pool/git
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

1 Commits
factory ... slfo-main

Author SHA256 Message Date
Adrian Schröter
972e527526 Sync changes to SLFO-1.2 branch 2025-08-20 09:17:41 +02:00
14 changed files with 662 additions and 912 deletions
Expand all files Collapse all files

8
CVE-2024-24577.patch
View File

@@ -1,8 +1,8 @@
Index: git/read-cache.c
Index: b/read-cache.c
===================================================================
--- git.orig/read-cache.c
+++ git/read-cache.c
@@ -1134,10 +1134,13 @@ static int has_dir_name(struct index_sta
--- a/read-cache.c
+++ b/read-cache.c
@@ -1158,10 +1158,13 @@ static int has_dir_name(struct index_sta
size_t len;
for (;;) {

98
CVE-2024-50349-1.patch Normal file
View File

@@ -0,0 +1,98 @@
From c903985bf7e772e2d08275c1a95c8a55ab011577 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Thu, 7 Nov 2024 08:57:52 +0100
Subject: [PATCH 1/2] credential_format(): also encode <host>[:<port>]
An upcoming change wants to sanitize the credential password prompt
where a URL is displayed that may potentially come from a `.gitmodules`
file. To this end, the `credential_format()` function is employed.
To sanitize the host name (and optional port) part of the URL, we need a
new mode of the `strbuf_add_percentencode()` function because the
current mode is both too strict and too lenient: too strict because it
encodes `:`, `[` and `]` (which should be left unencoded in
`<host>:<port>` and in IPv6 addresses), and too lenient because it does
not encode invalid host name characters `/`, `_` and `~`.
So let's introduce and use a new mode specifically to encode the host
name and optional port part of a URI, leaving alpha-numerical
characters, periods, colons and brackets alone and encoding all others.
This only leads to a change of behavior for URLs that contain invalid
host names.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
credential.c | 3 ++-
strbuf.c | 4 +++-
strbuf.h | 1 +
t/t0300-credentials.sh | 13 +++++++++++++
4 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/credential.c b/credential.c
index f32011343f..572f1785da 100644
--- a/credential.c
+++ b/credential.c
@@ -164,7 +164,8 @@ static void credential_format(struct credential *c, struct strbuf *out)
strbuf_addch(out, '@');
}
if (c->host)
- strbuf_addstr(out, c->host);
+ strbuf_add_percentencode(out, c->host,
+ STRBUF_ENCODE_HOST_AND_PORT);
if (c->path) {
strbuf_addch(out, '/');
strbuf_add_percentencode(out, c->path, 0);
diff --git a/strbuf.c b/strbuf.c
index c383f41a3c..756b96c561 100644
--- a/strbuf.c
+++ b/strbuf.c
@@ -492,7 +492,9 @@ void strbuf_add_percentencode(struct strbuf *dst, const char *src, int flags)
unsigned char ch = src[i];
if (ch <= 0x1F || ch >= 0x7F ||
(ch == '/' && (flags & STRBUF_ENCODE_SLASH)) ||
- strchr(URL_UNSAFE_CHARS, ch))
+ ((flags & STRBUF_ENCODE_HOST_AND_PORT) ?
+ !isalnum(ch) && !strchr("-.:[]", ch) :
+ !!strchr(URL_UNSAFE_CHARS, ch)))
strbuf_addf(dst, "%%%02X", (unsigned char)ch);
else
strbuf_addch(dst, ch);
diff --git a/strbuf.h b/strbuf.h
index f6dbb9681e..f9f8bb0381 100644
--- a/strbuf.h
+++ b/strbuf.h
@@ -380,6 +380,7 @@ size_t strbuf_expand_dict_cb(struct strbuf *sb,
void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src);
#define STRBUF_ENCODE_SLASH 1
+#define STRBUF_ENCODE_HOST_AND_PORT 2
/**
* Append the contents of a string to a strbuf, percent-encoding any characters
diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh
index c66d91e82d..cb91be1427 100755
--- a/t/t0300-credentials.sh
+++ b/t/t0300-credentials.sh
@@ -514,6 +514,19 @@ test_expect_success 'match percent-encoded values in username' '
EOF
'
+test_expect_success 'match percent-encoded values in hostname' '
+ test_config "credential.https://a%20b%20c/.helper" "$HELPER" &&
+ check fill <<-\EOF
+ url=https://a b c/
+ --
+ protocol=https
+ host=a b c
+ username=foo
+ password=bar
+ --
+ EOF
+'
+
test_expect_success 'fetch with multiple path components' '
test_unconfig credential.helper &&
test_config credential.https://example.com/foo/repo.git.helper "verbatim foo bar" &&
--
2.47.1

