kmx git

Commit	Date	Message
e5f32e81	2018-04-17T00:08:20	Merge pull request #4514 from tiennou/fix/pkt-type-enum Typedef git_pkt_type and clarify recv_pkt return type
17339cb3	2018-04-16T15:35:56	Merge pull request #4596 from pks-t/pks/ssh-disconnect transports: ssh: disconnect session before freeing it
13a77274	2018-02-26T21:33:55	smart: typo
2cf9b84c	2018-04-11T19:13:42	smart: free the pkt when we fail to store it
32586d5e	2018-04-11T19:03:57	smart: separate error handling from pkt handling
01381149	2018-02-26T21:27:10	smart: make out arguments explicit on recv_pkt
08961c9d	2017-08-22T16:29:07	smart: typedef git_pkt_type and clarify recv_pkt return type
6c55fbf3	2018-04-06T10:39:16	transports: local: fix assert when fetching into repo with symrefs When fetching into a repository which has symbolic references via the "local" transport we run into an assert. The assert is being triggered while we negotiate the packfile between the two repositories. When hiding known revisions from the packbuilder revwalk, we unconditionally hide all references of the local refdb. In case one of these references is a symbolic reference, though, this means we're trying to hide a `NULL` OID, which triggers the assert. Fix the issue by only hiding OID references from the revwalk. Add a test to catch this issue in the future.
874ce161	2018-03-27T15:03:15	transports: ssh: replace deprecated function `libssh2_session_startup` The function `libssh2_session_startup` has been deprecated since libssh2 version 1.2.8 in favor of `libssh2_session_handshake` introduced in the same version. libssh2 1.2.8 was released in April 2011, so it is already seven years old. It is available in Debian Wheezy, Ubuntu Trusty and CentOS 7.4, so the most important and conservative distros already have it available. As such, it seems safe to just use the new function.
2785cc8e	2018-03-27T14:49:21	transports: ssh: disconnect session before freeing it The function `ssh_stream_free` takes over the responsibility of closing channels and streams just before freeing their memory, but it does not do so for the session. In fact, we never disconnect the session ourselves at all, as libssh2 will not do so itself upon freeing the structure. Quoting the documentation of `libssh2_session_free`: > Frees all resources associated with a session instance. Typically > called after libssh2_session_disconnect_ex, The missing disconnect probably stems from a misunderstanding what it actually does. As we are already closing the TCP socket ourselves, the assumption was that no additional disconnect is required. But calling `libssh2_session_disconnect` will notify the server that we are cleanly closing the connection, such that the server can free his own resources. Add a call to `libssh2_session_disconnect` to fix that issue. [1]: https://www.libssh2.org/libssh2_session_free.html
6f577906	2018-03-03T20:09:09	ssh urls: use `git_buf_decode_percent` Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.
16210877	2018-02-28T12:59:47	Unescape repo before constructing ssh request
5ecb6220	2018-02-25T15:46:51	winhttp: enable TLS 1.2 on Windows 7 and earlier Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.
934e6a3b	2018-02-27T11:24:30	winhttp: include constants for TLS 1.1/1.2 support For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.
8c8db980	2018-02-27T10:32:29	mingw: update TLS option flags Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.
ee6be190	2018-01-31T08:36:19	http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>
abb04caa	2018-02-01T15:55:48	consistent header guards use consistent names for the #include / #define header guard pattern.
90f81f9f	2018-01-12T12:56:57	transports: local: fix memory leak in reference walk Upon downloading the pack file, the local transport will iterate through every reference using `git_reference_foreach`. The function is a bit tricky though in that it requires the passed callback to free the references, which does not currently happen. Fix the memory leak by freeing all passed references in the callback.
7610638e	2018-01-01T17:52:06	Merge pull request #4453 from libgit2/ethomson/spnego winhttp: properly support ntlm and negotiate
8cdf439b	2017-12-30T13:07:03	Merge pull request #4028 from chescock/improve-local-fetch Transfer fewer objects on push and local fetch
526dea1c	2017-12-29T17:41:24	winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.
38eaa7ab	2017-11-24T12:28:19	winhttp: pass the same payload as ssh & http transports when checking certificates
