(cherry picked from commit 0fb8c1d0)

The goal is to let cmake manage the parallelism

(cherry picked from commit 1f4ada2a)

==17851== Invalid free() / delete / delete[] / realloc()
==17851==    at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17851==    by 0x60BBE2B: __libc_freeres (in /lib/x86_64-linux-gnu/libc-2.19.so)
==17851==    by 0x4A256BC: _vgnU_freeres (in /usr/lib/valgrind/vgpreload_core-amd64-linux.so)
==17851==    by 0x5F8F16A: __run_exit_handlers (exit.c:97)
==17851==    by 0x5F8F1F4: exit (exit.c:104)
==17851==    by 0x5F74F4B: (below main) (libc-start.c:321)
==17851==  Address 0x63153c0 is 0 bytes inside data symbol "noai6ai_cached"

(cherry picked from commit 234443e3)

==2957== 912 bytes in 19 blocks are still reachable in loss record 323 of 369
==2957==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2957==    by 0x675B120: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675BDF8: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675FE0D: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x6761DC4: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x676477E: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675B071: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675B544: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675914B: gcry_control (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x5D30EC9: libssh2_init (in /usr/lib/x86_64-linux-gnu/libssh2.so.1.0.1)
==2957==    by 0x66BCCD: git_transport_ssh_global_init (ssh.c:910)
==2957==    by 0x616443: init_common (global.c:65)

(cherry picked from commit dd75885a)

(cherry picked from commit 573c4089)

==18109== 664 bytes in 1 blocks are still reachable in loss record 279 of 339
==18109==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18109==    by 0x675B120: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x675C13C: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x675C296: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x679BD14: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x679CC64: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x6A64946: ??? (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6)
==18109==    by 0x6A116E8: ??? (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6)
==18109==    by 0x6A01114: gnutls_global_init (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6)
==18109==    by 0x52A6C78: ??? (in /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.3.0)
==18109==    by 0x5285ADC: curl_global_init (in /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.3.0)
==18109==    by 0x663524: git_curl_stream_global_init (curl.c:44)

(cherry picked from commit c0c9e9ee)

(cherry picked from commit 74b0a432)

(cherry picked from commit 2f4e7cb0)

When executing `libgit2_clar -smerge -invalid_option`, it will first execute
the merge test suite and afterwards output help because of the invalid option.

With this changa, it verifies all options before execute. If there are any
invalid options, it will output help and exit without actually executing
the test suites.

(cherry picked from commit 32758631)

Commit 723e1e97 (appveyor: disable DHE to avoid spurious failures,
2018-03-29) added a workaround to fix spurious test failures due to a
bug in Windows' SChannel implementation. The workaround only worked by
accident, though, as the registry key was in fact mistyped. Fix the
typo.

(cherry picked from commit 3a72b0e2)

Our CI builds have intermittent failures in our online tests, e.g. with
the message "A provided buffer was too small". This is not a programming
error in libgit2 but rather an error in the SChannel component of
Windows. Under certain circumstances involving Diffie-Hellman key
exchange, SChannel is unable to correctly handle input from the server.
This bug has already been fixed in recent patches for Windows 10 and
Windows Server 2016, but they are not yet available for AppVeyor.

Manually pamper over that issue by disabling all ciphersuites using DHE
via the registry. While this disables more ciphers than necessary, we
really don't care for that at all but just want to avoid build failures
due to that bug.

See [1], [2] or [3] for additional information.

1: https://github.com/aws/aws-sdk-cpp/issues/671
2: https://github.com/dotnet/corefx/issues/7812
3: https://support.microsoft.com/en-us/help/2992611/ms14-066-vulnerability-in-schannel-could-allow-remote-code-execution-n
(cherry picked from commit 723e1e97)

In order to cover a wider range of build environments, add two more jobs
which build and test libgit2 on Visual Studio 14 2015.