314
CVE-2024-50349-2.patch Normal file
View File

@@ -0,0 +1,314 @@
From 7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Wed, 30 Oct 2024 13:26:10 +0100
Subject: [PATCH 2/2] credential: sanitize the user prompt
When asking the user interactively for credentials, we want to avoid
misleading them e.g. via control sequences that pretend that the URL
targets a trusted host when it does not.
While Git learned, over the course of the preceding commits, to disallow
URLs containing URL-encoded control characters by default, credential
helpers are still allowed to specify values very freely (apart from Line
Feed and NUL characters, anything is allowed), and this would allow,
say, a username containing control characters to be specified that would
then be displayed in the interactive terminal prompt asking the user for
the password, potentially sending those control characters directly to
the terminal. This is undesirable because control characters can be used
to mislead users to divulge secret information to untrusted sites.
To prevent such an attack vector, let's add a `git_prompt()` that forces
the displayed text to be sanitized, i.e. displaying question marks
instead of control characters.
Note: While this commit's diff changes a lot of `user@host` strings to
`user%40host`, which may look suspicious on the surface, there is a good
reason for that: this string specifies a user name, not a
<username>@<hostname> combination! In the context of t5541, the actual
combination looks like this: `user%40@127.0.0.1:5541`. Therefore, these
string replacements document a net improvement introduced by this
commit, as `user@host@127.0.0.1` could have left readers wondering where
the user name ends and where the host name begins.
Hinted-at-by: Jeff King <peff@peff.net>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
Documentation/config/credential.txt | 6 ++++++
credential.c | 7 ++++++-
credential.h | 4 +++-
t/t0300-credentials.sh | 20 ++++++++++++++++++++
t/t5541-http-push-smart.sh | 6 +++---
t/t5550-http-fetch-dumb.sh | 14 +++++++-------
t/t5551-http-fetch-smart.sh | 16 ++++++++--------
7 files changed, 53 insertions(+), 20 deletions(-)
Index: b/Documentation/config/credential.txt
===================================================================
--- a/Documentation/config/credential.txt
+++ b/Documentation/config/credential.txt
@@ -14,6 +14,12 @@ credential.useHttpPath::
or https URL to be important. Defaults to false. See
linkgit:gitcredentials[7] for more information.
+credential.sanitizePrompt::
+ By default, user names and hosts that are shown as part of the
+ password prompt are not allowed to contain control characters (they
+ will be URL-encoded by default). Configure this setting to `false` to
+ override that behavior.
+
credential.username::
If no username is set for a network authentication, use this username
by default. See credential.<context>.* below, and
Index: b/credential.c
===================================================================
--- a/credential.c
+++ b/credential.c
@@ -125,6 +125,8 @@ static int credential_config_callback(co
}
else if (!strcmp(key, "usehttppath"))
c->use_http_path = git_config_bool(var, value);
+ else if (!strcmp(key, "sanitizeprompt"))
+ c->sanitize_prompt = git_config_bool(var, value);
return 0;
}
@@ -237,7 +239,10 @@ static char *credential_ask_one(const ch
struct strbuf prompt = STRBUF_INIT;
char *r;
- credential_describe(c, &desc);
+ if (c->sanitize_prompt)
+ credential_format(c, &desc);
+ else
+ credential_describe(c, &desc);
if (desc.len)
strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf);
else
Index: b/credential.h
===================================================================
--- a/credential.h
+++ b/credential.h
@@ -168,7 +168,8 @@ struct credential {
multistage: 1,
quit:1,
use_http_path:1,
- username_from_proto:1;
+ username_from_proto:1,
+ sanitize_prompt:1;
struct credential_capability capa_authtype;
struct credential_capability capa_state;
@@ -195,6 +196,7 @@ struct credential {
.wwwauth_headers = STRVEC_INIT, \
.state_headers = STRVEC_INIT, \
.state_headers_to_send = STRVEC_INIT, \
+ .sanitize_prompt = 1, \
}
/* Initialize a credential structure, setting all fields to empty. */
Index: b/t/t0300-credentials.sh
===================================================================
--- a/t/t0300-credentials.sh
+++ b/t/t0300-credentials.sh
@@ -77,6 +77,10 @@ test_expect_success 'setup helper script
test -z "$pexpiry" || echo password_expiry_utc=$pexpiry
EOF
+ write_script git-credential-cntrl-in-username <<-\EOF &&
+ printf "username=\\007latrix Lestrange\\n"
+ EOF
+
PATH="$PWD:$PATH"
'
@@ -1008,4 +1012,20 @@ test_expect_success 'credential config w
test_grep "skipping credential lookup for key" stderr
'
+BEL="$(printf '\007')"
+
+test_expect_success 'interactive prompt is sanitized' '
+ check fill cntrl-in-username <<-EOF
+ protocol=https
+ host=example.org
+ --
+ protocol=https
+ host=example.org
+ username=${BEL}latrix Lestrange
+ password=askpass-password
+ --
+ askpass: Password for ${SQ}https://%07latrix%20Lestrange@example.org${SQ}:
+ EOF
+'
+
test_done
Index: b/t/t5541-http-push-smart.sh
===================================================================
--- a/t/t5541-http-push-smart.sh
+++ b/t/t5541-http-push-smart.sh
@@ -343,7 +343,7 @@ test_expect_success 'push over smart htt
git push "$HTTPD_URL"/auth/smart/test_repo.git &&
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \
log -1 --format=%s >actual &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
test_cmp expect actual
'
@@ -355,7 +355,7 @@ test_expect_success 'push to auth-only-f
git push "$HTTPD_URL"/auth-push/smart/test_repo.git &&
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \
log -1 --format=%s >actual &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
test_cmp expect actual
'
@@ -385,7 +385,7 @@ test_expect_success 'push into half-auth
git push "$HTTPD_URL/half-auth-complete/smart/half-auth.git" &&
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/half-auth.git" \
log -1 --format=%s >actual &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
test_cmp expect actual
'
Index: b/t/t5550-http-fetch-dumb.sh
===================================================================
--- a/t/t5550-http-fetch-dumb.sh
+++ b/t/t5550-http-fetch-dumb.sh
@@ -111,13 +111,13 @@ test_expect_success 'http auth can use u
test_expect_success 'http auth can use just user in URL' '
set_askpass wrong pass@host &&
git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'http auth can request both user and pass' '
set_askpass user@host pass@host &&
git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both &&
- expect_askpass both user@host
+ expect_askpass both user%40host
'
test_expect_success 'http auth respects credential helper config' '
@@ -135,14 +135,14 @@ test_expect_success 'http auth can get u
test_config_global "credential.$HTTPD_URL.username" user@host &&
set_askpass wrong pass@host &&
git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'configured username does not override URL' '
test_config_global "credential.$HTTPD_URL.username" wrong &&
set_askpass wrong pass@host &&
git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'set up repo with http submodules' '
@@ -163,7 +163,7 @@ test_expect_success 'cmdline credential
set_askpass wrong pass@host &&
git -c "credential.$HTTPD_URL.username=user@host" \
clone --recursive super super-clone &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'cmdline credential config passes submodule via fetch' '
@@ -174,7 +174,7 @@ test_expect_success 'cmdline credential
git -C super-clone \
-c "credential.$HTTPD_URL.username=user@host" \
fetch --recurse-submodules &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'cmdline credential config passes submodule update' '
@@ -191,7 +191,7 @@ test_expect_success 'cmdline credential
git -C super-clone \
-c "credential.$HTTPD_URL.username=user@host" \
submodule update &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'fetch changes via http' '
Index: b/t/t5551-http-fetch-smart.sh
===================================================================
--- a/t/t5551-http-fetch-smart.sh
+++ b/t/t5551-http-fetch-smart.sh
@@ -181,7 +181,7 @@ test_expect_success 'clone from password
echo two >expect &&
set_askpass user@host pass@host &&
git clone --bare "$HTTPD_URL/auth/smart/repo.git" smart-auth &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
git --git-dir=smart-auth log -1 --format=%s >actual &&
test_cmp expect actual
'
@@ -199,7 +199,7 @@ test_expect_success 'clone from auth-onl
echo two >expect &&
set_askpass user@host pass@host &&
git clone --bare "$HTTPD_URL/auth-fetch/smart/repo.git" half-auth &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
git --git-dir=half-auth log -1 --format=%s >actual &&
test_cmp expect actual
'
@@ -224,14 +224,14 @@ test_expect_success 'redirects send auth
set_askpass user@host pass@host &&
git -c credential.useHttpPath=true \
clone $HTTPD_URL/smart-redir-auth/repo.git repo-redir-auth &&
- expect_askpass both user@host auth/smart/repo.git
+ expect_askpass both user%40host auth/smart/repo.git
'
test_expect_success 'GIT_TRACE_CURL redacts auth details' '
rm -rf redact-auth trace &&
set_askpass user@host pass@host &&
GIT_TRACE_CURL="$(pwd)/trace" git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
# Ensure that there is no "Basic" followed by a base64 string, but that
# the auth details are redacted
@@ -243,7 +243,7 @@ test_expect_success 'GIT_CURL_VERBOSE re
rm -rf redact-auth trace &&
set_askpass user@host pass@host &&
GIT_CURL_VERBOSE=1 git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth 2>trace &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
# Ensure that there is no "Basic" followed by a base64 string, but that
# the auth details are redacted
@@ -256,7 +256,7 @@ test_expect_success 'GIT_TRACE_CURL does
set_askpass user@host pass@host &&
GIT_TRACE_REDACT=0 GIT_TRACE_CURL="$(pwd)/trace" \
git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace
'
@@ -570,7 +570,7 @@ test_expect_success 'http auth remembers
# the first request prompts the user...
set_askpass user@host pass@host &&
git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
# ...and the second one uses the stored value rather than
# prompting the user.
@@ -601,7 +601,7 @@ test_expect_success 'http auth forgets b
# us to prompt the user again.
set_askpass user@host pass@host &&
git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null &&
- expect_askpass both user@host
+ expect_askpass both user%40host
'
test_expect_success 'client falls back from v2 to v0 to match server' '