88450c1c	2017-11-09T21:49:30	Merge pull request #4283 from tiennou/generic-tls CMake: make HTTPS support more generic
e9369856	2017-03-21T00:25:15	stream: Gather streams to src/streams
f2f14724	2017-09-21T15:51:52	transports: ssh: ask for credentials again when passphrase is wrong When trying to decode the private key it looks like LibSSH2 returns a LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.
7cb705cb	2017-10-06T12:05:26	transports: smart: fix memory leak when skipping symbolic refs When we setup the revision walk for negotiating references with a remote, we iterate over all references, ignoring tags and symbolic references. While skipping over symbolic references, we forget to free the looked up reference, resulting in a memory leak when the next iteration simply overwrites the variable. Fix that issue by freeing the reference at the beginning of each iteration and collapsing return paths for error and success.
0c7f49dd	2017-06-30T13:39:01	Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
e141f079	2017-06-10T11:46:09	smart_protocol: fix parsing of server ACK responses Fix ACK parsing in wait_while_ack() internal function. This patch handles the case where multi_ack_detailed mode sends 'ready' ACKs. The existing functionality would bail out too early, thus causing the processing of the ensuing packfile to fail if/when 'ready' ACKs were sent.
97eb5ef0	2017-06-07T10:05:54	buffer: rely on `GITERR_OOM` set by `git_buf_try_grow` The function `git_buf_try_grow` consistently calls `giterr_set_oom` whenever growing the buffer fails due to insufficient memory being available. So in fact, we do not have to do this ourselves when a call to any buffer-growing function has failed due to an OOM situation. But we still do so in two functions, which this patch cleans up.
9b1260d3	2017-05-20T14:18:32	Merge pull request #4097 from implausible/fix/auto-detect-proxy-callbacks Fix proxy auto detect not utilizing callbacks
2ce2a48f	2017-05-02T13:37:15	transports: ssh: clean up after libssh2 on exit After calling `libssh2_init`, we need to clean up after the library by executing `libssh2_exit` as soon as we exit. Register a shutdown handler to do so which simply calls `libssh2_exit`. This fixes several memory leaks.
8c027351	2017-05-02T13:35:09	transports: ssh: report failure initializing libssh2 We unconditionally return success when initializing libssh2, regardless of whether `libgssh2_init` signals success or an error. Fix this by checking its return code.
5c760960	2017-04-17T13:03:03	transport: provide a getter for the proxy options As with the callbacks, third-party implementations of smart subtransports cannot reach into the opaque struct and thus cannot know what options the user set. Add a getter for these options to copy the proxy options into something external implementors can use.
b65a5e9b	2017-03-01T07:58:40	winhttp: disambiguate error messages when sending requests
c576d4ff	2017-02-13T12:46:00	Merge pull request #4115 from gsaralms/users/gsaral/optionalOfsDelta Changes to provide option to turn off/on ofs_delta
c5f3da96	2016-11-11T14:36:43	repository: use `git_repository_item_path` The recent introduction of the commondir variable of a repository requires callers to distinguish whether their files are part of the dot-git directory or the common directory shared between multpile worktrees. In order to take the burden from callers and unify knowledge on which files reside where, the `git_repository_item_path` function has been introduced which encapsulate this knowledge. Modify most existing callers of `git_repository_path` to use `git_repository_item_path` instead, thus making them implicitly aware of the common directory.
61acc9fa	2017-02-08T16:22:44	Changes to provide option to turn off/on ofs_delta This change provides an option in git_libgit2_opt_t which can be used in git_libgit2_opts to turn off/on ofs_delta capability in libGit2
1e929eb5	2017-02-06T11:00:06	Pass proxy options payload to credentials callback
fa2dfcf9	2017-02-01T09:28:30	Fix digest credentials for proxy in windows
39e76bb3	2017-01-27T16:05:20	Do not discard proxy_options that have been set when auto is specified
1910a04a	2016-12-30T12:42:42	winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.
4e4a1460	2016-12-30T12:13:34	WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.
a6d833a2	2017-01-13T17:05:58	Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages
