kmx git

Commit	Date	Message
475db39b	2018-10-06T12:58:06	ignore unsupported http authentication schemes auth_context_match returns 0 instead of -1 for unknown schemes to not fail in situations where some authentication schemes are supported and others are not. apply_credentials is adjusted to handle auth_context_match returning 0 without producing authentication context.
1bc5b05c	2018-10-03T16:17:21	smart_pkt: do not accept callers passing in no line length Right now, we simply ignore the `linelen` parameter of `git_pkt_parse_line` in case the caller passed in zero. But in fact, we never want to assume anything about the provided buffer length and always want the caller to pass in the available number of bytes. And in fact, checking all the callers, one can see that the funciton is never being called in case where the buffer length is zero, and thus we are safe to remove this check.
5fabaca8	2018-08-09T11:04:42	smart_pkt: fix buffer overflow when parsing "unpack" packets When checking whether an "unpack" packet returned the "ok" status or not, we use a call to `git__prefixcmp`. In case where the passed line isn't properly NUL terminated, though, this may overrun the line buffer. Fix this by using `git__prefixncmp` instead.
b5ba7af2	2018-08-09T11:03:37	smart_pkt: fix "ng" parser accepting non-space character When parsing "ng" packets, we blindly assume that the character immediately following the "ng" prefix is a space and skip it. As the calling function doesn't make sure that this is the case, we can thus end up blindly accepting an invalid packet line. Fix the issue by using `git__prefixncmp`, checking whether the line starts with "ng ".
c05790a8	2018-08-09T11:16:15	smart_pkt: return parsed length via out-parameter The `parse_len` function currently directly returns the parsed length of a packet line or an error code in case there was an error. Instead, convert this to our usual style of using the return value as error code only and returning the actual value via an out-parameter. Thus, we can now convert the output parameter to an unsigned type, as the size of a packet cannot ever be negative. While at it, we also move the check whether the input buffer is long enough into `parse_len` itself. We don't really want to pass around potentially non-NUL-terminated buffers to functions without also passing along the length, as this is dangerous in the unlikely case where other callers for that function get added. Note that we need to make sure though to not mess with `GIT_EBUFS` error codes, as these indicate not an error to the caller but that he needs to fetch more data.
0b3dfbf4	2018-08-09T11:13:59	smart_pkt: reorder and rename parameters of `git_pkt_parse_line` The parameters of the `git_pkt_parse_line` function are quite confusing. First, there is no real indicator what the `out` parameter is actually all about, and it's not really clear what the `bufflen` parameter refers to. Reorder and rename the parameters to make this more obvious.
a9f1ca09	2018-08-09T11:01:00	smart_pkt: fix buffer overflow when parsing "ok" packets There are two different buffer overflows present when parsing "ok" packets. First, we never verify whether the line already ends after "ok", but directly go ahead and also try to skip the expected space after "ok". Second, we then go ahead and use `strchr` to scan for the terminating newline character. But in case where the line isn't terminated correctly, this can overflow the line buffer. Fix the issues by using `git__prefixncmp` to check for the "ok " prefix and only checking for a trailing '\n' instead of using `memchr`. This also fixes the issue of us always requiring a trailing '\n'. Reported by oss-fuzz, issue 9749: Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x6310000389c0 Crash State: ok_pkt git_pkt_parse_line git_smart__store_refs Sanitizer: address (ASAN)
bc349045	2018-08-09T10:38:10	smart_pkt: fix buffer overflow when parsing "ACK" packets We are being quite lenient when parsing "ACK" packets. First, we didn't correctly verify that we're not overrunning the provided buffer length, which we fix here by using `git__prefixncmp` instead of `git__prefixcmp`. Second, we do not verify that the actual contents make any sense at all, as we simply ignore errors when parsing the ACKs OID and any unknown status strings. This may result in a parsed packet structure with invalid contents, which is being silently passed to the caller. This is being fixed by performing proper input validation and checking of return codes.
5edcf5d1	2018-08-09T10:57:06	smart_pkt: adjust style of "ref" packet parsing function While the function parsing ref packets doesn't have any immediately obvious buffer overflows, it's style is different to all the other parsing functions. Instead of checking buffer length while we go, it does a check up-front. This causes the code to seem a lot more magical than it really is due to some magic constants. Refactor the function to instead make use of the style of other packet parser and verify buffer lengths as we go.
786426ea	2018-08-09T10:46:58	smart_pkt: check whether error packets are prefixed with "ERR " In the `git_pkt_parse_line` function, we determine what kind of packet a given packet line contains by simply checking for the prefix of that line. Except for "ERR" packets, we always only check for the immediate identifier without the trailing space (e.g. we check for an "ACK" prefix, not for "ACK "). But for "ERR" packets, we do in fact include the trailing space in our check. This is not really much of a problem at all, but it is inconsistent with all the other packet types and thus causes confusion when the `err_pkt` function just immediately skips the space without checking whether it overflows the line buffer. Adjust the check in `git_pkt_parse_line` to not include the trailing space and instead move it into `err_pkt` for consistency.