193
CVE-2024-52006.patch Normal file
View File

@@ -0,0 +1,193 @@
From b01b9b81d36759cdcd07305e78765199e1bc2060 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Mon, 4 Nov 2024 14:48:22 +0100
Subject: [PATCH] credential: disallow Carriage Returns in the protocol by
default
While Git has documented that the credential protocol is line-based,
with newlines as terminators, the exact shape of a newline has not been
documented.
From Git's perspective, which is firmly rooted in the Linux ecosystem,
it is clear that "a newline" means a Line Feed character.
However, even Git's credential protocol respects Windows line endings
(a Carriage Return character followed by a Line Feed character, "CR/LF")
by virtue of using `strbuf_getline()`.
There is a third category of line endings that has been used originally
by MacOS, and that is respected by the default line readers of .NET and
node.js: bare Carriage Returns.
Git cannot handle those, and what is worse: Git's remedy against
CVE-2020-5260 does not catch when credential helpers are used that
interpret bare Carriage Returns as newlines.
Git Credential Manager addressed this as CVE-2024-50338, but other
credential helpers may still be vulnerable. So let's not only disallow
Line Feed characters as part of the values in the credential protocol,
but also disallow Carriage Return characters.
In the unlikely event that a credential helper relies on Carriage
Returns in the protocol, introduce an escape hatch via the
`credential.protectProtocol` config setting.
This addresses CVE-2024-52006.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
Documentation/config/credential.txt | 5 +++++
credential.c | 21 ++++++++++++++-------
credential.h | 4 +++-
t/t0300-credentials.sh | 16 ++++++++++++++++
4 files changed, 38 insertions(+), 8 deletions(-)
Index: b/Documentation/config/credential.txt
===================================================================
--- a/Documentation/config/credential.txt
+++ b/Documentation/config/credential.txt
@@ -20,6 +20,11 @@ credential.sanitizePrompt::
will be URL-encoded by default). Configure this setting to `false` to
override that behavior.
+credential.protectProtocol::
+ By default, Carriage Return characters are not allowed in the protocol
+ that is used when Git talks to a credential helper. This setting allows
+ users to override this default.
+
credential.username::
If no username is set for a network authentication, use this username
by default. See credential.<context>.* below, and
Index: b/credential.c
===================================================================
--- a/credential.c
+++ b/credential.c
@@ -127,6 +127,8 @@ static int credential_config_callback(co
c->use_http_path = git_config_bool(var, value);
else if (!strcmp(key, "sanitizeprompt"))
c->sanitize_prompt = git_config_bool(var, value);
+ else if (!strcmp(key, "protectprotocol"))
+ c->protect_protocol = git_config_bool(var, value);
return 0;
}
@@ -361,7 +363,8 @@ int credential_read(struct credential *c
return 0;
}
-static void credential_write_item(FILE *fp, const char *key, const char *value,
+static void credential_write_item(const struct credential *c,
+ FILE *fp, const char *key, const char *value,
int required)
{
if (!value && required)
@@ -370,6 +373,10 @@ static void credential_write_item(FILE *
return;
if (strchr(value, '\n'))
die("credential value for %s contains newline", key);
+ if (c->protect_protocol && strchr(value, '\r'))
+ die("credential value for %s contains carriage return\n"
+ "If this is intended, set `credential.protectProtocol=false`",
+ key);
fprintf(fp, "%s=%s\n", key, value);
}
@@ -377,34 +384,34 @@ void credential_write(const struct crede
enum credential_op_type op_type)
{
if (credential_has_capability(&c->capa_authtype, op_type))
- credential_write_item(fp, "capability[]", "authtype", 0);
+ credential_write_item(c, fp, "capability[]", "authtype", 0);
if (credential_has_capability(&c->capa_state, op_type))
- credential_write_item(fp, "capability[]", "state", 0);
+ credential_write_item(c, fp, "capability[]", "state", 0);
if (credential_has_capability(&c->capa_authtype, op_type)) {
- credential_write_item(fp, "authtype", c->authtype, 0);
- credential_write_item(fp, "credential", c->credential, 0);
+ credential_write_item(c, fp, "authtype", c->authtype, 0);
+ credential_write_item(c, fp, "credential", c->credential, 0);
if (c->ephemeral)
- credential_write_item(fp, "ephemeral", "1", 0);
+ credential_write_item(c, fp, "ephemeral", "1", 0);
}
- credential_write_item(fp, "protocol", c->protocol, 1);
- credential_write_item(fp, "host", c->host, 1);
- credential_write_item(fp, "path", c->path, 0);
- credential_write_item(fp, "username", c->username, 0);
- credential_write_item(fp, "password", c->password, 0);
- credential_write_item(fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
+ credential_write_item(c, fp, "protocol", c->protocol, 1);
+ credential_write_item(c, fp, "host", c->host, 1);
+ credential_write_item(c, fp, "path", c->path, 0);
+ credential_write_item(c, fp, "username", c->username, 0);
+ credential_write_item(c, fp, "password", c->password, 0);
+ credential_write_item(c, fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
if (c->password_expiry_utc != TIME_MAX) {
char *s = xstrfmt("%"PRItime, c->password_expiry_utc);
- credential_write_item(fp, "password_expiry_utc", s, 0);
+ credential_write_item(c, fp, "password_expiry_utc", s, 0);
free(s);
}
for (size_t i = 0; i < c->wwwauth_headers.nr; i++)
- credential_write_item(fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
+ credential_write_item(c, fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
if (credential_has_capability(&c->capa_state, op_type)) {
if (c->multistage)
- credential_write_item(fp, "continue", "1", 0);
+ credential_write_item(c, fp, "continue", "1", 0);
for (size_t i = 0; i < c->state_headers_to_send.nr; i++)
- credential_write_item(fp, "state[]", c->state_headers_to_send.v[i], 0);
+ credential_write_item(c, fp, "state[]", c->state_headers_to_send.v[i], 0);
}
}
Index: b/credential.h
===================================================================
--- a/credential.h
+++ b/credential.h
@@ -169,7 +169,8 @@ struct credential {
quit:1,
use_http_path:1,
username_from_proto:1,
- sanitize_prompt:1;
+ sanitize_prompt:1,
+ protect_protocol:1;
struct credential_capability capa_authtype;
struct credential_capability capa_state;
@@ -197,6 +198,7 @@ struct credential {
.state_headers = STRVEC_INIT, \
.state_headers_to_send = STRVEC_INIT, \
.sanitize_prompt = 1, \
+ .protect_protocol = 1, \
}
/* Initialize a credential structure, setting all fields to empty. */
Index: b/t/t0300-credentials.sh
===================================================================
--- a/t/t0300-credentials.sh
+++ b/t/t0300-credentials.sh
@@ -903,6 +903,22 @@ test_expect_success 'url parser rejects
test_cmp expect stderr
'
+test_expect_success 'url parser rejects embedded carriage returns' '
+ test_config credential.helper "!true" &&
+ test_must_fail git credential fill 2>stderr <<-\EOF &&
+ url=https://example%0d.com/
+ EOF
+ cat >expect <<-\EOF &&
+ fatal: credential value for host contains carriage return
+ If this is intended, set `credential.protectProtocol=false`
+ EOF
+ test_cmp expect stderr &&
+ GIT_ASKPASS=true \
+ git -c credential.protectProtocol=false credential fill <<-\EOF
+ url=https://example%0d.com/
+ EOF
+'
+
test_expect_success 'host-less URLs are parsed as empty host' '
check fill "verbatim foo bar" <<-\EOF
url=cert:///path/to/cert.pem

8
completion-wordbreaks.diff
View File

@@ -2,11 +2,11 @@
contrib/completion/git-completion.bash | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
Index: git/contrib/completion/git-completion.bash
Index: git-2.43.1/contrib/completion/git-completion.bash
===================================================================
--- git.orig/contrib/completion/git-completion.bash
+++ git/contrib/completion/git-completion.bash
@@ -81,10 +81,12 @@
--- git-2.43.1.orig/contrib/completion/git-completion.bash
+++ git-2.43.1/contrib/completion/git-completion.bash
@@ -67,10 +67,12 @@
# case insensitively, even on systems with case sensitive file systems
# (e.g., completing tag name "FOO" on "git checkout f<TAB>").

BIN
git-2.46.1.tar.sign Normal file
View File

Binary file not shown.

BIN
git-2.46.1.tar.xz LFS Normal file
View File

Binary file not shown.

BIN
git-2.52.0.tar.sign
View File

Binary file not shown.

3
git-2.52.0.tar.xz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3cd8fee86f69a949cb610fee8cd9264e6873d07fa58411f6060b3d62729ed7c5
size 7957064

20
git-asciidoc.patch
View File

@@ -1,17 +1,17 @@
---
Documentation/asciidoc.conf.in | 2 ++
Documentation/asciidoc.conf | 2 ++
1 file changed, 2 insertions(+)
Index: git-2.48.0/Documentation/asciidoc.conf.in
Index: git-2.11.0/Documentation/asciidoc.conf
===================================================================
--- git-2.48.0.orig/Documentation/asciidoc.conf.in
+++ git-2.48.0/Documentation/asciidoc.conf.in
@@ -24,6 +24,8 @@ litdd=&#45;&#45;
manmanual=Git Manual
mansource=Git @GIT_VERSION@
revdate=@GIT_DATE@
--- git-2.11.0.orig/Documentation/asciidoc.conf
+++ git-2.11.0/Documentation/asciidoc.conf
@@ -21,6 +21,8 @@ tilde=&#126;
apostrophe=&#39;
backtick=&#96;
litdd=&#45;&#45;
+# drops the "last-updated" footer, with asciidoc-8.6.9+
+footer-style=none
ifdef::doctype-book[]
[titles]
ifdef::backend-docbook[]
[linkgit-inlinemacro]

16
git-tcsh-completion-fixes.diff
View File

@@ -4,10 +4,10 @@
contrib/completion/git.tcsh | 4 ++++
3 files changed, 15 insertions(+), 10 deletions(-)
Index: git/contrib/completion/git-completion.tcsh
Index: git-2.11.0/contrib/completion/git-completion.tcsh
===================================================================
--- git.orig/contrib/completion/git-completion.tcsh
+++ git/contrib/completion/git-completion.tcsh
--- git-2.11.0.orig/contrib/completion/git-completion.tcsh
+++ git-2.11.0/contrib/completion/git-completion.tcsh
@@ -32,14 +32,14 @@ if ( ${__git_tcsh_completion_version[1]}
endif
unset __git_tcsh_completion_version
@@ -30,26 +30,26 @@ Index: git/contrib/completion/git-completion.tcsh
cat << EOF >! ${__git_tcsh_completion_script}
#!bash
@@ -122,6 +122,3 @@ EOF
@@ -121,6 +121,3 @@ EOF
# Don't need this variable anymore, so don't pollute the users environment
unset __git_tcsh_completion_original_script
-
-complete git 'p,*,`bash ${__git_tcsh_completion_script} git "${COMMAND_LINE}"`,'
-complete gitk 'p,*,`bash ${__git_tcsh_completion_script} gitk "${COMMAND_LINE}"`,'
Index: git/contrib/completion/git.csh
Index: git-2.11.0/contrib/completion/git.csh
===================================================================
--- /dev/null
+++ git/contrib/completion/git.csh
+++ git-2.11.0/contrib/completion/git.csh
@@ -0,0 +1,4 @@
+if (${?prompt}) then
+complete git 'p,*,`bash /usr/share/tcsh/git.complete git "${COMMAND_LINE}"`,'
+complete gitk 'p,*,`bash /usr/share/tcsh/git.complete gitk "${COMMAND_LINE}"`,'
+endif
Index: git/contrib/completion/git.tcsh
Index: git-2.11.0/contrib/completion/git.tcsh
===================================================================
--- /dev/null
+++ git/contrib/completion/git.tcsh
+++ git-2.11.0/contrib/completion/git.tcsh
@@ -0,0 +1,4 @@
+if (${?prompt}) then
+complete git 'p,*,`bash /usr/share/tcsh/git.complete git "${COMMAND_LINE}"`,'

