libgit2 v0.25.1

@carlosmn carlosmn released this Jan 9, 2017

This is a security release fixing two issues. The first one performs extra sanitization for some edge cases in the Git Smart Protocol which can lead to attempting to parse outside of the buffer.

The second fix affects the certificate check callback. It provides a valid parameter to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before this fix leading to a possible MITM.

This does not affect you if you do not use the custom certificate callback or if you do not take this value into account. This does affect you if you use pygit2 or git2go regardless of whether you specify a certificate check callback.

A list of commits since the last release follows

2ac57aa89 https: don't test that RC4 is invalid
3829ba2e7 http: correct the expected error for RC4
a5cf255b4 Bump version to 0.25.1
2fdef641f smart_pkt: treat empty packet lines as error
66e3774d2 smart_pkt: verify packet length exceeds PKT_LEN_SIZE
98d66240e http: perform 'badssl' check also via certificate callback
9a64e62f0 http: check certificate validity before clobbering the error variable

Downloads

libgit2 v0.24.6

@carlosmn carlosmn released this Jan 9, 2017

This is a security release fixing two issues. The first one performs extra sanitization for some edge cases in the Git Smart Protocol which can lead to attempting to parse outside of the buffer.

The second fix affects the certificate check callback. It provides a valid parameter to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before this fix leading to a possible MITM.

This does not affect you if you do not use the custom certificate callback or if you do not take this value into account. This does affect you if you use pygit2 or git2go regardless of whether you specify a certificate check callback.

A list of commits since the last release follows

45a2ee3f4 https: don't test that RC4 is invalid
d3cb8f64c http: correct the expected error for RC4
2b9298bfe Bump version to 0.24.6
84d30d569 smart_pkt: treat empty packet lines as error
4ac39c76c smart_pkt: verify packet length exceeds PKT_LEN_SIZE
ca5319566 http: perform 'badssl' check also via certificate callback
b5c6a1b40 http: check certificate validity before clobbering the error variable

Downloads

libgit2 v0.25.0 RC2

@carlosmn carlosmn released this Dec 20, 2016 · 186 commits to master since this release

This is the second release candidate for libgit2 v0.25.0.

This release contains a few fixes for issues that were discovered after the last release candidate or where deemed important and non-intrusive enough for a release candidate.

There have been no changes to the release notes/changelog from the last release candidate.

Downloads

libgit2 v0.25.0

@carlosmn carlosmn released this Dec 20, 2016 · 186 commits to master since this release

This is the first release of the v0.25 series, "Rutschgefahr". The changelog follows.

Changes or improvements

  • Fix repository discovery with git_repository_discover and
    git_repository_open_ext to match git's handling of a ceiling
    directory at the current directory. git only checks ceiling
    directories when its search ascends to a parent directory. A ceiling
    directory matching the starting directory will not prevent git from
    finding a repository in the starting directory or a parent directory.
  • Do not fail when deleting remotes in the presence of broken
    global configs which contain branches.
  • Support for reading and writing git index v4 files
  • Improve the performance of the revwalk and bring us closer to git's code.
  • The reference db has improved support for concurrency and returns GIT_ELOCKED
    when an operation could not be performed due to locking.
  • Nanosecond resolution is now activated by default, following git's change to
    do this.
  • We now restrict the set of ciphers we let OpenSSL use by default.
  • Users can now register their own merge drivers for use with .gitattributes.
    The library also gained built-in support for the union merge driver.
  • The default for creating references is now to validate that the object does
    exist.
  • Add git_proxy_options which is used by the different networking
    implementations to let the caller specify the proxy settings instead of
    relying on the environment variables.

