slide_hash knowingly reads (possibly) uninitialised memory, see comment
lower down about prev[n] potentially being garbage. In this case, the
result is never used - so we don't care about MSAN complaining about
this read.

By adding the no_sanitize("memory") attribute, clients of zlib won't
see this (unnecessary) error when building and running with
MemorySanitizer. An alternative approach is for clients to build zlib
with -fsanitize-ignorelist=... where the ignorelist contains something
like 'fun:slide_hash'. But that's more work and needs to be redone
for any and all CI systems running a given project with MSAN. Adding
this annotation to zlib's sources is overall more convenient - but
also won't affect non-MSAN builds.

This specific issue was found while running git's test suite, but has
also been reported by other clients, see e.g. #518.

The `crc32_combine_gen64` missed a prototype in our define path.
Add one.

In the ownership checks implemented for CVE-2022-24765, we disallowed
users to access their own repositories when running with `sudo`.

Examine the `SUDO_UID` environment variable and allow users running
with `sudo`. This matches git's behavior.

To match git's behavior with CVE 2022-29187, validate not only the
working directory, but also the gitdir and gitlink (if it exists). This
a follow up to CVE-2022-24765 that was fixed earlier.

Allow users in the administrator group to use git configs that are owned
by administrators.

Allow the user ownership to match if the file is owned by the admin
group and the user is in the admin group, even if the current process is
not running as administrator directly.

Refactor the file ownership checks so that callers can provide discrete
information about the ownership expectations to a single function.

The file ownership concepts can reflect the actual file ownership, they
are not necessarily limited to mocking the interface. Rename them so
that they can be more broadly applicable.

Ensure that we test opening a bare repository with odd permissions.

Update the new URL for mbedTLS.

Originally introduced in: 776a6a8e

This test case has recently been fixed in bdab2238, but that fix will only last for a year. Next year the same problem will crop up and the test will need to be re-edited.

This is not ideal as
- This test case becomes an unnecessary burden for developers
- Downstream distros or even just users who want to build older versions of libgit2 are guaranteed to have this test fail

Furthermore, this test case is entirely unnecessary, as the functionality that was originally (see 776a6a8e) intended to be tested is well-covered by subsequent tests which specify a date instead of a "x ago" specification.

v1.3.1 release

Validate repository directory ownership (v1.3)

Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can
disable repository ownership validation.

Obey the `safe.directory` configuration variable if it is set in the
global or system configuration. (Do not try to load this from the
repository configuration - to avoid malicious repositories that then
mark themselves as safe.)

Pull the global configuration loader out of the symlink check so that it
can be re-used.

Test that we prevent opening directories that are not owned by
ourselves.

Provide a mock for file ownership for testability.

Ensure that the repository directory is owned by the current user; this
prevents us from opening configuration files that may have been created
by an attacker.

Provide individual file ownership checks for both the current user and
the system user, as well as a combined current user and system user
check.

GitHub is removing support for the unauthenticated git protocol; test
with the https protocol.

examples: Free the git_config and git_config_entry after use

oidarray: introduce `git_oidarray_dispose`

buf: common_prefix takes a string array

`git_strarray` is a public-facing type.  Change
`git_buf_text_common_prefix` to not use it, and just take an array of
strings instead.

Since users are disposing the _contents_ of the oidarray, not freeing
the oidarray itself, the proper cleanup function is
`git_oidarray_dispose`.  Deprecate `git_oidarray_free`.