libgit2 v1.4.0

This is release v1.4.0, "Fisematenten". This release includes several new features and bugfixes, improves compatibility with git, and begins preparation for SHA256 support in a future release.

What's Changed

New features

• diff: update rename limit to 1000 to match git's behavior by @ethomson in #6092
• odb: support checking for object existence without refresh by @joshtriplett in #6107
• object: provide a low-level mechanism to validate whether a raw object is valid (git_object_rawcontent_is_valid) by @ethomson in #6128
• blob: provide a function to identify binary content by @ethomson in #6142
• status: add rename_threshold to git_status_options. by @arroz in #6158
• remote: support http.followRedirects (false and initial) and follow initial redirects by default by @ethomson in #6175
• remote: support scp style paths with ports ([git@github.com:22]:libgit2/libgit2) by @ethomson in #6167
• win32: update git for windows configuration file location compatibility by @csware in #6151 and @ethomson in #6180
• refs: speed up packed reference lookups when packed refs are sorted by @ccstolley in #6138
• merge: support zdiff3 conflict styles by @ethomson in #6195
• remote: support fetching by object id (using "+oid:ref" refspec syntax) by @ethomson in #6203
• merge: callers can specify virtual-base building behavior and to optionally accept conflict markers as a resolution by @boretrk in #6204

Deprecated APIs

• git_index_checksum is deprecated; this information is now internal to the library and there is no replacement
• git_indexer_hash is deprecated; callers should use git_indexer_name to retrieve the filename
• git_packbuilder_hash is deprecated; callers should use git_packbuilder_name to retrieve the filename

ABI changes

• git_fetch_options now includes the follow_redirects value
• git_push_options now includes the follow_redirects value
• git_status_options now includes the rename_threshold value
• git_transport contains several changed function pointer signatures

Bug fixes

• Fix a gcc 11 warning in src/threadstate.c by @lhchavez in #6115
• Fix a gcc 11 warning in src/thread.h by @lhchavez in #6116
• cmake: re-enable WinHTTP by @ethomson in #6120
• Fix repo init when template dir is non-existent by @ammgws in #6106
• cmake: use project-specific root variable instead of CMAKE_SOURCE_DIR by @Qix- in #6146
• Better revparse compatibility for at time notation by @yoichi in #6095
• remotes: fix insteadOf/pushInsteadOf handling by @mkhl in #6101
• git_commit_summary: ignore lines with spaces by @stforek in #6125
• Config parsing by @csware in #6124
• config: handle empty conditional in includeIf by @ethomson in #6165
• #6154 git_status_list_new case insensitive fix by @arroz in #6159
• futils_mktmp: don't use umask by @boretrk in #6178
• revparse: support bare '@' by @ethomson in #6196
• odb: check for write failures by @ethomson in #6206
• push: Prepare pack before sending pack header. by @ccstolley in #6205
• mktmp: improve our temp file creation by @ethomson in #6207
• diff_file: fix crash if size of diffed file changes in workdir by @jorio in #6208
• merge: comment conflicts lines in MERGE_MSG by @ethomson in #6197
• Fix crashes in example programs on Windows (sprintf_s not compatible with snprintf) by @apnadkarni in #6212

Code cleanups

• Introduce git_remote_connect_options by @ethomson in #6161
• hash: separate hashes and git_oid by @ethomson in #6082
• git_buf: now a public-only API (git_str is our internal API) by @ethomson in #6078
• cmake: cleanups and consistency by @ethomson in #6084
• path: refactor utility path functions by @ethomson in #6104
• str: git_str_free is never a function by @ethomson in #6111
• cmake refactorings by @ethomson in #6112
• Add missing-declarations warning globally by @ethomson in #6113
• cmake: further refactorings by @ethomson in #6114
• tag: set validity to 0 by default by @ethomson in #6119
• util: minor cleanup and refactoring to the date class by @ethomson in #6121
• Minor code cleanups by @ethomson in #6122
• Fix a long long that crept past by @NattyNarwhal in #6094
• remote: refactor insteadof application by @ethomson in #6147
• ntmlclient: fix linking with libressl by @boretrk in #6157
• c99: change single bit flags to unsigned by @boretrk in #6179
• Fix typos by @rex4539 in #6164
• diff_driver: split global_drivers array into separate elements by @boretrk in #6184
• cmake: disable some gnu extensions by @boretrk in #6185
• Disabling setting CMAKE_FIND_LIBRARY_SUFFIXES on Apple platforms. by @arroz in #6153
• C90: add inline macro to xdiff and mbedtls by @boretrk in #6200
• SHA256: early preparation by @ethomson in #6192

