Sync changes to SLFO-1.2 branch

Accepting request 1291488 from devel:tools:scm
OBS-URL: https://build.opensuse.org/request/show/1291488 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=325
2025-08-20 09:17:41 +02:00 · 2025-07-10 21:14:51 +00:00 · 2025-07-09 12:22:02 +00:00 · 2025-06-27 21:00:18 +00:00 · 2025-06-26 15:46:25 +00:00
12 changed files with 638 additions and 734 deletions
--- a/0001-gitk-Add-support-of-SHA256-repo.patch
+++ b/0001-gitk-Add-support-of-SHA256-repo.patch
@@ -1,402 +0,0 @@
 From: Takashi Iwai <tiwai@suse.de>
 Subject: [PATCH v2] gitk: Add support of SHA256 repo
 Date: Tue, 17 Jun 2025 07:59:54 +0200
 Message-ID: <20250617055957.9794-1-tiwai@suse.de>
 This patch adds a basic support of SHA256 Git repository to Gitk, so
 that Gitk can show and operate on both SHA1 and SHA256 repos
 gracefully.  Since SHA256 has a longer ID length (64 char) than SHA1
 (40 char), many field widths are adjusted to fit with it.
 A caveat is that the configuration of auto selection length is shared
 between SHA1 and SHA256 repos.  That is, once when this value is saved
 and read, it's applied to both repo types, which may result in shorter
 selection than the full SHA256 ID.  We may introduce another
 individual config for sha256 (actually I did write in the first
 version), but for simplicity, the common config is used as of writing
 this.
 Many lines still refer "sha1" although they may point to both SHA1 and
 SHA256.  They are left untouched for making the changes simpler.
 This patch is based on the early work by Rostislav Krasny:
  https://patchwork.kernel.org/project/git/patch/pull.979.git.1623687519832.gitgitgadget@gmail.com
 I refreshed, revised and extended to the latest state.
 Signed-off-by: Takashi Iwai <tiwai@suse.de>
 ---
 v1: https://lore.kernel.org/20250320154136.23262-1-tiwai@suse.de
 v1->v2:
 - Fix other procs using fixed 40 length
 - Don't use tabs
 - Drop autosellensha256 config
 - Some code simplification
 - Fix patch description
 gitk-git/gitk | 83 +++++++++++++++++++++++++++++++++++----------------
 1 file changed, 58 insertions(+), 25 deletions(-)
 diff --git a/gitk-git/gitk b/gitk-git/gitk
 index 19689765cde5..04f5f5face68 100755
 --- a/gitk-git/gitk
 +++ b/gitk-git/gitk
@@ -394,6 +394,7 @@ proc parseviewargs {n arglist} {
 proc parseviewrevs {view revs} {
     global vposids vnegids
 +    global hashlength
     if {$revs eq {}} {
         set revs HEAD
@@ -407,7 +408,7 @@ proc parseviewrevs {view revs} {
         set badrev {}
         for {set l 0} {$l < [llength $errlines]} {incr l} {
             set line [lindex $errlines $l]
 -            if {!([string length $line] == 40 && [string is xdigit $line])} {
 +            if {!([string length $line] == $hashlength && [string is xdigit $line])} {
                 if {[string match "fatal:*" $line]} {
                     if {[string match "fatal: ambiguous argument*" $line]
                         && $badrev ne {}} {
@@ -624,6 +625,7 @@ proc updatecommits {} {
     global hasworktree
     global varcid vposids vnegids vflags vrevs
     global show_notes
 +    global hashlength
     set hasworktree [hasworktree]
     rereadrefs
@@ -657,7 +659,7 @@ proc updatecommits {} {
             # take out positive refs that we asked for before or
             # that we have already seen
             foreach rev $revs {
 -                if {[string length $rev] == 40} {
 +                if {[string length $rev] == $hashlength} {
                     if {[lsearch -exact $oldpos $rev] < 0
                         && ![info exists varcid($view,$rev)]} {
                         lappend newrevs $rev
@@ -1542,6 +1544,7 @@ proc getcommitlines {fd inst view updating}  {
     global parents children curview hlview
     global idpending ordertok
     global varccommits varcid varctok vtokmod vfilelimit vshortids
 +    global hashlength
     set stuff [read $fd 500000]
     # git log doesn't terminate the last commit with a null...
@@ -1624,7 +1627,7 @@ proc getcommitlines {fd inst view updating}  {
             }
             set ok 1
             foreach id $ids {
 -                if {[string length $id] != 40} {
 +                if {[string length $id] != $hashlength} {
                     set ok 0
                     break
                 }
@@ -1870,8 +1873,8 @@ proc getcommit {id} {
     return 1
 }
 -# Expand an abbreviated commit ID to a list of full 40-char IDs that match
 -# and are present in the current view.
 +# Expand an abbreviated commit ID to a list of full 40-char (or 64-char
 +# for SHA256 repo) IDs that match and are present in the current view.
 # This is fairly slow...
 proc longid {prefix} {
     global varcid curview vshortids
@@ -1904,6 +1907,7 @@ proc readrefs {} {
     global selecthead selectheadid
     global hideremotes
     global tclencoding
 +    global hashlength
     foreach v {tagids idtags headids idheads otherrefids idotherrefs} {
         unset -nocomplain $v
@@ -1913,9 +1917,9 @@ proc readrefs {} {
         fconfigure $refd -encoding $tclencoding
     }
     while {[gets $refd line] >= 0} {
 -        if {[string index $line 40] ne " "} continue
 -        set id [string range $line 0 39]
 -        set ref [string range $line 41 end]
 +        if {[string index $line $hashlength] ne " "} continue
 +        set id [string range $line 0 [expr {$hashlength - 1}]]
 +        set ref [string range $line [expr {$hashlength + 1}] end]
         if {![string match "refs/*" $ref]} continue
         set name [string range $ref 5 end]
         if {[string match "remotes/*" $name]} {
@@ -2210,6 +2214,7 @@ proc makewindow {} {
     global have_tk85 have_tk86 use_ttk NS
     global git_version
     global worddiff
 +    global hashlength
     # The "mc" arguments here are purely so that xgettext
     # sees the following string as needing to be translated
@@ -2335,7 +2340,7 @@ proc makewindow {} {
         -command gotocommit -width 8
     $sha1but conf -disabledforeground [$sha1but cget -foreground]
     pack .tf.bar.sha1label -side left
 -    ${NS}::entry $sha1entry -width 40 -font textfont -textvariable sha1string
 +    ${NS}::entry $sha1entry -width $hashlength -font textfont -textvariable sha1string
     trace add variable sha1string write sha1change
     pack $sha1entry -side left -pady 2
@@ -4062,6 +4067,7 @@ proc stopblaming {} {
 proc read_line_source {fd inst} {
     global blamestuff curview commfd blameinst nullid nullid2
 +    global hashlength
     while {[gets $fd line] >= 0} {
         lappend blamestuff($inst) $line
@@ -4082,7 +4088,7 @@ proc read_line_source {fd inst} {
     set line [split [lindex $blamestuff($inst) 0] " "]
     set id [lindex $line 0]
     set lnum [lindex $line 1]
 -    if {[string length $id] == 40 && [string is xdigit $id] &&
 +    if {[string length $id] == $hashlength && [string is xdigit $id] &&
         [string is digit -strict $lnum]} {
         # look for "filename" line
         foreach l $blamestuff($inst) {
@@ -5226,11 +5232,13 @@ proc askrelhighlight {row id} {
 # Graph layout functions
 proc shortids {ids} {
 +    global hashlength
 +
     set res {}
     foreach id $ids {
         if {[llength $id] > 1} {
             lappend res [shortids $id]
 -        } elseif {[regexp {^[0-9a-f]{40}$} $id]} {
 +        } elseif {[regexp [string map "@@ $hashlength" {^[0-9a-f]{@@}$}] $id]} {
             lappend res [string range $id 0 7]
         } else {
             lappend res $id
@@ -5405,13 +5413,14 @@ proc get_viewmainhead {view} {
 # git rev-list should give us just 1 line to use as viewmainheadid($view)
 proc getviewhead {fd inst view} {
     global viewmainheadid commfd curview viewinstances showlocalchanges
 +    global hashlength
     set id {}
     if {[gets $fd line] < 0} {
         if {![eof $fd]} {
             return 1
         }
 -    } elseif {[string length $line] == 40 && [string is xdigit $line]} {
 +    } elseif {[string length $line] == $hashlength && [string is xdigit $line]} {