6850b516	2017-01-06T17:12:16	Merge branch '25_smartpktparse' into maint/v0.25
2fdef641	2016-11-15T11:44:51	smart_pkt: treat empty packet lines as error The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). We currently indicate success, but do not return a packet in the case where we hit an empty line. The smart protocol was not prepared to handle such packets in all cases, though, resulting in a `NULL` pointer dereference. Fix the issue by returning an error instead. As such kind of packets is not even specified by upstream, this is the right thing to do.
66e3774d	2016-11-15T11:36:27	smart_pkt: verify packet length exceeds PKT_LEN_SIZE Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as we directly pass the length to functions which accept a `size_t` length as parameter. Fix the issue by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.
9a64e62f	2016-12-21T21:24:33	http: check certificate validity before clobbering the error variable
909d5494	2016-12-29T12:25:15	giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
709768a8	2016-12-09T15:59:52	Don't fetch objects we don't need in local transport. Hide all local refs in the revwalk. Packbuilder should not add hidden trees or blobs.
fafafb1f	2016-12-20T16:19:30	http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.
34b32053	2016-11-25T15:02:34	Fix potential use of uninitialized values
482d1748	2016-11-25T15:01:35	transports: smart: do not redeclare loop counters
62494bf2	2016-11-02T09:38:40	transports: smart: abort receiving packets on end of stream When trying to receive packets from the remote, we loop until either an error distinct to `GIT_EBUFS` occurs or until we successfully parsed the packet. This does not honor the case where we are looping over an already closed socket which has no more data, leaving us in an infinite loop if we got a bogus packet size or if the remote hang up. Fix the issue by returning `GIT_EEOF` when we cannot read data from the socket anymore.
61530c49	2016-11-01T16:56:07	transports: smart: abort ref announcement on early end of stream When reading a server's reference announcements via the smart protocol, we expect the server to send multiple flushes before the protocol is finished. If we fail to receive new data from the socket, we will only return an end of stream error if we have not seen any flush yet. This logic is flawed in that we may run into an infinite loop when receiving a server's reference announcement with a bogus flush packet. E.g. assume the last flushing package is changed to not be '0000' but instead any other value. In this case, we will still await one more flush package and ignore the fact that we are not receiving any data from the socket, causing an infinite loop. Fix the issue by always returning `GIT_EEOF` if the socket indicates an end of stream.
b1453601	2016-08-17T11:38:26	transports: http: reset `connected` flag when closing transport
c4cba4e9	2016-08-17T11:00:05	transports: http: reset `connected` flag when re-connecting transport When calling `http_connect` on a subtransport whose stream is already connected, we first close the stream in case no keep-alive is in use. When doing so, we do not reset the transport's connection state, though. Usually, this will do no harm in case the subsequent connect will succeed. But when the connection fails we are left with a substransport which is tagged as connected but which has no valid stream attached. Fix the issue by resetting the subtransport's connected-state when closing its stream in `http_connect`.
bdec62dc	2016-07-06T13:06:25	remove conditions that prevent use of custom TLS stream
6c9eb86f	2016-06-19T11:46:43	HTTP authentication scheme name is case insensitive.
2a09de91	2016-06-14T04:33:55	Merge pull request #3816 from pks-t/pks/memory-leaks Memory leak fixes
43c55111	2016-06-07T14:14:07	winhttp: plug several memory leaks
7d02019a	2016-06-06T12:59:17	transports: smart: fix potential invalid memory dereferences When we receive a packet of exactly four bytes encoding its length as those four bytes it can be treated as an empty line. While it is not really specified how those empty lines should be treated, we currently ignore them and do not return an error when trying to parse it but simply advance the data pointer. Callers invoking `git_pkt_parse_line` are currently not prepared to handle this case as they do not explicitly check this case. While they could always reset the passed out-pointer to `NULL` before calling `git_pkt_parse_line` and determine if the pointer has been set afterwards, it makes more sense to update `git_pkt_parse_line` to set the out-pointer to `NULL` itself when it encounters such an empty packet. Like this it is guaranteed that there will be no invalid memory references to free'd pointers. As such, the issue has been fixed such that `git_pkt_parse_line` always sets the packet out pointer to `NULL` when an empty packet has been received and callers check for this condition, skipping such packets.