API additions

  • You can now get the user-agent used by libgit2 using the
    GIT_OPT_GET_USER_AGENT option with git_libgit2_opts().
    It is the counterpart to GIT_OPT_SET_USER_AGENT.
  • The GIT_OPT_SET_SSL_CIPHERS option for git_libgit2_opts() lets you specify
    a custom list of ciphers to use for OpenSSL.
  • git_commit_create_buffer() creates a commit and writes it into a
    user-provided buffer instead of writing it into the object db. Combine it with
    git_commit_create_with_signature() in order to create a commit with a
    cryptographic signature.
  • git_blob_create_fromstream() and
    git_blob_create_fromstream_commit() allow you to create a blob by
    writing into a stream. Useful when you do not know the final size or
    want to copy the contents from another stream.
  • New flags for git_repository_open_ext:
    • GIT_REPOSITORY_OPEN_NO_DOTGIT - Do not check for a repository by
      appending /.git to the start_path; only open the repository if
      start_path itself points to the git directory.
    • GIT_REPOSITORY_OPEN_FROM_ENV - Find and open a git repository,
      respecting the environment variables used by the git command-line
      tools. If set, git_repository_open_ext will ignore the other
      flags and the ceiling_dirs argument, and will allow a NULL
      path to use GIT_DIR or search from the current directory. The
      search for a repository will respect $GIT_CEILING_DIRECTORIES
      and $GIT_DISCOVERY_ACROSS_FILESYSTEM. The opened repository
      will respect $GIT_INDEX_FILE, $GIT_NAMESPACE,
      $GIT_OBJECT_DIRECTORY, and $GIT_ALTERNATE_OBJECT_DIRECTORIES.
      In the future, this flag will also cause git_repository_open_ext
      to respect $GIT_WORK_TREE and $GIT_COMMON_DIR; currently,
      git_repository_open_ext with this flag will error out if either
      $GIT_WORK_TREE or $GIT_COMMON_DIR is set.
  • git_diff_from_buffer() can create a git_diff object from the contents
    of a git-style patch file.
  • git_index_version() and git_index_set_version() to get and set
    the index version
  • git_odb_expand_ids() lets you check for the existence of multiple
    objects at once.
  • The new git_blob_dup(), git_commit_dup(), git_tag_dup() and
    git_tree_dup() functions provide type-specific wrappers for
    git_object_dup() to reduce noise and increase type safety for callers.
  • git_reference_dup() lets you duplicate a reference to aid in ownership
    management and cleanup.
  • git_signature_from_buffer() lets you create a signature from a string in the
    format that appear in objects.
  • git_tree_create_updated() lets you create a tree based on another one
    together with a list of updates. For the covered update cases, it's more
    efficient than the git_index route.
  • git_apply_patch() applies hunks from a git_patch to a buffer.
  • git_diff_to_buf() lets you print an entire diff directory to a buffer,
    similar to how git_patch_to_buf() works.
  • git_proxy_init_options() is added to initialize a git_proxy_options
    structure at run-time.
  • git_merge_driver_register(), git_merge_driver_unregister() let you
    register and unregister a custom merge driver to be used when .gitattributes
    specifies it.
  • git_merge_driver_lookup() can be used to look up a merge driver by name.
  • git_merge_driver_source_repo(), git_merge_driver_source_ancestor(),
    git_merge_driver_source_ours(), git_merge_driver_source_theirs(),
    git_merge_driver_source_file_options() added as accessors to
    git_merge_driver_source.

API removals

  • git_blob_create_fromchunks() has been removed in favour of
    git_blob_create_fromstream().

Breaking API changes

  • git_packbuilder_object_count and git_packbuilder_written now
    return a size_t instead of a uint32_t for more thorough
    compatibility with the rest of the library.
  • git_packbuiler_progress now provides explicitly sized uint32_t
    values instead of unsigned int.
  • git_diff_file now includes an id_abbrev field that reflects the
    number of nibbles set in the id field.
  • git_odb_backend now has a freshen function pointer. This optional
    function pointer is similar to the exists function, but it will update
    a last-used marker. For filesystem-based object databases, this updates
    the timestamp of the file containing the object, to indicate "freshness".
    If this is NULL, then it will not be called and the exists function
    will be used instead.
  • git_remote_connect() now accepts proxy options.

Downloads

libgit2 v0.24.5 Maintenance Release

@carlosmn carlosmn released this Dec 17, 2016 · 845 commits to master since this release

This release adds support for building against OpenSSL 1.1 releases which introduced API changes. All users are encouraged to upgrade. This release replaces the mis-tagged v0.24.4.

65d24fd7d Add support for OpenSSL 1.1.0 for BIO filter

Downloads

  • Dec 16, 2016

    v0.24.4

    Merge pull request #4029 from libgit2/cmn/windows-no-concurrent-compress
    refdb: disable concurrent compress in the threading tests on Windows

libgit2 v0.25.0 RC1

@carlosmn carlosmn released this Nov 15, 2016 · 236 commits to master since this release

This is the first release candidate for libgit2 v0.25.0.

The changelog with notable changes since v0.24 follows.

