't cause problems. But it does. Specifically, if you have this in your config, and you perform the following set of actions: create a remote fetch from that remote create a branch off of the remote master branch called "master" delete the branch delete the remote The remote delete fails with the message "Could not find key 'branch.master.rebase' to delete". This is because it's iterating over the config entries (including the ones in the global config) and believes that there is a master branch which must therefore have these config keys. https://github.com/libgit2/libgit2/issues/3856

49188d2b

2016-06-27T15:20:20

blame: do not decrement commit refcount in make_origin When we create a blame origin, we try to look up the blob that is to be blamed at a certain revision. When this lookup fails, e.g. because the file did not exist at that certain revision, we fail to create the blame origin and return `NULL`. The blame origin that we have just allocated is thereby free'd with `origin_decref`. The `origin_decref` function does not only decrement reference counts for the blame origin, though, but also for its commit and blob. When this is done in the error case, we will cause an uneven reference count for these objects. This may result in hard-to-debug failures at seemingly unrelated code paths, where we try to access these objects when they in fact have already been free'd. Fix the issue by refactoring `make_origin` such that we only allocate the object after the only function that may fail so that we do not have to call `origin_decref` at all. Also fix the `pass_blame` function, which indirectly calls `make_origin`, to free the commit when `make_origin` failed.

b64722fd

2016-08-05T18:40:37

SecureTransport: handle NULL trust on success The `SSLCopyPeerTrust` call can succeed but fail to return a trust object if it can't load the certificate chain and thus cannot check the validity of a certificate. This can lead to us calling `CFRelease` on a `NULL` trust object, causing a crash. Handle this by returning ECERTIFICATE.

bb582f07

2016-06-20T20:07:33

threads: add platform-independent thread initialization function

1edbfa1f

2016-06-28T20:19:52

Fixed bug while parsing INT64_MIN

a200dc9e

2016-04-03T19:24:15

Fix repository discovery with ceiling_dirs at current directory git only checks ceiling directories when its search ascends to a parent directory. A ceiling directory matching the starting directory will not prevent git from finding a repository in the starting directory or a parent directory. libgit2 handled the former case correctly, but differed from git in the latter case: given a ceiling directory matching the starting directory, but no repository at the starting directory, libgit2 would stop the search at that point rather than finding a repository in a parent directory. Test case using git command-line tools: /tmp$ git init x Initialized empty Git repository in /tmp/x/.git/ /tmp$ cd x/ /tmp/x$ mkdir subdir /tmp/x$ cd subdir/ /tmp/x/subdir$ GIT_CEILING_DIRECTORIES=/tmp/x git rev-parse --git-dir fatal: Not a git repository (or any of the parent directories): .git /tmp/x/subdir$ GIT_CEILING_DIRECTORIES=/tmp/x/subdir git rev-parse --git-dir /tmp/x/.git Fix the testsuite to test this case (in one case fixing a test that depended on the current behavior), and then fix find_repo to handle this case correctly. In the process, simplify and document the logic in find_repo(): - Separate the concepts of "currently checking a .git directory" and "number of iterations left before going further counts as a search" into two separate variables, in_dot_git and min_iterations. - Move the logic to handle in_dot_git and append /.git to the top of the loop. - Only search ceiling_dirs and find ceiling_offset after running out of min_iterations; since ceiling_offset only tracks the longest matching ceiling directory, if ceiling_dirs contained both the current directory and a parent directory, this change makes find_repo stop the search at the parent directory.

5d03db81

2016-06-20T18:21:42

win32: rename pthread.{c,h} to thread.{c,h} The old pthread-file did re-implement the pthreads API with exact symbol matching. As the thread-abstraction has now been split up between Unix- and Windows-specific files within the `git_` namespace to avoid symbol-clashes between libgit2 and pthreads, the rewritten wrappers have nothing to do with pthreads anymore. Rename the Windows-specific pthread-files to honor this change.

961bdbdf

2016-06-20T18:28:00

threads: remove now-useless typedefs

2aa5c6ff

2016-06-20T19:40:45

threads: remove unused function pthread_num_processors_np The function pthread_num_processors_np is currently unused and superseded by the function `git_online_cpus`. Remove the function.