375bb2fe	2016-04-21T11:02:31	transport: cast away constness for free
0d72f67f	2016-03-14T17:36:04	proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
bf6f7ad2	2015-09-30T17:42:53	winhttp: correctly detect HTTPS usage
b373e9a6	2015-09-21T22:38:50	net: use proxy options struct in the stream config
22e6aa0d	2015-09-23T04:39:05	proxy: don't require the trailing slash on WinHTTP The path is not something that you use for proxies, so make use of the new optionality of the path when extracting URL parts.
b117721d	2015-07-29T21:23:56	proxy: use poxy to test our Windows proxy support
07bd3e57	2015-05-07T12:57:56	proxy: ask the user for credentials if necessary
d4763c98	2016-03-24T06:56:25	Merge pull request #3574 from chescock/buffer-sideband-pack-data Buffer sideband packet data
9028a8a2	2016-03-08T10:16:37	Only buffer if necessary.
b7809b84	2016-03-08T13:38:55	Merge pull request #3555 from cbargren/ssh-git-protocols Support for ssh+git and git+ssh protocols
22f3d3aa	2016-03-03T22:26:31	ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.
a4cba9d4	2016-03-03T10:48:24	winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
003c5e46	2016-02-22T15:52:49	transports: smart_pkt: fix memory leaks on error paths
6e2a3755	2016-02-23T11:45:43	smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
b0f7512f	2016-02-15T11:46:10	transports: smart_pkt: fix memory leaks
704554cd	2016-02-15T11:37:48	transports: smart: fix memory leak on OOM path
9ce0399c	2016-02-12T10:27:05	winhttp: use an unsigned iterator
5c7f2f01	2016-01-19T11:13:23	winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.
a7d9d93d	2016-01-11T17:09:32	Buffer sideband packet data The inner packet may be split across multiple sideband packets.
4df17045	2015-12-28T07:43:24	Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers
02fdc2db	2015-12-26T17:17:05	ssh_stream_read(): fix possible bytes_read < 0 branch Fix the possibility of returning successfully from ssh_stream_read() with bytes_read < 0. This would occur if stdout channel read resulted in 0, and stderr channel read failed afterwards.
ed21fd74	2015-12-22T10:38:31	Handle git+ssh:// and ssh+git:// protocols support
efd9ab56	2015-11-20T11:26:26	Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.
1411cb9e	2015-10-02T03:57:14	winhttp: use a custom user-agent if the user has set it We also keep the "git/1.0" prefix in order to maintain compatibility with hosters.
94bac76c	2015-10-02T03:46:34	http: use a custom user-agent if the user has set it We still prefix it with "git/1.0" since that's required in many situations, but we replace the area which mentions libgit2.
e0be1d60	2015-10-30T18:23:17	git: put NULL check at the top
45d295e0	2015-10-30T17:51:50	git: accept NULL as argument to its stream free
72b7c570	2015-09-30T09:17:18	Merge pull request #3411 from spraints/custom-push-headers Include custom HTTP headers
d7375662	2015-09-25T10:16:16	Copy custom_headers insteach of referencing the caller's copy
d16c1b97	2015-09-24T10:30:37	These can be static
e60db3c7	2015-09-24T09:24:10	Revise custom header error messages If the header doesn't look like a header (e.g. if it doesn't have a ":" or if it has newlines), report "custom HTTP header '%s' is malformed". If the header has the same name as a header already set by libgit2 (e.g. "Host"), report "HTTP header '%s' is already set by libgit2".
63cc5723	2015-09-24T09:13:05	Don't null-check
098f1e6e	2015-09-24T09:09:48	Use an array of forbidden custom headers
3245896b	2015-09-10T13:18:26	Add a test for custom header validation Also, some custom headers actually are valid.
66d90e70	2015-09-10T09:14:20	More specific names
8c876fa9	2015-09-10T09:11:16	Validate custom http headers
35969c68	2015-09-10T08:58:23	Ignore NULL headers
6c21211c	2015-09-09T13:59:38	Merge pull request #3379 from theseion/additional_libssh2_error_reporting report libssh2 error if list of authentication methods can't be retrieved
c82c2ba6	2015-09-08T14:17:59	o i

