1. 25 Nov, 2020 1 commit
  2. 09 Jun, 2020 2 commits
    • tree-wide: do not compile deprecated functions with hard deprecation · c6184f0c
      When compiling libgit2 with -DDEPRECATE_HARD, we add a preprocessor
      definition `GIT_DEPRECATE_HARD` which causes the "git2/deprecated.h"
      header to be empty. As a result, no function declarations are made
      available to callers, but the implementations are still available to
      link against. This has the problem that function declarations also
      aren't visible to the implementations, meaning that the symbol's
      visibility will not be set up correctly. As a result, the resulting
      library may not expose those deprecated symbols at all on some platforms
      and thus cause linking errors.
      
      Fix the issue by conditionally compiling deprecated functions, only.
      While it becomes impossible to link against such a library in case one
      uses deprecated functions, distributors of libgit2 aren't expected to
      pass -DDEPRECATE_HARD anyway. Instead, users of libgit2 should manually
      define GIT_DEPRECATE_HARD to hide deprecated functions. Using "real"
      hard deprecation still makes sense in the context of CI to test we don't
      use deprecated symbols ourselves and in case a dependant uses libgit2 in
      a vendored way and knows it won't ever use any of the deprecated symbols
      anyway.
      Patrick Steinhardt committed
    • tree-wide: mark local functions as static · a6c9e0b3
      We've accumulated quite some functions which are never used outside of
      their respective code unit, but which are lacking the `static` keyword.
      Add it to reduce their linkage scope and allow the compiler to optimize
      better.
      Patrick Steinhardt committed
  3. 06 Jan, 2020 3 commits
  4. 17 Oct, 2019 1 commit
  5. 18 Jul, 2019 1 commit
  6. 14 Jun, 2019 1 commit
    • Rename opt init functions to `options_init` · 0b5ba0d7
      In libgit2 nomenclature, when we need to verb a direct object, we name
      a function `git_directobject_verb`.  Thus, if we need to init an options
      structure named `git_foo_options`, then the name of the function that
      does that should be `git_foo_options_init`.
      
      The previous names of `git_foo_init_options` is close - it _sounds_ as
      if it's initializing the options of a `foo`, but in fact
      `git_foo_options` is its own noun that should be respected.
      
      Deprecate the old names; they'll now call directly to the new ones.
      Edward Thomson committed
  7. 15 Feb, 2019 5 commits
    • maps: use high-level function to check existence of keys · c50a8ac2
      Some callers were still using the tightly-coupled pattern of `lookup_index` and
      `valid_index` to verify that an entry exists in a map. Instead, use the more
      high-level `exists` functions to decouple map users from its implementation.
      Patrick Steinhardt committed
    • strmap: introduce high-level setter for key/value pairs · 03555830
      Currently, one would use the function `git_strmap_insert` to insert key/value
      pairs into a map. This function has historically been a macro, which is why its
      syntax is kind of weird: instead of returning an error code directly, it instead
      has to be passed a pointer to where the return value shall be stored. This does
      not match libgit2's common idiom of directly returning error codes.
      
      Introduce a new function `git_strmap_set`, which takes as parameters the map,
      key and value and directly returns an error code. Convert all callers of
      `git_strmap_insert` to make use of it.
      Patrick Steinhardt committed
    • strmap: introduce `git_strmap_get` and use it throughout the tree · ef507bc7
      The current way of looking up an entry from a map is tightly coupled with the
      map implementation, as one first has to look up the index of the key and then
      retrieve the associated value by using the index. As a caller, you usually do
      not care about any indices at all, though, so this is more complicated than
      really necessary. Furthermore, it invites for errors to happen if the correct
      error checking sequence is not being followed.
      
      Introduce a new high-level function `git_strmap_get` that takes a map and a key
      and returns a pointer to the associated value if such a key exists. Otherwise,
      a `NULL` pointer is returned. Adjust all callers that can trivially be
      converted.
      Patrick Steinhardt committed
    • maps: provide a uniform entry count interface · 7e926ef3
      There currently exist two different function names for getting the entry count
      of maps, where offmaps offset and string maps use `num_entries` and OID maps use
      `size`. In most programming languages with built-in map types, this is simply
      called `size`, which is also shorter to type. Thus, this commit renames the
      other two functions `num_entries` to match the common way and adjusts all
      callers.
      Patrick Steinhardt committed
    • maps: use uniform lifecycle management functions · 351eeff3
      Currently, the lifecycle functions for maps (allocation, deallocation, resize)
      are not named in a uniform way and do not have a uniform function signature.
      Rename the functions to fix that, and stick to libgit2's naming scheme of saying
      `git_foo_new`. This results in the following new interface for allocation:
      
