]> git.proxmox.com Git - libgit2.git/blob - CHANGELOG.md
New upstream version 0.27.7+dfsg.1
[libgit2.git] / CHANGELOG.md
1 v0.27.7
2 -------
3
4 This is a bugfix release with the following changes or improvements:
5
6 - Our continuous integration environment has switched from Travis and
7 AppVeyor to Azure Pipelines CI.
8
9 - Fix adding worktrees for bare repositories.
10
11 - Fix parsed patches not computing the old respectively new line
12 numbers correctly.
13
14 - Fix parsing configuration variables which do not have a section.
15
16 - Fix a zero-byte allocation when trying to detect file renames and
17 copies of a diff without any hunks.
18
19 - Fix a zero-byte allocation when trying to resize or duplicate
20 vectors.
21
22 - Fix return value when trying to unlock worktrees which aren't
23 locked.
24
25 - Fix returning an unitialized error code when preparing a revision
26 walk without any pushed commits.
27
28 - Fix return value of `git_remote_lookup` when lookup of
29 "remote.$remote.tagopt" fails.
30
31 - Fix the revision walk always labelling commits as interesting due
32 to a mishandling of the commit date.
33
34 - Fix the packbuilder inserting uninteresting blobs when adding a
35 tree containing references to such blobs.
36
37 - Ignore unsupported authentication schemes in HTTP transport.
38
39 - Improve performane of `git_remote_prune`.
40
41 - Fix detection of whether `qsort_r` has a BSD or GNU function
42 signature.
43
44 - Fix detection of iconv if it is provided by libc.
45
46 v0.27.6
47 -------
48
49 This as a security release fixing the following list of issues:
50
51 - The function family `git__strtol` is used to parse integers
52 from a buffer. As the functions do not take a buffer length as
53 argument, they will scan either until the end of the current
54 number or until a NUL byte is encountered. Many callers have
55 been misusing the function and called it on potentially
56 non-NUL-terminated buffers, resulting in possible out-of-bounds
57 reads. Callers have been fixed to use `git__strntol` functions
58 instead and `git__strtol` functions were removed.
59
60 - The function `git__strntol64` relied on the undefined behavior
61 of signed integer overflows. While the code tried to detect
62 such overflows after they have happened, this is unspecified
63 behavior and may lead to weird behavior on uncommon platforms.
64
65 - In the case where `git__strntol32` was unable to parse an
66 integer because it doesn't fit into an `int32_t`, it printed an
67 error message containing the string that is currently being
68 parsed. The code didn't truncate the string though, which
69 caused it to print the complete string until a NUL byte is
70 encountered and not only the currently parsed number. In case
71 where the string was not NUL terminated, this could have lead
72 to an out-of-bounds read.
73
74 - When parsing tags, all unknown fields that appear before the
75 tag message are skipped. This skipping is done by using a plain
76 `strstr(buffer, "\n\n")` to search for the two newlines that
77 separate tag fields from tag message. As it is not possible to
78 supply a buffer length to `strstr`, this call may skip over the
79 buffer's end and thus result in an out of bounds read. As
80 `strstr` may return a pointer that is out of bounds, the
81 following computation of `buffer_end - buffer` will overflow
82 and result in an allocation of an invalid length. Note that
83 when reading objects from the object database, we make sure to
84 always NUL terminate them, making the use of `strstr` safe.
85
86 - When parsing the "encoding" field of a commit, we may perform
87 an out of bounds read due to using `git__prefixcmp` instead of
88 `git__prefixncmp`. This can result in the parsed commit object
89 containing uninitialized data in both its message encoding and
90 message fields. Note that when reading objects from the object
91 database, we make sure to always NUL terminate them, making the
92 use of `strstr` safe.
93
94 v0.27.5
95 -------
96
97 This is a security release fixing the following list of issues:
98
99 - Submodule URLs and paths with a leading "-" are now ignored.
100 This is due to the recently discovered CVE-2018-17456, which
101 can lead to arbitrary code execution in upstream git. While
102 libgit2 itself is not vulnerable, it can be used to inject
103 options in an implementation which performs a recursive clone
104 by executing an external command.
105
106 - When running repack while doing repo writes,
107 `packfile_load__cb()` could see some temporary files in the
108 directory that were bigger than the usual, and makes `memcmp`
109 overflow on the `p->pack_name` string. This issue was reported
110 and fixed by bisho.
111
112 - The configuration file parser used unbounded recursion to parse
113 multiline variables, which could lead to a stack overflow. The
114 issue was reported by the oss-fuzz project, issue 10048 and
115 fixed by Nelson Elhage.
116
117 - The fix to the unbounded recursion introduced a memory leak in
118 the config parser. While this leak was never in a public
119 release, the oss-fuzz project reported this as issue 10127. The
120 fix was implemented by Nelson Elhage and Patrick Steinhardt.
121
122 - When parsing "ok" packets received via the smart protocol, our
123 parsing code did not correctly verify the bounds of the
124 packets, which could result in a heap-buffer overflow. The
125 issue was reported by the oss-fuzz project, issue 9749 and
126 fixed by Patrick Steinhardt.
127
128 - The parsing code for the smart protocol has been tightened in
129 general, fixing heap-buffer overflows when parsing the packet
130 type as well as for "ACK" and "unpack" packets. The issue was
131 discovered and fixed by Patrick Steinhardt.
132
133 - Fixed potential integer overflows on platforms with 16 bit
134 integers when parsing packets for the smart protocol. The issue
135 was discovered and fixed by Patrick Steinhardt.
136
137 - Fixed potential NULL pointer dereference when parsing
138 configuration files which have "include.path" or
139 "includeIf..path" statements without a value.
140
141 v0.27.4
142 -------
143
144 This is a security release fixing out-of-bounds reads when
145 processing smart-protocol "ng" packets.
146
147 When parsing an "ng" packet, we keep track of both the current position
148 as well as the remaining length of the packet itself. But instead of
149 taking care not to exceed the length, we pass the current pointer's
150 position to `strchr`, which will search for a certain character until
151 hitting NUL. It is thus possible to create a crafted packet which
152 doesn't contain a NUL byte to trigger an out-of-bounds read.