68343f26

2016-06-20T17:49:47

threads: split up OS-dependent rwlock code

fabd4771

2016-06-20T17:20:13

threads: split up OS-dependent thread-condition code

1b825316

2016-06-20T19:48:19

threads: remove unused function pthread_cond_broadcast

40b243bf

2016-06-20T17:07:14

threads: split up OS-dependent mutex code

fc2b97dd

2016-06-20T17:44:04

threads: split up OS-dependent thread code

286e7dbd

2016-06-09T22:50:53

fix error message SHA truncation in git_odb__error_notfound()

4c06f3e7

2016-06-19T11:46:43

HTTP authentication scheme name is case insensitive.

ac44d354

2016-06-15T15:47:28

checkout: use empty baseline when no index When no index file exists and a baseline is not explicitly provided, use an empty baseline instead of trying to load `HEAD`.

27008e84

2016-06-14T14:46:12

fetch: Fixed spurious update callback for existing tags.

d1fb89dd

2016-06-07T12:55:17

global: clean up crt only after freeing tls data The thread local storage is used to hold some global state that is dynamically allocated and should be freed upon exit. On Windows, we clean up the C run-time right after execution of registered shutdown callbacks and before cleaning up the TLS. When we clean up the CRT, we also cause it to analyze for memory leaks. As we did not free the TLS yet this will lead to false positives. Fix the issue by first freeing the TLS and cleaning up the CRT only afterwards.

246d25b3

2016-06-07T08:35:26

index: fix NULL pointer access in index_remove_entry When removing an entry from the index by its position, we first retrieve the position from the index's entries and then try to remove the retrieved value from the index map with `DELETE_IN_MAP`. When `index_remove_entry` returns `NULL` we try to feed it into the `DELETE_IN_MAP` macro, which will unconditionally call `idxentry_hash` and then happily dereference the `NULL` entry pointer. Fix the issue by not passing a `NULL` entry into `DELETE_IN_MAP`.

1a709604

2016-06-06T12:59:17

transports: smart: fix potential invalid memory dereferences When we receive a packet of exactly four bytes encoding its length as those four bytes it can be treated as an empty line. While it is not really specified how those empty lines should be treated, we currently ignore them and do not return an error when trying to parse it but simply advance the data pointer. Callers invoking `git_pkt_parse_line` are currently not prepared to handle this case as they do not explicitly check this case. While they could always reset the passed out-pointer to `NULL` before calling `git_pkt_parse_line` and determine if the pointer has been set afterwards, it makes more sense to update `git_pkt_parse_line` to set the out-pointer to `NULL` itself when it encounters such an empty packet. Like this it is guaranteed that there will be no invalid memory references to free'd pointers. As such, the issue has been fixed such that `git_pkt_parse_line` always sets the packet out pointer to `NULL` when an empty packet has been received and callers check for this condition, skipping such packets.

11408f0e

2016-06-02T02:34:03

index_read_index: invalidate new paths in tree cache When adding a new entry to an existing index via `git_index_read_index`, be sure to remove the tree cache entry for that new path. This will mark all parent trees as dirty.

80745b12

2016-06-02T01:04:58

index_read_index: set flags for path_len correctly Update the flags to reset the path_len (to emulate `index_insert`)

e755f79f

2016-06-02T00:47:51

index_read_index: differentiate on mode Treat index entries with different modes as different, which they are, at least for the purposes of up-to-date calculations.

e6a0a850

2016-06-01T14:56:27

index_read_index: reset error correctly Clear any error state upon each iteration. If one of the iterations ends (with an error of `GIT_ITEROVER`) we need to reset that error to 0, lest we stop the whole process prematurely.

feea2849

2016-05-26T12:52:29

win32: clean up unused warnings in DllMain

efadf28d

2016-05-26T12:39:09

filebuf: fix uninitialized warning

85ef6ec5

2016-05-12T13:18:07

Ignore submodules when checking for merge conflicts in the workdir.

70681ff7

2016-02-16T21:02:41

checkout: handle dirty submodules correctly Don't generate conflicts when checking out a modified submodule and the submodule is dirty or modified in the workdir.

78b5702e

2016-05-18T16:00:01

Fix comment for GIT_FILEMODE_LINK 0120000 is symbolic link, not commit

849a1a43

2016-05-05T23:34:23

Fix unused variable 'message' warning

cf0396a5

2016-05-02T16:49:59

delta-apply: fix sign extension We compute offsets by executing `off |= (*delta++ << 24)` for multiple constants, where `off` is of type `size_t` and `delta` is of type `unsigned char`. The usual arithmetic conversions (see ISO C89 §3.2.1.5 "Usual arithmetic conversions") kick in here, causing us to promote both operands to `int` and then extending the result to an `unsigned long` when OR'ing it with `off`. The integer promotion to `int` may result in wrong size calculations for big values. Fix the issue by making the constants `unsigned long`, causing both operands to be promoted to `unsigned long`.

