Control: tags 1093042 + patch
Control: tags 1093042 + pending
Dear Jonathan,
I've prepared an NMU for git (versioned as 1:2.47.2-0.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
I'm not sure if you have concerns about the short delay but I
defintively strongly would prefer to have the update first exposed in
unstable, then go down to bookworm releasing the packages.
What I tried is to follow as close as possible your current pckaging
from a git clone merge the upstream v2.47.2 tag for the unstable
upload as this is a supported version.
Differently though for bookworm and cherry-picking there the commits
from the closest down version.
Regards.
Salvatore
diff -Nru git-2.47.1/Documentation/RelNotes/2.40.4.txt git-2.47.2/Documentation/RelNotes/2.40.4.txt
--- git-2.47.1/Documentation/RelNotes/2.40.4.txt 1970-01-01 01:00:00.000000000 +0100
+++ git-2.47.2/Documentation/RelNotes/2.40.4.txt 2025-01-13 23:17:08.000000000 +0100
@@ -0,0 +1,5 @@
+Git v2.40.4 Release Notes
+=========================
+
+This release lets Git refuse to accept URLs that contain control
+sequences. This addresses CVE-2024-50349 and CVE-2024-52006.
diff -Nru git-2.47.1/Documentation/RelNotes/2.41.3.txt git-2.47.2/Documentation/RelNotes/2.41.3.txt
--- git-2.47.1/Documentation/RelNotes/2.41.3.txt 1970-01-01 01:00:00.000000000 +0100
+++ git-2.47.2/Documentation/RelNotes/2.41.3.txt 2025-01-13 23:17:08.000000000 +0100
@@ -0,0 +1,6 @@
+Git v2.41.3 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4 to address
+the security issues CVE-2024-50349 and CVE-2024-52006; see the
+release notes for that version for details.
diff -Nru git-2.47.1/Documentation/RelNotes/2.42.4.txt git-2.47.2/Documentation/RelNotes/2.42.4.txt
--- git-2.47.1/Documentation/RelNotes/2.42.4.txt 1970-01-01 01:00:00.000000000 +0100
+++ git-2.47.2/Documentation/RelNotes/2.42.4.txt 2025-01-13 23:17:08.000000000 +0100
@@ -0,0 +1,6 @@
+Git v2.42.4 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4 and v2.41.3
+to address the security issues CVE-2024-50349 and CVE-2024-52006;
+see the release notes for these versions for details.
diff -Nru git-2.47.1/Documentation/RelNotes/2.43.6.txt git-2.47.2/Documentation/RelNotes/2.43.6.txt
--- git-2.47.1/Documentation/RelNotes/2.43.6.txt 1970-01-01 01:00:00.000000000 +0100
+++ git-2.47.2/Documentation/RelNotes/2.43.6.txt 2025-01-13 23:17:08.000000000 +0100
@@ -0,0 +1,7 @@
+Git v2.43.6 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3
+and v2.42.4 to address the security issues CVE-2024-50349 and
+CVE-2024-52006; see the release notes for these versions for
+details.
diff -Nru git-2.47.1/Documentation/RelNotes/2.44.3.txt git-2.47.2/Documentation/RelNotes/2.44.3.txt
--- git-2.47.1/Documentation/RelNotes/2.44.3.txt 1970-01-01 01:00:00.000000000 +0100
+++ git-2.47.2/Documentation/RelNotes/2.44.3.txt 2025-01-13 23:17:08.000000000 +0100
@@ -0,0 +1,7 @@
+Git v2.44.3 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3,
+v2.42.4 and v2.43.6 to address the security issues CVE-2024-50349
+and CVE-2024-52006; see the release notes for these versions
+for details.
diff -Nru git-2.47.1/Documentation/RelNotes/2.45.3.txt git-2.47.2/Documentation/RelNotes/2.45.3.txt
--- git-2.47.1/Documentation/RelNotes/2.45.3.txt 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/Documentation/RelNotes/2.45.3.txt 2025-01-13 23:17:08.000000000 +0100
@@ -1,7 +1,12 @@
Git v2.45.3 Release Notes
=========================
-This primarily is to backport various small fixes accumulated on the
+This release merges up the fix that appears in v2.40.4, v2.41.3,
+v2.42.4, v2.43.6 and v2.44.3 to address the security issues
+CVE-2024-50349 and CVE-2024-52006; see the release notes for
+these versions for details.