40fd84cc	2018-08-09T10:46:26	smart_pkt: explicitly avoid integer overflows when parsing packets When parsing data, progress or error packets, we need to copy the contents of the rest of the current packet line into the flex-array of the parsed packet. To keep track of this array's length, we then assign the remaining length of the packet line to the structure. We do have a mismatch of types here, as the structure's `len` field is a signed integer, while the length that we are assigning has type `size_t`. On nearly all platforms, this shouldn't pose any problems at all. The line length can at most be 16^4, as the line's length is being encoded by exactly four hex digits. But on a platforms with 16 bit integers, this assignment could cause an overflow. While such platforms will probably only exist in the embedded ecosystem, we still want to avoid this potential overflow. Thus, we now simply change the structure's `len` member to be of type `size_t` to avoid any integer promotion.
4a5804c9	2018-08-09T10:36:44	smart_pkt: honor line length when determining packet type When we parse the packet type of an incoming packet line, we do not verify that we don't overflow the provided line buffer. Fix this by using `git__prefixncmp` instead and passing in `len`. As we have previously already verified that `len <= linelen`, we thus won't ever overflow the provided buffer length.
9a193102	2018-08-24T11:01:39	Merge pull request #4774 from tiennou/fix/clang-analyzer Coverity flavored clang analyzer fixes
1c949ce1	2018-08-21T02:11:32	transport/http: do not return success if we failed to get a scheme Otherwise we return a NULL context, which will get dereferenced in apply_credentials.
50dd7fea	2018-08-11T13:06:14	Fix 'invalid packet line' for ng packets containing errors
9ada072e	2018-08-06T13:31:23	Merge pull request #4758 from pks-t/pks/smart-pkt-oob-read smart_pkt: fix potential OOB-read when processing ng packet
ba55592f	2018-08-02T20:34:56	Merge pull request #4743 from Agent00Log/dev/winbugfixes Windows: default credentials / fallback credential handling
ccbffbae	2018-07-30T13:39:21	Only unitialize if the call to CoInitializeEx was successful
b00a09b0	2018-07-27T20:14:27	Merge pull request #4731 from libgit2/ethomson/wintls_fix winhttp: retry erroneously failing requests
8c21cb5c	2018-07-26T09:52:32	Fix fallback credentials: The call to CoInitializeEx fails if it was previously been set to a different mode.
c9dc30ff	2018-07-26T09:52:21	Fix default credentials: The WinHttpSetCredentials auth scheme must only be one of the supported schemes.
ca2eb460	2018-07-20T21:50:58	smart subtransport: free url when resetting stream Free the url field when resetting the stream to avoid leaking it.
dc371e3c	2018-07-20T08:20:48	winhttp: retry erroneously failing requests Early Windows TLS 1.2 implementations have an issue during key exchange with OpenSSL implementations that cause negotiation to fail with the error "the buffer supplied to a function was too small." This is a transient error on the connection, so when that error is received, retry up to 5 times to create a connection to the remote server before actually giving up.
0652abaa	2018-07-20T12:56:49	Merge pull request #4702 from tiennou/fix/coverity Assorted Coverity fixes
19bed3e2	2018-07-19T13:00:42	smart_pkt: fix potential OOB-read when processing ng packet OSS-fuzz has reported a potential out-of-bounds read when processing a "ng" smart packet: ==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310000249c0 at pc 0x000000493a92 bp 0x7ffddc882cd0 sp 0x7ffddc882480 READ of size 65529 at 0x6310000249c0 thread T0 SCARINESS: 26 (multi-byte-read-heap-buffer-overflow) #0 0x493a91 in __interceptor_strchr.part.35 /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:673 #1 0x813960 in ng_pkt libgit2/src/transports/smart_pkt.c:320:14 #2 0x810f79 in git_pkt_parse_line libgit2/src/transports/smart_pkt.c:478:9 #3 0x82c3c9 in git_smart__store_refs libgit2/src/transports/smart_protocol.c:47:12 #4 0x6373a2 in git_smart__connect libgit2/src/transports/smart.c:251:15 #5 0x57688f in git_remote_connect libgit2/src/remote.c:708:15 #6 0x52e59b in LLVMFuzzerTestOneInput /src/download_refs_fuzzer.cc:145:9 #7 0x52ef3f in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5 #8 0x52f4ee in main /src/libfuzzer/afl/afl_driver.cpp:339:12 #9 0x7f6c910db82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #10 0x41d518 in _start When parsing an "ng" packet, we keep track of both the current position as well as the remaining length of the packet itself. But instead of taking care not to exceed the length, we pass the current pointer's position to `strchr`, which will search for a certain character until hitting NUL. It is thus possible to create a crafted packet which doesn't contain a NUL byte to trigger an out-of-bounds read. Fix the issue by instead using `memchr`, passing the remaining length as restriction. Furthermore, verify that we actually have enough bytes left to produce a match at all. OSS-Fuzz-Issue: 9406
fa401a32	2018-07-19T08:20:04	Merge pull request #4704 from nelhage/no-pkt-pack Remove GIT_PKT_PACK entirely
388149f5	2018-07-15T17:25:26	No need for this placeholder.
9994cd3f	2018-06-25T11:56:52	treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.
6ae6491e	2018-07-06T22:24:16	smart: don't dereference a NULL pkt pointer By clarifying what detect_caps returns on empty/missing packet, we can be sure there are actually refs to process. The old code could blindly dereference `first`, which might have been NULL. Reported by Coverity, CID 1393614
68c7480a	2018-07-06T20:21:25	smart: clarify error handling in git_smart__connect
a73b7c2f	2018-06-29T16:54:06	This error case is now unneeded
b8408557	2018-06-29T16:53:23	Merge remote-tracking branch 'origin/master' into no-pkt-pack
af3088e4	2018-06-29T11:45:15	refspec: rename `git_refspec__free` to `git_refspec__dispose` Since commit 630a67366 (refspec: add public parsing api, 2018-02-07), we now have two functions `git_refspec_free` and `git_refspec__free`. The difference is that the first one will free the structure itself, while the second one will only free the structure's contents. Use our new `dispose` naming pattern for the latter function to help avoid confusion.
895a668e	2018-06-28T05:27:36	Small style tweak, and set an error
12232a5e	2018-06-27T17:19:37	Merge pull request #4698 from nelhage/fix-leaks Fix assorted leaks found via fuzzing
5dd34702	2018-06-26T09:56:43	Merge branch 'nelhage/smart-no-pack'
9286e413	2018-06-26T09:56:06	smart protocol: correct error message capitalization
90cf8607	2018-06-26T02:32:50	Remove GIT_PKT_PACK entirely
3a547417	2018-06-25T15:38:29	git_pkt_free: Allow freeing NULL