e5f32e81

2018-04-17T00:08:20

Merge pull request #4514 from tiennou/fix/pkt-type-enum Typedef git_pkt_type and clarify recv_pkt return type

17339cb3

2018-04-16T15:35:56

Merge pull request #4596 from pks-t/pks/ssh-disconnect transports: ssh: disconnect session before freeing it

13a77274

2018-02-26T21:33:55

smart: typo

2cf9b84c

2018-04-11T19:13:42

smart: free the pkt when we fail to store it

32586d5e

2018-04-11T19:03:57

smart: separate error handling from pkt handling

01381149

2018-02-26T21:27:10

smart: make out arguments explicit on recv_pkt

08961c9d

2017-08-22T16:29:07

smart: typedef git_pkt_type and clarify recv_pkt return type

6c55fbf3

2018-04-06T10:39:16

transports: local: fix assert when fetching into repo with symrefs When fetching into a repository which has symbolic references via the "local" transport we run into an assert. The assert is being triggered while we negotiate the packfile between the two repositories. When hiding known revisions from the packbuilder revwalk, we unconditionally hide all references of the local refdb. In case one of these references is a symbolic reference, though, this means we're trying to hide a `NULL` OID, which triggers the assert. Fix the issue by only hiding OID references from the revwalk. Add a test to catch this issue in the future.

874ce161

2018-03-27T15:03:15

transports: ssh: replace deprecated function `libssh2_session_startup` The function `libssh2_session_startup` has been deprecated since libssh2 version 1.2.8 in favor of `libssh2_session_handshake` introduced in the same version. libssh2 1.2.8 was released in April 2011, so it is already seven years old. It is available in Debian Wheezy, Ubuntu Trusty and CentOS 7.4, so the most important and conservative distros already have it available. As such, it seems safe to just use the new function.

2785cc8e

2018-03-27T14:49:21

transports: ssh: disconnect session before freeing it The function `ssh_stream_free` takes over the responsibility of closing channels and streams just before freeing their memory, but it does not do so for the session. In fact, we never disconnect the session ourselves at all, as libssh2 will not do so itself upon freeing the structure. Quoting the documentation of `libssh2_session_free`: > Frees all resources associated with a session instance. Typically > called after libssh2_session_disconnect_ex, The missing disconnect probably stems from a misunderstanding what it actually does. As we are already closing the TCP socket ourselves, the assumption was that no additional disconnect is required. But calling `libssh2_session_disconnect` will notify the server that we are cleanly closing the connection, such that the server can free his own resources. Add a call to `libssh2_session_disconnect` to fix that issue. [1]: https://www.libssh2.org/libssh2_session_free.html

6f577906

2018-03-03T20:09:09

ssh urls: use `git_buf_decode_percent` Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.

16210877

2018-02-28T12:59:47

Unescape repo before constructing ssh request

5ecb6220

2018-02-25T15:46:51

winhttp: enable TLS 1.2 on Windows 7 and earlier Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default, though support may exist. Try to enable TLS 1.2 support explicitly on connections. This request may fail if the operating system does not have TLS 1.2 support - the initial release of Vista lacks TLS 1.2 support (though it is available as a software update) and XP completely lacks TLS 1.2 support. If this request does fail, the HTTP context is still valid, and still maintains the original protocol support. So we ignore the failure from this operation.

934e6a3b

2018-02-27T11:24:30

winhttp: include constants for TLS 1.1/1.2 support For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.

8c8db980

2018-02-27T10:32:29

mingw: update TLS option flags Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw. This updates both the `deps/winhttp` framework (for classic mingw) and adds the defines for mingw64, which does not use that framework.

ee6be190

2018-01-31T08:36:19

http: standardize user-agent addition The winhttp and posix http each need to add the user-agent to their requests. Standardize on a single function to include this so that we do not get the version numbers we're sending out of sync. Assemble the complete user agent in `git_http__user_agent`, returning assembled strings. Co-authored-by: Patrick Steinhardt <ps@pks.im>

abb04caa

2018-02-01T15:55:48

consistent header guards use consistent names for the #include / #define header guard pattern.

90f81f9f

2018-01-12T12:56:57

transports: local: fix memory leak in reference walk Upon downloading the pack file, the local transport will iterate through every reference using `git_reference_foreach`. The function is a bit tricky though in that it requires the passed callback to free the references, which does not currently happen. Fix the memory leak by freeing all passed references in the callback.

7610638e

2018-01-01T17:52:06

Merge pull request #4453 from libgit2/ethomson/spnego winhttp: properly support ntlm and negotiate

8cdf439b

2017-12-30T13:07:03

Merge pull request #4028 from chescock/improve-local-fetch Transfer fewer objects on push and local fetch

526dea1c

2017-12-29T17:41:24

winhttp: properly support ntlm and negotiate When parsing unauthorized responses, properly parse headers looking for both NTLM and Negotiate challenges. Set the HTTP credentials to default credentials (using a `NULL` username and password) with the schemes supported by ourselves and the server.