Changes or improvements

  • Fix repository discovery with git_repository_discover and
    git_repository_open_ext to match git's handling of a ceiling
    directory at the current directory. git only checks ceiling
    directories when its search ascends to a parent directory. A ceiling
    directory matching the starting directory will not prevent git from
    finding a repository in the starting directory or a parent directory.
  • Do not fail when deleting remotes in the presence of broken
    global configs which contain branches.
  • Support for reading and writing git index v4 files
  • Improve the performance of the revwalk and bring us closer to git's code.
  • The reference db has improved support for concurrency and returns GIT_ELOCKED
    when an operation could not be performed due to locking.
  • Nanosecond resolution is now activated by default, following git's change to
    do this.
  • We now restrict the set of ciphers we let OpenSSL use by default.
  • Users can now register their own merge drivers for use with .gitattributes.
    The library also gained built-in support for the union merge driver.
  • The default for creating references is now to validate that the object does
    exist.
  • Add git_proxy_options which is used by the different networking
    implementations to let the caller specify the proxy settings instead of
    relying on the environment variables.

API additions

  • You can now get the user-agent used by libgit2 using the
    GIT_OPT_GET_USER_AGENT option with git_libgit2_opts().
    It is the counterpart to GIT_OPT_SET_USER_AGENT.
  • The GIT_OPT_SET_SSL_CIPHERS option for git_libgit2_opts() lets you specify
    a custom list of ciphers to use for OpenSSL.
  • git_commit_create_buffer() creates a commit and writes it into a
    user-provided buffer instead of writing it into the object db. Combine it with
    git_commit_create_with_signature() in order to create a commit with a
    cryptographic signature.
  • git_blob_create_fromstream() and
    git_blob_create_fromstream_commit() allow you to create a blob by
    writing into a stream. Useful when you do not know the final size or
    want to copy the contents from another stream.
  • New flags for git_repository_open_ext:
    • GIT_REPOSITORY_OPEN_NO_DOTGIT - Do not check for a repository by
      appending /.git to the start_path; only open the repository if
      start_path itself points to the git directory.
    • GIT_REPOSITORY_OPEN_FROM_ENV - Find and open a git repository,
      respecting the environment variables used by the git command-line
      tools. If set, git_repository_open_ext will ignore the other
      flags and the ceiling_dirs argument, and will allow a NULL
      path to use GIT_DIR or search from the current directory. The
      search for a repository will respect $GIT_CEILING_DIRECTORIES
      and $GIT_DISCOVERY_ACROSS_FILESYSTEM. The opened repository
      will respect $GIT_INDEX_FILE, $GIT_NAMESPACE,
      $GIT_OBJECT_DIRECTORY, and $GIT_ALTERNATE_OBJECT_DIRECTORIES.
      In the future, this flag will also cause git_repository_open_ext
      to respect $GIT_WORK_TREE and $GIT_COMMON_DIR; currently,
      git_repository_open_ext with this flag will error out if either
      $GIT_WORK_TREE or $GIT_COMMON_DIR is set.
  • git_diff_from_buffer() can create a git_diff object from the contents
    of a git-style patch file.
  • git_index_version() and git_index_set_version() to get and set
    the index version
  • git_odb_expand_ids() lets you check for the existence of multiple
    objects at once.
  • The new git_blob_dup(), git_commit_dup(), git_tag_dup() and
    git_tree_dup() functions provide type-specific wrappers for
    git_object_dup() to reduce noise and increase type safety for callers.
  • git_reference_dup() lets you duplicate a reference to aid in ownership
    management and cleanup.
  • git_signature_from_buffer() lets you create a signature from a string in the
    format that appear in objects.
  • git_tree_create_updated() lets you create a tree based on another one
    together with a list of updates. For the covered update cases, it's more
    efficient than the git_index route.
  • git_apply_patch() applies hunks from a git_patch to a buffer.
  • git_diff_to_buf() lets you print an entire diff directory to a buffer,
    similar to how git_patch_to_buf() works.
  • git_proxy_init_options() is added to initialize a git_proxy_options
    structure at run-time.
  • git_merge_driver_register(), git_merge_driver_unregister() let you
    register and unregister a custom merge driver to be used when .gitattributes
    specifies it.
  • git_merge_driver_lookup() can be used to look up a merge driver by name.
  • git_merge_driver_source_repo(), git_merge_driver_source_ancestor(),
    git_merge_driver_source_ours(), git_merge_driver_source_theirs(),
    git_merge_driver_source_file_options() added as accessors to
    git_merge_driver_source.

