(cherry picked from commit d076db11)

Instead of trying to run coverity builds during the regular PR process,
run them during a regularly scheduled cron process.  These only need to
run nightly, so it makes sense to bring them out of the PR process.

(cherry picked from commit 6b92368c)

(cherry picked from commit 24d17562)

(cherry picked from commit 24b8dd82)

(cherry picked from commit 465f8b51)

(cherry picked from commit f7bb4ff8)

(cherry picked from commit 6fb63c92)

(cherry picked from commit dc6e80e2)

The leaks process is not good about handling children.  Ensure that its
child is `nohup`ed so that the grandparent shell won't wait for it to
exit.

(cherry picked from commit 6eb97b6b)

(cherry picked from commit 230eeda8)

(cherry picked from commit b00672b9)

(cherry picked from commit afecd15c)

(cherry picked from commit 7f12c123)

On Linux (where we run valgrind) allocate a smaller buffer, but still an
insanely large size.  This will cause malloc to fail but will not cause
valgrind to report a likely error with a negative-sized malloc.

Keep the original buffer size on non-Linux platforms: this is
well-tested on them and changing it may be problematic.  On macOS, for
example, using the new size causes `malloc` to print a warning to
stderr.

(cherry picked from commit 219512e7)

(cherry picked from commit 6d6700d2)

(cherry picked from commit 67f5304f)

(cherry picked from commit 9e588060)

Script to set up dependencies on a macOS build system.

(cherry picked from commit 87342404)

Sets up a linux host to prepare for a build.

(cherry picked from commit 5bb2087b)

Refactor citest.sh to enable local testing by developers.

(cherry picked from commit 451b0017)

(cherry picked from commit bf418f09)

Add citest.ps1 PowerShell script to run the tests.

(cherry picked from commit e2cc5b6d)

(cherry picked from commit 3b6281fa)

Simplify the names for the tests, removing the unnecessary
"libgit2-clar" prefix.  Make "all" the new default test run, and include
the online tests by default (since HTTPS should always be enabled).

For the CI tests, create an offline-only test, then the various online
tests.

(cherry picked from commit ce798b25)

(cherry picked from commit 61eaaadf)

(cherry picked from commit 149790b9)

(cherry picked from commit 4c969618)

(cherry picked from commit 0fb8c1d0)

The goal is to let cmake manage the parallelism

(cherry picked from commit 1f4ada2a)

==17851== Invalid free() / delete / delete[] / realloc()
==17851==    at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17851==    by 0x60BBE2B: __libc_freeres (in /lib/x86_64-linux-gnu/libc-2.19.so)
==17851==    by 0x4A256BC: _vgnU_freeres (in /usr/lib/valgrind/vgpreload_core-amd64-linux.so)
==17851==    by 0x5F8F16A: __run_exit_handlers (exit.c:97)
==17851==    by 0x5F8F1F4: exit (exit.c:104)
==17851==    by 0x5F74F4B: (below main) (libc-start.c:321)
==17851==  Address 0x63153c0 is 0 bytes inside data symbol "noai6ai_cached"

(cherry picked from commit 234443e3)

==2957== 912 bytes in 19 blocks are still reachable in loss record 323 of 369
==2957==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2957==    by 0x675B120: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675BDF8: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675FE0D: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x6761DC4: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x676477E: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675B071: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675B544: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x675914B: gcry_control (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==2957==    by 0x5D30EC9: libssh2_init (in /usr/lib/x86_64-linux-gnu/libssh2.so.1.0.1)
==2957==    by 0x66BCCD: git_transport_ssh_global_init (ssh.c:910)
==2957==    by 0x616443: init_common (global.c:65)

(cherry picked from commit dd75885a)

(cherry picked from commit 573c4089)

==18109== 664 bytes in 1 blocks are still reachable in loss record 279 of 339
==18109==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18109==    by 0x675B120: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x675C13C: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x675C296: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x679BD14: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x679CC64: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2)
==18109==    by 0x6A64946: ??? (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6)
==18109==    by 0x6A116E8: ??? (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6)
==18109==    by 0x6A01114: gnutls_global_init (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6)
==18109==    by 0x52A6C78: ??? (in /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.3.0)
==18109==    by 0x5285ADC: curl_global_init (in /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.3.0)
==18109==    by 0x663524: git_curl_stream_global_init (curl.c:44)

(cherry picked from commit c0c9e9ee)

(cherry picked from commit 74b0a432)

(cherry picked from commit 2f4e7cb0)

Security release v0.27.5

These can be used to inject options in an implementation which performs a
recursive clone by executing an external command via crafted url and path
attributes such that it triggers a local executable to be run.

The library is not vulnerable as we do not rely on external executables but a
user of the library might be relying on that so we add this protection.

This matches this aspect of git's fix for CVE-2018-17456.