Check that the repository directory is beneath the workdir before
adding it to the list of reserved paths.  If it is not, then there
is no possibility of checking out files into it, and it should not
be a reserved word.

This is a particular problem with submodules where the repo directory
may be in the super's .git directory.

Before:
libdir=/usr//usr/lib64
includedir=/usr//usr/include

After:
libdir=/usr/lib64
includedir=/usr/include

(note the duplication of /usr in the before case)

Don't coalesce all errors into ENOENT.  At least identify EACCES.
All callers should be handling this case already, as the POSIX
`lstat` will return this.

When a file exists on disk and we're checking out a file that differs
in executableness, remove the old file.  This allows us to recreate the
new file with p_open, which will take the new mode into account and
handle setting the umask properly.

Remove any notion of chmod'ing existing files, since it is now handled
by the aforementioned removal and was incorrect, as it did not take
umask into account.

It calls git_mempack_reset which reallocates the object array. git_oidmap_free is now called on it explicitly.

git_mempack_reset was leaving free'd pointers in the oidmap.

added a single line of additional error reporting from libssh2 when failing to retrieve the list of authentication methods

We create a lockfile to update files under GIT_DIR. Sometimes these
files are actually located elsewhere and a symlink takes their place. In
that case we should lock and update the file at its final location
rather than overwrite the symlink.

0.23 xdiff

xdiff craps the bed on large files.  Treat very large files as binary,
so that it doesn't even have to try.

Refactor our merge binary handling to better match git.git, which
looks for a NUL in the first 8000 bytes.

Maintenance backports for v23

Include the copyright notice from the deps/winhttp/ sources.  Move the
LGPL to the bottom of the file (since multiple dependencies are LGPL
licensed) and include the actual copyright notices from the regex sources.

Starting at OS X 10.8, the Security framework offers some functions
which are unified across OS X and iOS. These are the functions that we
use.

Older versions of OS X do not have these functions and we fail to
compile. In these situations, fall back to using OpenSSL for our TLS
stream instead.

When parsing user-provided regex patterns for functions, we must not
fail to provide a diff just because a pattern is not well
formed. Ignore it instead.

When we ask for credentials, the user may choose to return EUSER to
indicate that an error has happened on its end and it wants to be given
back control.

We must therefore pass that back to the user instead of mentioning that
it was on_headers_complete() that returned an error code. Since we can,
we return the exact error code from the user (other than PASSTHROUGH)
since it doesn't cost anything, though using other error codes aren't
recommended.

The conditional checked cbs->transfer_progress then used the value in cbs->push_transfer_progress. In both cases it should be push_transfer_progress

When we're looking to update a tag, we can't stop if the tag auto-follow
rules don't say to update it. The tag might still match the refspec we
were given.

When curl uses a proxy, it will only use Basic unless we prompt it to
try to use the most secure on it has available.

This is something which git did recently, and it seems like a good idea.

OS X may have libssh2 in diff locations, so CHECK_LIBRARY_EXISTS may check the wrong lib; forcing it to use a found directory.

Fix duplicate basenames to support older VS on maint/v0.23

With Visual Studio versions 2008 and older they ignore the full path to files and only check
the basename of the file to find a collision. Additionally, having duplicate basenames can break
other build tools like GYP.

This fixes https://github.com/libgit2/libgit2/issues/3356

A second round of 0.23 maint updates

When we have an error renaming the lockfile, we need to make sure
that we remove it upon cleanup. For this, we need to keep track of
whether we opened the file and whether the rename succeeded.

If we did create the lockfile but the rename did not succeed, we
remove the lockfile. This won't protect against all errors, but
the most common ones (target file is open) does get handled.

When we fail to rename, we currently leave the lockfile laying
around. This shows that behaviour.