Log

Author Commit Date CI Message
Edward Thomson 1a107fac 2019-02-02T10:25:54 Merge pull request #4970 from libgit2/ethomson/0_28 v0.28 rc1
Edward Thomson 3fe29c4d 2019-01-31T19:10:03 version: 0.28
Edward Thomson 63f96cd0 2019-01-31T19:09:42 changelog: this is 0.28
Edward Thomson 214457c6 2019-01-31T18:51:36 Merge pull request #4968 from tiennou/fix/documentation Docs
Edward Thomson 6853a250 2019-01-31T14:46:21 Merge branch 'pks/stream-truncated-writes'
Patrick Steinhardt 0ceac0d0 2019-01-23T14:45:19 mbedtls: fix potential size overflow when reading or writing data The mbedtls library uses a callback mechanism to allow downstream users to plug in their own receive and send functions. We implement `bio_read` and `bio_write` functions, which simply wrap the `git_stream_read` and `git_stream_write` functions, respectively. The problem arises due to the return value of the callback functions: mbedtls expects us to return an `int` containing the actual number of bytes that were read or written. But this is in fact completely misdesigned, as callers are allowed to pass in a buffer with length `SIZE_MAX`. We thus may be unable to represent the number of bytes written via the return value. Fix this by only ever reading or writing at most `INT_MAX` bytes.
Patrick Steinhardt 75918aba 2019-01-23T14:43:54 mbedtls: make global variables static The mbedtls stream implementation makes use of some global variables which are not marked as `static`, even though they're only used in this compilation unit. Fix this and remove a duplicate declaration.
Patrick Steinhardt 657197e6 2019-01-23T15:54:05 openssl: fix potential size overflow when writing data Our `openssl_write` function calls `SSL_write` by passing in both `data` and `len` arguments directly. Thing is, our `len` parameter is of type `size_t` and theirs is of type `int`. We thus need to clamp our length to be at most `INT_MAX`.
Patrick Steinhardt 7613086d 2019-01-23T15:49:28 streams: handle short writes only in generic stream Now that the function `git_stream__write_full` exists and callers of `git_stream_write` have been adjusted, we can lift logic for short writes out of the stream implementations. Instead, this is now handled either by `git_stream__write_full` or by callers of `git_stream_write` directly.
Patrick Steinhardt 5265b31c 2019-01-23T15:00:20 streams: fix callers potentially only writing partial data Similar to the write(3) function, implementations of `git_stream_write` do not guarantee that all bytes are written. Instead, they return the number of bytes that actually have been written, which may be smaller than the total number of bytes. Furthermore, due to an interface design issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as otherwise we cannot represent the number of bytes written to the caller. Unfortunately, no caller of `git_stream_write` ever checks the return value, except to verify that no error occurred. Due to this, they are susceptible to the case where only partial data has been written. Fix this by introducing a new function `git_stream__write_full`. In contrast to `git_stream_write`, it will always return either success or failure, without returning the number of bytes written. Thus, it is able to write all `SIZE_MAX` bytes and loop around `git_stream_write` until all data has been written. Adjust all callers except the BIO callbacks in our mbedtls and OpenSSL streams, which already do the right thing and require the amount of bytes written.
Patrick Steinhardt 193e7ce9 2019-01-23T15:42:07 streams: make file-local functions static The callback functions that implement the `git_stream` structure are only used inside of their respective implementation files, but they are not marked as `static`. Fix this.
Etienne Samson 9fd9126e 2019-01-30T21:19:18 docs: minor changes
Edward Thomson 2f1d6eff 2019-01-30T19:59:43 Merge pull request #4954 from tiennou/fix/documentation Documentation fixes
Edward Thomson cf14215d 2019-01-28T12:41:22 Merge pull request #4964 from libgit2/ethomson/ci_nightly ci: add an individual coverity pipeline
Edward Thomson 0cf5b6b1 2019-01-28T10:48:49 ci: ignore coverity failures in nightly runs Coverity is back but it's only read-only! Agh. Just allow it to fail and not impact the overall job run.