CI improvements

• tests: rename test runner to libgit2_tests, build option to BUILD_TESTS. by @ethomson in #6083
• ci: only update docs on push by @ethomson in #6108
• Pedantic header test by @boretrk in #6086
• ci: build with ssh on nightly by @ethomson in #6148
• ci: improve the name in CI runs by @ethomson in #6198

Documentation improvements

• Document that git_odb is thread-safe by @joshtriplett in #6109
• Improve documentation by @punkymaniac in #6168

Other changes

• libgit2_clar is now libgit2_tests by @mkhl in #6100
• Remove PSGit from Language Bindings section of README by @cestrand in #6150
• COPYING: remove regex copyright, add PCRE copyright by @ethomson in #6187
• meta: add a release configuration file by @ethomson in #6211

New Contributors

• @mkhl made their first contribution in #6100
• @ammgws made their first contribution in #6106
• @yoichi made their first contribution in #6095
• @stforek made their first contribution in #6125
• @cestrand made their first contribution in #6150
• @rex4539 made their first contribution in #6164
• @jorio made their first contribution in #6208

Full Changelog: v1.3.0...v1.4.0

libgit2 v1.3.0

This is release v1.3.0, "Zugunruhe". This release includes several bugfixes, but only minor new features that will be helpful for users to have an orderly transition to the v2.0 lineage.

New Features

• Support custom git extensions by @ethomson in #6031
• Introduce git_email_create; deprecate git_diff_format_email by @ethomson in #6061

Deprecated APIs

• git_oidarray_free is deprecated; callers should use git_oidarray_dispose

Bug fixes

• #6028: Check if threadstate->error_t.message is not git_buf__initbuf before freeing. by @arroz in #6029
• remote: Mark git_remote_name_is_valid as GIT_EXTERN by @lhchavez in #6032
• Fix config parsing for multiline with multiple quoted comment chars by @basile-henry in #6043
• indexer: Avoid one mmap(2)/munmap(2) pair per git_indexer_append call by @lhchavez in #6039
• merge: Check file mode when resolving renames by @ccstolley in #6060
• Allow proxy options when connecting with a detached remote. by @lrm29 in #6058
• win32: allow empty environment variables by @ethomson in #6063
• Fixes for deprecated APIs by @ethomson in #6066
• filter: use a git_oid in filter options, not a pointer by @ethomson in #6067
• diff: update GIT_DIFF_IGNORE_BLANK_LINES by @ethomson in #6068
• Attribute lookups are always on relative paths by @ethomson in #6073
• Handle long paths when querying attributes by @ethomson in #6075

Code cleanups

• notes: use a buffer internally by @ethomson in #6047
• Fix coding style for pointer by @punkymaniac in #6045
• Use typeof GNUC keyword for ISO C compatibility by @duncanthomson in #6041
• Discover libssh2 without pkg-config by @stac47 in #6053
• Longpath filter bug by @lrm29 in #6055
• Add test to ensure empty proxy env behaves like unset env by @sathieu in #6052
• Stdint header condition has been reverted. by @lolgear in #6020
• buf: common_prefix takes a string array by @ethomson in #6077
• oidarray: introduce git_oidarray_dispose by @ethomson in #6076
• examples: Free the git_config and git_config_entry after use by @257 in #6071

CI Improvements

• ci: pull libssh2 from www.libssh2.org by @ethomson in #6064

Documentation changes

• Update README.md by @shijinglu in #6050

New Contributors

• @basile-henry made their first contribution in #6043
• @duncanthomson made their first contribution in #6041
• @stac47 made their first contribution in #6053
• @shijinglu made their first contribution in #6050
• @ccstolley made their first contribution in #6060
• @sathieu made their first contribution in #6052
• @257 made their first contribution in #6071

Full Changelog: v1.2.0...v1.3.0

libgit2 v1.2.0

This is release v1.2.0, "Absacker". This release includes many new features: in particular, support for commit graphs, multi-pack indexes, and core.longpaths support.