      - `int git_<t>map_new(git_<t>map **out)` to allocate a new map, returning an
        error code if we ran out of memory
      
      - `void git_<t>map_free(git_<t>map *map)` to free a map
      
      - `void git_<t>map_clear(git<t>map *map)` to remove all entries from a map
      
      This commit also fixes all existing callers.
      Patrick Steinhardt committed
  8. 22 Jan, 2019 1 commit
  9. 04 Jan, 2019 1 commit
  10. 01 Dec, 2018 2 commits
  11. 28 Nov, 2018 2 commits
  12. 05 Oct, 2018 1 commit
    • submodule: ignore path and url attributes if they look like options · c8ca3cae
      These can be used to inject options in an implementation which performs a
      recursive clone by executing an external command via crafted url and path
      attributes such that it triggers a local executable to be run.
      
      The library is not vulnerable as we do not rely on external executables but a
      user of the library might be relying on that so we add this protection.
      
      This matches this aspect of git's fix for CVE-2018-17456.
      Carlos Martín Nieto committed
  13. 28 Sep, 2018 1 commit
    • config: rename "config_file.h" to "config_backend.h" · b944e137
      The header "config_file.h" has a list of inline-functions to access the
      contents of a config backend without directly messing with the struct's
      function pointers. While all these functions are called
      "git_config_file_*", they are in fact completely backend-agnostic and
      don't care whether it is a file or not. Rename all the function to
      instead be backend-agnostic versions called "git_config_backend_*" and
      rename the header to match.
      Patrick Steinhardt committed
  14. 21 Sep, 2018 1 commit
    • submodule: fix submodule names depending on config-owned memory · 0b9c68b1
      When populating the list of submodule names, we use the submodule
      configuration entry's name as the key in the map of submodule names.
      This creates a hidden dependency on the liveliness of the configuration
      that was used to parse the submodule, which is fragile and unexpected.
      
      Fix the issue by duplicating the string before writing it into the
      submodule name map.
      Patrick Steinhardt committed
  15. 06 Jul, 2018 1 commit
  16. 10 Jun, 2018 1 commit
  17. 30 May, 2018 3 commits
    • submodule: remove useless mask computations · 9c698a25
      Previous to dfda2f68 (submodule: remove the per-repo cache,
      2015-04-27), we tried to cache our submodules per repository to avoid
      having to reload it too frequently. As it created some headaches with
      regards to multithreading, we removed that cache.
      
      Previous to that removal, we had to compute what submodule status to
      refresh. The mask computation was not removed, though, resulting in
      confusing and actually dead code. While it seems like the mask is
      currently in use in a conditional, it is not, as we unconditionally
      assign to the mask previous to that condition.
      
      Remove all mask computations to clean up stale code.
      Patrick Steinhardt committed
    • submodule: refactor loading submodule names · cf5030a3
      The function `load_submodule_names` was always being called with a
      newly allocated string map, which was then getting filled by the
      function. Move the string map allocation into `load_submodule_names`,
      instead, and pass the whole map back to the caller in case no error
      occurs. This change helps to avoid misuse by handing in pre-populated
      maps.
      Patrick Steinhardt committed
    • submodule: detect duplicated submodule paths · b2a389c8
      When loading submodule names, we build a map of submodule paths and
      their respective names. While looping over the configuration keys,
      we do not check though whether a submodule path was seen already. This
      leads to a memory leak in case we have multiple submodules with the same
      path, as we just overwrite the old value in the map in that case.
      
      Fix the error by verifying that the path to be added is not yet part of
      the string map. Git does not allow to have multiple submodules for a
      path anyway, so we now do the same and detect this duplication,
      reporting it to the user.
      Patrick Steinhardt committed
  18. 24 May, 2018 3 commits
  19. 23 May, 2018 1 commit
  20. 14 May, 2018 1 commit
  21. 09 May, 2018 1 commit
    • submodule: ignore submodules which include path traversal in their name · 6b15ceac
      If the we decide that the "name" of the submodule (i.e. its path inside
      `.git/modules/`) is trying to escape that directory or otherwise trick us, we
      ignore the configuration for that submodule.
      
      This leaves us with a half-configured submodule when looking it up by path, but
      it's the same result as if the configuration really were missing.
      
      The name check is potentially more strict than it needs to be, but it lets us
      re-use the check we're doing for the checkout. The function that encapsulates
      this logic is ready to be exported but we don't want to do that in a security
      release so it remains internal for now.
      Carlos Martín Nieto committed
  22. 28 Mar, 2018 1 commit
  23. 27 Mar, 2018 5 commits