|
f650153a
|
2018-05-24T19:05:59
|
|
submodule: replace index with strchr which exists on Windows
|
|
a3df20cf
|
2018-05-24T19:00:13
|
|
submodule: the repostiory for _name_is_valid should not be const
We might modify caches due to us trying to load the configuration to figure out
what kinds of filesystem protections we should have.
|
|
be20626a
|
2018-05-22T20:37:23
|
|
checkout: change symlinked .gitmodules file test to expect failure
When dealing with `core.proectNTFS` and `core.protectHFS` we do check
against `.gitmodules` but we still have a failing test as the non-filesystem
codepath does not check for it.
|
|
aa003557
|
2018-05-22T16:13:47
|
|
path: reject .gitmodules as a symlink
Any part of the library which asks the question can pass in the mode to have it
checked against `.gitmodules` being a symlink.
This is particularly relevant for adding entries to the index from the worktree
and for checking out files.
|
|
a9e60994
|
2018-05-23T08:40:17
|
|
path: check for a symlinked .gitmodules in fs-agnostic code
We still compare case-insensitively to protect more thoroughly as we don't know
what specifics we'll see on the system and it's the behaviour from git.
|
|
08d4b459
|
2018-05-22T15:48:38
|
|
index: stat before creating the entry
This is so we have it available for the path validity checking. In a later
commit we will start rejecting `.gitmodules` files as symlinks.
|
|
ed357be1
|
2018-05-22T14:16:45
|
|
checkout: add a failing test for refusing a symlinked .gitmodules
We want to reject these as they cause compatibility issues and can lead to git
writing to files outside of the repository.
|
|
e6c757a7
|
2018-04-30T13:47:15
|
|
submodule: ignore submodules which include path traversal in their name
If the we decide that the "name" of the submodule (i.e. its path inside
`.git/modules/`) is trying to escape that directory or otherwise trick us, we
ignore the configuration for that submodule.
This leaves us with a half-configured submodule when looking it up by path, but
it's the same result as if the configuration really were missing.
The name check is potentially more strict than it needs to be, but it lets us
re-use the check we're doing for the checkout. The function that encapsulates
this logic is ready to be exported but we don't want to do that in a security
release so it remains internal for now.
|
|
6442f1f1
|
2018-04-30T13:03:44
|
|
submodule: add a failing test for a submodule escaping .git/modules
We should pretend such submdules do not exist as it can lead to RCE.
|
|
d7ee21ee
|
2018-05-22T13:58:24
|
|
path: expose dotgit detection functions per filesystem
These will be used by the checkout code to detect them for the particular
filesystem they're on.
|
|
f907a6f5
|
2018-05-18T15:16:53
|
|
path: hide the dotgit file functions
These can't go into the public API yet as we don't want to introduce API or ABI
changes in a security release.
|
|
0cc14627
|
2018-05-16T15:56:04
|
|
path: add functions to detect .gitconfig and .gitattributes
|
|
26b3cec0
|
2018-05-16T15:42:08
|
|
path: add a function to detect an .gitmodules file
Given a path component it knows what to pass to the filesystem-specific
functions so we're protected even from trees which try to use the 8.3 naming
rules to get around us matching on the filename exactly.
The logic and test strings come from the equivalent git change.
|
|
dd364dde
|
2018-05-16T14:47:04
|
|
path: provide a generic function for checking dogit files on NTFS
It checks against the 8.3 shortname variants, including the one which includes
the checksum as part of its name.
|
|
c7cac088
|
2018-05-22T15:21:08
|
|
path: accept the name length as a parameter
We may take in names from the middle of a string so we want the caller to let us
know how long the path component is that we should be checking.
|
|
37dc60b6
|
2018-05-16T11:56:04
|
|
path: provide a generic dogit checking function for HFS
This lets us check for other kinds of reserved files.
|
|
916af8ea
|
2018-05-14T16:03:15
|
|
submodule: also validate Windows-separated paths for validity
Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to
protect Windows users.