Edward Thomson 52a97eed 2019-01-28T12:16:50 ci: add coverity badge to the README
Etienne Samson 690e55e0 2019-01-04T19:09:42 repo: split git_repository_open_flag_t options documentation inline
Etienne Samson f6412c26 2019-01-15T13:35:41 transport: enhance documentation
Etienne Samson 2964fed0 2019-01-15T13:30:42 docs: document GIT_EUSER/GIT_EPASSTHROUGH
Etienne Samson 9e4d421e 2019-01-15T11:32:13 doc: clarify that git_time_t is seconds from the epoch
Edward Thomson e9a34864 2019-01-27T22:47:09 Merge pull request #4961 from libgit2/ethomson/ci_docurium ci: run docurium to create documentation
Edward Thomson 92b52f36 2019-01-27T22:46:53 Merge pull request #4962 from libgit2/ethomson/ci_nightly ci: return coverity to the nightlies
Edward Thomson 08d71f72 2019-01-27T22:46:07 ci: return coverity to the nightlies
Edward Thomson b1e28625 2019-01-26T19:43:33 Merge pull request #4950 from libgit2/ethomson/warnings Clean up some warnings
Edward Thomson f56634f8 2019-01-26T19:40:19 Merge pull request #4869 from libgit2/ethomson/ci_nightly Nightlies: use `latest` docker images
Edward Thomson ace20c6a 2019-01-26T16:59:32 ci: run docurium to create documentation Run docurium as part of the build. The goal of this is to be able to evaluate the documentation in a given pull request; as such, this does not implement any sort of deployment pipeline. This will allow us to download a snapshot of the documentation from the CI build and evaluate the docs for a particular pull request; before it's been merged.
Edward Thomson 4a798a91 2018-10-28T17:57:53 nightly: use latest images, not test images
Edward Thomson 4947216f 2019-01-21T11:11:27 git transport: only write INT_MAX bytes The transport code returns an `int` with the number of bytes written; thus only attempt to write at most `INT_MAX`.
Edward Thomson a861839d 2019-01-21T10:55:59 windows: add SSIZE_MAX Windows doesn't include ssize_t or its _MAX value by default. We are already declaring ssize_t as SSIZE_T, which is __int64_t on Win64 and long otherwise. Include its _MAX value as a correspondence to its type.
Edward Thomson f1986a23 2019-01-21T09:56:23 streams: don't write more than SSIZE_MAX Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).
Edward Thomson e5e2fac8 2019-01-21T00:57:39 buffer: explicitly cast Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested it.
Edward Thomson f4ebb2d4 2019-01-21T00:56:35 blame: make hunk_cmp handle unsigned differences
Edward Thomson ae681d3f 2019-01-21T00:49:07 apply: make update_hunk accept a size_t
Edward Thomson 7ed2baf7 2019-01-21T00:41:50 MSVC: ignore empty compilation units (warning LNK4221) A number of source files have their implementation #ifdef'd out (because they target another platform). MSVC warns on empty compilation units (with warning LNK4221). Ignore warning 4221 when creating the object library.
Edward Thomson fac08837 2019-01-21T11:38:46 filter: return an int Validate that the return value of the read is not less than INT_MAX, then cast.
Edward Thomson 89bd4ddb 2019-01-21T11:32:53 diff_generate: validate oid file size Index entries are 32 bit unsigned ints, not `size_t`s.
Edward Thomson fd9d4e28 2019-01-21T11:29:16 describe: don't mix and match abbreviated size types The git_describe_format_options.abbreviated_size type is an unsigned int. There's no need for it to be anything else; keep it what it is.
Edward Thomson 751eb462 2019-01-21T11:20:18 delta: validate sizes and cast safely Quiet down a warning from MSVC about how we're potentially losing data. Validate that our data will fit into the type provided then cast.
Edward Thomson 3fba5891 2019-01-20T23:53:33 test: cast to a char the zstream test
Edward Thomson f25bb508 2019-01-20T23:52:50 index test: cast times explicitly Cast actual filesystem data to the int32_t that index entries store.