API removals

  • git_blob_create_fromchunks() has been removed in favour of
    git_blob_create_fromstream().

Breaking API changes

  • git_packbuilder_object_count and git_packbuilder_written now
    return a size_t instead of a uint32_t for more thorough
    compatibility with the rest of the library.
  • git_packbuiler_progress now provides explicitly sized uint32_t
    values instead of unsigned int.
  • git_diff_file now includes an id_abbrev field that reflects the
    number of nibbles set in the id field.
  • git_odb_backend now has a freshen function pointer. This optional
    function pointer is similar to the exists function, but it will update
    a last-used marker. For filesystem-based object databases, this updates
    the timestamp of the file containing the object, to indicate "freshness".
    If this is NULL, then it will not be called and the exists function
    will be used instead.
  • git_remote_connect() now accepts proxy options.

Downloads

libgit2 v0.24.3 Maintenance Release

@carlosmn carlosmn released this Nov 3, 2016 · 14 commits to maint/v0.24 since this release

The following security fixes have been backported to this maintenance release, which fix CVE-2016-8568 and CVE-2016-8569. All users of the library are encouraged to update.

821042b commit: always initialize commit message
dfc2c71 tree: validate filename and OID length when parsing object

Downloads

libgit2 v0.24.2 Maintenance Release

@carlosmn carlosmn released this Oct 2, 2016 · 19 commits to maint/v0.24 since this release

The following fixes have been backported to this maintenance release. All users of the library are encouraged to update.

adfece0 array: fix search for empty arrays
5a9d850 odb: only provide the empty tree
ed5299a odb: actually insert the empty blob in tests
886bd6a mwindow: init mwindow files in git_libgit2_init
edf420f cmake: add curl library path
e499b13 git_checkout_tree options fix
12b73ff transports: http: reset `connected` flag when re-connecting transport
0dea429 ignore: allow unignoring basenames in subdirectories
8f342c6 stransport: do not use `git_stream_free` on uninitialized stransport
9aee7bc stransport: make internal functions static
b64722f SecureTransport: handle NULL trust on success
1fafead sysdir: use the standard `init` pattern
85adddd refspec: do not set empty rhs for fetch refspecs
d711165 repository: don't cast to `int` for no reason
9894c7d remote: Handle missing config values when deleting a remote
49188d2 blame: do not decrement commit refcount in make_origin
1edbfa1 Fixed bug while parsing INT64_MIN
a200dc9 Fix repository discovery with ceiling_dirs at current directory
c7a0336 cmake: do not use -fPIC for MSYS2
cc43d18 README: update "Getting Help" section
ce124fc README: improve contributing paragraph
90ec160 README: disambiguate what to distribute source of
bb582f0 threads: add platform-independent thread initialization function
5d03db8 win32: rename pthread.{c,h} to thread.{c,h}
961bdbd threads: remove now-useless typedefs
2aa5c6f threads: remove unused function pthread_num_processors_np
68343f2 threads: split up OS-dependent rwlock code
fabd477 threads: split up OS-dependent thread-condition code
1b82531 threads: remove unused function pthread_cond_broadcast
40b243b threads: split up OS-dependent mutex code
fc2b97d threads: split up OS-dependent thread code
286e7db fix error message SHA truncation in git_odb__error_notfound()
4c06f3e HTTP authentication scheme name is case insensitive.
ac44d35 checkout: use empty baseline when no index
a574d84 documentation: improve docs for `checkout_head`
27008e8 fetch: Fixed spurious update callback for existing tags.
d1fb89d global: clean up crt only after freeing tls data
6e0d473 tests: fix memory leaks in checkout::typechange
246d25b index: fix NULL pointer access in index_remove_entry
1a70960 transports: smart: fix potential invalid memory dereferences
11408f0 index_read_index: invalidate new paths in tree cache
8be4968 test: ensure we can round-trip a written tree
80745b1 index_read_index: set flags for path_len correctly
e755f79 index_read_index: differentiate on mode
e6a0a85 index_read_index: reset error correctly
6c133a7 round-trip trees through index_read_index
feea284 win32: clean up unused warnings in DllMain
efadf28 filebuf: fix uninitialized warning
bcef008 cleanup: unused warning
68227c4 Update CMakeLists.txt
85ef6ec Ignore submodules when checking for merge conflicts in the workdir.
70681ff checkout: handle dirty submodules correctly
26917fd test: Fix stat() test to mask out unwanted bits
488937c CMakeLists: Add libnetwork for Haiku
78b5702 Fix comment for GIT_FILEMODE_LINK
849a1a4 Fix unused variable 'message' warning
cf0396a delta-apply: fix sign extension
1fb8a95 odb_loose: fix undefined behavior when computing size
f627e19 checkout: set ignorecase=0 when config lookup fails
66633e8 odb: avoid inflating the full delta to read the header
fc2ef51 index: fix memory leak on error case
1aacaa3 cmake: include threading libraries in pkg-config
b726c53 Fix return value of openssl_read (infinite loop)
16541b8 tag: ignore extra header fields