38eaa7ab

2017-11-24T12:28:19

winhttp: pass the same payload as ssh & http transports when checking certificates

88450c1c

2017-11-09T21:49:30

Merge pull request #4283 from tiennou/generic-tls CMake: make HTTPS support more generic

e9369856

2017-03-21T00:25:15

stream: Gather streams to src/streams

f2f14724

2017-09-21T15:51:52

transports: ssh: ask for credentials again when passphrase is wrong When trying to decode the private key it looks like LibSSH2 returns a LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED when the passphrase is incorrect.

7cb705cb

2017-10-06T12:05:26

transports: smart: fix memory leak when skipping symbolic refs When we setup the revision walk for negotiating references with a remote, we iterate over all references, ignoring tags and symbolic references. While skipping over symbolic references, we forget to free the looked up reference, resulting in a memory leak when the next iteration simply overwrites the variable. Fix that issue by freeing the reference at the beginning of each iteration and collapsing return paths for error and success.

0c7f49dd

2017-06-30T13:39:01

Make sure to always include "common.h" first Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.

e141f079

2017-06-10T11:46:09

smart_protocol: fix parsing of server ACK responses Fix ACK parsing in wait_while_ack() internal function. This patch handles the case where multi_ack_detailed mode sends 'ready' ACKs. The existing functionality would bail out too early, thus causing the processing of the ensuing packfile to fail if/when 'ready' ACKs were sent.

97eb5ef0

2017-06-07T10:05:54

buffer: rely on `GITERR_OOM` set by `git_buf_try_grow` The function `git_buf_try_grow` consistently calls `giterr_set_oom` whenever growing the buffer fails due to insufficient memory being available. So in fact, we do not have to do this ourselves when a call to any buffer-growing function has failed due to an OOM situation. But we still do so in two functions, which this patch cleans up.

9b1260d3

2017-05-20T14:18:32

Merge pull request #4097 from implausible/fix/auto-detect-proxy-callbacks Fix proxy auto detect not utilizing callbacks

2ce2a48f

2017-05-02T13:37:15

transports: ssh: clean up after libssh2 on exit After calling `libssh2_init`, we need to clean up after the library by executing `libssh2_exit` as soon as we exit. Register a shutdown handler to do so which simply calls `libssh2_exit`. This fixes several memory leaks.

8c027351

2017-05-02T13:35:09

transports: ssh: report failure initializing libssh2 We unconditionally return success when initializing libssh2, regardless of whether `libgssh2_init` signals success or an error. Fix this by checking its return code.

5c760960

2017-04-17T13:03:03

transport: provide a getter for the proxy options As with the callbacks, third-party implementations of smart subtransports cannot reach into the opaque struct and thus cannot know what options the user set. Add a getter for these options to copy the proxy options into something external implementors can use.

b65a5e9b

2017-03-01T07:58:40

winhttp: disambiguate error messages when sending requests

c576d4ff

2017-02-13T12:46:00

Merge pull request #4115 from gsaralms/users/gsaral/optionalOfsDelta Changes to provide option to turn off/on ofs_delta

c5f3da96

2016-11-11T14:36:43

repository: use `git_repository_item_path` The recent introduction of the commondir variable of a repository requires callers to distinguish whether their files are part of the dot-git directory or the common directory shared between multpile worktrees. In order to take the burden from callers and unify knowledge on which files reside where, the `git_repository_item_path` function has been introduced which encapsulate this knowledge. Modify most existing callers of `git_repository_path` to use `git_repository_item_path` instead, thus making them implicitly aware of the common directory.

61acc9fa

2017-02-08T16:22:44

Changes to provide option to turn off/on ofs_delta This change provides an option in git_libgit2_opt_t which can be used in git_libgit2_opts to turn off/on ofs_delta capability in libGit2

1e929eb5

2017-02-06T11:00:06

Pass proxy options payload to credentials callback

fa2dfcf9

2017-02-01T09:28:30

Fix digest credentials for proxy in windows

39e76bb3

2017-01-27T16:05:20

Do not discard proxy_options that have been set when auto is specified

1910a04a

2016-12-30T12:42:42

winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.

