From 2733c9e03ed2ec018e8ddf4a60fcf987fe129dde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Fri, 9 Jan 2026 14:23:46 +0100 Subject: [PATCH] update to 2.52.0 Resolves: RHEL-118147 --- git-2.43.0-core-crypto-hmac.patch | 70 ----- ...7-sanitize-sideband-channel-messages.patch | 219 -------------- git-2.52-core-crypto-hmac.patch | 85 ++++++ ...2-sanitize-sideband-channel-messages.patch | 275 ++++++++++++++++++ git.spec | 111 +++---- sources | 4 +- 6 files changed, 399 insertions(+), 365 deletions(-) delete mode 100644 git-2.43.0-core-crypto-hmac.patch delete mode 100644 git-2.47-sanitize-sideband-channel-messages.patch create mode 100644 git-2.52-core-crypto-hmac.patch create mode 100644 git-2.52-sanitize-sideband-channel-messages.patch diff --git a/git-2.43.0-core-crypto-hmac.patch b/git-2.43.0-core-crypto-hmac.patch deleted file mode 100644 index 26343f8..0000000 --- a/git-2.43.0-core-crypto-hmac.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff -ur b/builtin/receive-pack.c a/builtin/receive-pack.c ---- b/builtin/receive-pack.c 2023-11-20 03:07:41.000000000 +0100 -+++ a/builtin/receive-pack.c 2023-12-06 15:34:28.294170714 +0100 -@@ -40,6 +40,8 @@ - #include "worktree.h" - #include "shallow.h" - #include "parse-options.h" -+#include -+#include - - static const char * const receive_pack_usage[] = { - N_("git receive-pack "), -@@ -538,43 +540,11 @@ - return 0; - } - --static void hmac_hash(unsigned char *out, -+static inline void hmac_hash(unsigned char *out, - const char *key_in, size_t key_len, - const char *text, size_t text_len) - { -- unsigned char key[GIT_MAX_BLKSZ]; -- unsigned char k_ipad[GIT_MAX_BLKSZ]; -- unsigned char k_opad[GIT_MAX_BLKSZ]; -- int i; -- git_hash_ctx ctx; -- -- /* RFC 2104 2. (1) */ -- memset(key, '\0', GIT_MAX_BLKSZ); -- if (the_hash_algo->blksz < key_len) { -- the_hash_algo->init_fn(&ctx); -- the_hash_algo->update_fn(&ctx, key_in, key_len); -- the_hash_algo->final_fn(key, &ctx); -- } else { -- memcpy(key, key_in, key_len); -- } -- -- /* RFC 2104 2. (2) & (5) */ -- for (i = 0; i < sizeof(key); i++) { -- k_ipad[i] = key[i] ^ 0x36; -- k_opad[i] = key[i] ^ 0x5c; -- } -- -- /* RFC 2104 2. (3) & (4) */ -- the_hash_algo->init_fn(&ctx); -- the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad)); -- the_hash_algo->update_fn(&ctx, text, text_len); -- the_hash_algo->final_fn(out, &ctx); -- -- /* RFC 2104 2. (6) & (7) */ -- the_hash_algo->init_fn(&ctx); -- the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad)); -- the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz); -- the_hash_algo->final_fn(out, &ctx); -+ HMAC(EVP_sha1(), key_in, key_len, text, text_len, out, NULL); - } - - static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp) -diff -ur b/Makefile a/Makefile ---- b/Makefile 2023-11-20 03:07:41.000000000 +0100 -+++ a/Makefile 2023-12-06 15:35:08.506316431 +0100 -@@ -2123,6 +2123,8 @@ - EXTLIBS += -lcrypto -lssl - endif - -+EXTLIBS += -lcrypto -+ - ifneq ($(PROCFS_EXECUTABLE_PATH),) - procfs_executable_path_SQ = $(subst ','\'',$(PROCFS_EXECUTABLE_PATH)) - BASIC_CFLAGS += '-DPROCFS_EXECUTABLE_PATH="$(procfs_executable_path_SQ)"' diff --git a/git-2.47-sanitize-sideband-channel-messages.patch b/git-2.47-sanitize-sideband-channel-messages.patch deleted file mode 100644 index dec65f6..0000000 --- a/git-2.47-sanitize-sideband-channel-messages.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 833c73801527b37d9bc725c81c6042ae350aaae3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= -Date: Fri, 28 Mar 2025 13:26:29 +0100 -Subject: [PATCH] Adds the option to sanitize sideband channel messages - -CVE-2024-52005 wasn't fixed by upstream. This patch adds the option -to harden Git against it. -The default behaviour of Git remains unchanged. - -Changes are taken from Git for Windows. The only differences are that -by default we are allowing all control characters, the documentation -reflects it and one of the tests has to be invoked with a config -change: `sideband.allowControlCharacters=color` - -These