.git.metadata

@@ -1,2 +1,2 @@
-ee5544e5682b2dd8bc7cfe0cf8952eb4f04a308f SOURCES/git-2.43.7.tar.sign
-4034a9389fe34767a272d7085e9e7d93fb5ff18f SOURCES/git-2.43.7.tar.xz
+9a1c24da266ee42b4b8fd32274bae3f5ab3968da SOURCES/git-2.43.0.tar.sign
+d34f8331e3dcd7d2beb2f4af3e3d6db50b8036f1 SOURCES/git-2.43.0.tar.xz

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/git-2.43.7.tar.sign
-SOURCES/git-2.43.7.tar.xz
+SOURCES/git-2.43.0.tar.sign
+SOURCES/git-2.43.0.tar.xz

SOURCES/git-2.43.0-slow-shallow-clones.patch

@@ -1,115 +0,0 @@
-From 51441e6460b505c07b4a8a6deeaa7de4bf6e8e33 Mon Sep 17 00:00:00 2001
-From: Junio C Hamano <gitster@pobox.com>
-Date: Fri, 3 May 2024 08:34:27 -0700
-Subject: [PATCH] stop using HEAD for attributes in bare repository by default
-
-With 23865355 (attr: read attributes from HEAD when bare repo,
-2023-10-13), we started to use the HEAD tree as the default
-attribute source in a bare repository.  One argument for such a
-behaviour is that it would make things like "git archive" run in
-bare and non-bare repositories for the same commit consistent.
-This changes was merged to Git 2.43 but without an explicit mention
-in its release notes.
-
-It turns out that this change destroys performance of shallowly
-cloning from a bare repository.  As the "server" installations are
-expected to be mostly bare, and "git pack-objects", which is the
-core of driving the other side of "git clone" and "git fetch" wants
-to see if a path is set not to delta with blobs from other paths via
-the attribute system, the change forces the server side to traverse
-the tree of the HEAD commit needlessly to find if each and every
-paths the objects it sends out has the attribute that controls the
-deltification.  Given that (1) most projects do not configure such
-an attribute, and (2) it is dubious for the server side to honor
-such an end-user supplied attribute anyway, this was a poor choice
-of the default.
-
-To mitigate the current situation, let's revert the change that uses
-the tree of HEAD in a bare repository by default as the attribute
-source.  This will help most people who have been happy with the
-behaviour of Git 2.42 and before.
-
-Two things to note:
-
- * If you are stuck with versions of Git 2.43 or newer, that is
-   older than the release this fix appears in, you can explicitly
-   set the attr.tree configuration variable to point at an empty
-   tree object, i.e.
-
-	$ git config attr.tree 4b825dc642cb6eb9a060e54bf8d69288fbee4904
-
- * If you like the behaviour we are reverting, you can explicitly
-   set the attr.tree configuration variable to HEAD, i.e.
-
-	$ git config attr.tree HEAD
-
-The right fix for this is to optimize the code paths that allow
-accesses to attributes in tree objects, but that is a much more
-involved change and is left as a longer-term project, outside the
-scope of this "first step" fix.
-
-Signed-off-by: Junio C Hamano <gitster@pobox.com>
----
- attr.c                  |  7 -------
- t/t0003-attributes.sh   | 10 ++++++++--
- t/t5001-archive-attr.sh |  3 ++-
- 3 files changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/attr.c b/attr.c
-index e62876dfd3e9be..02ab8436266289 100644
---- a/attr.c
-+++ b/attr.c
-@@ -1213,13 +1213,6 @@ static void compute_default_attr_source(struct object_id *attr_source)
- 		ignore_bad_attr_tree = 1;
- 	}
- 
--	if (!default_attr_source_tree_object_name &&
--	    startup_info->have_repository &&
--	    is_bare_repository()) {
--		default_attr_source_tree_object_name = "HEAD";
--		ignore_bad_attr_tree = 1;
--	}
--
- 	if (!default_attr_source_tree_object_name || !is_null_oid(attr_source))
- 		return;
- 
-diff --git a/t/t0003-attributes.sh b/t/t0003-attributes.sh
-index aee2298f01331a..5de46ddf67f7ff 100755
---- a/t/t0003-attributes.sh
-+++ b/t/t0003-attributes.sh
-@@ -384,13 +384,19 @@ test_expect_success 'bad attr source defaults to reading .gitattributes file' '
- 	)
- '
- 
--test_expect_success 'bare repo defaults to reading .gitattributes from HEAD' '
-+test_expect_success 'bare repo no longer defaults to reading .gitattributes from HEAD' '
- 	test_when_finished rm -rf test bare_with_gitattribute &&
- 	git init test &&
- 	test_commit -C test gitattributes .gitattributes "f/path test=val" &&
- 	git clone --bare test bare_with_gitattribute &&
--	echo "f/path: test: val" >expect &&
-+
-+	echo "f/path: test: unspecified" >expect &&
- 	git -C bare_with_gitattribute check-attr test -- f/path >actual &&
-+	test_cmp expect actual &&
-+
-+	echo "f/path: test: val" >expect &&
-+	git -C bare_with_gitattribute -c attr.tree=HEAD \
-+		check-attr test -- f/path >actual &&
- 	test_cmp expect actual
- '
- 
-diff --git a/t/t5001-archive-attr.sh b/t/t5001-archive-attr.sh
-index eaf959d8f63f15..7310774af5efea 100755
---- a/t/t5001-archive-attr.sh
-+++ b/t/t5001-archive-attr.sh
-@@ -133,7 +133,8 @@ test_expect_success 'git archive vs. bare' '
- '
- 
- test_expect_success 'git archive with worktree attributes, bare' '
--	(cd bare && git archive --worktree-attributes HEAD) >bare-worktree.tar &&
-+	(cd bare &&
-+	git -c attr.tree=HEAD archive --worktree-attributes HEAD) >bare-worktree.tar &&
- 	(mkdir bare-worktree && cd bare-worktree && "$TAR" xf -) <bare-worktree.tar
- '
- 