153
154 The issue was discovered by the oss-fuzz project, issue 9406.
155
156 v0.27.3
157 -------
158
159 This is a security release fixing out-of-bounds reads when
160 reading objects from a packfile. This corresponds to
161 CVE-2018-10887 and CVE-2018-10888, which were both reported by
162 Riccardo Schirone.
163
164 When packing objects into a single so-called packfile, objects
165 may not get stored as complete copies but instead as deltas
166 against another object "base". A specially crafted delta object
167 could trigger an integer overflow and thus bypass our input
168 validation, which may result in copying memory before or after
169 the base object into the final deflated object. This may lead to
170 objects containing copies of system memory being written into the
171 object database. As the hash of those objects cannot be easily
172 controlled by the attacker, it is unlikely that any of those
173 objects will be valid and referenced by the commit graph.
174
175 Note that the error could also be triggered by the function
176 `git_apply__patch`. But as this function is not in use outside of
177 our test suite, it is not a possible attack vector.
178
179 v0.27.2
180 ---------
181
182 ### Changes or improvements
183
184 * Fix builds with LibreSSL 2.7.
185
186 * Fix for `git_diff_status_char()` not returning the correct mapping for
187 `GIT_DELTA_TYPECHANGE`.
188
189 * Fix for the submodules API not reporting errors when parsing the ".gitmodules"
190 file.
191
192 * Fix for accepting a ".gitmodules" file where two submodules have the same
193 path.
194
195 * Fix for hiding references in a graph walk not always limiting the graph
196 correctly.
197
198 * Fix for directory patterns with trailing spaces in attribute files not being
199 handled correctly.
200
201 * Fix SSH transports not properly disconnecting from the server.
202
203 * Fix reading HEAD reflog in worktrees.
204
205 * Update our copy of SHA1DC to fix errors with endianess on some platforms.
206
207 v0.27.1
208 ---------
209
210 This is a security release fixing insufficient validation of submodule names
211 (CVE-2018-11235, reported by Etienne Stalmans) and disallows `.gitmodules` files
212 as symlinks.
213
214 While submodule names come from the untrusted ".gitmodules" file, we blindly
215 append the name to "$GIT_DIR/modules" to construct the final path of the
216 submodule repository. In case the name contains e.g. "../", an adversary would
217 be able to escape your repository and write data at arbitrary paths. In
218 accordance with git, we now enforce some rules for submodule names which will
219 cause libgit2 to ignore these malicious names.
220
221 Adding a symlink as `.gitmodules` into the index from the workdir or checking
222 out such files is not allowed as this can make a Git implementation write
223 outside of the repository and bypass the `fsck` checks for CVE-2018-11235.
224
225 libgit2 is not susceptible to CVE-2018-11233.
226
227 v0.27
228 ---------
229
230 ### Changes or improvements
231
232 * Improved `p_unlink` in `posix_w32.c` to try and make a file writable
233 before sleeping in the retry loop to prevent unnecessary calls to sleep.
234
235 * The CMake build infrastructure has been improved to speed up building time.
236
237 * A new CMake option "-DUSE_HTTPS=<backend>" makes it possible to explicitly
238 choose an HTTP backend.
239
240 * A new CMake option "-DSHA1_BACKEND=<backend>" makes it possible to explicitly
241 choose an SHA1 backend. The collision-detecting backend is now the default.
242
243 * A new CMake option "-DUSE_BUNDLED_ZLIB" makes it possible to explicitly use
244 the bundled zlib library.
245
246 * A new CMake option "-DENABLE_REPRODUCIBLE_BUILDS" makes it possible to
247 generate a reproducible static archive. This requires support from your
248 toolchain.
249
250 * The minimum required CMake version has been bumped to 2.8.11.
251
252 * Writing to a configuration file now preserves the case of the key given by the
253 caller for the case-insensitive portions of the key (existing sections are
254 used even if they don't match).
255
256 * We now support conditional includes in configuration files.
257
258 * Fix for handling re-reading of configuration files with includes.
259
260 * Fix for reading patches which contain exact renames only.
261
262 * Fix for reading patches with whitespace in the compared files' paths.
263
264 * We will now fill `FETCH_HEAD` from all passed refspecs instead of overwriting
265 with the last one.
266
267 * There is a new diff option, `GIT_DIFF_INDENT_HEURISTIC` which activates a
268 heuristic which takes into account whitespace and indentation in order to
269 produce better diffs when dealing with ambiguous diff hunks.
270
271 * Fix for pattern-based ignore rules where files ignored by a rule cannot be
272 un-ignored by another rule.
273
274 * Sockets opened by libgit2 are now being closed on exec(3) if the platform
275 supports it.
276
277 * Fix for peeling annotated tags from packed-refs files.
278
279 * Fix reading huge loose objects from the object database.
280
281 * Fix files not being treated as modified when only the file mode has changed.
282
283 * We now explicitly reject adding submodules to the index via
284 `git_index_add_frombuffer`.
285
286 * Fix handling of `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` raising `SIGABRT` when
287 one file has been deleted and another file has been rewritten.
288
289 * Fix for WinHTTP not properly handling NTLM and Negotiate challenges.
290
291 * When using SSH-based transports, we now repeatedly ask for the passphrase to
292 decrypt the private key in case a wrong passphrase is being provided.
293
294 * When generating conflict markers, they will now use the same line endings as
295 the rest of the file.
296
297 ### API additions
298
299 * The `git_merge_file_options` structure now contains a new setting,
300 `marker_size`. This allows users to set the size of markers that
301 delineate the sides of merged files in the output conflict file.
302 By default this is 7 (`GIT_MERGE_CONFLICT_MARKER_SIZE`), which
303 produces output markers like `<<<<<<<` and `>>>>>>>`.
304
305 * `git_remote_create_detached()` creates a remote that is not associated
306 to any repository (and does not apply configuration like 'insteadof' rules).
307 This is mostly useful for e.g. emulating `git ls-remote` behavior.
308
309 * `git_diff_patchid()` lets you generate patch IDs for diffs.
310
311 * `git_status_options` now has an additional field `baseline` to allow creating
312 status lists against different trees.
313
314 * New family of functions to allow creating notes for a specific notes commit
315 instead of for a notes reference.
316
317 * New family of functions to allow parsing message trailers. This API is still
318 experimental and may change in future releases.
