diff options
author | Armin Kuster <akuster@mvista.com> | 2016-01-31 14:27:05 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-04 23:20:17 +0000 |
commit | e8c96131d952f7812a8f8a53845c0ba709192d86 (patch) | |
tree | a16d0d73c9dd91216c3aac834f1d54aa62d27e9c | |
parent | 108ea6d05ff27d3afaf24a3f459fc4f7d9eb4f7f (diff) | |
download | poky-e8c96131d952f7812a8f8a53845c0ba709192d86.tar.gz |
git: Security fix CVE-2015-7545
CVE-2015-7545 git: arbitrary code execution via crafted URLs
(From OE-Core rev: 1e0780427bad448c5b3644134b581ecf1d53af84)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
6 files changed, 897 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git-2.5.0/0008-CVE-2015-7545-1.patch b/meta/recipes-devtools/git/git-2.5.0/0008-CVE-2015-7545-1.patch new file mode 100644 index 0000000000..b552c099f5 --- /dev/null +++ b/meta/recipes-devtools/git/git-2.5.0/0008-CVE-2015-7545-1.patch | |||
@@ -0,0 +1,446 @@ | |||
1 | From a5adaced2e13c135d5d9cc65be9eb95aa3bacedf Mon Sep 17 00:00:00 2001 | ||
2 | From: Jeff King <peff@peff.net> | ||
3 | Date: Wed, 16 Sep 2015 13:12:52 -0400 | ||
4 | Subject: [PATCH] transport: add a protocol-whitelist environment variable | ||
5 | |||
6 | If we are cloning an untrusted remote repository into a | ||
7 | sandbox, we may also want to fetch remote submodules in | ||
8 | order to get the complete view as intended by the other | ||
9 | side. However, that opens us up to attacks where a malicious | ||
10 | user gets us to clone something they would not otherwise | ||
11 | have access to (this is not necessarily a problem by itself, | ||
12 | but we may then act on the cloned contents in a way that | ||
13 | exposes them to the attacker). | ||
14 | |||
15 | Ideally such a setup would sandbox git entirely away from | ||
16 | high-value items, but this is not always practical or easy | ||
17 | to set up (e.g., OS network controls may block multiple | ||
18 | protocols, and we would want to enable some but not others). | ||
19 | |||
20 | We can help this case by providing a way to restrict | ||
21 | particular protocols. We use a whitelist in the environment. | ||
22 | This is more annoying to set up than a blacklist, but | ||
23 | defaults to safety if the set of protocols git supports | ||
24 | grows). If no whitelist is specified, we continue to default | ||
25 | to allowing all protocols (this is an "unsafe" default, but | ||
26 | since the minority of users will want this sandboxing | ||
27 | effect, it is the only sensible one). | ||
28 | |||
29 | A note on the tests: ideally these would all be in a single | ||
30 | test file, but the git-daemon and httpd test infrastructure | ||
31 | is an all-or-nothing proposition rather than a test-by-test | ||
32 | prerequisite. By putting them all together, we would be | ||
33 | unable to test the file-local code on machines without | ||
34 | apache. | ||
35 | |||
36 | Signed-off-by: Jeff King <peff@peff.net> | ||
37 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
38 | |||
39 | Upstream-Status: Backport | ||
40 | |||
41 | http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz | ||
42 | |||
43 | CVE: CVE-2015-7545 #1 | ||
44 | Singed-off-by: Armin Kuster <akuster@mvista.com> | ||
45 | |||
46 | --- | ||
47 | Documentation/git.txt | 32 ++++++++++++++ | ||
48 | connect.c | 5 +++ | ||
49 | t/lib-proto-disable.sh | 96 ++++++++++++++++++++++++++++++++++++++++++ | ||
50 | t/t5810-proto-disable-local.sh | 14 ++++++ | ||
51 | t/t5811-proto-disable-git.sh | 20 +++++++++ | ||
52 | t/t5812-proto-disable-http.sh | 20 +++++++++ | ||
53 | t/t5813-proto-disable-ssh.sh | 20 +++++++++ | ||
54 | t/t5814-proto-disable-ext.sh | 18 ++++++++ | ||
55 | transport-helper.c | 2 + | ||
56 | transport.c | 21 ++++++++- | ||
57 | transport.h | 7 +++ | ||
58 | 11 files changed, 254 insertions(+), 1 deletion(-) | ||
59 | create mode 100644 t/lib-proto-disable.sh | ||
60 | create mode 100755 t/t5810-proto-disable-local.sh | ||
61 | create mode 100755 t/t5811-proto-disable-git.sh | ||
62 | create mode 100755 t/t5812-proto-disable-http.sh | ||
63 | create mode 100755 t/t5813-proto-disable-ssh.sh | ||
64 | create mode 100755 t/t5814-proto-disable-ext.sh | ||
65 | |||
66 | Index: git-2.5.0/Documentation/git.txt | ||
67 | =================================================================== | ||
68 | --- git-2.5.0.orig/Documentation/git.txt 2015-12-11 12:46:48.975637719 -0500 | ||
69 | +++ git-2.5.0/Documentation/git.txt 2015-12-11 12:46:48.967637661 -0500 | ||
