1. 01 Jan, 2022 1 commit
  2. 14 Dec, 2021 1 commit
    • refs: Speed up packed lookups. · ad7a51d8
      Currently ref lookups require loading the entire packed-refs file into
      a hashmap in memory. For repos with large numbers of refs this can be
      painfully slow.
      
      This patch replaces the existing lookup code and instead mmap()'s the
      packed-refs file and performs a binary search to locate the ref entry.
      Git uses a similiar approach.
      
      The old hash table codepath is still used for unsorted packed-refs files.
      
      This patch also fixes a minor bug where the "peeled" trait is never
      parsed correctly from the packed-refs header.
      Colin Stolley committed
  3. 06 Dec, 2021 1 commit
  4. 11 Nov, 2021 1 commit
    • update remote/insteadof tests · 7891660a
      we want to test:
      - an anonymous repo (a url)
      - a named repo with a url
      - a named repo with a url and pushurl
      and for each of these matching configuration:
      - only insteadOf
      - only pushInsteadOf
      - both insteadOf and pushInsteadOf
      
      this change adds test cases for all of these combinations.
      Martin Kühl committed
  5. 21 Oct, 2021 1 commit
  6. 15 Sep, 2021 1 commit
  7. 09 Sep, 2021 1 commit
  8. 30 Aug, 2021 1 commit
  9. 22 Jul, 2021 1 commit
  10. 13 May, 2021 1 commit
  11. 10 Jan, 2021 2 commits
  12. 05 Oct, 2020 1 commit
  13. 18 Sep, 2020 1 commit
  14. 27 Jun, 2020 1 commit
  15. 21 Jun, 2020 1 commit
    • mwindow: set limit on number of open files · 9679df57
      There are some cases in which repositories accrue a large number of
      packfiles. The existing mwindow limit applies only to the total size of
      mmap'd files, not on their number. This leads to a situation in which
      having lots of small packfiles could exhaust the allowed number of open
      files, particularly on macOS, where the default ulimit is very low
      (256).
      
      This change adds a new configuration parameter
      (GIT_OPT_SET_MWINDOW_FILE_LIMIT) that sets the maximum number of open
      packfiles, with a default of 128. This is low enough so that even macOS
      users should not hit it during normal use.
      
      Based on PR #5386, originally written by @josharian.
      
      Fixes: #2758
      lhchavez committed
  16. 14 Apr, 2020 1 commit
  17. 23 Mar, 2020 1 commit
  18. 15 Jan, 2020 1 commit
    • refs: refuse to delete HEAD · 852c83ee
      This requires adding a new symbolic ref to the testrepo fixture.
      Some of the existing tests attempt to delete HEAD, expecting a different failure. Introduce and use a non-HEAD symbolic ref instead.
      Adjust a few other tests as needed.
      
      Fixes #5357
      Josh Bleecher Snyder committed
  19. 10 Dec, 2019 1 commit
    • Disallow NTFS Alternate Data Stream attacks, even on Linux/macOS · 3f7851ea
      A little-known feature of NTFS is that it offers to store metadata in
      so-called "Alternate Data Streams" (inspired by Apple's "resource
      forks") that are copied together with the file they are associated with.
      These Alternate Data Streams can be accessed via `<file name>:<stream
      name>:<stream type>`.
      
      Directories, too, have Alternate Data Streams, and they even have a
      default stream type `$INDEX_ALLOCATION`. Which means that `abc/` and
      `abc::$INDEX_ALLOCATION/` are actually equivalent.
      
      This is of course another attack vector on the Git directory that we
      definitely want to prevent.
      
      On Windows, we already do this incidentally, by disallowing colons in
      file/directory names.
      
      While it looks as if files'/directories' Alternate Data Streams are not
      accessible in the Windows Subsystem for Linux, and neither via
      CIFS/SMB-mounted network shares in Linux, it _is_ possible to access
      them on SMB-mounted network shares on macOS.
      
      Therefore, let's go the extra mile and prevent this particular attack
      _everywhere_. To keep things simple, let's just disallow *any* Alternate
      Data Stream of `.git`.
      
      This is libgit2's variant of CVE-2019-1352.
      
      Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
      Johannes Schindelin committed
  20. 05 Nov, 2019 1 commit
    • config_entries: micro-optimize storage of multivars · b7dcea04
      Multivars are configuration entries that have many values for the same
      name; we can thus micro-optimize this case by just retaining the name of
      the first configuration entry and freeing all the others, letting them
      point to the string of the first entry.
      
      The attached test case is an extreme example that demonstrates this. It
      contains a section name that is approximately 500kB in size with 20.000
      entries "a=b". Without the optimization, this would require at least
      20000*500kB bytes, which is around 10GB. With this patch, it only
      requires 500kB+20000*1B=20500kB.
      
      The obvious culprit here is the section header, which we repeatedly
      include in each of the configuration entry's names. This makes it very
      easier for an adversary to provide a small configuration file that
      disproportionally blows up in memory during processing and is thus a
      feasible way for a denial-of-service attack. Unfortunately, we cannot
      fix the root cause by e.g. having a separate "section" field that may
      easily be deduplicated due to the `git_config_entry` structure being
      part of our public API. So this micro-optimization is the best we can do
      for now.
      Patrick Steinhardt committed
  21. 21 Aug, 2019 1 commit
    • smart: use push_glob instead of manual filtering · 39d18fe6
      The code worked under the assumption that anything under `refs/tags` are
      tag objects, and all the rest would be peelable to a commit. As it is
      completely valid to have tags to blobs under a non `refs/tags` ref, this
      would cause failures when trying to peel a tag to a commit.
      
      Fix the broken filtering by switching to `git_revwalk_push_glob`, which
      already handles this case.
      Etienne Samson committed
  22. 11 Aug, 2019 2 commits
  23. 10 Jun, 2019 2 commits
  24. 24 May, 2019 1 commit
  25. 24 Jan, 2019 1 commit
    • index: preserve extension parsing errors · 0bf7e043
      Previously, we would clobber any extension-specific error message with
      an "extension is truncated" message. This makes `read_extension`
      correctly preserve those errors, takes responsibility for truncation
      errors, and adds a new message with the actual extension signature for
      unsupported mandatory extensions.
      Etienne Samson committed
  26. 15 Jan, 2019 1 commit
  27. 14 Jan, 2019 1 commit
  28. 04 Dec, 2018 3 commits
  29. 03 Dec, 2018 1 commit
    • crlf_data: move to a "to_workdir" folder · 13a8bc92
      Move the crlf_data folders reponsible for holding the state of the
      filters going into the working directory to "to_workdir" variations of
      the folder name to accommodate future growth into the "to odb" filter
      variation.  Update the script to create these new folders as appopriate.
      Edward Thomson committed
  30. 05 Nov, 2018 1 commit
  31. 20 Oct, 2018 1 commit
    • checkout: fix test fixture missing objects · c79e6081
      The testrepo test fixture has an index file that's damaged, missing an
      object.  The index previously had an entry of `src/index.c` with id
      3161df8cbf3a006b4ef85be6497a0ea6bde98541, but that object was missing in
      the repository.  This commit adds an object to the repository and
      updates the index to use that existing blob.
      
      Similarly, the index has an entry for `readme` with an id of
      97328ac7e3bd0bcd3900cb3e7a624d71dd0df888.  This can be restored from
      other test repositories.
      
      With these fixed, now the write tree from index tests can pass since they
      validate object existence.
      Edward Thomson committed
  32. 04 Oct, 2018 1 commit
    • tests: verify diff stats with renames in subdirectory · 3148efd2
      Until now, we didn't have any tests that verified that our format for
      renames in subdirectories is correct. While our current behaviour is no
      different than for renames that do not happen with a common prefix
      shared between old and new file name, we intend to change the format to
      instead match the format that upstream git uses.
      
      Add a test case for this to document our current behaviour and to show
      how the next commit will change that format.
      Patrick Steinhardt committed
  33. 14 Aug, 2018 1 commit
  34. 18 Jul, 2018 1 commit
    • tree: accept null ids in existing trees when updating · 2dff7e28
      When we add entries to a treebuilder we validate them. But we validate even
      those that we're adding because they exist in the base tree. This disables
      using the normal mechanisms on these trees, even to fix them.
      
      Keep track of whether the entry we're appending comes from an existing tree and
      bypass the name and id validation if it's from existing data.
      Carlos Martín Nieto committed
  35. 15 Jun, 2018 1 commit