319
320 ### API removals
321
322 ### Breaking API changes
323
324 * Signatures now distinguish between +0000 and -0000 UTC offsets.
325
326 * The certificate check callback in the WinHTTP transport will now receive the
327 `message_cb_payload` instead of the `cred_acquire_payload`.
328
329 * We are now reading symlinked directories under .git/refs.
330
331 * We now refuse creating branches named "HEAD".
332
333 * We now refuse reading and writing all-zero object IDs into the
334 object database.
335
336 * We now read the effective user's configuration file instead of the real user's
337 configuration in case libgit2 runs as part of a setuid binary.
338
339 * The `git_odb_open_rstream` function and its `readstream` callback in the
340 `git_odb_backend` interface have changed their signatures to allow providing
341 the object's size and type to the caller.
342
343 v0.26
344 -----
345
346 ### Changes or improvements
347
348 * Support for opening, creating and modifying worktrees.
349
350 * We can now detect SHA1 collisions resulting from the SHAttered attack. These
351 checks can be enabled at build time via `-DUSE_SHA1DC`.
352
353 * Fix for missing implementation of `git_merge_driver_source` getters.
354
355 * Fix for installed pkg-config file being broken when the prefix contains
356 spaces.
357
358 * We now detect when the hashsum of on-disk objects does not match their
359 expected hashsum.
360
361 * We now support open-ended ranges (e.g. "master..", "...master") in our
362 revision range parsing code.
363
364 * We now correctly compute ignores with leading "/" in subdirectories.
365
366 * We now optionally call `fsync` on loose objects, packfiles and their indexes,
367 loose references and packed reference files.
368
369 * We can now build against OpenSSL v1.1 and against LibreSSL.
370
371 * `GIT_MERGE_OPTIONS_INIT` now includes a setting to perform rename detection.
372 This aligns this structure with the default by `git_merge` and
373 `git_merge_trees` when `NULL` was provided for the options.
374
375 * Improvements for reading index v4 files.
376
377 * Perform additional retries for filesystem operations on Windows when files
378 are temporarily locked by other processes.
379
380 ### API additions
381
382 * New family of functions to handle worktrees:
383
384 * `git_worktree_list()` lets you look up worktrees for a repository.
385 * `git_worktree_lookup()` lets you get a specific worktree.
386 * `git_worktree_open_from_repository()` lets you get the associated worktree
387 of a repository.
388 a worktree.
389 * `git_worktree_add` lets you create new worktrees.
390 * `git_worktree_prune` lets you remove worktrees from disk.
391 * `git_worktree_lock()` and `git_worktree_unlock()` let you lock
392 respectively unlock a worktree.
393 * `git_repository_open_from_worktree()` lets you open a repository via
394 * `git_repository_head_for_worktree()` lets you get the current `HEAD` for a
395 linked worktree.
396 * `git_repository_head_detached_for_worktree()` lets you check whether a
397 linked worktree is in detached HEAD mode.
398
399 * `git_repository_item_path()` lets you retrieve paths for various repository
400 files.
401
402 * `git_repository_commondir()` lets you retrieve the common directory of a
403 repository.
404
405 * `git_branch_is_checked_out()` allows you to check whether a branch is checked
406 out in a repository or any of its worktrees.
407
408 * `git_repository_submodule_cache_all()` and
409 `git_repository_submodule_cache_clear()` functions allow you to prime or clear
410 the submodule cache of a repository.
411
412 * You can disable strict hash verifications via the
413 `GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION` option with `git_libgit2_opts()`.
414
415 * You can enable us calling `fsync` for various files inside the ".git"
416 directory by setting the `GIT_OPT_ENABLE_FSYNC_GITDIR` option with
417 `git_libgit2_opts()`.
418
419 * You can now enable "offset deltas" when creating packfiles and negotiating
420 packfiles with a remote server by setting `GIT_OPT_ENABLE_OFS_DELTA` option
421 with `GIT_libgit2_opts()`.
422
423 * You can now set the default share mode on Windows for opening files using
424 `GIT_OPT_SET_WINDOWS_SHAREMODE` option with `git_libgit2_opts()`.
425 You can query the current share mode with `GIT_OPT_GET_WINDOWS_SHAREMODE`.
426
427 * `git_transport_smart_proxy_options()' enables you to get the proxy options for
428 smart transports.
429
430 * The `GIT_FILTER_INIT` macro and the `git_filter_init` function are provided
431 to initialize a `git_filter` structure.
432
433 ### Breaking API changes
434
435 * `clone_checkout_strategy` has been removed from
436 `git_submodule_update_option`. The checkout strategy used to clone will
437 be the same strategy specified in `checkout_opts`.
438
439 v0.25
440 -------
441
442 ### Changes or improvements
443
444 * Fix repository discovery with `git_repository_discover` and
445 `git_repository_open_ext` to match git's handling of a ceiling
446 directory at the current directory. git only checks ceiling
447 directories when its search ascends to a parent directory. A ceiling
448 directory matching the starting directory will not prevent git from
449 finding a repository in the starting directory or a parent directory.
450
451 * Do not fail when deleting remotes in the presence of broken
452 global configs which contain branches.
453
454 * Support for reading and writing git index v4 files
455
456 * Improve the performance of the revwalk and bring us closer to git's code.
457
458 * The reference db has improved support for concurrency and returns `GIT_ELOCKED`
459 when an operation could not be performed due to locking.
460
461 * Nanosecond resolution is now activated by default, following git's change to
462 do this.
463
464 * We now restrict the set of ciphers we let OpenSSL use by default.
465
466 * Users can now register their own merge drivers for use with `.gitattributes`.
467 The library also gained built-in support for the union merge driver.
468
469 * The default for creating references is now to validate that the object does
470 exist.
471
472 * Add `git_proxy_options` which is used by the different networking
473 implementations to let the caller specify the proxy settings instead of
474 relying on the environment variables.
475
476 ### API additions
477
478 * You can now get the user-agent used by libgit2 using the
479 `GIT_OPT_GET_USER_AGENT` option with `git_libgit2_opts()`.
480 It is the counterpart to `GIT_OPT_SET_USER_AGENT`.
481
482 * The `GIT_OPT_SET_SSL_CIPHERS` option for `git_libgit2_opts()` lets you specify
483 a custom list of ciphers to use for OpenSSL.