70 | @@ -1069,6 +1069,38 @@ | ||
71 | an operation has touched every ref (e.g., because you are | ||
72 | cloning a repository to make a backup). | ||
73 | |||
74 | +`GIT_ALLOW_PROTOCOL`:: | ||
75 | + If set, provide a colon-separated list of protocols which are | ||
76 | + allowed to be used with fetch/push/clone. This is useful to | ||
77 | + restrict recursive submodule initialization from an untrusted | ||
78 | + repository. Any protocol not mentioned will be disallowed (i.e., | ||
79 | + this is a whitelist, not a blacklist). If the variable is not | ||
80 | + set at all, all protocols are enabled. The protocol names | ||
81 | + currently used by git are: | ||
82 | + | ||
83 | + - `file`: any local file-based path (including `file://` URLs, | ||
84 | + or local paths) | ||
85 | + | ||
86 | + - `git`: the anonymous git protocol over a direct TCP | ||
87 | + connection (or proxy, if configured) | ||
88 | + | ||
89 | + - `ssh`: git over ssh (including `host:path` syntax, | ||
90 | + `git+ssh://`, etc). | ||
91 | + | ||
92 | + - `rsync`: git over rsync | ||
93 | + | ||
94 | + - `http`: git over http, both "smart http" and "dumb http". | ||
95 | + Note that this does _not_ include `https`; if you want both, | ||
96 | + you should specify both as `http:https`. | ||
97 | + | ||
98 | + - any external helpers are named by their protocol (e.g., use | ||
99 | + `hg` to allow the `git-remote-hg` helper) | ||
100 | ++ | ||
101 | +Note that this controls only git's internal protocol selection. | ||
102 | +If libcurl is used (e.g., by the `http` transport), it may | ||
103 | +redirect to other protocols. There is not currently any way to | ||
104 | +restrict this. | ||
105 | + | ||
106 | |||
107 | Discussion[[Discussion]] | ||
108 | ------------------------ | ||
109 | Index: git-2.5.0/connect.c | ||
110 | =================================================================== | ||
111 | --- git-2.5.0.orig/connect.c 2015-12-11 12:46:48.975637719 -0500 | ||
112 | +++ git-2.5.0/connect.c 2015-12-11 12:46:48.967637661 -0500 | ||
113 | @@ -9,6 +9,7 @@ | ||
114 | #include "url.h" | ||
115 | #include "string-list.h" | ||
116 | #include "sha1-array.h" | ||
117 | +#include "transport.h" | ||
118 | |||
119 | static char *server_capabilities; | ||
120 | static const char *parse_feature_value(const char *, const char *, int *); | ||
121 | @@ -694,6 +695,8 @@ | ||
122 | else | ||
123 | target_host = xstrdup(hostandport); | ||
124 | |||
125 | + transport_check_allowed("git"); | ||
126 | + | ||
127 | /* These underlying connection commands die() if they | ||
128 | * cannot connect. | ||
129 | */ | ||
130 | @@ -727,6 +730,7 @@ | ||
131 | int putty, tortoiseplink = 0; | ||
132 | char *ssh_host = hostandport; | ||
133 | const char *port = NULL; | ||
134 | + transport_check_allowed("ssh"); | ||
135 | get_host_and_port(&ssh_host, &port); | ||
136 | |||
137 | if (!port) | ||
138 | @@ -781,6 +785,7 @@ | ||
139 | /* remove repo-local variables from the environment */ | ||
140 | conn->env = local_repo_env; | ||
141 | conn->use_shell = 1; | ||
142 | + transport_check_allowed("file"); | ||
143 | } | ||
144 | argv_array_push(&conn->args, cmd.buf); | ||
145 | |||
146 | Index: git-2.5.0/t/lib-proto-disable.sh | ||
147 | =================================================================== | ||
148 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
149 | +++ git-2.5.0/t/lib-proto-disable.sh 2015-12-11 12:46:48.967637661 -0500 | ||
150 | @@ -0,0 +1,96 @@ | ||
151 | +# Test routines for checking protocol disabling. | ||
152 | + | ||
153 | +# test cloning a particular protocol | ||
154 | +# $1 - description of the protocol | ||
155 | +# $2 - machine-readable name of the protocol | ||
156 | +# $3 - the URL to try cloning | ||
157 | +test_proto () { | ||
158 | + desc=$1 | ||
159 | + proto=$2 | ||
160 | + url=$3 | ||
161 | + | ||
162 | + test_expect_success "clone $1 (enabled)" ' | ||
163 | + rm -rf tmp.git && | ||
164 | + ( | ||
165 | + GIT_ALLOW_PROTOCOL=$proto && | ||
166 | + export GIT_ALLOW_PROTOCOL && | ||
167 | + git clone --bare "$url" tmp.git | ||
168 | + ) | ||
169 | + ' | ||
170 | + | ||
171 | + test_expect_success "fetch $1 (enabled)" ' | ||
172 | + ( | ||
173 | + cd tmp.git && | ||
174 | + GIT_ALLOW_PROTOCOL=$proto && | ||
175 | + export GIT_ALLOW_PROTOCOL && | ||
176 | + git fetch | ||
177 | + ) | ||
178 | + ' | ||
179 | + | ||
180 | + test_expect_success "push $1 (enabled)" ' | ||
181 | + ( | ||
182 | + cd tmp.git && | ||
