Example: a cached node is owned only by the cache (refcount == 1).
Thread A holds the lock and determines that the entry which should get
cached equals the node (git_oid_cmp(&node->oid, &entry->oid) == 0).
It frees the given entry to instead return the cached node to the user
(entry = node). Now, before Thread A happens to increment the refcount
of the node *outside* the cache lock, Thread B tries to store another
entry and hits the slot of the node before, decrements its refcount and
frees it *before* Thread A gets a chance to increment for the user.

	git_cached_obj_incref(entry);

	git_mutex_lock(&cache->lock);
	{
		git_cached_obj *node = cache->nodes[hash & cache->size_mask];

		if (node == NULL) {
			cache->nodes[hash & cache->size_mask] = entry;
		} else if (git_oid_cmp(&node->oid, &entry->oid) == 0) {
			git_cached_obj_decref(entry, cache->free_obj);
			entry = node;
		} else {
			git_cached_obj_decref(node, cache->free_obj);

// Thread B is here

			cache->nodes[hash & cache->size_mask] = entry;
		}
	}
	git_mutex_unlock(&cache->lock);

// Thread A is here

	/* increase the refcount again, because we are
	 * returning it to the user */
	git_cached_obj_incref(entry);

Fix logical error in git_index_set_caps

git reference peel

When `git_submodule` became an opaque structure, I forgot to add
accessor functions for the fetchRecurseSubmodules config setting.
This fixes that.

Fix #530

Expose a malloc function to 3rd party ODB backends

netops: be more careful with SSL errors

Test for gitmodules only submodule def

This should confirm that issue #835 is fixed where a submodule that
is only declared in the .gitmodules file was not accessible via the
submodule APIs.

This adds better header comments and also fixes a bug in one of
simple APIs that tells the number of lines in the current hunk.

This refactors the diff output code so that an iterator object
can be used to traverse and generate the diffs, instead of just
the `foreach()` style with callbacks.  The code has been rearranged
so that the two styles can still share most functions.

This also replaces `GIT_REVWALKOVER` with `GIT_ITEROVER` and uses
that as a common error code for marking the end of iteration when
using a iterator style of object.

Windows: Perform UTF-8 path conversion on the Stack

We don't care about the supposed zlib errors, and the leak from
giterr_set isn't interesting, as it gets freed each time an error is
set.

Give valgrind a suppressions file so it doesn't tell us about them.

Fix MSVC compilation warnings

SSL_get_error() allows to receive a result code for various SSL
operations. Depending on the return value (see man (3) SSL_get_error)
there might be additional information in the OpenSSL error queue. Return
the queued message if available, otherwise set an error message
corresponding to the return code.

repository: add failing repo initialization test

signature: make the OS give us the offset for git_signature_now

There is a better and less fragile way to calculate time offsets. Let
the OS take care of dealing with DST and simply take the the offset
between the local time and UTC that it gives us.

Passing SSL_VERIFY_PEER makes OpenSSL shut down the connection if the
certificate is invalid, without giving us a chance to ignore that
error. Pass SSL_VERIFY_NONE and call SSL_get_verify_result if the user
wanted us to check.

When no CNs match, we used to jump to on_error which gave a bogus
error as that's for OpenSSL errors. Jump to cert_fail so we tell the
user that the error came from checking the certificate.

Conflicts:
	include/git2/refs.h