1fb8a951

2016-05-02T16:24:14

odb_loose: fix undefined behavior when computing size An object's size is computed by reading the object header's size field until the most significant bit is not set anymore. To get the total size, we increase the shift on each iteration and add the shifted value to the total size. We read the current value into a variable of type `unsigned char`, from which we then take all bits except the most significant bit and shift the result. We will end up with a maximum shift of 60, but this exceeds the width of the value's type, resulting in undefined behavior. Fix the issue by instead reading the values into a variable of type `unsigned long`, which matches the required width. This is equivalent to git.git, which uses an `unsigned long` as well.

f627e196

2016-05-02T15:47:54

checkout: set ignorecase=0 when config lookup fails When `git_repository__cvar` fails we may end up with a `ignorecase` value of `-1`. As we subsequently check if `ignorecase` is non-zero, we may end up reporting that data should be removed when in fact it should not. Err on the safer side and set `ignorecase = 0` when `git_repository__cvar` fails.

66633e83

2016-04-27T12:00:31

odb: avoid inflating the full delta to read the header When we read the header, we want to know the size and type of the object. We're currently inflating the full delta in order to read the first few bytes. This can mean hundreds of kB needlessly inflated for large objects. Instead use a packfile stream to read just enough so we can read the two varints in the header and avoid inflating most of the delta.

fc2ef514

2016-05-02T14:30:14

index: fix memory leak on error case

b726c539

2016-04-26T18:04:03

Fix return value of openssl_read (infinite loop) openssl_read should return -1 in case of error. SSL_read returns values <= 0 in case of error. A return value of 0 can lead to an infinite loop, so the return value of ssl_set_error will be returned if SSL_read is not successful (analog to openssl_write).

16541b86

2016-04-25T12:16:05

tag: ignore extra header fields While no extra header fields are defined for tags, git accepts them by ignoring them and continuing the search for the message. There are a few tags like this in the wild which git parses just fine, so we should do the same.

ccfacb8b

2016-03-31T10:43:57

leaks: call `xdl_free_classifier`

2c1bc36d

2016-03-29T14:47:31

Plug a few leaks

af753aba

2016-03-22T00:18:44

tree: drop the now-unnecessary entries vector Remove the now-unnecessary entries vector. Add `git_array_search` to binary search through an array to accomplish this.

13ebf7bd

2016-03-20T12:01:45

tree: store the entries in a growable array Take advantage of the constant size of tree-owned arrays and store them in an array instead of a pool. This still lets us free them all at once but lets the system allocator do the work of fitting them in.

26f2cefb

2016-03-20T11:00:12

tree: re-use the id and filename in the odb object Instead of copying over the data into the individual entries, point to the originals, which are already in a format we can use.

17789083

2016-04-01T14:33:42

ignore: don't use realpath to canonicalize path If we're looking for a symlink, realpath will give us the resolved path, which is not what we're after, but a canonicalized version of the path the user asked for.

a13c1ec2

2016-03-28T11:13:51

config: don't write section header if we're in it If we hit the EOF while trying to write a new value, it may be that we're already in the section that we were looking for. If so, do not write a (duplicate) section header, just write the value.

3e2e8240

2016-04-11T17:43:07

refs: provide a more general error message for dwim If we cannot dwim the input, set the error message to be explicit about that. Otherwise we leave the error for the last failed lookup, which can be rather unexpected as it mentions a remote when the user thought they were trying to look up a branch.

56da07cb

2016-03-31T11:32:36

xdiff/xprepare: fix a memory leak The xdl_prepare_env() function may initialise an xdlclassifier_t data structure via xdl_init_classifier(), which allocates memory to several fields, for example 'rchash', 'rcrecs' and 'ncha'. If this function later exits due to the failure of xdl_optimize_ctxs(), then this xdlclassifier_t structure, and the memory allocated to it, is not cleaned up. In order to fix the memory leak, insert a call to xdl_free_classifier() before returning. This patch was originally written by Ramsay Jones (see commit 87f16258367a3b9a62663b11f898a4a6f3c19d31 in git.git).