+
+This version also backports various small fixes accumulated on the
'master' front during the development towards Git 2.46, the next
feature release.
diff -Nru git-2.47.1/Documentation/RelNotes/2.46.3.txt git-2.47.2/Documentation/RelNotes/2.46.3.txt
--- git-2.47.1/Documentation/RelNotes/2.46.3.txt 1970-01-01 01:00:00.000000000 +0100
+++ git-2.47.2/Documentation/RelNotes/2.46.3.txt 2025-01-13 23:17:08.000000000 +0100
@@ -0,0 +1,6 @@
+Git v2.46.3 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3, v2.42.4,
+v2.43.6, v2.44.3 and v2.45.3 to address the security issues CVE-2024-50349 and
+CVE-2024-52006; see the release notes for these versions for details.
diff -Nru git-2.47.1/Documentation/RelNotes/2.47.2.txt git-2.47.2/Documentation/RelNotes/2.47.2.txt
--- git-2.47.1/Documentation/RelNotes/2.47.2.txt 1970-01-01 01:00:00.000000000 +0100
+++ git-2.47.2/Documentation/RelNotes/2.47.2.txt 2025-01-13 23:17:08.000000000 +0100
@@ -0,0 +1,7 @@
+Git v2.47.2 Release Notes
+=========================
+
+This release merges up the fix that appears in v2.40.4, v2.41.3,
+v2.42.4, v2.43.6, v2.44.3, v2.45.3 and v2.46.3 to address the
+security issues CVE-2024-50349 and CVE-2024-52006; see the release
+notes for these versions for details.
diff -Nru git-2.47.1/Documentation/config/credential.txt git-2.47.2/Documentation/config/credential.txt
--- git-2.47.1/Documentation/config/credential.txt 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/Documentation/config/credential.txt 2025-01-13 23:17:08.000000000 +0100
@@ -22,6 +22,17 @@
or https URL to be important. Defaults to false. See
linkgit:gitcredentials[7] for more information.
+credential.sanitizePrompt::
+ By default, user names and hosts that are shown as part of the
+ password prompt are not allowed to contain control characters (they
+ will be URL-encoded by default). Configure this setting to `false` to
+ override that behavior.
+
+credential.protectProtocol::
+ By default, Carriage Return characters are not allowed in the protocol
+ that is used when Git talks to a credential helper. This setting allows
+ users to override this default.
+
credential.username::
If no username is set for a network authentication, use this username
by default. See credential.<context>.* below, and
diff -Nru git-2.47.1/configure git-2.47.2/configure
--- git-2.47.1/configure 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/configure 2025-01-13 23:17:08.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for git 2.47.1.
+# Generated by GNU Autoconf 2.71 for git 2.47.2.
#
# Report bugs to <g...@vger.kernel.org>.
#
@@ -611,8 +611,8 @@
# Identity of this package.
PACKAGE_NAME='git'
PACKAGE_TARNAME='git'
-PACKAGE_VERSION='2.47.1'
-PACKAGE_STRING='git 2.47.1'
+PACKAGE_VERSION='2.47.2'
+PACKAGE_STRING='git 2.47.2'
PACKAGE_BUGREPORT='g...@vger.kernel.org'
PACKAGE_URL=''
@@ -1290,7 +1290,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures git 2.47.1 to adapt to many kinds of systems.