875
git.changes
View File

@@ -1,873 +1,12 @@
-------------------------------------------------------------------
Mon Nov 17 23:05:38 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
Thu Jan 16 22:29:07 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 2.52.0:
- UI, Workflows & Features
- The "list" subcommand of "git refs" acts as a front-end for
"git for-each-ref".
- "git cmd --help-all" now works outside repositories.
- "git diff-tree" learned "--max-depth" option.
- A new subcommand "git repo" gives users a way to grab various
repository characteristics.
- A new command "git last-modified" has been added to show the
closest ancestor commit that touched each path.
- The "git refs exists" command that works like "git show-ref
--exists" has been added.
- "git repo info" learns the short-hand option "-z" that is the
same as "--format=nul", and learns to report the objects
format used in the repository.
- "core.commentChar=auto" that attempts to dynamically pick a
suitable comment character is non-workable, as it is too much
trouble to support for little benefit, and is marked as
deprecated.
- "git send-email" learned to drive "git imap-send" to store
already sent e-mails in an IMAP folder.
- The "promisor-remote" capability mechanism has been updated
to allow the "partialCloneFilter" settings and the "token"
value to be communicated from the server side.
- Declare that "git init" that is not otherwise configured uses
'main' as the initial branch, not 'master', starting Git 3.0.
- Keep giving hint about the default initial branch name for
users who may be surprised after Git 3.0 switch-over.
- The stash.index configuration variable can be set to make
"git stash pop/apply" pretend that it was invoked with
"--index".
- "git fast-import" learned that "--signed-commits=<how>"
option that corresponds to that of "git fast-export".
- Marking a hunk 'selected' in "git add -p" and then splitting
made all the split pieces 'selected'; this has been changed
to make them all 'undecided', which gives better end-user
experience.
- Configuration variables that take a pathname as a value (e.g.
blame.ignorerevsfile) can be marked as optional by prefixing
":(optional)" before its value.
- Show 'P'ipe command in "git add -p".
- "git sparse-checkout" subcommand learned a new "clean" action
to prune otherwise unused working-tree files that are outside
the areas of interest.
- "git fast-import" is taught to handle signed tags, just like
it recently learned to handle signed commits, in different
ways.
- A new configuration variable commitGraph.changedPaths allows
to turn "--changed-paths" on by default for "git
commit-graph".
- "Symlink symref" has been added to the list of things that
will disappear at Git 3.0 boundary.
- "git maintenance" command learns the "geometric" strategy
where it avoids doing maintenance tasks that rebuilds
everything from scratch.
- "git repo structure", a new command.
- The help text and manual page of "git bisect" command have
been made consistent with each other.
- Performance, Internal Implementation, Development Support etc.
- string_list_split*() family of functions have been extended
to simplify common use cases.
- Arrays of strbuf is often a wrong data structure to use, and
strbuf_split*() family of functions that create them often
have better alternatives. Update several code paths and
replace strbuf_split*().
- Revision traversal limited with pathspec, like "git log
dir/*", used to ignore changed-paths Bloom filter when the
pathspec contained wildcards; now they take advantage of the
filter when they can.
- Doc lint updates to encourage the newer and easier-to-use
`synopsis` format, with fixes to a handful of existing uses.
- Remove dependency on the_repository and other globals from
the commit-graph code, and other changes unrelated to
de-globaling.
- Discord has been added to the first contribution
documentation as another way to ask for help.
- Inspired by Ezekiel's recent effort to showcase Rust
interface, the hash function implementation used to hash
lines have been updated to the one used for ELF symbol lookup
by Glibc.
- Instead of scanning for the remaining items to see if there
are still commits to be explored in the queue, use khash to
remember which items are still on the queue (an unacceptable
alternative is to reserve one object flag bits).
- The bulk-checkin code used to depend on a file-scope static
singleton variable, which has been updated to pass an
instance throughout the callchain.
- The work to build on the bulk-checkin infrastructure to
create many objects at once in a transaction and to abstract
it into the generic object layer continues.
- CodingGuidelines now spells out how bitfields are to be
written.
- Adjust to the way newer versions of cURL selectively enable
tracing options, so that our tests can continue to work.
- The clear_alloc_state() API function was not fully clearing
the structure for reuse, but since nobody reuses it, replace
it with a variant that frees the structure as well, making
the callers simpler.
- "git range-diff" learned a way to limit the memory consumed
by O(N*N) cost matrix.
- Some places in the code confused a variable that is *not* a
boolean to enable color but is an enum that records what the
user requested to do about color. A couple of bugs of this
sort have been fixed, while the code has been cleaned up to
prevent similar bugs in the future.
- The build procedure based on meson learned a target to only
build documentation, similar to "make doc".
- Dip our toes a bit to (optionally) use Rust implemented
helper called from our C code.
- Documentation for "git log --pretty" options has been updated
to make it easier to translate.
- Instead of three library archives (one for git, one for
reftable, and one for xdiff), roll everything into a single
libgit.a archive. This would help later effort to FFI into
Rust.
- The beginning of SHA1-SHA256 interoperability work.
- Build procedure for a few credential helpers (in contrib/)
have been updated.
- CI improvements to handle the recent Rust integration better.
- The code in "git repack" machinery has been cleaned up to
prepare for incremental update of midx files.
- Two slightly different ways to get at "all the packfiles" in
API has been cleaned up.
- The code to walk revision graph to compute merge base has
been optimized.
- AI guidelines has been added to our documentation set.
- Contributed credential helpers (obviously in contrib/) now
have "cd $there && make install" target.
- The "MyFirstContribution" tutorial tells the reader how to
send out their patches; the section gained a hint to verify
the message reached the mailing list.
- The "debug" ref-backend was missing a method implementation,
which has been corrected.
- Build procedure for Wincred credential helper has been
updated.
- The build procedure based on meson learned to allow builders
to specify the directory to install HTML documents.
- Building "git contacts" script (in contrib/) left the
resulting file unexecutable, which has been corrected.
- Fixes since v2.51 Unless otherwise noted, all the changes in
2.51.X maintenance track, including security updates, are
included in this release.
- During interactive rebase, using 'drop' on a merge commit
lead to an error, which was incorrect.
- "git refs migrate" to migrate the reflog entries from a refs
backend to another had a handful of bugs squashed.
- "git remote rename origin upstream" failed to move
origin/HEAD to upstream/HEAD when origin/HEAD is unborn and
performed other renames extremely inefficiently, which has
been corrected.
- "git describe" has been optimized by using better data
structure.
- "git push" had a code path that led to BUG() but it should
have been a die(), as it is a response to a usual but invalid
end-user action to attempt pushing an object that does not
exist.
- Various bugs about rename handling in "ort" merge strategy
have been fixed.
- "git jump" (in contrib/) fails to parse the diff header
correctly when a file has a space in its name, which has been
corrected.
- "git diff --no-index" run inside a subdirectory under control
of a Git repository operated at the top of the working tree
and stripped the prefix from the output, and oddballs like
"-" (stdin) did not work correctly because of it. Correct
the set-up by undoing what the set-up sequence did to cwd and
prefix.
- Various options to "git diff" that makes comparison ignore
certain aspects of the differences (like "space changes are
ignored", "differences in lines that match these regular
expressions are ignored") did not work well with
"--name-only" and friends.
- The above caused regressions, which has been corrected.
- Documentation for "git rebase" has been updated.
- The start_delayed_progress() function in the progress
eye-candy API did not clear its internal state, making an
initial delay value larger than 1 second ineffective, which
has been corrected.
- The compatObjectFormat extension is used to hide an
incomplete feature that is not yet usable for any purpose
other than developing the feature further. Document it as
such to discourage its use by mere mortals.
- "git log -L..." compared trees of multiple parents with the
tree of the merge result in an unnecessarily inefficient way.
- Under a race against another process that is repacking the
repository, especially a partially cloned one, "git fetch"
may mistakenly think some objects we do have are missing,
which has been corrected.
- "git fetch" can clobber a symref that is dangling when the
remote-tracking HEAD is set to auto update, which has been
corrected.
- "git describe <blob>" misbehaves and/or crashes in some
corner cases, which has been taught to exit with failure
gracefully.
- Manual page for "gitk" is updated with the current
maintainer's name.
- Update the instructions for using GGG in the
MyFirstContribution document to say that a GitHub PR could be
made against `git/git` instead of `gitgitgadget/git`.
- Makefile tried to run multiple "cargo build" which would not
work very well; serialize their execution to work around this
problem.
- "git repack --path-walk" lost objects in some corner cases,
which has been corrected.
- "git ls-files <pathspec>..." should not necessarily have to
expand the index fully if a sparsified directory is excluded
by the pathspec; the code is taught to expand the index on
demand to avoid this.
- Windows "real-time monitoring" interferes with the execution
of tests and affects negatively in both correctness and
performance, which has been disabled in Gitlab CI.