         set id $line
     }
     set viewmainheadid($view) $id
@@ -7175,10 +7184,11 @@ proc commit_descriptor {p} {
 # Also look for URLs of the form "http[s]://..." and make them web links.
 proc appendwithlinks {text tags} {
     global ctext linknum curview
 +    global hashlength
     set start [$ctext index "end - 1c"]
     $ctext insert end $text $tags
 -    set links [regexp -indices -all -inline {(?:\m|-g)[0-9a-f]{6,40}\M} $text]
 +    set links [regexp -indices -all -inline [string map "@@ $hashlength" {(?:\m|-g)[0-9a-f]{6,@@}\M}] $text]
     foreach l $links {
         set s [lindex $l 0]
         set e [lindex $l 1]
@@ -7206,13 +7216,14 @@ proc appendwithlinks {text tags} {
 proc setlink {id lk} {
     global curview ctext pendinglinks
     global linkfgcolor
 +    global hashlength
     if {[string range $id 0 1] eq "-g"} {
       set id [string range $id 2 end]
     }
     set known 0
 -    if {[string length $id] < 40} {
 +    if {[string length $id] < $hashlength} {
         set matches [longid $id]
         if {[llength $matches] > 0} {
             if {[llength $matches] > 1} return
@@ -8857,13 +8868,16 @@ proc incrfont {inc} {
 proc clearsha1 {} {
     global sha1entry sha1string
 -    if {[string length $sha1string] == 40} {
 +    global hashlength
 +
 +    if {[string length $sha1string] == $hashlength} {
         $sha1entry delete 0 end
     }
 }
 proc sha1change {n1 n2 op} {
     global sha1string currentid sha1but
 +
     if {$sha1string == {}
         || ([info exists currentid] && $sha1string == $currentid)} {
         set state disabled
@@ -8880,6 +8894,7 @@ proc sha1change {n1 n2 op} {
 proc gotocommit {} {
     global sha1string tagids headids curview varcid
 +    global hashlength
     if {$sha1string == {}
         || ([info exists currentid] && $sha1string == $currentid)} return
@@ -8889,7 +8904,7 @@ proc gotocommit {} {
         set id $headids($sha1string)
     } else {
         set id [string tolower $sha1string]
 -        if {[regexp {^[0-9a-f]{4,39}$} $id]} {
 +        if {[regexp {^[0-9a-f]{4,63}$} $id]} {
             set matches [longid $id]
             if {$matches ne {}} {
                 if {[llength $matches] > 1} {
@@ -9378,6 +9393,7 @@ proc doseldiff {oldid newid} {
 proc mkpatch {} {
     global rowmenuid currentid commitinfo patchtop patchnum NS
 +    global hashlength
     if {![info exists currentid]} return
     set oldid $currentid
@@ -9392,7 +9408,7 @@ proc mkpatch {} {
     ${NS}::label $top.title -text [mc "Generate patch"]
     grid $top.title - -pady 10
     ${NS}::label $top.from -text [mc "From:"]
 -    ${NS}::entry $top.fromsha1 -width 40
 +    ${NS}::entry $top.fromsha1 -width $hashlength
     $top.fromsha1 insert 0 $oldid
     $top.fromsha1 conf -state readonly
     grid $top.from $top.fromsha1 -sticky w
@@ -9401,7 +9417,7 @@ proc mkpatch {} {
     $top.fromhead conf -state readonly
     grid x $top.fromhead -sticky w
     ${NS}::label $top.to -text [mc "To:"]
 -    ${NS}::entry $top.tosha1 -width 40
 +    ${NS}::entry $top.tosha1 -width $hashlength
     $top.tosha1 insert 0 $newid
     $top.tosha1 conf -state readonly
     grid $top.to $top.tosha1 -sticky w
@@ -9470,6 +9486,7 @@ proc mkpatchcan {} {
 proc mktag {} {
     global rowmenuid mktagtop commitinfo NS
 +    global hashlength
     set top .maketag
     set mktagtop $top
@@ -9479,7 +9496,7 @@ proc mktag {} {
     ${NS}::label $top.title -text [mc "Create tag"]
     grid $top.title - -pady 10
     ${NS}::label $top.id -text [mc "ID:"]
 -    ${NS}::entry $top.sha1 -width 40
 +    ${NS}::entry $top.sha1 -width $hashlength
     $top.sha1 insert 0 $rowmenuid
     $top.sha1 conf -state readonly
     grid $top.id $top.sha1 -sticky w
@@ -9587,10 +9604,11 @@ proc mktaggo {} {
 proc copyreference {} {
     global rowmenuid autosellen
 +    global hashlength
     set format "%h (\"%s\", %ad)"
     set cmd [list git show -s --pretty=format:$format --date=short]
 -    if {$autosellen < 40} {
 +    if {$autosellen < $hashlength} {
         lappend cmd --abbrev=$autosellen
     }
     set reference [eval exec $cmd $rowmenuid]
@@ -9601,6 +9619,7 @@ proc copyreference {} {
 proc writecommit {} {
     global rowmenuid wrcomtop commitinfo wrcomcmd NS
 +    global hashlength
     set top .writecommit
     set wrcomtop $top
@@ -9610,7 +9629,7 @@ proc writecommit {} {
     ${NS}::label $top.title -text [mc "Write commit to file"]
     grid $top.title - -pady 10
     ${NS}::label $top.id -text [mc "ID:"]
 -    ${NS}::entry $top.sha1 -width 40
 +    ${NS}::entry $top.sha1 -width $hashlength
     $top.sha1 insert 0 $rowmenuid
     $top.sha1 conf -state readonly
     grid $top.id $top.sha1 -sticky w
@@ -9690,6 +9709,7 @@ proc mvbranch {} {
 proc branchdia {top valvar uivar} {
     global NS commitinfo
 +    global hashlength
     upvar $valvar val $uivar ui
     catch {destroy $top}
@@ -9698,7 +9718,7 @@ proc branchdia {top valvar uivar} {
     ${NS}::label $top.title -text $ui(title)
     grid $top.title - -pady 10
     ${NS}::label $top.id -text [mc "ID:"]
 -    ${NS}::entry $top.sha1 -width 40
 +    ${NS}::entry $top.sha1 -width $hashlength
     $top.sha1 insert 0 $val(id)
     $top.sha1 conf -state readonly
     grid $top.id $top.sha1 -sticky w
@@ -9708,7 +9728,7 @@ proc branchdia {top valvar uivar} {
     grid x $top.head -sticky ew
     grid columnconfigure $top 1 -weight 1
     ${NS}::label $top.nlab -text [mc "Name:"]
 -    ${NS}::entry $top.name -width 40
 +    ${NS}::entry $top.name -width $hashlength
     $top.name insert 0 $val(name)
     grid $top.nlab $top.name -sticky w
     ${NS}::frame $top.buts
@@ -11697,6 +11717,7 @@ proc prefspage_general {notebook} {
     global tabstop wrapcomment wrapdefault limitdiffs
     global autocopy autoselect autosellen extdifftool perfile_attrs
     global hideremotes want_ttk have_ttk maxrefs web_browser
 +    global hashlength
     set page [create_prefs_page $notebook.general]
@@ -11725,7 +11746,8 @@ proc prefspage_general {notebook} {
             -variable autoselect
         grid x $page.autoselect -sticky w
     }
 -    spinbox $page.autosellen -from 1 -to 40 -width 4 -textvariable autosellen
 +
 +    spinbox $page.autosellen -from 1 -to $hashlength -width 4 -textvariable autosellen
     ${NS}::label $page.autosellenl -text [mc "Length of commit ID to copy"]
     grid x $page.autosellenl $page.autosellen -sticky w
@@ -12491,6 +12513,17 @@ if {$tclencoding == {}} {
     puts stderr "Warning: encoding $gitencoding is not supported by Tcl/Tk"
 }
 +# Use object format as hash algorightm (either "sha1" or "sha256")
 +set hashalgorithm [exec git rev-parse --show-object-format]
 +if {$hashalgorithm eq "sha1"} {
 +    set hashlength 40
 +} elseif {$hashalgorithm eq "sha256"} {
 +    set hashlength 64
 +} else {
 +    puts stderr "Unknown hash algorithm: $hashalgorithm"
 +    exit 1
 +}
 +
 set gui_encoding [encoding system]
 catch {
     set enc [exec git config --get gui.encoding]
@@ -12545,7 +12578,7 @@ set limitdiffs 1
 set datetimeformat "%Y-%m-%d %H:%M:%S"
 set autocopy 0
 set autoselect 1
 -set autosellen 40
 +set autosellen $hashlength
 set perfile_attrs 0
 set want_ttk 1
 -- 
 2.49.0
--- a/0002-git-gui-Add-support-of-SHA256-repo.patch
+++ b/0002-git-gui-Add-support-of-SHA256-repo.patch
@@ -1,178 +0,0 @@
 From: Takashi Iwai <tiwai@suse.de>
 Subject: [PATCH] git-gui: Add support of SHA256 repo
 Date: Tue, 17 Jun 2025 08:03:59 +0200
 Message-ID: <20250617060406.10159-1-tiwai@suse.de>
 This patch adds the basic support of SHA256 Git repositories.
