Version in base suite: 2.39.5-0+deb12u1 Base version: git_2.39.5-0+deb12u1 Target version: git_2.39.5-0+deb12u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/g/git/git_2.39.5-0+deb12u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/g/git/git_2.39.5-0+deb12u2.dsc changelog | 10 patches/credential-disallow-Carriage-Returns-in-the-protocol.patch | 150 +++++ patches/credential-sanitize-the-user-prompt.patch | 300 ++++++++++ patches/credential_format-also-encode-host-port.patch | 99 +++ patches/series | 3 5 files changed, 562 insertions(+) Unrecognised file line in .dsc: -----BEGIN PGP SIGNATURE----- diff -Nru git-2.39.5/debian/changelog git-2.39.5/debian/changelog --- git-2.39.5/debian/changelog 2024-06-16 17:37:10.000000000 +0000 +++ git-2.39.5/debian/changelog 2025-01-11 19:46:03.000000000 +0000 @@ -1,3 +1,13 @@ +git (1:2.39.5-0+deb12u2) bookworm-security; urgency=high + + * Non-maintainer upload by the Security Team. + * credential_format(): also encode [:] + * credential: sanitize the user prompt (CVE-2024-50349) + * credential: disallow Carriage Returns in the protocol by default + (CVE-2024-52006) + + -- Salvatore Bonaccorso Sat, 11 Jan 2025 20:46:03 +0100 + git (1:2.39.5-0+deb12u1) bookworm-security; urgency=medium * new upstream point release (see RelNotes/2.39.3.txt, diff -Nru git-2.39.5/debian/patches/credential-disallow-Carriage-Returns-in-the-protocol.patch git-2.39.5/debian/patches/credential-disallow-Carriage-Returns-in-the-protocol.patch --- git-2.39.5/debian/patches/credential-disallow-Carriage-Returns-in-the-protocol.patch 1970-01-01 00:00:00.000000000 +0000 +++ git-2.39.5/debian/patches/credential-disallow-Carriage-Returns-in-the-protocol.patch 2025-01-11 19:44:41.000000000 +0000 @@ -0,0 +1,150 @@ +From: Johannes Schindelin +Date: Mon, 4 Nov 2024 14:48:22 +0100 +Subject: [3/3] credential: disallow Carriage Returns in the protocol by + default +Origin: https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 + +While Git has documented that the credential protocol is line-based, +with newlines as terminators, the exact shape of a newline has not been +documented. + +From Git's perspective, which is firmly rooted in the Linux ecosystem, +it is clear that "a newline" means a Line Feed character. + +However, even Git's credential protocol respects Windows line endings +(a Carriage Return character followed by a Line Feed character, "CR/LF") +by virtue of using `strbuf_getline()`. + +There is a third category of line endings that has been used originally +by MacOS, and that is respected by the default line readers of .NET and +node.js: bare Carriage Returns. + +Git cannot handle those, and what is worse: Git's remedy against +CVE-2020-5260 does not catch when credential helpers are used that +interpret bare Carriage Returns as newlines. + +Git Credential Manager addressed this as CVE-2024-50338, but other +credential helpers may still be vulnerable. So let's not only disallow +Line Feed characters as part of the values in the credential protocol, +but also disallow Carriage Return characters. + +In the unlikely event that a credential helper relies on Carriage +Returns in the protocol, introduce an escape hatch via the +`credential.protectProtocol` config setting. + +This addresses CVE-2024-52006. + +Signed-off-by: Johannes Schindelin +--- + Documentation/config/credential.txt | 5 +++++ + credential.c | 21 ++++++++++++++------- + credential.h | 4 +++- + t/t0300-credentials.sh | 16 ++++++++++++++++ + 4 files changed, 38 insertions(+), 8 deletions(-) + +--- a/Documentation/config/credential.txt ++++ b/Documentation/config/credential.txt +@@ -20,6 +20,11 @@ credential.sanitizePrompt:: + will be URL-encoded by default). Configure this setting to `false` to + override that behavior. + ++credential.protectProtocol:: ++ By default, Carriage Return characters are not allowed in the protocol ++ that is used when Git talks to a credential helper. This setting allows ++ users to override this default. ++ + credential.username:: + If no username is set for a network authentication, use this username + by default. See credential..