|
eee17997
|
2016-03-08T01:45:29
|
|
Merge pull request #3658 from patrickmckenna/update-pro-git-link
Update link to Pro Git's Git internals chapter
|
|
698e0c27
|
2016-03-07T16:34:30
|
|
Update link to Pro Git's Git internals chapter.
|
|
785d8c48
|
2016-03-04T13:50:23
|
|
Merge pull request #3653 from libgit2/cmn/treebuilder-submodule
treebuilder: don't try to verify submodules exist in the odb
|
|
ea5bf6bb
|
2016-03-04T12:34:38
|
|
treebuilder: don't try to verify submodules exist in the odb
Submodules don't exist in the objectdb and the code is making us try to
look for a blob with its commit id, which is obviously not going to
work.
Skip the test if the user wants to insert a submodule.
|
|
16099833
|
2016-03-03T22:57:45
|
|
Merge pull request #3651 from libgit2/cmn/init-libssh2
ssh: initialize libssh2
|
|
22f3d3aa
|
2016-03-03T22:26:31
|
|
ssh: initialize libssh2
We should have been doing this, but it initializes itself upon first
use, which works as long as nobody's doing concurrent network
operations. Initialize it on our init to make sure it's not getting
initialized concurrently.
|
|
839bdb05
|
2016-03-03T21:20:33
|
|
Merge pull request #3639 from srajko/threading-openssl-libssh2
Expand OpenSSL and libssh2 thread safety documentation
|
|
e23efa6d
|
2016-03-03T21:03:10
|
|
tests: take the version from our define
|
|
1e8255a3
|
2016-03-03T20:20:43
|
|
Bump version to 0.24.0
|
|
c21c8f67
|
2016-03-03T20:18:55
|
|
CHANGELOG: prepre tamplate for release
|
|
a7ef27af
|
2016-03-03T20:17:13
|
|
CHANGELOG: add note about WinHTTP cred handling
|
|
66a530eb
|
2016-03-03T20:11:18
|
|
Merge pull request #3648 from libgit2/cmn/auth-retry
test: make sure we retry the auth callback on all platforms
|
|
ba9bb664
|
2016-03-03T19:21:07
|
|
tests: create a ctest target for cred_callback
|
|
778fb695
|
2016-03-03T12:14:02
|
|
Merge pull request #3646 from pks-t/pks/xdiff-fix-from-upstream
xdiff: fix memleak on error case
|
|
25205737
|
2016-03-03T10:08:00
|
|
test: make sure we retry the auth callback on all platforms
We were missing this test on Windows, which meant we didn't notice that
we never fixed the single authentication attempt it tries, nor its wrong
return code.
Enable this for the unix platforms as well over HTTP. We previously were
doing it locally but disabled it on OS X due to issues with its sshd not
accepting password authentication.
|
|
a4cba9d4
|
2016-03-03T10:48:24
|
|
winhttp: retry authentication
If the caller has provided bad authentication, give them another
apportunity to get it right until they give up. This brings WinHTTP in
line with the other transports.
|
|
9b3fc895
|
2016-03-03T11:17:36
|
|
tests: plug a leak
|
|
edaffe22
|
2016-03-01T17:16:27
|
|
Merge pull request #3633 from ethomson/safe_creation
Stricter object dependency checking during creation
|
|
a4ea7faa
|
2016-03-01T08:54:00
|
|
xdiff: fix memleak on error case
Commit 3d1abc5afce fixes a memory leak in the xdiff code. In the
process of upstreaming the fix it was pointed out by Johannes
Schindelin that there is another memory leak present (see [1]).
Fix the second memory leak by applying the upstream fix to our
code base.
[1]: http://thread.gmane.org/gmane.comp.version-control.git/287034
|
|
dbee6835
|
2016-02-28T20:13:24
|
|
Merge pull request #3567 from sba1/few-p_getaddrinfo-fixes
Few p_getaddrinfo fixes
|
|
f2dddf52
|
2016-02-28T15:51:38
|
|
turn on strict object validation by default
|
|
4afe536b
|
2016-02-28T16:02:49
|
|
tests: use legitimate object ids
Use legitimate (existing) object IDs in tests so that we have the
ability to turn on strict object validation when running tests.
