- 29 Jul, 2022 2 commits
- 28 Jul, 2022 2 commits
- 27 Jul, 2022 1 commit
-
-
yuangli committed
-
- 26 Jul, 2022 1 commit
-
-
yuangli committed
-
- 14 Jul, 2022 1 commit
-
-
The experimental function signature is only available when `GIT_EXPERIMENTAL_SHA256` is enabled.
Edward Thomson committed
-
- 12 Jul, 2022 2 commits
-
-
In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior.
Edward Thomson committed -
To match git's behavior with CVE 2022-29187, validate not only the working directory, but also the gitdir and gitlink (if it exists). This a follow up to CVE-2022-24765 that was fixed earlier.
Edward Thomson committed
-
- 07 Jul, 2022 2 commits
-
-
Allow users in the administrator group to use git configs that are owned by administrators.
Edward Thomson committed -
This reverts commit cdff2f02. This change erroneously allowed system users to own a worktree; this should only be allowed when the current user is in the Administrator group on Windows as well.
Edward Thomson committed
-
- 20 Jun, 2022 2 commits
-
-
Users will need to be able to specify the object id type for the given object database; add a new `git_odb_options` with that option.
Edward Thomson committed -
The git_odb_hash helper functions should not assume SHA1, and instead should be given the oid type that they're producing.
Edward Thomson committed
-
- 15 Jun, 2022 1 commit
-
-
In preparation for SHA256 support, `GIT_OID_RAWSZ` and `GIT_OID_HEXSZ` need to indicate that they're the size of _SHA1_ OIDs.
Edward Thomson committed
-
- 14 Jun, 2022 1 commit
-
-
Update our ownership checks that were introduced in libgit2 v1.4.3 (to combat CVE 2022-24765). These were not compatible with git's; git itself allows administrators to own the path. Our checks now match this behavior.
Edward Thomson committed
-
- 12 Apr, 2022 4 commits
-
-
Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can disable repository ownership validation.
Edward Thomson committed -
Obey the `safe.directory` configuration variable if it is set in the global or system configuration. (Do not try to load this from the repository configuration - to avoid malicious repositories that then mark themselves as safe.)
Edward Thomson committed -
Pull the global configuration loader out of the symlink check so that it can be re-used.
Edward Thomson committed -
Ensure that the repository directory is owned by the current user; this prevents us from opening configuration files that may have been created by an attacker.
Edward Thomson committed
-
- 16 Mar, 2022 1 commit
-
-
As builtin extensions are evaluated in the latter half of `check_valid_extension`, a string `cfg` is concatenated with the static string 'extension.' and the value from `builtin_extension`, before being compared with the configured value. This string is not being cleared while iterating through the names of the extensions. Because there is currently only one extension ('noop'), the bug was never noticible. This patch corrects the behavior by clearing the string on each iteration, as is done in the first block.
Wilhelm Bierbaum committed
-
- 23 Feb, 2022 1 commit
-
-
Edward Thomson committed
-
- 05 Jan, 2022 1 commit
-
-
Dimitris Apostolou committed
-
- 22 Nov, 2021 1 commit
-
-
Edward Thomson committed
-
- 12 Nov, 2021 1 commit
-
-
This mimics the behaviour of git which just prints a warning and continues with the repo initialisation.
Jason Nader committed
-
- 09 Nov, 2021 3 commits
-
-
Edward Thomson committed
-
Edward Thomson committed
-
Introduce `git_fs_path`, which operates on generic filesystem paths. `git_path` will be kept for only git-specific path functionality (for example, checking for `.git` in a path).