* below, and +--- a/credential.c ++++ b/credential.c +@@ -68,6 +68,8 @@ static int credential_config_callback(co + c->use_http_path = git_config_bool(var, value); + else if (!strcmp(key, "sanitizeprompt")) + c->sanitize_prompt = git_config_bool(var, value); ++ else if (!strcmp(key, "protectprotocol")) ++ c->protect_protocol = git_config_bool(var, value); + + return 0; + } +@@ -256,7 +258,8 @@ int credential_read(struct credential *c + return 0; + } + +-static void credential_write_item(FILE *fp, const char *key, const char *value, ++static void credential_write_item(const struct credential *c, ++ FILE *fp, const char *key, const char *value, + int required) + { + if (!value && required) +@@ -265,16 +268,20 @@ static void credential_write_item(FILE * + return; + if (strchr(value, '\n')) + die("credential value for %s contains newline", key); ++ if (c->protect_protocol && strchr(value, '\r')) ++ die("credential value for %s contains carriage return\n" ++ "If this is intended, set `credential.protectProtocol=false`", ++ key); + fprintf(fp, "%s=%s\n", key, value); + } + + void credential_write(const struct credential *c, FILE *fp) + { +- credential_write_item(fp, "protocol", c->protocol, 1); +- credential_write_item(fp, "host", c->host, 1); +- credential_write_item(fp, "path", c->path, 0); +- credential_write_item(fp, "username", c->username, 0); +- credential_write_item(fp, "password", c->password, 0); ++ credential_write_item(c, fp, "protocol", c->protocol, 1); ++ credential_write_item(c, fp, "host", c->host, 1); ++ credential_write_item(c, fp, "path", c->path, 0); ++ credential_write_item(c, fp, "username", c->username, 0); ++ credential_write_item(c, fp, "password", c->password, 0); + } + + static int run_credential_helper(struct credential *c, +--- a/credential.h ++++ b/credential.h +@@ -120,7 +120,8 @@ struct credential { + quit:1, + use_http_path:1, + username_from_proto:1, +- sanitize_prompt:1; ++ sanitize_prompt:1, ++ protect_protocol:1; + + char *username; + char *password; +@@ -132,6 +133,7 @@ struct credential { + #define CREDENTIAL_INIT { \ + .helpers = STRING_LIST_INIT_DUP, \ + .sanitize_prompt = 1, \ ++ .protect_protocol = 1, \ + } + + /* Initialize a credential structure, setting all fields to empty. */ +--- a/t/t0300-credentials.sh ++++ b/t/t0300-credentials.sh +@@ -626,6 +626,22 @@ test_expect_success 'url parser rejects + test_cmp expect stderr + ' + ++test_expect_success 'url parser rejects embedded carriage returns' ' ++ test_config credential.helper "!true" && ++ test_must_fail git credential fill 2>stderr <<-\EOF && ++ url=https://example%0d.com/ ++ EOF ++ cat >expect <<-\EOF && ++ fatal: credential value for host contains carriage return ++ If this is intended, set `credential.protectProtocol=false` ++ EOF ++ test_cmp expect stderr && ++ GIT_ASKPASS=true \ ++ git -c credential.protectProtocol=false credential fill <<-\EOF ++ url=https://example%0d.com/ ++ EOF ++' ++ + test_expect_success 'host-less URLs are parsed as empty host' ' + check fill "verbatim foo bar" <<-\EOF + url=cert:///path/to/cert.pem diff -Nru git-2.39.5/debian/patches/credential-sanitize-the-user-prompt.patch git-2.39.5/debian/patches/credential-sanitize-the-user-prompt.patch --- git-2.39.5/debian/patches/credential-sanitize-the-user-prompt.patch 1970-01-01 00:00:00.000000000 +0000 +++ git-2.39.5/debian/patches/credential-sanitize-the-user-prompt.patch 