Edward Thomson 1d4ddb8e 2019-01-20T23:42:08 iterator: cast filesystem iterator entry values explicitly The filesystem iterator takes `stat` data from disk and puts them into index entries, which use 32 bit ints for time (the seconds portion) and filesize. However, on most systems these are not 32 bit, thus will typically invoke a warning. Most users ignore these fields entirely. Diff and checkout code do use the values, however only for the cache to determine if they should check file modification. Thus, this is not a critical error (and will cause a hash recomputation at worst).
Edward Thomson c6cac733 2019-01-20T22:40:38 blob: validate that blob sizes fit in a size_t Our blob size is a `git_off_t`, which is a signed 64 bit int. This may be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob size fits into a `size_t` before casting.
Edward Thomson 3aa6d96a 2019-01-20T20:38:25 tree: cast filename length in git_tree__parse_raw Quiet down a warning from MSVC about how we're potentially losing data. Ensure that we're within a uint16_t before we do.
Edward Thomson 759502ed 2019-01-20T20:30:42 odb_loose: explicitly cast to size_t Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested that it's positive and less than SIZE_MAX.
Edward Thomson 80c3867b 2019-01-20T19:20:12 patch: explicitly cast down in parse_header_percent Quiet down a warning from MSVC about how we're potentially losing data. This is safe since we've explicitly tested that it's within the range of 0-100.
Edward Thomson 494448a5 2019-01-20T19:10:08 index: explicitly cast down to a size_t Quiet down a warning from MSVC about how we're potentially losing data. This cast is safe since we've explicitly tested that `strip_len` <= `last_len`.
Edward Thomson c3866fa8 2019-01-20T18:54:16 diff: explicitly cast in flush_hunk Quiet down a warning from MSVC about how we're potentially losing data.
Edward Thomson 826d9a4d 2019-01-25T09:43:20 Merge pull request #4858 from tiennou/fix/index-ext-read index: preserve extension parsing errors
Edward Thomson 859d9229 2019-01-25T09:41:41 Merge pull request #4952 from libgit2/ethomson/deprecation Deprecate functions and constants more gently
Edward Thomson c951b825 2019-01-23T00:32:40 deprecation: define GIT_DEPRECATE_HARD internally Ensure that we do not use any deprecated functions in the library source, test code or examples.
Edward Thomson 9f3a5a64 2019-01-23T00:29:03 deprecation: offer GIT_DEPRECATE_HARD Users can define `GIT_DEPRECATE_HARD` if they want to remove all functions that we've "softly" deprecated.
Edward Thomson 9c5e05ad 2019-01-23T10:43:29 deprecation: move deprecated tests into their own file Move the deprecated stream tests into their own compilation unit. This will allow us to disable any preprocessor directives that apply to deprecation just for these tests (eg, disabling `GIT_DEPRECATED_HARD`).
Edward Thomson e09f0c10 2019-01-23T10:21:42 deprecation: don't use deprecated stream cb Avoid the deprecated `git_stream_cb` typedef since we want to compile the library without deprecated functions or types. Instead, we can unroll the alias to its actual type.
Edward Thomson 09e2ea2f 2019-01-23T09:44:40 deprecation: provide docurium deprecation note Add `@deprecated` to the functions that are, so that they'll appear that way in docurium.
Edward Thomson 53d13fb3 2019-01-23T09:42:55 deprecation: deprecated stream registration in if guard `git_stream_register_tls` is now deprecated; mark it in an if guard with the deprecation. This should not be included in `deprecated.h` since it is an uncommonly used `sys` header file.
Edward Thomson 769e9274 2019-01-23T00:42:22 deprecation: update changelog to reflect new policies
Edward Thomson a7d0d14f 2019-01-23T00:07:40 deprecation: move deprecated bits to deprecated.h
Edward Thomson 1c3daccf 2019-01-23T09:51:50 fuzzers: don't use deprecated types
Edward Thomson cc5da0a6 2019-01-23T09:36:52 examples: don't use deprecated types
Edward Thomson 5524a467 2019-01-25T09:06:27 Merge pull request #4957 from csware/deprecated Don't use deprecated constants
Sven Strickroth bff7aed2 2019-01-24T16:44:04 Don't use deprecated constants Follow up for PR #4917. Signed-off-by: Sven Strickroth <email@cs-ware.de>
Etienne Samson 0bf7e043 2019-01-24T12:12:04 index: preserve extension parsing errors Previously, we would clobber any extension-specific error message with an "extension is truncated" message. This makes `read_extension` correctly preserve those errors, takes responsibility for truncation errors, and adds a new message with the actual extension signature for unsupported mandatory extensions.