+\`configure' configures git 2.47.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1352,7 +1352,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of git 2.47.1:";;
+ short | recursive ) echo "Configuration of git 2.47.2:";;
esac
cat <<\_ACEOF
@@ -1495,7 +1495,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-git configure 2.47.1
+git configure 2.47.2
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1911,7 +1911,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by git $as_me 2.47.1, which was
+It was created by git $as_me 2.47.2, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -8892,7 +8892,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by git $as_me 2.47.1, which was
+This file was extended by git $as_me 2.47.2, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -8951,7 +8951,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-git config.status 2.47.1
+git config.status 2.47.2
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -Nru git-2.47.1/credential.c git-2.47.2/credential.c
--- git-2.47.1/credential.c 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/credential.c 2025-01-13 23:17:08.000000000 +0100
@@ -12,7 +12,7 @@
#include "sigchain.h"
#include "strbuf.h"
#include "urlmatch.h"
-#include "git-compat-util.h"
+#include "environment.h"
#include "trace2.h"
#include "repository.h"
@@ -129,6 +129,10 @@
}
else if (!strcmp(key, "usehttppath"))
c->use_http_path = git_config_bool(var, value);
+ else if (!strcmp(key, "sanitizeprompt"))
+ c->sanitize_prompt = git_config_bool(var, value);
+ else if (!strcmp(key, "protectprotocol"))
+ c->protect_protocol = git_config_bool(var, value);
return 0;
}
@@ -226,7 +230,8 @@
strbuf_addch(out, '@');
}
if (c->host)
- strbuf_addstr(out, c->host);
+ strbuf_add_percentencode(out, c->host,
+ STRBUF_ENCODE_HOST_AND_PORT);
if (c->path) {
strbuf_addch(out, '/');
strbuf_add_percentencode(out, c->path, 0);
@@ -240,7 +245,10 @@
struct strbuf prompt = STRBUF_INIT;
char *r;
- credential_describe(c, &desc);
+ if (c->sanitize_prompt)
+ credential_format(c, &desc);
+ else
+ credential_describe(c, &desc);
if (desc.len)
strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf);
else
@@ -381,7 +389,8 @@
return 0;
}
-static void credential_write_item(FILE *fp, const char *key, const char *value,
+static void credential_write_item(const struct credential *c,
+ FILE *fp, const char *key, const char *value,
int required)
{
if (!value && required)
@@ -390,6 +399,10 @@
return;
if (strchr(value, '\n'))
die("credential value for %s contains newline", key);
+ if (c->protect_protocol && strchr(value, '\r'))
+ die("credential value for %s contains carriage return\n"
+ "If this is intended, set `credential.protectProtocol=false`",
+ key);
fprintf(fp, "%s=%s\n", key, value);
}
@@ -397,34 +410,34 @@
enum credential_op_type op_type)
{
if (credential_has_capability(&c->capa_authtype, op_type))
- credential_write_item(fp, "capability[]", "authtype", 0);
+ credential_write_item(c, fp, "capability[]", "authtype", 0);
if (credential_has_capability(&c->capa_state, op_type))
- credential_write_item(fp, "capability[]", "state", 0);
+ credential_write_item(c, fp, "capability[]", "state", 0);
if (credential_has_capability(&c->capa_authtype, op_type)) {
- credential_write_item(fp, "authtype", c->authtype, 0);
- credential_write_item(fp, "credential", c->credential, 0);
+ credential_write_item(c, fp, "authtype", c->authtype, 0);