commits can also be seen in this upstream PR: -https://github.com/gitgitgadget/git/pull/1853 ---- - Documentation/config.txt | 2 + - Documentation/config/sideband.txt | 16 ++++++ - sideband.c | 78 ++++++++++++++++++++++++++++- - t/t5409-colorize-remote-messages.sh | 30 +++++++++++ - 4 files changed, 124 insertions(+), 2 deletions(-) - create mode 100644 Documentation/config/sideband.txt - -diff --git a/Documentation/config.txt b/Documentation/config.txt -index 8c0b3ed807..48870bb588 100644 ---- a/Documentation/config.txt -+++ b/Documentation/config.txt -@@ -522,6 +522,8 @@ include::config/sequencer.txt[] - - include::config/showbranch.txt[] - -+include::config/sideband.txt[] -+ - include::config/sparse.txt[] - - include::config/splitindex.txt[] -diff --git a/Documentation/config/sideband.txt b/Documentation/config/sideband.txt -new file mode 100644 -index 0000000000..1adc831667 ---- /dev/null -+++ b/Documentation/config/sideband.txt -@@ -0,0 +1,16 @@ -+sideband.allowControlCharacters:: -+ By default, control characters that are delivered via the sideband -+ are NOT masked. Use this config setting to prevent potentially -+ unwanted ANSI escape sequences from being sent to the terminal: -++ -+-- -+ color:: -+ Allow ANSI color sequences, line feeds and horizontal tabs, -+ but mask all other control characters. -+ false:: -+ Mask all control characters other than line feeds and -+ horizontal tabs. -+ true:: -+ Allow all control characters to be sent to the terminal. -+ This is the default. -+-- -\ No newline at end of file -diff --git a/sideband.c b/sideband.c -index 02805573fa..7a0ca61948 100644 ---- a/sideband.c -+++ b/sideband.c -@@ -25,6 +25,12 @@ static struct keyword_entry keywords[] = { - { "error", GIT_COLOR_BOLD_RED }, - }; - -+static enum { -+ ALLOW_NO_CONTROL_CHARACTERS = 0, -+ ALLOW_ALL_CONTROL_CHARACTERS = 1, -+ ALLOW_ANSI_COLOR_SEQUENCES = 2 -+} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; -+ - /* Returns a color setting (GIT_COLOR_NEVER, etc). */ - static int use_sideband_colors(void) - { -@@ -38,6 +44,25 @@ static int use_sideband_colors(void) - if (use_sideband_colors_cached >= 0) - return use_sideband_colors_cached; - -+ switch (git_config_get_maybe_bool("sideband.allowcontrolcharacters", &i)) { -+ case 0: /* Boolean value */ -+ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : -+ ALLOW_NO_CONTROL_CHARACTERS; -+ break; -+ case -1: /* non-Boolean value */ -+ if (git_config_get_string_tmp("sideband.allowcontrolcharacters", -+ &value)) -+ ; /* huh? `get_maybe_bool()` returned -1 */ -+ else if (!strcmp(value, "color")) -+ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; -+ else -+ warning(_("unrecognized value for `sideband." -+ "allowControlCharacters`: '%s'"), value); -+ break; -+ default: -+ break; /* not configured */ -+ } -+ - if (!git_config_get_string_tmp(key, &value)) - use_sideband_colors_cached = git_config_colorbool(key, value); - else if (!git_config_get_string_tmp("color.ui", &value)) -@@ -65,6 +90,55 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref - list_config_item(list, prefix, keywords[i].keyword); - } - -+static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) -+{ -+ int i; -+ -+ /* -+ * Valid ANSI color sequences are of the form -+ * -+ * ESC [ [ [; ]*] m -+ */ -+ -+ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || -+ n < 3 || src[0] != '\x1b' || src[1] != '[') -+ return 0; -+ -+ for (i = 2; i < n; i++) { -+ if (src[i] == 'm') { -+ strbuf_add(dest, src, i + 1); -+ return i; -+ } -+ if (!isdigit(src[i]) && src[i] != ';') -+ break; -+ } -+ -+ return 0; -+} -+ -+static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) -+{ -+ int i; -+ -+ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { -+ strbuf_add(dest, src, n); -+ return; -+ } -+ -+ strbuf_grow(dest, n); -+ for (; n && *src; src++, n--) { -+ if (!iscntrl(*src) || *src == '\t' || *src == '\n') -+ strbuf_addch(dest, *src); -+ else if ((i = handle_ansi_color_sequence(dest, src, n))) { -+ src += i; -+ n -= i; -+ } else { -+ strbuf_addch(dest, '^'); -+ strbuf_addch(dest, 0x40 + *src); -+ } -+ } -+} -+ - /* - * Optionally highlight one keyword in remote output if it appears at the start - * of the line. This should be called for a single line only, which is -@@ -80,7 +154,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) - int i; - - if (!want_color_stderr(use_sideband_colors())) { -- strbuf_add(dest, src, n); -+ strbuf_add_sanitized(dest, src, n); - return; - } - -@@ -113,7 +187,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) - } - } - -- strbuf_add(dest, src, n); -+ strbuf_add_sanitized(dest, src, n); - } - - -diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh -index 516b22fd96..48f8413eff 100755 ---- a/t/t5409-colorize-remote-messages.sh -+++ b/t/t5409-colorize-remote-messages.sh -@@ -99,4 +99,34 @@ test_expect_success 'fallback to color.ui' ' - grep "error: error" decoded - ' - -+test_expect_success 'disallow (color) control sequences in sideband' ' -+ write_script .git/color-me-surprised <<-\EOF && -+ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 -+ exec "$@" -+ EOF -+ test_config_global uploadPack.packObjectshook ./color-me-surprised && -+ test_commit need-at-least-one-commit && -+ git -c sideband.allowControlCharacters=color \ -+ clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep RED decoded && -+ test_grep "\\^G" stderr && -+ tr -dc "\\007" actual && -+ test_must_be_empty actual && -+ -+ rm -rf throw-away && -+ git -c sideband.allowControlCharacters=false \ -+ clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep ! RED decoded && -+ test_grep "\\^G" stderr && -+ -+ rm -rf throw-away && -+ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && -+ test_decode_color decoded && -+ test_grep RED decoded && -+ tr -dc "\\007" actual && -+ test_file_not_empty actual -+' -+ - test_done --- -2.49.0 - diff --git a/git-2.52-core-crypto-hmac.patch b/git-2.52-core-crypto-hmac.patch new file mode 100644 index 0000000..a31b868 --- /dev/null +++ b/git-2.52-core-crypto-hmac.patch @@ -0,0 +1,85 @@ +From 17acaf144b882d7312b147ac4a1d39158a82534d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= +Date: Fri, 9 Jan 2026 14:49:51 +0100 +Subject: [PATCH] git-2.52.0-core-crypto-hmac.patch + +--- + Makefile | 2 ++ + builtin/receive-pack.c | 38 ++++---------------------------------- + 2 files changed, 6 insertions(+), 34 deletions(-) + +diff --git a/Makefile b/Makefile +index 7e0f77e298..a106eaa79d 100644 +--- a/Makefile ++++ b/Makefile +@@ -2278,6 +2278,8 @@ ifneq ($(findstring openssl,$(CSPRNG_METHOD)),) + EXTLIBS += -lcrypto -lssl + endif + ++EXTLIBS += -lcrypto ++ + ifndef HAVE_PLATFORM_PROCINFO + COMPAT_OBJS += compat/stub/procinfo.o + endif +diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c +index c9288a9c7e..48ad30fb0a 100644 +--- a/builtin/receive-pack.c ++++ b/builtin/receive-pack.c +@@ -43,6 +43,8 @@ + #include "worktree.h" + #include "shallow.h" + #include "parse-options.h" ++#include ++#include + + static const char * const receive_pack_usage[] = { + N_("git receive-pack "), +@@ -561,43 +563,11 @@ static int copy_to_sideband(int in, int out UNUSED, void *arg UNUSED) + return 0; + } + +-static void hmac_hash(unsigned char *out, ++static inline void hmac_hash(unsigned char *out, + const char *key_in, size_t key_len, + const char *text, size_t text_len) + { +- unsigned char key[GIT_MAX_BLKSZ]; +- unsigned char k_ipad[GIT_MAX_BLKSZ]; +- unsigned char k_opad[GIT_MAX_BLKSZ]; +- int i; +- struct git_hash_ctx ctx; +- +- /* RFC 2104 2. (1) */ +- memset(key, '\0', GIT_MAX_BLKSZ); +- if (the_hash_algo->blksz < key_len) { +- the_hash_algo->init_fn(&ctx); +- git_hash_update(&ctx, key_in, key_len); +- git_hash_final(key, &ctx); +- } else { +- memcpy(key, key_in, key_len); +- } +- +- /* RFC 2104 2. (2) & (5) */ +- for (i = 0; i < sizeof(key); i++) { +- k_ipad[i] = key[i] ^ 0x36; +- k_opad[i] = key[i] ^ 0x5c; +- } +- +- /* RFC 2104 2. (3) & (4) */ +- the_hash_algo->init_fn(&ctx); +- git_hash_update(&ctx, k_ipad, sizeof(k_ipad)); +- git_hash_update(&ctx, text, text_len); +- git_hash_final(out, &ctx); +- +- /* RFC 2104 2. (6) & (7) */ +- the_hash_algo->init_fn(&ctx); +- git_hash_update(&ctx, k_opad, sizeof(k_opad)); +- git_hash_update(&ctx, out, the_hash_algo->rawsz); +- git_hash_final(out, &ctx); ++ HMAC(EVP_sha1(), key_in, key_len, text, text_len, out, NULL); + } + + static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp) +-- +2.52.0 + diff --git a/git-2.52-sanitize-sideband-channel-messages.patch b/git-2.52-sanitize-sideband-channel-messages.patch new file mode 100644 index 0000000..786cb39 --- /dev/null +++ b/git-2.52-sanitize-sideband-channel-messages.patch @@ -0,0 +1,275 @@ +From 65e88e659008e2cbf79cf44975406ff0d569a3a9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= +Date: Thu, 20 Nov 2025 12:24:59 +0100 +Subject: [PATCH] sideband: mask control characters +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The output of `git clone` is a vital component for understanding what +has happened when things go wrong. However, these logs are partially +under the control of the remote server (via the "sideband", which +typically contains what the remote `git pack-objects` process sends to +`stderr`), and is currently not sanitized by Git. + +This makes Git susceptible to ANSI escape sequence injection (see +CWE-150, https://cwe.mitre.org/data/definitions/150.html), which allows +attackers to corrupt terminal state, to hide information, and even to +insert characters into the input buffer (i.e. as if the user had typed +those characters). + +To plug this vulnerability, disallow any control character in the +sideband, replacing them instead with the common `^` +(e.g. `^[` for `\x1b`, `^A` for `\x01`). + +There is likely a need for more fine-grained controls instead of using a +"heavy hammer" like this, which will be introduced subsequently. + +Signed-off-by: Johannes Schindelin + +sideband: introduce an "escape hatch" to allow control characters + +The preceding commit fixed the vulnerability whereas sideband messages +(that are under the control of the remote server) could contain ANSI +escape sequences that would be sent to the terminal verbatim. + +However, this fix may not be desirable under all circumstances, e.g. +when remote servers deliberately add coloring to their messages to +increase their urgency. + +To help with those use cases, give users a way to opt-out of the +protections: `sideband.allowControlCharacters`. + +Signed-off-by: Johannes Schindelin + +sideband: do allow ANSI color sequences by default + +The preceding two commits introduced special handling of the sideband +channel to neutralize ANSI escape sequences before sending the payload +to the terminal, and `sideband.allowControlCharacters` to override that +behavior. + +However, some `pre-receive` hooks that are actively used in practice +want to color their messages and therefore rely on the fact that Git +passes them through to the terminal. + +In contrast to other ANSI escape sequences, it is highly unlikely that +coloring sequences can be essential tools in attack vectors that mislead +Git users e.g. by hiding crucial information. + +Therefore we can have both: Continue to allow ANSI coloring sequences to +be passed to the terminal, and neutralize all other ANSI escape +sequences. + +Signed-off-by: Johannes Schindelin + +sideband: default to allowControlCharacters=true + +We don't want to change the default Git behaviour, just add the option +to filter control characters. + +Signed-off-by: Ondřej Pohořelský +--- + Documentation/config.adoc | 2 + + Documentation/config/sideband.adoc | 16 ++++++ + sideband.c | 78 ++++++++++++++++++++++++++++- + t/t5409-colorize-remote-messages.sh | 31 ++++++++++++ + 4 files changed, 125 insertions(+), 2 deletions(-) + create mode 100644 Documentation/config/sideband.adoc + +diff --git a/Documentation/config.adoc b/Documentation/config.adoc +index 62eebe7c54..dcea3c0c15 100644 +--- a/Documentation/config.adoc ++++ b/Documentation/config.adoc +@@ -523,6 +523,8 @@ include::config/sequencer.adoc[] + + include::config/showbranch.adoc[] + ++include::config/sideband.adoc[] ++ + include::config/sparse.adoc[] + + include::config/splitindex.adoc[] +diff --git a/Documentation/config/sideband.adoc b/Documentation/config/sideband.adoc +new file mode 100644 +index 0000000000..c9ba24a02c +--- /dev/null ++++ b/Documentation/config/sideband.adoc +@@ -0,0 +1,16 @@ ++sideband.allowControlCharacters:: ++ By default, control characters that are delivered via the sideband ++ are NOT masked. Use this config setting to prevent potentially ++ unwanted ANSI escape sequences from being sent to the terminal: +++ ++-- ++ color:: ++ Allow ANSI color sequences, line feeds and horizontal tabs, ++ but mask all other control characters. ++ false:: ++ Mask all control characters other than line feeds and ++ horizontal tabs. ++ true:: ++ Allow all control characters to be sent to the terminal. ++ This is the default. ++-- +\ No newline at end of file +diff --git a/sideband.c b/sideband.c +index ea7c25211e..88d1b44a7a 100644 +--- a/sideband.c ++++ b/sideband.c +@@ -26,6 +26,12 @@ static struct keyword_entry keywords[] = { + { "error", GIT_COLOR_BOLD_RED }, + }; + ++static enum { ++ ALLOW_NO_CONTROL_CHARACTERS = 0, ++ ALLOW_ALL_CONTROL_CHARACTERS = 1, ++ ALLOW_ANSI_COLOR_SEQUENCES = 2 ++} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; ++ + /* Returns a color setting (GIT_COLOR_NEVER, etc). */ + static enum git_colorbool use_sideband_colors(void) + { +@@ -39,6 +45,25 @@ static enum git_colorbool use_sideband_colors(void) + if (use_sideband_colors_cached != GIT_COLOR_UNKNOWN) + return use_sideband_colors_cached; + ++ switch (repo_config_get_maybe_bool(the_repository, "sideband.allowcontrolcharacters", &i)) { ++ case 0: /* Boolean value */ ++ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : ++ ALLOW_NO_CONTROL_CHARACTERS; ++ break; ++ case -1: /* non-Boolean value */ ++ if (repo_config_get_string_tmp(the_repository, "sideband.allowcontrolcharacters", ++ &value)) ++ ; /* huh? `get_maybe_bool()` returned -1 */ ++ else if (!strcmp(value, "color")) ++ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; ++ else ++ warning(_("unrecognized value for `sideband." ++ "allowControlCharacters`: '%s'"), value); ++ break; ++ default: ++ break; /* not configured */ ++ } ++ + if (!repo_config_get_string_tmp(the_repository, key, &value)) + use_sideband_colors_cached = git_config_colorbool(key, value); + else if (!repo_config_get_string_tmp(the_repository, "color.ui", &value)) +@@ -66,6 +91,55 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref + list_config_item(list, prefix, keywords[i].keyword); + } + ++static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ /* ++ * Valid ANSI color sequences are of the form ++ * ++ * ESC [ [ [; ]*] m ++ */ ++ ++ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || ++ n < 3 || src[0] != '\x1b' || src[1] != '[') ++ return 0; ++ ++ for (i = 2; i < n; i++) { ++ if (src[i] == 'm') { ++ strbuf_add(dest, src, i + 1); ++ return i; ++ } ++ if (!isdigit(src[i]) && src[i] != ';') ++ break; ++ } ++ ++ return 0; ++} ++ ++static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { ++ strbuf_add(dest, src, n); ++ return; ++ } ++ ++ strbuf_grow(dest, n); ++ for (; n && *src; src++, n--) { ++ if (!iscntrl(*src) || *src == '\t' || *src == '\n') ++ strbuf_addch(dest, *src); ++ else if ((i = handle_ansi_color_sequence(dest, src, n))) { ++ src += i; ++ n -= i; ++ } else { ++ strbuf_addch(dest, '^'); ++ strbuf_addch(dest, 0x40 + *src); ++ } ++ } ++} ++ + /* + * Optionally highlight one keyword in remote output if it appears at the start + * of the line. This should be called for a single line only, which is +@@ -81,7 +155,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + int i; + + if (!want_color_stderr(use_sideband_colors())) { +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + return; + } + +@@ -114,7 +188,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + } + } + +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + } + + +diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh +index fa5de4500a..2d40d8c640 100755 +--- a/t/t5409-colorize-remote-messages.sh ++++ b/t/t5409-colorize-remote-messages.sh +@@ -98,4 +98,35 @@ test_expect_success 'fallback to color.ui' ' + grep "error: error" decoded + ' + ++test_expect_success 'disallow (color) control sequences in sideband' ' ++ write_script .git/color-me-surprised <<-\EOF && ++ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 ++ exec "$@" ++ EOF ++ test_config_global uploadPack.packObjectshook ./color-me-surprised && ++ test_commit need-at-least-one-commit && ++ ++ git -c sideband.allowControlCharacters=color \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded && ++ test_grep "\\^G" stderr && ++ tr -dc "\\007" actual && ++ test_must_be_empty actual && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters=false \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep ! RED decoded && ++ test_grep "\\^G" stderr && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded && ++ tr -dc "\\007" actual && ++ test_file_not_empty actual ++' ++ + test_done +-- +2.51.1 + diff --git a/git.spec b/git.spec index 2924e39..3e26ee8 100644 --- a/git.spec +++ b/git.spec @@ -6,13 +6,6 @@ %global gitexecdir %{_libexecdir}/git-core -# Settings for Fedora >= 34 -%if 0%{?fedora} >= 34 -%bcond_with emacs -%else -%bcond_without emacs -%endif - # Settings for Fedora %if 0%{?fedora} # linkchecker is not available on EL @@ -99,7 +92,7 @@ #global rcrev .rc0 Name: git -Version: 2.47.3 +Version: 2.52.0 Release: 1%{?dist} Summary: Fast Version Control System License: GPLv2 @@ -133,7 +126,7 @@ Source99: print-failed-test-output Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch # https://bugzilla.redhat.com/1956345 -Patch1: git-2.43.0-core-crypto-hmac.patch +Patch1: git-2.52-core-crypto-hmac.patch # https://bugzilla.redhat.com/2114531 # tests: try harder to find open ports for apache, git, and svn @@ -149,8 +142,8 @@ Patch4: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch # CVE-2024-52005 wasn't fixed by upstream. This patch adds the option to harden Git against it. # The default behaviour of Git remains unchanged. # -# https://github.com/gitgitgadget/git/pull/1853 -Patch5: git-2.47-sanitize-sideband-channel-messages.patch +# https://github.com/gitgitgadget/git/pull/1853 +Patch6: git-2.52-sanitize-sideband-channel-messages.patch %if %{with docs} # pod2man is needed to build Git.3pm @@ -172,10 +165,6 @@ BuildRequires: linkchecker # endif with docs BuildRequires: desktop-file-utils BuildRequires: diffutils -%if %{with emacs} -BuildRequires: emacs-common -%endif -# endif emacs-common %if 0%{?rhel} && 0%{?rhel} < 9 # Require epel-rpm-macros for the %%gpgverify macro on EL-7/EL-8, and # %%build_cflags & %%build_ldflags on EL-7. @@ -307,17 +296,6 @@ Requires: perl(Term::ReadKey) # endif ! defined perl_bootstrap Requires: perl-Git = %{version}-%{release} -%if %{with emacs} && %{emacs_filesystem} && %{defined _emacs_version} -Requires: emacs-filesystem >= %{_emacs_version} -%endif -# endif with emacs && emacs_filesystem - -# Obsolete emacs-git if it's disabled -%if %{without emacs} -Obsoletes: emacs-git < %{?epoch:%{epoch}:}%{version}-%{release} -%endif -# endif without emacs - # Obsolete git-cvs if it's disabled %if %{without cvs} Obsoletes: git-cvs < %{?epoch:%{epoch}:}%{version}-%{release} @@ -572,7 +550,9 @@ xz -dc '%{SOURCE0}' | %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1 install -p -m 755 %{SOURCE99} print-failed-test-output # Remove git-archimport from command list +sed -i '/^SCRIPT_PERL += git-archimport\.perl$/d' Makefile sed -i '/^git-archimport/d' command-list.txt +rm git-archimport.perl Documentation/git-archimport.adoc %if %{without cvs} # Remove git-cvs* from command list @@ -642,6 +622,9 @@ chmod +x %{__perl_requires} %endif # endif use_new_rpm_filters +# Exclude sample hook files from automatic dependency detection +%global __requires_exclude_from ^%{_datadir}/git-core/templates/hooks/.