4e4a1460

2016-12-30T12:13:34

WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.

a6d833a2

2017-01-13T17:05:58

Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages

6850b516

2017-01-06T17:12:16

Merge branch '25_smartpktparse' into maint/v0.25

2fdef641

2016-11-15T11:44:51

smart_pkt: treat empty packet lines as error The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). We currently indicate success, but do not return a packet in the case where we hit an empty line. The smart protocol was not prepared to handle such packets in all cases, though, resulting in a `NULL` pointer dereference. Fix the issue by returning an error instead. As such kind of packets is not even specified by upstream, this is the right thing to do.

66e3774d

2016-11-15T11:36:27

smart_pkt: verify packet length exceeds PKT_LEN_SIZE Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as we directly pass the length to functions which accept a `size_t` length as parameter. Fix the issue by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.

9a64e62f

2016-12-21T21:24:33

http: check certificate validity before clobbering the error variable

909d5494

2016-12-29T12:25:15

giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one

709768a8

2016-12-09T15:59:52

Don't fetch objects we don't need in local transport. Hide all local refs in the revwalk. Packbuilder should not add hidden trees or blobs.

fafafb1f

2016-12-20T16:19:30

http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.

34b32053

2016-11-25T15:02:34

Fix potential use of uninitialized values

482d1748

2016-11-25T15:01:35

transports: smart: do not redeclare loop counters

62494bf2

2016-11-02T09:38:40

transports: smart: abort receiving packets on end of stream When trying to receive packets from the remote, we loop until either an error distinct to `GIT_EBUFS` occurs or until we successfully parsed the packet. This does not honor the case where we are looping over an already closed socket which has no more data, leaving us in an infinite loop if we got a bogus packet size or if the remote hang up. Fix the issue by returning `GIT_EEOF` when we cannot read data from the socket anymore.

61530c49

2016-11-01T16:56:07

transports: smart: abort ref announcement on early end of stream When reading a server's reference announcements via the smart protocol, we expect the server to send multiple flushes before the protocol is finished. If we fail to receive new data from the socket, we will only return an end of stream error if we have not seen any flush yet. This logic is flawed in that we may run into an infinite loop when receiving a server's reference announcement with a bogus flush packet. E.g. assume the last flushing package is changed to not be '0000' but instead any other value. In this case, we will still await one more flush package and ignore the fact that we are not receiving any data from the socket, causing an infinite loop. Fix the issue by always returning `GIT_EEOF` if the socket indicates an end of stream.

b1453601

2016-08-17T11:38:26

transports: http: reset `connected` flag when closing transport

c4cba4e9

2016-08-17T11:00:05

transports: http: reset `connected` flag when re-connecting transport When calling `http_connect` on a subtransport whose stream is already connected, we first close the stream in case no keep-alive is in use. When doing so, we do not reset the transport's connection state, though. Usually, this will do no harm in case the subsequent connect will succeed. But when the connection fails we are left with a substransport which is tagged as connected but which has no valid stream attached. Fix the issue by resetting the subtransport's connected-state when closing its stream in `http_connect`.

bdec62dc

2016-07-06T13:06:25

remove conditions that prevent use of custom TLS stream

6c9eb86f

2016-06-19T11:46:43

HTTP authentication scheme name is case insensitive.

2a09de91

2016-06-14T04:33:55

Merge pull request #3816 from pks-t/pks/memory-leaks Memory leak fixes

43c55111

2016-06-07T14:14:07

winhttp: plug several memory leaks

7d02019a

2016-06-06T12:59:17

transports: smart: fix potential invalid memory dereferences When we receive a packet of exactly four bytes encoding its length as those four bytes it can be treated as an empty line. While it is not really specified how those empty lines should be treated, we currently ignore them and do not return an error when trying to parse it but simply advance the data pointer. Callers invoking `git_pkt_parse_line` are currently not prepared to handle this case as they do not explicitly check this case. While they could always reset the passed out-pointer to `NULL` before calling `git_pkt_parse_line` and determine if the pointer has been set afterwards, it makes more sense to update `git_pkt_parse_line` to set the out-pointer to `NULL` itself when it encounters such an empty packet. Like this it is guaranteed that there will be no invalid memory references to free'd pointers. As such, the issue has been fixed such that `git_pkt_parse_line` always sets the packet out pointer to `NULL` when an empty packet has been received and callers check for this condition, skipping such packets.