+ credential_write_item(c, fp, "credential", c->credential, 0);
if (c->ephemeral)
- credential_write_item(fp, "ephemeral", "1", 0);
+ credential_write_item(c, fp, "ephemeral", "1", 0);
}
- credential_write_item(fp, "protocol", c->protocol, 1);
- credential_write_item(fp, "host", c->host, 1);
- credential_write_item(fp, "path", c->path, 0);
- credential_write_item(fp, "username", c->username, 0);
- credential_write_item(fp, "password", c->password, 0);
- credential_write_item(fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
+ credential_write_item(c, fp, "protocol", c->protocol, 1);
+ credential_write_item(c, fp, "host", c->host, 1);
+ credential_write_item(c, fp, "path", c->path, 0);
+ credential_write_item(c, fp, "username", c->username, 0);
+ credential_write_item(c, fp, "password", c->password, 0);
+ credential_write_item(c, fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
if (c->password_expiry_utc != TIME_MAX) {
char *s = xstrfmt("%"PRItime, c->password_expiry_utc);
- credential_write_item(fp, "password_expiry_utc", s, 0);
+ credential_write_item(c, fp, "password_expiry_utc", s, 0);
free(s);
}
for (size_t i = 0; i < c->wwwauth_headers.nr; i++)
- credential_write_item(fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
+ credential_write_item(c, fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
if (credential_has_capability(&c->capa_state, op_type)) {
if (c->multistage)
- credential_write_item(fp, "continue", "1", 0);
+ credential_write_item(c, fp, "continue", "1", 0);
for (size_t i = 0; i < c->state_headers_to_send.nr; i++)
- credential_write_item(fp, "state[]", c->state_headers_to_send.v[i], 0);
+ credential_write_item(c, fp, "state[]", c->state_headers_to_send.v[i], 0);
}
}
diff -Nru git-2.47.1/credential.h git-2.47.2/credential.h
--- git-2.47.1/credential.h 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/credential.h 2025-01-13 23:17:08.000000000 +0100
@@ -168,7 +168,9 @@
multistage: 1,
quit:1,
use_http_path:1,
- username_from_proto:1;
+ username_from_proto:1,
+ sanitize_prompt:1,
+ protect_protocol:1;
struct credential_capability capa_authtype;
struct credential_capability capa_state;
@@ -195,6 +197,8 @@
.wwwauth_headers = STRVEC_INIT, \
.state_headers = STRVEC_INIT, \
.state_headers_to_send = STRVEC_INIT, \
+ .sanitize_prompt = 1, \
+ .protect_protocol = 1, \
}
/* Initialize a credential structure, setting all fields to empty. */
diff -Nru git-2.47.1/debian/changelog git-2.47.2/debian/changelog
--- git-2.47.1/debian/changelog 2025-01-02 13:12:25.000000000 +0100
+++ git-2.47.2/debian/changelog 2025-01-19 09:06:17.000000000 +0100
@@ -1,3 +1,11 @@
+git (1:2.47.2-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * new upstream release (see Documentation/RelNotes/2.47.2.txt; addresses
+ CVE-2024-50349 and CVE-2024-52006; Closes: #1093042).
+
+ -- Salvatore Bonaccorso <car...@debian.org> Sun, 19 Jan 2025 09:06:17 +0100
+
git (1:2.47.1-1) unstable; urgency=low
* new upstream release (see RelNotes/2.46.0.txt, RelNotes/2.47.0.txt).
diff -Nru git-2.47.1/strbuf.c git-2.47.2/strbuf.c
--- git-2.47.1/strbuf.c 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/strbuf.c 2025-01-13 23:17:08.000000000 +0100
@@ -495,7 +495,9 @@
unsigned char ch = src[i];
if (ch <= 0x1F || ch >= 0x7F ||
(ch == '/' && (flags & STRBUF_ENCODE_SLASH)) ||
- strchr(URL_UNSAFE_CHARS, ch))
+ ((flags & STRBUF_ENCODE_HOST_AND_PORT) ?
