1. 07 Feb, 2020 5 commits
    • indexer: check return code of `git_hash_ctx_init` · 90450d88
      Initialization of the hashing context may fail on some systems, most
      notably on Win32 via the legacy hashing context. As such, we need to
      always check the error code of `git_hash_ctx_init`, which is not done
      when creating a new indexer.
      
      Fix the issue by adding checks.
      Patrick Steinhardt committed
    • push: check error code returned by `git_revwalk_hide` · 6eebfc06
      When queueing objects we want to push, we call `git_revwalk_hide` to
      hide all objects already known to the remote from our revwalk. We do not
      check its return value though, where the orginial intent was to ignore
      the case where the pushed OID is not a known committish. As
      `git_revwalk_hide` can fail due to other reasons like out-of-memory
      exceptions, we should still check its return value.
      
      Fix the issue by checking the function's return value, ignoring
      errors hinting that it's not a committish. As `git_revwalk__push_commit`
      currently clobbers these error codes, we need to adjust it as well in
      order to make it available downstream.
      Patrick Steinhardt committed
    • notes: check error code returned by `git_iterator_advance` · 31a577d0
      When calling `git_note_next`, we end up calling `git_iterator_advance`
      but ignore its error code. The intent is that we do not want to return
      an error if it returns `GIT_ITEROVER`, as we want to return that value
      on the next invocation of `git_note_next`. We should still check for any
      other error codes returned by `git_iterator_advance` to catch unexpected
      internal errors.
      
      Fix this by checking the function's return value, ignoring
      `GIT_ITEROVER`.
      Patrick Steinhardt committed
    • tests: add missing error checks · 2e6cbff8
      We should always verify error codes returned by function calls in our
      test suite to not accidentally miss any weird results. Coverity reported
      missing checks in several locations, which this commit fixes.
      Patrick Steinhardt committed
    • tests: blame: fix conversion specifiers in format string · 7d65d4cb
      While the blame helper function `hunk_message` accepts a printf-style
      format string, we didn't add a compiler attribute to let the compiler
      check for correct conversion specifiers. As a result, some users of the
      function used wrong specifiers.
      
      Add the GIT_FORMAT_PRINTF attribute to the function and fix resulting
      warnings by using the correct specifiers.
      Patrick Steinhardt committed
  2. 06 Feb, 2020 1 commit
  3. 04 Feb, 2020 2 commits
  4. 01 Feb, 2020 1 commit
  5. 31 Jan, 2020 3 commits
    • fetchhead: strip credentials from remote URL · 93a9044f
      If fetching from an anonymous remote via its URL, then the URL gets
      written into the FETCH_HEAD reference. This is mainly done to give
      valuable context to some commands, like for example git-merge(1), which
      will put the URL into the generated MERGE_MSG. As a result, what gets
      written into FETCH_HEAD may become public in some cases. This is
      especially important considering that URLs may contain credentials, e.g.
      when cloning 'https://foo:bar@example.com/repo' we persist the complete
      URL into FETCH_HEAD and put it without any kind of sanitization into the
      MERGE_MSG. This is obviously bad, as your login data has now just leaked
      as soon as you do git-push(1).
      
      When writing the URL into FETCH_HEAD, upstream git does strip
      credentials first. Let's do the same by trying to parse the remote URL
      as a "real" URL, removing any credentials and then re-formatting the
      URL. In case this fails, e.g. when it's a file path or not a valid URL,
      we just fall back to using the URL as-is without any sanitization. Add
      tests to verify our behaviour.
      Patrick Steinhardt committed
    • Merge pull request #5375 from pks-t/pks/test-ci · a1bff63b
      azure-pipelines: properly expand negotiate passwords
      Edward Thomson committed
    • azure-pipelines: properly expand negotiate passwords · 7aa99dd3
      To allow testing against a Kerberos instance, we have added variables
      for the Kerberos password to allow authentication against LIBGIT2.ORG in
      commit e5fb5fe5 (ci: perform SPNEGO tests, 2019-10-20). To set up the
      password, we assign
      
          "GITTEST_NEGOTIATE_PASSWORD=$(GITTEST_NEGOTIATE_PASSWORD)"
      
      in the environmentVariables section which is then passed through to a
      template. As the template does build-time expansion of the environment
      variables, it will expand the above line verbosely, and due to the
      envVar section not doing any further expansion the password variable
      will end up with the value "$(GITTEST_NEGOTIATE_PASSWORD)" in the
      container's environment.
      
      Fix this fixed by doing expansion of GITTEST_NEGOTIATE_PASSWORD at
      build-time, as well.
      Patrick Steinhardt committed
  6. 30 Jan, 2020 3 commits
  7. 26 Jan, 2020 1 commit
    • credential: change git_cred to git_credential · 3f54ba8b
      We avoid abbreviations where possible; rename git_cred to
      git_credential.
      
      In addition, we have standardized on a trailing `_t` for enum types,
      instead of using "type" in the name.  So `git_credtype_t` has become
      `git_credential_t` and its members have become `GIT_CREDENTIAL` instead
      of `GIT_CREDTYPE`.
      
      Finally, the source and header files have been renamed to `credential`
      instead of `cred`.
      
      Keep previous name and values as deprecated, and include the new header
      files from the previous ones.
      Edward Thomson committed
  8. 24 Jan, 2020 24 commits