From a6a58e2b0fd409ae33f2f6a68927ce62ebd114f0 Mon Sep 17 00:00:00 2001
From: Eric Huss <eric@huss.org>
Date: Sat, 6 Dec 2025 15:43:30 +0000
Subject: [PATCH 1/5] Merge pull request #1195 from ehuss/update-libgit2

Update libgit2 to 1.9.2
---
 Cargo.lock               |  2 +-
 Cargo.toml               |  2 +-
 libgit2-sys/CHANGELOG.md | 18 ++++++++++++++++++
 libgit2-sys/Cargo.toml   |  2 +-
 libgit2-sys/build.rs     |  2 +-
 libgit2-sys/libgit2      |  2 +-
 6 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 1d4d2f2fc2..7908cba3bd 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -575,7 +575,7 @@ checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
 
 [[package]]
 name = "libgit2-sys"
-version = "0.18.1+1.9.0"
+version = "0.18.3+1.9.2"
 dependencies = [
  "cc",
  "libc",
diff --git a/Cargo.toml b/Cargo.toml
index 02b4ddea8e..9b1e4b9a85 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -20,7 +20,7 @@ url = "2.5.4"
 bitflags = "2.1.0"
 libc = "0.2"
 log = "0.4.8"
-libgit2-sys = { path = "libgit2-sys", version = "0.18.1" }
+libgit2-sys = { path = "libgit2-sys", version = "0.18.3" }
 
 [target."cfg(all(unix, not(target_os = \"macos\")))".dependencies]
 openssl-sys = { version = "0.9.45", optional = true }
diff --git a/libgit2-sys/CHANGELOG.md b/libgit2-sys/CHANGELOG.md
index e3ea7ea189..261d259f53 100644
--- a/libgit2-sys/CHANGELOG.md
+++ b/libgit2-sys/CHANGELOG.md
@@ -1,5 +1,23 @@
 # Changelog
 
+## 0.18.3+1.9.2 - 2025-12-06
+[0.18.2...0.18.3](https://github.com/rust-lang/git2-rs/compare/libgit2-sys-0.18.2+1.9.1...libgit2-sys-0.18.3+1.9.2)
+
+### Changed
+- Updated to libgit2 [1.9.2](https://github.com/libgit2/libgit2/releases/tag/v1.9.2)
+  [#1195](https://github.com/rust-lang/git2-rs/pull/1195)
+
+  Note that this release fixes two security issues. However, the Rust bindings do not provide direct support for the affected APIs. In particular:
+  - The `libgit2-sys` crate does not support building the vendored C library with the `GIT_SSH_EXEC` setting. This will only be an issue if you are binding to a system-provided library built with this setting.
+  - The `git2` crate does not support custom SSH credentials. However, the `libgit2-sys` crate does export the `git_cred_ssh_custom_new` C-binding. Any projects using the C bindings directly are affected.
+
+## 0.18.2+1.9.1 - 2025-06-21
+[0.18.1...0.18.2](https://github.com/rust-lang/git2-rs/compare/libgit2-sys-0.18.1+1.9.0...libgit2-sys-0.18.2+1.9.1)
+
+### Changed
+- Updated to libgit2 [1.9.1](https://github.com/libgit2/libgit2/releases/tag/v1.9.1)
+  [#1169](https://github.com/rust-lang/git2-rs/pull/1169)
+
 ## 0.18.1+1.9.0 - 2025-03-17
 [0.18.0...0.18.1](https://github.com/rust-lang/git2-rs/compare/libgit2-sys-0.18.0+1.9.0...libgit2-sys-0.18.1+1.9.0)
 
diff --git a/libgit2-sys/Cargo.toml b/libgit2-sys/Cargo.toml
index 9612dcab75..c7f20bf6a5 100644
--- a/libgit2-sys/Cargo.toml
+++ b/libgit2-sys/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "libgit2-sys"
-version = "0.18.1+1.9.0"
+version = "0.18.3+1.9.2"
 authors = ["Josh Triplett <josh@joshtriplett.org>", "Alex Crichton <alex@alexcrichton.com>"]
 links = "git2"
 build = "build.rs"
diff --git a/libgit2-sys/build.rs b/libgit2-sys/build.rs
index 7b5a374e9b..356ad53ea5 100644
--- a/libgit2-sys/build.rs
+++ b/libgit2-sys/build.rs
@@ -7,7 +7,7 @@ use std::process::Command;
 /// Tries to use system libgit2 and emits necessary build script instructions.
 fn try_system_libgit2() -> Result<pkg_config::Library, pkg_config::Error> {
     let mut cfg = pkg_config::Config::new();
-    match cfg.range_version("1.9.0".."1.10.0").probe("libgit2") {
+    match cfg.range_version("1.9.2".."1.10.0").probe("libgit2") {
         Ok(lib) => {
             for include in &lib.include_paths {
                 println!("cargo:root={}", include.display());
diff --git a/libgit2-sys/libgit2 b/libgit2-sys/libgit2
index 338e6fb681..ca225744b9 160000
--- a/libgit2-sys/libgit2
+++ b/libgit2-sys/libgit2
@@ -1 +1 @@
-Subproject commit 338e6fb681369ff0537719095e22ce9dc602dbf0
+Subproject commit ca225744b992bf2bf24e9a2eb357ddef78179667

From dd41077750fe30bf780c9e7f7ab4717d264e098d Mon Sep 17 00:00:00 2001
From: Eric Huss <eric@huss.org>
Date: Sat, 6 Dec 2025 08:04:07 -0800
Subject: [PATCH 2/5] Bump git2 to 0.20.3

