| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |\ \ \ \
| | | | |
| | | | | |
Ignore missing 'safe.directory' config during ownership checks
|
| | |/ / / |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This should resolve some issues with UBSan builds by using unsigned
64-bit integers for all arithmetic until we finally convert to an offset
or size value.
Signed-off-by: Derrick Stolee <derrickstolee@github.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is expensive to compute the sha1 of the entire commit-graph file each
time we open it. Git only does this if it is re-writing the file.
This patch will only verify the checksum when calling the external API
git_commit_graph_open(), which explicitly says it opens and verifies
the commit graph in the documentation.
For internal library calls, we call git_commit_graph_get_file(), which
mmaps the commit-graph file in read-only mode. Therefore it is safe to
skip the validation check there.
Tests were added to check that the validation works in the happy path,
and prevents us from opening the file when validation fails.
(Note from Derrick Stolee: This patch was applied internally at GitHub
after we recognized the performance impact it had during an upgrade of
libgit2. The original author left the company before we remembered to
send it upstream.)
Signed-off-by: Derrick Stolee <derrickstolee@github.com>
|
| |\ \ \
| | | |
| | | | |
Support non-cmake builds with an in-tree `experimental.h`
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Not everybody builds libgit2 using cmake; provide an `experimental.h`
with no experiments configured for those that do not. To support this,
we also now create compile definitions for experimental functionality,
to supplant that empty `experimental.h`. cmake will continue to generate
the proper `experimental.h` file for use with `make install`.
|
| |\ \ \ \
| | | | |
| | | | | |
#6366: When a worktree is missing, return GIT_ENOTFOUND.
|
| | | |/ /
| |/| | |
|
| |\ \ \ \
| |_|/ /
|/| | | |
Don't fail the whole clone if you can't find a default branch
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Only allow the remote default branch checking to fail when the remote
default branch doesn't exist (`git_remote__default_branch` returns
`GIT_ENOTFOUND`). If there was any other type of error - for example, an
allocation failure - we should not swallow that and continue to fail.
This allows us to support the case when a remote has not advertised a
HEAD -- this is possible, for example, when the remote has constrained
the caller to a particular namespace. But other remote failures remain
as failures.
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In commit 6bb358786 ("clone: set refs/remotes/origin/HEAD to default
branch when branch is specified, attempt 2") libgit2 was changed to set
the default remote branch when one was copied.
But it makes update_head_to_branch() return an error if the origin
doesn't even *have* a HEAD in the first place, since
git_remote_default_branch() will fail.
That's entirely wrong, and means that you cannot do "git_clone()" of a
particular branch on a remote repository when that remote doesn't have a
default branch at all.
So don't set the error code.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |/ / |
|
| | |
| |
| |
| |
| | |
The experimental function signature is only available when
`GIT_EXPERIMENTAL_SHA256` is enabled.
|
| |\ \
| |/
|/| |
RFC: SHA256 proof of concept
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libgit2 can be built with optional, experimental sha256 support. This
allows consumers to begin testing and providing feedback for our sha256
support while we continue to develop it, and allows us to make API
breaking changes while we iterate on a final sha256 implementation.
The results will be `git2-experimental.dll` and installed as
`git2-experimental.h` to avoid confusion with a production libgit2.
|
| | |
| |
| |
| |
| | |
Linux has a /usr/include/features.h, which gets confusing; update this
to `git2_features.h` and move it into the `util` directory.
|
| | |
| |
| |
| | |
Teach the loose object database how to cope with SHA256 objects.
|
| | |
| |
| |
| | |
Tidy up `nfmt` / `pathfmt`.
|
| | |
| |
| |
| | |
Move the arguments to `git_odb_loose` into an options structure.
|
| | |
| |
| |
| |
| | |
Allow the object database to take an oid type that it supports. This
oid type will be used to validate the objects that the backends provide.
|
| | |
| |
| |
| |
| | |
Users will need to be able to specify the object id type for the given
object database; add a new `git_odb_options` with that option.
|
| | |
| |
| |
| |
| | |
The git_odb_hash helper functions should not assume SHA1, and instead
should be given the oid type that they're producing.
|
| | |
| |
| |
| |
| |
| | |
We intentionally separate oid types from hash types; a hash is a generic
hunk of bytes, an object id has meaning and backs an object on disk. As
a result of this separation, we need a 1:1 mapping.
|
| | | |
|
| | |
| |
| |
| |
| | |
`git_oid`s now have a type, and we require the oid type when creating
the object id from creation functions.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Provide helper functions to provide information about the object id size
given its type.
|
| | |
| |
| |
| |
| | |
Callers should not assume the layout of the oid structure; provide them
a macro that defines the null / zero sha1 object id.
|
| | |
| |
| |
| |
| | |
In preparation for SHA256 support, `GIT_OID_RAWSZ` and `GIT_OID_HEXSZ`
need to indicate that they're the size of _SHA1_ OIDs.
|
| |\ \
| | |
| | | |
Fix creation of branches and tags with invalid names
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
pack: don't pretend we support pack files v3
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Pack files v3 are introduced in the SHA256 hash transition document
https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt
Obviously we do not support these yet. Stop pretending that we do.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the ownership checks implemented for CVE-2022-24765, we disallowed
users to access their own repositories when running with `sudo`.
Examine the `SUDO_UID` environment variable and allow users running
with `sudo`. This matches git's behavior.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
To match git's behavior with CVE 2022-29187, validate not only the
working directory, but also the gitdir and gitlink (if it exists). This
a follow up to CVE-2022-24765 that was fixed earlier.
|
| | | |
| | |
| | |
| | |
| | | |
Allow users in the administrator group to use git configs that are owned
by administrators.
|
| | | |
| | |
| | |
| | |
| | | |
Refactor the file ownership checks so that callers can provide discrete
information about the ownership expectations to a single function.
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
This reverts commit cdff2f0237f663e0f68155655a8b66d05c1ec716.
This change erroneously allowed system users to own a worktree; this
should only be allowed when the current user is in the Administrator
group on Windows as well.
|
| |\ \
| | |
| | | |
fix interactive rebase detect.
|
| | | | |
|
| | | | |
|
| |/ / |
|
| |\ \
| |/
|/| |
filter: Fix Segfault
|
| | | |
|
| | | |
|
| | |
| |
| | |
Co-authored-by: Edward Thomson <ethomson@github.com>
|
| | | |
|