2025-01-11 19:41:11.000000000 +0000 @@ -0,0 +1,300 @@ +From: Johannes Schindelin +Date: Wed, 30 Oct 2024 13:26:10 +0100 +Subject: [2/3] credential: sanitize the user prompt +Origin: https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 + +When asking the user interactively for credentials, we want to avoid +misleading them e.g. via control sequences that pretend that the URL +targets a trusted host when it does not. + +While Git learned, over the course of the preceding commits, to disallow +URLs containing URL-encoded control characters by default, credential +helpers are still allowed to specify values very freely (apart from Line +Feed and NUL characters, anything is allowed), and this would allow, +say, a username containing control characters to be specified that would +then be displayed in the interactive terminal prompt asking the user for +the password, potentially sending those control characters directly to +the terminal. This is undesirable because control characters can be used +to mislead users to divulge secret information to untrusted sites. + +To prevent such an attack vector, let's add a `git_prompt()` that forces +the displayed text to be sanitized, i.e. displaying question marks +instead of control characters. + +Note: While this commit's diff changes a lot of `user@host` strings to +`user%40host`, which may look suspicious on the surface, there is a good +reason for that: this string specifies a user name, not a +@ combination! In the context of t5541, the actual +combination looks like this: `user%40@127.0.0.1:5541`. Therefore, these +string replacements document a net improvement introduced by this +commit, as `user@host@127.0.0.1` could have left readers wondering where +the user name ends and where the host name begins. + +Hinted-at-by: Jeff King +Signed-off-by: Johannes Schindelin +--- + Documentation/config/credential.txt | 6 ++++++ + credential.c | 7 ++++++- + credential.h | 4 +++- + t/t0300-credentials.sh | 20 ++++++++++++++++++++ + t/t5541-http-push-smart.sh | 6 +++--- + t/t5550-http-fetch-dumb.sh | 14 +++++++------- + t/t5551-http-fetch-smart.sh | 16 ++++++++-------- + 7 files changed, 53 insertions(+), 20 deletions(-) + +--- a/Documentation/config/credential.txt ++++ b/Documentation/config/credential.txt +@@ -14,6 +14,12 @@ credential.useHttpPath:: + or https URL to be important. Defaults to false. See + linkgit:gitcredentials[7] for more information. + ++credential.sanitizePrompt:: ++ By default, user names and hosts that are shown as part of the ++ password prompt are not allowed to contain control characters (they ++ will be URL-encoded by default). Configure this setting to `false` to ++ override that behavior. ++ + credential.username:: + If no username is set for a network authentication, use this username + by default. See credential..* below, and +--- a/credential.c ++++ b/credential.c +@@ -66,6 +66,8 @@ static int credential_config_callback(co + } + else if (!strcmp(key, "usehttppath")) + c->use_http_path = git_config_bool(var, value); ++ else if (!strcmp(key, "sanitizeprompt")) ++ c->sanitize_prompt = git_config_bool(var, value); + + return 0; + } +@@ -178,7 +180,10 @@ static char *credential_ask_one(const ch + struct strbuf prompt = STRBUF_INIT; + char *r; + +- credential_describe(c, &desc); ++ if (c->sanitize_prompt) ++ credential_format(c, &desc); ++ else ++ credential_describe(c, &desc); + if (desc.len) + strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf); + else +--- a/credential.h ++++ b/credential.h +@@ -119,7 +119,8 @@ struct credential { + configured:1, + quit:1, + use_http_path:1, +- username_from_proto:1; ++ username_from_proto:1, ++ sanitize_prompt:1; + + char *username; + char *password; +@@ -130,6 +131,7 @@ struct credential { + + #define CREDENTIAL_INIT { \ + .helpers = STRING_LIST_INIT_DUP, \ ++ .sanitize_prompt = 1, \ + } + + /* Initialize a credential structure, setting all fields to empty. */ +--- a/t/t0300-credentials.sh ++++ b/t/t0300-credentials.sh +@@ -35,6 +35,10 @@ test_expect_success 'setup helper script + test -z "$pass" || echo password=$pass + EOF + ++ write_script git-credential-cntrl-in-username <<-\EOF && ++ printf "username=\\007latrix Lestrange\\n" ++ EOF ++ + PATH="$PWD:$PATH" + ' + +@@ -731,4 +735,20 @@ test_expect_success 'credential config w + test_i18ngrep "skipping credential lookup for key" stderr + ' + ++BEL="$(printf '\007')" ++ ++test_expect_success 'interactive prompt is sanitized' ' ++ check fill cntrl-in-username <<-EOF ++ protocol=https ++ host=example.org ++ -- ++ protocol=https ++ host=example.org ++ username=${BEL}latrix Lestrange ++ password=askpass-password ++ -- ++ askpass: Password for ${SQ}https://%07latrix%20Lestrange@example.org${SQ}: ++ EOF ++' ++ + test_done +--- a/t/t5541-http-push-smart.sh ++++ b/t/t5541-http-push-smart.sh +@@ -351,7 +351,7 @@ test_expect_success 'push over smart htt + git push "$HTTPD_URL"/auth/smart/test_repo.git && + git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \ + log -1 --format=%s >actual && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + test_cmp expect actual + ' + +@@ -363,7 +363,7 @@ test_expect_success 'push to auth-only-f + git push "$HTTPD_URL"/auth-push/smart/test_repo.git && + git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \ + log -1 --format=%s >actual && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + test_cmp expect actual + ' + +@@ -393,7 +393,7 @@ test_expect_success 'push into half-auth + git push "$HTTPD_URL/half-auth-complete/smart/half-auth.git" && + git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/half-auth.git" \ + log -1 --format=%s >actual && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + test_cmp expect actual + ' + +--- a/t/t5550-http-fetch-dumb.sh ++++ b/t/t5550-http-fetch-dumb.sh +@@ -90,13 +90,13 @@ test_expect_success 'http auth can use u + test_expect_success 'http auth can use just user in URL' ' + set_askpass wrong pass@host && + git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass && +- expect_askpass pass user@host ++ expect_askpass pass user%40host + ' + + test_expect_success 'http auth can request both user and pass' ' + set_askpass user@host pass@host && + git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both && +- expect_askpass both user@host ++ expect_askpass both user%40host + ' + + test_expect_success 'http auth respects credential helper config' ' +@@ -114,14 +114,14 @@ test_expect_success 'http auth can get u + test_config_global "credential.$HTTPD_URL.username" user@host && + set_askpass wrong pass@host && + git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user && +- expect_askpass pass user@host ++ expect_askpass pass user%40host + ' + + test_expect_success 'configured username does not override URL' ' + test_config_global "credential.$HTTPD_URL.username" wrong && + set_askpass wrong pass@host && + git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 && +- expect_askpass pass user@host ++ expect_askpass pass user%40host + ' + + test_expect_success 'set up repo with http submodules' ' +@@ -142,7 +142,7 @@ test_expect_success 'cmdline credential + set_askpass wrong pass@host && + git -c "credential.$HTTPD_URL.username=user@host" \ + clone --recursive super super-clone && +- expect_askpass pass user@host ++ expect_askpass pass user%40host + ' + + test_expect_success 'cmdline credential config passes submodule via fetch' ' +@@ -153,7 +153,7 @@ test_expect_success 'cmdline credential + git -C super-clone \ + -c "credential.