e6cdd17c	2018-06-25T13:57:19	Merge pull request #4695 from nelhage/git_pkt-type-confusion Fix type confusion in git_smart__connect
d58afb17	2018-06-24T22:28:37	git_smart__connect: free symrefs on error
cf335928	2018-06-24T22:22:40	git_smart__update_heads: free the old symref_target
e31c450b	2018-06-24T23:46:36	Fix another missing git_pkt_free
bf4c2c57	2018-06-24T21:56:51	wait_while_ack: use git_pkt_free git__free is insufficient if the packet is a git_pkt_ref or another type that requires freeing referenced structures.
437ee5a7	2018-06-24T19:47:08	Verify ref_pkt's are long enough If the remote sends a too-short packet, we'll allow `len` to go negative and eventually issue a malloc for <= 0 bytes on ``` pkt->head.name = git__malloc(alloclen); ```
0098d746	2018-06-24T06:51:31	Fix type confusion in git_smart__connect Nothing verifies that t->refs[0] is a GIT_PKT_REF. A remote can send another packet type, ultimately resulting in a type confusion in `git_smart__detect_caps`
3eec73ae	2018-06-24T20:54:41	PACK packets are illegal while downloading refs
ecf4f33a	2018-02-08T11:14:48	Convert usage of `git_buf_free` to new `git_buf_dispose`
836ec316	2018-04-19T01:05:05	local: fix a leaking reference when iterating over a symref Valgrind log : ==17702== 18 bytes in 1 blocks are indirectly lost in loss record 69 of 1,123 ==17702== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17702== by 0x5FDBB49: strdup (strdup.c:42) ==17702== by 0x632B3E: git__strdup (util.h:106) ==17702== by 0x632D2C: git_reference__alloc_symbolic (refs.c:64) ==17702== by 0x62E0AF: loose_lookup (refdb_fs.c:408) ==17702== by 0x62E636: refdb_fs_backend__iterator_next (refdb_fs.c:565) ==17702== by 0x62CD8E: git_refdb_iterator_next (refdb.c:147) ==17702== by 0x6347F2: git_reference_next (refs.c:838) ==17702== by 0x6345CB: git_reference_foreach (refs.c:748) ==17702== by 0x66BE62: local_download_pack (local.c:579) ==17702== by 0x5DB48F: git_fetch_download_pack (fetch.c:148) ==17702== by 0x639028: git_remote_download (remote.c:932) ==17702== by 0x63919A: git_remote_fetch (remote.c:969) ==17702== by 0x4ABEDD: test_fetchhead_nonetwork__fetch_into_repo_with_symrefs (nonetwork.c:362) ==17702== by 0x4125D9: clar_run_test (clar.c:222) ==17702== by 0x41287C: clar_run_suite (clar.c:286) ==17702== by 0x412DDE: clar_test_run (clar.c:433) ==17702== by 0x4105E1: main (main.c:24)
e5f32e81	2018-04-17T00:08:20	Merge pull request #4514 from tiennou/fix/pkt-type-enum Typedef git_pkt_type and clarify recv_pkt return type
17339cb3	2018-04-16T15:35:56	Merge pull request #4596 from pks-t/pks/ssh-disconnect transports: ssh: disconnect session before freeing it
13a77274	2018-02-26T21:33:55	smart: typo
2cf9b84c	2018-04-11T19:13:42	smart: free the pkt when we fail to store it
32586d5e	2018-04-11T19:03:57	smart: separate error handling from pkt handling
01381149	2018-02-26T21:27:10	smart: make out arguments explicit on recv_pkt
08961c9d	2017-08-22T16:29:07	smart: typedef git_pkt_type and clarify recv_pkt return type
6c55fbf3	2018-04-06T10:39:16	transports: local: fix assert when fetching into repo with symrefs When fetching into a repository which has symbolic references via the "local" transport we run into an assert. The assert is being triggered while we negotiate the packfile between the two repositories. When hiding known revisions from the packbuilder revwalk, we unconditionally hide all references of the local refdb. In case one of these references is a symbolic reference, though, this means we're trying to hide a `NULL` OID, which triggers the assert. Fix the issue by only hiding OID references from the revwalk. Add a test to catch this issue in the future.
874ce161	2018-03-27T15:03:15	transports: ssh: replace deprecated function `libssh2_session_startup` The function `libssh2_session_startup` has been deprecated since libssh2 version 1.2.8 in favor of `libssh2_session_handshake` introduced in the same version. libssh2 1.2.8 was released in April 2011, so it is already seven years old. It is available in Debian Wheezy, Ubuntu Trusty and CentOS 7.4, so the most important and conservative distros already have it available. As such, it seems safe to just use the new function.
2785cc8e	2018-03-27T14:49:21	transports: ssh: disconnect session before freeing it The function `ssh_stream_free` takes over the responsibility of closing channels and streams just before freeing their memory, but it does not do so for the session. In fact, we never disconnect the session ourselves at all, as libssh2 will not do so itself upon freeing the structure. Quoting the documentation of `libssh2_session_free`: > Frees all resources associated with a session instance. Typically > called after libssh2_session_disconnect_ex, The missing disconnect probably stems from a misunderstanding what it actually does. As we are already closing the TCP socket ourselves, the assumption was that no additional disconnect is required. But calling `libssh2_session_disconnect` will notify the server that we are cleanly closing the connection, such that the server can free his own resources. Add a call to `libssh2_session_disconnect` to fix that issue. [1]: https://www.libssh2.org/libssh2_session_free.html
6f577906	2018-03-03T20:09:09	ssh urls: use `git_buf_decode_percent` Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.
16210877	2018-02-28T12:59:47	Unescape repo before constructing ssh request
5ecb6220	2018-02-25T15:46:51	winhttp: enable TLS 1.2 on Windows 7 and earlier Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.
934e6a3b	2018-02-27T11:24:30	winhttp: include constants for TLS 1.1/1.2 support For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.
8c8db980	2018-02-27T10:32:29	mingw: update TLS option flags Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.
ee6be190	2018-01-31T08:36:19	http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
abb04caa	2018-02-01T15:55:48	consistent header guards use consistent names for the #include / #define header guard pattern.
90f81f9f	2018-01-12T12:56:57	transports: local: fix memory leak in reference walk Upon downloading the pack file, the local transport will iterate through every reference using `git_reference_foreach`. The function is a bit tricky though in that it requires the passed callback to free the references, which does not currently happen. Fix the memory leak by freeing all passed references in the callback.
