delta/libgit2.git/tests/resources, branch ethomson/cli

client: process class to run a process

2020-06-05T06:14:25+00:00

blame: add option to ignore whitespace changes

2020-04-14T13:50:53+00:00

Fix segfault when calling git_blame_buffer()

2020-03-23T13:47:18+00:00

This change makes sure that the hunk is not null before trying to
dereference it. This avoids segfaults, especially when blaming against a
modified buffer (i.e. the index).

Fixes: #5443

refs: refuse to delete HEAD

2020-01-15T21:55:58+00:00

This requires adding a new symbolic ref to the testrepo fixture.
Some of the existing tests attempt to delete HEAD, expecting a different failure. Introduce and use a non-HEAD symbolic ref instead.
Adjust a few other tests as needed.

Fixes #5357

Disallow NTFS Alternate Data Stream attacks, even on Linux/macOS

2019-12-10T08:01:06+00:00

A little-known feature of NTFS is that it offers to store metadata in
so-called "Alternate Data Streams" (inspired by Apple's "resource
forks") that are copied together with the file they are associated with.
These Alternate Data Streams can be accessed via `::`.

Directories, too, have Alternate Data Streams, and they even have a
default stream type `$INDEX_ALLOCATION`. Which means that `abc/` and
`abc::$INDEX_ALLOCATION/` are actually equivalent.

This is of course another attack vector on the Git directory that we
definitely want to prevent.

On Windows, we already do this incidentally, by disallowing colons in
file/directory names.

While it looks as if files'/directories' Alternate Data Streams are not
accessible in the Windows Subsystem for Linux, and neither via
CIFS/SMB-mounted network shares in Linux, it _is_ possible to access
them on SMB-mounted network shares on macOS.

Therefore, let's go the extra mile and prevent this particular attack
_everywhere_. To keep things simple, let's just disallow *any* Alternate
Data Stream of `.git`.

This is libgit2's variant of CVE-2019-1352.

Signed-off-by: Johannes Schindelin

config_entries: micro-optimize storage of multivars

2019-11-05T12:24:12+00:00

Multivars are configuration entries that have many values for the same
name; we can thus micro-optimize this case by just retaining the name of
the first configuration entry and freeing all the others, letting them
point to the string of the first entry.

The attached test case is an extreme example that demonstrates this. It
contains a section name that is approximately 500kB in size with 20.000
entries "a=b". Without the optimization, this would require at least
20000*500kB bytes, which is around 10GB. With this patch, it only
requires 500kB+20000*1B=20500kB.

The obvious culprit here is the section header, which we repeatedly
include in each of the configuration entry's names. This makes it very
easier for an adversary to provide a small configuration file that
disproportionally blows up in memory during processing and is thus a
feasible way for a denial-of-service attack. Unfortunately, we cannot
fix the root cause by e.g. having a separate "section" field that may
easily be deduplicated due to the `git_config_entry` structure being
part of our public API. So this micro-optimization is the best we can do
for now.

Merge pull request #5195 from tiennou/fix/commitish-smart-push

2019-09-13T08:31:49+00:00

smart: use push_glob instead of manual filtering

smart: use push_glob instead of manual filtering

2019-08-21T10:22:03+00:00

The code worked under the assumption that anything under `refs/tags` are
tag objects, and all the rest would be peelable to a commit. As it is
completely valid to have tags to blobs under a non `refs/tags` ref, this
would cause failures when trying to peel a tag to a commit.

Fix the broken filtering by switching to `git_revwalk_push_glob`, which
already handles this case.

tests: add a subdirectory to crlf tests

2019-08-11T20:32:03+00:00

Add a subdirectory in the crlf.git bare repository that has a
second-level .gitattribute file.

filter: test we can filter a blob in a bare repo

2019-08-11T20:32:02+00:00