diff --git a/git-2.49-sanitize-sideband-channel-messages.patch b/git-2.49-sanitize-sideband-channel-messages.patch deleted file mode 100644 index f3be95a..0000000 --- a/git-2.49-sanitize-sideband-channel-messages.patch +++ /dev/null @@ -1,471 +0,0 @@ -From 328ff864183cdd0a4b779b5b88a3271b39a1b1a2 Mon Sep 17 00:00:00 2001 -From: Johannes Schindelin -Date: Wed, 6 Nov 2024 20:34:50 +0100 -Subject: [PATCH 1/4] sideband: mask control characters - -The output of `git clone` is a vital component for understanding what -has happened when things go wrong. However, these logs are partially -under the control of the remote server (via the "sideband", which -typically contains what the remote `git pack-objects` process sends to -`stderr`), and is currently not sanitized by Git. - -This makes Git susceptible to ANSI escape sequence injection (see -CWE-150, https://cwe.mitre.org/data/definitions/150.html), which allows -attackers to corrupt terminal state, to hide information, and even to -insert characters into the input buffer (i.e. as if the user had typed -those characters). - -To plug this vulnerability, disallow any control character in the -sideband, replacing them instead with the common `^` -(e.g. `^[` for `\x1b`, `^A` for `\x01`). - -There is likely a need for more fine-grained controls instead of using a -"heavy hammer" like this, which will be introduced subsequently. - -Signed-off-by: Johannes Schindelin ---- - sideband.c | 17 +++++++++++++++-- - t/t5409-colorize-remote-messages.sh | 12 ++++++++++++ - 2 files changed, 27 insertions(+), 2 deletions(-) - -diff --git a/sideband.c b/sideband.c -index 251e9615ed..81b1ff0805 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -66,6 +66,19 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref - list_config_item(list, prefix, keywords[i].keyword); - } - -+static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) -+{ -+ strbuf_grow(dest, n); -+ for (; n && *src; src++, n--) { -+ if (!iscntrl(*src) || *src == '\t' || *src == '\n') -+ strbuf_addch(dest, *src); -+ else { -+ strbuf_addch(dest, '^'); -+ strbuf_addch(dest, 0x40 + *src); -+ } -+ } -+} -+ - /* - * Optionally highlight one keyword in remote output if it appears at the start - * of the line. This should be called for a single line only, which is -@@ -81,7 +94,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) - int i; - - if (!want_color_stderr(use_sideband_colors())) { -- strbuf_add(dest, src, n); -+ strbuf_add_sanitized(dest, src, n); - return; - } - -@@ -114,7 +127,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) - } - } - -- strbuf_add(dest, src, n); -+ strbuf_add_sanitized(dest, src, n); - } - - -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index fa5de4500a..d0745c391b 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -98,4 +98,16 @@ test_expect_success 'fallback to color.ui' ' - grep "error: error" decoded - ' - -+test_expect_success 'disallow (color) control sequences in sideband' ' -+ write_script .git/color-me-surprised <<-\EOF && -+ printf "error: Have you \\033[31mread\\033[m this?\\n" >&2 -+ exec "$@" -+ EOF -+ test_config_global uploadPack.packObjectshook ./color-me-surprised && -+ test_commit need-at-least-one-commit && -+ git clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep ! RED decoded -+' -+ - test_done --- -2.49.0 - - -From ab2eb6c0043c643935ea0fbdaed68e15bc831b11 Mon Sep 17 00:00:00 2001 -From: Johannes Schindelin -Date: Wed, 6 Nov 2024 21:07:51 +0100 -Subject: [PATCH 2/4] sideband: introduce an "escape hatch" to allow control - characters - -The preceding commit fixed the vulnerability whereas sideband messages -(that are under the control of the remote server) could contain ANSI -escape sequences that would be sent to the terminal verbatim. - -However, this fix may not be desirable under all circumstances, e.g. -when remote servers deliberately add coloring to their messages to -increase their urgency. - -To help with those use cases, give users a way to opt-out of the -protections: `sideband.allowControlCharacters`. - -Signed-off-by: Johannes Schindelin ---- - Documentation/config.adoc | 2 ++ - Documentation/config/sideband.adoc | 5 +++++ - sideband.c | 10 ++++++++++ - t/t5409-colorize-remote-messages.sh | 8 +++++++- - 4 files changed, 24 insertions(+), 1 deletion(-) - create mode 100644 Documentation/config/sideband.adoc - -diff --git a/Documentation/config.adoc b/Documentation/config.adoc -index cc769251be..a8b04c4e51 100644 ---- a/Documentation/config.adoc -+++ b/Documentation/config.adoc -@@ -522,6 +522,8 @@ include::config/sequencer.adoc[] - - include::config/showbranch.adoc[] - -+include::config/sideband.adoc[] -+ - include::config/sparse.adoc[] - - include::config/splitindex.adoc[] -diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc -new file mode 100644 -index 0000000000..3fb5045cd7 ---- /dev/null -+++ b/Documentation/config/sideband.adoc -@@ -0,0 +1,5 @@ -+sideband.allowControlCharacters:: -+ By default, control characters that are delivered via the sideband -+ are masked, to prevent potentially unwanted ANSI escape sequences -+ from being sent to the terminal. Use this config setting to override -+ this behavior. -diff --git a/sideband.c b/sideband.c -index 81b1ff0805..d1c326fa19 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -26,6 +26,8 @@ static struct keyword_entry keywords[] = { - { "error", GIT_COLOR_BOLD_RED }, - }; - -+static int allow_control_characters; -+ - /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static int use_sideband_colors(void) - { -@@ -39,6 +41,9 @@ static int use_sideband_colors(void) - if (use_sideband_colors_cached >= 0) - return use_sideband_colors_cached; - -+ git_config_get_bool("sideband.allowcontrolcharacters", -+ &allow_control_characters); -+ - if (!git_config_get_string_tmp(key, &value)) - use_sideband_colors_cached = git_config_colorbool(key, value); - else if (!git_config_get_string_tmp("color.ui", &value)) -@@ -68,6 +73,11 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref - - static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) - { -+ if (allow_control_characters) { -+ strbuf_add(dest, src, n); -+ return; -+ } -+ - strbuf_grow(dest, n); - for (; n && *src; src++, n--) { - if (!iscntrl(*src) || *src == '\t' || *src == '\n') -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index d0745c391b..fb31e85254 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -105,9 +105,15 @@ test_expect_success 'disallow (color) control sequences in sideband' ' - EOF - test_config_global uploadPack.packObjectshook ./color-me-surprised && - test_commit need-at-least-one-commit && -+ - git clone --no-local . throw-away 2>stderr && - test_decode_color decoded && -- test_grep ! RED decoded -+ test_grep ! RED decoded && -+ -+ rm -rf throw-away && -+ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep RED decoded - ' - - test_done --- -2.49.0 - - -From a369672c2e6974590ad0561854318a4f255e6893 Mon Sep 17 00:00:00 2001 -From: Johannes Schindelin -Date: Mon, 18 Nov 2024 21:42:57 +0100 -Subject: [PATCH 3/4] sideband: do allow ANSI color sequences by default - -The preceding two commits introduced special handling of the sideband -channel to neutralize ANSI escape sequences before sending the payload -to the terminal, and `sideband.allowControlCharacters` to override that -behavior. - -However, some `pre-receive` hooks that are actively used in practice -want to color their messages and therefore rely on the fact that Git -passes them through to the terminal. - -In contrast to other ANSI escape sequences, it is highly unlikely that -coloring sequences can be essential tools in attack vectors that mislead -Git users e.g. by hiding crucial information. - -Therefore we can have both: Continue to allow ANSI coloring sequences to -be passed to the terminal, and neutralize all other ANSI escape -sequences. - -Signed-off-by: Johannes Schindelin ---- - Documentation/config/sideband.adoc | 17 ++++++-- - sideband.c | 61 ++++++++++++++++++++++++++--- - t/t5409-colorize-remote-messages.sh | 16 +++++++- - 3 files changed, 84 insertions(+), 10 deletions(-) - -diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc -index 3fb5045cd7..f347fd6b33 100644 ---- a/Documentation/config/sideband.adoc -+++ b/Documentation/config/sideband.adoc -@@ -1,5 +1,16 @@ - sideband.allowControlCharacters:: - By default, control