7610638e	2018-01-01T17:52:06	Merge pull request #4453 from libgit2/ethomson/spnego winhttp: properly support ntlm and negotiate
8cdf439b	2017-12-30T13:07:03	Merge pull request #4028 from chescock/improve-local-fetch Transfer fewer objects on push and local fetch
526dea1c	2017-12-29T17:41:24	winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.
38eaa7ab	2017-11-24T12:28:19	winhttp: pass the same payload as ssh & http transports when checking certificates
88450c1c	2017-11-09T21:49:30	Merge pull request #4283 from tiennou/generic-tls CMake: make HTTPS support more generic
e9369856	2017-03-21T00:25:15	stream: Gather streams to src/streams
f2f14724	2017-09-21T15:51:52	transports: ssh: ask for credentials again when passphrase is wrong When trying to decode the private key it looks like LibSSH2 returns a LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.
7cb705cb	2017-10-06T12:05:26	transports: smart: fix memory leak when skipping symbolic refs When we setup the revision walk for negotiating references with a remote, we iterate over all references, ignoring tags and symbolic references. While skipping over symbolic references, we forget to free the looked up reference, resulting in a memory leak when the next iteration simply overwrites the variable. Fix that issue by freeing the reference at the beginning of each iteration and collapsing return paths for error and success.
0c7f49dd	2017-06-30T13:39:01	Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
e141f079	2017-06-10T11:46:09	smart_protocol: fix parsing of server ACK responses Fix ACK parsing in wait_while_ack() internal function. This patch handles the case where multi_ack_detailed mode sends 'ready' ACKs. The existing functionality would bail out too early, thus causing the processing of the ensuing packfile to fail if/when 'ready' ACKs were sent.
97eb5ef0	2017-06-07T10:05:54	buffer: rely on `GITERR_OOM` set by `git_buf_try_grow` The function `git_buf_try_grow` consistently calls `giterr_set_oom` whenever growing the buffer fails due to insufficient memory being available. So in fact, we do not have to do this ourselves when a call to any buffer-growing function has failed due to an OOM situation. But we still do so in two functions, which this patch cleans up.
9b1260d3	2017-05-20T14:18:32	Merge pull request #4097 from implausible/fix/auto-detect-proxy-callbacks Fix proxy auto detect not utilizing callbacks
2ce2a48f	2017-05-02T13:37:15	transports: ssh: clean up after libssh2 on exit After calling `libssh2_init`, we need to clean up after the library by executing `libssh2_exit` as soon as we exit. Register a shutdown handler to do so which simply calls `libssh2_exit`. This fixes several memory leaks.
8c027351	2017-05-02T13:35:09	transports: ssh: report failure initializing libssh2 We unconditionally return success when initializing libssh2, regardless of whether `libgssh2_init` signals success or an error. Fix this by checking its return code.
5c760960	2017-04-17T13:03:03	transport: provide a getter for the proxy options As with the callbacks, third-party implementations of smart subtransports cannot reach into the opaque struct and thus cannot know what options the user set. Add a getter for these options to copy the proxy options into something external implementors can use.
b65a5e9b	2017-03-01T07:58:40	winhttp: disambiguate error messages when sending requests
c576d4ff	2017-02-13T12:46:00	Merge pull request #4115 from gsaralms/users/gsaral/optionalOfsDelta Changes to provide option to turn off/on ofs_delta
c5f3da96	2016-11-11T14:36:43	repository: use `git_repository_item_path` The recent introduction of the commondir variable of a repository requires callers to distinguish whether their files are part of the dot-git directory or the common directory shared between multpile worktrees. In order to take the burden from callers and unify knowledge on which files reside where, the `git_repository_item_path` function has been introduced which encapsulate this knowledge. Modify most existing callers of `git_repository_path` to use `git_repository_item_path` instead, thus making them implicitly aware of the common directory.
61acc9fa	2017-02-08T16:22:44	Changes to provide option to turn off/on ofs_delta This change provides an option in git_libgit2_opt_t which can be used in git_libgit2_opts to turn off/on ofs_delta capability in libGit2
1e929eb5	2017-02-06T11:00:06	Pass proxy options payload to credentials callback
fa2dfcf9	2017-02-01T09:28:30	Fix digest credentials for proxy in windows
39e76bb3	2017-01-27T16:05:20	Do not discard proxy_options that have been set when auto is specified
1910a04a	2016-12-30T12:42:42	winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.
4e4a1460	2016-12-30T12:13:34	WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.
a6d833a2	2017-01-13T17:05:58	Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages
6850b516	2017-01-06T17:12:16	Merge branch '25_smartpktparse' into maint/v0.25
2fdef641	2016-11-15T11:44:51	smart_pkt: treat empty packet lines as error The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). We currently indicate success, but do not return a packet in the case where we hit an empty line. The smart protocol was not prepared to handle such packets in all cases, though, resulting in a `NULL` pointer dereference. Fix the issue by returning an error instead. As such kind of packets is not even specified by upstream, this is the right thing to do.
66e3774d	2016-11-15T11:36:27	smart_pkt: verify packet length exceeds PKT_LEN_SIZE Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as we directly pass the length to functions which accept a `size_t` length as parameter. Fix the issue by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.
9a64e62f	2016-12-21T21:24:33	http: check certificate validity before clobbering the error variable
909d5494	2016-12-29T12:25:15	giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
709768a8	2016-12-09T15:59:52	Don't fetch objects we don't need in local transport. Hide all local refs in the revwalk. Packbuilder should not add hidden trees or blobs.
fafafb1f	2016-12-20T16:19:30	http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.
34b32053	2016-11-25T15:02:34	Fix potential use of uninitialized values