183 | + GIT_ALLOW_PROTOCOL=$proto && | ||
184 | + export GIT_ALLOW_PROTOCOL && | ||
185 | + git push origin HEAD:pushed | ||
186 | + ) | ||
187 | + ' | ||
188 | + | ||
189 | + test_expect_success "push $1 (disabled)" ' | ||
190 | + ( | ||
191 | + cd tmp.git && | ||
192 | + GIT_ALLOW_PROTOCOL=none && | ||
193 | + export GIT_ALLOW_PROTOCOL && | ||
194 | + test_must_fail git push origin HEAD:pushed | ||
195 | + ) | ||
196 | + ' | ||
197 | + | ||
198 | + test_expect_success "fetch $1 (disabled)" ' | ||
199 | + ( | ||
200 | + cd tmp.git && | ||
201 | + GIT_ALLOW_PROTOCOL=none && | ||
202 | + export GIT_ALLOW_PROTOCOL && | ||
203 | + test_must_fail git fetch | ||
204 | + ) | ||
205 | + ' | ||
206 | + | ||
207 | + test_expect_success "clone $1 (disabled)" ' | ||
208 | + rm -rf tmp.git && | ||
209 | + ( | ||
210 | + GIT_ALLOW_PROTOCOL=none && | ||
211 | + export GIT_ALLOW_PROTOCOL && | ||
212 | + test_must_fail git clone --bare "$url" tmp.git | ||
213 | + ) | ||
214 | + ' | ||
215 | +} | ||
216 | + | ||
217 | +# set up an ssh wrapper that will access $host/$repo in the | ||
218 | +# trash directory, and enable it for subsequent tests. | ||
219 | +setup_ssh_wrapper () { | ||
220 | + test_expect_success 'setup ssh wrapper' ' | ||
221 | + write_script ssh-wrapper <<-\EOF && | ||
222 | + echo >&2 "ssh: $*" | ||
223 | + host=$1; shift | ||
224 | + cd "$TRASH_DIRECTORY/$host" && | ||
225 | + eval "$*" | ||
226 | + EOF | ||
227 | + GIT_SSH="$PWD/ssh-wrapper" && | ||
228 | + export GIT_SSH && | ||
229 | + export TRASH_DIRECTORY | ||
230 | + ' | ||
231 | +} | ||
232 | + | ||
233 | +# set up a wrapper that can be used with remote-ext to | ||
234 | +# access repositories in the "remote" directory of trash-dir, | ||
235 | +# like "ext::fake-remote %S repo.git" | ||
236 | +setup_ext_wrapper () { | ||
237 | + test_expect_success 'setup ext wrapper' ' | ||
238 | + write_script fake-remote <<-\EOF && | ||
239 | + echo >&2 "fake-remote: $*" | ||
240 | + cd "$TRASH_DIRECTORY/remote" && | ||
241 | + eval "$*" | ||
242 | + EOF | ||
243 | + PATH=$TRASH_DIRECTORY:$PATH && | ||
244 | + export TRASH_DIRECTORY | ||
245 | + ' | ||
246 | +} | ||
247 | Index: git-2.5.0/t/t5810-proto-disable-local.sh | ||
248 | =================================================================== | ||
249 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
250 | +++ git-2.5.0/t/t5810-proto-disable-local.sh 2015-12-11 12:46:48.967637661 -0500 | ||
251 | @@ -0,0 +1,14 @@ | ||
252 | +#!/bin/sh | ||
253 | + | ||
254 | +test_description='test disabling of local paths in clone/fetch' | ||
255 | +. ./test-lib.sh | ||
256 | +. "$TEST_DIRECTORY/lib-proto-disable.sh" | ||
257 | + | ||
258 | +test_expect_success 'setup repository to clone' ' | ||
259 | + test_commit one | ||
260 | +' | ||
261 | + | ||
262 | +test_proto "file://" file "file://$PWD" | ||
263 | +test_proto "path" file . | ||
264 | + | ||
265 | +test_done | ||
266 | Index: git-2.5.0/t/t5811-proto-disable-git.sh | ||
267 | =================================================================== | ||
268 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
269 | +++ git-2.5.0/t/t5811-proto-disable-git.sh 2015-12-11 12:46:48.967637661 -0500 | ||
270 | @@ -0,0 +1,20 @@ | ||
271 | +#!/bin/sh | ||
272 | + | ||
273 | +test_description='test disabling of git-over-tcp in clone/fetch' | ||
274 | +. ./test-lib.sh | ||
275 | +. "$TEST_DIRECTORY/lib-proto-disable.sh" | ||
276 | +. "$TEST_DIRECTORY/lib-git-daemon.sh" | ||
277 | +start_git_daemon | ||
278 | + | ||
279 | +test_expect_success 'create git-accessible repo' ' | ||
280 | + bare="$GIT_DAEMON_DOCUMENT_ROOT_PATH/repo.git" && | ||
281 | + test_commit one && | ||
282 | + git --bare init "$bare" && | ||
283 | + git push "$bare" HEAD && | ||
284 | + >"$bare/git-daemon-export-ok" && | ||
285 | + git -C "$bare" config daemon.receivepack true | ||
286 | +' | ||
287 | + | ||
288 | +test_proto "git://" git "$GIT_DAEMON_URL/repo.git" | ||
289 | + | ||
290 | +test_done | ||
291 | Index: git-2.5.0/t/t5812-proto-disable-http.sh | ||
292 | =================================================================== | ||
293 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
294 | +++ git-2.5.0/t/t5812-proto-disable-http.sh 2015-12-11 12:46:48.967637661 -0500 | ||
295 | @@ -0,0 +1,20 @@ | ||
296 | +#!/bin/sh | ||
297 | + | ||
298 | +test_description='test disabling of git-over-http in clone/fetch' | ||
299 | +. ./test-lib.sh | ||
300 | +. "$TEST_DIRECTORY/lib-proto-disable.sh" | ||
301 | +. "$TEST_DIRECTORY/lib-httpd.sh" | ||