SOURCES/git-2.43.5-sanitize-sideband-channel-messages.patch

@@ -1,219 +0,0 @@
-From 13bb730859857c97f298e9a8c7b68fe00074b3d0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= <opohorel@redhat.com>
-Date: Thu, 3 Apr 2025 14:46:53 +0200
-Subject: [PATCH] Adds the option to sanitize sideband channel messages
-
-CVE-2024-52005 wasn't fixed by upstream. This patch adds the option
-to harden Git against it.
-The default behaviour of Git remains unchanged.
-
-Changes are taken from Git for Windows. The only differences are that
-by default we are allowing all control characters, the documentation
-reflects it and one of the tests has to be invoked with a config
-change: `sideband.allowControlCharacters=color`
-
-These commits can also be seen in this upstream PR:
-https://github.com/gitgitgadget/git/pull/1853
----
- Documentation/config.txt            |  2 +
- Documentation/config/sideband.txt   | 16 ++++++
- sideband.c                          | 78 ++++++++++++++++++++++++++++-
- t/t5409-colorize-remote-messages.sh | 30 +++++++++++
- 4 files changed, 124 insertions(+), 2 deletions(-)
- create mode 100644 Documentation/config/sideband.txt
-
-diff --git a/Documentation/config.txt b/Documentation/config.txt
-index e3a74dd1c1..5b8bbdee82 100644
---- a/Documentation/config.txt
-+++ b/Documentation/config.txt
-@@ -513,6 +513,8 @@ include::config/sequencer.txt[]
- 
- include::config/showbranch.txt[]
- 
-+include::config/sideband.txt[]
-+
- include::config/sparse.txt[]
- 
- include::config/splitindex.txt[]
-diff --git a/Documentation/config/sideband.txt b/Documentation/config/sideband.txt
-new file mode 100644
-index 0000000000..1adc831667
---- /dev/null
-+++ b/Documentation/config/sideband.txt
-@@ -0,0 +1,16 @@
-+sideband.allowControlCharacters::
-+	By default, control characters that are delivered via the sideband
-+	are NOT masked. Use this config setting to prevent potentially
-+	unwanted ANSI escape sequences from being sent to the terminal:
-++
-+--
-+	color::
-+		Allow ANSI color sequences, line feeds and horizontal tabs,
-+		but mask all other control characters.
-+	false::
-+		Mask all control characters other than line feeds and
-+		horizontal tabs.
-+	true::
-+		Allow all control characters to be sent to the terminal.
-+        This is the default.
-+--
-\ No newline at end of file
-diff --git a/sideband.c b/sideband.c
-index 266a67342b..316a401a5d 100644
---- a/sideband.c
-+++ b/sideband.c
-@@ -23,6 +23,12 @@ static struct keyword_entry keywords[] = {
- 	{ "error",	GIT_COLOR_BOLD_RED },
- };
- 
-+static enum {
-+	ALLOW_NO_CONTROL_CHARACTERS = 0,
-+	ALLOW_ALL_CONTROL_CHARACTERS = 1,
-+	ALLOW_ANSI_COLOR_SEQUENCES = 2
-+} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS;
-+
- /* Returns a color setting (GIT_COLOR_NEVER, etc). */
- static int use_sideband_colors(void)
- {
-@@ -36,6 +42,25 @@ static int use_sideband_colors(void)
- 	if (use_sideband_colors_cached >= 0)
- 		return use_sideband_colors_cached;
- 
-+	switch (git_config_get_maybe_bool("sideband.allowcontrolcharacters", &i)) {
-+	case 0: /* Boolean value */
-+		allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS :
-+			ALLOW_NO_CONTROL_CHARACTERS;
-+		break;
-+	case -1: /* non-Boolean value */
-+		if (git_config_get_string_tmp("sideband.allowcontrolcharacters",
-+							&value))
-+			; /* huh? `get_maybe_bool()` returned -1 */
-+		else if (!strcmp(value, "color"))
-+			allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES;
