./devel/libgit2, Portable, pure C implementation of the Git core methods

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.27.1, Package name: libgit2-0.27.1, Maintainer: pkgsrc-users

libgit2 is a portable, pure C implementation of the Git core methods provided as
a re-entrant linkable library with a solid API, allowing you to write native
speed custom Git applications in any language which supports C bindings.

Required to run:
[www/curl] [security/libssh2] [lang/python27] [www/http-parser]

Required to build:

Master sites:

SHA1: 2ce74b2dcec76ee0467a26c0cda8153bd29a2ad4
RMD160: 46dd959617292cebdbcb031ef49f62acd6e5e62f
Filesize: 4654.225 KB

Version history: (Expand)

CVS history: (Expand)

   2018-06-05 20:48:23 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
libgit2: update to 0.27.1.


This is a security release fixing insufficient validation of submodule names
(CVE-2018-11235, reported by Etienne Stalmans) and disallows `.gitmodules` files
as symlinks.

While submodule names come from the untrusted ".gitmodules" file, we \ 
append the name to "$GIT_DIR/modules" to construct the final path of the
submodule repository. In case the name contains e.g. "../", an \ 
adversary would
be able to escape your repository and write data at arbitrary paths. In
accordance with git, we now enforce some rules for submodule names which will
cause libgit2 to ignore these malicious names.

Adding a symlink as `.gitmodules` into the index from the workdir or checking
out such files is not allowed as this can make a Git implementation write
outside of the repository and bypass the `fsck` checks for CVE-2018-11235.

libgit2 is not susceptible to CVE-2018-11233.
   2018-04-29 23:32:09 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
revbump for boost-libs update
   2018-04-17 12:50:24 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
libgit2: update to 0.27.0.


### Changes or improvements

* Improved `p_unlink` in `posix_w32.c` to try and make a file writable
  before sleeping in the retry loop to prevent unnecessary calls to sleep.

* The CMake build infrastructure has been improved to speed up building time.

* A new CMake option "-DUSE_HTTPS=<backend>" makes it possible \ 
to explicitly
  choose an HTTP backend.

* A new CMake option "-DSHA1_BACKEND=<backend>" makes it \ 
possible to explicitly
  choose an SHA1 backend. The collision-detecting backend is now the default.

* A new CMake option "-DUSE_BUNDLED_ZLIB" makes it possible to \ 
explicitly use
  the bundled zlib library.

* A new CMake option "-DENABLE_REPRODUCIBLE_BUILDS" makes it possible to
  generate a reproducible static archive. This requires support from your

* The minimum required CMake version has been bumped to 2.8.11.

* Writing to a configuration file now preserves the case of the key given by the
  caller for the case-insensitive portions of the key (existing sections are
  used even if they don't match).

* We now support conditional includes in configuration files.

* Fix for handling re-reading of configuration files with includes.

* Fix for reading patches which contain exact renames only.

* Fix for reading patches with whitespace in the compared files' paths.

* We will now fill `FETCH_HEAD` from all passed refspecs instead of overwriting
  with the last one.

* There is a new diff option, `GIT_DIFF_INDENT_HEURISTIC` which activates a
  heuristic which takes into account whitespace and indentation in order to
  produce better diffs when dealing with ambiguous diff hunks.

* Fix for pattern-based ignore rules where files ignored by a rule cannot be
  un-ignored by another rule.

* Sockets opened by libgit2 are now being closed on exec(3) if the platform
  supports it.

* Fix for peeling annotated tags from packed-refs files.

* Fix reading huge loose objects from the object database.

* Fix files not being treated as modified when only the file mode has changed.

* We now explicitly reject adding submodules to the index via

* Fix handling of `GIT_DIFF_FIND_RENAMES_FROM_REWRITES` raising `SIGABRT` when
  one file has been deleted and another file has been rewritten.

* Fix for WinHTTP not properly handling NTLM and Negotiate challenges.

* When using SSH-based transports, we now repeatedly ask for the passphrase to
  decrypt the private key in case a wrong passphrase is being provided.

* When generating conflict markers, they will now use the same line endings as
  the rest of the file.

### API additions

* The `git_merge_file_options` structure now contains a new setting,
  `marker_size`.  This allows users to set the size of markers that
  delineate the sides of merged files in the output conflict file.
  By default this is 7 (`GIT_MERGE_CONFLICT_MARKER_SIZE`), which
  produces output markers like `<<<<<<<` and \ 

* `git_remote_create_detached()` creates a remote that is not associated
  to any repository (and does not apply configuration like 'insteadof' rules).
  This is mostly useful for e.g. emulating `git ls-remote` behavior.

* `git_diff_patchid()` lets you generate patch IDs for diffs.

* `git_status_options` now has an additional field `baseline` to allow creating
  status lists against different trees.

* New family of functions to allow creating notes for a specific notes commit
  instead of for a notes reference.

* New family of functions to allow parsing message trailers. This API is still
  experimental and may change in future releases.

### API removals

### Breaking API changes

* Signatures now distinguish between +0000 and -0000 UTC offsets.

* The certificate check callback in the WinHTTP transport will now receive the
  `message_cb_payload` instead of the `cred_acquire_payload`.

* We are now reading symlinked directories under .git/refs.