3ec0f2e3

2016-03-31T11:30:31

xdiff/xprepare: use the XDF_DIFF_ALG() macro to access flag bits Commit 307ab20b3 ("xdiff: PATIENCE/HISTOGRAM are not independent option bits", 19-02-2012) introduced the XDF_DIFF_ALG() macro to access the flag bits used to represent the diff algorithm requested. In addition, code which had used explicit manipulation of the flag bits was changed to use the macros. However, one example of direct manipulation remains. Update this code to use the XDF_DIFF_ALG() macro. This patch was originally written by Ramsay Jones (see commit 5cd6978a9cfef58de061a9525f3678ade479564d in git.git).

c86a65be

2016-03-21T21:10:26

config: don't special-case multivars that don't exist yet This special-casing ignores that we might have a locked file, so the hashtable does not represent the contents of the file we want to write. This causes multivar writes to overwrite entries instead of add to them when under lock. There is no need for this as the normal code-path will write to the file just fine, so simply get rid of it.

a1cf2644

2016-03-18T13:00:27

win32: free thread-local data on thread exit

e97d2d70

2016-03-17T10:45:22

commit: fix extraction of single-line signatures The function to extract signatures suffers from a similar bug to the header field finding one by having an unecessary line feed check as a break condition of its loop. Fix that and add a test for this single-line signature situation.

d8fcafb2

2016-03-16T19:05:11

Split the page size from the mmap alignment While often similar, these are not the same on Windows. We want to use the page size on Windows for the pools, but for mmap we need to use the allocation granularity as the alignment. On the other platforms these values remain the same.

4e91020c

2016-03-14T12:41:12

Start error string with lower case character

c1ec732f

2016-03-14T12:02:00

Setup better defaults for OpenSSL ciphers This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682

89e7604c

2016-03-10T17:21:02

config_cache: check return value of `git_config__lookup_entry` Callers of `git_config__cvar` already handle the case where the function returns an error due to a failed configuration variable lookup, but we are actually swallowing errors when calling `git_config__lookup_entry` inside of the function. Fix this by returning early when `git_config__lookup_entry` returns an error. As we call `git_config__lookup_entry` with `no_errors == false` which leads us to call `get_entry` with `GET_NO_MISSING` we will not return early when the lookup fails due to a missing entry. Like this we are still able to set the default value of the cvar and exit successfully.

18c4ae70

2016-03-10T17:05:30

filebuf: handle write error in `lock_file` When writing to a file with locking not check if writing the locked file actually succeeds. Fix the issue by returning error code and message when writing fails.

f17ed637

2016-03-10T16:42:55

blame: handle error when resoling HEAD in normalize_options When normalizing options we try to look up HEAD's OID. While this action may fail in malformed repositories we never check the return value of the function. Fix the issue by converting `normalize_options` to actually return an error and handle the error in `git_blame_file`.

dd78d7d1

2016-03-10T16:33:49

blame_git: handle error returned by `git_commit_parent`

8d3ee96a

2016-03-10T16:11:51

refdb_fs: fail if refcache returns NULL pointer We usually check entries returned by `git_sortedcache_entry` for NULL pointers. As we have a write lock in `packed_write`, though, it really should not happen that the function returns NULL. Assert that ref is not NULL to silence a Coverity warning.

851c51ab

2016-03-10T10:40:47

diff_tform: fix potential NULL pointer access When the user passes in a diff which has no repository associated we may call `git_config__get_int_force` with a NULL-pointer configuration. Even though `git_config__get_int_force` is designed to swallow errors, it is not intended to be called with a NULL pointer configuration. Fix the issue by only calling `git_config__get_int_force` only when configuration could be retrieved from the repository.

d96c0638

2016-03-01T19:11:33

submodule: avoid passing NULL pointers to strncmp In C89 it is undefined behavior to pass `NULL` pointers to `strncmp` and later on in C99 it has been explicitly stated that functions with an argument declared as `size_t nmemb` specifying the array length shall always have valid parameters, no matter if `nmemb` is 0 or not (see ISO 9899 §7.21.1.2). The function `str_equal_no_trailing_slash` always passes its parameters to `strncmp` if their lengths match. This means if one parameter is `NULL` and the other one either `NULL` or a string with length 0 we will pass the pointers to `strncmp` and cause undefined behavior. Fix this by explicitly handling the case when both lengths are 0.