475db39b

2018-10-06T12:58:06

ignore unsupported http authentication schemes auth_context_match returns 0 instead of -1 for unknown schemes to not fail in situations where some authentication schemes are supported and others are not. apply_credentials is adjusted to handle auth_context_match returning 0 without producing authentication context.

1bc5b05c

2018-10-03T16:17:21

smart_pkt: do not accept callers passing in no line length Right now, we simply ignore the `linelen` parameter of `git_pkt_parse_line` in case the caller passed in zero. But in fact, we never want to assume anything about the provided buffer length and always want the caller to pass in the available number of bytes. And in fact, checking all the callers, one can see that the funciton is never being called in case where the buffer length is zero, and thus we are safe to remove this check.

5fabaca8

2018-08-09T11:04:42

smart_pkt: fix buffer overflow when parsing "unpack" packets When checking whether an "unpack" packet returned the "ok" status or not, we use a call to `git__prefixcmp`. In case where the passed line isn't properly NUL terminated, though, this may overrun the line buffer. Fix this by using `git__prefixncmp` instead.

b5ba7af2

2018-08-09T11:03:37

smart_pkt: fix "ng" parser accepting non-space character When parsing "ng" packets, we blindly assume that the character immediately following the "ng" prefix is a space and skip it. As the calling function doesn't make sure that this is the case, we can thus end up blindly accepting an invalid packet line. Fix the issue by using `git__prefixncmp`, checking whether the line starts with "ng ".

c05790a8

2018-08-09T11:16:15

smart_pkt: return parsed length via out-parameter The `parse_len` function currently directly returns the parsed length of a packet line or an error code in case there was an error. Instead, convert this to our usual style of using the return value as error code only and returning the actual value via an out-parameter. Thus, we can now convert the output parameter to an unsigned type, as the size of a packet cannot ever be negative. While at it, we also move the check whether the input buffer is long enough into `parse_len` itself. We don't really want to pass around potentially non-NUL-terminated buffers to functions without also passing along the length, as this is dangerous in the unlikely case where other callers for that function get added. Note that we need to make sure though to not mess with `GIT_EBUFS` error codes, as these indicate not an error to the caller but that he needs to fetch more data.

0b3dfbf4

2018-08-09T11:13:59

smart_pkt: reorder and rename parameters of `git_pkt_parse_line` The parameters of the `git_pkt_parse_line` function are quite confusing. First, there is no real indicator what the `out` parameter is actually all about, and it's not really clear what the `bufflen` parameter refers to. Reorder and rename the parameters to make this more obvious.

a9f1ca09

2018-08-09T11:01:00

smart_pkt: fix buffer overflow when parsing "ok" packets There are two different buffer overflows present when parsing "ok" packets. First, we never verify whether the line already ends after "ok", but directly go ahead and also try to skip the expected space after "ok". Second, we then go ahead and use `strchr` to scan for the terminating newline character. But in case where the line isn't terminated correctly, this can overflow the line buffer. Fix the issues by using `git__prefixncmp` to check for the "ok " prefix and only checking for a trailing '\n' instead of using `memchr`. This also fixes the issue of us always requiring a trailing '\n'. Reported by oss-fuzz, issue 9749: Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x6310000389c0 Crash State: ok_pkt git_pkt_parse_line git_smart__store_refs Sanitizer: address (ASAN)

bc349045

2018-08-09T10:38:10

smart_pkt: fix buffer overflow when parsing "ACK" packets We are being quite lenient when parsing "ACK" packets. First, we didn't correctly verify that we're not overrunning the provided buffer length, which we fix here by using `git__prefixncmp` instead of `git__prefixcmp`. Second, we do not verify that the actual contents make any sense at all, as we simply ignore errors when parsing the ACKs OID and any unknown status strings. This may result in a parsed packet structure with invalid contents, which is being silently passed to the caller. This is being fixed by performing proper input validation and checking of return codes.

5edcf5d1

2018-08-09T10:57:06

smart_pkt: adjust style of "ref" packet parsing function While the function parsing ref packets doesn't have any immediately obvious buffer overflows, it's style is different to all the other parsing functions. Instead of checking buffer length while we go, it does a check up-front. This causes the code to seem a lot more magical than it really is due to some magic constants. Refactor the function to instead make use of the style of other packet parser and verify buffer lengths as we go.

786426ea

2018-08-09T10:46:58

smart_pkt: check whether error packets are prefixed with "ERR " In the `git_pkt_parse_line` function, we determine what kind of packet a given packet line contains by simply checking for the prefix of that line. Except for "ERR" packets, we always only check for the immediate identifier without the trailing space (e.g. we check for an "ACK" prefix, not for "ACK "). But for "ERR" packets, we do in fact include the trailing space in our check. This is not really much of a problem at all, but it is inconsistent with all the other packet types and thus causes confusion when the `err_pkt` function just immediately skips the space without checking whether it overflows the line buffer. Adjust the check in `git_pkt_parse_line` to not include the trailing space and instead move it into `err_pkt` for consistency.

40fd84cc

2018-08-09T10:46:26

smart_pkt: explicitly avoid integer overflows when parsing packets When parsing data, progress or error packets, we need to copy the contents of the rest of the current packet line into the flex-array of the parsed packet. To keep track of this array's length, we then assign the remaining length of the packet line to the structure. We do have a mismatch of types here, as the structure's `len` field is a signed integer, while the length that we are assigning has type `size_t`. On nearly all platforms, this shouldn't pose any problems at all. The line length can at most be 16^4, as the line's length is being encoded by exactly four hex digits. But on a platforms with 16 bit integers, this assignment could cause an overflow. While such platforms will probably only exist in the embedded ecosystem, we still want to avoid this potential overflow. Thus, we now simply change the structure's `len` member to be of type `size_t` to avoid any integer promotion.

4a5804c9

2018-08-09T10:36:44

smart_pkt: honor line length when determining packet type When we parse the packet type of an incoming packet line, we do not verify that we don't overflow the provided line buffer. Fix this by using `git__prefixncmp` instead and passing in `len`. As we have previously already verified that `len <= linelen`, we thus won't ever overflow the provided buffer length.