- A broken or malicious "git fetch" can say that it has the
same object for many many times, and the upload-pack serving
it can exhaust memory storing them redundantly, which has
been corrected.
- A corner case bug in "git log -L..." has been corrected.
- "git rev-parse --short" and friends failed to disambiguate
two objects with object names that share common prefix longer
than 32 characters, which has been fixed.
- Some among "git add -p" and friends ignored color.diff and/or
color.ui configuration variables, which is an old regression,
which has been corrected.
- "git subtree" (in contrib/) did not work correctly when
splitting squashed subtrees, which has been improved.
- Import a newer version of the clar unit testing framework.
- "git send-email --compose --reply-to=<address>" used to add
duplicated Reply-To: header, which made mailservers unhappy.
This has been corrected.
- "git rebase -i" failed to clean-up the commit log message
when the command commits the final one in a chain of "fixup"
commands, which has been corrected.
- There are double frees and leaks around setup_revisions() API
used in "git stash show", which has been fixed, and
setup_revisions() API gained a wrapper to make it more
ergonomic when using it with strvec-manged argc/argv pairs.
- Deal more gracefully with directory / file conflicts when the
files backend is used for ref storage, by failing only the
ones that are involved in the conflict while allowing others.
- "git last-modified" operating in non-recursive mode used to
trigger a BUG(), which has been corrected.
- The use of "git config get" command to learn how ANSI color
sequence is for a particular type, e.g., "git config get
--type=color --default=reset no.such.thing", isn't very
ergonomic.
- The "do you still use it?" message given by a command that is
deeply deprecated and allow us to suggest alternatives has
been updated.
- Clang-format update to let our control macros be formatted
the way we had them traditionally, e.g.,
"for_each_string_list_item()" without space before the
parentheses.
- A few places where a size_t value was cast to curl_off_t
without checking has been updated to use the existing helper
function.
- "git reflog write" did not honor the configured
user.name/email which has been corrected.
- Handling of an empty subdirectory of .git/refs/ in the
ref-files backend has been corrected.
- Our CI script requires "sudo" that can be told to preserve
environment, but Ubuntu replaced with "sudo" with an
implementation that lacks the feature. Work this around by
reinstalling the original version.
- The reftable backend learned to sanity check its on-disk data
more carefully.
- A lot of code clean-up of xdiff. Split out of a larger topic.
- "git format-patch --range-diff=... --notes=..." did not drive
the underlying range-diff with correct --notes parameter,
ending up comparing with different set of notes from its main
patch output you would get from "git format-patch
--notes=..." for a singleton patch.
- The code in "git add -p" and friends to iterate over hunks
was riddled with bugs, which has been corrected.
- A few more things that patch authors can do to help
maintainer to keep track of their topics better.
- An earlier addition to "git diff --no-index A B" to limit the
output with pathspec after the two directories misbehaved
when these directories were given with a trailing slash,
which has been corrected.
- The "--short" option of "git status" that meant output for
humans and "-z" option to show NUL delimited output format
did not mix well, and colored some but not all things. The
command has been updated to color all elements consistently
in such a case.
- Unicode width table update.
- GPG signing test set-up has been broken for a year, which has
been corrected.
- Recent OpenSSH creates the Unix domain socket to communicate
with ssh-agent under $HOME instead of /tmp, which causes our
test to fail doe to overly long pathname in our test
environment, which has been worked around by using "ssh-agent
-T".
- strbuf_split*() to split a string into multiple strbufs is
often a wrong API to use. A few uses of it have been removed
by simplifying the code.
- "git shortlog" knows "--committer" and "--author" options,
which the command line completion (in contrib/) did not
handle well, which has been corrected.
- "git bisect" command did not react correctly to "git bisect
help" and "git bisect unknown", which has been corrected.
- The 'q'(uit) command in "git add -p" has been improved to
quit without doing any meaningless work before leaving, and
giving EOF (typically control-D) to the prompt is made to
behave the same way.
- The wildmatch code had a corner case bug that mistakenly
makes "foo**/bar" match with "foobar", which has been
corrected.
- Tests did not set up GNUPGHOME correctly, which is fixed but
some flaky tests are exposed in t1016, which needs to be
addressed before this topic can move forward.
- The patterns used in the .gitignore files use backslash in
the way documented for fnmatch(3); document as such to reduce
confusion.
- drop
0001-t7528-work-around-ETOOMANY-in-OpenSSH-10.1-and-newer.patch
- refreshed CVE-2024-24577.patch
-------------------------------------------------------------------
Fri Oct 31 13:06:34 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
- Add patch from upstream to fix a test that fails with
openssh 10.1:
* 0001-t7528-work-around-ETOOMANY-in-OpenSSH-10.1-and-newer.patch
-------------------------------------------------------------------
Thu Oct 16 14:08:59 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to 2.51.1:
- Fixes since Git 2.51.0
* The "do you still use it?" message given by a command that is
deeply deprecated and allow us to suggest alternatives has been
updated.
* The compatObjectFormat extension is used to hide an incomplete
feature that is not yet usable for any purpose other than
developing the feature further. Document it as such to discourage
its use by mere mortals.
* Manual page for "gitk" is updated with the current maintainer's
name.
* Update the instructions for using GGG in the MyFirstContribution
document to say that a GitHub PR could be made against `git/git`
instead of `gitgitgadget/git`.
* Clang-format update to let our control macros be formatted the way we
had them traditionally, e.g., "for_each_string_list_item()" without
space before the parentheses.
* A few places where a size_t value was cast to curl_off_t without
checking has been updated to use the existing helper function.
* The start_delayed_progress() function in the progress eye-candy API
did not clear its internal state, making an initial delay value
larger than 1 second ineffective, which has been corrected.
* Makefile tried to run multiple "cargo build" which would not work
very well; serialize their execution to work around this problem.
* Adjust to the way newer versions of cURL selectively enable tracing
options, so that our tests can continue to work.
* During interactive rebase, using 'drop' on a merge commit led to
an error, which has been corrected.
* "git refs migrate" to migrate the reflog entries from a refs
backend to another had a handful of bugs squashed.
* "git push" had a code path that led to BUG() but it should have
been a die(), as it is a response to a usual but invalid end-user
action to attempt pushing an object that does not exist.
* Various bugs about rename handling in "ort" merge strategy have
been fixed.
* "git diff --no-index" run inside a subdirectory under control of a
Git repository operated at the top of the working tree and stripped
the prefix from the output, and oddballs like "-" (stdin) did not
work correctly because of it. Correct the set-up by undoing what
the set-up sequence did to cwd and prefix.
* Various options to "git diff" that make comparison ignore certain
aspects of the differences (like "space changes are ignored",
"differences in lines that match these regular expressions are
ignored") did not work well with "--name-only" and friends.
* Under a race against another process that is repacking the
repository, especially a partially cloned one, "git fetch" may
mistakenly think some objects we do have are missing, which has
been corrected.
* "git repack --path-walk" lost objects in some corner cases, which
has been corrected.
cf. <CABPp-BHFxxGrqKc0m==TjQNjDGdO=H5Rf6EFsf2nfE1=TuraOQ@mail.gmail.com>
* Fixes multiple crashes around midx write-out codepaths.
* A broken or malicious "git fetch" can say that it has the same
object for many many times, and the upload-pack serving it can
exhaust memory storing them redundantly, which has been corrected.
* A corner case bug in "git log -L..." has been corrected.
* Some among "git add -p" and friends ignored color.diff and/or
color.ui configuration variables, which is an old regression, which
has been corrected.
* "git rebase -i" failed to clean-up the commit log message when the
command commits the final one in a chain of "fixup" commands, which
has been corrected.
* Deal more gracefully with directory / file conflicts when the files
backend is used for ref storage, by failing only the ones that are
involved in the conflict while allowing others.
-------------------------------------------------------------------
Wed Aug 20 14:22:54 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Use zlib instead of zlib-ng for SLES16
-------------------------------------------------------------------
Mon Aug 18 18:38:01 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.51.0
- UI, Workflows & Features
- Userdiff patterns for the R language have been added.
- Documentation for "git send-email" has been updated with a
bit more credential helper and OAuth information.
- "git cat-file --batch" learns to understand %(objectmode)
atom to allow the caller to tell missing objects (due to
repository corruption) and submodules (whose commit objects
are OK to be missing) apart.
- "git diff --no-index dirA dirB" can limit the comparison with
pathspec at the end of the command line, just like normal
"git diff".
- "git subtree" (in contrib/) learned to grok GPG signing its
commits.
- "git whatchanged" that is longer to type than "git log --raw"
which is its modern rough equivalent has outlived its
usefulness more than 10 years ago. Plan to deprecate and
remove it.
- An interchange format for stash entries is defined, and
subcommand of "git stash" to import/export has been added.
- "git merge/pull" has been taught the "--compact-summary"
option to use the compact-summary format, intead of diffstat,
when showing the summary of the incoming changes.