 The needed changes were mostly about adjusting the fixed ID length of
 SHA1 (40) to be variable depending on the repo type.
 Signed-off-by: Takashi Iwai <tiwai@suse.de>
 ---
 git-gui/git-gui.sh                   | 13 ++++++++++++-
 git-gui/lib/blame.tcl                | 12 ++++++++----
 git-gui/lib/choose_repository.tcl    |  8 ++++++--
 git-gui/lib/remote_branch_delete.tcl |  4 +++-
 4 files changed, 29 insertions(+), 8 deletions(-)
 diff --git a/git-gui/git-gui.sh b/git-gui/git-gui.sh
 index 28572c889c0e..206981190535 100755
 --- a/git-gui/git-gui.sh
 +++ b/git-gui/git-gui.sh
@@ -1275,6 +1275,17 @@ if {[catch {
 	set picked 1
 }
 +# Use object format as hash algorightm (either "sha1" or "sha256")
 +set hashalgorithm [exec git rev-parse --show-object-format]
 +if {$hashalgorithm eq "sha1"} {
 +	set hashlength 40
 +} elseif {$hashalgorithm eq "sha256"} {
 +	set hashlength 64
 +} else {
 +	puts stderr "Unknown hash algorithm: $hashalgorithm"
 +	exit 1
 +}
 +
 # we expand the _gitdir when it's just a single dot (i.e. when we're being
 # run from the .git dir itself) lest the routines to find the worktree
 # get confused
@@ -1822,7 +1833,7 @@ proc short_path {path} {
 }
 set next_icon_id 0
 -set null_sha1 [string repeat 0 40]
 +set null_sha1 [string repeat 0 $hashlength]
 proc merge_state {path new_state {head_info {}} {index_info {}}} {
 	global file_states next_icon_id null_sha1
 diff --git a/git-gui/lib/blame.tcl b/git-gui/lib/blame.tcl
 index 8441e109be32..1f0b8ea28504 100644
 --- a/git-gui/lib/blame.tcl
 +++ b/git-gui/lib/blame.tcl
@@ -426,6 +426,7 @@ method _kill {} {
 method _load {jump} {
 	variable group_colors
 +	global hashlength
 	_hide_tooltip $this
@@ -436,7 +437,7 @@ method _load {jump} {
 			$i conf -state normal
 			$i delete 0.0 end
 			foreach g [$i tag names] {
 -				if {[regexp {^g[0-9a-f]{40}$} $g]} {
 +				if {[regexp [string map "@@ $hashlength" {^g[0-9a-f]{@@}$}] $g]} {
 					$i tag delete $g
 				}
 			}
@@ -500,6 +501,8 @@ method _load {jump} {
 }
 method _history_menu {} {
 +	global hashlength
 +
 	set m $w.backmenu
 	if {[winfo exists $m]} {
 		$m delete 0 end
@@ -513,7 +516,7 @@ method _history_menu {} {
 		set c [lindex $e 0]
 		set f [lindex $e 1]
 -		if {[regexp {^[0-9a-f]{40}$} $c]} {
 +		if {[regexp [string map "@@ $hashlength" {^[0-9a-f]{@@}$}] $c]} {
 			set t [string range $c 0 8]...
 		} elseif {$c eq {}} {
 			set t {Working Directory}
@@ -627,6 +630,7 @@ method _exec_blame {cur_w cur_d options cur_s} {
 method _read_blame {fd cur_w cur_d} {
 	upvar #0 $cur_d line_data
 	variable group_colors
 +	global hashlength
 	if {$fd ne $current_fd} {
 		catch {close $fd}
@@ -635,7 +639,7 @@ method _read_blame {fd cur_w cur_d} {
 	$cur_w conf -state normal
 	while {[gets $fd line] >= 0} {
 -		if {[regexp {^([a-z0-9]{40}) (\d+) (\d+) (\d+)$} $line line \
 +		if {[regexp [string map "@@ $hashlength" {^([a-z0-9]{@@}) (\d+) (\d+) (\d+)$}] $line line \
 			cmit original_line final_line line_count]} {
 			set r_commit     $cmit
 			set r_orig_line  $original_line
@@ -648,7 +652,7 @@ method _read_blame {fd cur_w cur_d} {
 			set oln  $r_orig_line
 			set cmit $r_commit
 -			if {[regexp {^0{40}$} $cmit]} {
 +			if {[regexp [string map "@@ $hashlength" {^0{@@}$}] $cmit]} {
 				set commit_abbr work
 				set commit_type curr_commit
 			} elseif {$cmit eq $commit} {
 diff --git a/git-gui/lib/choose_repository.tcl b/git-gui/lib/choose_repository.tcl
 index d23abedcb36f..6078b1c7e2c4 100644
 --- a/git-gui/lib/choose_repository.tcl
 +++ b/git-gui/lib/choose_repository.tcl
@@ -870,6 +870,8 @@ method _do_clone_HEAD {ok} {
 }
 method _do_clone_full_end {ok} {
 +	global hashlength
 +
 	$o_cons done $ok
 	if {$ok} {
@@ -879,7 +881,7 @@ method _do_clone_full_end {ok} {
 		if {[file exists [gitdir FETCH_HEAD]]} {
 			set fd [open [gitdir FETCH_HEAD] r]
 			while {[gets $fd line] >= 0} {
 -				if {[regexp "^(.{40})\t\t" $line line HEAD]} {
 +				if {[regexp [string map "@@ $hashlength" "^(.{@@})\t\t"] $line line HEAD]} {
 					break
 				}
 			}
@@ -965,6 +967,8 @@ method _do_clone_checkout {HEAD} {
 }
 method _readtree_wait {fd} {
 +	global hashlength
 +
 	set buf [read $fd]