This is meant to be the final minor release in the v1 lineage. v2.0 will be the next major release and will remove deprecated APIs and may include breaking changes.

New features

• winhttp: support optional client cert by @ianhattendorf in #5384
• Add support for additional SSH hostkey types. by @arroz in #5750
• Handle ipv6 addresses by @ethomson in #5741
• zlib: Add support for building with Chromium's zlib implementation by @lhchavez in #5748
• commit-graph: Introduce a parser for commit-graph files by @lhchavez in #5762
• patch: add owner accessor by @KOLANICH in #5731
• commit-graph: Support lookups of entries in a commit-graph by @lhchavez in #5763
• commit-graph: Introduce git_commit_graph_needs_refresh() by @lhchavez in #5764
• Working directory path validation by @ethomson in #5823
• Support core.longpaths on Windows by @ethomson in #5857
• git_reference_create_matching: Treat all-zero OID as "must be absent" by @novalis in #5842
• diff:add option to ignore blank line changes by @yuuri in #5853
• [Submodule] Git submodule dup by @lolgear in #5890
• commit-graph: Use the commit-graph in revwalks by @lhchavez in #5765
• commit-graph: Introduce git_commit_list_generation_cmp by @lhchavez in #5766
• graph: Create git_graph_reachable_from_any() by @lhchavez in #5767
• Support reading attributes from a specific commit by @ethomson in #5952
• [Branch] Branch upstream with format by @lolgear in #5861
• Dynamically load OpenSSL (optionally) by @ethomson in #5974
• Set refs/remotes/origin/HEAD to default branch when branch is specified by @A-Ovchinnikov-mx in #6010
• midx: Add a way to write multi-pack-index files by @lhchavez in #5404
• Use error code GIT_EAUTH for authentication failures by @josharian in #5395
• midx: Introduce git_odb_write_multi_pack_index() by @lhchavez in #5405
• Checkout dry-run by @J0Nes90 in #5841
• mbedTLS: Fix setting certificate directory by @mikezackles in #6004
• remote: introduce remote_ready_cb, deprecate resolve_url callback by @ethomson in #6012
• Introduce create_commit_cb, deprecate signing_cb by @ethomson in #6016
• commit-graph: Add a way to write commit-graph files by @lhchavez in #5778
• Add NO_PROXY env support by @sathieu in #5796
• Update proxy configuration by @ethomson in #6026