9a193102

2018-08-24T11:01:39

Merge pull request #4774 from tiennou/fix/clang-analyzer Coverity flavored clang analyzer fixes

1c949ce1

2018-08-21T02:11:32

transport/http: do not return success if we failed to get a scheme Otherwise we return a NULL context, which will get dereferenced in apply_credentials.

50dd7fea

2018-08-11T13:06:14

Fix 'invalid packet line' for ng packets containing errors

9ada072e

2018-08-06T13:31:23

Merge pull request #4758 from pks-t/pks/smart-pkt-oob-read smart_pkt: fix potential OOB-read when processing ng packet

ba55592f

2018-08-02T20:34:56

Merge pull request #4743 from Agent00Log/dev/winbugfixes Windows: default credentials / fallback credential handling

ccbffbae

2018-07-30T13:39:21

Only unitialize if the call to CoInitializeEx was successful

b00a09b0

2018-07-27T20:14:27

Merge pull request #4731 from libgit2/ethomson/wintls_fix winhttp: retry erroneously failing requests

8c21cb5c

2018-07-26T09:52:32

Fix fallback credentials: The call to CoInitializeEx fails if it was previously been set to a different mode.

c9dc30ff

2018-07-26T09:52:21

Fix default credentials: The WinHttpSetCredentials auth scheme must only be one of the supported schemes.

ca2eb460

2018-07-20T21:50:58

smart subtransport: free url when resetting stream Free the url field when resetting the stream to avoid leaking it.

dc371e3c

2018-07-20T08:20:48

winhttp: retry erroneously failing requests Early Windows TLS 1.2 implementations have an issue during key exchange with OpenSSL implementations that cause negotiation to fail with the error "the buffer supplied to a function was too small." This is a transient error on the connection, so when that error is received, retry up to 5 times to create a connection to the remote server before actually giving up.

0652abaa

2018-07-20T12:56:49

Merge pull request #4702 from tiennou/fix/coverity Assorted Coverity fixes

19bed3e2

2018-07-19T13:00:42

smart_pkt: fix potential OOB-read when processing ng packet OSS-fuzz has reported a potential out-of-bounds read when processing a "ng" smart packet: ==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310000249c0 at pc 0x000000493a92 bp 0x7ffddc882cd0 sp 0x7ffddc882480 READ of size 65529 at 0x6310000249c0 thread T0 SCARINESS: 26 (multi-byte-read-heap-buffer-overflow) #0 0x493a91 in __interceptor_strchr.part.35 /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:673 #1 0x813960 in ng_pkt libgit2/src/transports/smart_pkt.c:320:14 #2 0x810f79 in git_pkt_parse_line libgit2/src/transports/smart_pkt.c:478:9 #3 0x82c3c9 in git_smart__store_refs libgit2/src/transports/smart_protocol.c:47:12 #4 0x6373a2 in git_smart__connect libgit2/src/transports/smart.c:251:15 #5 0x57688f in git_remote_connect libgit2/src/remote.c:708:15 #6 0x52e59b in LLVMFuzzerTestOneInput /src/download_refs_fuzzer.cc:145:9 #7 0x52ef3f in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5 #8 0x52f4ee in main /src/libfuzzer/afl/afl_driver.cpp:339:12 #9 0x7f6c910db82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #10 0x41d518 in _start When parsing an "ng" packet, we keep track of both the current position as well as the remaining length of the packet itself. But instead of taking care not to exceed the length, we pass the current pointer's position to `strchr`, which will search for a certain character until hitting NUL. It is thus possible to create a crafted packet which doesn't contain a NUL byte to trigger an out-of-bounds read. Fix the issue by instead using `memchr`, passing the remaining length as restriction. Furthermore, verify that we actually have enough bytes left to produce a match at all. OSS-Fuzz-Issue: 9406

fa401a32

2018-07-19T08:20:04

Merge pull request #4704 from nelhage/no-pkt-pack Remove GIT_PKT_PACK entirely

388149f5

2018-07-15T17:25:26

No need for this placeholder.

9994cd3f

2018-06-25T11:56:52

treewide: remove use of C++ style comments C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.

6ae6491e

2018-07-06T22:24:16

smart: don't dereference a NULL pkt pointer By clarifying what detect_caps returns on empty/missing packet, we can be sure there are actually refs to process. The old code could blindly dereference `first`, which might have been NULL. Reported by Coverity, CID 1393614

68c7480a

2018-07-06T20:21:25

smart: clarify error handling in git_smart__connect

a73b7c2f

2018-06-29T16:54:06

This error case is now unneeded

b8408557

2018-06-29T16:53:23

Merge remote-tracking branch 'origin/master' into no-pkt-pack

af3088e4

2018-06-29T11:45:15

refspec: rename `git_refspec__free` to `git_refspec__dispose` Since commit 630a67366 (refspec: add public parsing api, 2018-02-07), we now have two functions `git_refspec_free` and `git_refspec__free`. The difference is that the first one will free the structure itself, while the second one will only free the structure's contents. Use our new `dispose` naming pattern for the latter function to help avoid confusion.

895a668e

2018-06-28T05:27:36

Small style tweak, and set an error

12232a5e

2018-06-27T17:19:37

Merge pull request #4698 from nelhage/fix-leaks Fix assorted leaks found via fuzzing

5dd34702

2018-06-26T09:56:43

Merge branch 'nelhage/smart-no-pack'

9286e413

2018-06-26T09:56:06

smart protocol: correct error message capitalization

90cf8607

2018-06-26T02:32:50

Remove GIT_PKT_PACK entirely

3a547417

2018-06-25T15:38:29

git_pkt_free: Allow freeing NULL

e6cdd17c

2018-06-25T13:57:19

Merge pull request #4695 from nelhage/git_pkt-type-confusion Fix type confusion in git_smart__connect

d58afb17

2018-06-24T22:28:37

git_smart__connect: free symrefs on error

cf335928

2018-06-24T22:22:40

git_smart__update_heads: free the old symref_target

e31c450b

2018-06-24T23:46:36

Fix another missing git_pkt_free

bf4c2c57

2018-06-24T21:56:51

wait_while_ack: use git_pkt_free git__free is insufficient if the packet is a git_pkt_ref or another type that requires freeing referenced structures.