Ideally we would check for both separators without the need for the copied
string, but this'll get us over the RCE.
|
|
6311e886
|
2018-03-23T07:38:34
|
|
Merge pull request #4594 from pks-t/pks/mempack-assert
odb: fix writing to fake write streams
|
|
a52b4c51
|
2018-03-23T09:59:46
|
|
odb: fix writing to fake write streams
In commit 7ec7aa4a7 (odb: assert on logic errors when writing objects,
2018-02-01), the check for whether we are trying to overflowing the fake
stream buffer was changed from returning an error to raising an assert.
The conversion forgot though that the logic around `assert`s are
basically inverted. Previously, if the statement
stream->written + len > steram->size
evaluated to true, we would return a `-1`. Now we are asserting that
this statement is true, and in case it is not we will raise an error. So
the conversion to the `assert` in fact changed the behaviour to the
complete opposite intention.
Fix the assert by inverting its condition again and add a regression
test.
|
|
904307af
|
2018-03-23T09:58:57
|
|
tests: add tests for the mempack ODB backend
Our mempack ODB backend has no test coverage at all right now. Add a
simple test suite to at least have some coverage of the most basic
operations on the ODB.
|
|
72e60347
|
2018-03-20T23:16:36
|
|
Merge pull request #4588 from libgit2/ethomson/bitbucket
online tests: update auth for bitbucket test
|
|
54bf4d14
|
2018-03-20T07:47:27
|
|
online tests: update auth for bitbucket test
Update the settings to use a specific read-only token for accessing our
test repositories in Bitbucket.
|
|
5585e358
|
2018-03-20T00:59:21
|
|
Merge pull request #4563 from libgit2/ethomson/ssh-unescape
Refactor `gitno_extract_url_parts`
|
|
8a2cdbd3
|
2018-02-28T12:58:58
|
|
Rename unescape and make non-static
|
|
9108959a
|
2018-03-14T15:03:35
|
|
buf: add tests for percent decoding
|
|
0e4f3d9d
|
2018-03-03T21:47:22
|
|
gitno_extract_url_parts: decode hostnames
RFC 3986 says that hostnames can be percent encoded. Percent decode
hostnames in our URLs.
|
|
05551ca0
|
2018-03-03T20:14:54
|
|
Remove now unnecessary `gitno_unescape`
|
|
60e7848e
|
2018-03-03T20:13:30
|
|
gitno_extract_url_parts: use `git_buf`s
Now that we can decode percent-encoded strings as part of `git_buf`s,
use that decoder in `gitno_extract_url_parts`.
|
|
6f577906
|
2018-03-03T20:09:09
|
|
ssh urls: use `git_buf_decode_percent`
Use `git_buf_decode_percent` so that we can avoid allocating a temporary
buffer.
|
|
8070a357
|
2018-03-03T18:47:35
|
|
Introduce `git_buf_decode_percent`
Introduce a function to take a percent-encoded string (URI encoded,
described by RFC 1738) and decode it into a `git_buf`.
|
|
30333e82
|
2018-02-28T13:00:04
|
|
Update tests
|
|
16210877
|
2018-02-28T12:59:47
|
|
Unescape repo before constructing ssh request
|
|
31985775
|
2018-03-19T23:07:44
|
|
Merge pull request #4584 from libgit2/ethomson/bitbucket
online::clone: skip creds fallback test
|
|
03c58778
|
2018-03-19T09:20:35
|
|
online::clone: skip creds fallback test
At present, we have three online tests against bitbucket: one which
specifies the credentials in the payload, one which specifies the
correct credentials in the URL and a final one that specifies the
incorrect credentials in the URL. Bitbucket has begun responding to the
latter test with a 403, which causes us to fail.
