fix loose object file header parser for zero-length headers ok millert tracey

fix double-free and double-close issues in error paths of got_packidx_open()

dropping unused includes

fix landlock usage: handled_access_fs must list all actions The ruleset's handled_access_fs has to list all the defined actions because otherwise missing ones are implicitly permitted. Thus, the previous version ended up allowing "almost everything" except reading files. Original diff from Mickaël Salaün, thanks! ok thomas

s/ENOTSUP/EOPNOTSUPP/ linux defines these errors to the same values, but the landlock doc uses `EOPNOTSUPP' consistently. Spotted initially by brynet@ and reminded by Mickaël Salaün, thanks! ok thomas

portable: add support for landlock landlock is a new set of linux APIs that is conceptually similar to unveil(2): the idea is to restrict what a process can do on a specified part of the filesystem. There are some differences in the behaviour: the major one being that the landlock ruleset is inherited across execve(2). This just restricts the libexec helpers by completely revoking ANY filesystem access; after all they are the biggest attack surface. got send/fetch/clone *may* end up spawning ssh(1), so at the moment is not possible to landlock the main process. From Omar Polo.

fix 'got status' reporting all directories on NFS mounts as unversioned Problem found and fix tested by Ted Bullock. ok millert, naddy

fix wrong imsg name in errors raised by got_privsep_send_tree_req()

remove unnecessary local variable from got_privsep_get_imsg_obj()

make 'got rm' report an "unexpected status" error for unversioned files ok millert@

make 'got rm' behave like rm(1) for paths found missing on disk ok millert@

style

unbreak gotweb index when pack files are missing

remove non-reachable 'return NULL' statement from report_single_file_status()

show rebase and histedit backups in tog ref view ok naddy

compress delta data from delta_cache directly into pack file

add missing error check in got_inflate_to_mem_mmap()

Release 0.66

add -t option to 'got branch' synopsis in got.1 man page

bump version number

CHANGES for 0.66

fix file corruption regression in 'got checkout' caused by commit db696021 got-read-pack must rewind its files temporary files before reusing them. Problem reported by naddy ok tracey naddy

add missing checks for reads beyond the mapped memory area of a pack file

set a cap on the amount of memory we use to store encoded deltas

encode short deltas in memory instead of writing them to a temporary file