(cherry picked from commit 03a95bc5)

AppVeyor currently does provide three standard build worker images with
VS2013, VS2015 and VS2017. Right now, we are using the implicitly, which
is the VS2015 one. We want to be more explicit about this, so that we
can easily switch build images based on the job. So starting from this
commit, we explicitly set the `APPVEYOR_BUILD_WORKER_IMAGE` variable per
job, which enables us to choose different images.

To be able to test a wider range of build configurations, this commit
also switches the jobs for VC2010 over to use the older, VS2013 based
images. As the next commit will introduce two new jobs for building with
VS2015, we have then covered both build environments.

Also, let us be a bit more explicit regarding the CMake generator.
Instead of only saying "Visual Studio 10", use the more descriptive
value "Visual Studio 10 2010" to at least avoid some confusion
surrounding the versioning scheme of Visual Studio.

(cherry picked from commit e1076dbf)

Some tests shall be run against our own SSH server we spin up in Travis.
As those need to be run separate from our previous tests which run
against git-daemon, we have to do this in a separate step. Instead of
bundling all that knowledge in the CI script, move it into the test
build instructions by creating a new test target.

(cherry picked from commit 5874e151)

Right now, we test our credential callback code twice, once via SSH on
localhost and once via a non-existent GitHub repository. While the first
URL makes sense to be configurable, it does not make sense to hard-code
the non-existing repository, which requires us to call tests multiple
times. Instead, we can just inline the URL into another set of tests.

(cherry picked from commit 54a1bf05)

We support two types of passing credentials to the proxy, either via the
URL or explicitly by specifying user and password. We test these types
by modifying the proxy URL and executing the tests twice, which is
in fact unnecessary and requires us to maintain the list of environment
variables and test executions across multiple CI infrastructures.

To fix the situation, we can just always pass the host, port, user and
password to the tests. The tests can then assemble the complete URL
either with or without included credentials, allowing us to test both
cases in-process.

(cherry picked from commit fea60920)

Our performance tests (or to be more concrete, our single performance
test) are not built by default, as they are always #ifdef'd out. While
it is true that we don't want to run performance tests by default, not
compiling them at all may cause code rot and is thus an unfavorable
approach to handle this.

We can easily improve this situation: this commit removes the #ifdef,
causing the code to always be compiled. Furthermore, we add `-xperf` to
the default command line parameters of `generate.py`, thus causing the
tests to be excluded by default.

Due to this approach, we are now able to execute the performance tests
by passing `-sperf` to `libgit2_clar`. Unfortunately, we cannot execute
the performance tests on Travis or AppVeyor as they rely on history
being available for the libgit2 repository. As both do a shallow clone
only, though, this is not given.

(cherry picked from commit 543ec149)

The test `iterator::workdir::filesystem_gunk` is usually not executed,
as it is guarded by the environment variable "GITTEST_INVASIVE_SPEED"
due to its effects on speed. As such, it has become stale and does not
account for new references which have meanwhile been added to the
testrepo, causing it to fail. Fix this by raising the number of expected
references to 15.

(cherry picked from commit b8c14499)

When the function `expect_iterator_items` surpasses the number of
expected items, we simply break the loop. This causes us to trigger an
assert later on which has message attached, which is annoying when
trying to locate the root error cause. Instead, directly assert that the
current count is still smaller or equal to the expected count inside of
the loop.

(cherry picked from commit 9aba7636)

Some function bodies of tests which are not applicable to the Win32
platform are completely #ifdef'd out instead of calling `cl_skip()`.
This leaves us with no indication that these tests are not being
executed at all and may thus cause decreased scrutiny when investigating
skipped tests. Improve the situation by calling `cl_skip()` instead of
just doing nothing.

(cherry picked from commit 72c28ab0)

Our tracing architecture is not built by default, causing the Travis CI
to not execute some code and skip several tests. As AppVeyor has already
enabled the tracing architecture when building the code, we should do
the same for Travis CI to have this code being tested on macOS and
Linux.

Add "-DENABLE_TRACE=ON" to our release-build options of Travis.

