v1.9.3

This release includes a number of bugfixes and compatibility improvements, particularly around SHA256 support.

• cmake: fix linker error when using ninja build generator by @kcsaul in #7249
• Handle redirects with Content-Length: 0 correctly by @ethomson in #7246
• ci: use poxygit v0.8.1 in the tests by @ethomson in #7248
• Zero indexer stats in pack objects by @ethomson in #7243
• submodule: git_index_add_bypath does not move conflict entries to REUC by @lrm29 in #7003
• fix: prevent SSH timeout infinite loop and enable TCP keepalive by @ambv in #7165
• merge_files: avoid UB in xdiff by @ethomson in #7239
• git_merge_file_from_index: handle cases when a child (ours or theirs) is null by @eantoranz in #7092
• cmake: write git.h.tmp to current binary directory by @kcsaul in #7241
• fix(pack): ensure pack_backend__read returns null terminated buffer by @kanru in #7238
• Check object lengths against headers in read_loose by @howtonotwin in #7178
• cmake: don't recreate git2.h unnecessarily by @ethomson in #7234
• Memory Backend Corruption Fix by @kcsaul in #7232
• Fixed a heap-buffer-overflow in the smart_pkt.c:set_data function by @oliverchang in #7118
• fix(transport): get oid_type on local transport by @weihanglo in #7229
• GIT_REMOTE_DOWNLOAD_TAGS_ALL: remove stray "the" in docs by @DanielEScherzer in #7228
• fix(clone): propagate object format in local clone by @weihanglo in #7226
• repo: Fix possible null pointer dereference by @csware in #7225
• revparse: Allow HEAD abbreviation @ by @KoviRobi in #7218
• camke: include libssh2 in Requires.private in the PC file by @carlosmn in #7215
• futils: fix undefined behavior in O_FSYNC fallback definition by @cehoffman in #7211
• pcre: actually fix dangling-pointer warning by @ethomson in #7206
• pcre: update cmake warnings for non-gcc by @ethomson in #7205
• Fix some warnings with gcc by @ethomson in #7203
• fix: apply insteadOf from global config for detached remotes by @weihanglo in #7195
• Fix git_index_entry documentation by @bakersdozen123 in #7192
• config: Fix potential null value passed to %s by @ethomson in #7190
• index: support USE_NSEC=OFF by @ethomson in #7187
• feat(remote): expose git_remote_oid_type by @weihanglo in #7185
• fix(smart): keep caps across RPC stream resets by @weihanglo in #7183
• fix wrong comment by @Murmele in #7181
• fix(sha256): pass correct oid type by @weihanglo in #7179
• examples: correct git_commit_time comment by @qaqland in #7175
• tests: update to latest clar by @ethomson in #7173
• delta: fix undefined behavior in hdr_sz varint parsing by @Oblivionsage in #7172
• ci: Update macos-13 to macos-14 images on GitHub Actions by @ambv in #7167
• ci: Fix cases of -Werror=discarded-qualifiers raised by @gcc 15.2 by @ambv in #7164
• Use CMAKE_INSTALL_INCLUDEDIR for libgit2package INSTALL_INTERFACE by @aware70 in #7155
• Fix C4703 uninitialized pointer variable warnings by @ShiningMassXAcc in #7154
• test: check the correct filesystem for case-sensitivity by @ambv in #7153
• ci: update ci/docker/fedora to work with Rawhide 44 by @ambv in #7152
• refs: honor REFSPEC_SHORTHAND for multi-segment refs by @roberth in #7148
• config: Fix potential null value passed to %s by @orgads in #7131
• Fix potential access to uninitialized variables by @orgads in #7130
• refspec: Detect DEL character in is_valid_name by @xokdvium in #7120
• Update documentation to clarify that cert cb is always called by @ehuss in #7119
• Update racy.c reference by @emmanuel-ferdman in #7091
• Avoid duplicate definition of git_http_auth_dummy. by @JohannesWilde in #7077

v1.8.5

🔒 This is a security release with multiple changes.

• A bug in the external SSH execution is fixed that could cause arbitrary command execution. Remote repository names were improperly sent to the shell without quoting. Arguments to the external SSH command are now sent parameterized.

• A bug in SSH credential creation is fixed that could cause a buffer overflow. Public keys that are not NUL terminated were improperly zeroed. The given length of public keys is now honored.

The libgit2 project thanks @0xkato and @bakersdozen123 for finding the bugs and providing details and reproduction steps.

All users of the v1.8 release line are recommended to upgrade.

Full Changelog: v1.8.4...v1.8.5

v1.9.2

🔒 This is a security release with multiple changes.

