A cross-platform, linkable library implementation of Git that you can use in your application.
This is release v1.8.0, "Das Fliegende Klassenzimmer". This release includes optional, experimental support for invoking OpenSSH to fetch and push, an easier mechanism to perform the default behavior of git commit, and has many improvements for worktrees. This release also includes many other new features and bugfixes.
Executable SSH (OpenSSH) support
libgit2 can now invoke the command-line OpenSSH to fetch from and push to remotes over SSH. This support takes the place of libssh2 support. To use it, configure libgit2 with cmake -DUSE_SSH=exec, and please report any problems that you discover. By @ethomson in https://github.com/libgit2/libgit2/pull/6617
Simplified commit creation
The git_commit_create_from_stage API was introduced to allow users to better emulate the behavior of git commit without needing to provide unnecessary information. The current state of the index is committed to the current branch. By @ethomson in https://github.com/libgit2/libgit2/pull/6716
Worktree improvements
A number of worktree improvements have been made for better compatibility with core git. First, libgit2 now understands per-worktree references, thanks to @csware in https://github.com/libgit2/libgit2/pull/6387. Worktree-specific configuration is now supported, thanks to @vermiculus in https://github.com/libgit2/libgit2/pull/6202. And improved compatibility with git worktree add is now supported, thanks to @herrerog in https://github.com/libgit2/libgit2/pull/5319.
Adding WORKTREE configuration level (ABI breaking change)
To support worktree configurations at the appropriate level (higher priority than local configuration, but lower priority than app-specific configuration), the GIT_CONFIG_LEVEL_WORKTREE level was introduced at priority 6. GIT_CONFIG_LEVEL_APP now begins at priority 7.
Changes to git_config_entry (ABI breaking change) The git_config_entry structure now contains information about the backend_type and origin_path. The unused payload value has been removed.
git_push_options includes remote push options (ABI breaking change)
The git_push_options structure now contains a value for remote push options.
git config command by @ethomson in https://github.com/libgit2/libgit2/pull/6616
index-pack command by @ethomson in https://github.com/libgit2/libgit2/pull/6681
git_repository_commit_parents to identify the parents of the next commit given the repository state by @ethomson in https://github.com/libgit2/libgit2/pull/6707
NULL in git_error_last() by @ethomson in https://github.com/libgit2/libgit2/pull/6625
git_revparse_single and add revparse fuzzing by @ethomson in https://github.com/libgit2/libgit2/pull/6730
GIT_DIFF_LINE_(ADD|DEL)_EOFNL to match other Diffs by @xphoniex in https://github.com/libgit2/libgit2/pull/6240
safe.directory improvements by @ethomson in https://github.com/libgit2/libgit2/pull/6739
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.7.0...v1.8.0
🔒 This is a security release with multiple changes.
A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application. This fixes CVE-2024-24575, which was discovered by researchers at Amazon AWS.
A bug in git_index_add is fixed that could have caused the function to corrupt its heap and possibly lead to arbitrary code execution. This fixes CVE-2024-24577, which was discovered by researchers at Amazon AWS.
A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities.
The libgit2 project thanks the researchers and outreach team at AWS Security for finding the git_index_add and git_revparse_single bugs, and providing details and reproduction steps during their responsible disclosure.
All users of the v1.7 release line are recommended to upgrade.
🔒 This is a security release with multiple changes.
A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application. This fixes CVE-2024-24575, which was discovered by researchers at Amazon AWS.
A bug in git_index_add is fixed that could have caused the function to corrupt its heap and possibly lead to arbitrary code execution. This fixes CVE-2024-24577, which was discovered by researchers at Amazon AWS.
A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities.
The libgit2 project thanks the researchers and outreach team at AWS Security for finding the git_index_add and git_revparse_single bugs, and providing details and reproduction steps during their responsible disclosure.
All users of the v1.6 release line are recommended to upgrade.
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.7.0...v1.7.1
This is release v1.7.0, "Kleine Raupe Nimmersatt". This release adds shallow clone support, completes the experimental SHA256 support, adds Schannel support for Windows, and includes many other newj features and bugfixes.
Shallow clone support libgit2 now supports shallow clone and shallow repositories, thanks to a significant investment from many community members -- hundreds of commits by many contributors.
SHA256 support
libgit2 should now support SHA256 repositories using the extensions.objectFormat configuration option when the library is built with EXPERIMENTAL_SHA256=ON. Users are encouraged to begin testing their applications with this option and provide bug reports and feedback. This is a breaking API change; SHA256 support will be enabled by default in libgit2 v2.0.
Schannel and SSPI for Windows
libgit2 now supports the Windows Schannel and SSPI APIs for HTTPS support on Windows, when configured with USE_HTTPS=Schannel. Setting this option will not use the existing WinHTTP support, but will use libgit2's standard HTTP client stack with Windows TLS primitives. Windows users are encouraged to begin testing their applications with this option and provide bug reports and feedback. This will be enabled by default in a future version of libgit2.
Simplify custom pluggable allocator (System API / ABI breaking change)
The git_allocator structure (configurable by the GIT_OPT_SET_ALLOCATOR option) now only contains gmalloc, grealloc and gfree members. This simplifies both the work needed by an implementer and allows more flexibility and correctness in libgit2 itself, especially during out-of-memory situations and errors during bootstrapping.