*sample$ + # Remove Git::LoadCPAN to ensure we use only system perl modules. This also # allows the dependencies to be automatically processed by rpm. rm -rf perl/Git/LoadCPAN{.pm,/} @@ -653,7 +636,7 @@ sed -i 's@"++GITWEB_HOME_LINK_STR++"@$ENV{"SERVER_NAME"} ? "git://" . $ENV{"SERV # Move contrib/{contacts,subtree} docs to Documentation so they build with the # proper asciidoc/docbook/xmlto options -mv contrib/{contacts,subtree}/git-*.txt Documentation/ +mv contrib/{contacts,subtree}/git-*.adoc Documentation/ %build # Improve build reproducibility @@ -690,19 +673,6 @@ rm -rf contrib/fast-import/import-zips.py %make_install -C contrib/contacts -%if %{with emacs} -%global elispdir %{_emacs_sitelispdir}/git -pushd contrib/emacs >/dev/null -for el in *.el ; do - # Note: No byte-compiling is done. These .el files are one-line stubs - # which only serve to point users to better alternatives. - install -Dpm 644 $el %{buildroot}%{elispdir}/$el - rm -f $el # clean up to avoid cruft in git-core-doc -done -popd >/dev/null -%endif -# endif with emacs - %if %{with libsecret} install -pm 755 contrib/credential/libsecret/git-credential-libsecret \ %{buildroot}%{gitexecdir} @@ -792,13 +762,6 @@ mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion install -pm 644 contrib/completion/git-completion.tcsh \ %{buildroot}%{_datadir}/git-core/contrib/completion/ -# Move contrib/hooks out of %%docdir -mkdir -p %{buildroot}%{_datadir}/git-core/contrib -mv contrib/hooks %{buildroot}%{_datadir}/git-core/contrib -pushd contrib > /dev/null -ln -s ../../../git-core/contrib/hooks -popd > /dev/null - # Install git-prompt.sh mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion install -pm 644 contrib/completion/git-prompt.sh \ @@ -841,7 +804,7 @@ grep -E "$not_core_re" bin-man-doc-files > bin-man-doc-git-files # contrib not_core_doc_re="(git-(cvs|gui|citool|daemon|instaweb|subtree))|p4|svn|email|gitk|gitweb" mkdir -p %{buildroot}%{_pkgdocdir}/ -cp -pr CODE_OF_CONDUCT.md README.md Documentation/*.txt Documentation/RelNotes contrib %{buildroot}%{_pkgdocdir}/ +cp -pr CODE_OF_CONDUCT.md README.md Documentation/*.adoc Documentation/RelNotes contrib %{buildroot}%{_pkgdocdir}/ # Remove contrib/ files/dirs which have nothing useful for documentation rm -rf %{buildroot}%{_pkgdocdir}/contrib/{contacts,credential}/ cp -p gitweb/INSTALL %{buildroot}%{_pkgdocdir}/INSTALL.gitweb @@ -939,6 +902,17 @@ GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5003.81" %endif # endif rhel == 9 && arch == s390x +%if "%{_arch}" == "s390x" +# Skip tests which fail on s390x +# +# The following tests are failing on s390x. +# https://lore.kernel.org/git/4dc4c8cd-c0cc-4784-8fcf-defa3a051087@mit.edu/ +# +# t8020.16 'cross merge boundaries in blaming' +# t8020.19 'last-modified merge undoes changes' +GIT_SKIP_TESTS="$GIT_SKIP_TESTS t8020.16 t8020.19" +%endif +# endif "%{_arch}" == "s390x" export GIT_SKIP_TESTS # Set LANG so various UTF-8 tests are run @@ -986,16 +960,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" # endif use_systemd %files -f bin-man-doc-git-files -%if %{with emacs} && %{emacs_filesystem} -%{elispdir} -%endif -# endif with emacs && emacs_filesystem %{_datadir}/git-core/contrib/diff-highlight -%{_datadir}/git-core/contrib/hooks/update-paranoid -%{_datadir}/git-core/contrib/hooks/setgitperms.perl -%{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample -%{_datadir}/git-core/templates/hooks/pre-rebase.sample -%{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample %files all # No files for you! @@ -1007,11 +972,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %license COPYING # exclude is best way here because of troubles with symlinks inside git-core/ %exclude %{_datadir}/git-core/contrib/diff-highlight -%exclude %{_datadir}/git-core/contrib/hooks/update-paranoid -%exclude %{_datadir}/git-core/contrib/hooks/setgitperms.perl -%exclude %{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample -%exclude %{_datadir}/git-core/templates/hooks/pre-rebase.sample -%exclude %{_datadir}/git-core/templates/hooks/prepare-commit-msg.sample %{bashcomproot} %{_datadir}/git-core/ @@ -1021,7 +981,6 @@ rmdir --ignore-fail-on-non-empty "$testdir" %exclude %{_pkgdocdir}/contrib/*/*.py[co] %endif # endif rhel <= 7 -%{_pkgdocdir}/contrib/hooks %if %{with libsecret} %files credential-libsecret @@ -1032,7 +991,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %if %{with cvs} %files cvs -%{_pkgdocdir}/*git-cvs*.txt +%{_pkgdocdir}/*git-cvs*.adoc %{_bindir}/git-cvsserver %{gitexecdir}/*cvs* %{?with_docs:%{_mandir}/man1/*cvs*.1*} @@ -1041,7 +1000,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" # endif with cvs %files daemon -%{_pkgdocdir}/git-daemon*.txt +%{_pkgdocdir}/git-daemon*.adoc %if %{use_systemd} %{_unitdir}/git.socket %config(noreplace) %{_unitdir}/git@.service @@ -1062,13 +1021,13 @@ rmdir --ignore-fail-on-non-empty "$testdir" # endif with emacs && ! emacs_filesystem %files email -%{_pkgdocdir}/*email*.txt +%{_pkgdocdir}/*email*.adoc %{gitexecdir}/*email* %{?with_docs:%{_mandir}/man1/*email*.1*} %{?with_docs:%{_pkgdocdir}/*email*.html} %files -n gitk -%{_pkgdocdir}/*gitk*.txt +%{_pkgdocdir}/*gitk*.adoc %{_bindir}/*gitk* %{_datadir}/gitk %{?with_docs:%{_mandir}/man1/*gitk*.1*} @@ -1076,7 +1035,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files -n gitweb %{_pkgdocdir}/*.gitweb -%{_pkgdocdir}/gitweb*.txt +%{_pkgdocdir}/gitweb*.adoc %{?with_docs:%{_mandir}/man1/gitweb.1*} %{?with_docs:%{_mandir}/man5/gitweb.conf.5*} %{?with_docs:%{_pkgdocdir}/gitweb*.html} @@ -1089,8 +1048,8 @@ rmdir --ignore-fail-on-non-empty "$testdir" %{gitexecdir}/git-citool %{_datadir}/applications/*git-gui.desktop %{_datadir}/git-gui/ -%{_pkgdocdir}/git-gui.txt -%{_pkgdocdir}/git-citool.txt +%{_pkgdocdir}/git-gui.adoc +%{_pkgdocdir}/git-citool.adoc %{?with_docs:%{_mandir}/man1/git-gui.1*} %{?with_docs:%{_pkgdocdir}/git-gui.html} %{?with_docs:%{_mandir}/man1/git-citool.1*} @@ -1099,7 +1058,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files instaweb %defattr(-,root,root) %{gitexecdir}/git-instaweb -%{_pkgdocdir}/git-instaweb.txt +%{_pkgdocdir}/git-instaweb.adoc %{?with_docs:%{_mandir}/man1/git-instaweb.1*} %{?with_docs:%{_pkgdocdir}/git-instaweb.html} @@ -1107,7 +1066,7 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files p4 %{gitexecdir}/*p4* %{gitexecdir}/mergetools/p4merge -%{_pkgdocdir}/*p4*.txt +%{_pkgdocdir}/*p4*.adoc %{?with_docs:%{_mandir}/man1/*p4*.1*} %{?with_docs:%{_pkgdocdir}/*p4*.html} %endif @@ -1120,17 +1079,21 @@ rmdir --ignore-fail-on-non-empty "$testdir" %files subtree %{gitexecdir}/git-subtree -%{_pkgdocdir}/git-subtree.txt +%{_pkgdocdir}/git-subtree.adoc %{?with_docs:%{_mandir}/man1/git-subtree.1*} %{?with_docs:%{_pkgdocdir}/git-subtree.html} %files svn %{gitexecdir}/git-svn -%{_pkgdocdir}/git-svn.txt +%{_pkgdocdir}/git-svn.adoc %{?with_docs:%{_mandir}/man1/git-svn.1*} %{?with_docs:%{_pkgdocdir}/git-svn.html} %changelog +* Fri Jan 09 2026 Ondřej Pohořelský - 2.52.0-1 +- update to 2.52.0 +- Resolves: RHEL-118147 + * Thu Jul 10 2025 Ondřej Pohořelský - 2.47.3-1 - update to 2.47.3 - Resolves: RHEL-102449, RHEL-102463, RHEL-102675, RHEL-102681 diff --git a/sources b/sources index eba654f..4a04f56 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (git-2.47.3.tar.xz) = 9c0e1e42e3bc10eb912c1ca9737d55b2e5d994f56825fa659d6cf5cbec220c67cc9aa3217fc136ae28c90c0b4969cff3661dc92ed6e2774f7432170f1d9e2a55 -SHA512 (git-2.47.3.tar.sign) = 6d9b51346077a080bf581da2cb56ddc353aa8b58cdb5f34563681bdc90c513742812b2a6c8585f10472d220cd8be7448839d038f92167277aa131459977d9bcf +SHA512 (git-2.52.0.tar.xz) = 965e5ebb72d1f080d64e34bdb75f0bb1689c9dd41dcf63b020d986bad49808ac09bfb1115962bc0c5b95bac8622367ac4cd09aa89266f73d2137fe94c90dd3ed +SHA512 (git-2.52.0.tar.sign) = a5a68ce131a5763650c477ec01a4de958dd6a946bdea0f613e26bdab41d2df6b3ca63f9028bbe603bf0c834bd415c86e6c616b1ff08cc48aa7c3c61a37b24b74