• A bug in the external SSH execution is fixed that could cause arbitrary command execution. Remote repository names were improperly sent to the shell without quoting. Arguments to the external SSH command are now sent parameterized.

• A bug in SSH credential creation is fixed that could cause a buffer overflow. Public keys that are not NUL terminated were improperly zeroed. The given length of public keys is now honored.

The libgit2 project thanks @0xkato and @bakersdozen123 for finding the bugs and providing details and reproduction steps.

All users of the v1.9 release line are recommended to upgrade.

Full Changelog: v1.9.1...v1.9.2

What's Changed

Bug fixes

• hash: allow unsigned int != size_t in sha256 by @ethomson in #6996
• include: Fix code comment termination by @florianpircher in #6997
• alternates: allow relative paths in all repositories by @vapier in #7019
• FIx potential null dereference by @peter15914 in #6998
• cli: fix undefined alloca() on CYGWIN by @carlo-bramini in #7022
• attr: honor ignorecase in attribute matching by @ethomson in #7018
• tag: Refuse to use HEAD as a tagname by @csware in #7061
• Fix memory leak in openssl fips modes by @wklatka in #7064
• Fix circular includes between types.h and oid.h by @georgthegreat in #7059
• diff: correct diff stat alignment in presence of renames w/ common prefix. by @kivikakk in #7057
• Revert include path regression by @ytnuf in #7039

Build and CI improvements

• benchmarks: update path to baseline cli by @ethomson in #7006
• Update SelectSSH.cmake by @lrm29 in #7012
• ci: update download-artifact version by @ethomson in #7038
• install cmake files into configured libdir by @kanavin in #7004
• Test updates by @ethomson in #7025
• conflict tests: check core.ignorecase by @emilazy in #7026
• Include common.h in version.h by @ethomson in #7030
• clar: update to latest version by @ethomson in #7029
• Fix MSVC cross compilation by @Faless in #7079
• fuzzers: Fix CFLAGS by @nelhage in #7044
• Avoid duplicate definition of git_http_auth_dummy. by @JohannesWilde in #7077

Documentation improvements

• docs: add update_refs as ABI breaking change by @ethomson in #7005
• docs: correct wrong docstring info for git_remote_url by @DominiqueFuchs in #7076

New Contributors

• @peter15914 made their first contribution in #6998
• @kanavin made their first contribution in #7004
• @carlo-bramini made their first contribution in #7022
• @vapier made their first contribution in #7019
• @emilazy made their first contribution in #7026
• @ytnuf made their first contribution in #7039
• @DominiqueFuchs made their first contribution in #7076
• @wklatka made their first contribution in #7064
• @kivikakk made their first contribution in #7057
• @JohannesWilde made their first contribution in #7077

Full Changelog: v1.9.0...v1.9.1

This is release v1.9.0, "Schwibbogen". As usual, it contains numerous bug fixes, compatibility improvements, and new features.

This is expected to be the final release in the libgit2 v1.x lineage. libgit2 v2.0 is expected to be the next version, with support for SHA256 moving to "supported" status (out of "experimental" status). This means that v2.0 will have API and ABI changes to support SHA256, as well as other breaking changes.

Major changes

• Documentation improvements
  We've launched a new website for our API reference docs at https://libgit2.org/docs/reference/main. To support this, we've updated the documentation to ensure that all APIs are well-documented, and added docurium-style specifiers to indicate more depth about the API surface.

  We now also publish a JSON blob with the API structure and the documentation that may be helpful for binding authors.

• TLS cipher updates
  libgit2 has updated our TLS cipher selection to match the "compatibility" cipher suite settings as documented by Mozilla.

• Blame improvements
  The blame API now contains committer information and commit summaries for blame hunks, and the ability to get information about the line of text that was modified. In addition, a CLI blame command has been added so that the blame functionality can be benchmarked by our benchmark suite.

• More CLI commands
  libgit2 has added blame and init commands, which have allowed for further benchmarking and several API improvements and git compatibility updates.

• Warning when configuring without SHA1DC
  Users are encouraged to use SHA1DC, which is git's hash; users should not use SHA1 in the general case. Users will now be warned if they try to configure cmake with a SHA1 backend (-DUSE_SHA1=...).

Breaking changes

There are several ABI-breaking changes that integrators, particularly maintainers of bindings or FFI users, may want to be aware of.

• Blame hunk structure updates (ABI breaking change)
  There are numerous additions to the git_blame_hunk structure to accommodate more information about the blame process.

• Checkout strategy updates (ABI breaking change)
  The values for GIT_CHECKOUT_SAFE and GIT_CHECKOUT_NONE have been updated. GIT_CHECKOUT_SAFE is now 0; this was implicitly the default value (with the options constructors setting that as the checkout strategy). It is now the default if the checkout strategy is set to 0. This allows for an overall code simplification in the library.

