1. 11 Feb, 2020 2 commits
    • streams: openssl: switch approach to silence Valgrind errors · 0119e57d
      As OpenSSL loves using uninitialized bytes as another source of entropy,
      we need to mark them as defined so that Valgrind won't complain about
      use of these bytes. Traditionally, we've been using the macro
      `VALGRIND_MAKE_MEM_DEFINED` provided by Valgrind, but starting with
      OpenSSL 1.1 the code doesn't compile anymore due to `struct SSL` having
      become opaque. As such, we also can't set it as defined anymore, as we
      have no way of knowing its size.
      
      Let's change gears instead by just swapping out the allocator functions
      of OpenSSL with our own ones. The twist is that instead of calling
      `malloc`, we just call `calloc` to have the bytes initialized
      automatically. Next to soothing Valgrind, this approach has the benefit
      of being completely agnostic of the memory sanitizer and is neatly
      contained at a single place.
      
      Note that we shouldn't do this for non-Valgrind builds. As we cannot
      set up memory functions for a given SSL context, only, we need to swap
      them at a global context. Furthermore, as it's possible to call
      `OPENSSL_set_mem_functions` once only, we'd prevent users of libgit2 to
      set up their own allocators.
      Patrick Steinhardt committed
    • cmake: consolidate Valgrind option · 877054f3
      OpenSSL doesn't initialize bytes on purpose in order to generate
      additional entropy. Valgrind isn't too happy about that though, causing
      it to generate warninings about various issues regarding use of
      uninitialized bytes.
      
      We traditionally had some infrastructure to silence these errors in our
      OpenSSL stream implementation, where we invoke the Valgrind macro
      `VALGRIND_MAKE_MEMDEFINED` in various callbacks that we provide to
      OpenSSL. Naturally, we only include these instructions if a preprocessor
      define "VALGRIND" is set, and that in turn is only set if passing
      "-DVALGRIND" to CMake. We do that in our usual Azure pipelines, but we
      in fact forgot to do this in our nightly build. As a result, we get a
      slew of warnings for these nightly builds, but not for our normal
      builds.
      
      To fix this, we could just add "-DVALGRIND" to our nightly builds. But
      starting with commit d827b11b (tests: execute leak checker via CTest
      directly, 2019-06-28), we do have a secondary variable that directs
      whether we want to use memory sanitizers for our builds. As such, every
      user wishing to use Valgrind for our tests needs to pass both options
      "VALGRIND" and "USE_LEAK_CHECKER", which is cumbersome and error prone,
      as can be seen by our own builds.
      
      Instead, let's consolidate this into a single option, removing the old
      "-DVALGRIND" one. Instead, let's just add the preprocessor directive if
      USE_LEAK_CHECKER equals "valgrind" and remove "-DVALGRIND" from our own
      pipelines.
      Patrick Steinhardt committed
  2. 08 Feb, 2020 2 commits
  3. 07 Feb, 2020 11 commits
  4. 06 Feb, 2020 1 commit
  5. 04 Feb, 2020 2 commits
  6. 01 Feb, 2020 1 commit
  7. 31 Jan, 2020 3 commits
    • fetchhead: strip credentials from remote URL · 93a9044f
      If fetching from an anonymous remote via its URL, then the URL gets
      written into the FETCH_HEAD reference. This is mainly done to give
      valuable context to some commands, like for example git-merge(1), which
      will put the URL into the generated MERGE_MSG. As a result, what gets
      written into FETCH_HEAD may become public in some cases. This is
      especially important considering that URLs may contain credentials, e.g.
      when cloning 'https://foo:bar@example.com/repo' we persist the complete
      URL into FETCH_HEAD and put it without any kind of sanitization into the
      MERGE_MSG. This is obviously bad, as your login data has now just leaked
      as soon as you do git-push(1).
      
      When writing the URL into FETCH_HEAD, upstream git does strip
      credentials first. Let's do the same by trying to parse the remote URL
      as a "real" URL, removing any credentials and then re-formatting the
      URL. In case this fails, e.g. when it's a file path or not a valid URL,
      we just fall back to using the URL as-is without any sanitization. Add
      tests to verify our behaviour.
      Patrick Steinhardt committed
    • Merge pull request #5375 from pks-t/pks/test-ci · a1bff63b
      azure-pipelines: properly expand negotiate passwords
      Edward Thomson committed
    • azure-pipelines: properly expand negotiate passwords · 7aa99dd3
      To allow testing against a Kerberos instance, we have added variables
      for the Kerberos password to allow authentication against LIBGIT2.ORG in
      commit e5fb5fe5 (ci: perform SPNEGO tests, 2019-10-20). To set up the
      password, we assign
      
          "GITTEST_NEGOTIATE_PASSWORD=$(GITTEST_NEGOTIATE_PASSWORD)"
      
      in the environmentVariables section which is then passed through to a
      template. As the template does build-time expansion of the environment
      variables, it will expand the above line verbosely, and due to the
      envVar section not doing any further expansion the password variable
      will end up with the value "$(GITTEST_NEGOTIATE_PASSWORD)" in the
      container's environment.
      
      Fix this fixed by doing expansion of GITTEST_NEGOTIATE_PASSWORD at
      build-time, as well.
      Patrick Steinhardt committed
  8. 30 Jan, 2020 3 commits
  9. 26 Jan, 2020 1 commit
    • credential: change git_cred to git_credential · 3f54ba8b
      We avoid abbreviations where possible; rename git_cred to
      git_credential.
      
      In addition, we have standardized on a trailing `_t` for enum types,
      instead of using "type" in the name.  So `git_credtype_t` has become
      `git_credential_t` and its members have become `GIT_CREDENTIAL` instead
      of `GIT_CREDTYPE`.
      
      Finally, the source and header files have been renamed to `credential`
      instead of `cred`.
      
      Keep previous name and values as deprecated, and include the new header
      files from the previous ones.
      Edward Thomson committed
  10. 24 Jan, 2020 14 commits