Downloads

libgit2 v0.24.1 Maintenance Release

@ethomson ethomson released this Apr 11, 2016 · 88 commits to maint/v0.24 since this release

The following fixes have been backported to this maintenance release. All users of the library are encouraged to update.

2f2575c Updating http parser to accept a `+` in the schema
ff8e3f0 Handle git+ssh:// and ssh+git:// protocols support
fa8b1a8 Adding spec coverage for ssh+git and git+ssh protocols
429155d Updating change to http_parser to reflect PR for nodejs/http-parser
e44f658 Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead
b8dc15f Adding test cases that actually test the functionality of the new transport
4a93a7f Tabs
8ec3d88 Avoid subtraction overflow in git_indexer_commit
e3862c9 Buffer sideband packet data
cdded63 Remove duplicated calls to git_mwindow_close
eb09ead odb: improved not found error messages
9ee498e Only buffer if necessary.
4ebf745 mwindow: free unused windows if we fail to mmap
ffb1f41 describe: handle error code returned by git_pqueue_insert
e39ad74 config_file: handle missing quotation marks in section header
0370dae Check for __CLANG_INTTYPES_H
faf823d tests: transport: fix memory leaks with registering transports
fa4b93a backport git_oid__cpy_prefix
d0780b8 object: avoid call of memset with ouf of bounds pointer
e114bba index: assert required OID are non-NULL
1a16e8b pack-objects: fix memory leak on overflow
d96c063 submodule: avoid passing NULL pointers to strncmp
851c51a diff_tform: fix potential NULL pointer access
0b357e2 coverity: report errors when uploading tarball
8d3ee96 refdb_fs: fail if refcache returns NULL pointer
dd78d7d blame_git: handle error returned by `git_commit_parent`
f17ed63 blame: handle error when resoling HEAD in normalize_options
18c4ae7 filebuf: handle write error in `lock_file`
89e7604 config_cache: check return value of `git_config__lookup_entry`
c1ec732 Setup better defaults for OpenSSL ciphers
4e91020 Start error string with lower case character
cdde081 Use general cl_git_fail because the error is generic
f587f38 CMake: do not overwrite but only append to CMAKE_C_FLAGS_DEBUG
9a668ab Option "LIBGIT2_PREFIX" to set the CMAKE's TARGET_PROPERTIES PREFIX
d8fcafb Split the page size from the mmap alignment
e97d2d7 commit: fix extraction of single-line signatures
a1cf264 win32: free thread-local data on thread exit
c86a65b config: don't special-case multivars that don't exist yet
3ec0f2e xdiff/xprepare: use the XDF_DIFF_ALG() macro to access flag bits
56da07c xdiff/xprepare: fix a memory leak
fe1f477 Add a no-op size_t typedef for the doc parser
ab062a3 tests: fix core/stream test when built with openssl off
3e2e824 refs: provide a more general error message for dwim
ba52879 reset: use real ids for the tests
b6130fe refs::create: strict object creation on by default
e8d5df9 config: show we write a spurious duplicated section header
a13c1ec config: don't write section header if we're in it
21d8832 config::write::repeated: init our buffer
1778908 ignore: don't use realpath to canonicalize path
26f2cef tree: re-use the id and filename in the odb object
13ebf7b tree: store the entries in a growable array
af753ab tree: drop the now-unnecessary entries vector
1d59c85 status: update test to include valid OID
5cc7a5c tests: skip the unreadable file tests as root
2c1bc36 Plug a few leaks
6a35e74 leaks: fix some leaks in the tests
ccfacb8 leaks: call `xdl_free_classifier`
8edadbf index::racy: force racy entry

Downloads