 	$o_status_op update_meter $buf
 	append readtree_err $buf
@@ -986,7 +990,7 @@ method _readtree_wait {fd} {
 	# -- Run the post-checkout hook.
 	#
 -	set fd_ph [githook_read post-checkout [string repeat 0 40] \
 +	set fd_ph [githook_read post-checkout [string repeat 0 $hashlength] \
 		[git rev-parse HEAD] 1]
 	if {$fd_ph ne {}} {
 		global pch_error
 diff --git a/git-gui/lib/remote_branch_delete.tcl b/git-gui/lib/remote_branch_delete.tcl
 index 5ba9fcadd17f..8ea672479306 100644
 --- a/git-gui/lib/remote_branch_delete.tcl
 +++ b/git-gui/lib/remote_branch_delete.tcl
@@ -323,6 +323,8 @@ method _load {cache uri} {
 }
 method _read {cache fd} {
 +	global hashlength
 +
 	if {$fd ne $active_ls} {
 		catch {close $fd}
 		return
@@ -330,7 +332,7 @@ method _read {cache fd} {
 	while {[gets $fd line] >= 0} {
 		if {[string match {*^{}} $line]} continue
 -		if {[regexp {^([0-9a-f]{40})	(.*)$} $line _junk obj ref]} {
 +		if {[regexp [string map "@@ $hashlength" {^([0-9a-f]{@@})	(.*)$}] $line _junk obj ref]} {
 			if {[regsub ^refs/heads/ $ref {} abr]} {
 				lappend head_list $abr
 				lappend head_cache($cache) $abr
 -- 
 2.49.0
--- a/CVE-2024-50349-1.patch
+++ b/CVE-2024-50349-1.patch
@@ -0,0 +1,98 @@
 From c903985bf7e772e2d08275c1a95c8a55ab011577 Mon Sep 17 00:00:00 2001
 From: Johannes Schindelin <johannes.schindelin@gmx.de>
 Date: Thu, 7 Nov 2024 08:57:52 +0100
 Subject: [PATCH 1/2] credential_format(): also encode <host>[:<port>]
 An upcoming change wants to sanitize the credential password prompt
 where a URL is displayed that may potentially come from a `.gitmodules`
 file. To this end, the `credential_format()` function is employed.
 To sanitize the host name (and optional port) part of the URL, we need a
 new mode of the `strbuf_add_percentencode()` function because the
 current mode is both too strict and too lenient: too strict because it
 encodes `:`, `[` and `]` (which should be left unencoded in
 `<host>:<port>` and in IPv6 addresses), and too lenient because it does
 not encode invalid host name characters `/`, `_` and `~`.
 So let's introduce and use a new mode specifically to encode the host
 name and optional port part of a URI, leaving alpha-numerical
 characters, periods, colons and brackets alone and encoding all others.
 This only leads to a change of behavior for URLs that contain invalid
 host names.
 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
 ---
 credential.c           |  3 ++-
 strbuf.c               |  4 +++-
 strbuf.h               |  1 +
 t/t0300-credentials.sh | 13 +++++++++++++
 4 files changed, 19 insertions(+), 2 deletions(-)
 diff --git a/credential.c b/credential.c
 index f32011343f..572f1785da 100644
 --- a/credential.c
 +++ b/credential.c
@@ -164,7 +164,8 @@ static void credential_format(struct credential *c, struct strbuf *out)
 		strbuf_addch(out, '@');
 	}
 	if (c->host)
 -		strbuf_addstr(out, c->host);
 +		strbuf_add_percentencode(out, c->host,
 +					 STRBUF_ENCODE_HOST_AND_PORT);
 	if (c->path) {
 		strbuf_addch(out, '/');
 		strbuf_add_percentencode(out, c->path, 0);
 diff --git a/strbuf.c b/strbuf.c
 index c383f41a3c..756b96c561 100644
 --- a/strbuf.c
 +++ b/strbuf.c
@@ -492,7 +492,9 @@ void strbuf_add_percentencode(struct strbuf *dst, const char *src, int flags)
 		unsigned char ch = src[i];
 		if (ch <= 0x1F || ch >= 0x7F ||
 		    (ch == '/' && (flags & STRBUF_ENCODE_SLASH)) ||
 -		    strchr(URL_UNSAFE_CHARS, ch))
 +		    ((flags & STRBUF_ENCODE_HOST_AND_PORT) ?
 +		     !isalnum(ch) && !strchr("-.:[]", ch) :
 +		     !!strchr(URL_UNSAFE_CHARS, ch)))
 			strbuf_addf(dst, "%%%02X", (unsigned char)ch);
 		else
 			strbuf_addch(dst, ch);
 diff --git a/strbuf.h b/strbuf.h
 index f6dbb9681e..f9f8bb0381 100644
 --- a/strbuf.h
 +++ b/strbuf.h
@@ -380,6 +380,7 @@ size_t strbuf_expand_dict_cb(struct strbuf *sb,
 void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src);
 #define STRBUF_ENCODE_SLASH 1
 +#define STRBUF_ENCODE_HOST_AND_PORT 2
 /**
  * Append the contents of a string to a strbuf, percent-encoding any characters
 diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
 index c66d91e82d..cb91be1427 100755
 --- a/t/t0300-credentials.sh
 +++ b/t/t0300-credentials.sh
@@ -514,6 +514,19 @@ test_expect_success 'match percent-encoded values in username' '
 	EOF
 '
 +test_expect_success 'match percent-encoded values in hostname' '
 +	test_config "credential.https://a%20b%20c/.helper" "$HELPER" &&
 +	check fill <<-\EOF
 +	url=https://a b c/
 +	--
 +	protocol=https
 +	host=a b c
 +	username=foo
 +	password=bar
 +	--
 +	EOF
 +'
 +
 test_expect_success 'fetch with multiple path components' '
 	test_unconfig credential.helper &&
 	test_config credential.https://example.com/foo/repo.git.helper "verbatim foo bar" &&
 -- 
 2.47.1
--- a/CVE-2024-50349-2.patch
+++ b/CVE-2024-50349-2.patch
@@ -0,0 +1,314 @@
 From 7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 Mon Sep 17 00:00:00 2001
 From: Johannes Schindelin <johannes.schindelin@gmx.de>
 Date: Wed, 30 Oct 2024 13:26:10 +0100
 Subject: [PATCH 2/2] credential: sanitize the user prompt
 When asking the user interactively for credentials, we want to avoid
 misleading them e.g. via control sequences that pretend that the URL
 targets a trusted host when it does not.
 While Git learned, over the course of the preceding commits, to disallow
 URLs containing URL-encoded control characters by default, credential
 helpers are still allowed to specify values very freely (apart from Line
 Feed and NUL characters, anything is allowed), and this would allow,
 say, a username containing control characters to be specified that would
 then be displayed in the interactive terminal prompt asking the user for
 the password, potentially sending those control characters directly to
 the terminal. This is undesirable because control characters can be used
 to mislead users to divulge secret information to untrusted sites.
 To prevent such an attack vector, let's add a `git_prompt()` that forces
 the displayed text to be sanitized, i.e. displaying question marks
 instead of control characters.
 Note: While this commit's diff changes a lot of `user@host` strings to
 `user%40host`, which may look suspicious on the surface, there is a good
 reason for that: this string specifies a user name, not a
 <username>@<hostname> combination! In the context of t5541, the actual
 combination looks like this: `user%40@127.0.0.1:5541`. Therefore, these
 string replacements document a net improvement introduced by this
 commit, as `user@host@127.0.0.1` could have left readers wondering where
 the user name ends and where the host name begins.