characters that are delivered via the sideband -- are masked, to prevent potentially unwanted ANSI escape sequences -- from being sent to the terminal. Use this config setting to override -- this behavior. -+ are masked, except ANSI color sequences. This prevents potentially -+ unwanted ANSI escape sequences from being sent to the terminal. Use -+ this config setting to override this behavior: -++ -+-- -+ color:: -+ Allow ANSI color sequences, line feeds and horizontal tabs, -+ but mask all other control characters. This is the default. -+ false:: -+ Mask all control characters other than line feeds and -+ horizontal tabs. -+ true:: -+ Allow all control characters to be sent to the terminal. -+-- -diff --git a/sideband.c b/sideband.c -index d1c326fa19..9084ca234d 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -26,7 +26,11 @@ static struct keyword_entry keywords[] = { - { "error", GIT_COLOR_BOLD_RED }, - }; - --static int allow_control_characters; -+static enum { -+ ALLOW_NO_CONTROL_CHARACTERS = 0, -+ ALLOW_ALL_CONTROL_CHARACTERS = 1, -+ ALLOW_ANSI_COLOR_SEQUENCES = 2 -+} allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; - - /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static int use_sideband_colors(void) -@@ -41,8 +45,24 @@ static int use_sideband_colors(void) - if (use_sideband_colors_cached >= 0) - return use_sideband_colors_cached; - -- git_config_get_bool("sideband.allowcontrolcharacters", -- &allow_control_characters); -+ switch (git_config_get_maybe_bool("sideband.allowcontrolcharacters", &i)) { -+ case 0: /* Boolean value */ -+ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : -+ ALLOW_NO_CONTROL_CHARACTERS; -+ break; -+ case -1: /* non-Boolean value */ -+ if (git_config_get_string_tmp("sideband.allowcontrolcharacters", -+ &value)) -+ ; /* huh? `get_maybe_bool()` returned -1 */ -+ else if (!strcmp(value, "color")) -+ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; -+ else -+ warning(_("unrecognized value for `sideband." -+ "allowControlCharacters`: '%s'"), value); -+ break; -+ default: -+ break; /* not configured */ -+ } - - if (!git_config_get_string_tmp(key, &value)) - use_sideband_colors_cached = git_config_colorbool(key, value); -@@ -71,9 +91,37 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref - list_config_item(list, prefix, keywords[i].keyword); - } - -+static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) -+{ -+ int i; -+ -+ /* -+ * Valid ANSI color sequences are of the form -+ * -+ * ESC [ [ [; ]*] m -+ */ -+ -+ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || -+ n < 3 || src[0] != '\x1b' || src[1] != '[') -+ return 0; -+ -+ for (i = 2; i < n; i++) { -+ if (src[i] == 'm') { -+ strbuf_add(dest, src, i + 1); -+ return i; -+ } -+ if (!isdigit(src[i]) && src[i] != ';') -+ break; -+ } -+ -+ return 0; -+} -+ - static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) - { -- if (allow_control_characters) { -+ int i; -+ -+ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { - strbuf_add(dest, src, n); - return; - } -@@ -82,7 +130,10 @@ static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) - for (; n && *src; src++, n--) { - if (!iscntrl(*src) || *src == '\t' || *src == '\n') - strbuf_addch(dest, *src); -- else { -+ else if ((i = handle_ansi_color_sequence(dest, src, n))) { -+ src += i; -+ n -= i; -+ } else { - strbuf_addch(dest, '^'); - strbuf_addch(dest, 0x40 + *src); - } -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index fb31e85254..a755c49a74 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -100,7 +100,7 @@ test_expect_success 'fallback to color.ui' ' - - test_expect_success 'disallow (color) control sequences in sideband' ' - write_script .git/color-me-surprised <<-\EOF && -- printf "error: Have you \\033[31mread\\033[m this?