(cherry picked from commit 8999f6ac)

Ubuntu Precise is end of life since April 2017. At that point in time,
Precise was still the main distro on which Travis CI built upon, with
the Trusty-based images still being in a beta state. But since June
21st, Trusty has officially moved out of beta and is now the default
image for all new builds. Right now, we build on both old and new images
to assure we support both.

Unfortunately, this leaves us with the highest minimum version for CMake
being 2.8.7, as Precise has no greater version in its repositories. And
because of this limitation, we cannot actually use object libraries in
our build instructions. But considering Precise is end of life and
Trusty is now the new default for Travis, we can and should drop support
for this old and unmaintained distribution. And so we do.

(cherry picked from commit c17c3f8a)

The VM on Travis apparently will still proceed, but it's good practice.

(cherry picked from commit 6e748130)

The trusty dependencies are now hosted on Bintray.

(cherry picked from commit da9898ab)

Move back to Travis's VM infrastructure for efficiency.

(cherry picked from commit 9dc21efd)

(cherry picked from commit 71ba4644)

The macOS tests are by far the slowest right now. This attempts to remedy the
situation somewhat by asking clar to put its test data on a ramdisk.

(cherry picked from commit 37bb1512)

The getline(3) function call is not part of ISO C and, most importantly,
it is not implemented on Microsoft Windows platforms. As our networking
example code makes use of getline, this breaks builds on MSVC and MinGW.
As this code wasn't built prior to the previous commit, this was never
noticed.

Fix the error by instead implementing a `readline` function, which
simply reads the password from stdin until it reads a newline
character.

(cherry picked from commit bf15dbf6)

By default, CMake will not build our examples directory. As we do not
instruct either the MinGW or MSVC builds on AppVeyor to enable building
these examples, we cannot verify that those examples at least build on
Windows systems.

Fix that by passing `-DBUILD_EXAMPLES=ON` to AppVeyor's CMake
invocation.

(cherry picked from commit 0b98a66b)

(cherry picked from commit c582fa4e)

(cherry picked from commit 697583ea)

(cherry picked from commit 4da38193)

Ubuntu trusty has a bug in curl when using NTLM credentials in a proxy,
dereferencing a null pointer and causing segmentation faults.  Use a
custom-patched version of libcurl that avoids this issue.

(cherry picked from commit f031e20b)

Ubuntu 12.04 (Precise Pangolin) reaches end of life on April 28th, 2017.
As such, we should update our build infrastructure to use the next
available LTS release, which is Ubuntu 14.04 LTS (Trusty Tahr). Note
that Trusty is still considered beta quality on Travis. But considering
we are able to correctly build and test libgit2, this seems to be a
non-issue for us.

Switch over our default distribution to Trusty. As Precise still has
extended support for paying customers, add an additional job which
compiles libgit2 on the old release.

(cherry picked from commit 7c8d460f)

Some tests of ours require to be running against an SSH server.
Currently, we simply run against the SSH server provided and started by
Travis itself. As our Linux tests run in a sudo-less environment, we
have no control over its configuration and startup/shutdown procedure.
While this has been no problem until now, it will become a problem as
soon as we migrate over to newer Precise images, as the SSH server does
not have any host keys set up. Luckily, we can simply set up our own
unpriviledged SSH server. This has the benefit of us being able to
modify its configuration even in a sudo-less environment.

This commit sets up the unpriviledged SSH server on port 2222.

(cherry picked from commit 06619904)

All our tests running against a local SSH server usually read the
server's URL from environment variables. But online::clone::ssh_cert
test fails to do so and instead always connects to
"ssh://localhost/foo". This assumption breaks whenever the SSH server is
not running on the standard port, e.g. when it is running as a user.

Fix the issue by using the URL provided by the environment.

(cherry picked from commit c2c95ad0)

Security release v0.26.7

These can be used to inject options in an implementation which performs a
recursive clone by executing an external command via crafted url and path
attributes such that it triggers a local executable to be run.

The library is not vulnerable as we do not rely on external executables but a
user of the library might be relying on that so we add this protection.

This matches this aspect of git's fix for CVE-2018-17456.