For most real use cases, repositories with alternates use them as main
object storage. Checking the alternate for objects before the main
repository should result in measurable speedups.

Because of this, we're changing the sorting algorithm to prioritize
alternates *in cases where two backends have the same priority*. This
means that the pack backend for the alternate will be checked before the
pack backend for the main repository *but* both of them will be checked
before any loose backends.

In the current implementation of ODB backends, each backend is tasked
with refreshing itself after a failed lookup. This is standard Git
behavior: we want to e.g. reload the packfiles on disk in case they have
changed and that's the reason we can't find the object we're looking
for.

This behavior, however, becomes pathological in repositories where
multiple alternates have been loaded. Given that each alternate counts
as a separate backend, a miss in the main repository (which can
potentially be very frequent in cases where object storage comes from
the alternate) will result in refreshing all its packfiles before we
move on to the alternate backend where the object will most likely be
found.

To fix this, the code in `odb.c` has been refactored as to perform the
refresh of all the backends externally, once we've verified that the
object is nowhere to be found.

If the refresh is successful, we then perform the lookup sequentially
through all the backends, skipping the ones that we know for sure
weren't refreshed (because they have no refresh API).

The on-disk pack backend has been adjusted accordingly: it no longer
performs refreshes internally.

We moved the "main" parsing to use 64 bits for the timestamp, but the
quick parsing for the revwalk did not. This means that for large
timestamps we fail to parse the time and thus the walk.

Move this parser to use 64 bits as well.

There's been a few reports of users not understanding what the python
error means, so spell out the options they have.

SSL_shutdown() does not like it when we pass an unitialized ssl context
to it. This means that when we fail to connect to a host, we hide the
error message saying so with OpenSSL's indecipherable error message.

git expects an empty line after the binary data:

literal X
...binary data...
<empty_line>

The last literal block of the generated patches were not containing the required empty line. Example:

	diff --git a/binary_file b/binary_file
	index 3f1b3f9098131cfecea4a50ff8afab349ea66d22..86e5c1008b5ce635d3e3fffa4434c5eccd8f00b6 100644
	GIT binary patch
	literal 8
	Pc${NM&PdElPvrst3ey5{

	literal 6
	Nc${NM%g@i}0ssZ|0lokL
	diff --git a/binary_file2 b/binary_file2
	index 31be99be19470da4af5b28b21e27896a2f2f9ee2..86e5c1008b5ce635d3e3fffa4434c5eccd8f00b6 100644
	GIT binary patch
	literal 8
	Pc${NM&PdElPvrst3ey5{

	literal 13
	Sc${NMEKbZyOexL+Qd|HZV+4u-

git apply of that diff results in:

	error: corrupt binary patch at line 9: diff --git a/binary_file2 b/binary_file2
	fatal: patch with only garbage at line 10

The proper formating is:

	diff --git a/binary_file b/binary_file
	index 3f1b3f9098131cfecea4a50ff8afab349ea66d22..86e5c1008b5ce635d3e3fffa4434c5eccd8f00b6 100644
	GIT binary patch
	literal 8
	Pc${NM&PdElPvrst3ey5{

	literal 6
	Nc${NM%g@i}0ssZ|0lokL
	diff --git a/binary_file2 b/binary_file2
	index 31be99be19470da4af5b28b21e27896a2f2f9ee2..86e5c1008b5ce635d3e3fffa4434c5eccd8f00b6 100644
	GIT binary patch
	literal 8
	Pc${NM&PdElPvrst3ey5{

	literal 13
	Sc${NMEKbZyOexL+Qd|HZV+4u-

Check that the repository directory is beneath the workdir before
adding it to the list of reserved paths.  If it is not, then there
is no possibility of checking out files into it, and it should not
be a reserved word.

This is a particular problem with submodules where the repo directory
may be in the super's .git directory.

Before:
libdir=/usr//usr/lib64
includedir=/usr//usr/include

After:
libdir=/usr/lib64
includedir=/usr/include

(note the duplication of /usr in the before case)

Don't coalesce all errors into ENOENT.  At least identify EACCES.
All callers should be handling this case already, as the POSIX
`lstat` will return this.

When a file exists on disk and we're checking out a file that differs
in executableness, remove the old file.  This allows us to recreate the
new file with p_open, which will take the new mode into account and
handle setting the umask properly.

Remove any notion of chmod'ing existing files, since it is now handled
by the aforementioned removal and was incorrect, as it did not take
umask into account.

It calls git_mempack_reset which reallocates the object array. git_oidmap_free is now called on it explicitly.

git_mempack_reset was leaving free'd pointers in the oidmap.

added a single line of additional error reporting from libssh2 when failing to retrieve the list of authentication methods

We create a lockfile to update files under GIT_DIR. Sometimes these
files are actually located elsewhere and a symlink takes their place. In
that case we should lock and update the file at its final location
rather than overwrite the symlink.

0.23 xdiff

xdiff craps the bed on large files.  Treat very large files as binary,
so that it doesn't even have to try.

Refactor our merge binary handling to better match git.git, which
looks for a NUL in the first 8000 bytes.

Maintenance backports for v23

Include the copyright notice from the deps/winhttp/ sources.  Move the
LGPL to the bottom of the file (since multiple dependencies are LGPL
licensed) and include the actual copyright notices from the regex sources.

Starting at OS X 10.8, the Security framework offers some functions
which are unified across OS X and iOS. These are the functions that we
use.

Older versions of OS X do not have these functions and we fail to
compile. In these situations, fall back to using OpenSSL for our TLS
stream instead.

When parsing user-provided regex patterns for functions, we must not
fail to provide a diff just because a pattern is not well
formed. Ignore it instead.

When we ask for credentials, the user may choose to return EUSER to
indicate that an error has happened on its end and it wants to be given
back control.

We must therefore pass that back to the user instead of mentioning that
it was on_headers_complete() that returned an error code. Since we can,
we return the exact error code from the user (other than PASSTHROUGH)
since it doesn't cost anything, though using other error codes aren't
recommended.