\\n" >&2 -+ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 - exec "$@" - EOF - test_config_global uploadPack.packObjectshook ./color-me-surprised && -@@ -108,12 +108,24 @@ test_expect_success 'disallow (color) control sequences in sideband' ' - - git clone --no-local . throw-away 2>stderr && - test_decode_color decoded && -+ test_grep RED decoded && -+ test_grep "\\^G" stderr && -+ tr -dc "\\007" actual && -+ test_must_be_empty actual && -+ -+ rm -rf throw-away && -+ git -c sideband.allowControlCharacters=false \ -+ clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && - test_grep ! RED decoded && -+ test_grep "\\^G" stderr && - - rm -rf throw-away && - git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && - test_decode_color decoded && -- test_grep RED decoded -+ test_grep RED decoded && -+ tr -dc "\\007" actual && -+ test_file_not_empty actual - ' - - test_done --- -2.49.0 - - -From b15d2255ed98eb6f75608c2f99f4ea3284ad250e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= -Date: Mon, 24 Mar 2025 10:51:39 +0100 -Subject: [PATCH 4/4] sideband: default to allowControlCharacters=true -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We don't want to change the default Git behaviour, just add the option -to filter control characters. - -Signed-off-by: Ondřej Pohořelský ---- - Documentation/config/sideband.adoc | 8 ++++---- - sideband.c | 2 +- - t/t5409-colorize-remote-messages.sh | 3 ++- - 3 files changed, 7 insertions(+), 6 deletions(-) - -diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc -index f347fd6b33..a809e2de89 100644 ---- a/Documentation/config/sideband.adoc -+++ b/Documentation/config/sideband.adoc -@@ -1,16 +1,16 @@ - sideband.allowControlCharacters:: - By default, control characters that are delivered via the sideband -- are masked, except ANSI color sequences. This prevents potentially -- unwanted ANSI escape sequences from being sent to the terminal. Use -- this config setting to override this behavior: -+ are NOT masked. Use this config setting to prevent potentially -+ unwanted ANSI escape sequences from being sent to the terminal: - + - -- - color:: - Allow ANSI color sequences, line feeds and horizontal tabs, -- but mask all other control characters. This is the default. -+ but mask all other control characters. - false:: - Mask all control characters other than line feeds and - horizontal tabs. - true:: - Allow all control characters to be sent to the terminal. -+ This is the default. - -- -diff --git a/sideband.c b/sideband.c -index 9084ca234d..456cd3d8bc 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -30,7 +30,7 @@ static enum { - ALLOW_NO_CONTROL_CHARACTERS = 0, - ALLOW_ALL_CONTROL_CHARACTERS = 1, - ALLOW_ANSI_COLOR_SEQUENCES = 2 --} allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; -+} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; - - /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static int use_sideband_colors(void) -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index a755c49a74..2d40d8c640 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -106,7 +106,8 @@ test_expect_success 'disallow (color) control sequences in sideband' ' - test_config_global uploadPack.packObjectshook ./color-me-surprised && - test_commit need-at-least-one-commit && - -- git clone --no-local . throw-away 2>stderr && -+ git -c sideband.allowControlCharacters=color \ -+ clone --no-local . throw-away 2>stderr && - test_decode_color decoded && - test_grep RED decoded && - test_grep "\\^G" stderr && --- -2.49.0 - diff --git a/git-2.52-sanitize-sideband-channel-messages.patch b/git-2.52-sanitize-sideband-channel-messages.patch new file mode 100644 index 0000000..786cb39 --- /dev/null +++ b/git-2.52-sanitize-sideband-channel-messages.patch @@ -0,0 +1,275 @@ +From 65e88e659008e2cbf79cf44975406ff0d569a3a9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= +Date: Thu, 20 Nov 2025 12:24:59 +0100 +Subject: [PATCH] sideband: mask control characters +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The output of `git clone` is a vital component for understanding what +has happened when things go wrong. However, these logs are partially +under the control of the remote server (via the "sideband", which +typically contains what the remote `git pack-objects` process sends to +`stderr`), and is currently not sanitized by Git. + +This makes Git susceptible to ANSI escape sequence injection (see +CWE-150, https://cwe.mitre.org/data/definitions/150.html), which allows +attackers to corrupt terminal state, to hide information, and even to +insert characters