+ !isalnum(ch) && !strchr("-.:[]", ch) :
+ !!strchr(URL_UNSAFE_CHARS, ch)))
strbuf_addf(dst, "%%%02X", (unsigned char)ch);
else
strbuf_addch(dst, ch);
diff -Nru git-2.47.1/strbuf.h git-2.47.2/strbuf.h
--- git-2.47.1/strbuf.h 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/strbuf.h 2025-01-13 23:17:08.000000000 +0100
@@ -356,6 +356,7 @@
void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src);
#define STRBUF_ENCODE_SLASH 1
+#define STRBUF_ENCODE_HOST_AND_PORT 2
/**
* Append the contents of a string to a strbuf, percent-encoding any characters
diff -Nru git-2.47.1/t/t0300-credentials.sh git-2.47.2/t/t0300-credentials.sh
--- git-2.47.1/t/t0300-credentials.sh 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/t/t0300-credentials.sh 2025-01-13 23:17:08.000000000 +0100
@@ -77,6 +77,10 @@
test -z "$pexpiry" || echo password_expiry_utc=$pexpiry
EOF
+ write_script git-credential-cntrl-in-username <<-\EOF &&
+ printf "username=\\007latrix Lestrange\\n"
+ EOF
+
PATH="$PWD:$PATH"
'
@@ -697,6 +701,19 @@
EOF
'
+test_expect_success 'match percent-encoded values in hostname' '
+ test_config "credential.https://a%20b%20c/.helper"; "$HELPER" &&
+ check fill <<-\EOF
+ url=https://a b c/
+ --
+ protocol=https
+ host=a b c
+ username=foo
+ password=bar
+ --
+ EOF
+'
+
test_expect_success 'fetch with multiple path components' '
test_unconfig credential.helper &&
test_config credential.https://example.com/foo/repo.git.helper "verbatim foo bar" &&
@@ -886,6 +903,22 @@
test_cmp expect stderr
'
+test_expect_success 'url parser rejects embedded carriage returns' '
+ test_config credential.helper "!true" &&
+ test_must_fail git credential fill 2>stderr <<-\EOF &&
+ url=https://example%0d.com/
+ EOF
+ cat >expect <<-\EOF &&
+ fatal: credential value for host contains carriage return
+ If this is intended, set `credential.protectProtocol=false`
+ EOF
+ test_cmp expect stderr &&
+ GIT_ASKPASS=true \
+ git -c credential.protectProtocol=false credential fill <<-\EOF
+ url=https://example%0d.com/
+ EOF
+'
+
test_expect_success 'host-less URLs are parsed as empty host' '
check fill "verbatim foo bar" <<-\EOF
url=cert:///path/to/cert.pem
@@ -995,4 +1028,20 @@
test_grep "skipping credential lookup for key" stderr
'
+BEL="$(printf '\007')"
+
+test_expect_success 'interactive prompt is sanitized' '
+ check fill cntrl-in-username <<-EOF
+ protocol=https
+ host=example.org
+ --
+ protocol=https
+ host=example.org
+ username=${BEL}latrix Lestrange
+ password=askpass-password
+ --
+ askpass: Password for ${SQ}https://%07latrix%20lestra...@example.org${SQ}:
+ EOF
+'
+
test_done
diff -Nru git-2.47.1/t/t5541-http-push-smart.sh git-2.47.2/t/t5541-http-push-smart.sh
--- git-2.47.1/t/t5541-http-push-smart.sh 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/t/t5541-http-push-smart.sh 2025-01-13 23:17:08.000000000 +0100
@@ -344,7 +344,7 @@
git push "$HTTPD_URL"/auth/smart/test_repo.git &&
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \
log -1 --format=%s >actual &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
test_cmp expect actual
'
@@ -356,7 +356,7 @@
git push "$HTTPD_URL"/auth-push/smart/test_repo.git &&
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \
log -1 --format=%s >actual &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
test_cmp expect actual
'
@@ -386,7 +386,7 @@
git push "$HTTPD_URL/half-auth-complete/smart/half-auth.git" &&
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/half-auth.git" \
log -1 --format=%s >actual &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
test_cmp expect actual
'
diff -Nru git-2.47.1/t/t5550-http-fetch-dumb.sh git-2.47.2/t/t5550-http-fetch-dumb.sh
--- git-2.47.1/t/t5550-http-fetch-dumb.sh 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/t/t5550-http-fetch-dumb.sh 2025-01-13 23:17:08.000000000 +0100
@@ -112,13 +112,13 @@
test_expect_success 'http auth can use just user in URL' '
set_askpass wrong pass@host &&
git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'http auth can request both user and pass' '
set_askpass user@host pass@host &&
git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both &&
- expect_askpass both user@host
+ expect_askpass both user%40host
'
test_expect_success 'http auth respects credential helper config' '
