1. 20 May, 2019 1 commit
  2. 02 May, 2019 16 commits
    • Correctly write to missing locked global config · 98c11905
      Opening a default config when ~/.gitconfig doesn't exist, locking it,
      and attempting to write to it causes an assertion failure.
      
      Treat non-existent global config file content as an empty string.
      
      (cherry picked from commit e44110db)
      Ian Hattendorf committed
    • cmake: fix include ordering issues with bundled deps · 9e07f684
      When linking against bundled libraries, we include their header
      directories by using "-isystem". The reason for that is that we
      want to handle our vendored library headers specially, most
      importantly to ignore warnings generated by including them. By
      using "-isystem", though, we screw up the order of searched
      include directories by moving those bundled dependencies towards
      the end of the lookup order. Like this, chances are high that any
      other specified include directory contains a file that collides
      with the actual desired include file.
      
      Fix this by not treating the bundled dependencies' include
      directories as system includes. This will move them to the front
      of the lookup order and thus cause them to override
      system-provided headers. While this may cause the compiler to
      generate additional warnings when processing bundled headers,
      this is a tradeoff we should make regardless to fix builds on
      systems hitting this issue.
      
      (cherry picked from commit ee3d71fb)
      Patrick Steinhardt committed
    • cmake: correctly detect if system provides `regcomp` · 085ed2c6
      We assume that if we are on Win32, Amiga OS, Solaris or SunOS,
      that the regcomp(3P) function cannot be provided by the system.
      Thus we will in these cases always include our own, bundled regex
      sources to make a regcomp implementation available. This test is
      obviously very fragile, and we have seen it fail on MSYS2/MinGW
      systems, which do in fact provide the regcomp symbol. The effect
      is that during compilation, we will use the "regex.h" header
      provided by MinGW, but use symbols provided by ourselves. This
      in fact may cause subtle memory layout issues, as the structure
      made available via MinGW doesn't match what our bundled code
      expects.
      
      There's one more problem with our regex detection: on the listed
      platforms, we will incorrectly include the bundled regex code
      even in case where the system provides regcomp_l(3), but it will
      never be used for anything.
      
      Fix the issue by improving our regcomp detection code. Instead of
      relying on a fragile listing of platforms, we can just use
      `CHECK_FUNCTION_EXISTS` instead. This will not in fact avoid the
      header-ordering problem. But we can assume that as soon as a
      system-provided "regex.h" header is provided, that
      `CHECK_FUNCTION_EXISTS` will now correctly find the desired
      symbol and thus not include our bundled regex code.
      
      (cherry picked from commit 13cb9f7a)
      Patrick Steinhardt committed
    • config_file: check result of git_array_alloc · 4ec32d36
      git_array_alloc can return NULL if no memory is available, causing
      a segmentation fault in memset. This adds GIT_ERROR_CHECK_ALLOC
      similar to how other parts of the code base deal with the return
      value of git_array_alloc.
      Tobias Nießen committed
    • git_repository_init: stop traversing at windows root · 9b698978
      Stop traversing the filesystem at the Windows directory root.  We were
      calculating the filesystem root for the given directory to create, and
      walking up the filesystem hierarchy.  We intended to stop when the
      traversal path length is equal to the root path length (ie, stopping at
      the root, since no path may be shorter than the root path).
      
      However, on Windows, the root path may be specified in two different
      ways, as either `Z:` or `Z:\`, where `Z:` is the current drive letter.
      `git_path_dirname_r` returns the path _without_ a trailing slash, even
      for the Windows root.  As a result, during traversal, we need to test
      that the traversal path is _less than or equal to_ the root path length
      to determine if we've hit the root to ensure that we stop when our
      traversal path is `Z:` and our calculated root path was `Z:\`.
      Edward Thomson committed
    • ignore: treat paths with trailing "/" as directories · 21baf7ab
      The function `git_ignore_path_is_ignored` is there to test the
      ignore status of paths that need not necessarily exist inside of
      a repository. This has the implication that for a given path, we
      cannot always decide whether it references a directory or a file,
      and we need to distinguish those cases because ignore rules may
      treat those differently. E.g. given the following gitignore file:
      
          *
          !/**/
      
      we'd only want to unignore directories, while keeping files
      ignored. But still, calling `git_ignore_path_is_ignored("dir/")`
      will say that this directory is ignored because it treats "dir/"
      as a file path.
      
      As said, the `is_ignored` function cannot always decide whether
      the given path is a file or directory, and thus it may produce
      wrong results in some cases. While this is unfixable in the
      general case, we can do better when we are being passed a path
      name with a trailing path separator (e.g. "dir/") and always
      treat them as directories.
      Patrick Steinhardt committed
    • tests: diff: test parsing diffs with a new file with spaces in its path · 4ec209cd
      Add a test that verifies that we are able to parse patches which add a
      new file that has spaces in its path.
      Erik Aigner committed
    • patch_parse: fix parsing addition/deletion of file with space · 96b6fe11
      The diff header format is a strange beast in that it is inherently
      unparseable in an unambiguous way. While parsing
      
          a/file.txt b/file.txt
      
      is obvious and trivially doable, parsing a diff header of
      
          a/file b/file ab.txt b/file b/file ab.txt
      
      is not (but in fact valid and created by git.git).
      