 Hinted-at-by: Jeff King <peff@peff.net>
 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
 ---
 Documentation/config/credential.txt |  6 ++++++
 credential.c                        |  7 ++++++-
 credential.h                        |  4 +++-
 t/t0300-credentials.sh              | 20 ++++++++++++++++++++
 t/t5541-http-push-smart.sh          |  6 +++---
 t/t5550-http-fetch-dumb.sh          | 14 +++++++-------
 t/t5551-http-fetch-smart.sh         | 16 ++++++++--------
 7 files changed, 53 insertions(+), 20 deletions(-)
 Index: b/Documentation/config/credential.txt
 ===================================================================
 --- a/Documentation/config/credential.txt
 +++ b/Documentation/config/credential.txt
@@ -14,6 +14,12 @@ credential.useHttpPath::
 	or https URL to be important. Defaults to false. See
 	linkgit:gitcredentials[7] for more information.
 +credential.sanitizePrompt::
 +	By default, user names and hosts that are shown as part of the
 +	password prompt are not allowed to contain control characters (they
 +	will be URL-encoded by default). Configure this setting to `false` to
 +	override that behavior.
 +
 credential.username::
 	If no username is set for a network authentication, use this username
 	by default. See credential.<context>.* below, and
 Index: b/credential.c
 ===================================================================
 --- a/credential.c
 +++ b/credential.c
@@ -125,6 +125,8 @@ static int credential_config_callback(co
 	}
 	else if (!strcmp(key, "usehttppath"))
 		c->use_http_path = git_config_bool(var, value);
 +	else if (!strcmp(key, "sanitizeprompt"))
 +		c->sanitize_prompt = git_config_bool(var, value);
 	return 0;
 }
@@ -237,7 +239,10 @@ static char *credential_ask_one(const ch
 	struct strbuf prompt = STRBUF_INIT;
 	char *r;
 -	credential_describe(c, &desc);
 +	if (c->sanitize_prompt)
 +		credential_format(c, &desc);
 +	else
 +		credential_describe(c, &desc);
 	if (desc.len)
 		strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf);
 	else
 Index: b/credential.h
 ===================================================================
 --- a/credential.h
 +++ b/credential.h
@@ -168,7 +168,8 @@ struct credential {
 		 multistage: 1,
 		 quit:1,
 		 use_http_path:1,
 -		 username_from_proto:1;
 +		 username_from_proto:1,
 +		 sanitize_prompt:1;
 	struct credential_capability capa_authtype;
 	struct credential_capability capa_state;
@@ -195,6 +196,7 @@ struct credential {
 	.wwwauth_headers = STRVEC_INIT, \
 	.state_headers = STRVEC_INIT, \
 	.state_headers_to_send = STRVEC_INIT, \
 +	.sanitize_prompt = 1, \
 }
 /* Initialize a credential structure, setting all fields to empty. */
 Index: b/t/t0300-credentials.sh
 ===================================================================
 --- a/t/t0300-credentials.sh
 +++ b/t/t0300-credentials.sh
@@ -77,6 +77,10 @@ test_expect_success 'setup helper script
 	test -z "$pexpiry" || echo password_expiry_utc=$pexpiry
 	EOF
 +	write_script git-credential-cntrl-in-username <<-\EOF &&
 +	printf "username=\\007latrix Lestrange\\n"
 +	EOF
 +
 	PATH="$PWD:$PATH"
 '
@@ -1008,4 +1012,20 @@ test_expect_success 'credential config w
 	test_grep "skipping credential lookup for key" stderr
 '
 +BEL="$(printf '\007')"
 +
 +test_expect_success 'interactive prompt is sanitized' '
 +	check fill cntrl-in-username <<-EOF
 +	protocol=https
 +	host=example.org
 +	--
 +	protocol=https
 +	host=example.org
 +	username=${BEL}latrix Lestrange
 +	password=askpass-password
 +	--
 +	askpass: Password for ${SQ}https://%07latrix%20Lestrange@example.org${SQ}:
 +	EOF
 +'
 +
 test_done
 Index: b/t/t5541-http-push-smart.sh
 ===================================================================
 --- a/t/t5541-http-push-smart.sh
 +++ b/t/t5541-http-push-smart.sh
@@ -343,7 +343,7 @@ test_expect_success 'push over smart htt
 	git push "$HTTPD_URL"/auth/smart/test_repo.git &&
 	git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \
 		log -1 --format=%s >actual &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	test_cmp expect actual
 '
@@ -355,7 +355,7 @@ test_expect_success 'push to auth-only-f
 	git push "$HTTPD_URL"/auth-push/smart/test_repo.git &&
 	git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \
 		log -1 --format=%s >actual &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	test_cmp expect actual
 '
@@ -385,7 +385,7 @@ test_expect_success 'push into half-auth
 	git push "$HTTPD_URL/half-auth-complete/smart/half-auth.git" &&
 	git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/half-auth.git" \
 		log -1 --format=%s >actual &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	test_cmp expect actual
 '
 Index: b/t/t5550-http-fetch-dumb.sh
 ===================================================================
 --- a/t/t5550-http-fetch-dumb.sh
 +++ b/t/t5550-http-fetch-dumb.sh
@@ -111,13 +111,13 @@ test_expect_success 'http auth can use u
 test_expect_success 'http auth can use just user in URL' '
 	set_askpass wrong pass@host &&
 	git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass &&
 -	expect_askpass pass user@host
 +	expect_askpass pass user%40host
 '
 test_expect_success 'http auth can request both user and pass' '
 	set_askpass user@host pass@host &&
 	git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both &&
 -	expect_askpass both user@host
 +	expect_askpass both user%40host
 '
 test_expect_success 'http auth respects credential helper config' '
@@ -135,14 +135,14 @@ test_expect_success 'http auth can get u
 	test_config_global "credential.$HTTPD_URL.username" user@host &&
 	set_askpass wrong pass@host &&
 	git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user &&
 -	expect_askpass pass user@host
 +	expect_askpass pass user%40host
 '
 test_expect_success 'configured username does not override URL' '
 	test_config_global "credential.$HTTPD_URL.username" wrong &&
 	set_askpass wrong pass@host &&
 	git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 &&
 -	expect_askpass pass user@host
 +	expect_askpass pass user%40host
 '
 test_expect_success 'set up repo with http submodules' '
@@ -163,7 +163,7 @@ test_expect_success 'cmdline credential
 	set_askpass wrong pass@host &&
 	git -c "credential.$HTTPD_URL.username=user@host" \
 		clone --recursive super super-clone &&
 -	expect_askpass pass user@host
 +	expect_askpass pass user%40host
 '
 test_expect_success 'cmdline credential config passes submodule via fetch' '
@@ -174,7 +174,7 @@ test_expect_success 'cmdline credential
 	git -C super-clone \
 	    -c "credential.$HTTPD_URL.username=user@host" \
 	    fetch --recurse-submodules &&
 -	expect_askpass pass user@host
 +	expect_askpass pass user%40host
 '
 test_expect_success 'cmdline credential config passes submodule update' '
@@ -191,7 +191,7 @@ test_expect_success 'cmdline credential
 	git -C super-clone \
 	    -c "credential.$HTTPD_URL.username=user@host" \
 	    submodule update &&
 -	expect_askpass pass user@host
 +	expect_askpass pass user%40host
 '
 test_expect_success 'fetch changes via http' '
 Index: b/t/t5551-http-fetch-smart.sh
 ===================================================================
 --- a/t/t5551-http-fetch-smart.sh
 +++ b/t/t5551-http-fetch-smart.sh
@@ -181,7 +181,7 @@ test_expect_success 'clone from password
 	echo two >expect &&
 	set_askpass user@host pass@host &&
 	git clone --bare "$HTTPD_URL/auth/smart/repo.git" smart-auth &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	git --git-dir=smart-auth log -1 --format=%s >actual &&
 	test_cmp expect actual
 '
@@ -199,7 +199,7 @@ test_expect_success 'clone from auth-onl
 	echo two >expect &&
 	set_askpass user@host pass@host &&
 	git clone --bare "$HTTPD_URL/auth-fetch/smart/repo.git" half-auth &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	git --git-dir=half-auth log -1 --format=%s >actual &&
 	test_cmp expect actual
 '
@@ -224,14 +224,14 @@ test_expect_success 'redirects send auth
 	set_askpass user@host pass@host &&
 	git -c credential.useHttpPath=true \
 	  clone $HTTPD_URL/smart-redir-auth/repo.git repo-redir-auth &&
 -	expect_askpass both user@host auth/smart/repo.git
 +	expect_askpass both user%40host auth/smart/repo.git
 '
 test_expect_success 'GIT_TRACE_CURL redacts auth details' '
 	rm -rf redact-auth trace &&
 	set_askpass user@host pass@host &&
 	GIT_TRACE_CURL="$(pwd)/trace" git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	# Ensure that there is no "Basic" followed by a base64 string, but that
 	# the auth details are redacted
@@ -243,7 +243,7 @@ test_expect_success 'GIT_CURL_VERBOSE re
 	rm -rf redact-auth trace &&
 	set_askpass user@host pass@host &&
 	GIT_CURL_VERBOSE=1 git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth 2>trace &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	# Ensure that there is no "Basic" followed by a base64 string, but that
 	# the auth details are redacted
@@ -256,7 +256,7 @@ test_expect_success 'GIT_TRACE_CURL does
 	set_askpass user@host pass@host &&
 	GIT_TRACE_REDACT=0 GIT_TRACE_CURL="$(pwd)/trace" \
 		git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace
 '