@@ -136,14 +136,14 @@
test_config_global "credential.$HTTPD_URL.username" user@host &&
set_askpass wrong pass@host &&
git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'configured username does not override URL' '
test_config_global "credential.$HTTPD_URL.username" wrong &&
set_askpass wrong pass@host &&
git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'set up repo with http submodules' '
@@ -164,7 +164,7 @@
set_askpass wrong pass@host &&
git -c "credential.$HTTPD_URL.username=user@host" \
clone --recursive super super-clone &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'cmdline credential config passes submodule via fetch' '
@@ -175,7 +175,7 @@
git -C super-clone \
-c "credential.$HTTPD_URL.username=user@host" \
fetch --recurse-submodules &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'cmdline credential config passes submodule update' '
@@ -192,7 +192,7 @@
git -C super-clone \
-c "credential.$HTTPD_URL.username=user@host" \
submodule update &&
- expect_askpass pass user@host
+ expect_askpass pass user%40host
'
test_expect_success 'fetch changes via http' '
diff -Nru git-2.47.1/t/t5551-http-fetch-smart.sh git-2.47.2/t/t5551-http-fetch-smart.sh
--- git-2.47.1/t/t5551-http-fetch-smart.sh 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/t/t5551-http-fetch-smart.sh 2025-01-13 23:17:08.000000000 +0100
@@ -182,7 +182,7 @@
echo two >expect &&
set_askpass user@host pass@host &&
git clone --bare "$HTTPD_URL/auth/smart/repo.git" smart-auth &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
git --git-dir=smart-auth log -1 --format=%s >actual &&
test_cmp expect actual
'
@@ -222,7 +222,7 @@
echo two >expect &&
set_askpass user@host pass@host &&
git clone --bare "$HTTPD_URL/auth-fetch/smart/repo.git" half-auth &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
git --git-dir=half-auth log -1 --format=%s >actual &&
test_cmp expect actual
'
@@ -247,14 +247,14 @@
set_askpass user@host pass@host &&
git -c credential.useHttpPath=true \
clone $HTTPD_URL/smart-redir-auth/repo.git repo-redir-auth &&
- expect_askpass both user@host auth/smart/repo.git
+ expect_askpass both user%40host auth/smart/repo.git
'
test_expect_success 'GIT_TRACE_CURL redacts auth details' '
rm -rf redact-auth trace &&
set_askpass user@host pass@host &&
GIT_TRACE_CURL="$(pwd)/trace" git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
# Ensure that there is no "Basic" followed by a base64 string, but that
# the auth details are redacted
@@ -266,7 +266,7 @@
rm -rf redact-auth trace &&
set_askpass user@host pass@host &&
GIT_CURL_VERBOSE=1 git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth 2>trace &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
# Ensure that there is no "Basic" followed by a base64 string, but that
# the auth details are redacted
@@ -279,7 +279,7 @@
set_askpass user@host pass@host &&
GIT_TRACE_REDACT=0 GIT_TRACE_CURL="$(pwd)/trace" \
git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace
'
@@ -593,7 +593,7 @@
# the first request prompts the user...
set_askpass user@host pass@host &&
git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null &&
- expect_askpass both user@host &&
+ expect_askpass both user%40host &&
# ...and the second one uses the stored value rather than
# prompting the user.
@@ -624,7 +624,7 @@
# us to prompt the user again.
set_askpass user@host pass@host &&
git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null &&
- expect_askpass both user@host
+ expect_askpass both user%40host
'
test_expect_success 'client falls back from v2 to v0 to match server' '
diff -Nru git-2.47.1/t/t7300-clean.sh git-2.47.2/t/t7300-clean.sh
--- git-2.47.1/t/t7300-clean.sh 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/t/t7300-clean.sh 2025-01-13 23:17:08.000000000 +0100
@@ -747,7 +747,7 @@
test_must_fail git clean -xdf 2>.git/err &&
# grepping for a strerror string is unportable but it is OK here with
# MINGW prereq
- test_grep "too long" .git/err
+ test_grep -e "too long" -e "No such file or directory" .git/err
'
test_expect_success 'clean untracked paths by pathspec' '
diff -Nru git-2.47.1/version git-2.47.2/version
--- git-2.47.1/version 2024-11-25 06:39:52.000000000 +0100
+++ git-2.47.2/version 2025-01-13 23:17:08.000000000 +0100
@@ -1 +1 @@
-2.47.1
+2.47.2