484
485 * `git_commit_create_buffer()` creates a commit and writes it into a
486 user-provided buffer instead of writing it into the object db. Combine it with
487 `git_commit_create_with_signature()` in order to create a commit with a
488 cryptographic signature.
489
490 * `git_blob_create_fromstream()` and
491 `git_blob_create_fromstream_commit()` allow you to create a blob by
492 writing into a stream. Useful when you do not know the final size or
493 want to copy the contents from another stream.
494
495 * New flags for `git_repository_open_ext`:
496
497 * `GIT_REPOSITORY_OPEN_NO_DOTGIT` - Do not check for a repository by
498 appending `/.git` to the `start_path`; only open the repository if
499 `start_path` itself points to the git directory.
500 * `GIT_REPOSITORY_OPEN_FROM_ENV` - Find and open a git repository,
501 respecting the environment variables used by the git command-line
502 tools. If set, `git_repository_open_ext` will ignore the other
503 flags and the `ceiling_dirs` argument, and will allow a NULL
504 `path` to use `GIT_DIR` or search from the current directory. The
505 search for a repository will respect `$GIT_CEILING_DIRECTORIES`
506 and `$GIT_DISCOVERY_ACROSS_FILESYSTEM`. The opened repository
507 will respect `$GIT_INDEX_FILE`, `$GIT_NAMESPACE`,
508 `$GIT_OBJECT_DIRECTORY`, and `$GIT_ALTERNATE_OBJECT_DIRECTORIES`.
509 In the future, this flag will also cause `git_repository_open_ext`
510 to respect `$GIT_WORK_TREE` and `$GIT_COMMON_DIR`; currently,
511 `git_repository_open_ext` with this flag will error out if either
512 `$GIT_WORK_TREE` or `$GIT_COMMON_DIR` is set.
513
514 * `git_diff_from_buffer()` can create a `git_diff` object from the contents
515 of a git-style patch file.
516
517 * `git_index_version()` and `git_index_set_version()` to get and set
518 the index version
519
520 * `git_odb_expand_ids()` lets you check for the existence of multiple
521 objects at once.
522
523 * The new `git_blob_dup()`, `git_commit_dup()`, `git_tag_dup()` and
524 `git_tree_dup()` functions provide type-specific wrappers for
525 `git_object_dup()` to reduce noise and increase type safety for callers.
526
527 * `git_reference_dup()` lets you duplicate a reference to aid in ownership
528 management and cleanup.
529
530 * `git_signature_from_buffer()` lets you create a signature from a string in the
531 format that appear in objects.
532
533 * `git_tree_create_updated()` lets you create a tree based on another one
534 together with a list of updates. For the covered update cases, it's more
535 efficient than the `git_index` route.
536
537 * `git_apply_patch()` applies hunks from a `git_patch` to a buffer.
538
539 * `git_diff_to_buf()` lets you print an entire diff directory to a buffer,
540 similar to how `git_patch_to_buf()` works.
541
542 * `git_proxy_init_options()` is added to initialize a `git_proxy_options`
543 structure at run-time.
544
545 * `git_merge_driver_register()`, `git_merge_driver_unregister()` let you
546 register and unregister a custom merge driver to be used when `.gitattributes`
547 specifies it.
548
549 * `git_merge_driver_lookup()` can be used to look up a merge driver by name.
550
551 * `git_merge_driver_source_repo()`, `git_merge_driver_source_ancestor()`,
552 `git_merge_driver_source_ours()`, `git_merge_driver_source_theirs()`,
553 `git_merge_driver_source_file_options()` added as accessors to
554 `git_merge_driver_source`.
555
556 ### API removals
557
558 * `git_blob_create_fromchunks()` has been removed in favour of
559 `git_blob_create_fromstream()`.
560
561 ### Breaking API changes
562
563 * `git_packbuilder_object_count` and `git_packbuilder_written` now
564 return a `size_t` instead of a `uint32_t` for more thorough
565 compatibility with the rest of the library.
566
567 * `git_packbuiler_progress` now provides explicitly sized `uint32_t`
568 values instead of `unsigned int`.
569
570 * `git_diff_file` now includes an `id_abbrev` field that reflects the
571 number of nibbles set in the `id` field.
572
573 * `git_odb_backend` now has a `freshen` function pointer. This optional
574 function pointer is similar to the `exists` function, but it will update
575 a last-used marker. For filesystem-based object databases, this updates
576 the timestamp of the file containing the object, to indicate "freshness".
577 If this is `NULL`, then it will not be called and the `exists` function
578 will be used instead.
579
580 * `git_remote_connect()` now accepts `git_proxy_options` argument, and
581 `git_fetch_options` and `git_push_options` each have a `proxy_opts` field.
582
583 * `git_merge_options` now provides a `default_driver` that can be used
584 to provide the name of a merge driver to be used to handle files changed
585 during a merge.
586
587 v0.24
588 -------
589
590 ### Changes or improvements
591
592 * Custom merge drivers can now be registered, which allows callers to
593 configure callbacks to honor `merge=driver` configuration in
594 `.gitattributes`.
595
596 * Custom filters can now be registered with wildcard attributes, for
597 example `filter=*`. Consumers should examine the attributes parameter
598 of the `check` function for details.
599
600 * Symlinks are now followed when locking a file, which can be
601 necessary when multiple worktrees share a base repository.
602
603 * You can now set your own user-agent to be sent for HTTP requests by
604 using the `GIT_OPT_SET_USER_AGENT` with `git_libgit2_opts()`.
605
606 * You can set custom HTTP header fields to be sent along with requests
607 by passing them in the fetch and push options.
608
609 * Tree objects are now assumed to be sorted. If a tree is not
610 correctly formed, it will give bad results. This is the git approach
611 and cuts a significant amount of time when reading the trees.
612
613 * Filter registration is now protected against concurrent
614 registration.
615
616 * Filenames which are not valid on Windows in an index no longer cause
617 to fail to parse it on that OS.
618
619 * Rebases can now be performed purely in-memory, without touching the
620 repository's workdir.
621
622 * When adding objects to the index, or when creating new tree or commit
623 objects, the inputs are validated to ensure that the dependent objects
624 exist and are of the correct type. This object validation can be
625 disabled with the GIT_OPT_ENABLE_STRICT_OBJECT_CREATION option.