@@ -570,7 +570,7 @@ test_expect_success 'http auth remembers
 	# the first request prompts the user...
 	set_askpass user@host pass@host &&
 	git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null &&
 -	expect_askpass both user@host &&
 +	expect_askpass both user%40host &&
 	# ...and the second one uses the stored value rather than
 	# prompting the user.
@@ -601,7 +601,7 @@ test_expect_success 'http auth forgets b
 	# us to prompt the user again.
 	set_askpass user@host pass@host &&
 	git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null &&
 -	expect_askpass both user@host
 +	expect_askpass both user%40host
 '
 test_expect_success 'client falls back from v2 to v0 to match server' '
--- a/CVE-2024-52006.patch
+++ b/CVE-2024-52006.patch
@@ -0,0 +1,193 @@
 From b01b9b81d36759cdcd07305e78765199e1bc2060 Mon Sep 17 00:00:00 2001
 From: Johannes Schindelin <johannes.schindelin@gmx.de>
 Date: Mon, 4 Nov 2024 14:48:22 +0100
 Subject: [PATCH] credential: disallow Carriage Returns in the protocol by
 default
 While Git has documented that the credential protocol is line-based,
 with newlines as terminators, the exact shape of a newline has not been
 documented.
 From Git's perspective, which is firmly rooted in the Linux ecosystem,
 it is clear that "a newline" means a Line Feed character.
 However, even Git's credential protocol respects Windows line endings
 (a Carriage Return character followed by a Line Feed character, "CR/LF")
 by virtue of using `strbuf_getline()`.
 There is a third category of line endings that has been used originally
 by MacOS, and that is respected by the default line readers of .NET and
 node.js: bare Carriage Returns.
 Git cannot handle those, and what is worse: Git's remedy against
 CVE-2020-5260 does not catch when credential helpers are used that
 interpret bare Carriage Returns as newlines.
 Git Credential Manager addressed this as CVE-2024-50338, but other
 credential helpers may still be vulnerable. So let's not only disallow
 Line Feed characters as part of the values in the credential protocol,
 but also disallow Carriage Return characters.
 In the unlikely event that a credential helper relies on Carriage
 Returns in the protocol, introduce an escape hatch via the
 `credential.protectProtocol` config setting.
 This addresses CVE-2024-52006.
 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
 ---
 Documentation/config/credential.txt |  5 +++++
 credential.c                        | 21 ++++++++++++++-------
 credential.h                        |  4 +++-
 t/t0300-credentials.sh              | 16 ++++++++++++++++
 4 files changed, 38 insertions(+), 8 deletions(-)
 Index: b/Documentation/config/credential.txt
 ===================================================================
 --- a/Documentation/config/credential.txt
 +++ b/Documentation/config/credential.txt
@@ -20,6 +20,11 @@ credential.sanitizePrompt::
 	will be URL-encoded by default). Configure this setting to `false` to
 	override that behavior.
 +credential.protectProtocol::
 +	By default, Carriage Return characters are not allowed in the protocol
 +	that is used when Git talks to a credential helper. This setting allows
 +	users to override this default.
 +
 credential.username::
 	If no username is set for a network authentication, use this username
 	by default. See credential.<context>.* below, and
 Index: b/credential.c
 ===================================================================
 --- a/credential.c
 +++ b/credential.c
@@ -127,6 +127,8 @@ static int credential_config_callback(co
 		c->use_http_path = git_config_bool(var, value);
 	else if (!strcmp(key, "sanitizeprompt"))
 		c->sanitize_prompt = git_config_bool(var, value);
 +	else if (!strcmp(key, "protectprotocol"))
 +		c->protect_protocol = git_config_bool(var, value);
 	return 0;
 }
@@ -361,7 +363,8 @@ int credential_read(struct credential *c
 	return 0;
 }
 -static void credential_write_item(FILE *fp, const char *key, const char *value,
 +static void credential_write_item(const struct credential *c,
 +				  FILE *fp, const char *key, const char *value,
 				  int required)
 {
 	if (!value && required)
@@ -370,6 +373,10 @@ static void credential_write_item(FILE *
 		return;
 	if (strchr(value, '\n'))
 		die("credential value for %s contains newline", key);
 +	if (c->protect_protocol && strchr(value, '\r'))
 +		die("credential value for %s contains carriage return\n"
 +		    "If this is intended, set `credential.protectProtocol=false`",
 +		    key);
 	fprintf(fp, "%s=%s\n", key, value);
 }
@@ -377,34 +384,34 @@ void credential_write(const struct crede
 		      enum credential_op_type op_type)
 {
 	if (credential_has_capability(&c->capa_authtype, op_type))
 -		credential_write_item(fp, "capability[]", "authtype", 0);
 +		credential_write_item(c, fp, "capability[]", "authtype", 0);
 	if (credential_has_capability(&c->capa_state, op_type))
 -		credential_write_item(fp, "capability[]", "state", 0);
 +		credential_write_item(c, fp, "capability[]", "state", 0);
 	if (credential_has_capability(&c->capa_authtype, op_type)) {
 -		credential_write_item(fp, "authtype", c->authtype, 0);
 -		credential_write_item(fp, "credential", c->credential, 0);
 +		credential_write_item(c, fp, "authtype", c->authtype, 0);
 +		credential_write_item(c, fp, "credential", c->credential, 0);
 		if (c->ephemeral)
 -			credential_write_item(fp, "ephemeral", "1", 0);
 +			credential_write_item(c, fp, "ephemeral", "1", 0);
 	}
 -	credential_write_item(fp, "protocol", c->protocol, 1);
 -	credential_write_item(fp, "host", c->host, 1);
 -	credential_write_item(fp, "path", c->path, 0);
 -	credential_write_item(fp, "username", c->username, 0);
 -	credential_write_item(fp, "password", c->password, 0);
 -	credential_write_item(fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
 +	credential_write_item(c, fp, "protocol", c->protocol, 1);
 +	credential_write_item(c, fp, "host", c->host, 1);
 +	credential_write_item(c, fp, "path", c->path, 0);
 +	credential_write_item(c, fp, "username", c->username, 0);
 +	credential_write_item(c, fp, "password", c->password, 0);
 +	credential_write_item(c, fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
 	if (c->password_expiry_utc != TIME_MAX) {
 		char *s = xstrfmt("%"PRItime, c->password_expiry_utc);
 -		credential_write_item(fp, "password_expiry_utc", s, 0);
 +		credential_write_item(c, fp, "password_expiry_utc", s, 0);
 		free(s);
 	}