Edward Thomson committed
-
- 17 Oct, 2021 1 commit
-
-
libgit2 has two distinct requirements that were previously solved by `git_buf`. We require: 1. A general purpose string class that provides a number of utility APIs for manipulating data (eg, concatenating, truncating, etc). 2. A structure that we can use to return strings to callers that they can take ownership of. By using a single class (`git_buf`) for both of these purposes, we have confused the API to the point that refactorings are difficult and reasoning about correctness is also difficult. Move the utility class `git_buf` to be called `git_str`: this represents its general purpose, as an internal string buffer class. The name also is an homage to Junio Hamano ("gitstr"). The public API remains `git_buf`, and has a much smaller footprint. It is generally only used as an "out" param with strict requirements that follow the documentation. (Exceptions exist for some legacy APIs to avoid breaking callers unnecessarily.) Utility functions exist to convert a user-specified `git_buf` to a `git_str` so that we can call internal functions, then converting it back again.
Edward Thomson committed
-
- 25 Sep, 2021 1 commit
-
-
When `git_repository_hashfile` is handed an absolute path, it determines whether the path is within the repository's working directory or not. This is necessary when there is no `as_path` specified. If the path is within the working directory, then the given path should be used for attribute lookups (it is the effective `as_path`). If it is not within the working directory, then it is _not_ eligible. Importantly, now we will _never_ pass an absolute path down to attribute lookup functions.
Edward Thomson committed
-
- 09 Sep, 2021 1 commit
-
-
Make some syntax change to follow coding style.
punkymaniac committed
-
- 04 Sep, 2021 1 commit
-
-
Allow users to specify additional repository extensions that they want to support. For example, callers can specify that they support `preciousObjects` and then may open repositories that support `extensions.preciousObjects`. Similarly, callers may opt out of supporting extensions that the library itself supports.
Edward Thomson committed
-
- 26 Aug, 2021 1 commit
-
-
There were some subtle semantic differences between the various implementations of atomic functions. Now they behave the same, have tests and are better documented to avoid this from happening again in the future. Of note: * The semantics chosen for `git_atomic_compare_and_swap` match `InterlockedCompareExchangePointer`/`__sync_cal_compare_and_swap` now. * The semantics chosen for `git_atomic_add` match `InterlockedAdd`/`__atomic_add_fetch`. * `git_atomic_swap` and `git_atomic_load` still have a bit of semantic difference with the gcc builtins / msvc interlocked operations, since they require an l-value (not a pointer). If desired, this can be homogenized.
lhchavez committed
-
- 11 Jul, 2021 1 commit
-
-
When applying an operation to a repository created without a common directory, which is known to occur in scenarios where custom odb/refdb backends are used, git_repository_foreach_worktree currently asserts while attempting to open the repository located in the common directory. Fix this issue by applying operation to repository supplied when there are no linked worktrees to iterate (implied by common directory being empty).
Kevin Saul committed
-
- 28 Apr, 2021 4 commits
-
-
Ensure that a repository's path (at initialization or open time) is valid. On Windows systems, this means that the longest known path beneath the repository will fit within MAX_PATH: this is a lock file for a loose object within the repository itself. Other paths, like a very long loose reference, may fail to be opened after the repository is opened. These variable length paths will be checked when they are accessed themselves. This new functionality is done at open to prevent needlessly checking every file in the gitdir (eg, `MERGE_HEAD`) for its length when we could instead check once at repository open time.
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
Add a simple accessor for workdir paths to get an absolute on-disk path given a repository and a relative path within it. This is useful to avoid copy-pasta `git_buf_joinpath` and to ensure that we validate working directory paths while honoring `core.longpaths` settings.
Edward Thomson committed
-
- 11 Apr, 2021 2 commits
-
-
We don't want the default branch's refname here but its name as branch. Returning an error saying it's not a valid reference here suggests we want the value of `init.defaultbranch` to be something like `refs/heads/default` which is not the case.
Carlos Martín Nieto committed -
This error code is for callbacks where we should act as though the callback was not set. This is not something that makes sense for a `_foreach` and checking for that error message to bubble up mostly is happenstance precisely because this is not an error code we expect in the callback. As part of removing this, let's also remove a use of foreach as we can open-code this check.
Carlos Martín Nieto committed
-
- 01 Apr, 2021 1 commit
-
-
We already do this in repo_init_head
Ian Hattendorf committed
-