302 | +start_httpd | ||
303 | + | ||
304 | +test_expect_success 'create git-accessible repo' ' | ||
305 | + bare="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && | ||
306 | + test_commit one && | ||
307 | + git --bare init "$bare" && | ||
308 | + git push "$bare" HEAD && | ||
309 | + git -C "$bare" config http.receivepack true | ||
310 | +' | ||
311 | + | ||
312 | +test_proto "smart http" http "$HTTPD_URL/smart/repo.git" | ||
313 | + | ||
314 | +stop_httpd | ||
315 | +test_done | ||
316 | Index: git-2.5.0/t/t5813-proto-disable-ssh.sh | ||
317 | =================================================================== | ||
318 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
319 | +++ git-2.5.0/t/t5813-proto-disable-ssh.sh 2015-12-11 12:46:48.967637661 -0500 | ||
320 | @@ -0,0 +1,20 @@ | ||
321 | +#!/bin/sh | ||
322 | + | ||
323 | +test_description='test disabling of git-over-ssh in clone/fetch' | ||
324 | +. ./test-lib.sh | ||
325 | +. "$TEST_DIRECTORY/lib-proto-disable.sh" | ||
326 | + | ||
327 | +setup_ssh_wrapper | ||
328 | + | ||
329 | +test_expect_success 'setup repository to clone' ' | ||
330 | + test_commit one && | ||
331 | + mkdir remote && | ||
332 | + git init --bare remote/repo.git && | ||
333 | + git push remote/repo.git HEAD | ||
334 | +' | ||
335 | + | ||
336 | +test_proto "host:path" ssh "remote:repo.git" | ||
337 | +test_proto "ssh://" ssh "ssh://remote/$PWD/remote/repo.git" | ||
338 | +test_proto "git+ssh://" ssh "git+ssh://remote/$PWD/remote/repo.git" | ||
339 | + | ||
340 | +test_done | ||
341 | Index: git-2.5.0/t/t5814-proto-disable-ext.sh | ||
342 | =================================================================== | ||
343 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
344 | +++ git-2.5.0/t/t5814-proto-disable-ext.sh 2015-12-11 12:46:48.967637661 -0500 | ||
345 | @@ -0,0 +1,18 @@ | ||
346 | +#!/bin/sh | ||
347 | + | ||
348 | +test_description='test disabling of remote-helper paths in clone/fetch' | ||
349 | +. ./test-lib.sh | ||
350 | +. "$TEST_DIRECTORY/lib-proto-disable.sh" | ||
351 | + | ||
352 | +setup_ext_wrapper | ||
353 | + | ||
354 | +test_expect_success 'setup repository to clone' ' | ||
355 | + test_commit one && | ||
356 | + mkdir remote && | ||
357 | + git init --bare remote/repo.git && | ||
358 | + git push remote/repo.git HEAD | ||
359 | +' | ||
360 | + | ||
361 | +test_proto "remote-helper" ext "ext::fake-remote %S repo.git" | ||
362 | + | ||
363 | +test_done | ||
364 | Index: git-2.5.0/transport-helper.c | ||
365 | =================================================================== | ||
366 | --- git-2.5.0.orig/transport-helper.c 2015-12-11 12:46:48.975637719 -0500 | ||
367 | +++ git-2.5.0/transport-helper.c 2015-12-11 12:46:48.967637661 -0500 | ||
368 | @@ -1039,6 +1039,8 @@ | ||
369 | struct helper_data *data = xcalloc(1, sizeof(*data)); | ||
370 | data->name = name; | ||
371 | |||
372 | + transport_check_allowed(name); | ||
373 | + | ||
374 | if (getenv("GIT_TRANSPORT_HELPER_DEBUG")) | ||
375 | debug = 1; | ||
376 | |||
377 | Index: git-2.5.0/transport.c | ||
378 | =================================================================== | ||
379 | --- git-2.5.0.orig/transport.c 2015-12-11 12:46:48.975637719 -0500 | ||
380 | +++ git-2.5.0/transport.c 2015-12-11 12:46:48.967637661 -0500 | ||
381 | @@ -912,6 +912,20 @@ | ||
382 | return strchr(url, ':') - url; | ||
383 | } | ||
384 | |||
385 | +void transport_check_allowed(const char *type) | ||
386 | +{ | ||
387 | + struct string_list allowed = STRING_LIST_INIT_DUP; | ||
388 | + const char *v = getenv("GIT_ALLOW_PROTOCOL"); | ||
389 | + | ||
390 | + if (!v) | ||
391 | + return; | ||
392 | + | ||
393 | + string_list_split(&allowed, v, ':', -1); | ||
394 | + if (!unsorted_string_list_has_string(&allowed, type)) | ||
395 | + die("transport '%s' not allowed", type); | ||
396 | + string_list_clear(&allowed, 0); | ||
397 | +} | ||
398 | + | ||
399 | struct transport *transport_get(struct remote *remote, const char *url) | ||
400 | { | ||
401 | const char *helper; | ||
402 | @@ -943,12 +957,14 @@ | ||
403 | if (helper) { | ||
404 | transport_helper_init(ret, helper); | ||
405 | } else if (starts_with(url, "rsync:")) { | ||
406 | + transport_check_allowed("rsync"); | ||
407 | ret->get_refs_list = get_refs_via_rsync; | ||
408 | ret->fetch = fetch_objs_via_rsync; | ||
409 | ret->push = rsync_transport_push; | ||
410 | ret->smart_options = NULL; | ||
411 | } else if (url_is_local_not_ssh(url) && is_file(url) && is_bundle(url, 1)) { | ||