 	for (size_t i = 0; i < c->wwwauth_headers.nr; i++)
 -		credential_write_item(fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
 +		credential_write_item(c, fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
 	if (credential_has_capability(&c->capa_state, op_type)) {
 		if (c->multistage)
 -			credential_write_item(fp, "continue", "1", 0);
 +			credential_write_item(c, fp, "continue", "1", 0);
 		for (size_t i = 0; i < c->state_headers_to_send.nr; i++)
 -			credential_write_item(fp, "state[]", c->state_headers_to_send.v[i], 0);
 +			credential_write_item(c, fp, "state[]", c->state_headers_to_send.v[i], 0);
 	}
 }
 Index: b/credential.h
 ===================================================================
 --- a/credential.h
 +++ b/credential.h
@@ -169,7 +169,8 @@ struct credential {
 		 quit:1,
 		 use_http_path:1,
 		 username_from_proto:1,
 -		 sanitize_prompt:1;
 +		 sanitize_prompt:1,
 +		 protect_protocol:1;
 	struct credential_capability capa_authtype;
 	struct credential_capability capa_state;
@@ -197,6 +198,7 @@ struct credential {
 	.state_headers = STRVEC_INIT, \
 	.state_headers_to_send = STRVEC_INIT, \
 	.sanitize_prompt = 1, \
 +	.protect_protocol = 1, \
 }
 /* Initialize a credential structure, setting all fields to empty. */
 Index: b/t/t0300-credentials.sh
 ===================================================================
 --- a/t/t0300-credentials.sh
 +++ b/t/t0300-credentials.sh
@@ -903,6 +903,22 @@ test_expect_success 'url parser rejects
 	test_cmp expect stderr
 '
 +test_expect_success 'url parser rejects embedded carriage returns' '
 +	test_config credential.helper "!true" &&
 +	test_must_fail git credential fill 2>stderr <<-\EOF &&
 +	url=https://example%0d.com/
 +	EOF
 +	cat >expect <<-\EOF &&
 +	fatal: credential value for host contains carriage return
 +	If this is intended, set `credential.protectProtocol=false`
 +	EOF
 +	test_cmp expect stderr &&
 +	GIT_ASKPASS=true \
 +	git -c credential.protectProtocol=false credential fill <<-\EOF
 +	url=https://example%0d.com/
 +	EOF
 +'
 +
 test_expect_success 'host-less URLs are parsed as empty host' '
 	check fill "verbatim foo bar" <<-\EOF
 	url=cert:///path/to/cert.pem
--- a/git-2.46.1.tar.sign
+++ b/git-2.46.1.tar.sign
--- a/git-2.46.1.tar.xz
+++ b/git-2.46.1.tar.xz
--- a/git-2.50.0.tar.sign
+++ b/git-2.50.0.tar.sign
--- a/git-2.50.0.tar.xz
+++ b/git-2.50.0.tar.xz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:dff3c000e400ace3a63b8a6f8b3b76b88ecfdffd4504a04aba4248372cdec045
 size 7878256
--- a/git-asciidoc.patch
+++ b/git-asciidoc.patch
@@ -1,17 +1,17 @@
 ---
- Documentation/asciidoc.conf.in |    2 ++
+ Documentation/asciidoc.conf |    2 ++
 1 file changed, 2 insertions(+)
-Index: git-2.48.0/Documentation/asciidoc.conf.in
+Index: git-2.11.0/Documentation/asciidoc.conf
 ===================================================================
--- git-2.48.0.orig/Documentation/asciidoc.conf.in
+--- git-2.11.0.orig/Documentation/asciidoc.conf
-+++ git-2.48.0/Documentation/asciidoc.conf.in
+++ git-2.11.0/Documentation/asciidoc.conf
-@@ -24,6 +24,8 @@ litdd=&#45;&#45;
+@@ -21,6 +21,8 @@ tilde=&#126;
- manmanual=Git Manual
+ apostrophe=&#39;
- mansource=Git @GIT_VERSION@
+ backtick=&#96;
- revdate=@GIT_DATE@
+ litdd=&#45;&#45;
 +# drops the "last-updated" footer, with asciidoc-8.6.9+
 +footer-style=none
- ifdef::doctype-book[]
+ ifdef::backend-docbook[]
- [titles]
+ [linkgit-inlinemacro]
--- a/git.changes
+++ b/git.changes
@@ -1,133 +1,12 @@
 -------------------------------------------------------------------
-Tue Jun 17 17:55:40 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+Thu Jan 16 22:29:07 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- update to 2.50.0
+- Add CVE-2024-50349-1.patch, CVE-2024-50349-2.patch
-  https://about.gitlab.com/blog/what-s-new-in-git-2-50-0/
+  * CVE-2024-50349: passwords for trusted sites could be sent to untrusted
-  https://raw.githubusercontent.com/git/git/refs/tags/v2.50.0/Documentation/RelNotes/2.50.0.adoc
+    sites (bsc#1235600)
-
+- Add CVE-2024-52006.patch
-------------------------------------------------------------------
+  * CVE-2024-52006: Carriage Returns via the credential protocol to credential
-Fri Jun 13 15:50:22 UTC 2025 - Takashi Iwai <tiwai@suse.com>
+    helpers (bsc#1235601)
 - Refresh gitk SHA256 patch and add SHA256 support to git-gui (bsc#1239989):
  0001-gitk-Add-support-of-SHA256-repo.patch
  0002-git-gui-Add-support-of-SHA256-repo.patch
  The previous patches are dropped:
  0001-gitk-Add-a-basic-support-of-SHA256-repositories-into.patch
  0002-gitk-Add-auto-select-length-preference-for-SHA256.patch
 -------------------------------------------------------------------
 Mon Mar 24 14:04:56 UTC 2025 - Takashi Iwai <tiwai@suse.com>
 - Add support of SHA256 git repo for gitk (bsc#1239989):
  0001-gitk-Add-a-basic-support-of-SHA256-repositories-into.patch
  0002-gitk-Add-auto-select-length-preference-for-SHA256.patch
 -------------------------------------------------------------------
 Fri Mar 14 23:43:43 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
 - update to 2.49.0
  https://about.gitlab.com/blog/2025/03/14/whats-new-in-git-2-49-0/
  https://raw.githubusercontent.com/git/git/refs/tags/v2.49.0/Documentation/RelNotes/2.49.0.adoc
 - switch to zlib-ng for code 16
 - docs switched to asciidoc
 -------------------------------------------------------------------
 Tue Jan 14 21:45:04 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
 - update to 2.48.1: (boo#1235600 boo#1235601)
  * CVE-2024-50349, CVE-2024-52006: 
    refuse to accept URLs that contain control sequences
 -------------------------------------------------------------------
 Mon Jan 13 20:00:00 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
 - update to 2.48.0
  * Reference consistency checks: git refs verify
  * Reflogs can now be migrated with git refs migrate
  * git is free of memory leaks as covered by the test suite
  * Performance improvements
  * Other improvements, UI changes, options extensions and largely
    compatible behavior changes as listed in
    https://raw.githubusercontent.com/git/git/refs/tags/v2.48.0/Documentation/RelNotes/2.48.0.txt
 -------------------------------------------------------------------
 Mon Nov 25 10:58:31 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
 - update to 2.47.1:
  * Use after free and double freeing at the end in
    "git log -L... -p" had been identified and fixed.