Bug fixes

• Define git___load when building with -DTHREADSAFE=OFF by @lhchavez in #5664
• Make the Windows leak detection more robust by @lhchavez in #5661
• Refactor "global" state by @ethomson in #5546
• threadstate: rename tlsdata when building w/o threads by @ethomson in #5668
• Include ${MBEDTLS_INCLUDE_DIR} when compiling crypt_mbedtls.c by @staticfloat in #5685
• Fix the -DTHREADSAFE=OFF build by @lhchavez in #5690
• Add missing worktree_dir check and test case by @rbmclean in #5692
• msvc crtdbg -> win32 leakcheck by @ethomson in #5580
• Introduce GIT_ASSERT macros by @ethomson in #5327
• Also add the raw hostkey to git_cert_hostkey by @lhchavez in #5704
• Make the odb race-free by @lhchavez in #5595
• Make the pack and mwindow implementations data-race-free by @lhchavez in #5593
• Thread-free implementation by @ethomson in #5719
• Thread-local storage: a generic internal library (with no allocations) by @ethomson in #5720
• Friendlier getting started in the lack of git_libgit2_init by @ethomson in #5578
• Make git__strntol64() ~70%* faster by @lhchavez in #5735
• Cache the parsed submodule config when diffing by @lhchavez in #5727
• pack: continue zlib while we can make progress by @ethomson in #5740
• Avoid using __builtin_mul_overflow with the clang+32-bit combo by @lhchavez in #5742
• repository: use intptr_t's in the config map cache by @ethomson in #5746
• Build with NO_MMAP by @0xdky in #5583
• Add documentation for git_blob_filter_options.version by @JoshuaS3 in #5759
• blob: fix name of GIT_BLOB_FILTER_ATTRIBUTES_FROM_HEAD by @ethomson in #5760
• Cope with empty default branch by @ethomson in #5770
• README: instructions for using libgit2 without compiling by @ethomson in #5772
• Use p_pwrite/p_pread consistently throughout the codebase by @lhchavez in #5769
• midx: Fix a bug in git_midx_needs_refresh() by @lhchavez in #5768
• mwindow: Fix a bug in the LRU window finding code by @lhchavez in #5783
• refdb_fs: Check git_sortedcache wlock/rlock errors by @mamapanda in #5800
• index: Check git_vector_dup error in write_entries by @mamapanda in #5801
• Fix documentation formating on repository.h by @punkymaniac in #5806
• include: fix typos in comments by @tniessen in #5805
• Fix some typos by @aaronfranke in #5797
• Check git_signature_dup failure by @mamapanda in #5817
• merge: Check insert_head_ids error in create_virtual_base by @mamapanda in #5818
• winhttp: skip certificate check if unable to send request by @ianhattendorf in #5814
• Default to GIT_BRANCH_DEFAULT if init.defaultBranch is empty string by @ianhattendorf in #5832
• Fix diff_entrycount -> diff_num_deltas doc typo by @mjsir911 in #5838
• repo: specify init.defaultbranch is meant to be a branch name by @carlosmn in #5835
• repo: remove an inappropriate use of PASSTHROUGH by @carlosmn in #5834
• src: fix typos in header files by @tniessen in #5843
• test: clean up memory leaks by @ethomson in #5858
• buf: remove unnecessary buf_text namespace by @ethomson in #5860
• Fix bug in git_diff_find_similar. by @staktrace in #5839
• Fix issues with Proxy Authentication after httpclient refactor by @implausible in #5852
• tests: clean up memory leak, fail on leak for win32 by @ethomson in #5892
• Tolerate readlink size less than st_size by @dtolnay in #5900
• Define WINHTTP_NO_CLIENT_CERT_CONTEXT if needed by @jacquesg in #5929
• Update from regex to pcre licensing information in docs/contributing.md by @boretrk in #5916
• Consider files executable only if the user can execute them by @novalis in #5915
• git__timer: Limit ITimer usage to AmigaOS4 by @boretrk in #5936
• Fix memory leak in git_smart__connect by @punkymaniac in #5908
• config: fix included configs not refreshed more than once by @Batchyx in #5926
• Fix wrong time_t used in function by @NattyNarwhal in #5938
• fix check for ignoring of negate rules by @palmin in #5824
• Make FIND_PACKAGE(PythonInterp) prefer python3 by @lhchavez in #5913
• git__timer: Allow compilation on systems without CLOCK_MONOTONIC by @boretrk in #594...

libgit2 v1.1.1

🐞 This is a bugfix release with the following changes:

• Fixes a bug where decompressing packfiles could fail in rare instances.

• Ensure worktree paths are validated in more cases.

• Builds without thread-safety (THREADSAFE=OFF) are supported again.

• Builds without mmap (NO_MMAP) are supported again.

• mbedTLS is supported in non-default locations.

• Malformed branch names or missing branches on remotes are ignored.

• Use compiler intrinsics to detect arithmetic overflows in more cases.

• The configuration cache functions properly on systems with strict alignment.

• A missing options initializer function (git_blob_filter_options_init) was added for git_blob_filter_options.

• Several documentation fixes.

🎉 Thanks to all the contributors who have helped with libgit2 v1.1.1:

• @0xdky
• @arxanas
• @carlosmn
• @dtolnay
• @ethomson
• @ianhattendorf
• @implausible
• @jacquesg
• @JoshuaS3
• @lhchavez
• @mamapanda
• @mjsir911
• @punkymaniac
• @rbmclean
• @staticfloat
• @staktrace
• @tniessen

libgit2 v1.1.0

This is release v1.1, "Fernweh".

Changes or improvements

• Our bundled PCRE dependency has been updated to 8.44.

• The refs/remotes/origin/HEAD file will be created at clone time to
  point to the origin's default branch.

• libgit2 now uses the __atomic_ intrinsics instead of __sync_
  intrinsics on supported gcc and clang versions.

• The init.defaultBranch setting is now respected and master is
  no longer the hardcoded as the default branch name.

• Patch files that do not contain an index line can now be parsed.