- "git imap-send" has been broken for a long time, which has
been resurrected and then taught to talk OAuth2.0 etc.
- Some error messages from "git imap-send" has been updated.
- When "git daemon" sees a signal while attempting to accept()
a new client, instead of retrying, it skipped it by mistake,
which has been corrected.
- The reftable ref backend has matured enough; Git 3.0 will
make it the default format in a newly created repositories by
default.
- "netrc" credential helper has been improved to understand
textual service names (like smtp) in addition to the numeric
port numbers (like 25).
- Lift the limitation to use changed-path filter in "git log"
so that it can be used for a pathspec with multiple literal
paths.
- Clean up the way how signature on commit objects are exported
to and imported from fast-import stream.
- Remove unsupported, unused, and unsupportable old option from
"git log".
- Document recently added "git imap-send --list" with an
example.
- "git pull" learned to pay attention to pull.autostash
configuration variable, which overrides
rebase/merge.autostash.
- "git for-each-ref" learns "--start-after" option to help
applications that want to page its output.
- "git switch" and "git restore" are declared to be no longer
experimental.
- "git -c alias.foo=bar foo -h baz" reported "'foo' is aliased
to 'bar'" and then went on to run "git foo -h baz", which was
unexpected. Tighten the rule so that alias expansion is
reported only when "-h" is the sole option.
- Performance, Internal Implementation, Development Support etc.
- "git pack-objects" learned to find delta bases from blobs at
the same path, using the --path-walk API.
- CodingGuidelines update.
- Add settings for Solaris 10 & 11.
- Meson-based build/test framework now understands TAP output
generated by our tests.
- "Do not explicitly initialize to zero" rule has been
clarified in the CodingGuidelines document.
- A test helper "test_seq" function learned the "-f <fmt>"
option, which allowed us to simplify a lot of test scripts.
- A lot of stale stuff has been removed from the contrib/
hierarchy.
- "git push" and "git fetch" are taught to update refs in
batches to gain performance.
- Some code paths in "git prune" used to ignore the passed-in
repository object and used the `the_repository` singleton
instance instead, which has been corrected.
- Update ".clang-format" and ".editorconfig" to match our style
guide a bit better.
- "make coccicheck" succeeds even when spatch made suggestions,
which has been updated to fail in such a case.
- Code clean-up around object access API.
- Define .precision to more canned parse-options type to avoid
bugs coming from using a variable with a wrong type to
capture the parsed values.
- Flipping the default hash function to SHA-256 at Git 3.0
boundary is planned.
- Declare weather-balloon we raised for "bool" type 18 months
ago a success and officially allow using the type in our
codebase.
- GIT_TEST_INSTALLED was not honored in the recent topic
related to SHA256 hashes, which has been corrected.
- The pop_most_recent_commit() function can have quite
expensive worst case performance characteristics, which has
been optimized by using prio-queue data structure.
- Move structure definition from unrelated header file to where
it belongs.
- To help our developers, document what C99 language features
are being considered for adoption, in addition to what past
experiments have already decided.
- The reftable unit tests are now ported to the "clar" unit
testing framework.
- Redefine where the multi-pack-index sits in the object
subsystem, which recently was restructured to allow multiple
backends that support a single object source that belongs to
one repository. A MIDX does span multiple "object sources".
- Reduce implicit assumption and dependence on the_repository
in the object-file subsystem.
- Fixes since v2.50 Unless otherwise noted, all the changes in
2.50.X maintenance track, including security updates, are
included in this release.
- A memory-leak in an error code path has been plugged. (merge
7082da85cb ly/commit-graph-graph-write-leakfix later to
maint).
- A memory-leak in an error code path has been plugged. (merge
aedebdb6b9 ly/fetch-pack-leakfix later to maint).
- Some leftover references to documentation source files that
no longer exist, due to recent ".txt" -> ".adoc" renaming,
have been corrected. (merge 3717a5775a
jw/doc-txt-to-adoc-refs later to maint).
- "git stash -p <pathspec>" improvements. (merge 468817bab2
pw/stash-p-pathspec-fixes later to maint).
- "git send-email" incremented its internal message counter
when a message was edited, which made logic that treats the
first message specially misbehave, which has been corrected.
(merge 2cc27b3501 ag/send-email-edit-threading-fix later to
maint).
- "git stash" recorded a wrong branch name when submodules are
present in the current checkout, which has been corrected.
(merge ffb36c64f2 kj/stash-onbranch-submodule-fix later to
maint).
- When asking to apply mailmap to both author and committer
field while showing a commit object, the field that appears
later was not correctly parsed and replaced, which has been
corrected. (merge abf94a283f sa/multi-mailmap-fix later to
maint).
- "git maintenance" lacked the care "git gc" had to avoid
holding onto the repository lock for too long during packing
refs, which has been remedied. (merge 1b5074e614
ps/maintenance-ref-lock later to maint).
- Avoid regexp_constraint and instead use comparison_constraint
when listing functions to exclude from application of
coccinelle rules, as spatch can be built with different
regexp engine X-<. (merge f2ad545813
jc/cocci-avoid-regexp-constraint later to maint).
- Updating submodules from the upstream did not work well when
submodule's HEAD is detached, which has been improved. (merge
ca62f524c1 jk/submodule-remote-lookup-cleanup later to
maint).
- Remove unnecessary check from "git daemon" code. (merge
0c856224d2 cb/daemon-fd-check-fix later to maint).
- Use of sysctl() system call to learn the total RAM size used
on BSDs has been corrected. (merge 781c1cf571
cb/total-ram-bsd-fix later to maint).
- Drop FreeBSD 4 support and declare that we support only
FreeBSD 12 or later, which has memmem() supported. (merge
0392f976a7 bs/config-mak-freebsd later to maint).
- A diff-filter with negative-only specification like "git log
--diff-filter=d" did not trigger correctly, which has been
fixed. (merge 375ac087c5 jk/all-negative-diff-filter-fix
later to maint).
- A failure to open the index file for writing due to
conflicting access did not state what went wrong, which has
been corrected. (merge 9455397a5c
hy/read-cache-lock-error-fix later to maint).
- Tempfile removal fix in the codepath to sign commits with SSH
keys. (merge 4498127b04 re/ssh-sign-buffer-fix later to
maint).
- Code and test clean-up around string-list API. (merge
6e5b26c3ff sj/string-list later to maint).
- "git apply -N" should start from the current index and
register only new files, but it instead started from an empty
index, which has been corrected. (merge 2b49d97fcb
rp/apply-intent-to-add-fix later to maint).
- Leakfix with a new and a bit invasive test on pack-bitmap
files. (merge bfd5522e98 ly/load-bitmap-leakfix later to
maint).
- "git fetch --prune" used to be O(n^2) expensive when there
are many refs, which has been corrected. (merge 87d8d8c5d0
ph/fetch-prune-optim later to maint).
- When a ref creation at refs/heads/foo/bar fails, the files
backend now removes refs/heads/foo/ if the directory is
otherwise not used. (merge a3a7f20516
ps/refs-files-remove-empty-parent later to maint).
- "pack-objects" has been taught to avoid pointing into objects
in cruft packs from midx.
- "git remote" now detects remote names that overlap with each
other (e.g., remote nickname "outer" and "outer/inner" are
used at the same time), as it will lead to overlapping
remote-tracking branches. (merge a5a727c448
jk/remote-avoid-overlapping-names later to maint).
- The gpg.program configuration variable, which names a
pathname to the (custom) GPG compatible program, can now be
spelled with ~tilde expansion. (merge 7d275cd5c0
jb/gpg-program-variable-is-a-pathname later to maint).
- Our <sane-ctype.h> header file relied on that the
system-supplied <ctype.h> header is not later included, which
would override our macro definitions, but "amazon linux"
broke this assumption. Fix this by preemptively including
<ctype.h> near the beginning of <sane-ctype.h> ourselves.
(merge 9d3b33125f ps/sane-ctype-workaround later to maint).
- Clean-up compat/bswap.h mess. (merge f4ac32c03a
ss/compat-bswap-revamp later to maint).
- Meson-based build did not handle libexecdir setting
correctly, which has been corrected. (merge 056dbe8612
rj/meson-libexecdir-fix later to maint).
- Document that we do not require "real" name when signing your
patches off. (merge 1f0fed312a
bc/contribution-under-non-real-names later to maint).
- "git commit" that concludes a conflicted merge failed to
notice and remove existing comment added automatically (like
"# Conflicts:") when the core.commentstring is set to 'auto'.
(merge 92b7c7c9f5 ac/auto-comment-char-fix later to maint).
- "git rebase -i" with bogus rebase.instructionFormat
configuration failed to produce the todo file after recording
the state files, leading to confused "git status"; this has
been corrected. (merge ade14bffd7
ow/rebase-verify-insn-fmt-before-initializing-state later to
maint).
- A few file descriptors left unclosed upon program completion
in a few test helper programs are now closed. (merge
0f1b33815b hl/test-helper-fd-close later to maint).
- Interactive prompt code did not correctly strip CRLF from the
end of line on Windows. (merge 711a20827b js/prompt-crlf-fix
later to maint).
- The config API had a set of convenience wrapper functions
that implicitly use the_repository instance; they have been
removed and inlined at the calling sites.
- "git add/etc -p" now honor the diff.context configuration
variable, and also they learn to honor the -U<n> command-line
option. (merge 2b3ae04011 lm/add-p-context later to maint).
- The case where a new submodule takes a path where there used
to be a completely different subproject is now dealt with a
bit better than before. (merge 5ed8c5b465
kj/renamed-submodule later to maint).
- The deflate codepath in "git archive --format=zip" had a
longstanding bug coming from misuse of zlib API, which has
been corrected.
- drop patches included in update:
0001-git-gui-Replace-null_sha1-with-nullid.patch
0001-gitk-Add-support-of-SHA256-repo.patch