Break these three tests into separate tests so that we can skip the
latter until this is resolved on Bitbucket's end or until we can change
the test to a different provider.
|
|
937e7e26
|
2018-03-13T13:04:38
|
|
Merge pull request #4544 from josharian/docs
pathspec: improve git_pathspec_flag_t doc rendering
|
|
7b66bfe2
|
2018-03-12T10:09:49
|
|
Merge pull request #4575 from pks-t/pks/index-secfixes-master
Index parsing fixes
|
|
358cc2e2
|
2018-03-12T09:50:00
|
|
Merge pull request #4396 from libgit2/cmn/config-regex-is-normalised
config: specify how we match the regular expressions
|
|
2f89bd90
|
2018-03-11T12:36:13
|
|
config: explicitly state that subsections are case-sensitive
|
|
3db1af1f
|
2018-03-08T12:36:46
|
|
index: error out on unreasonable prefix-compressed path lengths
When computing the complete path length from the encoded
prefix-compressed path, we end up just allocating the complete path
without ever checking what the encoded path length actually is. This can
easily lead to a denial of service by just encoding an unreasonable long
path name inside of the index. Git already enforces a maximum path
length of 4096 bytes. As we also have that enforcement ready in some
places, just make sure that the resulting path is smaller than
GIT_PATH_MAX.
Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
|
|
3207ddb0
|
2018-03-08T12:00:27
|
|
index: fix out-of-bounds read with invalid index entry prefix length
The index format in version 4 has prefix-compressed entries, where every
index entry can compress its path by using a path prefix of the previous
entry. Since implmenting support for this index format version in commit
5625d86b9 (index: support index v4, 2016-05-17), though, we do not
correctly verify that the prefix length that we want to reuse is
actually smaller or equal to the amount of characters than the length of
the previous index entry's path. This can lead to a an integer underflow
and subsequently to an out-of-bounds read.
Fix this by verifying that the prefix is actually smaller than the
previous entry's path length.
Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
|
|
58a6fe94
|
2018-03-08T11:49:19
|
|
index: convert `read_entry` to return entry size via an out-param
The function `read_entry` does not conform to our usual coding style of
returning stuff via the out parameter and to use the return value for
reporting errors. Due to most of our code conforming to that pattern, it
has become quite natural for us to actually return `-1` in case there is
any error, which has also slipped in with commit 5625d86b9 (index:
support index v4, 2016-05-17). As the function returns an `size_t` only,
though, the return value is wrapped around, causing the caller of
`read_tree` to continue with an invalid index entry. Ultimately, this
can lead to a double-free.
Improve code and fix the bug by converting the function to return the
index entry size via an out parameter and only using the return value to
indicate errors.
Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
|
|
d11c4a1a
|
2018-03-08T13:13:04
|
|
Merge pull request #4571 from jacquesg/overflow
Integer overflow
|
|
e666495b
|
2018-03-08T08:31:49
|
|
cmake: enable shift count overflow warning
|
|
5f6383ca
|
2018-03-08T08:17:29
|
|
diff: ensure an unsigned number is shifted
|
|
515683c7
|
2018-03-07T12:39:28
|
|
Merge pull request #4567 from pks-t/pks/zlib-update
deps: upgrade embedded zlib to version 1.2.11
|
|
4c5330cb
|
2018-03-07T10:33:41
|
|
deps: upgrade embedded zlib to version 1.2.11
The current version of zlib bundled with libgit2 is version 1.2.8. This
version has several CVEs assigned:
- CVE-2016-9843
- CVE-2016-9841
- CVE-2016-9842
- CVE-2016-9840
Upgrade the bundled version to the current release 1.2.11, which has
these vulnerabilities fixes.
|
|
2d2a6025
|
2018-03-04T12:17:17
|
|
Merge pull request #4541 from libgit2/cmn/odb-streaming-read-changelog
CHANGELOG: mention the change to `git_odb_open_rstream`
|
|
adf7d094
|
2018-03-04T12:17:06
|
|
Merge pull request #4559 from jacquesg/worktree-const
Worktree lock reason should be const
|
|
53e692af
|
2018-03-02T12:49:54
|
|
worktree: rename parameter creason to reason
|
|
12356076
|
2018-03-02T12:41:04
|
|
worktree: lock reason should be const
|
|
8353e4b5
|
2018-02-22T09:20:31
|
|
CHANGELOG: mention the change to `git_odb_open_rstream`
|
|
8a8ea1db
|
2018-02-28T18:14:52
|
|
Merge pull request #4552 from libgit2/cmn/config-header-common
Cast less blindly between configuration objects
|
|
e8e490b2
|
2018-02-28T17:01:47
|
|
Merge pull request #4554 from pks-t/pks/curl-init
curl: initialize and cleanup global curl state
|
|
9cd0c6f1
|
2018-02-28T16:01:16
|
|
config: return an error if config_refresh is called on a snapshot
Instead of treating it as a no-op, treat it as a programming error and return
the same kind of error as if you called to set or delete variables on a
snapshot.