• Configuration files with multi-line values can now contain quotes
  split across multiple lines.

• Windows clients now attempt to use TLS1.3 when available.

• Servers that request an upgrade to a newer HTTP version are
  silently ignored instead of erroneously failing.

• Users can pass NULL to the options argument to
  git_describe_commit.

• Clones and fetches of very large packfiles now succeeds on 32-bit
  platforms.

• Custom reference database backends can now handle the repository's
  HEAD correctly.

• Repositories with a large number of packfiles no longer exhaust the
  number of file descriptors.

• The test framework now supports TAP output when the -t flag is
  specified.

• The test framework can now specify an exact match to a test
  function using a trailing $.

• All checkout types support GIT_CHECKOUT_DISABLE_PATHSPEC_MATCH.

• git_blame now can ignore whitespace changes using the option
  GIT_BLAME_IGNORE_WHITESPACE.

• Several new examples have been created, including an examples for
  commit, add and push.

• Mode changes during rename are now supported in patch application.

• git_checkout_head now correctly removes untracked files in a
  subdirectory when the FORCE | REMOVE_UNTRACKED options are specified.

libgit2 v1.0.1

This is a bugfix release with the following changes:

• Calculating information about renamed files during merges is more
  efficient because dissimilarity about files is now being cached and
  no longer needs to be recomputed.

• The git_worktree_prune_init_options has been correctly restored for
  backward compatibility. In v1.0 it was incorrectly deprecated with a
  typo.

• The optional ntlmclient dependency now supports NetBSD.

• A bug where attempting to stash on a bare repository may have failed
  has been fixed.

• Configuration files that are unreadable due to permissions are now
  silently ignored, and treated as if they do not exist. This matches
  git's behavior; previously this case would have been an error.

• v4 index files are now correctly written; previously we would read
  them correctly but would not write the prefix-compression accurately,
  causing corruption.

• A bug where the smart HTTP transport could not read large data packets
  has been fixed. Previously, fetching from servers like Gerrit, that
  sent large data packets, would error.

libgit2 v1.0.0

This is release v1.0 "Luftschloss", which is the first stable release of
libgit2. The API will stay compatible across all releases of the same major
version. This release includes bugfixes only and supersedes v0.99, which will
stop being maintained. Both v0.27 and v0.28 stay supported in accordance with
our release policy.

Changes or improvements

• CMake was converted to make use of the GNUInstallDirs module for both our
  pkgconfig and install targets in favor of our custom build options
  BIN_INSTALL_DIR, LIB_INSTALL_DIR and INCLUDE_INSTALL_DIR. Instead, you
  can now use CMakes standard variables CMAKE_INSTALL_BINDIR,
  CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR.

• Some CMake build options accepted either a specific value or a boolean value
  to disable the option altogether or use automatic detection. We only accepted
  "ON" or "OFF", but none of the other values CMake recognizes as boolean. This
  was aligned with CMake's understanding of booleans.

• The installed pkgconfig file contained incorrect values for both libdir and
  includedir variables.

• If using pcre2 for regular expressions, then we incorrectly added "pcre2"
  instead of "pcre2-8" to our pkgconfig dependencies, which was corrected.

• Fixed building the bundled ntlmclient dependency on FreeBSD, OpenBSD and
  SunOS.

• When writing symlinks on Windows, we incorrectly handled relative symlink
  targets, which was corrected.

• When using the HTTP protocol via macOS' SecureTransport implementation, reads
  could stall at the end of the session and only continue after a timeout of 60
  seconds was reached.

• The filesystem-based reference callback didn't corectly initialize the backend
  version.

• A segmentation fault was fixed when calling git_blame_buffer() for files
  that were modified and added to the index.

• A backwards-incompatible change was introduced when we moved some structures
  from "git2/credentials.h" into "git2/sys/credentials.h". This was fixed in the
  case where you do not use hard deprecation.

• Improved error handling in various places.

libgit2 v0.28.5

This is a bugfix release with the following changes:

• Fix an out-of-bounds read when applying patches that do not end
  with a newline.

• Fix an out-of-bounds read when decoding specially crafted
  binary patches.

• Fix an out-of-bounds read when receiving a specially crafted
  "OK" packet via the smarthttp transport.