1a16e8b0

2016-03-01T17:55:40

pack-objects: fix memory leak on overflow

e114bbac

2016-03-01T16:00:49

index: assert required OID are non-NULL

d0780b81

2016-03-01T15:35:45

object: avoid call of memset with ouf of bounds pointer When computing a short OID we do this by first copying the leading parts into the new OID structure and then setting the trailing part to zero. In the case of the desired length being `GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds pointer and a length of 0. While this seems to cause no problems for common platforms the C89 standard does not explicitly state that calling `memset` with an out of bounds pointer and length of 0 is valid. Fix the potential issue by using the newly introduced `git_oid__cpy_prefix` function.

fa4b93a6

2016-04-11T15:57:23

backport git_oid__cpy_prefix

e39ad747

2016-03-01T14:40:17

config_file: handle missing quotation marks in section header When parsing a section header we expect something along the format of '[section "subsection"]'. When a section is mal-formated and is entirely missing its quotation marks we catch this case by observing that `strchr(line, '"') - strrchr(line, '"') = NULL - NULL = 0` and error out. Unfortunately, the error message is misleading though, as we state that we are missing the closing quotation mark while we in fact miss both quotation marks. Improve the error message by explicitly checking if the first quotation mark could be found and, if not, stating that quotation marks are completely missing.

ffb1f419

2016-03-01T14:24:09

describe: handle error code returned by git_pqueue_insert

4ebf745f

2016-03-09T11:16:16

mwindow: free unused windows if we fail to mmap The first time may be due to memory fragmentation or just bad luck on a 32-bit system. When we hit the mmap error for the first time, free up the unused windows and try again.

9ee498e8

2016-03-08T10:16:37

Only buffer if necessary.

eb09ead2

2016-03-04T01:18:30

odb: improved not found error messages When looking up an abbreviated oid, show the actual (abbreviated) oid the caller passed instead of a full (but ambiguously truncated) oid.

cdded630

2016-01-13T11:07:14

Remove duplicated calls to git_mwindow_close

e3862c9f

2016-01-11T17:09:32

Buffer sideband packet data The inner packet may be split across multiple sideband packets.

8ec3d88f

2015-12-24T10:04:44

Avoid subtraction overflow in git_indexer_commit

4a93a7fc

2015-12-28T11:37:39

Tabs

e44f6586

2015-12-28T07:43:24

Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers

ff8e3f0e

2015-12-22T10:38:31

Handle git+ssh:// and ssh+git:// protocols support

ea5bf6bb

2016-03-04T12:34:38

treebuilder: don't try to verify submodules exist in the odb Submodules don't exist in the objectdb and the code is making us try to look for a blob with its commit id, which is obviously not going to work. Skip the test if the user wants to insert a submodule.

22f3d3aa

2016-03-03T22:26:31

ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.

66a530eb

2016-03-03T20:11:18

Merge pull request #3648 from libgit2/cmn/auth-retry test: make sure we retry the auth callback on all platforms

778fb695

2016-03-03T12:14:02

Merge pull request #3646 from pks-t/pks/xdiff-fix-from-upstream xdiff: fix memleak on error case

a4cba9d4

2016-03-03T10:48:24

winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.

edaffe22

2016-03-01T17:16:27

Merge pull request #3633 from ethomson/safe_creation Stricter object dependency checking during creation

a4ea7faa

2016-03-01T08:54:00

xdiff: fix memleak on error case Commit 3d1abc5afce fixes a memory leak in the xdiff code. In the process of upstreaming the fix it was pointed out by Johannes Schindelin that there is another memory leak present (see [1]). Fix the second memory leak by applying the upstream fix to our code base. [1]: http://thread.gmane.org/gmane.comp.version-control.git/287034

dbee6835

2016-02-28T20:13:24

Merge pull request #3567 from sba1/few-p_getaddrinfo-fixes Few p_getaddrinfo fixes

f2dddf52

2016-02-28T15:51:38

turn on strict object validation by default

98c34149

2016-02-28T15:11:15

refs: honor strict object creation

3ef01e77

2016-02-28T14:37:37

git_object__is_valid: use `odb_read_header` This allows lighter weight validation in `git_object__is_valid` that does not require reading the entire object.

6ddf533a

2016-02-23T18:29:16

git_index_add: validate objects in index entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the index entries given to `git_index_add`.

2bbc7d3e

2016-02-23T15:00:27

treebuilder: validate tree entries (optionally) When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to treebuilder insertion.

ef63bab3

2016-02-23T13:34:35

git_commit: validate tree and parent ids When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate the tree and parent ids given to commit creation functions.

7565dc65

2016-02-23T13:33:10

git_object__is_valid: simple object validity test

22a19f5b

2016-02-22T23:46:50

git_libgit2_opts: introduce `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION`

thodg/libgit2/src

src

Log