- 10 Jun, 2019 12 commits
-
-
Increase the permissible replay count; with multiple-step authentication schemes (NTLM, Negotiate), proxy authentication and redirects, we need to be mindful of the number of steps it takes to get connected. 7 seems high but can be exhausted quickly with just a single authentication failure over a redirected multi-state authentication pipeline.
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
Update our CI tests to start a proxy that requires NTLM authentication; ensure that our WIndows HTTP client can speak NTLM.
Edward Thomson committed -
Edward Thomson committed
-
We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
Edward Thomson committed -
There's no reason a git repository couldn't be at the root of a server, and URLs should have an implicit path of '/' when one is not specified.
Edward Thomson committed -
"Connection data" is an imprecise and largely incorrect name; these structures are actually parsed URLs. Provide a parser that takes a URL string and produces a URL structure (if it is valid). Separate the HTTP redirect handling logic from URL parsing, keeping a `gitno_connection_data_handle_redirect` whose only job is redirect handling logic and does not parse URLs itself.
Edward Thomson committed -
Callback type names should be suffixed with `_cb`
Edward Thomson committed -
tests: checkout: fix symlink.git being created outside of sandbox
Edward Thomson committed -
The trace logging callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.
Edward Thomson committed -
The credential callbacks should match the other callback naming conventions, using the `_cb` suffix instead of a `_callback` suffix.
Edward Thomson committed
-
- 07 Jun, 2019 1 commit
-
-
The function `populate_symlink_workdir` creates a new "symlink.git" repository with a relative path "../symlink.git". As the current working directory is the sandbox, the new repository will be created just outside of the sandbox. Fix this by using `clar_sandbox_path`.
Patrick Steinhardt committed
-
- 06 Jun, 2019 4 commits
-
-
ignore: handle escaped trailing whitespace
Edward Thomson committed -
Ignore: only treat one leading slash as a root identifier
Edward Thomson committed -
The gitignore's pattern format specifies that "Trailing spaces are ignored unless they are quoted with backslash ("\")". We do not honor this currently and will treat a pattern "foo\ " as if it was "foo\" only and a pattern "foo\ \ " as "foo\ \". Fix our code to handle those special cases and add tests to avoid regressions.
Patrick Steinhardt committed -
The stripping of trailing spaces currently happens as part of `git_attr_fnmatch__parse`. As we aren't currently parsing trailing whitespaces correct in case they're escaped, we'll have to change that code, though. To make actual behavioural change easier to review, refactor the code up-front by pulling it out into its own function that is expected to retain the exact same functionality as before. Like this, the fix will be trivial to apply.
Patrick Steinhardt committed
-
- 05 Jun, 2019 3 commits
-
-
online tests: use gitlab for auth failures
Edward Thomson committed -
GitHub recently changed their behavior from returning 401s for private or nonexistent repositories on a clone to returning 404s. For our tests that require an auth failure (and 401), move to GitLab to request a missing repository. This lets us continue to test our auth failure case, at least until they decide to mimic that decision.
Edward Thomson committed -
Ignore files: don't ignore whitespace
Edward Thomson committed
-
- 24 May, 2019 11 commits
-
-
Unlike ignore files, gitattribute files can have flexible whitespace at the beginning of the line. Ensure that by adding new ignore rules that we have not impeded correct parsing of attribute files.
Edward Thomson committed -
When `allow_space` is unset, ensure that leading whitespace is not skipped.
Edward Thomson committed -
Comments must have a '#' at the beginning of the line. For compatibility with git, '#' after a whitespace is a literal part of the filename.
Edward Thomson committed -
Ensure that leading whitespace is treated as being part of the filename, eg ` foo` in an ignore file indicates that a file literally named ` foo` is ignored.
Edward Thomson committed -
cache: fix cache eviction using deallocated key
Edward Thomson committed -
SECURITY.md: split out security-relevant bits from readme
Patrick Steinhardt committed -
When evicting cache entries, we first retrieve the object that is to be evicted, delete the object and then finally delete the key from the cache. In case where the cache eviction caused us to free the cached object, though, its key will point to invalid memory now when trying to remove it from the cache map. On my system, this causes us to not properly remove the key from the map, as its memory has been overwritten already and thus the key lookup it will fail and we cannot delete it. Fix this by only decrementing the refcount of the evictee after we have removed it from our cache map. Add a test that caused a segfault previous to that change.
Patrick Steinhardt committed -
Restore NetBSD support
Edward Thomson committed -
GitHub has recently introduced a new set of tools that aims to ease the process around vulnerability reports and security fixes. Part of those tools is a new security tab for projects that will display contents from a new SECURITY.md file. Move relevant parts from README.md to this new file to make use of this feature.
Patrick Steinhardt committed -
repository: fix garbage return value
Patrick Steinhardt committed
-
- 23 May, 2019 1 commit
-
-
error was never initialized and a garbage value returned on success.
Erik Aigner committed
-
- 22 May, 2019 8 commits
-
-
cmake: disable fallthrough warnings for PCRE
Edward Thomson committed -
Our PCRE dependency has uncommented fallthroughs in switch statements. Turn off warnings for those in the PCRE code.
Edward Thomson committed -
Configuration parsing: validate section headers with quotes
Edward Thomson committed -
The `parse_section_header_ext` name suggests that it as an extended function for parsing the section header. It is not. Rename it to `parse_subsection_header` to better reflect its true mission.
Edward Thomson committed -
When we reach a whitespace after a section name, we assume that what will follow will be a quoted subsection name. Pass the current position of the line being parsed to the subsection parser, so that it can validate that subsequent characters are additional whitespace or a single quote. Previously we would begin parsing after the section name, looking for the first quotation mark. This allows invalid characters to embed themselves between the end of the section name and the first quotation mark, eg `[section foo "subsection"]`, which is illegal.
Edward Thomson committed -
When we don't specify a particular column, don't write it in the error message. (column "0" is unhelpful.)
Edward Thomson committed -
Update the configuration parsing error messages to be lower-cased for consistency with the rest of the library.
Edward Thomson committed -
Loosen restriction on wildcard "*" refspecs
Edward Thomson committed
-