|
|
17bef3b8
|
2018-02-28T15:01:43
|
|
Merge pull request #4553 from libgit2/cmn/tree-write-initialise
tree: initialize the id we use for testing submodule insertions
|
|
fb884c62
|
2018-02-28T14:59:09
|
|
Merge pull request #4555 from libgit2/ethomson/strncmp_stdcall
win32: strncmp -> git__strncmp for win32 STDCALL
|
|
2022b004
|
2018-02-28T12:06:59
|
|
curl: explicitly initialize and cleanup global curl state
Our curl-based streams make use of the easy curl interface. This
interface automatically initializes and de-initializes the global curl
state by calling out to `curl_global_init` and `curl_global_cleanup`.
Thus, all global state will be repeatedly re-initialized when creating
multiple curl streams in succession. Despite being inefficient, this is
not thread-safe due to `curl_global_init` being not thread-safe itself.
Thus a multi-threaded programing handling multiple curl streams at the
same time is inherently racy.
Fix the issue by globally initializing and cleaning up curl's state.
|
|
a33deeb4
|
2018-02-28T12:20:23
|
|
win32: strncmp -> git__strncmp
The win32 C library is compiled cdecl, however when configured with
`STDCALL=ON`, our functions (and function pointers) will use the stdcall
calling convention. You cannot set a `__stdcall` function pointer to a
`__cdecl` function, so it's easier to just use our `git__strncmp`
instead of sorting that mess out.
|
|
a554d588
|
2018-02-28T12:21:08
|
|
tree: initialize the id we use for testing submodule insertions
Instead of laving it uninitialized and relying on luck for it to be non-zero,
let's give it a dummy hash so we make valgrind happy (in this case the hash
comes from `sha1sum </dev/null`.
|
|
2424e64c
|
2018-02-28T12:06:02
|
|
config: harden our use of the backend objects a bit
When we create an iterator we don't actually know that we have a live config
object and we must instead only rely on the header. We fixed it to use this in a
previous commit, but this makes it harder to misuse by converting to use the
header object in the typecast.
We also guard inside the `config_refresh` function against being given a
snapshot (although callers right now do check).
|
|
1785de4e
|
2018-02-28T11:46:17
|
|
config: move the level field into the header
We use it in a few places where we might have a full object or a snapshot so
move it to where we can actually access it.
|
|
c1524b2e
|
2018-02-28T11:33:11
|
|
config: move the repository to the diskfile header
We pass this around and when creating a new iterator we need to read the
repository pointer.
Put it in a common place so we can reach it regardless of whether we got a full
object or a snapshot.
|
|
c9d59c61
|
2018-02-27T12:45:21
|
|
Merge pull request #4545 from libgit2/ethomson/checkout_filemode
Respect core.filemode in checkout
|
|
b4dde78a
|
2018-02-27T12:43:47
|
|
Merge pull request #4550 from libgit2/ethomson/winhttp
winhttp: enable TLS 1.2
|
|
5ecb6220
|
2018-02-25T15:46:51
|
|
winhttp: enable TLS 1.2 on Windows 7 and earlier
Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default,
though support may exist. Try to enable TLS 1.2 support explicitly on
connections.