-+		else
-+			warning(_("unrecognized value for `sideband."
-+					"allowControlCharacters`: '%s'"), value);
-+		break;
-+	default:
-+		break; /* not configured */
-+	}
-+
- 	if (!git_config_get_string(key, &value)) {
- 		use_sideband_colors_cached = git_config_colorbool(key, value);
- 	} else if (!git_config_get_string("color.ui", &value)) {
-@@ -64,6 +89,55 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref
- 		list_config_item(list, prefix, keywords[i].keyword);
- }
- 
-+static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n)
-+{
-+	int i;
-+
-+	/*
-+	 * Valid ANSI color sequences are of the form
-+	 *
-+	 * ESC [ [<n> [; <n>]*] m
-+	 */
-+
-+	if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES ||
-+	    n < 3 || src[0] != '\x1b' || src[1] != '[')
-+		return 0;
-+
-+	for (i = 2; i < n; i++) {
-+		if (src[i] == 'm') {
-+			strbuf_add(dest, src, i + 1);
-+			return i;
-+		}
-+		if (!isdigit(src[i]) && src[i] != ';')
-+			break;
-+	}
-+
-+	return 0;
-+}
-+
-+static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n)
-+{
-+	int i;
-+
-+	if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) {
-+			strbuf_add(dest, src, n);
-+			return;
-+		}
-+	
-+	strbuf_grow(dest, n);
-+	for (; n && *src; src++, n--) {
-+		if (!iscntrl(*src) || *src == '\t' || *src == '\n')
-+			strbuf_addch(dest, *src);
-+		else if ((i = handle_ansi_color_sequence(dest, src, n))) {
-+				src += i;
-+				n -= i;
-+		} else {
-+			strbuf_addch(dest, '^');
-+			strbuf_addch(dest, 0x40 + *src);
-+		}
-+	}
-+}
-+
- /*
-  * Optionally highlight one keyword in remote output if it appears at the start
-  * of the line. This should be called for a single line only, which is
-@@ -79,7 +153,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n)
- 	int i;
- 
- 	if (!want_color_stderr(use_sideband_colors())) {
--		strbuf_add(dest, src, n);
-+		strbuf_add_sanitized(dest, src, n);
- 		return;
- 	}
- 
-@@ -112,7 +186,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n)
- 		}
- 	}
- 
--	strbuf_add(dest, src, n);
-+	strbuf_add_sanitized(dest, src, n);
- }
- 
- 
-diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh
-index fa5de4500a..3b5ff00363 100755
---- a/t/t5409-colorize-remote-messages.sh
-+++ b/t/t5409-colorize-remote-messages.sh
-@@ -98,4 +98,34 @@ test_expect_success 'fallback to color.ui' '
- 	grep "<BOLD;RED>error<RESET>: error" decoded
- '
- 
-+test_expect_success 'disallow (color) control sequences in sideband' '
-+	write_script .git/color-me-surprised <<-\EOF &&
-+	printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2
-+	exec "$@"
-+	EOF
-+	test_config_global uploadPack.packObjectshook ./color-me-surprised &&
-+	test_commit need-at-least-one-commit &&
-+	git -c sideband.allowControlCharacters=color \
-+		clone --no-local . throw-away 2>stderr &&
-+	test_decode_color <stderr >decoded &&
-+	test_grep RED decoded &&
-+	test_grep "\\^G" stderr &&
-+	tr -dc "\\007" <stderr >actual &&
-+	test_must_be_empty actual &&
-+
-+	rm -rf throw-away &&
-+	git -c sideband.allowControlCharacters=false \
-+		clone --no-local . throw-away 2>stderr &&
-+	test_decode_color <stderr >decoded &&
-+	test_grep ! RED decoded &&
-+	test_grep "\\^G" stderr &&
-+
-+	rm -rf throw-away &&
-+	git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr &&
-+	test_decode_color <stderr >decoded &&
-+	test_grep RED decoded &&
-+	tr -dc "\\007" <stderr >actual &&
-+	test_file_not_empty actual
-+'
-+
- test_done
--- 
-2.49.0
-