0002-git-gui-Add-support-of-SHA256-repo.patch
- refreshed patches:
CVE-2024-24577.patch
completion-wordbreaks.diff
git-tcsh-completion-fixes.diff
setup-don-t-fail-if-commondir-reference-is-deleted.patch
- contrib/workdir is dropped. remove references for it.
-------------------------------------------------------------------
Tue Jul 15 13:20:32 UTC 2025 - Takashi Iwai <tiwai@suse.com>
- update git-gui sha256 patches after the upstream review:
0001-git-gui-Replace-null_sha1-with-nullid.patch
0002-git-gui-Add-support-of-SHA256-repo.patch
-------------------------------------------------------------------
Wed Jul 9 11:01:47 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- refreshed gitk sha256 patches:
0001-gitk-Add-support-of-SHA256-repo.patch
0002-git-gui-Add-support-of-SHA256-repo.patch
-------------------------------------------------------------------
Wed Jul 9 10:48:56 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- update to 2.50.1 (boo#1245938 boo#1245939 boo#1245942 boo#1245943
boo#1245946 boo#1245947)
Security fixes for CVE-2025-27613, CVE-2025-27614,
CVE-2025-46334, CVE-2025-46835, CVE-2025-48384, CVE-2025-48385,
and CVE-2025-48386
CVE-2025-27613, Gitk:
When a user clones an untrusted repository and runs Gitk without
additional command arguments, any writable file can be created and
truncated. The option "Support per-file encoding" must have been
enabled. The operation "Show origin of this line" is affected as
well, regardless of the option being enabled or not.
CVE-2025-27614, Gitk:
A Git repository can be crafted in such a way that a user who has
cloned the repository can be tricked into running any script
supplied by the attacker by invoking `gitk filename`, where
`filename` has a particular structure.
CVE-2025-46334, Git GUI (Windows only):
A malicious repository can ship versions of sh.exe or typical
textconv filter programs such as astextplain. On Windows, path
lookup can find such executables in the worktree. These programs
are invoked when the user selects "Git Bash" or "Browse Files" from
the menu.
CVE-2025-46835, Git GUI:
When a user clones an untrusted repository and is tricked into
editing a file located in a maliciously named directory in the
repository, then Git GUI can create and overwrite any writable
file.
CVE-2025-48384, Git:
When reading a config value, Git strips any trailing carriage
return and line feed (CRLF). When writing a config entry, values
with a trailing CR are not quoted, causing the CR to be lost when
the config is later read. When initializing a submodule, if the
submodule path contains a trailing CR, the altered path is read
resulting in the submodule being checked out to an incorrect
location. If a symlink exists that points the altered path to the
submodule hooks directory, and the submodule contains an executable
post-checkout hook, the script may be unintentionally executed
after checkout.
CVE-2025-48385, Git:
When cloning a repository Git knows to optionally fetch a bundle
advertised by the remote server, which allows the server-side to
offload parts of the clone to a CDN. The Git client does not
perform sufficient validation of the advertised bundles, which
allows the remote side to perform protocol injection.
This protocol injection can cause the client to write the fetched
bundle to a location controlled by the adversary. The fetched
content is fully controlled by the server, which can in the worst
case lead to arbitrary code execution.
CVE-2025-48386, Git:
The wincred credential helper uses a static buffer (`target`) as a
unique key for storing and comparing against internal storage. This
credential helper does not properly bounds check the available
space remaining in the buffer before appending to it with
`wcsncat()`, leading to potential buffer overflows.
-------------------------------------------------------------------
Thu Jun 26 15:32:00 UTC 2025 - Takashi Iwai <tiwai@suse.com>
- Fix git-gui citool SHA256 repo handling:
refreshed 0002-git-gui-Add-support-of-SHA256-repo.patch
-------------------------------------------------------------------
Tue Jun 17 17:55:40 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- update to 2.50.0
https://about.gitlab.com/blog/what-s-new-in-git-2-50-0/
https://raw.githubusercontent.com/git/git/refs/tags/v2.50.0/Documentation/RelNotes/2.50.0.adoc
-------------------------------------------------------------------
Fri Jun 13 15:50:22 UTC 2025 - Takashi Iwai <tiwai@suse.com>
- Refresh gitk SHA256 patch and add SHA256 support to git-gui (bsc#1239989):
0001-gitk-Add-support-of-SHA256-repo.patch
0002-git-gui-Add-support-of-SHA256-repo.patch
The previous patches are dropped:
0001-gitk-Add-a-basic-support-of-SHA256-repositories-into.patch
0002-gitk-Add-auto-select-length-preference-for-SHA256.patch
-------------------------------------------------------------------
Mon Mar 24 14:04:56 UTC 2025 - Takashi Iwai <tiwai@suse.com>
- Add support of SHA256 git repo for gitk (bsc#1239989):
0001-gitk-Add-a-basic-support-of-SHA256-repositories-into.patch
0002-gitk-Add-auto-select-length-preference-for-SHA256.patch
-------------------------------------------------------------------
Fri Mar 14 23:43:43 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- update to 2.49.0
https://about.gitlab.com/blog/2025/03/14/whats-new-in-git-2-49-0/
https://raw.githubusercontent.com/git/git/refs/tags/v2.49.0/Documentation/RelNotes/2.49.0.adoc
- switch to zlib-ng for code 16
- docs switched to asciidoc
-------------------------------------------------------------------
Tue Jan 14 21:45:04 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 2.48.1: (boo#1235600 boo#1235601)
* CVE-2024-50349, CVE-2024-52006:
refuse to accept URLs that contain control sequences
-------------------------------------------------------------------
Mon Jan 13 20:00:00 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 2.48.0
* Reference consistency checks: git refs verify
* Reflogs can now be migrated with git refs migrate
* git is free of memory leaks as covered by the test suite
* Performance improvements
* Other improvements, UI changes, options extensions and largely
compatible behavior changes as listed in
https://raw.githubusercontent.com/git/git/refs/tags/v2.48.0/Documentation/RelNotes/2.48.0.txt
-------------------------------------------------------------------
Mon Nov 25 10:58:31 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 2.47.1:
* Use after free and double freeing at the end in
"git log -L... -p" had been identified and fixed.
* "git maintenance start" crashed due to an uninitialized
variable reference, which has been corrected.
* Fail gracefully instead of crashing when attempting to write
the contents of a corrupt in-core index as a tree object.
* A "git fetch" from the superproject going down to a submodule
used a wrong remote when the default remote names are set
differently between them.
* The "gitk" project tree has been synchronized again
-------------------------------------------------------------------
Wed Oct 9 10:34:12 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 2.47.0:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.txt
* Many Porcelain commands that internally use the merge machinery
were taught to consistently honor the diff.algorithm
configuration.
* A few descriptions in "git show-ref -h" have been clarified.
* A 'P' command to "git add -p" that passes the patch hunk to the
pager has been added.
* "git grep -W" omits blank lines that follow the found function at
the end of the file, just like it omits blank lines before the next
function.
* The value of http.proxy can have "path" at the end for a socks
proxy that listens to a unix-domain socket, but we started to
discard it when we taught proxy auth code path to use the
credential helpers, which has been corrected.
* The code paths to compact multiple reftable files have been updated
to correctly deal with multiple compaction triggering at the same
time.
* Support to specify ref backend for submodules has been enhanced.
* "git svn" has been taught about svn:global-ignores property
recent versions of Subversion has.
* The default object hash and ref backend format used to be settable
only with explicit command line option to "git init" and
environment variables, but now they can be configured in the user's
global and system wide configuration.
* "git send-email" learned "--translate-aliases" option that reads
addresses from the standard input and emits the result of applying
aliases on them to the standard output.
* 'git for-each-ref' learned a new "--format" atom to find the branch
that the history leading to a given commit "%(is-base:<commit>)" is
likely based on.
* The command line prompt support used to be littered with bash-isms,
which has been corrected to work with more shells.
* Support for the RUNTIME_PREFIX feature has been added to z/OS port.
* "git send-email" learned "--mailmap" option to allow rewriting the
recipient addresses.
* "git mergetool" learned to use VSCode as a merge backend.
* "git pack-redundant" has been marked for removal in Git 3.0.
* One-line messages to "die" and other helper functions will get LF
added by these helper functions, but many existing messages had an
unnecessary LF at the end, which have been corrected.
* The "scalar clone" command learned the "--no-tags" option.
* The environment GIT_ADVICE has been intentionally kept undocumented
to discourage its use by interactive users. Add documentation to
help tool writers.
* "git apply --3way" learned to take "--ours" and other options.
-------------------------------------------------------------------
Mon Oct 7 12:01:19 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
- Update to version 2.46.2:
* Revert the "git patch-id" change that went into 2.46.1,
as it seems to have got a regression reported (I haven't verified,
but it is better to keep a known breakage than adding an unintended
regression).
* In a few corner cases "git diff --exit-code" failed to report
"changes" (e.g., renamed without any content change), which has
been corrected.
* The interpret-trailers command failed to recognise the end of the
message when the commit log ends in an incomplete line.
- Add CVE-2024-50349-1.patch, CVE-2024-50349-2.patch
* CVE-2024-50349: passwords for trusted sites could be sent to untrusted
sites (bsc#1235600)
- Add CVE-2024-52006.patch
* CVE-2024-52006: Carriage Returns via the credential protocol to credential
helpers (bsc#1235601)
-------------------------------------------------------------------
Fri Sep 20 08:18:30 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