This request may fail if the operating system does not have TLS 1.2
support - the initial release of Vista lacks TLS 1.2 support (though
it is available as a software update) and XP completely lacks TLS 1.2
support. If this request does fail, the HTTP context is still valid,
and still maintains the original protocol support. So we ignore the
failure from this operation.
|
|
934e6a3b
|
2018-02-27T11:24:30
|
|
winhttp: include constants for TLS 1.1/1.2 support
For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1`
and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.
|
|
8c8db980
|
2018-02-27T10:32:29
|
|
mingw: update TLS option flags
Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and
`WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw.
This updates both the `deps/winhttp` framework (for classic mingw) and
adds the defines for mingw64, which does not use that framework.
|
|
7d906370
|
2018-02-25T23:08:14
|
|
Merge pull request #4549 from libgit2/ethomson/travis_libssh
travis: use custom libssh2-1-dev package
|
|
ca22cb5e
|
2018-02-25T22:43:12
|
|
travis: use custom libssh2-1-dev package
To avoid pull requests needing to rebase, keep the libssh2-1-dev
package as the development package for libssh2. Reverting to the
original Debian package structure.
|
|
5a69b120
|
2018-02-25T19:58:19
|
|
Merge pull request #4548 from libgit2/ethomson/travis_libssh
travis: use custom libssh2 package
|
|
c5eb8b4a
|
2018-02-25T14:08:51
|
|
travis: use custom libssh2 package
Use the custom libssh2 package that is a backport of libssh2 1.8.0 to
Ubuntu trusty.
|
|
c214ba19
|
2018-02-20T00:35:27
|
|
checkout: respect core.filemode when comparing filemodes
Fixes #4504
|
|
275693e2
|
2018-02-20T12:45:40
|
|
checkout test: ensure workdir mode is simplified
Ensure that when examining the working directory for checkout that the
mode is correctly simplified. Git only pays attention to whether a file
is executable or not. When examining a working directory, we should
coalesce modes in the working directory to either `0755` (indicating
that a file is executable) or `0644` (indicating that it is not).
Test this by giving the file an exotic mode, and ensuring that when
checkout out a branch that changes the file's contents, that we do not
have a checkout conflict.
|
|
ec96db57
|
2018-02-20T00:32:38
|
|
checkout test: add core.filemode checkout tests
Add two tests for filemode.
The first ensures that `core.filemode=true` is honored: if we have
changed the filemode such that a file that _was_ executable (mode 0755)
is now executable (mode 0644) and we go to check out a branch that has
otherwise changed the contents of the file, then we should raise a
checkout conflict for that file.
The second ensures that `core.filemode=false` is honored: in the same
situation, we set a file that was executable to be non-executable, and
check out the branch that changes the contents of the file. However,
since `core.filemode` is false, we do not detect the filemode change.
We run these tests on both operating systems that obey `core.filemode`
(eg, POSIX) and those that have no conception of filemode (eg, Win32).
This ensures that `core.filemode` is always honored, as it is a cache of
the underlying filesystem's settings. This ensures that we do not
make assumptions based on the operating system, and honor the
configuration setting even if it were misconfigured.
|
|
18d9c847
|
2018-02-20T00:32:38
|
|
testrepo: add new branch
Add a new branch to the `testrepo` repository, where the `README` file
has changed to executable. This branch enables typechange tests between
the new `executable` branch and `master`.
|
|
b72717b0
|
2018-02-23T08:19:49
|
|
pathspec: improve git_pathspec_flag_t doc rendering
By placing docs per enum value rather than in a large block,
the automated doc generation tool can make nicer docs,
as could other automated tools, such as
the mooted https://github.com/libgit2/git2go/issues/427.
The current rendering is somewhat ugly:
https://libgit2.github.com/libgit2/#HEAD/type/git_pathspec_flag_t
No textual changes, just reorganization.
