git/contrib, branch v2.45.3

completion: zsh: stop leaking local cache variable

2024-04-30T22:24:56Z

Completing commands like "git rebase" in one repository will leak the local __git_repo_path into the shell's environment so that completing commands after changing to a different repository will give the old repository's references (or none at all). The bug report on the mailing list [1] suggests one simple way to observe this yourself: Enter the following commands from some directory: mkdir a b b/c for d (a b); git -C $d init && git -C $d commit --allow-empty -m init cd a git branch foo pushd ../b/c git branch bar Now type these: git rebase … # completion for bar available; C-c to abort declare -p __git_repo_path # outputs /path/to/b/.git popd git branch # outputs foo, main git rebase … # completion candidates are bar, main! Ideally, the last typed should be yielding foo, main. Commit beb6ee7163 (completion: extract repository discovery from __gitdir(), 2017-02-03) anticipated this problem by marking __git_repo_path as local in __git_main and __gitk_main for Bash completion but did not give the same mark to _git for Zsh completion. Thus make __git_repo_path local for Zsh completion, too. [1]: https://lore.kernel.org/git/CALnO6CBv3+e2WL6n6Mh7ZZHCX2Ni8GpvM4a-bQYxNqjmgZdwdg@mail.gmail.com/ Signed-off-by: D. Ben Knoble Signed-off-by: Junio C Hamano

Merge branch 'ba/osxkeychain-updates'

2024-04-16T21:50:30Z

Update osxkeychain backend with features required for the recent credential subsystem. * ba/osxkeychain-updates: osxkeychain: store new attributes osxkeychain: erase matching passwords only osxkeychain: erase all matching credentials osxkeychain: replace deprecated SecKeychain API

Merge branch 'rs/apply-lift-path-length-limit'

2024-04-15T21:11:42Z

"git apply" has been updated to lift the hardcoded pathname length limit, which in turn allowed a mksnpath() function that is no longer used. * rs/apply-lift-path-length-limit: path: remove mksnpath() apply: avoid fixed-size buffer in create_one_file()

Merge branch 'vs/complete-with-set-u-fix'

2024-04-10T17:00:08Z

Another "set -u" fix for the bash prompt (in contrib/) script. * vs/complete-with-set-u-fix: completion: protect prompt against unset SHOWUPSTREAM in nounset mode completion: fix prompt with unset SHOWCONFLICTSTATE in nounset mode

path: remove mksnpath()

2024-04-05T16:49:38Z

Remove the function mksnpath(), which has become unused. Signed-off-by: René Scharfe Signed-off-by: Junio C Hamano

osxkeychain: store new attributes

2024-04-01T22:38:20Z

d208bfdfef (credential: new attribute password_expiry_utc, 2023-02-18) and a5c76569e7 (credential: new attribute oauth_refresh_token, 2023-04-21) introduced new credential attributes but support was missing from git-credential-osxkeychain. Support these attributes by appending the data to the password in the keychain, separated by line breaks. Line breaks cannot appear in a git credential password so it is an appropriate separator. Fixes the remaining test failures with osxkeychain: 18 - helper (osxkeychain) gets password_expiry_utc 19 - helper (osxkeychain) overwrites when password_expiry_utc changes 21 - helper (osxkeychain) gets oauth_refresh_token Signed-off-by: Bo Anderson Signed-off-by: Junio C Hamano

osxkeychain: erase matching passwords only

2024-04-01T22:38:20Z

Other credential helpers support deleting credentials that match a specified password. See 7144dee3ec (credential/libsecret: erase matching creds only, 2023-07-26) and cb626f8e5c (credential/wincred: erase matching creds only, 2023-07-26). Support this in osxkeychain too by extracting, decrypting and comparing the stored password before deleting. Fixes the following test failure with osxkeychain: 11 - helper (osxkeychain) does not erase a password distinct from input Signed-off-by: Bo Anderson Signed-off-by: Junio C Hamano

osxkeychain: erase all matching credentials

2024-04-01T22:38:20Z

Other credential managers erased all matching credentials, as indicated by a test case that osxkeychain failed: 15 - helper (osxkeychain) erases all matching credentials Signed-off-by: Bo Anderson Signed-off-by: Junio C Hamano

osxkeychain: replace deprecated SecKeychain API

2024-04-01T22:38:19Z

The SecKeychain API was deprecated in macOS 10.10, nearly 10 years ago. The replacement SecItem API however is available as far back as macOS 10.6. While supporting older macOS was perhaps prevously a concern, git-credential-osxkeychain already requires a minimum of macOS 10.7 since 5747c8072b (contrib/credential: avoid fixed-size buffer in osxkeychain, 2023-05-01) so using the newer API should not regress the range of macOS versions supported. Adapting to use the newer SecItem API also happens to fix two test failures in osxkeychain: 8 - helper (osxkeychain) overwrites on store 9 - helper (osxkeychain) can forget host The new API is compatible with credentials saved with the older API. Signed-off-by: Bo Anderson Signed-off-by: Junio C Hamano

completion: protect prompt against unset SHOWUPSTREAM in nounset mode

2024-04-01T19:38:23Z

As it stands, the only call site of `__git_ps1_show_upstream` checks that the `GIT_PS1_SHOWUPSTREAM` variable is set, so this is effectively a no-op. However, that might change, and chances of noticing the unprotected use might not be that high when it does. Signed-off-by: Ville Skyttä Signed-off-by: Junio C Hamano