apply: add GIT_APPLY_CHECK

refs: unlock unmodified refs on transaction commit

This adds an option which will check if a diff is applicable without
actually applying it; equivalent to git apply --check.

fuzzers: add a new fuzzer for patch parsing

I was looking at this code anyway because the sr.ht people nerdsniped
me, and it gave me that "I should fuzz this" feeling. So have a fuzzer!

patch_parse: handle patches without extended headers

Provide a wrapper for simple submodule clone steps

Add two more tests that verify our behaviour in some edge cases, notably
when cloning into a non-empty directory and when cloning the same
submodule twice.

The test submodule::add::submodule_clone doesn't use a sandbox, and thus
the created repo will not get deleted after the test has finished.
Convert the test to use the empty standard repo sandbox instead to fix
this.

The test submodule::add::homemade_clone unfortunately doesn't test
what's expected, but does instead clone the submodule to a directory
that is outside of the parent repository. Fixing this by cloning to the
correct location isn't possible, though, as `git_submodule_add_setup`
will have pre-created a ".git" file already, which will cause
`git_clone` to error out.

As it's not possible to perform the clone without fiddling around with
the repo's layout, let's just remove this test as that is in fact what
the new `git_submodule_clone` function is for.

Refs which are locked in a transaction without an altered target,
still should to be unlocked on `git_transaction_commit`.
`git_transaction_free` also unlocks refs but the moment of calling of `git_transaction_free`
cannot be controlled in all situations.
Some binding libs call `git_transaction_free` on garbage collection or not at all if the
application exits before and don't provide public access to `git_transaction_free`.
It is better to release locks as soon as possible.

macOS GSS Support

Extended header lines (especially the "index <hash>..<hash> <mode>") are
not required by "git apply" so it import patches. So we allow the
from-file/to-file lines (--- a/file\n+++ b/file) to directly follow the
git diff header.

This fixes #5267.

cmake: correct the link stanza for CoreFoundation

LIBRARIES is the (absolute?) path to the library.
LDFLAGS is the full linker stanza to correctly link with this lib.

By passing LIBRARIES as LIBGIT_LIBS, the linker ends up with the
absolute path for the SDK'ed version of CoreFoundation (which doesn't
exist), instead of the familiar `-framework CoreFoundation`.

Fix file locking on POSIX OS

cmake: update minimum CMake version to v3.5.1

The flag GIT_FILEBUF_FORCE currently does two things:
     1. It will cause the filebuf to create non-existing leading
        directories for the file that is about to be written.
     2. It will forcibly remove any pre-existing locks.
While most call sites actually do want (1), they do not want to
remove pre-existing locks, as that renders the locking mechanisms
effectively useless.
Introduce a new flag `GIT_FILEBUF_CREATE_LEADING_DIRS` to
separate both behaviours cleanly from each other and convert
callers to use it instead of `GIT_FILEBUF_FORCE` to have them
honor locked files correctly.

As this conversion removes all current users of `GIT_FILEBUF_FORCE`,
this commit removes the flag altogether.

patch_parse: handle patches with new empty files

Back in commit cf9f3452 (cmake: bump minimum version to 2.8.11,
2017-09-06), we have bumped the minimum CMake version to require at
least v2.8.11. The main hold-backs back then were distributions like
RHEL/CentOS as well as Ubuntu Trusty, which caused us to not target a
more modern version. Nowadays, Ubuntu Trusty has been EOL'd and CentOS 6
has CMake v3.6.1 available via the EPEL6 repository, and thus it seems
fair to upgrade to a more recent version.

Going through repology [1], one can see that all supported mainstream
distributions do in fact have CMake 3 available. Going through the list,
the minimum version that is supported by all mainstream distros is in
fact v3.5.1:

	- CentOS 6 via EPEL6: 3.6.1
	- Debian Oldstable: 3.7.2
	- Fedora 26: 3.8.2
	- OpenMandriva 3.x: 3.5.1
	- Slackware 14.2: 3.5.2
	- Ubuntu 16.04: 3.5.1

Consequentally, let's upgrade CMake to the minimum version of 3.5.1 and
remove all the version CMake checks that aren't required anymore.

[1]: https://repology.org/project/cmake/versions

DRY commit parsing

The commit list's in- and out-degrees are currently stored as `unsigned
short`. When assigning it the value of `git_array_size`, which returns
an `size_t`, this generates a warning on some Win32 platforms due to
loosing precision.

We could just cast the returned value of `git_array_size`, which would
work fine for 99.99% of all cases as commits typically have less than
2^16 parents. For crafted commits though we might end up with a wrong
value, and thus we should definitely check whether the array size
actually fits into the field.

To ease the check, let's convert the fields to store the degrees as
`uint16_t`. We shouldn't rely on such unspecific types anyway, as it may
lead to different behaviour across platforms. Furthermore, this commit
introduces a new `git__is_uint16` function to check whether it actually
fits -- if not, we return an error.

This allows us to pick which data from a commit we're interested in.
This will be used by the revwalk code, which is only interested in
parents' and committer data.

azure: avoid building and testing in Docker as root

regexp: implement a new regular expression API

Patches containing additions of empty files will not contain diff data
but will end with the index header line followed by the terminating
sequence "-- ". We follow the same logic as in cc4c44a9 and allow "-- "
to immediately follow the index header.

git_refdb API fixes

Don't use enum for flags

Using an `enum` causes trouble when used with C++ as bitwise operations are not possible w/o casting (e.g., `opts.flags &= ~GIT_BLOB_FILTER_CHECK_FOR_BINARY;` is invalid as there is no `&=` operator for `enum`).

Signed-off-by: Sven Strickroth <email@cs-ware.de>

Right now, all tests in libgit2's CI are being executed as root
user. As libgit2 will usually not run as a root user in "normal"
usecases and furthermore as there are tests that rely on the
ability to _not_ be able to create certain paths, let's instead
create an unprivileged user "libgit2" and use that across all
docker images.

valgrind: suppress memory leaks in libssh2_session_handshake

On Ubuntu, the combination of libgcrypt and libssh2 is quite old and
known to contain memory leaks. We thus have several functions listed in
our suppressions file that are known to leak. Due to a recent update of
libssh2 or libgcrypt, there now are new memory leaks caused by
libssh2_session_handshake and libssh2_init that cause the CI to fail.

Add a new suppression to fix the issue.

buffer: fix writes into out-of-memory buffers