into the input buffer (i.e. as if the user had typed +those characters). + +To plug this vulnerability, disallow any control character in the +sideband, replacing them instead with the common `^` +(e.g. `^[` for `\x1b`, `^A` for `\x01`). + +There is likely a need for more fine-grained controls instead of using a +"heavy hammer" like this, which will be introduced subsequently. + +Signed-off-by: Johannes Schindelin + +sideband: introduce an "escape hatch" to allow control characters + +The preceding commit fixed the vulnerability whereas sideband messages +(that are under the control of the remote server) could contain ANSI +escape sequences that would be sent to the terminal verbatim. + +However, this fix may not be desirable under all circumstances, e.g. +when remote servers deliberately add coloring to their messages to +increase their urgency. + +To help with those use cases, give users a way to opt-out of the +protections: `sideband.allowControlCharacters`. + +Signed-off-by: Johannes Schindelin + +sideband: do allow ANSI color sequences by default + +The preceding two commits introduced special handling of the sideband +channel to neutralize ANSI escape sequences before sending the payload +to the terminal, and `sideband.allowControlCharacters` to override that +behavior. + +However, some `pre-receive` hooks that are actively used in practice +want to color their messages and therefore rely on the fact that Git +passes them through to the terminal. + +In contrast to other ANSI escape sequences, it is highly unlikely that +coloring sequences can be essential tools in attack vectors that mislead +Git users e.g. by hiding crucial information. + +Therefore we can have both: Continue to allow ANSI coloring sequences to +be passed to the terminal, and neutralize all other ANSI escape +sequences. + +Signed-off-by: Johannes Schindelin + +sideband: default to allowControlCharacters=true + +We don't want to change the default Git behaviour, just add the option +to filter control characters. + +Signed-off-by: Ondřej Pohořelský +--- + Documentation/config.adoc | 2 + + Documentation/config/sideband.adoc | 16 ++++++ + sideband.c | 78 ++++++++++++++++++++++++++++- + t/t5409-colorize-remote-messages.sh | 31 ++++++++++++ + 4 files changed, 125 insertions(+), 2 deletions(-) + create mode 100644 Documentation/config/sideband.adoc + +diff --git a/Documentation/config.adoc b/Documentation/config.adoc +index 62eebe7c54..dcea3c0c15 100644 +--- a/Documentation/config.adoc ++++ b/Documentation/config.adoc +@@ -523,6 +523,8 @@ include::config/sequencer.adoc[] + + include::config/showbranch.adoc[] + ++include::config/sideband.adoc[] ++ + include::config/sparse.adoc[] + + include::config/splitindex.adoc[] +diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc +new file mode 100644 +index 0000000000..c9ba24a02c +--- /dev/null ++++ b/Documentation/config/sideband.adoc +@@ -0,0 +1,16 @@ ++sideband.allowControlCharacters:: ++ By default, control characters that are delivered via the sideband ++ are NOT masked. Use this config setting to prevent potentially ++ unwanted ANSI escape sequences from being sent to the terminal: +++ ++-- ++ color:: ++ Allow ANSI color sequences, line feeds and horizontal tabs, ++ but mask all other control characters. ++ false:: ++ Mask all control characters other than line feeds and ++ horizontal tabs. ++ true:: ++ Allow all control characters to be sent to the terminal. ++ This is the default. ++-- +\ No newline at end of file +diff --git a/sideband.c b/sideband.c +index ea7c25211e..88d1b44a7a 100644 +--- a/sideband.c ++++ b/sideband.c +@@ -26,6 +26,12 @@ static struct keyword_entry keywords[] = { + { "error", GIT_COLOR_BOLD_RED }, + }; + ++static enum { ++ ALLOW_NO_CONTROL_CHARACTERS = 0, ++ ALLOW_ALL_CONTROL_CHARACTERS = 1, ++ ALLOW_ANSI_COLOR_SEQUENCES = 2 ++} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; ++ + /* Returns a color setting (GIT_COLOR_NEVER, etc). */ + static enum git_colorbool use_sideband_colors(void) + { +@@ -39,6 +45,25 @@ static enum git_colorbool use_sideband_colors(void) + if (use_sideband_colors_cached != GIT_COLOR_UNKNOWN) + return use_sideband_colors_cached; + ++ switch (repo_config_get_maybe_bool(the_repository, "sideband.allowcontrolcharacters", &i)) { ++ case 0: /* Boolean value */ ++ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : ++ ALLOW_NO_CONTROL_CHARACTERS; ++ break; ++ case -1: /* non-Boolean value */ ++ if (repo_config_get_string_tmp(the_repository, "sideband.allowcontrolcharacters", ++ &value)) ++ ; /* huh? `get_maybe_bool()` returned -1 */ ++ else if (!strcmp(value, "color")) ++ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; ++ else ++ warning(_("unrecognized value for `sideband." ++ "allowControlCharacters`: '%s'"), value); ++ break; ++ default: ++ break; /* not configured */ ++ } ++ + if (!repo_config_get_string_tmp(the_repository, key, &value)) + use_sideband_colors_cached = git_config_colorbool(key, value); + else if (!repo_config_get_string_tmp(the_repository, "color.ui", &value)) +@@ -66,6 +91,55 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref + list_config_item(list, prefix, keywords[i].keyword); + } + ++static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ /* ++ * Valid ANSI color sequences are of the form ++ * ++ * ESC [ [ [; ]*] m ++ */ ++ ++ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || ++ n < 3 || src[0] != '\x1b' || src[1] != '[') ++ return 0; ++ ++ for (i = 2; i < n; i++) { ++ if (src[i] == 'm') { ++ strbuf_add(dest, src, i + 1); ++ return i; ++ } ++ if (!isdigit(src[i]) && src[i] != ';') ++ break; ++ } ++ ++ return 0; ++} ++ ++static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { ++ strbuf_add(dest, src, n); ++ return; ++ } ++ ++ strbuf_grow(dest, n); ++ for (; n && *src; src++, n--) { ++ if (!iscntrl(*src) || *src == '\t' || *src == '\n') ++ strbuf_addch(dest, *src); ++ else if ((i = handle_ansi_color_sequence(dest, src, n))) { ++ src += i; ++ n -= i; ++ } else { ++ strbuf_addch(dest, '^'); ++ strbuf_addch(dest, 0x40 + *src); ++ } ++ } ++} ++ + /* + * Optionally highlight one keyword in remote output if it appears at the start + * of the line. This should be called for a single line only, which is +@@ -81,7 +155,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + int i; + + if (!want_color_stderr(use_sideband_colors())) { +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + return; + } + +@@ -114,7 +188,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + } + } + +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + } + + +diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh +index fa5de4500a..2d40d8c640 100755 +--- a/t/t5409-colorize-remote-messages.sh ++++ b/t/t5409-colorize-remote-messages.sh +@@ -98,4 +98,35 @@ test_expect_success 'fallback to color.ui' ' + grep "error: error" decoded + ' + ++test_expect_success 'disallow (color) control sequences in sideband' ' ++ write_script .git/color-me-surprised <<-\EOF && ++ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 ++ exec "$@" ++ EOF ++ test_config_global uploadPack.packObjectshook ./color-me-surprised && ++ test_commit need-at-least-one-commit && ++ ++ git -c sideband.allowControlCharacters=color \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded && ++ test_grep "\\^G" stderr && ++ tr -dc "\\007" actual && ++ test_must_be_empty actual && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters=false \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep ! RED decoded && ++ test_grep "\\^G" stderr && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded && ++ tr -dc "\\007" actual && ++ test_file_not_empty actual ++' ++ + test_done +-- +2.51.1 + diff --git a/git.spec b/git.spec index d19d51f..1193789 100644 --- a/git.spec +++ b/git.spec @@ -78,8 +78,8 @@ %global _package_note_file %{_builddir}/%{name}-%{real_version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.50.1 -Release: 2%{?dist} +Version: 2.52.0 +Release: 1%{?dist} Summary: Fast Version Control System License: BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ @@ -137,7 +137,7 @@ Patch5: git-test-apache-davlockdbtype-config.patch # The default behaviour of Git remains unchanged. # # https://github.com/gitgitgadget/git/pull/1853 -Patch6: git-2.49-sanitize-sideband-channel-messages.patch +Patch6: git-2.52-sanitize-sideband-channel-messages.patch %if %{with docs} # pod2man is needed to build Git.3pm @@ -611,6 +611,9 @@ EOF %endif # endif ! defined perl_bootstrap +# Exclude sample hook files from automatic dependency detection +%global __requires_exclude_from ^%{_datadir}/git-core/templates/hooks/.