26
git.spec
View File

@@ -1,8 +1,8 @@
#
# spec file for package git
#
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2025 Andreas Stieger <Andreas.Stieger@gmx.de>
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -43,7 +43,7 @@
%bcond_with asciidoctor
%endif
Name: git
Version: 2.52.0
Version: 2.46.1
Release: 0
Summary: Fast, scalable, distributed revision control system
License: GPL-2.0-only
@@ -70,6 +70,13 @@ Patch8: git-asciidoc.patch
Patch10: setup-don-t-fail-if-commondir-reference-is-deleted.patch
# PATCH-FIX-OPENSUSE CVE-2024-24577.patch boo#1219660 antonio.teixeira@suse.com
Patch11: CVE-2024-24577.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1235600
# passwords for trusted sites could be sent to untrusted sites
Patch12: CVE-2024-50349-1.patch
Patch13: CVE-2024-50349-2.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1235601
# Carriage Returns via the credential protocol to credential helpers
Patch14: CVE-2024-52006.patch
BuildRequires: fdupes
BuildRequires: gpg2
BuildRequires: libcurl-devel
@@ -86,11 +93,7 @@ BuildRequires: systemd-rpm-macros
BuildRequires: tcsh
BuildRequires: update-desktop-files
BuildRequires: xz
%if 0%{?suse_version} > 1600
BuildRequires: pkgconfig(zlib-ng)
%else
BuildRequires: pkgconfig(zlib)
%endif
Requires: git-core = %{version}
Requires: perl-Git = %{version}
Recommends: git-email
@@ -411,6 +414,8 @@ install -m 644 %{SOURCE12} %{buildroot}/%{_sysconfdir}/bash_completion.d/git-pro
%if %{with git_libsecret}
install -m 755 -D contrib/credential/libsecret/git-credential-libsecret %{buildroot}/%{gitexecdir}/git-credential-libsecret
%endif
# contrib/workdir
install -m 755 -D contrib/workdir/git-new-workdir %{buildroot}/%{_bindir}
# process tcsh completion
(cd contrib/completion
mkdir -p %{buildroot}%{_datadir}/tcsh
@@ -436,9 +441,9 @@ if ! test -f %{buildroot}%{gitexecdir}/git-add; then
fi
mkdir -p "%{buildroot}/%{_docdir}/git" "%{buildroot}/%{_docdir}/git/howto" "%{buildroot}/%{_docdir}/git/technical"
cp -a README.md Documentation/*.adoc "%{buildroot}/%{_docdir}/git/"
cp -a Documentation/howto/*.adoc "%{buildroot}/%{_docdir}/git/howto/"
cp -a Documentation/technical/*.adoc "%{buildroot}/%{_docdir}/git/technical/"
cp -a README.md Documentation/*.txt "%{buildroot}/%{_docdir}/git/"
cp -a Documentation/howto/*.txt "%{buildroot}/%{_docdir}/git/howto/"
cp -a Documentation/technical/*.txt "%{buildroot}/%{_docdir}/git/technical/"
%{!?_without_docs: cp -a Documentation/*.html "%{buildroot}/%{_docdir}/git/"}
%{!?_without_docs: cp -a Documentation/howto/*.html "%{buildroot}/%{_docdir}/git/howto/"}
%{!?_without_docs: cp -a Documentation/technical/*.html "%{buildroot}/%{_docdir}/git/technical/"}
@@ -572,6 +577,7 @@ fi
%dir %{gitexecdir}
%dir %{gitexecdir}/mergetools
%{gitexecdir}/mergetools/guiffy
%{_bindir}/git-new-workdir
%{_datadir}/bash-completion/completions/*
%{_sysconfdir}/bash_completion.d/git-prompt
%{_datadir}/tcsh

10
setup-don-t-fail-if-commondir-reference-is-deleted.patch
View File

@@ -28,11 +28,11 @@ v3:
setup.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
Index: git/setup.c
Index: git-2.43.1/setup.c
===================================================================
--- git.orig/setup.c
+++ git/setup.c
@@ -327,12 +327,20 @@ int get_common_dir_noenv(struct strbuf *
--- git-2.43.1.orig/setup.c
+++ git-2.43.1/setup.c
@@ -316,12 +316,20 @@ int get_common_dir_noenv(struct strbuf *
{
struct strbuf data = STRBUF_INIT;
struct strbuf path = STRBUF_INIT;
@@ -56,7 +56,7 @@ Index: git/setup.c
while (data.len && (data.buf[data.len - 1] == '\n' ||
data.buf[data.len - 1] == '\r'))
data.len--;
@@ -343,8 +351,6 @@ int get_common_dir_noenv(struct strbuf *
@@ -332,8 +340,6 @@ int get_common_dir_noenv(struct strbuf *
strbuf_addbuf(&path, &data);
strbuf_add_real_path(sb, path.buf);
ret = 1;