This is the first release of the v0.28 series, "Kummerspeck". The changelog follows.
Changes or improvements
-
The library is now always built with cdecl calling conventions on
Windows; the ability to build a stdcall library has been removed. -
Reference log creation now honors
core.logallrefupdates=always
. -
Fix some issues with the error-reporting in the OpenSSL backend.
-
HTTP proxy support is now builtin; libcurl is no longer used to support
proxies and is removed as a dependency. -
Certificate and credential callbacks can now return
GIT_PASSTHROUGH
to decline to act; libgit2 will behave as if there was no callback set
in the first place. -
The line-ending filtering logic - when checking out files - has been
updated to match newer git (>= git 2.9) for proper interoperability. -
Symbolic links are now supported on Windows when
core.symlinks
is set
totrue
. -
Submodules with names which attempt to perform path traversal now have their
configuration ignored. Such names were blindly appended to the
$GIT_DIR/modules
and a malicious name could lead to an attacker writing to
an arbitrary location. This matches git's handling of CVE-2018-11235. -
Object validation is now performed during tree creation in the
git_index_write_tree_to
API. -
Configuration variable may now be specified on the same line as a section
header; previously this was erroneously a parser error. -
When an HTTP server supports both NTLM and Negotiate authentication
mechanisms, we would previously fail to authenticate with any mechanism. -
The
GIT_OPT_SET_PACK_MAX_OBJECTS
option can now set the maximum
number of objects allowed in a packfile being downloaded; this can help
limit the maximum memory used when fetching from an untrusted remote. -
Line numbers in diffs loaded from patch files were not being populated;
they are now included in the results. -
The repository's index is reloaded from disk at the beginning of
git_merge
operations to ensure that it is up-to-date. -
Mailmap handling APIs have been introduced, and the new commit APIs
git_commit_committer_with_mailmap
andgit_commit_author_with_mailmap
will use the mailmap to resolve the committer and author information.
In addition, blame will use the mailmap given when the
GIT_BLAME_USE_MAILMAP
option. -
Ignore handling for files in ignored folders would be ignored.
-
Worktrees can now be backed by bare repositories.
-
Trailing spaces are supported in
.gitignore
files, these spaces were
previously (and erroneously) treated as part of the pattern. -
The library can now be built with mbedTLS support for HTTPS.
-
The diff status character 'T' will now be presented by the
git_diff_status_char
API for diff entries that change type. -
Revision walks previously would sometimes include commits that should
have been ignored; this is corrected. -
Revision walks are now more efficient when the output is unsorted;
we now avoid walking all the way to the beginning of history unnecessarily. -
Error-handling around index extension loading has been fixed. We were
previously always misreporting a truncated index (#4858).
API additions
-
The index may now be iterated atomically using
git_index_iterator
. -
Remote objects can now be created with extended options using the
git_remote_create_with_opts
API. -
Diff objects can now be applied as changes to the working directory,
index or both, emulating thegit apply
command. Additionally,
git_apply_to_tree
can apply those changes to a tree object as a
fully in-memory operation. -
You can now swap out memory allocators via the
GIT_OPT_SET_ALLOCATOR
option withgit_libgit2_opts()
. -
You can now ensure that functions do not discard unwritten changes to the
index via theGIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY
option to
git_libgit2_opts()
. This will cause functions that implicitly re-read
the index (eg,git_checkout
) to fail if you have staged changes to the
index but you have not written the index to disk. (Unless the checkout
has the FORCE flag specified.)At present, this defaults to off, but we intend to enable this more
broadly in the future, as a warning or error. We encourage you to
examine your code to ensure that you are not relying on the current
behavior that implicitly removes staged changes. -
Reference specifications can be parsed from an arbitrary string with
thegit_refspec_parse
API. -
You can now get the name and path of worktrees using the
git_worktree_name
andgit_worktree_path
APIs, respectively. -
The
ref
field has been added togit_worktree_add_options
to enable
the creation of a worktree from a pre-existing branch. -
It's now possible to analyze merge relationships between any two
references, not just againstHEAD
, usinggit_merge_analysis_for_ref
.
API removals
-
The
git_buf_free
API is deprecated; it has been renamed to
git_buf_dispose
for consistency. Thegit_buf_free
API will be
retained for backward compatibility for the foreseeable future. -
The
git_otype
enumeration and its members are deprecated and have
been renamed for consistency. TheGIT_OBJ_
enumeration values are
now prefixed withGIT_OBJECT_
. The old enumerations and macros
will be retained for backward compatibility for the foreseeable future. -
Several index-related APIs have been renamed for consistency. The
GIT_IDXENTRY_
enumeration values and macros have been renamed to
be prefixed withGIT_INDEX_ENTRY_
. TheGIT_INDEXCAP
enumeration
values are now prefixed withGIT_INDEX_CAPABILITY_
. The old
enumerations and macros will be retained for backward compatibility
for the foreseeable future. -
The error functions and enumeration values have been renamed for
consistency. Thegiterr_
functions and values prefix have been
renamed to be prefixed withgit_error_
; similarly, theGITERR_
constants have been renamed to be prefixed withGIT_ERROR_
.
The old enumerations and macros will be retained for backward
compatibility for the foreseeable future.
Breaking API changes
-
The default checkout strategy changed from
DRY_RUN
toSAFE
(#4531). -
Adding a symlink as .gitmodules into the index from the workdir or checking
out such files is not allowed as this can make a Git implementation write
outside of the repository and bypass the fsck checks for CVE-2018-11235.