1. 19 Oct, 2019 1 commit
    • patch_parse: reject patches with multiple old/new paths · 223e7e43
      It's currently possible to have patches with multiple old path name
      headers. As we didn't check for this case, this resulted in a memory
      leak when overwriting the old old path with the new old path because we
      simply discarded the old pointer.
      
      Instead of fixing this by free'ing the old pointer, we should reject
      such patches altogether. It doesn't make any sense for the "---" or
      "+++" markers to occur multiple times within a patch n the first place.
      This also implicitly fixes the memory leak.
      Patrick Steinhardt committed
  2. 18 Oct, 2019 1 commit
  3. 17 Oct, 2019 8 commits
  4. 16 Oct, 2019 2 commits
  5. 13 Oct, 2019 5 commits
  6. 11 Oct, 2019 2 commits
  7. 10 Oct, 2019 3 commits
    • refs: fix locks getting forcibly removed · 3335a034
      The flag GIT_FILEBUF_FORCE currently does two things:
           1. It will cause the filebuf to create non-existing leading
              directories for the file that is about to be written.
           2. It will forcibly remove any pre-existing locks.
      While most call sites actually do want (1), they do not want to
      remove pre-existing locks, as that renders the locking mechanisms
      effectively useless.
      Introduce a new flag `GIT_FILEBUF_CREATE_LEADING_DIRS` to
      separate both behaviours cleanly from each other and convert
      callers to use it instead of `GIT_FILEBUF_FORCE` to have them
      honor locked files correctly.
      
      As this conversion removes all current users of `GIT_FILEBUF_FORCE`,
      this commit removes the flag altogether.
      Sebastian Henke committed
    • Merge pull request #5248 from dlax/parse-patch-empty-files · 6716e2f3
      patch_parse: handle patches with new empty files
      Patrick Steinhardt committed
    • cmake: update minimum CMake version to v3.5.1 · ebabb88f
      Back in commit cf9f3452 (cmake: bump minimum version to 2.8.11,
      2017-09-06), we have bumped the minimum CMake version to require at
      least v2.8.11. The main hold-backs back then were distributions like
      RHEL/CentOS as well as Ubuntu Trusty, which caused us to not target a
      more modern version. Nowadays, Ubuntu Trusty has been EOL'd and CentOS 6
      has CMake v3.6.1 available via the EPEL6 repository, and thus it seems
      fair to upgrade to a more recent version.
      
      Going through repology [1], one can see that all supported mainstream
      distributions do in fact have CMake 3 available. Going through the list,
      the minimum version that is supported by all mainstream distros is in
      fact v3.5.1:
      
      	- CentOS 6 via EPEL6: 3.6.1
      	- Debian Oldstable: 3.7.2
      	- Fedora 26: 3.8.2
      	- OpenMandriva 3.x: 3.5.1
      	- Slackware 14.2: 3.5.2
      	- Ubuntu 16.04: 3.5.1
      
      Consequentally, let's upgrade CMake to the minimum version of 3.5.1 and
      remove all the version CMake checks that aren't required anymore.
      
      [1]: https://repology.org/project/cmake/versions
      Patrick Steinhardt committed
  8. 03 Oct, 2019 4 commits
  9. 28 Sep, 2019 3 commits
  10. 27 Sep, 2019 1 commit
  11. 26 Sep, 2019 2 commits
  12. 21 Sep, 2019 8 commits
    • azure: avoid building and testing in Docker as root · 3c884cc3
      Right now, all tests in libgit2's CI are being executed as root
      user. As libgit2 will usually not run as a root user in "normal"
      usecases and furthermore as there are tests that rely on the
      ability to _not_ be able to create certain paths, let's instead
      create an unprivileged user "libgit2" and use that across all
      docker images.
      Patrick Steinhardt committed
    • Merge pull request #5240 from pks-t/pks/valgrind-suppress-gcrypt · 9cd5240e
      valgrind: suppress memory leaks in libssh2_session_handshake
      Patrick Steinhardt committed
    • valgrind: suppress memory leaks in libssh2_session_handshake · 56d5b443
      On Ubuntu, the combination of libgcrypt and libssh2 is quite old and
      known to contain memory leaks. We thus have several functions listed in
      our suppressions file that are known to leak. Due to a recent update of
      libssh2 or libgcrypt, there now are new memory leaks caused by
      libssh2_session_handshake and libssh2_init that cause the CI to fail.
      