• Fix lifetime for parsed patches depending on the lifetime of
  the parsed buffe.

• Several fixes when parsing and applying patches.

• Fix computed patch IDs for patches that have no newline at end
  of file.

• Fix applying patches to trees that add new files.

• Do not read configuration from a user's home directory if
  running in a sandboxed environment.

• Fix handling of nested ignore rules overriding wildcard
  unignores in parent directories.

• Fix reference locks not being correctly honored on Unix
  systems.

• Follow 308 redirects when fetching or pushing from remote
  repositories on Windows.

• Fix a race when detaching the libgit2 library on Windows.

• Update the "binary" gitattribute macro to match git's change
  to "-diff -merge -text -crlf".

• Refuse to delete the HEAD reference.

• Fixes for several memory leaks.

• When fetching from an anonymous remote using a URL with authentication
  information provided in the URL (eg https://foo:bar@example.com/repo),
  we would erroneously include the literal URL in the FETCH_HEAD file.
  We now remove that to match git's behavior.

libgit2 v0.99.0

This is v0.99 "Torschlusspanik". This will be the last minor release
before libgit2 v1.0. We expect to only respond to bugs in this release,
to stabilize it for next major release.

It contains significant refactorings, but is expected to be API-compatible
with v0.28.0.

Changes or improvements

• When fetching from an anonymous remote using a URL with authentication
  information provided in the URL (eg https://foo:bar@example.com/repo),
  we would erroneously include the literal URL in the FETCH_HEAD file.
  We now remove that to match git's behavior.

• Some credential structures, enums and values have been renamed:
  git_cred is now git_credential. git_credtype_t is now
  git_credential_t. Functions and types beginning with
  git_cred_ now begin with git_credential, and constants beginning
  with GIT_CREDTYPE now begin with GIT_CREDENTIAL. The former names
  are deprecated.

• Several function signatures have been changed to return an int to
  indicate error conditions. We encourage you to check them for errors
  in the standard way.

  • git_attr_cache_flush
  • git_error_set_str
  • git_index_name_clear
  • git_index_reuc_clear
  • git_libgit2_version
  • git_mempack_reset
  • git_oid_cpy
  • git_oid_fmt
  • git_oid_fromraw
  • git_oid_nfmt
  • git_oid_pathfmt
  • git_remote_stop
  • git_remote_disconnect
  • git_repository__cleanup
  • git_repository_set_config
  • git_repository_set_index
  • git_repository_set_odb
  • git_repository_set_refdb
  • git_revwalk_reset
  • git_revwalk_simplify_first_parent
  • git_revwalk_sorting
  • git_treebuilder_clear
  • git_treebuilder_filter

• The NTLM and Negotiate authentication mechanisms are now supported when
  talking to git implementations hosted on Apache or nginx servers.

• The HEAD symbolic reference can no longer be deleted.

• git_merge_driver_source_repo no longer returns a const git_repository *,
  it now returns a non-const git_repository *.

• Relative symbolic links are now supported on Windows when core.symlinks
  is enabled.

• Servers that provide query parameters with a redirect are now supported.

• git_submodule_sync will now resolve relative URLs.

• When creating git endpoint URLs, double-slashes are no longer used when
  the given git URL has a trailing slash.

• On Windows, a DllMain function is no longer included and thread-local
  storage has moved to fiber-local storage in order to prevent race
  conditions during shutdown.

• The tracing mechanism (GIT_TRACE) is now enabled by default and does
  not need to be explicitly enabled in CMake.

• The size of Git objects is now represented by git_object_size_t
  instead of off_t.

• Binary patches without data can now be parsed.

• A configuration snapshot can now be created from another configuration
  snapshot, not just a "true" configuration object.

• The git_commit_with_signature API will now ensure that referenced
  objects exist in the object database.

• Stash messages containing newlines will now be replaced with spaces;
  they will no longer be (erroneously) written to the repository.

• git_commit_create_with_signature now verifies the commit information
  to ensure that it points to a valid tree and valid parents.

• git_apply has an option GIT_APPLY_CHECK that will only do a dry-run.
  The index and working directory will remain unmodified, and application
  will report if it would have worked.

• Patches produced by Mercurial (those that lack some git extended headers)
  can now be parsed and applied.