  * "git maintenance start" crashed due to an uninitialized
    variable reference, which has been corrected.
  * Fail gracefully instead of crashing when attempting to write
    the contents of a corrupt in-core index as a tree object.
  * A "git fetch" from the superproject going down to a submodule
    used a wrong remote when the default remote names are set
    differently between them.
  * The "gitk" project tree has been synchronized again
 -------------------------------------------------------------------
 Wed Oct  9 10:34:12 UTC 2024 - Dirk Müller <dmueller@suse.com>
 - update to 2.47.0:
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.txt
  * Many Porcelain commands that internally use the merge machinery
    were taught to consistently honor the diff.algorithm
    configuration.
 * A few descriptions in "git show-ref -h" have been clarified.
 * A 'P' command to "git add -p" that passes the patch hunk to the
   pager has been added.
 * "git grep -W" omits blank lines that follow the found function at
   the end of the file, just like it omits blank lines before the next
   function.
 * The value of http.proxy can have "path" at the end for a socks
   proxy that listens to a unix-domain socket, but we started to
   discard it when we taught proxy auth code path to use the
   credential helpers, which has been corrected.
 * The code paths to compact multiple reftable files have been updated
   to correctly deal with multiple compaction triggering at the same
   time.
 * Support to specify ref backend for submodules has been enhanced.
 * "git svn" has been taught about svn:global-ignores property
   recent versions of Subversion has.
 * The default object hash and ref backend format used to be settable
   only with explicit command line option to "git init" and
   environment variables, but now they can be configured in the user's
   global and system wide configuration.
 * "git send-email" learned "--translate-aliases" option that reads
   addresses from the standard input and emits the result of applying
   aliases on them to the standard output.
 * 'git for-each-ref' learned a new "--format" atom to find the branch
   that the history leading to a given commit "%(is-base:<commit>)" is
   likely based on.
 * The command line prompt support used to be littered with bash-isms,
   which has been corrected to work with more shells.
 * Support for the RUNTIME_PREFIX feature has been added to z/OS port.
 * "git send-email" learned "--mailmap" option to allow rewriting the
   recipient addresses.
 * "git mergetool" learned to use VSCode as a merge backend.
 * "git pack-redundant" has been marked for removal in Git 3.0.
 * One-line messages to "die" and other helper functions will get LF
   added by these helper functions, but many existing messages had an
   unnecessary LF at the end, which have been corrected.
 * The "scalar clone" command learned the "--no-tags" option.
 * The environment GIT_ADVICE has been intentionally kept undocumented
   to discourage its use by interactive users.  Add documentation to
   help tool writers.
 * "git apply --3way" learned to take "--ours" and other options.
 -------------------------------------------------------------------
 Mon Oct  7 12:01:19 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
 - Update to version 2.46.2:
  * Revert the "git patch-id" change that went into 2.46.1,
    as it seems to have got a regression reported (I haven't verified,
    but it is better to keep a known breakage than adding an unintended
    regression).
  * In a few corner cases "git diff --exit-code" failed to report
    "changes" (e.g., renamed without any content change), which has
    been corrected.
  * The interpret-trailers command failed to recognise the end of the
    message when the commit log ends in an incomplete line.
 -------------------------------------------------------------------
 Fri Sep 20 08:18:30 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
--- a/git.spec
+++ b/git.spec
@@ -1,8 +1,8 @@
 #
 # spec file for package git
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
-# Copyright (c) 2025 Andreas Stieger <Andreas.Stieger@gmx.de>
+# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -43,7 +43,7 @@
 %bcond_with    asciidoctor
 %endif
 Name:           git
-Version:        2.50.0
+Version:        2.46.1
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0-only
@@ -70,9 +70,13 @@ Patch8:         git-asciidoc.patch
 Patch10:        setup-don-t-fail-if-commondir-reference-is-deleted.patch
 # PATCH-FIX-OPENSUSE CVE-2024-24577.patch boo#1219660 antonio.teixeira@suse.com
 Patch11:        CVE-2024-24577.patch
-# Add SHA256 support for gitk and git-gui (bsc#1239989)
+# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1235600
-Patch20:        0001-gitk-Add-support-of-SHA256-repo.patch
+# passwords for trusted sites could be sent to untrusted sites
-Patch21:        0002-git-gui-Add-support-of-SHA256-repo.patch
+Patch12:        CVE-2024-50349-1.patch
 Patch13:        CVE-2024-50349-2.patch
 # PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1235601
 # Carriage Returns via the credential protocol to credential helpers
 Patch14:        CVE-2024-52006.patch
 BuildRequires:  fdupes
 BuildRequires:  gpg2
 BuildRequires:  libcurl-devel
@@ -89,11 +93,7 @@ BuildRequires:  systemd-rpm-macros
 BuildRequires:  tcsh
 BuildRequires:  update-desktop-files
 BuildRequires:  xz
 %if 0%{?suse_version} >= 1600
 BuildRequires:  pkgconfig(zlib-ng)
 %else
 BuildRequires:  pkgconfig(zlib)
 %endif
 Requires:       git-core = %{version}
 Requires:       perl-Git = %{version}
 Recommends:     git-email
@@ -441,9 +441,9 @@ if ! test -f %{buildroot}%{gitexecdir}/git-add; then
 fi
 mkdir -p "%{buildroot}/%{_docdir}/git" "%{buildroot}/%{_docdir}/git/howto" "%{buildroot}/%{_docdir}/git/technical"
-cp -a README.md Documentation/*.adoc "%{buildroot}/%{_docdir}/git/"
+cp -a README.md Documentation/*.txt "%{buildroot}/%{_docdir}/git/"
-cp -a Documentation/howto/*.adoc "%{buildroot}/%{_docdir}/git/howto/"
+cp -a Documentation/howto/*.txt "%{buildroot}/%{_docdir}/git/howto/"
-cp -a Documentation/technical/*.adoc "%{buildroot}/%{_docdir}/git/technical/"
+cp -a Documentation/technical/*.txt "%{buildroot}/%{_docdir}/git/technical/"
 %{!?_without_docs: cp -a Documentation/*.html "%{buildroot}/%{_docdir}/git/"}
 %{!?_without_docs: cp -a Documentation/howto/*.html "%{buildroot}/%{_docdir}/git/howto/"}
 %{!?_without_docs: cp -a Documentation/technical/*.html "%{buildroot}/%{_docdir}/git/technical/"}
Author	SHA256	Message	Date
Adrian Schröter	972e527526	Sync changes to SLFO-1.2 branch	2025-08-20 09:17:41 +02:00
Ana Guerrero	29c41e30f3	Accepting request 1291488 from devel:tools:scm OBS-URL: https://build.opensuse.org/request/show/1291488 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=325	2025-07-10 21:14:51 +00:00
Antonio Teixeira	d282f59a19	- refreshed gitk sha256 patches: 0001-gitk-Add-support-of-SHA256-repo.patch 0002-git-gui-Add-support-of-SHA256-repo.patch - update to 2.50.1 (boo#1245938 boo#1245939 boo#1245942 boo#1245943 boo#1245946 boo#1245947) OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/git?expand=0&rev=677	2025-07-09 12:22:02 +00:00
Ana Guerrero	449f6b4529	Accepting request 1288721 from devel:tools:scm OBS-URL: https://build.opensuse.org/request/show/1288721 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=324	2025-06-27 21:00:18 +00:00
Takashi Iwai	25bd9d7139	- Fix git-gui citool SHA256 repo handling: refreshed 0002-git-gui-Add-support-of-SHA256-repo.patch OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/git?expand=0&rev=675	2025-06-26 15:46:25 +00:00