From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Wed, 30 Oct 2024 00:03:44 +0000 (+0100)
Subject: Sync with 2.45.3
X-Git-Tag: v2.46.3~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=67809f7c4c654e0f7c4fefff3b46451e217a0294;p=thirdparty%2Fgit.git

Sync with 2.45.3

* maint-2.45:
  Git 2.45.3
  Git 2.44.3
  Git 2.43.6
  Git 2.42.4
  Git 2.41.3
  Git 2.40.4
  credential: disallow Carriage Returns in the protocol by default
  credential: sanitize the user prompt
  credential_format(): also encode <host>[:<port>]
  t7300: work around platform-specific behaviour with long paths on MinGW
  compat/regex: fix argument order to calloc(3)
  mingw: drop bogus (and unneeded) declaration of `_pgmptr`
  ci: remove 'Upload failed tests' directories' step from linux32 jobs
---

67809f7c4c654e0f7c4fefff3b46451e217a0294
diff --cc credential.c
index 4b1a2b94fe,ef8477a7a6..eb0d394c03
--- a/credential.c
+++ b/credential.c
@@@ -367,39 -293,21 +380,39 @@@ static void credential_write_item(cons
  	fprintf(fp, "%s=%s\n", key, value);
  }
  
 -void credential_write(const struct credential *c, FILE *fp)
 +void credential_write(const struct credential *c, FILE *fp,
 +		      enum credential_op_type op_type)
  {
 +	if (credential_has_capability(&c->capa_authtype, op_type))
- 		credential_write_item(fp, "capability[]", "authtype", 0);
++		credential_write_item(c, fp, "capability[]", "authtype", 0);
 +	if (credential_has_capability(&c->capa_state, op_type))
- 		credential_write_item(fp, "capability[]", "state", 0);
++		credential_write_item(c, fp, "capability[]", "state", 0);
 +
 +	if (credential_has_capability(&c->capa_authtype, op_type)) {
- 		credential_write_item(fp, "authtype", c->authtype, 0);
- 		credential_write_item(fp, "credential", c->credential, 0);
++		credential_write_item(c, fp, "authtype", c->authtype, 0);
++		credential_write_item(c, fp, "credential", c->credential, 0);
 +		if (c->ephemeral)
- 			credential_write_item(fp, "ephemeral", "1", 0);
++			credential_write_item(c, fp, "ephemeral", "1", 0);
 +	}
- 	credential_write_item(fp, "protocol", c->protocol, 1);
- 	credential_write_item(fp, "host", c->host, 1);
- 	credential_write_item(fp, "path", c->path, 0);
- 	credential_write_item(fp, "username", c->username, 0);
- 	credential_write_item(fp, "password", c->password, 0);
- 	credential_write_item(fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
+ 	credential_write_item(c, fp, "protocol", c->protocol, 1);
+ 	credential_write_item(c, fp, "host", c->host, 1);
+ 	credential_write_item(c, fp, "path", c->path, 0);
+ 	credential_write_item(c, fp, "username", c->username, 0);
+ 	credential_write_item(c, fp, "password", c->password, 0);
+ 	credential_write_item(c, fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
  	if (c->password_expiry_utc != TIME_MAX) {
  		char *s = xstrfmt("%"PRItime, c->password_expiry_utc);
- 		credential_write_item(fp, "password_expiry_utc", s, 0);
+ 		credential_write_item(c, fp, "password_expiry_utc", s, 0);
  		free(s);
  	}
  	for (size_t i = 0; i < c->wwwauth_headers.nr; i++)
- 		credential_write_item(fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
+ 		credential_write_item(c, fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
 +	if (credential_has_capability(&c->capa_state, op_type)) {
 +		if (c->multistage)
- 			credential_write_item(fp, "continue", "1", 0);
++			credential_write_item(c, fp, "continue", "1", 0);
 +		for (size_t i = 0; i < c->state_headers_to_send.nr; i++)
- 			credential_write_item(fp, "state[]", c->state_headers_to_send.v[i], 0);
++			credential_write_item(c, fp, "state[]", c->state_headers_to_send.v[i], 0);
 +	}
  }
  
  static int run_credential_helper(struct credential *c,
diff --cc credential.h
index 5f9e6ff2ef,3b84871412..63fef3e2ea
--- a/credential.h
+++ b/credential.h
@@@ -163,19 -131,15 +163,21 @@@ struct credential 
  	unsigned header_is_last_match:1;
  
  	unsigned approved:1,
 +		 ephemeral:1,
  		 configured:1,
 +		 multistage: 1,
  		 quit:1,
  		 use_http_path:1,
- 		 username_from_proto:1;
+ 		 username_from_proto:1,
+ 		 sanitize_prompt:1,
+ 		 protect_protocol:1;
  
 +	struct credential_capability capa_authtype;
 +	struct credential_capability capa_state;
 +
  	char *username;
  	char *password;
 +	char *credential;
  	char *protocol;
  	char *host;
  	char *path;
@@@ -193,8 -151,8 +195,10 @@@
  	.helpers = STRING_LIST_INIT_DUP, \
  	.password_expiry_utc = TIME_MAX, \
  	.wwwauth_headers = STRVEC_INIT, \
 +	.state_headers = STRVEC_INIT, \
 +	.state_headers_to_send = STRVEC_INIT, \
+ 	.sanitize_prompt = 1, \
+ 	.protect_protocol = 1, \
  }
  
  /* Initialize a credential structure, setting all fields to empty. */