|
|
98c34149
|
2016-02-28T15:11:15
|
|
refs: honor strict object creation
|
|
3ef01e77
|
2016-02-28T14:37:37
|
|
git_object__is_valid: use `odb_read_header`
This allows lighter weight validation in `git_object__is_valid` that
does not require reading the entire object.
|
|
6ddf533a
|
2016-02-23T18:29:16
|
|
git_index_add: validate objects in index entries (optionally)
When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate
the index entries given to `git_index_add`.
|
|
1a9d7c95
|
2016-02-28T19:43:45
|
|
Merge pull request #3644 from ethomson/debug_pool
travis ci: enable debug pool for valgrind builds
|
|
2bbc7d3e
|
2016-02-23T15:00:27
|
|
treebuilder: validate tree entries (optionally)
When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate
the tree and parent ids given to treebuilder insertion.
|
|
ef63bab3
|
2016-02-23T13:34:35
|
|
git_commit: validate tree and parent ids
When `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION` is turned on, validate
the tree and parent ids given to commit creation functions.
|
|
7565dc65
|
2016-02-23T13:33:10
|
|
git_object__is_valid: simple object validity test
|
|
22a19f5b
|
2016-02-22T23:46:50
|
|
git_libgit2_opts: introduce `GIT_OPT_ENABLE_STRICT_OBJECT_CREATION`
|
|
da033560
|
2016-02-28T11:34:36
|
|
travis ci: enable debug pool for valgrind builds
|
|
6cc4bac8
|
2016-02-28T11:31:10
|
|
Merge pull request #3577 from rossdylan/rossdylan/pooldebug
Add a new build flag to disable the pool allocator
|
|
09db7fd8
|
2016-02-25T15:19:51
|
|
Expand OpenSSL and libssh2 thread safety documentation
|
|
93e16642
|
2016-02-26T12:51:13
|
|
Fixed typo in one of the ifndef's in pool.h used to enable/disable debug mode
|
|
9f4e7c84
|
2016-02-25T18:42:09
|
|
Merge pull request #3638 from ethomson/nsec
USE_NSECS fixes
|
|
0d9a7498
|
2016-02-25T12:09:49
|
|
Merge pull request #3628 from pks-t/pks/coverity-fixes
Coverity fixes
|
|
fd129f28
|
2016-02-25T11:59:00
|
|
Merge pull request #3630 from libgit2/cmn/idx-extra-check
Extra checks for packfile indices
|
|
3d6a42d1
|
2016-02-25T11:23:19
|
|
nsec: support NDK's crazy nanoseconds
Android NDK does not have a `struct timespec` in its `struct stat`
for nanosecond support, instead it has a single nanosecond member inside
the struct stat itself. We will use that and use a macro to expand to
the `st_mtim` / `st_mtimespec` definition on other systems (much like
the existing `st_mtime` backcompat definition).
|
|
a4c55069
|
2016-02-25T11:31:18
|
|
nsec: update staging test for GIT_USE_NSECS
The index::nsec::staging_maintains_other_nanos test was created to
ensure that when we stage an entry when GIT_USE_NSECS is *unset* that
we truncate the index entry and do not persist the (old, invalid)
nanosec values. Ensure that when GIT_USE_NSECS is *set* that we do
not do that, and actually write the correct nanosecond values.
|
|
6d97beb9
|
2016-02-25T15:46:59
|
|
pack: don't allow a negative offset
|
|
ea9e00cb
|
2016-02-23T18:15:43
|
|
pack: make sure we don't go out of bounds for extended entries
A corrupt index might have data that tells us to go look past the end of
the file for data. Catch these cases and return an appropriate error
message.
|
|
9dfe1140
|
2016-02-25T09:08:23
|
|
Merge pull request #3637 from libgit2/cmn/conventions
CONVENTIONS: update to include general public API principles
|
|
1f8cb02f
|
2016-02-25T14:51:00
|
|
CONVENTIONS: update to include general public API principles
|
|
68ad3156
|
2016-02-24T17:17:57
|
|
openssl: we already had the function, just needed the header
|
|
f3d1be7d
|
2016-02-24T16:38:22
|
|
openssl: export the locking function when building without OpenSSL
This got lost duing the move and it lets the users call this function
just in case.
|
|
43955927
|
2016-02-23T22:27:36
|
|
Merge pull request #3631 from ethomson/giterr_fixups
Minor `giterr` fixups
|
|
cd59e0c0
|
2016-02-23T13:05:49
|
|
giterr_set_str: remove `GITERR_OS` documentation
The `giterr_set_str` does not actually honor `GITERR_OS`. Remove
the documentation that claims that we do.
|
|
04c3b35f
|
2016-02-23T13:02:07
|
|
map: use `giterr_set` internally
Use the `giterr_set` function, which actually supports `GITERR_OS`.