626
627 * The WinHTTP transport's handling of bad credentials now behaves like
628 the others, asking for credentials again.
629
630 ### API additions
631
632 * `git_config_lock()` has been added, which allow for
633 transactional/atomic complex updates to the configuration, removing
634 the opportunity for concurrent operations and not committing any
635 changes until the unlock.
636
637 * `git_diff_options` added a new callback `progress_cb` to report on the
638 progress of the diff as files are being compared. The documentation of
639 the existing callback `notify_cb` was updated to reflect that it only
640 gets called when new deltas are added to the diff.
641
642 * `git_fetch_options` and `git_push_options` have gained a `custom_headers`
643 field to set the extra HTTP header fields to send.
644
645 * `git_stream_register_tls()` lets you register a callback to be used
646 as the constructor for a TLS stream instead of the libgit2 built-in
647 one.
648
649 * `git_commit_header_field()` allows you to look up a specific header
650 field in a commit.
651
652 * `git_commit_extract_signature()` extracts the signature from a
653 commit and gives you both the signature and the signed data so you
654 can verify it.
655
656 ### API removals
657
658 * No APIs were removed in this version.
659
660 ### Breaking API changes
661
662 * The `git_merge_tree_flag_t` is now `git_merge_flag_t`. Subsequently,
663 its members are no longer prefixed with `GIT_MERGE_TREE_FLAG` but are
664 now prefixed with `GIT_MERGE_FLAG`, and the `tree_flags` field of the
665 `git_merge_options` structure is now named `flags`.
666
667 * The `git_merge_file_flags_t` enum is now `git_merge_file_flag_t` for
668 consistency with other enum type names.
669
670 * `git_cert` descendent types now have a proper `parent` member
671
672 * It is the responsibility of the refdb backend to decide what to do
673 with the reflog on ref deletion. The file-based backend must delete
674 it, a database-backed one may wish to archive it.
675
676 * `git_config_backend` has gained two entries. `lock` and `unlock`
677 with which to implement the transactional/atomic semantics for the
678 configuration backend.
679
680 * `git_index_add` and `git_index_conflict_add()` will now use the case
681 as provided by the caller on case insensitive systems. Previous
682 versions would keep the case as it existed in the index. This does
683 not affect the higher-level `git_index_add_bypath` or
684 `git_index_add_frombuffer` functions.
685
686 * The `notify_payload` field of `git_diff_options` was renamed to `payload`
687 to reflect that it's also the payload for the new progress callback.
688
689 * The `git_config_level_t` enum has gained a higher-priority value
690 `GIT_CONFIG_LEVEL_PROGRAMDATA` which represent a rough Windows equivalent
691 to the system level configuration.
692
693 * `git_rebase_options` now has a `merge_options` field.
694
695 * The index no longer performs locking itself. This is not something
696 users of the library should have been relying on as it's not part of
697 the concurrency guarantees.
698
699 * `git_remote_connect()` now takes a `custom_headers` argument to set
700 the extra HTTP header fields to send.
701
702 v0.23
703 ------
704
705 ### Changes or improvements
706
707 * Patience and minimal diff drivers can now be used for merges.
708
709 * Merges can now ignore whitespace changes.
710
711 * Updated binary identification in CRLF filtering to avoid false positives in
712 UTF-8 files.
713
714 * Rename and copy detection is enabled for small files.
715
716 * Checkout can now handle an initial checkout of a repository, making
717 `GIT_CHECKOUT_SAFE_CREATE` unnecessary for users of clone.
718
719 * The signature parameter in the ref-modifying functions has been
720 removed. Use `git_repository_set_ident()` and
721 `git_repository_ident()` to override the signature to be used.
722
723 * The local transport now auto-scales the number of threads to use
724 when creating the packfile instead of sticking to one.
725
726 * Reference renaming now uses the right id for the old value.
727
728 * The annotated version of branch creation, HEAD detaching and reset
729 allow for specifying the expression from the user to be put into the
730 reflog.
731
732 * `git_rebase_commit` now returns `GIT_EUNMERGED` when you attempt to
733 commit with unstaged changes.
734
735 * On Mac OS X, we now use SecureTransport to provide the cryptographic
736 support for HTTPS connections insead of OpenSSL.
737
738 * Checkout can now accept an index for the baseline computations via the
739 `baseline_index` member.
740
741 * The configuration for fetching is no longer stored inside the
742 `git_remote` struct but has been moved to a `git_fetch_options`. The
743 remote functions now take these options or the callbacks instead of
744 setting them beforehand.
745
746 * `git_submodule` instances are no longer cached or shared across
747 lookup. Each submodule represents the configuration at the time of
748 loading.
749
750 * The index now uses diffs for `add_all()` and `update_all()` which
751 gives it a speed boost and closer semantics to git.
752
753 * The ssh transport now reports the stderr output from the server as
754 the error message, which allows you to get the "repository not
755 found" messages.
756
757 * `git_index_conflict_add()` will remove staged entries that exist for
758 conflicted paths.
759
760 * The flags for a `git_diff_file` will now have the `GIT_DIFF_FLAG_EXISTS`
761 bit set when a file exists on that side of the diff. This is useful
762 for understanding whether a side of the diff exists in the presence of
763 a conflict.
764
765 * The constructor for a write-stream into the odb now takes
766 `git_off_t` instead of `size_t` for the size of the blob, which
767 allows putting large files into the odb on 32-bit systems.
768
769 * The remote's push and pull URLs now honor the url.$URL.insteadOf
770 configuration. This allows modifying URL prefixes to a custom
771 value via gitconfig.
772
773 * `git_diff_foreach`, `git_diff_blobs`, `git_diff_blob_to_buffer`,
774 and `git_diff_buffers` now accept a new binary callback of type
775 `git_diff_binary_cb` that includes the binary diff information.
776
777 * The race condition mitigations described in `racy-git.txt` have been
778 implemented.
779
780 * If libcurl is installed, we will use it to connect to HTTP(S)
781 servers.
782
783 ### API additions
784
785 * The `git_merge_options` gained a `file_flags` member.
786
787 * Parsing and retrieving a configuration value as a path is exposed
788 via `git_config_parse_path()` and `git_config_get_path()`
789 respectively.