GIT_ENOTFOUND for missing programdata by @ethomson in https://github.com/libgit2/libgit2/pull/6547
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.6.3...v1.7.0
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.6.3...v1.6.4
git_odb_open by @ethomson in https://github.com/libgit2/libgit2/pull/6520
git_index_add_all handles ignored directories by @ethomson in https://github.com/libgit2/libgit2/pull/6521
include/git2 by @ethomson in https://github.com/libgit2/libgit2/pull/6529
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.6.2...v1.6.3
remote: always populate old id in update tips by @ethomson in https://github.com/libgit2/libgit2/pull/6506
The update tips callback would not always be properly provided with an empty (0000000...) OID for new refs.
Revert #6503 by @ethomson in https://github.com/libgit2/libgit2/pull/6511 The certificate callback added port information for callbacks in #6503, but the format was ambiguous with IPv6 addresses. Revert this change temporarily.
Add git_odb_backend_loose back by @ethomson in https://github.com/libgit2/libgit2/pull/6512
During SHA256 refactoring, the git_odb_backend_loose API was accidentally removed. Add it back.
meta: configure pkg-config .pc correctly by @ethomson in https://github.com/libgit2/libgit2/pull/6514
During SHA256 refactoring, the pkg-config .pc file was erroneously renamed to git2 instead of libgit2. Repair this.
Full Changelog: https://github.com/libgit2/libgit2/compare/v1.6.1...v1.6.2
This is release v1.6.1, "Hubbeliges Krokodil". This release adds experimental SHA256 support and includes many new features and bugfixes. This release replaces libgit2 v1.6.0, which did not correctly update its version number(s).
Support for bare repositories with SHA256 support (experimental) by @ethomson in https://github.com/libgit2/libgit2/pull/6191
You can configure experimental SHA256 support in libgit2 with cmake -DEXPERIMENTAL_SHA256=ON during project setup. This is useful for considering future integrations, work on clients, and work on language bindings. At present, working with bare repositories should largely work, including remote operations. But many pieces of functionality - including working with the index - are not yet supported. As a result, libgit2 with SHA256 support should not be used in production or released with package distribution.
Support the notion of a home directory separately from global configuration directory by @ethomson in https://github.com/libgit2/libgit2/pull/6455 and https://github.com/libgit2/libgit2/pull/6456
Callers and language bindings can now configure the home directory that libgit2 uses for file lookups (eg, the .ssh directory). This configuration is separate from the git global configuration path.
stash: partial stash specific files by @gitkraken-jacobw in https://github.com/libgit2/libgit2/pull/6330
A stash can be created with only specific files, using a pathspec. This is similar to the git stash push command.
push: revparse refspec source, so you can push things that are not refs by @sven-of-cord in https://github.com/libgit2/libgit2/pull/6362 Pushes can be performed using refspecs instead of only references.
Support OpenSSL3 by @ethomson in https://github.com/libgit2/libgit2/pull/6464 and https://github.com/libgit2/libgit2/pull/6471 OpenSSL 3 is now supported, both when compiled directly and dynamically loaded.
GIT_ENOTFOUND. by @arroz in https://github.com/libgit2/libgit2/pull/6395
git_commit_graph_open(). by @derrickstolee in https://github.com/libgit2/libgit2/pull/6420
git_tag_create_from_buffer by @julianmesa-gitkraken in https://github.com/libgit2/libgit2/pull/6421
safe.directory * by @csware in https://github.com/libgit2/libgit2/pull/6429
git_submodule_update fails to update configured but missing submodule by @tagesuhu in https://github.com/libgit2/libgit2/pull/6434
git_clone__submodule to avoid file checks in workdir by @abizjak in https://github.com/libgit2/libgit2/pull/6444
diff_file: Fix crash when freeing a patch representing an empty untracked file by @jorio in https://github.com/libgit2/libgit2/pull/6475
oid_type on repos open with git_repository_open_bare by @arroz in https://github.com/libgit2/libgit2/pull/6492
oid_type to stream by @ethomson in https://github.com/libgit2/libgit2/pull/6499
create.c.bak by @lrm29 in https://github.com/libgit2/libgit2/pull/6398
experimental.h by @ethomson in https://github.com/libgit2/libgit2/pull/6405
-DWIN32_LEAN_AND_MEAN by @christoph-cullmann in https://github.com/libgit2/libgit2/pull/6373
-DEMBED_SSH_PATH by @vicr123 in https://github.com/libgit2/libgit2/pull/6374
off64_t for AIX by @bzEq in https://github.com/libgit2/libgit2/pull/6376
HTTP_PROXY before starting tests by @ethomson in https://github.com/libgit2/libgit2/pull/6498
git_repository_is_empty by @timrogers in https://github.com/libgit2/libgit2/pull/6500
This is a bugfix release to improve the SSH key handling functionality that was introduced in v1.5.1.
known_hosts file on Windows.known_hosts file for matches, to support remote hosts with multiple key types.All users of the v1.5 release line are recommended to upgrade.