• Reference locks are obeyed correctly on POSIX platforms, instead of
  being removed.

• Patches with empty new files can now be read and applied.

• git_apply_to_tree can now correctly apply patches that add new files.

• The program data configuration on Windows (C:\ProgramData\Git\config)
  must be owned by an administrator, a system account or the current user
  to be read.

• git_blob_filtered_content is now deprecated in favor of git_blob_filter.

• Configuration files can now be included conditionally using the
  onbranch conditional.

• Checkout can now properly create and remove symbolic links to directories
  on Windows.

• Stash no longer recomputes trees when committing a worktree, for
  improved performance.

• Repository templates can now include a HEAD file to default the
  initial default branch.

• Some configuration structures, enums and values have been renamed:
  git_cvar_map is now git_configmap, git_cvar_t is now
  git_configmap_t, GIT_CVAR_FALSE is now GIT_CONFIGMAP_FALSE,
  GIT_CVAR_TRUE is now GIT_CONFIGMAP_TRUE, GIT_CVAR_INT32 is now
  GIT_CONFIGMAP_INT32, and GIT_CVAR_STRING is now GIT_CONFIGMAP_STRING.
  The former names are deprecated.

• Repositories can now be created at the root of a Windows drive.

• Configuration lookups are now more efficiently cached.

• git_commit_create_with_signature now supports a NULL signature,
  which will create a commit without adding a signature.

• When a repository lacks an info "common directory", we will no
  longer erroneously return GIT_ENOTFOUND for all attribute lookups.

• Several attribute macros have been renamed: GIT_ATTR_TRUE is now
  GIT_ATTR_IS_TRUE, GIT_ATTR_FALSE is now GIT_ATTR_IS_FALSE,
  GIT_ATTR_UNSPECIFIED is now GIT_ATTR_IS_UNSPECIFIED. The
  attribute enum git_attr_t is now git_attr_value_t and its
  values have been renamed: GIT_ATTR_UNSPECIFIED_T is now
  GIT_ATTR_VALUE_UNSPECIFIED, GIT_ATTR_TRUE_T is now
  GIT_ATTR_VALUE_TRUE, GIT_ATTR_FALSE_T is now GIT_ATTR_VALUE_FALSE,
  and GIT_ATTR_VALUE_T is now GIT_ATTR_VALUE_STRING. The
  former names are deprecated.

• git_object__size is now git_object_size. The former name is
  deprecated.

• git_tag_create_frombuffer is now git_tag_create_from_buffer. The
  former name is deprecated.

• Several blob creation functions have been renamed:
  git_blob_create_frombuffer is now named git_blob_create_from_buffer,
  git_blob_create_fromdisk is now named git_blob_create_from_disk,
  git_blob_create_fromworkdir is now named git_blob_create_from_workdir,
  git_blob_create_fromstream is now named git_blob_create_from_stream,
  and git_blob_create_fromstream_commit is now named
  git_blob_create_from_stream_commit. The former names are deprecated.

• The function git_oid_iszero is now named git_oid_is_zero. The
  former name is deprecated.

• Pattern matching is now done using wildmatch instead of fnmatch
  for compatibility with git.

• The option initialization functions suffixed by init_options are now
  suffixed with options_init. (For example, git_checkout_init_options
  is now git_checkout_options_init.) The former names are deprecated.

• NTLM2 authentication is now supported on non-Windows platforms.

• The git_cred_sign_callback callback is now named git_cred_sign_cb.
  The git_cred_ssh_interactive_callback callback is now named
  git_cred_ssh_interactive_cb.

• Ignore files now:

  • honor escaped trailing whitespace.
  • do not incorrectly negate sibling paths of a negated pattern.
  • honor rules that stop ignoring files after a wildcard

• Attribute files now:

  • honor leading and trailing whitespace.
  • treat paths beginning with \ as absolute only on Windows.
  • properly handle escaped characters.
  • stop reading macros defined in subdirectories

• The C locale is now correctly used when parsing regular expressions.

• The system PCRE2 or PCRE regular expression libraries are now used
  when regcomp_l is not available on the system. If none of these
  are available on the system, an included version of PCRE is used.

• Wildcards in reference specifications are now supported beyond simply
  a bare wildcard (*) for compatibility with git.