412 | struct bundle_transport_data *data = xcalloc(1, sizeof(*data)); | ||
413 | + transport_check_allowed("file"); | ||
414 | ret->data = data; | ||
415 | ret->get_refs_list = get_refs_from_bundle; | ||
416 | ret->fetch = fetch_refs_from_bundle; | ||
417 | @@ -960,7 +976,10 @@ | ||
418 | || starts_with(url, "ssh://") | ||
419 | || starts_with(url, "git+ssh://") | ||
420 | || starts_with(url, "ssh+git://")) { | ||
421 | - /* These are builtin smart transports. */ | ||
422 | + /* | ||
423 | + * These are builtin smart transports; "allowed" transports | ||
424 | + * will be checked individually in git_connect. | ||
425 | + */ | ||
426 | struct git_transport_data *data = xcalloc(1, sizeof(*data)); | ||
427 | ret->data = data; | ||
428 | ret->set_option = NULL; | ||
429 | Index: git-2.5.0/transport.h | ||
430 | =================================================================== | ||
431 | --- git-2.5.0.orig/transport.h 2015-12-11 12:46:48.975637719 -0500 | ||
432 | +++ git-2.5.0/transport.h 2015-12-11 12:46:48.971637690 -0500 | ||
433 | @@ -133,6 +133,13 @@ | ||
434 | /* Returns a transport suitable for the url */ | ||
435 | struct transport *transport_get(struct remote *, const char *); | ||
436 | |||
437 | +/* | ||
438 | + * Check whether a transport is allowed by the environment, | ||
439 | + * and die otherwise. type should generally be the URL scheme, | ||
440 | + * as described in Documentation/git.txt | ||
441 | + */ | ||
442 | +void transport_check_allowed(const char *type); | ||
443 | + | ||
444 | /* Transport options which apply to git:// and scp-style URLs */ | ||
445 | |||
446 | /* The program to use on the remote side to send a pack */ | ||
diff --git a/meta/recipes-devtools/git/git-2.5.0/0009-CVE-2015-7545-2.patch b/meta/recipes-devtools/git/git-2.5.0/0009-CVE-2015-7545-2.patch new file mode 100644 index 0000000000..8000e26d70 --- /dev/null +++ b/meta/recipes-devtools/git/git-2.5.0/0009-CVE-2015-7545-2.patch | |||
@@ -0,0 +1,112 @@ | |||
1 | From 33cfccbbf35a56e190b79bdec5c85457c952a021 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jeff King <peff@peff.net> | ||
3 | Date: Wed, 16 Sep 2015 13:13:12 -0400 | ||
4 | Subject: [PATCH] submodule: allow only certain protocols for submodule fetches | ||
5 | |||
6 | Some protocols (like git-remote-ext) can execute arbitrary | ||
7 | code found in the URL. The URLs that submodules use may come | ||
8 | from arbitrary sources (e.g., .gitmodules files in a remote | ||
9 | repository). Let's restrict submodules to fetching from a | ||
10 | known-good subset of protocols. | ||
11 | |||
12 | Note that we apply this restriction to all submodule | ||
13 | commands, whether the URL comes from .gitmodules or not. | ||
14 | This is more restrictive than we need to be; for example, in | ||
15 | the tests we run: | ||
16 | |||
17 | git submodule add ext::... | ||
18 | |||
19 | which should be trusted, as the URL comes directly from the | ||
20 | command line provided by the user. But doing it this way is | ||
21 | simpler, and makes it much less likely that we would miss a | ||
22 | case. And since such protocols should be an exception | ||
23 | (especially because nobody who clones from them will be able | ||
24 | to update the submodules!), it's not likely to inconvenience | ||
25 | anyone in practice. | ||
26 | |||
27 | Reported-by: Blake Burkhart <bburky@bburky.com> | ||
28 | Signed-off-by: Jeff King <peff@peff.net> | ||
29 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
30 | |||
31 | Upstream-Status: Backport | ||
32 | |||
33 | http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz | ||
34 | |||
35 | CVE: CVE-2015-7545 #2 | ||
36 | Singed-off-by: Armin Kuster <akuster@mvista.com> | ||
37 | |||
38 | --- | ||
39 | git-submodule.sh | 9 +++++++++ | ||
40 | t/t5815-submodule-protos.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ | ||
41 | 2 files changed, 52 insertions(+) | ||
42 | create mode 100755 t/t5815-submodule-protos.sh | ||
43 | |||
44 | diff --git a/git-submodule.sh b/git-submodule.sh | ||
45 | index 36797c3..78c2740 100755 | ||
46 | --- a/git-submodule.sh | ||
47 | +++ b/git-submodule.sh | ||
48 | @@ -22,6 +22,15 @@ require_work_tree | ||
49 | wt_prefix=$(git rev-parse --show-prefix) | ||
50 | cd_to_toplevel | ||
51 | |||
52 | +# Restrict ourselves to a vanilla subset of protocols; the URLs | ||
53 | +# we get are under control of a remote repository, and we do not | ||