SOURCES/git-2.43.7-t-avoid-git-config-syntax-from-newer-releases.patch

@@ -1,59 +0,0 @@
-From 428c9241c6918f52ac22fb8e83ce7c736a2f5e00 Mon Sep 17 00:00:00 2001
-From: Todd Zullinger <tmz@pobox.com>
-Date: Tue, 8 Jul 2025 17:05:27 -0400
-Subject: [PATCH] t: avoid git config syntax from newer releases
-
-In a recent security release, 05e9cd64ee (config: quote values
-containing CR character, 2025-05-19) added calls to `git config get`,
-`git config set`, and `git config unset` which are not present on the
-maint-2.43 branch.
-
-These subcommands were added in the following commits, released in
-git-2.46.0:
-
-  4e51389000 (builtin/config: introduce "get" subcommand, 2024-05-06),
-  00bbdde141 (builtin/config: introduce "set" subcommand, 2024-05-06),
-  95ea69c67b (builtin/config: introduce "unset" subcommand, 2024-05-06)
-
-Revert to the previous `git config` syntax for older maintenance
-branches.
-
-Signed-off-by: Todd Zullinger <tmz@pobox.com>
-Signed-off-by: Junio C Hamano <gitster@pobox.com>
----
- t/t1300-config.sh           | 4 ++--
- t/t7450-bad-git-dotfiles.sh | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/t/t1300-config.sh b/t/t1300-config.sh
-index 1010410b7e2926..baf9b4823111d5 100755
---- a/t/t1300-config.sh
-+++ b/t/t1300-config.sh
-@@ -2595,8 +2595,8 @@ test_expect_success 'writing value with trailing CR not stripped on read' '
- 
- 	printf "bar\r\n" >expect &&
- 	git init cr-test &&
--	git -C cr-test config set core.foo $(printf "bar\r") &&
--	git -C cr-test config get core.foo >actual &&
-+	git -C cr-test config core.foo $(printf "bar\r") &&
-+	git -C cr-test config --get core.foo >actual &&
- 
- 	test_cmp expect actual
- '
-diff --git a/t/t7450-bad-git-dotfiles.sh b/t/t7450-bad-git-dotfiles.sh
-index 20262855664a97..d1546e3311b27f 100755
---- a/t/t7450-bad-git-dotfiles.sh
-+++ b/t/t7450-bad-git-dotfiles.sh
-@@ -362,10 +362,10 @@ test_expect_success SYMLINKS,!WINDOWS,!MINGW 'submodule must not checkout into d
- 	git -C repo mv sub $(printf "sub\r") &&
- 
- 	# Ensure config values containing CR are wrapped in quotes.
--	git config unset -f repo/.gitmodules submodule.sub.path &&
-+	git config --unset -f repo/.gitmodules submodule.sub.path &&
- 	printf "\tpath = \"sub\r\"\n" >>repo/.gitmodules &&
- 
--	git config unset -f repo/.git/modules/sub/config core.worktree &&
-+	git config --unset -f repo/.git/modules/sub/config core.worktree &&
- 	{
- 		printf "[core]\n" &&
- 		printf "\tworktree = \"../../../sub\r\"\n"