|
|
809b0ca6
|
2018-02-20T22:06:53
|
|
Merge pull request #4533 from pks-t/pks/v0.27.0-rc1
v0.27.0-rc1: version bump
|
|
23d4a91b
|
2018-02-16T08:38:44
|
|
Update version number to v0.27
|
|
0f239682
|
2018-02-20T16:49:13
|
|
CHANGELOG: third batch of updates to the changelog for v0.27.0
|
|
ad006d87
|
2018-02-15T11:13:14
|
|
docs: document increasing the version number for releases
|
|
894ccf4b
|
2018-02-20T16:14:54
|
|
Merge pull request #4535 from libgit2/ethomson/checkout_typechange_with_index_and_wd
checkout: when examining index (instead of workdir), also examine mode
|
|
afc5124b
|
2018-02-20T14:35:17
|
|
Merge pull request #4539 from pks-t/pks/diff_renames_with_rewrites
diff_tform: fix rename detection with rewrite/delete pair
|
|
4e4771dc
|
2018-02-19T22:10:44
|
|
checkout test: further ensure workdir perms are updated
When both the index _and_ the working directory has changed
permissions on a file permissions on a file - but only the permissions,
such that the contents of the file are identical - ensure that
`git_checkout` updates the permissions to match the checkout target.
|
|
8858a684
|
2018-02-19T22:09:27
|
|
checkout test: ensure workdir perms are updated
When the working directory has changed permissions on a file - but only
the permissions, such that the contents of the file are identical -
ensure that `git_checkout` updates the permissions to match the checkout
target.
|
|
ce7080a0
|
2018-02-20T10:38:27
|
|
diff_tform: fix rename detection with rewrite/delete pair
A rewritten file can either be classified as a modification of its
contents or of a delete of the complete file followed by an addition of
the new content. This distinction becomes important when we want to
detect renames for rewrites. Given a scenario where a file "a" has been
deleted and another file "b" has been renamed to "a", this should be
detected as a deletion of "a" followed by a rename of "a" -> "b". Thus,
splitting of the original rewrite into a delete/add pair is important
here.
This splitting is represented by a flag we can set at the current delta.
While the flag is already being set in case we want to break rewrites,
we do not do so in case where the `GIT_DIFF_FIND_RENAMES_FROM_REWRITES`
flag is set. This can trigger an assert when we try to match the source
and target deltas.
Fix the issue by setting the `GIT_DIFF_FLAG__TO_SPLIT` flag at the delta
when it is a rename target and `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` is
set.
|
|
80e77b87
|
2018-02-20T10:03:48
|
|
tests: add rename-rewrite scenarios to "renames" repository
Add two more scenarios to the "renames" repository. The first scenario
has a major rewrite of a file and a delete of another file, the second
scenario has a deletion of a file and rename of another file to the
deleted file. Both scenarios will be used in the following commit.
|
|
d91da1da
|
2018-02-20T09:54:58
|
|
tests: diff::rename: use defines for commit OIDs
While we frequently reuse commit OIDs throughout the file, we do not
have any constants to refer to these commits. Make this a bit easier to
read by giving the commit OIDs somewhat descriptive names of what kind
of commit they refer to.
|
|
d7fea1e1
|
2018-02-18T16:10:33
|
|
checkout: take mode into account when comparing index to baseline
When checking out a file, we determine whether the baseline (what we
expect to be in the working directory) actually matches the contents
of the working directory. This is safe behavior to prevent us from
overwriting changes in the working directory.
We look at the index to optimize this test: if we know that the index
matches the working directory, then we can simply look at the index
data compared to the baseline.
We have historically compared the baseline to the index entry by oid.
However, we must also compare the mode of the two items to ensure that
they are identical. Otherwise, we will refuse to update the working
directory for a mode change.
|
|
952cf714
|
2018-02-19T10:51:29
|
|
Merge pull request #4537 from pks-t/pks/tests-filemode-uninitialized-memory
tests: index::filemodes: fix use of uninitialized memory
|
|
cabe16df
|
2018-02-19T10:18:59
|
|
tests: index::filemodes: fix use of uninitialized memory
The new index entry structure was not being initialized to all-zeroes.
As that structure is used to add a new entry to the current index, and
the hashing algorithm of the index making use of the uninitialized flags
to calculate the state, we might miscompute the hash of the entry and
add it at the wrong position. Later lookups would then fail.