      Due to that, we have relaxed our diff header parser in commit 80226b5f
      (patch_parse: allow parsing ambiguous patch headers, 2017-09-22), so
      that we started to bail out when seeing diff headers with spaces in
      their file names. Instead, we try to use the "---" and "+++" lines,
      which are unambiguous.
      
      In some cases, though, we neither have a useable file name from the
      header nor from the "---" or "+++" lines. This is the case when we have
      a deletion or addition of a file with spaces: the header is unparseable
      and the other lines will simply show "/dev/null". This trips our parsing
      logic when we try to extract the prefix (the "a/" part) that is being
      used in the path line, where we unconditionally try to dereference a
      NULL pointer in such a scenario.
      
      We can fix this by simply not trying to parse the prefix in cases where
      we have no useable path name. That'd leave the parsed patch without
      either `old_prefix` or `new_prefix` populated. But in fact such cases
      are already handled by users of the patch object, which simply opt to
      use the default prefixes in that case.
      Patrick Steinhardt committed
    • ignore: Do not match on prefix of negated patterns · 12bc7181
      Matching on the prefix of a negated pattern was triggering false
      negatives on siblings of that pattern. e.g.
      
      Given the .gitignore:
      dir/*
      !dir/sub1/sub2/**
      
      The path `dir/a.text` would not be ignored.
      Steve King Jr committed
    • Implement failing test for gitignore of complex subdirectory negation · aa877e09
      When a directory's contents are ignored, and then a glob negation is made to a nested subdir, other subdirectories are now unignored
      Tyler Ang-Wanek committed
    • Fix a _very_ improbable memory leak in git_odb_new() · 856afc27
      This change fixes a mostly theoretical memory leak in got_odb_new()
      that can only manifest if git_cache_init() fails due to running out of
      memory or not being able to acquire its lock.
      lhchavez committed
    • Fix a memory leak in odb_otype_fast() · 5189beb0
      This change frees a copy of a cached object in odb_otype_fast().
      lhchavez committed
  3. 14 Feb, 2019 10 commits
  4. 13 Feb, 2019 2 commits
  5. 12 Feb, 2019 1 commit
  6. 02 Feb, 2019 1 commit
  7. 31 Jan, 2019 9 commits
    • version: 0.28 · 3fe29c4d
      Edward Thomson committed
    • changelog: this is 0.28 · 63f96cd0
      Edward Thomson committed
    • mbedtls: fix potential size overflow when reading or writing data · 0ceac0d0
      The mbedtls library uses a callback mechanism to allow downstream users
      to plug in their own receive and send functions. We implement `bio_read`
      and `bio_write` functions, which simply wrap the `git_stream_read` and
      `git_stream_write` functions, respectively.
      
      The problem arises due to the return value of the callback functions:
      mbedtls expects us to return an `int` containing the actual number of
      bytes that were read or written. But this is in fact completely
      misdesigned, as callers are allowed to pass in a buffer with length
      `SIZE_MAX`. We thus may be unable to represent the number of bytes
      written via the return value.
      
      Fix this by only ever reading or writing at most `INT_MAX` bytes.
      Patrick Steinhardt committed
    • mbedtls: make global variables static · 75918aba
      The mbedtls stream implementation makes use of some global variables
      which are not marked as `static`, even though they're only used in this
      compilation unit. Fix this and remove a duplicate declaration.
      Patrick Steinhardt committed
    • openssl: fix potential size overflow when writing data · 657197e6
      Our `openssl_write` function calls `SSL_write` by passing in both `data`
      and `len` arguments directly. Thing is, our `len` parameter is of type
      `size_t` and theirs is of type `int`. We thus need to clamp our length
      to be at most `INT_MAX`.
      Patrick Steinhardt committed
    • streams: handle short writes only in generic stream · 7613086d
      Now that the function `git_stream__write_full` exists and callers of
      `git_stream_write` have been adjusted, we can lift logic for short
      writes out of the stream implementations. Instead, this is now handled
      either by `git_stream__write_full` or by callers of `git_stream_write`
      directly.
      Patrick Steinhardt committed
    • streams: fix callers potentially only writing partial data · 5265b31c
      Similar to the write(3) function, implementations of `git_stream_write`
      do not guarantee that all bytes are written. Instead, they return the
      number of bytes that actually have been written, which may be smaller
      than the total number of bytes. Furthermore, due to an interface design
      issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as
      otherwise we cannot represent the number of bytes written to the caller.
      
      Unfortunately, no caller of `git_stream_write` ever checks the return
      value, except to verify that no error occurred. Due to this, they are
      susceptible to the case where only partial data has been written.
      
      Fix this by introducing a new function `git_stream__write_full`. In
      contrast to `git_stream_write`, it will always return either success or
      failure, without returning the number of bytes written. Thus, it is able
      to write all `SIZE_MAX` bytes and loop around `git_stream_write` until
      all data has been written. Adjust all callers except the BIO callbacks
      in our mbedtls and OpenSSL streams, which already do the right thing and
      require the amount of bytes written.
      Patrick Steinhardt committed