437ee5a7

2018-06-24T19:47:08

Verify ref_pkt's are long enough If the remote sends a too-short packet, we'll allow `len` to go negative and eventually issue a malloc for <= 0 bytes on ``` pkt->head.name = git__malloc(alloclen); ```

0098d746

2018-06-24T06:51:31

Fix type confusion in git_smart__connect Nothing verifies that t->refs[0] is a GIT_PKT_REF. A remote can send another packet type, ultimately resulting in a type confusion in `git_smart__detect_caps`

3eec73ae

2018-06-24T20:54:41

PACK packets are illegal while downloading refs

ecf4f33a

2018-02-08T11:14:48

Convert usage of `git_buf_free` to new `git_buf_dispose`

836ec316

2018-04-19T01:05:05

local: fix a leaking reference when iterating over a symref Valgrind log : ==17702== 18 bytes in 1 blocks are indirectly lost in loss record 69 of 1,123 ==17702== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17702== by 0x5FDBB49: strdup (strdup.c:42) ==17702== by 0x632B3E: git__strdup (util.h:106) ==17702== by 0x632D2C: git_reference__alloc_symbolic (refs.c:64) ==17702== by 0x62E0AF: loose_lookup (refdb_fs.c:408) ==17702== by 0x62E636: refdb_fs_backend__iterator_next (refdb_fs.c:565) ==17702== by 0x62CD8E: git_refdb_iterator_next (refdb.c:147) ==17702== by 0x6347F2: git_reference_next (refs.c:838) ==17702== by 0x6345CB: git_reference_foreach (refs.c:748) ==17702== by 0x66BE62: local_download_pack (local.c:579) ==17702== by 0x5DB48F: git_fetch_download_pack (fetch.c:148) ==17702== by 0x639028: git_remote_download (remote.c:932) ==17702== by 0x63919A: git_remote_fetch (remote.c:969) ==17702== by 0x4ABEDD: test_fetchhead_nonetwork__fetch_into_repo_with_symrefs (nonetwork.c:362) ==17702== by 0x4125D9: clar_run_test (clar.c:222) ==17702== by 0x41287C: clar_run_suite (clar.c:286) ==17702== by 0x412DDE: clar_test_run (clar.c:433) ==17702== by 0x4105E1: main (main.c:24)

e5f32e81

2018-04-17T00:08:20

Merge pull request #4514 from tiennou/fix/pkt-type-enum Typedef git_pkt_type and clarify recv_pkt return type

17339cb3

2018-04-16T15:35:56

Merge pull request #4596 from pks-t/pks/ssh-disconnect transports: ssh: disconnect session before freeing it

13a77274

2018-02-26T21:33:55

smart: typo

2cf9b84c

2018-04-11T19:13:42

smart: free the pkt when we fail to store it

32586d5e

2018-04-11T19:03:57

smart: separate error handling from pkt handling

01381149

2018-02-26T21:27:10

smart: make out arguments explicit on recv_pkt

08961c9d

2017-08-22T16:29:07

smart: typedef git_pkt_type and clarify recv_pkt return type

6c55fbf3

2018-04-06T10:39:16

transports: local: fix assert when fetching into repo with symrefs When fetching into a repository which has symbolic references via the "local" transport we run into an assert. The assert is being triggered while we negotiate the packfile between the two repositories. When hiding known revisions from the packbuilder revwalk, we unconditionally hide all references of the local refdb. In case one of these references is a symbolic reference, though, this means we're trying to hide a `NULL` OID, which triggers the assert. Fix the issue by only hiding OID references from the revwalk. Add a test to catch this issue in the future.

874ce161

2018-03-27T15:03:15

transports: ssh: replace deprecated function `libssh2_session_startup` The function `libssh2_session_startup` has been deprecated since libssh2 version 1.2.8 in favor of `libssh2_session_handshake` introduced in the same version. libssh2 1.2.8 was released in April 2011, so it is already seven years old. It is available in Debian Wheezy, Ubuntu Trusty and CentOS 7.4, so the most important and conservative distros already have it available. As such, it seems safe to just use the new function.

2785cc8e

2018-03-27T14:49:21

transports: ssh: disconnect session before freeing it The function `ssh_stream_free` takes over the responsibility of closing channels and streams just before freeing their memory, but it does not do so for the session. In fact, we never disconnect the session ourselves at all, as libssh2 will not do so itself upon freeing the structure. Quoting the documentation of `libssh2_session_free`: > Frees all resources associated with a session instance. Typically > called after libssh2_session_disconnect_ex, The missing disconnect probably stems from a misunderstanding what it actually does. As we are already closing the TCP socket ourselves, the assumption was that no additional disconnect is required. But calling `libssh2_session_disconnect` will notify the server that we are cleanly closing the connection, such that the server can free his own resources. Add a call to `libssh2_session_disconnect` to fix that issue. [1]: https://www.libssh2.org/libssh2_session_free.html

6f577906

2018-03-03T20:09:09

ssh urls: use `git_buf_decode_percent` Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.

16210877

2018-02-28T12:59:47

Unescape repo before constructing ssh request

5ecb6220

2018-02-25T15:46:51

winhttp: enable TLS 1.2 on Windows 7 and earlier Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.

934e6a3b

2018-02-27T11:24:30

winhttp: include constants for TLS 1.1/1.2 support For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.

8c8db980

2018-02-27T10:32:29

mingw: update TLS option flags Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.

ee6be190

2018-01-31T08:36:19

http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>

abb04caa

2018-02-01T15:55:48

consistent header guards use consistent names for the #include / #define header guard pattern.