375bb2fe

2016-04-21T11:02:31

transport: cast away constness for free

0d72f67f

2016-03-14T17:36:04

proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.

bf6f7ad2

2015-09-30T17:42:53

winhttp: correctly detect HTTPS usage

b373e9a6

2015-09-21T22:38:50

net: use proxy options struct in the stream config

22e6aa0d

2015-09-23T04:39:05

proxy: don't require the trailing slash on WinHTTP The path is not something that you use for proxies, so make use of the new optionality of the path when extracting URL parts.

b117721d

2015-07-29T21:23:56

proxy: use poxy to test our Windows proxy support

07bd3e57

2015-05-07T12:57:56

proxy: ask the user for credentials if necessary

d4763c98

2016-03-24T06:56:25

Merge pull request #3574 from chescock/buffer-sideband-pack-data Buffer sideband packet data

9028a8a2

2016-03-08T10:16:37

Only buffer if necessary.

b7809b84

2016-03-08T13:38:55

Merge pull request #3555 from cbargren/ssh-git-protocols Support for ssh+git and git+ssh protocols

22f3d3aa

2016-03-03T22:26:31

ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.

a4cba9d4

2016-03-03T10:48:24

winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.

003c5e46

2016-02-22T15:52:49

transports: smart_pkt: fix memory leaks on error paths

6e2a3755

2016-02-23T11:45:43

smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF

b0f7512f

2016-02-15T11:46:10

transports: smart_pkt: fix memory leaks

704554cd

2016-02-15T11:37:48

transports: smart: fix memory leak on OOM path

9ce0399c

2016-02-12T10:27:05

winhttp: use an unsigned iterator

5c7f2f01

2016-01-19T11:13:23

winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.

a7d9d93d

2016-01-11T17:09:32

Buffer sideband packet data The inner packet may be split across multiple sideband packets.

4df17045

2015-12-28T07:43:24

Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers

02fdc2db

2015-12-26T17:17:05

ssh_stream_read(): fix possible *bytes_read < 0 branch Fix the possibility of returning successfully from ssh_stream_read() with *bytes_read < 0. This would occur if stdout channel read resulted in 0, and stderr channel read failed afterwards.

ed21fd74

2015-12-22T10:38:31

Handle git+ssh:// and ssh+git:// protocols support

efd9ab56

2015-11-20T11:26:26

Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.

1411cb9e

2015-10-02T03:57:14

winhttp: use a custom user-agent if the user has set it We also keep the "git/1.0" prefix in order to maintain compatibility with hosters.

94bac76c

2015-10-02T03:46:34

http: use a custom user-agent if the user has set it We still prefix it with "git/1.0" since that's required in many situations, but we replace the area which mentions libgit2.

e0be1d60

2015-10-30T18:23:17

git: put NULL check at the top

45d295e0

2015-10-30T17:51:50

git: accept NULL as argument to its stream free

72b7c570

2015-09-30T09:17:18

Merge pull request #3411 from spraints/custom-push-headers Include custom HTTP headers

d7375662

2015-09-25T10:16:16

Copy custom_headers insteach of referencing the caller's copy

d16c1b97

2015-09-24T10:30:37

These can be static

e60db3c7

2015-09-24T09:24:10

Revise custom header error messages If the header doesn't look like a header (e.g. if it doesn't have a ":" or if it has newlines), report "custom HTTP header '%s' is malformed". If the header has the same name as a header already set by libgit2 (e.g. "Host"), report "HTTP header '%s' is already set by libgit2".

63cc5723

2015-09-24T09:13:05

Don't null-check

098f1e6e

2015-09-24T09:09:48

Use an array of forbidden custom headers

3245896b

2015-09-10T13:18:26

Add a test for custom header validation Also, *some* custom headers actually are valid.

66d90e70

2015-09-10T09:14:20

More specific names

8c876fa9

2015-09-10T09:11:16

Validate custom http headers

35969c68

2015-09-10T08:58:23

Ignore NULL headers

6c21211c

2015-09-09T13:59:38

Merge pull request #3379 from theseion/additional_libssh2_error_reporting report libssh2 error if list of authentication methods can't be retrieved

c82c2ba6

2015-09-08T14:17:59

o i

thodg/libgit2/src/transports

src/transports

Log