790
791 * `git_repository_set_ident()` and `git_repository_ident()` serve to
792 set and query which identity will be used when writing to the
793 reflog.
794
795 * `git_config_entry_free()` frees a config entry.
796
797 * `git_config_get_string_buf()` provides a way to safely retrieve a
798 string from a non-snapshot configuration.
799
800 * `git_annotated_commit_from_revspec()` allows to get an annotated
801 commit from an extended sha synatx string.
802
803 * `git_repository_set_head_detached_from_annotated()`,
804 `git_branch_create_from_annotated()` and
805 `git_reset_from_annotated()` allow for the caller to provide an
806 annotated commit through which they can control what expression is
807 put into the reflog as the source/target.
808
809 * `git_index_add_frombuffer()` can now create a blob from memory
810 buffer and add it to the index which is attached to a repository.
811
812 * The structure `git_fetch_options` has been added to determine the
813 runtime configuration for fetching, such as callbacks, pruning and
814 autotag behaviour. It has the runtime initializer
815 `git_fetch_init_options()`.
816
817 * The enum `git_fetch_prune_t` has been added, letting you specify the
818 pruning behaviour for a fetch.
819
820 * A push operation will notify the caller of what updates it indends
821 to perform on the remote, which provides similar information to
822 git's pre-push hook.
823
824 * `git_stash_apply()` can now apply a stashed state from the stash list,
825 placing the data into the working directory and index.
826
827 * `git_stash_pop()` will apply a stashed state (like `git_stash_apply()`)
828 but will remove the stashed state after a successful application.
829
830 * A new error code `GIT_EEOF` indicates an early EOF from the
831 server. This typically indicates an error with the URL or
832 configuration of the server, and tools can use this to show messages
833 about failing to communicate with the server.
834
835 * A new error code `GIT_EINVALID` indicates that an argument to a
836 function is invalid, or an invalid operation was requested.
837
838 * `git_diff_index_to_workdir()` and `git_diff_tree_to_index()` will now
839 produce deltas of type `GIT_DELTA_CONFLICTED` to indicate that the index
840 side of the delta is a conflict.
841
842 * The `git_status` family of functions will now produce status of type
843 `GIT_STATUS_CONFLICTED` to indicate that a conflict exists for that file
844 in the index.
845
846 * `git_index_entry_is_conflict()` is a utility function to determine if
847 a given index entry has a non-zero stage entry, indicating that it is
848 one side of a conflict.
849
850 * It is now possible to pass a keypair via a buffer instead of a
851 path. For this, `GIT_CREDTYPE_SSH_MEMORY` and
852 `git_cred_ssh_key_memory_new()` have been added.
853
854 * `git_filter_list_contains` will indicate whether a particular
855 filter will be run in the given filter list.
856
857 * `git_commit_header_field()` has been added, which allows retrieving
858 the contents of an arbitrary header field.
859
860 * `git_submodule_set_branch()` allows to set the configured branch for
861 a submodule.
862
863 ### API removals
864
865 * `git_remote_save()` and `git_remote_clear_refspecs()` have been
866 removed. Remote's configuration is changed via the configuration
867 directly or through a convenience function which performs changes to
868 the configuration directly.
869
870 * `git_remote_set_callbacks()`, `git_remote_get_callbacks()` and
871 `git_remote_set_transport()` have been removed and the remote no
872 longer stores this configuration.
873
874 * `git_remote_set_fetch_refpecs()` and
875 `git_remote_set_push_refspecs()` have been removed. There is no
876 longer a way to set the base refspecs at run-time.
877
878 * `git_submodule_save()` has been removed. The submodules are no
879 longer configured via the objects.
880
881 * `git_submodule_reload_all()` has been removed as we no longer cache
882 submodules.
883
884 ### Breaking API changes
885
886 * `git_smart_subtransport_cb` now has a `param` parameter.
887
888 * The `git_merge_options` structure member `flags` has been renamed
889 to `tree_flags`.
890
891 * The `git_merge_file_options` structure member `flags` is now
892 an unsigned int. It was previously a `git_merge_file_flags_t`.
893
894 * `GIT_CHECKOUT_SAFE_CREATE` has been removed. Most users will generally
895 be able to switch to `GIT_CHECKOUT_SAFE`, but if you require missing
896 file handling during checkout, you may now use `GIT_CHECKOUT_SAFE |
897 GIT_CHECKOUT_RECREATE_MISSING`.
898
899 * The `git_clone_options` and `git_submodule_update_options`
900 structures no longer have a `signature` field.
901
902 * The following functions have removed the signature and/or log message
903 parameters in favour of git-emulating ones.
904
905 * `git_branch_create()`, `git_branch_move()`
906 * `git_rebase_init()`, `git_rebase_abort()`
907 * `git_reference_symbolic_create_matching()`,
908 `git_reference_symbolic_create()`, `git_reference_create()`,
909 `git_reference_create_matching()`,
910 `git_reference_symbolic_set_target()`,
911 `git_reference_set_target()`, `git_reference_rename()`
912 * `git_remote_update_tips()`, `git_remote_fetch()`, `git_remote_push()`
913 * `git_repository_set_head()`,
914 `git_repository_set_head_detached()`,
915 `git_repository_detach_head()`
916 * `git_reset()`
917
918 * `git_config_get_entry()` now gives back a ref-counted
919 `git_config_entry`. You must free it when you no longer need it.
920
921 * `git_config_get_string()` will return an error if used on a
922 non-snapshot configuration, as there can be no guarantee that the
923 returned pointer is valid.
924
925 * `git_note_default_ref()` now uses a `git_buf` to return the string,
926 as the string is otherwise not guaranteed to stay allocated.
927
928 * `git_rebase_operation_current()` will return `GIT_REBASE_NO_OPERATION`
929 if it is called immediately after creating a rebase session but before
930 you have applied the first patch.
931
932 * `git_rebase_options` now contains a `git_checkout_options` struct
933 that will be used for functions that modify the working directory,
934 namely `git_rebase_init`, `git_rebase_next` and
935 `git_rebase_abort`. As a result, `git_rebase_open` now also takes
936 a `git_rebase_options` and only the `git_rebase_init` and
937 `git_rebase_open` functions take a `git_rebase_options`, where they
938 will persist the options to subsequent `git_rebase` calls.