54 | +# want them kicking off arbitrary git-remote-* programs. | ||
55 | +# | ||
56 | +# If the user has already specified a set of allowed protocols, | ||
57 | +# we assume they know what they're doing and use that instead. | ||
58 | +: ${GIT_ALLOW_PROTOCOL=file:git:http:https:ssh} | ||
59 | +export GIT_ALLOW_PROTOCOL | ||
60 | + | ||
61 | command= | ||
62 | branch= | ||
63 | force= | ||
64 | diff --git a/t/t5815-submodule-protos.sh b/t/t5815-submodule-protos.sh | ||
65 | new file mode 100755 | ||
66 | index 0000000..06f55a1 | ||
67 | --- /dev/null | ||
68 | +++ b/t/t5815-submodule-protos.sh | ||
69 | @@ -0,0 +1,43 @@ | ||
70 | +#!/bin/sh | ||
71 | + | ||
72 | +test_description='test protocol whitelisting with submodules' | ||
73 | +. ./test-lib.sh | ||
74 | +. "$TEST_DIRECTORY"/lib-proto-disable.sh | ||
75 | + | ||
76 | +setup_ext_wrapper | ||
77 | +setup_ssh_wrapper | ||
78 | + | ||
79 | +test_expect_success 'setup repository with submodules' ' | ||
80 | + mkdir remote && | ||
81 | + git init remote/repo.git && | ||
82 | + (cd remote/repo.git && test_commit one) && | ||
83 | + # submodule-add should probably trust what we feed it on the cmdline, | ||
84 | + # but its implementation is overly conservative. | ||
85 | + GIT_ALLOW_PROTOCOL=ssh git submodule add remote:repo.git ssh-module && | ||
86 | + GIT_ALLOW_PROTOCOL=ext git submodule add "ext::fake-remote %S repo.git" ext-module && | ||
87 | + git commit -m "add submodules" | ||
88 | +' | ||
89 | + | ||
90 | +test_expect_success 'clone with recurse-submodules fails' ' | ||
91 | + test_must_fail git clone --recurse-submodules . dst | ||
92 | +' | ||
93 | + | ||
94 | +test_expect_success 'setup individual updates' ' | ||
95 | + rm -rf dst && | ||
96 | + git clone . dst && | ||
97 | + git -C dst submodule init | ||
98 | +' | ||
99 | + | ||
100 | +test_expect_success 'update of ssh allowed' ' | ||
101 | + git -C dst submodule update ssh-module | ||
102 | +' | ||
103 | + | ||
104 | +test_expect_success 'update of ext not allowed' ' | ||
105 | + test_must_fail git -C dst submodule update ext-module | ||
106 | +' | ||
107 | + | ||
108 | +test_expect_success 'user can override whitelist' ' | ||
109 | + GIT_ALLOW_PROTOCOL=ext git -C dst submodule update ext-module | ||
110 | +' | ||
111 | + | ||
112 | +test_done | ||
diff --git a/meta/recipes-devtools/git/git-2.5.0/0010-CVE-2015-7545-3.patch b/meta/recipes-devtools/git/git-2.5.0/0010-CVE-2015-7545-3.patch new file mode 100644 index 0000000000..b6edc9d7c1 --- /dev/null +++ b/meta/recipes-devtools/git/git-2.5.0/0010-CVE-2015-7545-3.patch | |||
@@ -0,0 +1,112 @@ | |||
1 | From 5088d3b38775f8ac12d7f77636775b16059b67ef Mon Sep 17 00:00:00 2001 | ||
2 | From: Jeff King <peff@peff.net> | ||
3 | Date: Tue, 22 Sep 2015 18:03:49 -0400 | ||
4 | Subject: [PATCH] transport: refactor protocol whitelist code | ||
5 | |||
6 | The current callers only want to die when their transport is | ||
7 | prohibited. But future callers want to query the mechanism | ||
8 | without dying. | ||
9 | |||
10 | Let's break out a few query functions, and also save the | ||
11 | results in a static list so we don't have to re-parse for | ||
12 | each query. | ||
13 | |||
14 | Based-on-a-patch-by: Blake Burkhart <bburky@bburky.com> | ||
15 | Signed-off-by: Jeff King <peff@peff.net> | ||
16 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | |||
20 | http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz | ||
21 | |||
22 | CVE: CVE-2015-7545 #3 | ||
23 | Singed-off-by: Armin Kuster <akuster@mvista.com> | ||
24 | |||
25 | --- | ||
26 | transport.c | 38 ++++++++++++++++++++++++++++++-------- | ||
27 | transport.h | 15 +++++++++++++-- | ||
28 | 2 files changed, 43 insertions(+), 10 deletions(-) | ||
29 | |||
30 | Index: git-2.5.0/transport.c | ||
31 | =================================================================== | ||
32 | --- git-2.5.0.orig/transport.c 2015-12-11 12:47:09.547784038 -0500 | ||
33 | +++ git-2.5.0/transport.c 2015-12-11 12:47:09.543784009 -0500 | ||
34 | @@ -912,18 +912,40 @@ | ||
35 | return strchr(url, ':') - url; | ||
36 | } | ||
37 | |||
38 | -void transport_check_allowed(const char *type) | ||
39 | +static const struct string_list *protocol_whitelist(void) | ||
40 | { | ||
41 | - struct string_list allowed = STRING_LIST_INIT_DUP; | ||
42 | - const char *v = getenv("GIT_ALLOW_PROTOCOL"); | ||
43 | + static int enabled = -1; | ||
44 | + static struct string_list allowed = STRING_LIST_INIT_DUP; | ||
45 | + | ||
46 | + if (enabled < 0) { | ||