The `giterr_set_str` function is exposed for external users and will
not append the operating system's error message.
|
|
32f07984
|
2016-02-23T11:07:03
|
|
diff_tform: fix potential NULL pointer access
The `normalize_find_opts` function in theory allows for the
incoming diff to have no repository. When the caller does not
pass in diff find options or if the GIT_DIFF_FIND_BY_CONFIG value
is set, though, we try to derive the configuration from the
diff's repository configuration without first verifying that the
repository is actually set to a non-NULL value.
Fix this issue by explicitly checking if the repository is set
and if it is not, fall back to a default value of
GIT_DIFF_FIND_RENAMES.
|
|
3d1abc5a
|
2016-02-22T17:13:23
|
|
xmerge: fix memory leak on error path
|
|
05bf67b9
|
2016-02-23T11:16:36
|
|
openssl_stream: fix NULL pointer dereference
|
|
2baf854e
|
2016-02-22T16:08:56
|
|
openssl_stream: fix memory leak when creating new stream
|
|
2afb6fa4
|
2016-02-22T16:05:13
|
|
rebase: plug memory leak in `rebase_alloc`
Convert `rebase_alloc` to use our usual error propagation
patterns, that is accept an out-parameter and return an error
code that is to be checked by the caller. This allows us to use
the GITERR_CHECK_ALLOC macro, which helps static analysis.
|
|
d0cb11e7
|
2016-02-22T16:01:03
|
|
remote: set error code in `create_internal`
Set the error code when an error occurs in any of the called
functions. This ensures we pass the error up to callers and
actually free the remote when an error occurs.
|
|
0f1e2d20
|
2016-02-23T11:23:26
|
|
index: fix contradicting comparison
The overflow check in `read_reuc` tries to verify if the
`git__strtol32` parses an integer bigger than UINT_MAX. The `tmp`
variable is casted to an unsigned int for this and then checked
for being greater than UINT_MAX, which obviously can never be
true.
Fix this by instead fixing the `mode` field's size in `struct
git_index_reuc_entry` to `uint32_t`. We can now parse the int
with `git__strtol64`, which can never return a value bigger than
`UINT32_MAX`, and additionally checking if the returned value is
smaller than zero.
We do not need to handle overflows explicitly here, as
`git__strtol64` returns an error when the returned value would
overflow.
|
|
c5bd70d1
|
2016-02-23T11:48:30
|
|
revwalk: use GITERR_CHECK_ALLOC_BUF
|
|
6e2a3755
|
2016-02-23T11:45:43
|
|
smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
|
|
42c05ed5
|
2016-02-23T10:02:44
|
|
path: use GITERR_CHECK_ALLOC_BUF to verify passed in buffer
|
|
859ed5dd
|
2016-02-23T09:54:26
|
|
common: introduce GITERR_CHECK_ALLOC_BUF
We commonly have to check if a git_buf has been allocated
correctly or if we ran out of memory. Introduce a new macro
similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if
so returns an error. Provide a `#nodef` for Coverity to mark the
error case as an abort path.
|
|
f2a554b4
|
2016-02-22T14:43:28
|
|
coverity: hint git_vector_foreach does not deref NULL contents
Coverity does not comprehend the connection between a vector's
size and the contents pointer, that is that the vector's pointer
is non-NULL when its size is positive. As the vector code should
be reasonably well tested and users are expected to not manually
modify a vector's contents it seems save to assume that the
macros will never dereference a NULL pointer.
Fix Coverity warnings by overriding the foreach macros with
macros that explicitly aborting when (v)->contents is NULL.
|
|
7808c937
|
2016-02-22T15:59:15
|
|
index: plug memory leak in `read_conflict_names`
|
|
003c5e46
|
2016-02-22T15:52:49
|
|
transports: smart_pkt: fix memory leaks on error paths
|
|
793e0855
|
2016-02-22T14:06:48
|
|
refdb_fs: remove unnecessary check for NULL
The fail-label of `reflog_parse` explicitly checks the entry
poitner for NULL before freeing it. When we jump to the label the
variable has to be set to a non-NULL and valid pointer though: if
the allocation fails we immediately return with an error code and
if the loop was not entered we return with a success code,
withouth executing the label's code.