• Configuration entry member removal (ABI breaking change)
  The git_config_entry structure no longer contains a free member; this was an oversight as end-users should not try to free that structure.

• Configuration backend function changes (ABI breaking change)
  git_config_backends should now return git_config_backend_entry objects instead of git_config_entry objects. This allows backends to provide a mechanism to nicely free the configuration entries that they provide.

• update_refs callback for remotes (ABI breaking change)
  The update_refs callback was added to the git_remote_callbacks structure to provide additional information about updated refs; in particular, the git_refspec is included for more information about the remote ref. The update_refs callback will be preferred over the now deprecated update_tips callback.

What's Changed

New features

• The git_signature_default_from_env API will now produce a pair of git_signatures representing the author, and the committer, taking the GIT_AUTHOR_NAME and GIT_COMMITTER_NAME environment variables into account. Added by @u-quark in #6706

• packbuilder can now be interrupted from a callback. Added @roberth in #6874

• libgit2 now claims to honor the preciousObject repository extension. This extension indicates that the client will never delete objects (in other words, will not garbage collect). libgit2 has no functionality to remove objects, so it implicitly obeys this in all cases. Added by @ethomson in #6886

• Push status will be reported even when a push fails. This is useful to give information from the server about possible updates, even when the overall status failed. Added by @yerseg in #6876

• You can now generate a thin pack from a mempack instance using git_mempack_write_thin_pack. Added by @roberth in #6875

• The new LIBGIT2_VERSION_CHECK macro will indicate whether the version of libgit2 being compiled against is at least the version specified. For example: #if LIBGIT2_VERSION_CHECK(1, 6, 3) is true for libgit2 version 1.6.3 or newer. In addition, the new LIBGIT2_VERSION_NUMBER macro will return an integer version representing the libgit2 version number. For example, for version 1.6.3, LIBGIT2_VERSION_NUMBER will evaluate to 010603. Added by @HamedMasafi in #6882

• Custom X509 certificates can be added to OpenSSL's certificate store using the GIT_OPT_ADD_SSL_X509_CERT option. Added by @yerseg in #6877

• The libgit2 compatibility CLI now has a git blame command. Added by @ethomson in #6907

• Remote callbacks now provide an update_refs callback so that users can now get the refspec of the updated reference during push. This gives more complete information about the remote reference that was updated. Added by @ethomson in #6559

• An optional FIPS-compliant mode for hashing is now available; you can set -DUSE_SHA256=OpenSSL-FIPS to enable it. Added by @marcind-dot in #6906

• The git-compatible CLI now supports the git init command, which has been useful in identifying API improvements and incompatibilities with git. Added by @ethomson in #6984

• Consumers can now query more information about how libgit2 was compiled, and query the "backends" that libgit2 uses. Added by @ethomson in #6971

Bug fixes

• Fix constness issue introduced in #6716 by @ethomson in #6829
• odb: conditional git_hash_ctx_cleanup in git_odb_stream by @gensmusic in #6836
• Fix shallow root maintenance during fetch by @kcsaul in #6846
• Headers cleanup by @anatol in #6842
• http: Initialize on_status when using the http-parser backend by @civodul in #6870
• Leak in truncate_racily_clean in index.c by @lstoppa in #6884
• ssh: Omit port option from ssh command unless specified in remote url by @jayong93 in #6845
• diff: print the file header on GIT_DIFF_FORMAT_PATCH_HEADER by @carlosmn in #6888
• Add more robust reporting to SecureTransport errors on macos by @vcfxb in #6848
• transport: do not filter tags based on ref dir in local by @rindeal in #6881
• push: handle tags to blobs by @ethomson in #6898
• Fixes for OpenSSL dynamic by @ethomson in #6901
• realpath: unbreak build on OpenBSD by @ajacoutot in #6932
• util/win32: Continue if access is denied when deleting a folder by @lrm29 in #6929
• object: git_object_short_id fails with core.abbrev string values by @lrm29 in #6944
• Clear data after negotiation by @lrm29 in #6947
• smart: ignore shallow/unshallow packets during ACK processing by @kempniu in #6973

Security fixes

• ssh: Include rsa-sha2-256 and rsa-sha2-512 in the list of hostkey types by @lrm29 in #6938
• TLS: v1.2 and updated cipher list by @ethomson in #6960