47 | + const char *v = getenv("GIT_ALLOW_PROTOCOL"); | ||
48 | + if (v) { | ||
49 | + string_list_split(&allowed, v, ':', -1); | ||
50 | + string_list_sort(&allowed); | ||
51 | + enabled = 1; | ||
52 | + } else { | ||
53 | + enabled = 0; | ||
54 | + } | ||
55 | + } | ||
56 | + | ||
57 | + return enabled ? &allowed : NULL; | ||
58 | +} | ||
59 | |||
60 | - if (!v) | ||
61 | - return; | ||
62 | +int is_transport_allowed(const char *type) | ||
63 | +{ | ||
64 | + const struct string_list *allowed = protocol_whitelist(); | ||
65 | + return !allowed || string_list_has_string(allowed, type); | ||
66 | +} | ||
67 | |||
68 | - string_list_split(&allowed, v, ':', -1); | ||
69 | - if (!unsorted_string_list_has_string(&allowed, type)) | ||
70 | +void transport_check_allowed(const char *type) | ||
71 | +{ | ||
72 | + if (!is_transport_allowed(type)) | ||
73 | die("transport '%s' not allowed", type); | ||
74 | - string_list_clear(&allowed, 0); | ||
75 | +} | ||
76 | + | ||
77 | +int transport_restrict_protocols(void) | ||
78 | +{ | ||
79 | + return !!protocol_whitelist(); | ||
80 | } | ||
81 | |||
82 | struct transport *transport_get(struct remote *remote, const char *url) | ||
83 | Index: git-2.5.0/transport.h | ||
84 | =================================================================== | ||
85 | --- git-2.5.0.orig/transport.h 2015-12-11 12:47:09.547784038 -0500 | ||
86 | +++ git-2.5.0/transport.h 2015-12-11 12:47:09.543784009 -0500 | ||
87 | @@ -134,12 +134,23 @@ | ||
88 | struct transport *transport_get(struct remote *, const char *); | ||
89 | |||
90 | /* | ||
91 | + * Check whether a transport is allowed by the environment. Type should | ||
92 | + * generally be the URL scheme, as described in Documentation/git.txt | ||
93 | + */ | ||
94 | +int is_transport_allowed(const char *type); | ||
95 | + | ||
96 | +/* | ||
97 | * Check whether a transport is allowed by the environment, | ||
98 | - * and die otherwise. type should generally be the URL scheme, | ||
99 | - * as described in Documentation/git.txt | ||
100 | + * and die otherwise. | ||
101 | */ | ||
102 | void transport_check_allowed(const char *type); | ||
103 | |||
104 | +/* | ||
105 | + * Returns true if the user has attempted to turn on protocol | ||
106 | + * restrictions at all. | ||
107 | + */ | ||
108 | +int transport_restrict_protocols(void); | ||
109 | + | ||
110 | /* Transport options which apply to git:// and scp-style URLs */ | ||
111 | |||
112 | /* The program to use on the remote side to send a pack */ | ||
diff --git a/meta/recipes-devtools/git/git-2.5.0/0011-CVE-2015-7545-4.patch b/meta/recipes-devtools/git/git-2.5.0/0011-CVE-2015-7545-4.patch new file mode 100644 index 0000000000..44dcd1e33d --- /dev/null +++ b/meta/recipes-devtools/git/git-2.5.0/0011-CVE-2015-7545-4.patch | |||
@@ -0,0 +1,150 @@ | |||
1 | Backport of: | ||
2 | |||
3 | From f4113cac0c88b4f36ee6f3abf3218034440a68e3 Mon Sep 17 00:00:00 2001 | ||
4 | From: Blake Burkhart <bburky@bburky.com> | ||
5 | Date: Tue, 22 Sep 2015 18:06:04 -0400 | ||
6 | Subject: [PATCH] http: limit redirection to protocol-whitelist | ||
7 | |||
8 | Previously, libcurl would follow redirection to any protocol | ||
9 | it was compiled for support with. This is desirable to allow | ||
10 | redirection from HTTP to HTTPS. However, it would even | ||
11 | successfully allow redirection from HTTP to SFTP, a protocol | ||
12 | that git does not otherwise support at all. Furthermore | ||
13 | git's new protocol-whitelisting could be bypassed by | ||
14 | following a redirect within the remote helper, as it was | ||
15 | only enforced at transport selection time. | ||
16 | |||
17 | This patch limits redirects within libcurl to HTTP, HTTPS, | ||
18 | FTP and FTPS. If there is a protocol-whitelist present, this | ||
19 | list is limited to those also allowed by the whitelist. As | ||
20 | redirection happens from within libcurl, it is impossible | ||
21 | for an HTTP redirect to a protocol implemented within | ||
22 | another remote helper. | ||
23 | |||
24 | When the curl version git was compiled with is too old to | ||
25 | support restrictions on protocol redirection, we warn the | ||
26 | user if GIT_ALLOW_PROTOCOL restrictions were requested. This | ||
27 | is a little inaccurate, as even without that variable in the | ||
28 | environment, we would still restrict SFTP, etc, and we do | ||
29 | not warn in that case. But anything else means we would | ||
30 | literally warn every time git accesses an http remote. | ||