Initialize the structure with `memset` to fix the test breaking on some
platforms.
|
|
f1ad004c
|
2018-02-18T22:29:48
|
|
Merge pull request #4529 from libgit2/ethomson/index_add_requires_files
git_index_add_frombuffer: only accept files/links
|
|
574671ba
|
2018-02-18T10:16:15
|
|
Merge pull request #4534 from pks-t/pks/build-warnings
Fix build warnings
|
|
5f774dbf
|
2018-02-11T10:14:13
|
|
git_index_add_frombuffer: only accept files/links
Ensure that the buffer given to `git_index_add_frombuffer` represents a
regular blob, an executable blob, or a link. Explicitly reject commit
entries (submodules) - it makes little sense to allow users to add a
submodule from a string; there's no possible path to success.
|
|
92324d84
|
2018-02-16T11:28:53
|
|
util: clean up header includes
While "util.h" declares the macro `git__tolower`, which simply resorts
to tolower(3P) on Unix-like systems, the <ctype.h> header is only being
included in "util.c". Thus, anybody who has included "util.h" without
having <ctype.h> included will fail to compile as soon as the macro is
in use.
Furthermore, we can clean up additional includes in "util.c" and simply
replace them with an include for "common.h".
|
|
06b8a40f
|
2018-02-16T11:29:46
|
|
Explicitly mark fallthrough cases with comments
A lot of compilers nowadays generate warnings when there are cases in a
switch statement which implicitly fall through to the next case. To
avoid this warning, the last line in the case that is falling through
can have a comment matching a regular expression, where one possible
comment body would be `/* fall through */`.
An alternative to the comment would be an explicit attribute like e.g.
`[[clang::fallthrough]` or `__attribute__ ((fallthrough))`. But GCC only
introduced support for such an attribute recently with GCC 7. Thus, and
also because the fallthrough comment is supported by most compilers, we
settle for using comments instead.
One shortcoming of that method is that compilers are very strict about
that. Most interestingly, that comment _really_ has to be the last line.
In case a closing brace follows the comment, the heuristic will fail.
|
|
7c6e9175
|
2018-02-16T11:11:11
|
|
index: shut up warning on uninitialized variable
Even though the `entry` variable will always be initialized when
`read_entry` returns success and even though we never dereference
`entry` in case `read_entry` fails, GCC prints a warning about
uninitialized use. Just initialize the pointer to `NULL` in order to
shut GCC up.
|
|
522f3e4b
|
2018-02-16T10:50:54
|
|
CMakeLists: increase strict aliasing level to 3
The strict aliasing rules disallow dereferencing the pointer to a
variable of a certain type as another type, which is frequently used
e.g. when casting structs to their base type. We currently have the
warning level for strict aliasing rules set to `2`, which is described
by gcc(1) as being "Aggressive, quick, not too precise." And in fact, we
experience quite a lot of warnings when doing a release build due to
that.
GCC provides multiple levels, where higher levels are more accurate, but
also slower due to the additional analysis required. Still, we want to
have warning level 3 instead of 2 to avoid the current warnings we have
in the Travis CI release builds. As this is the default warning level
when no level is passed to `-Wstrict-aliasing`, we can just remove the
level and use that default.
|
|
84f03b3a
|
2018-02-16T10:48:55
|
|
streams: openssl: fix use of uninitialized variable
When verifying the server certificate, we do try to make sure that the
hostname actually matches the certificate alternative names. In cases
where the host is either an IPv4 or IPv6 address, we have to compare the
binary representations of the hostname with the declared IP address of
the certificate. We only do that comparison in case we were successfully
able to parse the hostname as an IP, which would always result in the
memory region being initialized. Still, GCC 6.4.0 was complaining about
usage of non-initialized memory.
Fix the issue by simply asserting that `addr` needs to be initialized.
This shuts up the GCC warning.
|
|
b8cb7536
|
2018-02-15T11:07:29
|
|
Merge pull request #4532 from pks-t/pks/release-doc-filename
docs: fix typo in "release.md" filename
|
|
bb7c672a
|
2018-02-15T11:06:40
|
|
docs: fix typo in "release.md" filename
|