90f81f9f

2018-01-12T12:56:57

transports: local: fix memory leak in reference walk Upon downloading the pack file, the local transport will iterate through every reference using `git_reference_foreach`. The function is a bit tricky though in that it requires the passed callback to free the references, which does not currently happen. Fix the memory leak by freeing all passed references in the callback.

7610638e

2018-01-01T17:52:06

Merge pull request #4453 from libgit2/ethomson/spnego winhttp: properly support ntlm and negotiate

8cdf439b

2017-12-30T13:07:03

Merge pull request #4028 from chescock/improve-local-fetch Transfer fewer objects on push and local fetch

526dea1c

2017-12-29T17:41:24

winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.

38eaa7ab

2017-11-24T12:28:19

winhttp: pass the same payload as ssh & http transports when checking certificates

88450c1c

2017-11-09T21:49:30

Merge pull request #4283 from tiennou/generic-tls CMake: make HTTPS support more generic

e9369856

2017-03-21T00:25:15

stream: Gather streams to src/streams

f2f14724

2017-09-21T15:51:52

transports: ssh: ask for credentials again when passphrase is wrong When trying to decode the private key it looks like LibSSH2 returns a LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.

7cb705cb

2017-10-06T12:05:26

transports: smart: fix memory leak when skipping symbolic refs When we setup the revision walk for negotiating references with a remote, we iterate over all references, ignoring tags and symbolic references. While skipping over symbolic references, we forget to free the looked up reference, resulting in a memory leak when the next iteration simply overwrites the variable. Fix that issue by freeing the reference at the beginning of each iteration and collapsing return paths for error and success.

0c7f49dd

2017-06-30T13:39:01

Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.

e141f079

2017-06-10T11:46:09

smart_protocol: fix parsing of server ACK responses Fix ACK parsing in wait_while_ack() internal function. This patch handles the case where multi_ack_detailed mode sends 'ready' ACKs. The existing functionality would bail out too early, thus causing the processing of the ensuing packfile to fail if/when 'ready' ACKs were sent.

97eb5ef0

2017-06-07T10:05:54

buffer: rely on `GITERR_OOM` set by `git_buf_try_grow` The function `git_buf_try_grow` consistently calls `giterr_set_oom` whenever growing the buffer fails due to insufficient memory being available. So in fact, we do not have to do this ourselves when a call to any buffer-growing function has failed due to an OOM situation. But we still do so in two functions, which this patch cleans up.

9b1260d3

2017-05-20T14:18:32

Merge pull request #4097 from implausible/fix/auto-detect-proxy-callbacks Fix proxy auto detect not utilizing callbacks

2ce2a48f

2017-05-02T13:37:15

transports: ssh: clean up after libssh2 on exit After calling `libssh2_init`, we need to clean up after the library by executing `libssh2_exit` as soon as we exit. Register a shutdown handler to do so which simply calls `libssh2_exit`. This fixes several memory leaks.

8c027351

2017-05-02T13:35:09

transports: ssh: report failure initializing libssh2 We unconditionally return success when initializing libssh2, regardless of whether `libgssh2_init` signals success or an error. Fix this by checking its return code.

5c760960

2017-04-17T13:03:03

transport: provide a getter for the proxy options As with the callbacks, third-party implementations of smart subtransports cannot reach into the opaque struct and thus cannot know what options the user set. Add a getter for these options to copy the proxy options into something external implementors can use.

b65a5e9b

2017-03-01T07:58:40

winhttp: disambiguate error messages when sending requests

c576d4ff

2017-02-13T12:46:00

Merge pull request #4115 from gsaralms/users/gsaral/optionalOfsDelta Changes to provide option to turn off/on ofs_delta

c5f3da96

2016-11-11T14:36:43

repository: use `git_repository_item_path` The recent introduction of the commondir variable of a repository requires callers to distinguish whether their files are part of the dot-git directory or the common directory shared between multpile worktrees. In order to take the burden from callers and unify knowledge on which files reside where, the `git_repository_item_path` function has been introduced which encapsulate this knowledge. Modify most existing callers of `git_repository_path` to use `git_repository_item_path` instead, thus making them implicitly aware of the common directory.

61acc9fa

2017-02-08T16:22:44

Changes to provide option to turn off/on ofs_delta This change provides an option in git_libgit2_opt_t which can be used in git_libgit2_opts to turn off/on ofs_delta capability in libGit2

1e929eb5

2017-02-06T11:00:06

Pass proxy options payload to credentials callback

fa2dfcf9

2017-02-01T09:28:30

Fix digest credentials for proxy in windows

39e76bb3

2017-01-27T16:05:20

Do not discard proxy_options that have been set when auto is specified

1910a04a

2016-12-30T12:42:42

winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.

4e4a1460

2016-12-30T12:13:34

WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.

a6d833a2

2017-01-13T17:05:58

Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages

6850b516

2017-01-06T17:12:16

Merge branch '25_smartpktparse' into maint/v0.25

2fdef641

2016-11-15T11:44:51

smart_pkt: treat empty packet lines as error The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). We currently indicate success, but do not return a packet in the case where we hit an empty line. The smart protocol was not prepared to handle such packets in all cases, though, resulting in a `NULL` pointer dereference. Fix the issue by returning an error instead. As such kind of packets is not even specified by upstream, this is the right thing to do.

66e3774d

2016-11-15T11:36:27

smart_pkt: verify packet length exceeds PKT_LEN_SIZE Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as we directly pass the length to functions which accept a `size_t` length as parameter. Fix the issue by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.

9a64e62f

2016-12-21T21:24:33

http: check certificate validity before clobbering the error variable

909d5494

2016-12-29T12:25:15

giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one

709768a8

2016-12-09T15:59:52

Don't fetch objects we don't need in local transport. Hide all local refs in the revwalk. Packbuilder should not add hidden trees or blobs.

fafafb1f

2016-12-20T16:19:30

http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.

34b32053

2016-11-25T15:02:34

Fix potential use of uninitialized values

thodg/libgit2/src/transports

src/transports

Log