      Add a new suppression to fix the issue.
      Patrick Steinhardt committed
    • Merge pull request #5232 from pks-t/pks/buffer-ensure-size-oom · 3c1aa232
      buffer: fix writes into out-of-memory buffers
      Edward Thomson committed
    • posix: remove superseded POSIX regex wrappers · f585b129
      The old POSIX regex wrappers have been superseded by our own regexp API
      that provides a higher-level abstraction. Remove the POSIX wrappers in
      favor of the new one.
      Patrick Steinhardt committed
    • global: convert all users of POSIX regex to use our new regexp API · 7aacf027
      The old POSIX regex API has been superseded by our new regexp API.
      Convert all users to make use of the new one.
      Patrick Steinhardt committed
    • regexp: implement new regular expression API · d77378eb
      We currently support a set of different regular expression backends with
      PCRE, PCRE2, regcomp(3P) and regcomp_l(3). The current implementation of
      this is done via a simple POSIX wrapper that either directly uses
      supplied functions or that is a very small wrapper.
      
      To support PCRE and PCRE2, we use their provided <pcreposix.h> and
      <pcre2posix.h> wrappers. These wrappers are implemented in such a way
      that the accompanying libraries pcre-posix and pcre2-posix provide the
      same symbols as the libc ones, namely regcomp(3P) et al. This works out
      on some systems just fine, most importantly on glibc-based ones, where
      the regular expression functions are implemented as weak aliases and
      thus get overridden by linking in the pcre{,2}-posix library. On other
      systems we depend on the linking order of libc and pcre library, and as
      libc always comes first we will end up with the functions of the libc
      implementation. As a result, we may use the structures `regex_t` and
      `regmatch_t` declared by <pcre{,2}posix.h>, but use functions defined by
      the libc, leading to segfaults.
      
      The issue is not easily solvable. Somed distributions like Debian have
      resolved this by patching PCRE and PCRE2 to carry custom prefixes to all
      the POSIX function wrappers. But this is not supported by upstream and
      thus inherently unportable between distributions. We could instead try
      to modify linking order, but this starts becoming fragile and will not
      work e.g. when libgit2 is loaded via dlopen(3P) or similar ways. In the
      end, this means that we simply cannot use the POSIX wrappers provided by
      the PCRE libraries at all.
      
      Thus, this commit introduces a new regular expression API. The new API
      is on a tad higher level than the previous POSIX abstraction layer, as
      it tries to abstract away any non-portable flags like e.g. REG_EXTENDED,
      which has no equivalents in all of our supported backends. As there are
      no users of POSIX regular expressions that do _not_ reguest REG_EXTENDED
      this is fine to be abstracted away, though. Due to the API being
      higher-level than before, it should generally be a tad easier to use
      than the previous one.
      
      Note: ideally, the new API would've been called `git_regex_foobar` with
      a file "regex.h" and "regex.c". Unfortunately, this is currently
      impossible to implement due to naming clashes between the then-existing
      "regex.h" and <regex.h> provided by the libc. As we add the source
      directory of libgit2 to the header search path, an include of <regex.h>
      would always find our own "regex.h". Thus, we have to take the bitter
      pill of adding one more character to all the functions to disambiguate
      the includes.
      
      To improve guarantees around cross-backend compatibility, this commit
      also brings along an improved regular expression test suite
      core::regexp.
      Patrick Steinhardt committed
    • buffer: fix printing into out-of-memory buffer · 174b7a32
      Before printing into a `git_buf` structure, we always call `ENSURE_SIZE`
      first. This macro will reallocate the buffer as-needed depending on
      whether the current amount of allocated bytes is sufficient or not. If
      `asize` is big enough, then it will just do nothing, otherwise it will
      call out to `git_buf_try_grow`. But in fact, it is insufficient to only
      check `asize`.
      
      When we fail to allocate any more bytes e.g. via `git_buf_try_grow`,
      then we set the buffer's pointer to `git_buf__oom`. Note that we touch
      neither `asize` nor `size`. So if we just check `asize > targetsize`,
      then we will happily let the caller of `ENSURE_SIZE` proceed with an
      out-of-memory buffer. As a result, we will print all bytes into the
      out-of-memory buffer instead, resulting in an out-of-bounds write.
      
      Fix the issue by having `ENSURE_SIZE` verify that the buffer is not
      marked as OOM. Add a test to verify that we're not writing into the OOM
      buffer.
      Patrick Steinhardt committed