A cross-platform, linkable library implementation of Git that you can use in your application.
This is release v1.8.0, "Das Fliegende Klassenzimmer". This release includes optional, experimental support for invoking OpenSSH to fetch and push, an easier mechanism to perform the default behavior of git commit
, and has many improvements for worktrees. This release also includes many other new features and bugfixes.
Executable SSH (OpenSSH) support
libgit2 can now invoke the command-line OpenSSH to fetch from and push to remotes over SSH. This support takes the place of libssh2 support. To use it, configure libgit2 with cmake -DUSE_SSH=exec
, and please report any problems that you discover. By @ethomson in https://github.com/libgit2/libgit2/pull/6617
Simplified commit creation
The git_commit_create_from_stage
API was introduced to allow users to better emulate the behavior of git commit
without needing to provide unnecessary information. The current state of the index is committed to the current branch. By @ethomson in https://github.com/libgit2/libgit2/pull/6716
Worktree improvements
A number of worktree improvements have been made for better compatibility with core git. First, libgit2 now understands per-worktree references, thanks to @csware in https://github.com/libgit2/libgit2/pull/6387. Worktree-specific configuration is now supported, thanks to @vermiculus in https://github.com/libgit2/libgit2/pull/6202. And improved compatibility with git worktree add
is now supported, thanks to @herrerog in https://github.com/libgit2/libgit2/pull/5319.
Adding WORKTREE
configuration level (ABI breaking change)
To support worktree configurations at the appropriate level (higher priority than local configuration, but lower priority than app-specific configuration), the GIT_CONFIG_LEVEL_WORKTREE
level was introduced at priority 6. GIT_CONFIG_LEVEL_APP
now begins at priority 7.
Changes to git_config_entry
(ABI breaking change) The git_config_entry
structure now contains information about the backend_type
and origin_path
. The unused payload
value has been removed.
git_push_options
includes remote push options (ABI breaking change)
The git_push_options
structure now contains a value for remote push options.
git config
command by @ethomson in https://github.com/libgit2/libgit2/pull/6616
index-pack
command by @ethomson in https://github.com/libgit2/libgit2/pull/6681
git_repository_commit_parents
to identify the parents of the next commit given the repository state by @ethomson in https://github.com/libgit2/libgit2/pull/6707
NULL
in git_error_last()
by @ethomson in https://github.com/libgit2/libgit2/pull/6625
git_revparse_single
and add revparse fuzzing by @ethomson in https://github.com/libgit2/libgit2/pull/6730
GIT_DIFF_LINE_(ADD|DEL)_EOFNL
to match other Diffs by @xphoniex in https://github.com/libgit2/libgit2/pull/6240
safe.directory
improvements by @ethomson in https://github.com/libgit2/libgit2/pull/6739
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.7.0...v1.8.0
🔒 This is a security release with multiple changes.
A bug in git_revparse_single
is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application. This fixes CVE-2024-24575, which was discovered by researchers at Amazon AWS.
A bug in git_index_add
is fixed that could have caused the function to corrupt its heap and possibly lead to arbitrary code execution. This fixes CVE-2024-24577, which was discovered by researchers at Amazon AWS.
A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities.
The libgit2 project thanks the researchers and outreach team at AWS Security for finding the git_index_add
and git_revparse_single
bugs, and providing details and reproduction steps during their responsible disclosure.
All users of the v1.7 release line are recommended to upgrade.
🔒 This is a security release with multiple changes.
A bug in git_revparse_single
is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application. This fixes CVE-2024-24575, which was discovered by researchers at Amazon AWS.
A bug in git_index_add
is fixed that could have caused the function to corrupt its heap and possibly lead to arbitrary code execution. This fixes CVE-2024-24577, which was discovered by researchers at Amazon AWS.
A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities.
The libgit2 project thanks the researchers and outreach team at AWS Security for finding the git_index_add
and git_revparse_single
bugs, and providing details and reproduction steps during their responsible disclosure.
All users of the v1.6 release line are recommended to upgrade.
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.7.0...v1.7.1
This is release v1.7.0, "Kleine Raupe Nimmersatt". This release adds shallow clone support, completes the experimental SHA256 support, adds Schannel support for Windows, and includes many other newj features and bugfixes.
Shallow clone support libgit2 now supports shallow clone and shallow repositories, thanks to a significant investment from many community members -- hundreds of commits by many contributors.
SHA256 support
libgit2 should now support SHA256 repositories using the extensions.objectFormat
configuration option when the library is built with EXPERIMENTAL_SHA256=ON
. Users are encouraged to begin testing their applications with this option and provide bug reports and feedback. This is a breaking API change; SHA256 support will be enabled by default in libgit2 v2.0.
Schannel and SSPI for Windows
libgit2 now supports the Windows Schannel and SSPI APIs for HTTPS support on Windows, when configured with USE_HTTPS=Schannel
. Setting this option will not use the existing WinHTTP support, but will use libgit2's standard HTTP client stack with Windows TLS primitives. Windows users are encouraged to begin testing their applications with this option and provide bug reports and feedback. This will be enabled by default in a future version of libgit2.