Patrick Steinhardt 80be19b9 2019-01-24T11:59:48 Merge pull request #4955 from csware/c4098 Fix VS warning C4098: 'giterr_set_str' : void function returning a value
Sven Strickroth 53bf0bde 2019-01-24T11:29:36 Fix VS warning C4098: 'giterr_set_str' : void function returning a value Signed-off-by: Sven Strickroth <email@cs-ware.de>
Edward Thomson 635693d3 2019-01-22T22:52:06 Merge pull request #4917 from libgit2/ethomson/giterr Move `giterr` to `git_error`
Edward Thomson a27a4de6 2019-01-10T22:48:03 errors: update docs for giterr changes
Edward Thomson 00c66dfd 2019-01-10T22:43:59 errors: update static analysis tools for giterr Update GITERR and giterr usages in the static code analysis tools to use the new names.
Edward Thomson fcc7dcb1 2019-01-10T22:39:56 errors: remove giterr usage in examples
Edward Thomson 115a6c50 2019-01-10T21:44:26 errors: remove giterr usage in fuzzers
Edward Thomson f673e232 2018-12-27T13:47:34 git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
Edward Thomson 647dfdb4 2019-01-10T22:13:07 git_error: deprecate error values Replace the `GITERR` values with a `const int` to deprecate error values.
Edward Thomson 20961b98 2018-12-26T14:06:21 git_error: use full class name in public error API Move to the `git_error` name in error-related functions, deprecating the `giterr` functions. This means, for example, that `giterr_last` is now `git_error_last`. The old names are retained for compatibility. This only updates the public API; internal API and function usage remains unchanged.
Edward Thomson 6b2cd0ed 2019-01-20T20:55:00 Merge pull request #4949 from zlikavac32/fix-odb-foreach-cb-positive-error-code odb: Fix odb foreach to also close on positive error code
Marijan Šuflaj f7416509 2019-01-20T20:15:31 Fix odb foreach to also close on positive error code In include/git2/odb.h it states that callback can also return positive value which should break looping. Implementations of git_odb_foreach() and pack_backend__foreach() did not respect that.
Edward Thomson 68166017 2019-01-20T18:33:36 Merge pull request #4948 from libgit2/ethomson/memleaks repository: free memory in symlink detection function
Edward Thomson b8b796c1 2019-01-20T18:09:43 repository: free memory in symlink detection function
Edward Thomson 1e92a036 2019-01-20T17:59:50 Merge pull request #4947 from libgit2/ethomson/proxyupdate ci: update poxyproxy, run in quiet mode
Edward Thomson c9d9e25f 2019-01-20T17:34:41 ci: update poxyproxy, run in quiet mode Update the proxy so that we can enable a quiet mode.
Edward Thomson 86b522bd 2019-01-20T14:27:57 Merge pull request #4945 from libgit2/ethomson/fix-intrinsics Add/multiply with overflow tweaks
Edward Thomson b5a3ef3c 2019-01-20T14:27:25 Merge pull request #4944 from libgit2/ethomson/deprecation Improve deprecation of old enums
Edward Thomson 75444d97 2019-01-20T13:52:46 add with overflow: correct documentation Correct the documentation on the fallback add/multiply with overflow functions.
Edward Thomson abbc07f1 2019-01-20T13:51:15 add with overflow: use SizeTAdd on Windows Windows provides <intsafe.h> which provides "performant" add and multiply with overflow operations. Use them when possible.