*sample$ + # Remove Git::LoadCPAN to ensure we use only system perl modules. This also # allows the dependencies to be automatically processed by rpm. rm -rf perl/Git/LoadCPAN{.pm,/} @@ -740,13 +743,6 @@ mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion install -pm 644 contrib/completion/git-completion.tcsh \ %{buildroot}%{_datadir}/git-core/contrib/completion/ -# Move contrib/hooks out of %%docdir -mkdir -p %{buildroot}%{_datadir}/git-core/contrib -mv contrib/hooks %{buildroot}%{_datadir}/git-core/contrib -pushd contrib > /dev/null -ln -s ../../../git-core/contrib/hooks -popd > /dev/null - # Install git-prompt.sh mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion install -pm 644 contrib/completion/git-prompt.sh \ @@ -885,10 +881,11 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5300.1[02348] t5300.2[03459] t5300.30 t5300.4[5 # Skip tests which fail on s390x # # The following tests are failing on s390x. -# https://lore.kernel.org/git/Z8dIZmscTdi8dZAY@teonanacatl.net/ +# https://lore.kernel.org/git/4dc4c8cd-c0cc-4784-8fcf-defa3a051087@mit.edu/ # -# t5620.4 'do partial clone 2, backfill min batch size' -GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5620.4" +# t8020.16 'cross merge boundaries in blaming' +# t8020.19 'last-modified merge undoes changes' +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t8020.16 t8020.19" %endif # endif "%{_arch}" == "s390x" export GIT_SKIP_TESTS @@ -936,11 +933,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files -f bin-man-doc-git-files %{_datadir}/git-core/contrib/diff-highlight -%{_datadir}/git-core/contrib/hooks/update-paranoid -%{_datadir}/git-core/contrib/hooks/setgitperms.perl -%{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample -%{_datadir}/git-core/templates/hooks/pre-rebase.sample -%{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample %files all # No files for you! @@ -952,11 +944,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %license COPYING # exclude is best way here because of troubles with symlinks inside git-core/ %exclude %{_datadir}/git-core/contrib/diff-highlight -%exclude %{_datadir}/git-core/contrib/hooks/update-paranoid -%exclude %{_datadir}/git-core/contrib/hooks/setgitperms.perl -%exclude %{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample -%exclude %{_datadir}/git-core/templates/hooks/pre-rebase.sample -%exclude %{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample %{bash_completions_dir}/git %{_datadir}/git-core/ @@ -966,7 +953,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %exclude %{_pkgdocdir}/contrib/*/*.py[co] %endif # endif rhel <= 7 -%{_pkgdocdir}/contrib/hooks %if %{with libsecret} %files credential-libsecret @@ -1063,6 +1049,18 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Thu Nov 20 2025 Ondřej Pohořelský - 2.52.0-1 +- update to 2.52.0 + +* Thu Oct 23 2025 Ondřej Pohořelský - 2.51.1-1 +- update to 2.51.1 + +* Thu Aug 21 2025 Ondřej Pohořelský - 2.51.0-2 +- exclude sample hook files from automatic dependency detection + +* Wed Aug 20 2025 Ondřej Pohořelský - 2.51.0-1 +- update to 2.51.0 + * Wed Jul 23 2025 Fedora Release Engineering - 2.50.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild diff --git a/sources b/sources index 8e5e30a..4a04f56 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.50.1.tar.xz) = 09f37290c0d4d074b97363f4a4be1813426e93ac3fa993c4d671bb1462bcc9335713c17d1442196a35205a603eeb052662382935d27498875a251f4fe86f6b36 -SHA512 (git-2.50.1.tar.sign) = f03a588b4108a2f0eae949d8870a3f16da18dfdf23de547aeaa25cdbccf668cfe89d49bbfb3869571b261738482f32002d83b2760415d4c04a0285273b18e828 +SHA512 (git-2.52.0.tar.xz) = 965e5ebb72d1f080d64e34bdb75f0bb1689c9dd41dcf63b020d986bad49808ac09bfb1115962bc0c5b95bac8622367ac4cd09aa89266f73d2137fe94c90dd3ed +SHA512 (git-2.52.0.tar.sign) = a5a68ce131a5763650c477ec01a4de958dd6a946bdea0f613e26bdab41d2df6b3ca63f9028bbe603bf0c834bd415c86e6c616b1ff08cc48aa7c3c61a37b24b74