Having those links in the user's PATH can make our send/fetch regression tests fail. We do want to talk to git-daemon during those tests, and these symlinks can get in the way of that.

ok op@

see e082ed67; ok stsp@

It's only a preparatory step, as checking whether a size_t is less than SIZE_MAX is moot. In a follow-up commit, however, the `filesize' field of the struct got_pack will become off_t and these checks will kick in. This also makes consistent how we guard mmap(2) against empty files. ok and improvements stsp@

ok stsp@

off_t is a signed type and depending on the platform, it can be "long" or "long long", so cast to long long for printf().

The fix for CVE-2022-39253 in Git made our regression tests fail since creating submodules from local clones is no longer allowed by default. Add an override to our invocations of "git submodule add", the same which was added to Git's regression test suite as part of their fix. This CVE doesn't otherwise affect us. We do not implement submodules. Our use of them in regression tests exists only to ensure that Got does not freak out when it sees one. Precisely because automated support for nested repositories and/or working copies (as in Git Submodules, or Subversion Externals, etc.) have been an endless source of security problems in other systems. sudden test failures pointed out by naddy@

The tslen argument is always in the (1..9) range so `int' is technically fine (even int8_t would be!) but all the callers are passing a size_t, so change the type accordingly. ok stsp@

ok jamsek

ok stsp@