SPECS/git.spec

@@ -92,7 +92,7 @@
 #global rcrev   .rc0
 
 Name:           git
-Version:        2.43.7
+Version:        2.43.0
 Release:        1%{?rcrev}%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
@@ -138,23 +138,6 @@ Patch4:         0002-t-lib-git-daemon-try-harder-to-find-a-port.patch
 # https://github.com/tmzullinger/git/commit/aa5105dc11
 Patch5:         0003-t-lib-git-svn-try-harder-to-find-a-port.patch
 
-# attr: read attributes from HEAD when bare repo
-#
-# https://github.com/git/git/commit/2386535511d1181afd4e892e2a866ffe5e1d7d21
-Patch6:         git-2.43.0-slow-shallow-clones.patch
-
-# Adds the option to sanitize sideband channel messages
-# CVE-2024-52005 wasn't fixed by upstream. This patch adds the option to harden Git against it.
-# The default behaviour of Git remains unchanged.
-#
-# https://github.com/gitgitgadget/git/pull/1853
-Patch7:         git-2.43.5-sanitize-sideband-channel-messages.patch
-
-# t: avoid git config syntax from newer releases
-#
-# https://github.com/git/git/commit/428c9241c6918f52ac22fb8e83ce7c736a2f5e00
-Patch8:         git-2.43.7-t-avoid-git-config-syntax-from-newer-releases.patch
-
 %if %{with docs}
 # pod2man is needed to build Git.3pm
 BuildRequires:  %{_bindir}/pod2man
@@ -1116,23 +1099,6 @@ rmdir --ignore-fail-on-non-empty "$testdir"
 %{?with_docs:%{_pkgdocdir}/git-svn.html}
 
 %changelog
-* Fri Jul 11 2025 Ondřej Pohořelský <opohorel@redhat.com> - 2.43.7-1
-- update to 2.43.7
-- Resolves: RHEL-102440, RHEL-102454, RHEL-102674, RHEL-102680
-
-* Fri Apr 04 2025 Ondřej Pohořelský <opohorel@redhat.com> - 2.43.5-3
-- add the option to sanitize sideband channel messages
-- Resolves: RHEL-74177
-
-* Fri Nov 15 2024 Ondřej Pohořelský <opohorel@redhat.com> - 2.43.5-2
-- Sync version with the hotfix branch
-- Related: RHEL-64984
-
-* Thu Nov 14 2024 Ondřej Pohořelský <opohorel@redhat.com> - 2.43.0-2
-- Add fix for extremely slow shallow clones
-- Repair t6300 on s390x
-- Resolves: RHEL-64984
-
 * Wed Dec 06 2023 Ondřej Pohořelský <opohorel@redhat.com> - 2.43.0-1
 - Update to 2.43.0
 - Resolves: RHEL-17103