• When git_ignore_path_is_ignored is provided a path with a trailing
  slash (eg, dir/), it will now treat it as a directory for the
  purposes of ignore matching.

• Patches that add or remove a file with a space in the path can now
  be correctly parsed.

• The git_remote_completion_type type is now git_remote_completion_t.
  The former name is deprecated.

• The git_odb_backend_malloc is now git_odb_backend_data_alloc. The
  former name is deprecated.

• The git_transfer_progress_cb callback is now git_indexer_progress_cb
  and the git_transfer_progress structure is now git_indexer_progress.
  The former names are deprecated.

• The example projects are now contained in a single lg2 executable
  for ease of use.

• libgit2 now correctly handles more URLs, such as
  http://example.com:/repo.git (colon but no port),
  http://example.com (no path),
  and http://example.com:8080/ (path is /, nonstandard port).

• A carefully constructed commit object with a very large number
  of parents may lead to potential out-of-bounds writes or
  potential denial of service.

• The ProgramData configuration file is always read for compatibility
  with Git for Windows and Portable Git installations. The ProgramData
  location is not necessarily writable only by administrators, so we
  now ensure that the configuration file is owned by the administrator
  or the current user.

API additions

• The SSH host key now supports SHA-256 when GIT_CERT_SSH_SHA256 is set.

• The diff format option GIT_DIFF_FORMAT_PATCH_ID can now be used to
  emit an output like git patch-id.

• The git_apply_options_init function will initialize a
  git_apply_options structure.

• The remote callbacks structure adds a git_url_resolve_cb callback
  that is invoked when connecting to a server, so that applications
  may edit or replace the URL before connection.

• The information about the original HEAD in a rebase operation is
  available with git_rebase_orig_head_name. Its ID is available with
  git_rebase_orig_head_id. The onto referen...

libgit2 v0.28.4

This is a security release fixing the following issues:

• CVE-2019-1348: the fast-import stream command "feature
  export-marks=path" allows writing to arbitrary file paths. As
  libgit2 does not offer any interface for fast-import, it is not
  susceptible to this vulnerability.

• CVE-2019-1349: by using NTFS 8.3 short names, backslashes or
  alternate filesystreams, it is possible to cause submodules to
  be written into pre-existing directories during a recursive
  clone using git. As libgit2 rejects cloning into non-empty
  directories by default, it is not susceptible to this
  vulnerability.

• CVE-2019-1350: recursive clones may lead to arbitrary remote
  code executing due to improper quoting of command line
  arguments. As libgit2 uses libssh2, which does not require us
  to perform command line parsing, it is not susceptible to this
  vulnerability.

• CVE-2019-1351: Windows provides the ability to substitute
  drive letters with arbitrary letters, including multi-byte
  Unicode letters. To fix any potential issues arising from
  interpreting such paths as relative paths, we have extended
  detection of DOS drive prefixes to accomodate for such cases.

• CVE-2019-1352: by using NTFS-style alternative file streams for
  the ".git" directory, it is possible to overwrite parts of the
  repository. While this has been fixed in the past for Windows,
  the same vulnerability may also exist on other systems that
  write to NTFS filesystems. We now reject any paths starting
  with ".git:" on all systems.

• CVE-2019-1353: by using NTFS-style 8.3 short names, it was
  possible to write to the ".git" directory and thus overwrite
  parts of the repository, leading to possible remote code
  execution. While this problem was already fixed in the past for
  Windows, other systems accessing NTFS filesystems are
  vulnerable to this issue too. We now enable NTFS protecions by
  default on all systems to fix this attack vector.

• CVE-2019-1354: on Windows, backslashes are not a valid part of
  a filename but are instead interpreted as directory separators.
  As other platforms allowed to use such paths, it was possible
  to write such invalid entries into a Git repository and was
  thus an attack vector to write into the ".git" dierctory. We
  now reject any entries starting with ".git" on all systems.

• CVE-2019-1387: it is possible to let a submodule's git
  directory point into a sibling's submodule directory, which may
  result in overwriting parts of the Git repository and thus lead
  to arbitrary command execution. As libgit2 doesn't provide any
  way to do submodule clones natively, it is not susceptible to
  this vulnerability. Users of libgit2 that have implemented
  recursive submodule clones manually are encouraged to review
  their implementation for this vulnerability.