$HTTPD_URL.username=user@host" \ + fetch --recurse-submodules && +- expect_askpass pass user@host ++ expect_askpass pass user%40host + ' + + test_expect_success 'cmdline credential config passes submodule update' ' +@@ -170,7 +170,7 @@ test_expect_success 'cmdline credential + git -C super-clone \ + -c "credential.$HTTPD_URL.username=user@host" \ + submodule update && +- expect_askpass pass user@host ++ expect_askpass pass user%40host + ' + + test_expect_success 'fetch changes via http' ' +--- a/t/t5551-http-fetch-smart.sh ++++ b/t/t5551-http-fetch-smart.sh +@@ -181,7 +181,7 @@ test_expect_success 'clone from password + echo two >expect && + set_askpass user@host pass@host && + git clone --bare "$HTTPD_URL/auth/smart/repo.git" smart-auth && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + git --git-dir=smart-auth log -1 --format=%s >actual && + test_cmp expect actual + ' +@@ -199,7 +199,7 @@ test_expect_success 'clone from auth-onl + echo two >expect && + set_askpass user@host pass@host && + git clone --bare "$HTTPD_URL/auth-fetch/smart/repo.git" half-auth && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + git --git-dir=half-auth log -1 --format=%s >actual && + test_cmp expect actual + ' +@@ -224,14 +224,14 @@ test_expect_success 'redirects send auth + set_askpass user@host pass@host && + git -c credential.useHttpPath=true \ + clone $HTTPD_URL/smart-redir-auth/repo.git repo-redir-auth && +- expect_askpass both user@host auth/smart/repo.git ++ expect_askpass both user%40host auth/smart/repo.git + ' + + test_expect_success 'GIT_TRACE_CURL redacts auth details' ' + rm -rf redact-auth trace && + set_askpass user@host pass@host && + GIT_TRACE_CURL="$(pwd)/trace" git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + + # Ensure that there is no "Basic" followed by a base64 string, but that + # the auth details are redacted +@@ -243,7 +243,7 @@ test_expect_success 'GIT_CURL_VERBOSE re + rm -rf redact-auth trace && + set_askpass user@host pass@host && + GIT_CURL_VERBOSE=1 git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth 2>trace && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + + # Ensure that there is no "Basic" followed by a base64 string, but that + # the auth details are redacted +@@ -256,7 +256,7 @@ test_expect_success 'GIT_TRACE_CURL does + set_askpass user@host pass@host && + GIT_TRACE_REDACT=0 GIT_TRACE_CURL="$(pwd)/trace" \ + git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + + grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace + ' +@@ -568,7 +568,7 @@ test_expect_success 'http auth remembers + # the first request prompts the user... + set_askpass user@host pass@host && + git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && +- expect_askpass both user@host && ++ expect_askpass both user%40host && + + # ...and the second one uses the stored value rather than + # prompting the user. +@@ -599,7 +599,7 @@ test_expect_success 'http auth forgets b + # us to prompt the user again. + set_askpass user@host pass@host && + git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && +- expect_askpass both user@host ++ expect_askpass both user%40host + ' + + test_expect_success 'client falls back from v2 to v0 to match server' ' diff -Nru git-2.39.5/debian/patches/credential_format-also-encode-host-port.patch git-2.39.5/debian/patches/credential_format-also-encode-host-port.patch --- git-2.39.5/debian/patches/credential_format-also-encode-host-port.patch 1970-01-01 00:00:00.000000000 +0000 +++ git-2.39.5/debian/patches/credential_format-also-encode-host-port.patch 2025-01-11 19:34:32.000000000 +0000 @@ -0,0 +1,99 @@ +From: Johannes Schindelin +Date: Thu, 7 Nov 2024 08:57:52 +0100 +Subject: [1/3] credential_format(): also encode [:] +Origin: https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 + +An upcoming change wants to sanitize the credential password prompt +where a URL is displayed that may potentially come from a `.gitmodules` +file. To this end, the `credential_format()` function is employed. + +To sanitize the host name (and optional port) part of the URL, we need a +new mode of the `strbuf_add_percentencode()` function because the +current mode is both too strict and too lenient: too strict because it +encodes `:`, `[` and `]` (which should be left unencoded in +`:` and in IPv6 addresses), and too lenient because it does +not encode invalid host name characters `/`, `_` and `~`. + +So let's introduce and use a new mode specifically to encode the host +name and optional port part of a URI, leaving alpha-numerical +characters, periods, colons and brackets alone and encoding all others. + +This only leads to a change of behavior for URLs that contain invalid +host names. + +Signed-off-by: Johannes Schindelin +--- + credential.c | 3 ++- + strbuf.c | 4 +++- + strbuf.h | 1 + + t/t0300-credentials.sh | 13 +++++++++++++ + 4 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/credential.c b/credential.c +index f32011343f94..572f1785da7d 100644 +--- a/credential.c ++++ b/credential.c +@@ -164,7 +164,8 @@ static void credential_format(struct credential *c, struct strbuf *out) + strbuf_addch(out, '@'); + } + if (c->host) +- strbuf_addstr(out, c->host); ++ strbuf_add_percentencode(out, c->host, ++ STRBUF_ENCODE_HOST_AND_PORT); + if (c->path) { + strbuf_addch(out, '/'); + strbuf_add_percentencode(out, c->path, 0); +diff --git a/strbuf.c b/strbuf.c +index c383f41a3c5c..756b96c56157 100644 +--- a/strbuf.c ++++ b/strbuf.c +@@ -492,7 +492,9 @@ void strbuf_add_percentencode(struct strbuf *dst, const char *src, int flags) + unsigned char ch = src[i]; + if (ch <= 0x1F || ch >= 0x7F || + (ch == '/' && (flags & STRBUF_ENCODE_SLASH)) || +- strchr(URL_UNSAFE_CHARS, ch)) ++ ((flags & STRBUF_ENCODE_HOST_AND_PORT) ? ++ !isalnum(ch) && !strchr("-.:[]", ch) : ++ !!strchr(URL_UNSAFE_CHARS, ch))) + strbuf_addf(dst, "%%%02X", (unsigned char)ch); + else + strbuf_addch(dst, ch); +diff --git a/strbuf.h b/strbuf.h +index f6dbb9681ee7..f9f8bb0381b3 100644 +--- a/strbuf.h ++++ b/strbuf.h +@@ -380,6 +380,7 @@ size_t strbuf_expand_dict_cb(struct strbuf *sb, + void strbuf_addbuf_percentquote(struct strbuf *dst, const struct strbuf *src); + + #define STRBUF_ENCODE_SLASH 1 ++#define STRBUF_ENCODE_HOST_AND_PORT 2 + + /** + * Append the contents of a string to a strbuf, percent-encoding any characters +diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh +index c66d91e82d8b..cb91be1427f1 100755 +--- a/t/t0300-credentials.sh ++++ b/t/t0300-credentials.sh +@@ -514,6 +514,19 @@ test_expect_success 'match percent-encoded values in username' ' + EOF + ' + ++test_expect_success 'match percent-encoded values in hostname' ' ++ test_config "credential.https://a%20b%20c/.helper" "$HELPER" && ++ check fill <<-\EOF ++ url=https://a b c/ ++ -- ++ protocol=https ++ host=a b c ++ username=foo ++ password=bar ++ -- ++ EOF ++' ++ + test_expect_success 'fetch with multiple path components' ' + test_unconfig credential.helper && + test_config credential.https://example.com/foo/repo.git.helper "verbatim foo bar" && +-- +2.47.1 + diff -Nru git-2.39.5/debian/patches/series git-2.39.5/debian/patches/series --- git-2.39.5/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ git-2.39.5/debian/patches/series 2025-01-11 19:42:07.000000000 +0000 @@ -0,0 +1,3 @@ +credential_format-also-encode-host-port.patch +credential-sanitize-the-user-prompt.patch +credential-disallow-Carriage-Returns-in-the-protocol.patch