Code cleanups

• checkout: make safe checkout the default by @ethomson in #6037
• url: track whether url explicitly specified a port by @ethomson in #6851
• config: remove free ptr from git_config_entry by @ethomson in #6804
• Add SecCopyErrorMessageString for iOS and update README for iOS by @Kyle-Ye in #6862
• vector: free is now dispose by @ethomson in #6896
• hashmap: a libgit2-idiomatic khash by @ethomson in #6897
• hashmap: asserts by @ethomson in #6902
• hashmap: further asserts by @ethomson in #6904
• Make GIT_WIN32 an internal declaration by @ethomson in #6940
• pathspec: additional pathspec wildcard tests by @ethomson in #6959
• repo: don't require option when template_path is specified by @ethomson in #6983
• options: update X509 cert constant by @ethomson in #6974
• r...

v1.8.4

We erroneously shipped v1.8.3 without actually including the change in v1.8.2. This release re-re-introduces the pre-v1.8.0 commit constness behavior.

What's Changed

Bug fixes

• Fix constness issue introduced in #6716 by @ethomson in #6829

Full Changelog: v1.8.3...v1.8.4

This release fixes a bug introduced in v1.8.1 for users of the legacy Node.js http-parser dependency.

What's Changed

Bug fixes

• http: Backport on_status initialize fix for http-parser by @ethomson in #6931

Full Changelog: v1.8.2...v1.8.3

v1.8.2

This release reverts a const-correctness change introduced in
v1.8.0 for the git_commit_create functions. We now retain the
const-behavior for the commits arguments from prior to v1.8.0.

This change was meant to resolve compatibility issues with bindings
and downstream users.

What's Changed

New features

• Introduce a stricter debugging allocator for testing by @ethomson in #6811

Bug fixes

• Fix constness issue introduced in #6716 by @ethomson in #6829

Build and CI improvements

• README: add experimental builds to ci table by @ethomson in #6816

Full Changelog: v1.8.1...v1.8.2

v1.8.2

This release reverts a const-correctness change introduced in
v1.8.0 for the git_commit_create functions. We now retain the
const-behavior for the commits arguments from prior to v1.8.0.

This change was meant to resolve compatibility issues with bindings
and downstream users.

What's Changed

New features

• Introduce a stricter debugging allocator for testing by @ethomson in #6811

Bug fixes

• Fix constness issue introduced in #6716 by @ethomson in #6829

Build and CI improvements

• README: add experimental builds to ci table by @ethomson in #6816

Full Changelog: v1.8.1...v1.8.2

This release primarily includes straightforward bugfixes, as well as new functionality to have more control over the HTTP User-Agent header. However, there is an API change from v1.8 that was required for cross-platform compatibility.

In v1.8, libgit2 introduced the report_unchanged member in the git_fetch_options structure. We mistakenly introduced this as a bitfield, which is not suitable for our public API. To correct this mistake, we have removed the report_unchanged member. To support the report unchanged tips option, users can set the update_fetchhead member to include the GIT_REMOTE_UPDATE_REPORT_UNCHANGED value.

The libgit2 projects regrets the API change, but this was required to support cross-platform compatibility.

What's Changed

New features

• Allow more control over the user-agent by @ethomson in #6788

Bug fixes

• commit: Fix git_commit_create_from_stage without author and committer by @florianpircher in #6781
• process.c: fix environ for macOS by @barracuda156 in #6792
• Bounds check for pack index read by @ConradIrwin in #6796
• transport: provide a useful error message during cancellation by @ethomson in #6802
• transport: support sha256 oids by @ethomson in #6803
• Revparse: Correctly accept ref with '@' at the end by @csware in #6809
• remote: drop bitfields in git_remote_fetch_options by @ethomson in #6806
• examples: fix memory leak in for-each-ref.c by @qaqland in #6808
• xdiff: use proper free function by @ethomson in #6810
• rand: avoid uninitialized loadavg warnings by @ethomson in #6812
• cli: include alloca on illumos / solaris / sunos by @ethomson in #6813
• Update git_array allocator to obey strict aliasing rules by @ethomson in #6814
• tree: avoid mixed signedness comparison by @ethomson in #6815

Build and CI improvements

• ci: update nightly workflows by @ethomson in #6773
• ci: give all nightly builds a unique id by @ethomson in #6782
• cmake: remove workaround that isn't compatible with Windows on ARM by @hackhaslam in #6794

Documentation improvements

• Docs meta-updates by @ethomson in #6787

Dependency updates

• Enable llhttp for HTTP parsing by @sgallagher in #6713

New Contributors

• @florianpircher made their first contribution in #6781
• @barracuda156 made their first contribution in #6792
• @sgallagher made their first contribution in #6713
• @ConradIrwin made their first contribution in #6796
• @qaqland made their first contribution in #6808

Full Changelog: v1.8.0...v1.8.1