939
940 * The `git_clone_options` struct now has fetch options in a
941 `fetch_opts` field instead of remote callbacks in
942 `remote_callbacks`.
943
944 * The remote callbacks has gained a new member `push_negotiation`
945 which gets called before sending the update commands to the server.
946
947 * The following functions no longer act on a remote instance but
948 change the repository's configuration. Their signatures have changed
949 accordingly:
950
951 * `git_remote_set_url()`, `git_remote_seturl()`
952 * `git_remote_add_fetch()`, `git_remote_add_push()` and
953 * `git_remote_set_autotag()`
954
955 * `git_remote_connect()` and `git_remote_prune()` now take a pointer
956 to the callbacks.
957
958 * `git_remote_fetch()` and `git_remote_download()` now take a pointer
959 to fetch options which determine the runtime configuration.
960
961 * The `git_remote_autotag_option_t` values have been changed. It has
962 gained a `_UNSPECIFIED` default value to specify no override for the
963 configured setting.
964
965 * `git_remote_update_tips()` now takes a pointer to the callbacks as
966 well as a boolean whether to write `FETCH_HEAD` and the autotag
967 setting.
968
969 * `git_remote_create_anonymous()` no longer takes a fetch refspec as
970 url-only remotes cannot have configured refspecs.
971
972 * The `git_submodule_update_options` struct now has fetch options in
973 the `fetch_opts` field instead of callbacks in the
974 `remote_callbacks` field.
975
976 * The following functions no longer act on a submodule instance but
977 change the repository's configuration. Their signatures have changed
978 accordingly:
979
980 * `git_submodule_set_url()`, `git_submodule_set_ignore()`,
981 `git_submodule_set_update()`,
982 `git_submodule_set_fetch_recurse_submodules()`.
983
984 * `git_submodule_status()` no longer takes a submodule instance but a
985 repsitory, a submodule name and an ignore setting.
986
987 * The `push` function in the `git_transport` interface now takes a
988 pointer to the remote callbacks.
989
990 * The `git_index_entry` struct's fields' types have been changed to
991 more accurately reflect what is in fact stored in the
992 index. Specifically, time and file size are 32 bits intead of 64, as
993 these values are truncated.
994
995 * `GIT_EMERGECONFLICT` is now `GIT_ECONFLICT`, which more accurately
996 describes the nature of the error.
997
998 * It is no longer allowed to call `git_buf_grow()` on buffers
999 borrowing the memory they point to.
1000
1001 v0.22
1002 ------
1003
1004 ### Changes or improvements
1005
1006 * `git_signature_new()` now requires a non-empty email address.
1007
1008 * Use CommonCrypto libraries for SHA-1 calculation on Mac OS X.
1009
1010 * Disable SSL compression and SSLv2 and SSLv3 ciphers in favor of TLSv1
1011 in OpenSSL.
1012
1013 * The fetch behavior of remotes with autotag set to `GIT_REMOTE_DOWNLOAD_TAGS_ALL`
1014 has been changed to match git 1.9.0 and later. In this mode, libgit2 now
1015 fetches all tags in addition to whatever else needs to be fetched.
1016
1017 * `git_checkout()` now handles case-changing renames correctly on
1018 case-insensitive filesystems; for example renaming "readme" to "README".
1019
1020 * The search for libssh2 is now done via pkg-config instead of a
1021 custom search of a few directories.
1022
1023 * Add support for core.protectHFS and core.protectNTFS. Add more
1024 validation for filenames which we write such as references.
1025
1026 * The local transport now generates textual progress output like
1027 git-upload-pack does ("counting objects").
1028
1029 * `git_checkout_index()` can now check out an in-memory index that is not
1030 necessarily the repository's index, so you may check out an index
1031 that was produced by git_merge and friends while retaining the cached
1032 information.
1033
1034 * Remove the default timeout for receiving / sending data over HTTP using
1035 the WinHTTP transport layer.
1036
1037 * Add SPNEGO (Kerberos) authentication using GSSAPI on Unix systems.
1038
1039 * Provide built-in objects for the empty blob (e69de29) and empty
1040 tree (4b825dc) objects.
1041
1042 * The index' tree cache is now filled upon read-tree and write-tree
1043 and the cache is written to disk.
1044
1045 * LF -> CRLF filter refuses to handle mixed-EOL files
1046
1047 * LF -> CRLF filter now runs when * text = auto (with Git for Windows 1.9.4)
1048
1049 * File unlocks are atomic again via rename. Read-only files on Windows are
1050 made read-write if necessary.
1051
1052 * Share open packfiles across repositories to share descriptors and mmaps.
1053
1054 * Use a map for the treebuilder, making insertion O(1)
1055
1056 * The build system now accepts an option EMBED_SSH_PATH which when set
1057 tells it to include a copy of libssh2 at the given location. This is
1058 enabled for MSVC.
1059
1060 * Add support for refspecs with the asterisk in the middle of a
1061 pattern.
1062
1063 * Fetching now performs opportunistic updates. To achieve this, we
1064 introduce a difference between active and passive refspecs, which
1065 make `git_remote_download()` and `git_remote_fetch()` to take a list of
1066 resfpecs to be the active list, similarly to how git fetch accepts a
1067 list on the command-line.
1068
1069 * The THREADSAFE option to build libgit2 with threading support has
1070 been flipped to be on by default.
1071
1072 * The remote object has learnt to prune remote-tracking branches. If
1073 the remote is configured to do so, this will happen via
1074 `git_remote_fetch()`. You can also call `git_remote_prune()` after
1075 connecting or fetching to perform the prune.
1076
1077
1078 ### API additions
1079
1080 * Introduce `git_buf_text_is_binary()` and `git_buf_text_contains_nul()` for
1081 consumers to perform binary detection on a git_buf.
1082
1083 * `git_branch_upstream_remote()` has been introduced to provide the
1084 branch.<name>.remote configuration value.
1085
1086 * Introduce `git_describe_commit()` and `git_describe_workdir()` to provide
1087 a description of the current commit (and working tree, respectively)
1088 based on the nearest tag or reference
1089
1090 * Introduce `git_merge_bases()` and the `git_oidarray` type to expose all
1091 merge bases between two commits.
1092
1093 * Introduce `git_merge_bases_many()` to expose all merge bases between
1094 multiple commits.
