1. 25 Oct, 2014 2 commits
  2. 24 Oct, 2014 1 commit
    • ssl: dump the SSL ciphers in favour of TLS · 5757c020
      All versions of SSL are considered deprecated now, so let's ask OpenSSl
      to only use TLSv1. We still ask it to load those ciphers for
      compatibility with servers which want to use an older hello but will use
      TLS for encryption.
      
      For good measure we also disable compression, which can be exploitable,
      if the OpenSSL version supports it.
      Carlos Martín Nieto committed
  3. 11 Oct, 2014 11 commits
  4. 03 Oct, 2014 5 commits
  5. 24 Sep, 2014 1 commit
  6. 16 Sep, 2014 3 commits
  7. 10 Sep, 2014 1 commit
    • ssh: store error message immediately after a failed agent call · c93d1eba
      When the call to the agent fails, we must retrieve the error message
      just after the function call, as other calls may overwrite it.
      
      As the agent authentication is the only one which has a teardown and
      there does not seem to be a way to get the error message from a stored
      error number, this tries to introduce some small changes to store the
      error from the agent.
      
      Clearing the error at the beginning of the loop lets us know whether the
      agent has already set the libgit2 error message and we should skip it,
      or if we should set it.
      Carlos Martín Nieto committed
  8. 26 Aug, 2014 1 commit
    • pack: return the correct final offset · ebee4d55
      The callers of git_packfile_unpack() expect the obj_offset argument to
      be set to the beginning of the next object. We were mistakenly returning
      the the offset of the object's data, which causes the CRC function to
      try to use the wrong offset.
      
      Set obj_offset to curpos instead of elem->offset to point to the next
      element and bring back expected behaviour.
      Carlos Martín Nieto committed
  9. 18 Aug, 2014 2 commits
    • http: make sure we can consume the data we request · 7d729d0b
      The recv buffer (parse_buffer) and the buffer have independent sizes and
      offsets. We try to fill in parse_buffer as much as possible before
      passing it to the http parser. This is fine most of the time, but fails
      us when the buffer is almost full.
      
      In those situations, parse_buffer can have more data than we would be
      able to put into the buffer (which may be getting full if we're towards
      the end of a data sideband packet).
      
      To work around this, we check if the space we have left on our buffer is
      smaller than what could come from the network. If this happens, we make
      parse_buffer think that it has as much space left as our buffer, so it
      won't try to retrieve more data than we can deal with.
      
      As the start of the data may no longer be at the start of the buffer, we
      need to keep track of where it really starts (data_offset) and use that
      in our calculations for the real size of the data we received from the
      network.
      
      This fixes #2518.
      Carlos Martín Nieto committed
  10. 09 Aug, 2014 1 commit
    • config: a multiline var can start immediately · ea971905
      In the check for multiline, we traverse the backslashes from the end
      backwards and int the end assert that we haven't gone past the beginning
      of the line. We make sure of this in the loop condition, but we also
      check in the return value.
      
      However, for certain configurations, a line in a multiline variable
      might be empty to aid formatting. In that case, 'end' == 'start', since
      we ended up looking at the first char which made it a multiline.
      
      There is no need for the (end > start) check in the return, since the
      loop guarantees we won't go further back than the first char in the
      line, and we do accept the first char to be the final backslash.
      
      This fixes #2483.
      Carlos Martín Nieto committed
  11. 05 Aug, 2014 12 commits