This updates the git2 crate to 0.20.3, with only one change to increase
the requirement of libgit2-sys to 0.18.3 to force an update to libgit2
1.9.2. This is only done as a caution to ensure that packages that are
only checking direct-dependency versions will pick up the update.
---
 CHANGELOG.md | 8 ++++++++
 Cargo.lock   | 2 +-
 Cargo.toml   | 2 +-
 README.md    | 2 +-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 55ccdc3b4b..8770482b8f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.20.3 - 2025-12-06
+[0.20.2...0.20.3](https://github.com/rust-lang/git2-rs/compare/git2-0.20.2...git2-0.20.3)
+
+### Changed
+
+- Bumped requirement to libgit2-sys 0.18.3, which updates libgit2 from 1.9.0 to 1.9.2.
+  [#1197](https://github.com/rust-lang/git2-rs/pull/1197)
+
 ## 0.20.2 - 2025-05-05
 [0.20.1...0.20.2](https://github.com/rust-lang/git2-rs/compare/git2-0.20.1...git2-0.20.2)
 
diff --git a/Cargo.lock b/Cargo.lock
index 7908cba3bd..0699b3fd3a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -357,7 +357,7 @@ dependencies = [
 
 [[package]]
 name = "git2"
-version = "0.20.2"
+version = "0.20.3"
 dependencies = [
  "bitflags 2.6.0",
  "clap",
diff --git a/Cargo.toml b/Cargo.toml
index 9b1e4b9a85..8e6e4cafbe 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "git2"
-version = "0.20.2"
+version = "0.20.3"
 authors = ["Josh Triplett <josh@joshtriplett.org>", "Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 readme = "README.md"
diff --git a/README.md b/README.md
index b96234a095..5ba5233365 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ libgit2 bindings for Rust.
 
 ```toml
 [dependencies]
-git2 = "0.20.2"
+git2 = "0.20.3"
 ```
 
 ## Rust version requirements

From ce566831eb188b0fdb27962e154b8da6103071bf Mon Sep 17 00:00:00 2001
From: Weihang Lo <me@weihanglo.tw>
Date: Sat, 31 Jan 2026 11:27:25 -0800
Subject: [PATCH 3/5] fix: check ptr nullity before calling from_raw_parts

---
 src/buf.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/buf.rs b/src/buf.rs
index fd2bcbf96f..bfbc8dcc5c 100644
--- a/src/buf.rs
+++ b/src/buf.rs
@@ -44,12 +44,18 @@ impl Buf {
 impl Deref for Buf {
     type Target = [u8];
     fn deref(&self) -> &[u8] {
+        if self.raw.ptr.is_null() {
+            return &[];
+        }
         unsafe { slice::from_raw_parts(self.raw.ptr as *const u8, self.raw.size as usize) }
     }
 }
 
 impl DerefMut for Buf {
     fn deref_mut(&mut self) -> &mut [u8] {
+        if self.raw.ptr.is_null() {
+            return &mut [];
+        }
         unsafe { slice::from_raw_parts_mut(self.raw.ptr as *mut u8, self.raw.size as usize) }
     }
 }

From 73a5d5d7c49a7eb9d17c2ab6e40dafe3765ebf4d Mon Sep 17 00:00:00 2001
From: Eric Huss <eric@huss.org>
Date: Sun, 1 Feb 2026 07:49:07 -0800
Subject: [PATCH 4/5] Add test for dereference of an empty Buf

---
 src/buf.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/buf.rs b/src/buf.rs
index bfbc8dcc5c..7b714dfe9c 100644
--- a/src/buf.rs
+++ b/src/buf.rs
@@ -75,3 +75,12 @@ impl Drop for Buf {
         unsafe { raw::git_buf_dispose(&mut self.raw) }
     }
 }
+
+#[test]
+fn empty_buf() {
+    let mut buf = Buf::new();
+    let x: &[u8] = &*buf;
+    assert_eq!(x.len(), 0);
+    let x: &mut [u8] = &mut *buf;
+    assert_eq!(x.len(), 0);
+}

From 0b274f76f70f717c3bda4be1f79ba8e1cb11afd4 Mon Sep 17 00:00:00 2001
From: Weihang Lo <me@weihanglo.tw>
Date: Mon, 2 Feb 2026 10:01:36 +0800
Subject: [PATCH 5/5] Bump to 0.20.4

---
 CHANGELOG.md | 8 ++++++++
 Cargo.lock   | 2 +-
 Cargo.toml   | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8770482b8f..3606f4027a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.20.4 - 2026-02-02
+[0.20.3...0.20.4](https://github.com/rust-lang/git2-rs/compare/git2-0.20.3...git2-0.20.4)
+
+### Fixed
+
+- Fix undefined behavior when dereferencing empty `Buf`.
+  [#1213](https://github.com/rust-lang/git2-rs/pull/1213)
+
 ## 0.20.3 - 2025-12-06
 [0.20.2...0.20.3](https://github.com/rust-lang/git2-rs/compare/git2-0.20.2...git2-0.20.3)
 
diff --git a/Cargo.lock b/Cargo.lock
index 0699b3fd3a..0aae751aef 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -357,7 +357,7 @@ dependencies = [
 
 [[package]]
 name = "git2"
-version = "0.20.3"
+version = "0.20.4"
 dependencies = [
  "bitflags 2.6.0",
  "clap",
diff --git a/Cargo.toml b/Cargo.toml
index 8e6e4cafbe..d9914c4336 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "git2"
-version = "0.20.3"
+version = "0.20.4"
 authors = ["Josh Triplett <josh@joshtriplett.org>", "Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 readme = "README.md"