1095
1096 * Introduce rebase functionality (using the merge algorithm only).
1097 Introduce `git_rebase_init()` to begin a new rebase session,
1098 `git_rebase_open()` to open an in-progress rebase session,
1099 `git_rebase_commit()` to commit the current rebase operation,
1100 `git_rebase_next()` to apply the next rebase operation,
1101 `git_rebase_abort()` to abort an in-progress rebase and `git_rebase_finish()`
1102 to complete a rebase operation.
1103
1104 * Introduce `git_note_author()` and `git_note_committer()` to get the author
1105 and committer information on a `git_note`, respectively.
1106
1107 * A factory function for ssh has been added which allows to change the
1108 path of the programs to execute for receive-pack and upload-pack on
1109 the server, `git_transport_ssh_with_paths()`.
1110
1111 * The ssh transport supports asking the remote host for accepted
1112 credential types as well as multiple challeges using a single
1113 connection. This requires to know which username you want to connect
1114 as, so this introduces the USERNAME credential type which the ssh
1115 transport will use to ask for the username.
1116
1117 * The `GIT_EPEEL` error code has been introduced when we cannot peel a tag
1118 to the requested object type; if the given object otherwise cannot be
1119 peeled, `GIT_EINVALIDSPEC` is returned.
1120
1121 * Introduce `GIT_REPOSITORY_INIT_RELATIVE_GITLINK` to use relative paths
1122 when writing gitlinks, as is used by git core for submodules.
1123
1124 * `git_remote_prune()` has been added. See above for description.
1125
1126
1127 * Introduce reference transactions, which allow multiple references to
1128 be locked at the same time and updates be queued. This also allows
1129 us to safely update a reflog with arbitrary contents, as we need to
1130 do for stash.
1131
1132 ### API removals
1133
1134 * `git_remote_supported_url()` and `git_remote_is_valid_url()` have been
1135 removed as they have become essentially useless with rsync-style ssh paths.
1136
1137 * `git_clone_into()` and `git_clone_local_into()` have been removed from the
1138 public API in favour of `git_clone callbacks`.
1139
1140 * The option to ignore certificate errors via `git_remote_cert_check()`
1141 is no longer present. Instead, `git_remote_callbacks` has gained a new
1142 entry which lets the user perform their own certificate checks.
1143
1144 ### Breaking API changes
1145
1146 * `git_cherry_pick()` is now `git_cherrypick()`.
1147
1148 * The `git_submodule_update()` function was renamed to
1149 `git_submodule_update_strategy()`. `git_submodule_update()` is now used to
1150 provide functionalty similar to "git submodule update".
1151
1152 * `git_treebuilder_create()` was renamed to `git_treebuilder_new()` to better
1153 reflect it being a constructor rather than something which writes to
1154 disk.
1155
1156 * `git_treebuilder_new()` (was `git_treebuilder_create()`) now takes a
1157 repository so that it can query repository configuration.
1158 Subsequently, `git_treebuilder_write()` no longer takes a repository.
1159
1160 * `git_threads_init()` and `git_threads_shutdown()` have been renamed to
1161 `git_libgit2_init()` and `git_libgit2_shutdown()` to better explain what
1162 their purpose is, as it's grown to be more than just about threads.
1163
1164 * `git_libgit2_init()` and `git_libgit2_shutdown()` now return the number of
1165 initializations of the library, so consumers may schedule work on the
1166 first initialization.
1167
1168 * The `git_transport_register()` function no longer takes a priority and takes
1169 a URL scheme name (eg "http") instead of a prefix like "http://"
1170
1171 * `git_index_name_entrycount()` and `git_index_reuc_entrycount()` now
1172 return size_t instead of unsigned int.
1173
1174 * The `context_lines` and `interhunk_lines` fields in `git_diff`_options are
1175 now `uint32_t` instead of `uint16_t`. This allows to set them to `UINT_MAX`,
1176 in effect asking for "infinite" context e.g. to iterate over all the
1177 unmodified lines of a diff.
1178
1179 * `git_status_file()` now takes an exact path. Use `git_status_list_new()` if
1180 pathspec searching is needed.
1181
1182 * `git_note_create()` has changed the position of the notes reference
1183 name to match `git_note_remove()`.
1184
1185 * Rename `git_remote_load()` to `git_remote_lookup()` to bring it in line
1186 with the rest of the lookup functions.
1187
1188 * `git_remote_rename()` now takes the repository and the remote's
1189 current name. Accepting a remote indicates we want to change it,
1190 which we only did partially. It is much clearer if we accept a name
1191 and no loaded objects are changed.
1192
1193 * `git_remote_delete()` now accepts the repository and the remote's name
1194 instead of a loaded remote.
1195
1196 * `git_merge_head` is now `git_annotated_commit`, to better reflect its usage
1197 for multiple functions (including rebase)
1198
1199 * The `git_clone_options` struct no longer provides the `ignore_cert_errors` or
1200 `remote_name` members for remote customization.
1201
1202 Instead, the `git_clone_options` struct has two new members, `remote_cb` and
1203 `remote_cb_payload`, which allow the caller to completely override the remote
1204 creation process. If needed, the caller can use this callback to give their
1205 remote a name other than the default (origin) or disable cert checking.
1206
1207 The `remote_callbacks` member has been preserved for convenience, although it
1208 is not used when a remote creation callback is supplied.
1209
1210 * The `git_clone`_options struct now provides `repository_cb` and
1211 `repository_cb_payload` to allow the user to create a repository with
1212 custom options.
1213
1214 * The `git_push` struct to perform a push has been replaced with
1215 `git_remote_upload()`. The refspecs and options are passed as a
1216 function argument. `git_push_update_tips()` is now also
1217 `git_remote_update_tips()` and the callbacks are in the same struct as
1218 the rest.
1219
1220 * The `git_remote_set_transport()` function now sets a transport factory function,
1221 rather than a pre-existing transport instance.
1222
1223 * The `git_transport` structure definition has moved into the sys/transport.h
1224 file.
1225
1226 * libgit2 no longer automatically sets the OpenSSL locking
1227 functions. This is not something which we can know to do. A
1228 last-resort convenience function is provided in sys/openssl.h,
1229 `git_openssl_set_locking()` which can be used to set the locking.