LibGit2Sharp v0.25.3

This is a security release fixing a number of possible security issues, including hardening validation for submodule validation to help protect against CVE 2018-17456, and a number of possible errors found by fuzzing the libgit2 native library.

This release includes libgit2 v0.27.5.

LibGit2Sharp v0.25.2

This release includes all the changes from the previous v0.25.1 release, and correctly updates the version number to v0.25.2.

The prior release, v0.25.1, would incorrectly claim that it was an v0.25.0 prerelease when queried for its version.
v0.25.1 was not available as a NuGet package for this reason.

There are no changes from v0.25.1 other than the version number update.

LibGit2Sharp v0.25.1

This is a security release fixing insufficient validation of submodule names (CVE-2018-11235, reported by Etienne Stalmans) and disallows .gitmodules files as symlinks. This includes libgit2 v0.27.1, whose release notes follow.

While submodule names come from the untrusted .gitmodules file, we blindly append the name to $GIT_DIR/modules to construct the final path of the submodule repository. In case the name contains e.g. ../, an adversary would be able to escape your repository and write data at arbitrary paths. In accordance with git, we now enforce some rules for submodule names which will cause libgit2 to ignore these malicious names.

Adding a symlink as .gitmodules into the index from the workdir or checking out such files is not allowed as this can make a Git implementation write outside of the repository and bypass the fsck checks for CVE-2018-11235.

libgit2 (and LibGit2Sharp) are not susceptible to CVE-2018-11233.

LibGit2Sharp v0.25

LibGit2Sharp is now .NET Core 2.0+ and .NET Framework compatible.

Additions

• GitObject now has a Peel method that will let you peel (for example)
  a Tag to a Tree.
• MergeOptions now includes an option to IgnoreWhitespaceChanges.
• TreeDefinition can now Add an object with only the ID, which allows
  users of large files to add entries without realizing a Blob.
• ObjectDatabase can now Write a Stream, which allows users of
  large files to stream an object into storage without loading it into
  memory.
• ObjectDatabase can now MergeCommitsIntoIndex allowing users to perform
  an in-memory merge that produces an Index structure with conflicts.
• Users can enable or disable dependent object existence checks when
  creating new objects with GlobalSettings.SetEnableStrictObjectCreation
• Users can enable or disable ofs_delta support with
  GlobalSettings.SetEnableOfsDelta

Changes

• Status now does not show untracked files by default. To retrieve
  untracked files, included the StatusOptions.IncludeUntracked and/or
  the StatusOptions.RecurseUntrackedDirs options.
• Status now does not show the ignored files by default. To retrieve
  ignored files, include the StatusOptions.IncludeIgnored option.
• Commands.Pull can now provide a null value for PullOptions,
  which indicates that default values should be used.

Fixes

• The exception thrown when the native library cannot be loaded is now
  able to be caught and will no longer crash the process.
• Getting the Notes collection from a Repository no longer throws an
  exception when the repository has no notes.

LibGit2Sharp v0.24.1

This is a security release fixing two issues. It updates libgit2's included zlib to 1.2.11, and includes a libgit2 fix for memory handling issues when reading crafted repository index files.

LibGit2Sharp v0.24

This is the last release before a moving to .NET Core compatible library.

It will be the last supported release with the prior architecture; as a result, this release is primarily bugfixes and does not include major new APIs.

LibGit2Sharp v0.23.1

This is a security release fixing two issues. The first one performs extra sanitization for some edge cases in the Git Smart Protocol which can lead to attempting to parse outside of the buffer.

The second fix affects the certificate check callback. It provides a valid parameter to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before this fix leading to a possible MITM.

This does not affect you if you do not use the custom certificate callback or if you do not take this value into account.

A list of commits since the last release follows

82d621c Merge pull request #1402 from libgit2/ethomson/0_23_1
097036d Update change log for 0.23.1
7f259c8 Update version number to 0.23.1
595938e Update LibGit2Sharp.NativeBinaries to 1.0.164

LibGit2Sharp v0.22.1

This is a security release fixing two issues. The first one performs extra sanitization for some edge cases in the Git Smart Protocol which can lead to attempting to parse outside of the buffer.

The second fix affects the certificate check callback. It provides a valid parameter to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before this fix leading to a possible MITM.

This does not affect you if you do not use the custom certificate callback or if you do not take this value into account.

A list of commits since the last release follows

6edb028 Update changelog for 0.22.1
8c1ba0b Update version to 0.22
ec52bb5 Update to libgit2 921e3a6

LibGit2Sharp v0.23

Additions

• Add CherryPickCommit and RevertCommit to ObjectDatabase.
• Add IncludeIgnored field to SatusOptions.
• Add Commit.CreateBuffer to write a commit object to a buffer and
  ObjectDatabase.CreateCommitWithSignature to create commits which include a
  signature.
• Add Commit.ExtractSignature to get a commit's signature.
• Add ObjectDatabase.Write<T> to write arbitrary objects to the object db.
• Add Commit.PrettifyMessage

Changes

• The native libraries are now expected to be in the lib directory,
  instead of NativeBinaries for improved mono compatibility. In
  addition, the names of platform architectures now better reflect
  the vendor naming (eg, x86_64 instead of amd64 on Linux).
• Deprecate the config paths in RepositoryOptions
• Deprecate the QueryBy overload with FollowFilter.
• Deprecate Branch.Remote in favour of Branch.RemoteName
• Remote no longer implement the equality operator.
• Remote.Update takes a remote name instead of an instance.
• Fetch, Pull, Move, Remove, Stage are now in a commands namespace to
  indicate what they represent.

LibGit2Sharp v0.22

Additions

• Add CustomHeaders in the push options (#1217)
• Expose the minimal diff algorithm (#1229)
• Expose Reset() with checkout options (#1219)
• Add a prettify option to history rewrite options (#1185)
• Add option to describe to only follow the first parent (#1190)
• Allow setting the config search path (#1123)
• Provide access to the remote's host HTTPS certificate (#1134)
• Add support for rebase (#964)
• ListReferences() now accepts a credentials provider (#1099)
• Introduce FileStatus.Conflicted and introduce staging of conflicts (#1062)
• Support streaming filters written in C# (#1030)
• Add support for the pre-push callback (#1061)
• Add support for listing remote references without a Repository instance (#1065)
• Add StashCollection.Apply() and .Pop() (#1068)
• Support retrieving a configuration for a repository without instantiating it (#1042)
• Implement 'log --follow'-like functionality (#963)
• Introduce in-memory merging via Repository.MergeCommits() (#990)
• Allow setting whether to prune during a fetch (#1258)

Changes

• Deprecate MergeConflictException in a backwards-compatible way (#1243)
• Improve type safety in the generic type for Diff.Compare() (#1180)
• Obsolete Repository.Commit(), NoteCollection.Add() and
  NoteCollection.Remove() overloads which do not require a signature (#1173)
• BuildSignature() no longer tries to build a signature from the
  environment if there is none configured (#1171)
• Rename the commit walker's Since to IncludeReachableFrom and Until to ExcludeReachableFrom (#1069)
• Rename MergeConflictException to CheckoutConflictException to more
  accurately reflect what it means (#1059)
• Specify the diff algorithm instead of setting a boolean to use patience (#1043)
• Remove optional parameters (#1031)
• Move Repository.Reset(paths) into Index (#959)
• Move FindMergeBase() overloads to ObjectDatabase (#957)

Fixes

• ListReferences() is now able to handle symbolic references (#1132)
• Repository.IsValid() returns false on empty paths (#1156)
• The included version of libgit2 includes racy-git support
• Fix a racy NRE in the filters (#1113)