Edward Thomson c6d47acf 2019-01-20T13:04:10 Remove unused git__add_uint64_overflow
Edward Thomson f04f1c7e 2019-01-20T13:00:53 add with overflow intrinsics: simplify tests Use the smallest unsigned type that is equivalent to `size_t` to simplify the conditionals. Error if we're on a system that we believe offers builtins but we cannot determine which one to use.
Edward Thomson 1b2af79e 2019-01-20T10:49:23 deprecation: use the enum type in declaration The C standard does not specify whether an enum is a signed or unsigned type. Obviously, any enum that includes negative values _must_ be signed, but if all values are positive then the compiler is free to choose signed or unsigned. Thus, by changing the type signatures to `git_object_t` and declaring the old `GIT_OBJ_` values as a signed or unsigned int, we risk a mismatch between what the compiler has chosen for a `git_object_t`'s type and our type declaration. Thus, we declare the deprecated values as the enum instead of guessing.
Edward Thomson 44827b67 2019-01-20T10:36:41 deprecation: add `used` attribute Recent GCC enables `-Wunused-const-variables`, which makes output quite noisy. Disable unused warnings for our deprecated variables.
Edward Thomson 1758636b 2019-01-19T01:38:34 Merge pull request #4939 from libgit2/ethomson/git_ref Move `git_ref_t` to `git_reference_t`
Edward Thomson b2c2dc64 2019-01-19T01:36:40 Merge pull request #4940 from libgit2/ethomson/git_obj More `git_obj` to `git_object` updates
Edward Thomson c352e561 2019-01-19T01:34:21 Merge pull request #4943 from libgit2/ethomson/ci ci: only run invasive tests in nightly
Edward Thomson e2b9f568 2019-01-19T00:37:13 ci: run all invasive tests on windows
Edward Thomson 1ebf3a7d 2019-01-19T00:34:55 ci: only run invasive tests during nightly runs
Edward Thomson 6b8a648f 2019-01-19T00:25:16 ci: clear settings variables in powershell
Edward Thomson 423d3e73 2019-01-19T00:08:05 ci: precisely identify the invasive tests
Edward Thomson 4e0c8a1e 2019-01-17T22:07:24 Merge pull request #4930 from libgit2/ethomson/cdecl Always build a cdecl library
Edward Thomson 38e61797 2019-01-14T14:33:36 changelog: document that we always build cdecl
Edward Thomson 22d2062d 2019-01-09T18:25:10 Introduce GIT_CALLBACK macro to enforce cdecl Since we now always build the library with cdecl calling conventions, our callbacks should be decorated as such so that users will not be able to provide callbacks defined with other calling conventions. The `GIT_CALLBACK` macro will inject the `__cdecl` attribute as appropriate.
Edward Thomson 57b753a0 2019-01-09T12:47:40 cmake: error when STDCALL is specified To explicitly break end-users who were specifying STDCALL, explicitly fail the cmake process to ensure that they know that they need to change their bindings. Otherwise, we would quietly ignore their option and the resulting cdecl library would produced undefined behavior.
Edward Thomson a74dd39b 2019-01-09T12:33:47 Use cdecl calling conventions on Win32 The recommendation from engineers within Microsoft is that libraries should have a calling convention specified in the public API, and that calling convention should be cdecl unless there are strong reasons to use a different calling convention. We previously offered end-users the choice between cdecl and stdcall calling conventions. We did this for presumed wider compatibility: most Windows applications will use cdecl, but C# and PInvoke default to stdcall for WINAPI compatibility. (On Windows, the standard library functions are are stdcall so PInvoke also defaults to stdcall.) However, C# and PInvoke can easily call cdecl APIs by specifying an annotation. Thus, we will explicitly declare ourselves cdecl and remove the option to build as stdcall.
Edward Thomson b78bcbb9 2019-01-09T13:21:23 buffer: wrap EXTERN in DEPRECATED The GIT_EXTERN macro needs to provide order-specific attributes; update users of the GIT_DEPRECATED macro to allow for that.
Edward Thomson 6e17bfda 2019-01-17T20:15:34 Merge pull request #4932 from libgit2/ethomson/changelog changelog: document changes since 0.27