Simplify custom pluggable allocator (System API / ABI breaking change)
The git_allocator
structure (configurable by the GIT_OPT_SET_ALLOCATOR
option) now only contains gmalloc
, grealloc
and gfree
members. This simplifies both the work needed by an implementer and allows more flexibility and correctness in libgit2 itself, especially during out-of-memory situations and errors during bootstrapping.
GIT_ENOTFOUND
for missing programdata by @ethomson in https://github.com/libgit2/libgit2/pull/6547
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.6.3...v1.7.0
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.6.3...v1.6.4
git_odb_open
by @ethomson in https://github.com/libgit2/libgit2/pull/6520
git_index_add_all
handles ignored directories by @ethomson in https://github.com/libgit2/libgit2/pull/6521
include/git2
by @ethomson in https://github.com/libgit2/libgit2/pull/6529
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.6.2...v1.6.3
remote: always populate old id in update tips by @ethomson in https://github.com/libgit2/libgit2/pull/6506
The update tips callback would not always be properly provided with an empty (0000000...
) OID for new refs.
Revert #6503 by @ethomson in https://github.com/libgit2/libgit2/pull/6511 The certificate callback added port information for callbacks in #6503, but the format was ambiguous with IPv6 addresses. Revert this change temporarily.
Add git_odb_backend_loose
back by @ethomson in https://github.com/libgit2/libgit2/pull/6512
During SHA256 refactoring, the git_odb_backend_loose
API was accidentally removed. Add it back.
meta: configure pkg-config .pc correctly by @ethomson in https://github.com/libgit2/libgit2/pull/6514
During SHA256 refactoring, the pkg-config .pc
file was erroneously renamed to git2
instead of libgit2
. Repair this.
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.6.1...v1.6.2
This is release v1.6.1, "Hubbeliges Krokodil". This release adds experimental SHA256 support and includes many new features and bugfixes. This release replaces libgit2 v1.6.0, which did not correctly update its version number(s).
Support for bare repositories with SHA256 support (experimental) by @ethomson in https://github.com/libgit2/libgit2/pull/6191
You can configure experimental SHA256 support in libgit2 with cmake -DEXPERIMENTAL_SHA256=ON
during project setup. This is useful for considering future integrations, work on clients, and work on language bindings. At present, working with bare repositories should largely work, including remote operations. But many pieces of functionality - including working with the index - are not yet supported. As a result, libgit2 with SHA256 support should not be used in production or released with package distribution.
Support the notion of a home directory separately from global configuration directory by @ethomson in https://github.com/libgit2/libgit2/pull/6455 and https://github.com/libgit2/libgit2/pull/6456
Callers and language bindings can now configure the home directory that libgit2 uses for file lookups (eg, the .ssh
directory). This configuration is separate from the git global configuration path.
stash: partial stash specific files by @gitkraken-jacobw in https://github.com/libgit2/libgit2/pull/6330
A stash can be created with only specific files, using a pathspec. This is similar to the git stash push
command.
push: revparse refspec source, so you can push things that are not refs by @sven-of-cord in https://github.com/libgit2/libgit2/pull/6362 Pushes can be performed using refspecs instead of only references.
Support OpenSSL3 by @ethomson in https://github.com/libgit2/libgit2/pull/6464 and https://github.com/libgit2/libgit2/pull/6471 OpenSSL 3 is now supported, both when compiled directly and dynamically loaded.
GIT_ENOTFOUND
. by @arroz in https://github.com/libgit2/libgit2/pull/6395
git_commit_graph_open()
. by @derrickstolee in https://github.com/libgit2/libgit2/pull/6420
git_tag_create_from_buffer
by @julianmesa-gitkraken in https://github.com/libgit2/libgit2/pull/6421
safe.directory *
by @csware in https://github.com/libgit2/libgit2/pull/6429
git_submodule_update
fails to update configured but missing submodule by @tagesuhu in https://github.com/libgit2/libgit2/pull/6434
git_clone__submodule
to avoid file checks in workdir by @abizjak in https://github.com/libgit2/libgit2/pull/6444
diff_file
: Fix crash when freeing a patch representing an empty untracked file by @jorio in https://github.com/libgit2/libgit2/pull/6475
oid_type
on repos open with git_repository_open_bare
by @arroz in https://github.com/libgit2/libgit2/pull/6492
oid_type
to stream by @ethomson in https://github.com/libgit2/libgit2/pull/6499
create.c.bak
by @lrm29 in https://github.com/libgit2/libgit2/pull/6398
experimental.h
by @ethomson in https://github.com/libgit2/libgit2/pull/6405
-DWIN32_LEAN_AND_MEAN
by @christoph-cullmann in https://github.com/libgit2/libgit2/pull/6373
-DEMBED_SSH_PATH
by @vicr123 in https://github.com/libgit2/libgit2/pull/6374
off64_t
for AIX by @bzEq in https://github.com/libgit2/libgit2/pull/6376
HTTP_PROXY
before starting tests by @ethomson in https://github.com/libgit2/libgit2/pull/6498
git_repository_is_empty
by @timrogers in https://github.com/libgit2/libgit2/pull/6500
This is a bugfix release to improve the SSH key handling functionality that was introduced in v1.5.1.
known_hosts
file on Windows.known_hosts
file for matches, to support remote hosts with multiple key types.All users of the v1.5 release line are recommended to upgrade.