Remove the useless NULL-check to silence Coverity.
|
|
be8479c9
|
2016-02-22T14:01:50
|
|
diff_print: assert patch is non-NULL
When invoking `diff_print_info_init_frompatch` it is obvious that
the patch should be non-NULL. We explicitly check if the variable
is set and continue afterwards, happily dereferencing the
potential NULL-pointer.
Fix this by instead asserting that patch is set. This also
silences Coverity.
|
|
bac52ab0
|
2016-02-22T13:48:45
|
|
pack-objects: return early when computing write order fails
The function `compute_write_order` may return a `NULL`-pointer
when an error occurs. In such cases we jump to the `done`-label
where we try to clean up allocated memory. Unfortunately we try
to deallocate the `write_order` array, though, which may be NULL
here.
Fix this error by returning early instead of jumping to the
`done` label. There is no data to be cleaned up anyway.
|
|
d1c9a48d
|
2016-02-23T10:45:09
|
|
pack-objects: check realloc in try_delta with GITERR_CHECK_ALLOC
|
|
2129d6df
|
2016-02-22T13:33:48
|
|
crlf: do not ignore GIT_PASSTHROUGH error
When no payload is set for `crlf_apply` we try to compute the
crlf attributes ourselves with `crlf_check`. When the function
determines that the current file does not require any treatment
we return the GIT_PASSTHROUGH error code without actually
allocating the out-pointer, which indicates the file should not
be passed through the filter.
The `crlf_apply` function explicitly checks for the
GIT_PASSTHROUGH return code and ignores it. This means we will
try to apply the crlf-filter to the current file, leading us to
dereference the unallocated payload-pointer.
Fix this obviously incorrect behavior by not treating
GIT_PASSTHROUGH in any special way. This is the correct thing to
do anyway, as the code indicates that the file should not be
passed through the filter.
|
|
b9f28b8d
|
2016-02-23T10:09:03
|
|
refspec: check buffer with GITERR_CHECK_ALLOC_BUF
|
|
fb96b28c
|
2016-02-23T08:16:12
|
|
Merge pull request #3629 from ethomson/set_user_agent_doc
git_libgit2_opts: minor documentation & usage fixes
|
|
7bab2e8f
|
2016-02-22T23:04:40
|
|
git_libgit2_opts: validate key
|
|
5bc93eae
|
2016-02-22T22:26:01
|
|
git_libgit2_opts: document GIT_OPT_SET_USER_AGENT
|
|
305c4f95
|
2016-02-22T10:16:49
|
|
Merge pull request #3627 from libgit2/cmn/typo
Fix a few checkout -> rebase typos
|
|
88ab3be6
|
2016-02-22T15:41:01
|
|
Fix a few checkout -> rebase typos
|
|
c8fe6c09
|
2016-02-19T16:23:14
|
|
openssl: re-export the last-resort locking function
We need to include the header where we define the function. Otherwise it
won't be available on the DLL.
|
|
f1260e03
|
2016-02-19T09:13:40
|
|
Remove unnecessary ifdef in pool.h
|
|
f596946f
|
2016-02-19T13:52:04
|
|
CHANGELOG: add a few missing changes
|
|
deecaa2e
|
2016-02-19T13:31:54
|
|
openssl: free the context even if we don't connect
|
|
bf127eec
|
2016-02-19T13:24:41
|
|
global: remove an unused variable
|
|
78e16c34
|
2016-02-19T13:06:51
|
|
Merge pull request #3597 from ethomson/filter_registration
Filter registration
|
|
b643501d
|
2016-02-19T10:21:37
|
|
Merge pull request #3614 from pks-t/pks/coverity-fixes
Coverity fixes
|
|
8a62bf11
|
2016-02-15T11:28:33
|
|
netops: fix memory leak when an error occurs
|
|
b0f7512f
|
2016-02-15T11:46:10
|
|
transports: smart_pkt: fix memory leaks
|
|
704554cd
|
2016-02-15T11:37:48
|
|
transports: smart: fix memory leak on OOM path
|
|
038d7af0
|
2016-02-15T11:30:48
|
|
signature: use GITERR_CHECK_ALLOC to check for OOM situation
When checking for out of memory situations we usually use the
GITERR_CHECK_ALLOC macro. Besides conforming to our current code
base it adds the benefit of silencing errors in Coverity due to
Coverity handling the macro's error path as abort.
|
|
40f6f225
|
2016-02-15T10:58:52
|
|
coverity: hint that string length is at least 2
When checking if a string is prefixed by a drive letter (e.g.