* We now refuse creating branches named "HEAD".

* We now refuse reading and writing all-zero object IDs into the
  object database.

* We now read the effective user's configuration file instead of the real user's
  configuration in case libgit2 runs as part of a setuid binary.

* The `git_odb_open_rstream` function and its `readstream` callback in the
  `git_odb_backend` interface have changed their signatures to allow providing
  the object's size and type to the caller.
   2018-03-25 10:23:50 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 0.26.3

* Fix some security bugs

This is a bugfix release. It includes the following non-exclusive list of
improvements, which have been backported from the master branch:

    Fix cloning of the libgit2 project with git clone --recursive by removing an
    invalid submodule from our testing data.

    Fix endianness of the port in p_getaddrinfo().

    Fix handling of negative gitignore rules with wildcards.

    Fix handling of case-insensitive negative gitignore rules.

    Fix resolving references to a tag if the reference is stored with its fully
    resolved OID in the packed-refs file.

    Fix checkout not treating worktree files as modified when only their mode has

    Fix rename detection with GIT_DIFF_FIND_RENAMES_FROM_REWRITES.

    Enable Windows 7 and earlier to use TLS 1.2.

This is a security release fixing memory handling issues when reading crafted
repository index files. The issues allow for possible denial of service due to
allocation of large memory and out-of-bound reads.

As the index is never transferred via the network, exploitation requires an
attacker to have access to the local repository.

This is a security release that includes an update to the bundled zlib
to update it to 1.2.11. Users who build the bundled zlib are vulnerable
to security issues in the prior version.

This does not affect you if you rely on a system-installed version of zlib.
All users of v0.26.0 who use the bundled zlib should upgrade to this release.
   2018-01-01 22:18:57 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
Revbump after boost update
   2017-11-21 00:04:05 by Thomas Klausner | Files touched by this commit (2)
Log message:
libgit2: remove python from bl3.mk

cmake says it's only needed for tests
   2017-08-24 22:03:43 by Adam Ciarcinski | Files touched by this commit (621) | Package updated
Log message:
Revbump for boost update
   2017-07-31 16:18:20 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
Update libgit2 to 0.26.0.

libgit2 2017/6/19

This is the first release of the v0.26 series, "Aufschub". The \ 
changelog follows.

Changes or improvements

Support for opening, creating and modifying worktrees.

We can now detect SHA1 collisions resulting from the SHAttered attack. These
checks can be enabled at build time via -DUSE_SHA1DC.

Fix for missing implementation of git_merge_driver_source getters.

Fix for installed pkg-config file being broken when the prefix contains

We now detect when the hashsum of on-disk objects does not match their
expected hashsum.

We now support open-ended ranges (e.g. "master..", \ 
"...master") in our
revision range parsing code.

We now correctly compute ignores with leading "/" in subdirectories.

We now optionally call fsync on loose objects, packfiles and their indexes,
loose references and packed reference files.

We can now build against OpenSSL v1.1 and against LibreSSL.

GIT_MERGE_OPTIONS_INIT now includes a setting to perform rename detection.
This aligns this structure with the default by git_merge and
git_merge_trees when NULL was provided for the options.

Improvements for reading index v4 files.

Perform additional retries for filesystem operations on Windows when files
are temporarily locked by other processes.

API additions

New family of functions to handle worktrees:

git_worktree_list() lets you look up worktrees for a repository.
git_worktree_lookup() lets you get a specific worktree.
git_worktree_open_from_repository() lets you get the associated worktree of a \ 
git_worktree_add lets you create new worktrees.
git_worktree_prune lets you remove worktrees from disk.
git_worktree_lock() and git_worktree_unlock() let you lock and unlock a \ 
worktree, respectively.
git_repository_open_from_worktree() lets you open a repository via
git_repository_head_for_worktree() lets you get the current HEAD for a
linked worktree.
git_repository_head_detached_for_worktree() lets you check whether a
linked worktree is in detached HEAD mode.
git_repository_item_path() lets you retrieve paths for various repository

git_repository_commondir() lets you retrieve the common directory of a

git_branch_is_checked_out() allows you to check whether a branch is checked
out in a repository or any of its worktrees.

git_repository_submodule_cache_all() and
git_repository_submodule_cache_clear() functions allow you to prime or clear
the submodule cache of a repository.

You can disable strict hash verifications via the
GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION option with git_libgit2_opts().

You can enable us calling fsync for various files inside the ".git"
directory by setting the GIT_OPT_ENABLE_FSYNC_GITDIR option with

You can now enable "offset deltas" when creating packfiles and negotiating
packfiles with a remote server by setting GIT_OPT_ENABLE_OFS_DELTA option
with GIT_libgit2_opts().

You can now set the default share mode on Windows for opening files using
GIT_OPT_SET_WINDOWS_SHAREMODE option with git_libgit2_opts().
You can query the current share mode with GIT_OPT_GET_WINDOWS_SHAREMODE.

git_transport_smart_proxy_options() enables you to get the proxy options for
smart transports.

The GIT_FILTER_INIT macro and the git_filter_init function are provided
to initialize a git_filter structure.

Breaking API changes

clone_checkout_strategy has been removed from
git_submodule_update_option. The checkout strategy used to clone will
be the same strategy specified in checkout_opts.