"C:") we verify this by inspecting the first and second character
of the string. Coverity thinks this is a defect as we do not
check the string's length first, but in fact we only check the
second character if the first character is part of the alphabet,
that is it cannot be '\0'.
Fix this by overriding the macro and explicitly checking the
string's length.
|
|
5981ab1d
|
2016-02-15T09:41:08
|
|
coverity: add nodefs for abort macros
Add nodefs for macros that abort the current flow due to errors.
This includes macros that trigger on integer overflows and for
the version check macro. This aids Coverity as we point out that
these paths will cause a fatal error.
|
|
c1b75f05
|
2016-02-18T15:11:31
|
|
Merge pull request #3604 from ethomson/nsec_xplat
Handle `USE_NSECS`
|
|
b85d0afd
|
2016-02-18T15:11:02
|
|
Merge pull request #3606 from ethomson/drop_xp
win32: drop xp support in WideCharToMultiByte
|
|
5663d4f6
|
2016-02-18T12:31:56
|
|
Merge pull request #3613 from ethomson/fixups
Remove most of the silly warnings
|
|
594a5d12
|
2016-02-18T12:28:06
|
|
Merge pull request #3619 from ethomson/win32_forbidden
win32: allow us to read indexes with forbidden paths on win32
|
|
298d1b07
|
2016-02-18T11:44:04
|
|
Merge pull request #3621 from pra85/patch-1
Fix a typo
|
|
9c26f90c
|
2016-02-18T11:39:55
|
|
PROJECTS: remove a few things we do have
|
|
d50bf716
|
2016-02-18T13:26:08
|
|
Fix a typo
`compatability` → `compatibility`
|
|
318b825e
|
2016-02-16T17:11:46
|
|
index: allow read of index w/ illegal entries
Allow `git_index_read` to handle reading existing indexes with
illegal entries. Allow the low-level `git_index_add` to add
properly formed `git_index_entry`s even if they contain paths
that would be illegal for the current filesystem (eg, `AUX`).
Continue to disallow `git_index_add_bypath` from adding entries
that are illegal universally illegal (eg, `.git`, `foo/../bar`).
|
|
4fea9cff
|
2016-02-16T13:08:55
|
|
iterator: assert tree_iterator has a frame
Although a `tree_iterator` that failed to be properly created
does not have a frame, all other `tree_iterator`s should. Do not
call `pop` in the failure case, but assert that in all other
cases there is a frame.
|
|
a218b2f6
|
2016-01-22T16:03:37
|
|
Validate pointer before access the member.
When Git repository at network locations, sometimes git_iterator_for_tree
fails at iterator__update_ignore_case so it goes to git_iterator_free.
Null pointer will crash the process if not check.
Signed-off-by: Colin Xu <colin.xu@gmail.com>
|
|
4be2aa57
|
2016-02-16T18:50:08
|
|
win32: tests around handling forbidden paths
Introduce a repository that contains some paths that were illegal
on PC-DOS circa 1981 (like `aux`, `con`, `com1`) and that in a
bizarre fit of retrocomputing, remain illegal on some "modern"
computers, despite being "new technology".
Introduce some aspirational tests that suggest that we should be
able to cope with trees and indexes that contain paths that
would be illegal on the filesystem, so that we can at least diff
them. Further ensure that checkout will not write a repository
with forbidden paths.
|
|
474bd2c1
|
2016-02-16T14:45:32
|
|
Merge pull request #3617 from libgit2/cmn/extract-sig-errors
commit: expose the different kinds of errors
|
|
eadd0f05
|
2016-02-16T14:06:48
|
|
commit: expose the different kinds of errors
We should be checking whether the object we're looking up is a commit,
and we should let the caller know whether the not-found return code
comes from a bad object type or just a missing signature.
|
|
9ce0399c
|
2016-02-12T10:27:05
|
|
winhttp: use an unsigned iterator
|