31 | |||
32 | This commit includes a test, but it is not as robust as we | ||
33 | would hope. It redirects an http request to ftp, and checks | ||
34 | that curl complained about the protocol, which means that we | ||
35 | are relying on curl's specific error message to know what | ||
36 | happened. Ideally we would redirect to a working ftp server | ||
37 | and confirm that we can clone without protocol restrictions, | ||
38 | and not with them. But we do not have a portable way of | ||
39 | providing an ftp server, nor any other protocol that curl | ||
40 | supports (https is the closest, but we would have to deal | ||
41 | with certificates). | ||
42 | |||
43 | [jk: added test and version warning] | ||
44 | |||
45 | Signed-off-by: Jeff King <peff@peff.net> | ||
46 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
47 | |||
48 | Upstream-Status: Backport | ||
49 | |||
50 | http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz | ||
51 | |||
52 | CVE: CVE-2015-7545 #4 | ||
53 | Singed-off-by: Armin Kuster <akuster@mvista.com> | ||
54 | |||
55 | --- | ||
56 | Documentation/git.txt | 5 ----- | ||
57 | http.c | 17 +++++++++++++++++ | ||
58 | t/lib-httpd/apache.conf | 1 + | ||
59 | t/t5812-proto-disable-http.sh | 9 +++++++++ | ||
60 | 4 files changed, 27 insertions(+), 5 deletions(-) | ||
61 | |||
62 | Index: git-2.5.0/Documentation/git.txt | ||
63 | =================================================================== | ||
64 | --- git-2.5.0.orig/Documentation/git.txt 2015-12-11 12:47:18.707849212 -0500 | ||
65 | +++ git-2.5.0/Documentation/git.txt 2015-12-11 12:47:18.703849183 -0500 | ||
66 | @@ -1095,11 +1095,6 @@ | ||
67 | |||
68 | - any external helpers are named by their protocol (e.g., use | ||
69 | `hg` to allow the `git-remote-hg` helper) | ||
70 | -+ | ||
71 | -Note that this controls only git's internal protocol selection. | ||
72 | -If libcurl is used (e.g., by the `http` transport), it may | ||
73 | -redirect to other protocols. There is not currently any way to | ||
74 | -restrict this. | ||
75 | |||
76 | |||
77 | Discussion[[Discussion]] | ||
78 | Index: git-2.5.0/http.c | ||
79 | =================================================================== | ||
80 | --- git-2.5.0.orig/http.c 2015-12-11 12:47:18.707849212 -0500 | ||
81 | +++ git-2.5.0/http.c 2015-12-11 12:47:34.171959268 -0500 | ||
82 | @@ -8,6 +8,7 @@ | ||
83 | #include "credential.h" | ||
84 | #include "version.h" | ||
85 | #include "pkt-line.h" | ||
86 | +#include "transport.h" | ||
87 | #include "gettext.h" | ||
88 | |||
89 | int active_requests; | ||
90 | @@ -340,6 +341,7 @@ | ||
91 | static CURL *get_curl_handle(void) | ||
92 | { | ||
93 | CURL *result = curl_easy_init(); | ||
94 | + long allowed_protocols = 0; | ||
95 | |||
96 | if (!result) | ||
97 | die("curl_easy_init failed"); | ||
98 | @@ -399,6 +401,21 @@ | ||
99 | #elif LIBCURL_VERSION_NUM >= 0x071101 | ||
100 | curl_easy_setopt(result, CURLOPT_POST301, 1); | ||
101 | #endif | ||
102 | +#if LIBCURL_VERSION_NUM >= 0x071304 | ||
103 | + if (is_transport_allowed("http")) | ||
104 | + allowed_protocols |= CURLPROTO_HTTP; | ||
105 | + if (is_transport_allowed("https")) | ||
106 | + allowed_protocols |= CURLPROTO_HTTPS; | ||
107 | + if (is_transport_allowed("ftp")) | ||
108 | + allowed_protocols |= CURLPROTO_FTP; | ||
109 | + if (is_transport_allowed("ftps")) | ||
110 | + allowed_protocols |= CURLPROTO_FTPS; | ||
111 | + curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols); | ||
112 | +#else | ||
113 | + if (transport_restrict_protocols()) | ||
114 | + warning("protocol restrictions not applied to curl redirects because\n" | ||
115 | + "your curl version is too old (>= 7.19.4)"); | ||
116 | +#endif | ||
117 | |||
118 | if (getenv("GIT_CURL_VERBOSE")) | ||
119 | curl_easy_setopt(result, CURLOPT_VERBOSE, 1); | ||
120 | Index: git-2.5.0/t/lib-httpd/apache.conf | ||
121 | =================================================================== | ||
122 | --- git-2.5.0.orig/t/lib-httpd/apache.conf 2015-12-11 12:47:18.707849212 -0500 | ||
123 | +++ git-2.5.0/t/lib-httpd/apache.conf 2015-12-11 12:47:18.703849183 -0500 | ||
124 | @@ -119,6 +119,7 @@ | ||
125 | RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302] | ||
126 | RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301] | ||
127 | RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301] | ||
128 | +RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302] | ||
129 | |||
130 | <IfDefine SSL> | ||
131 | LoadModule ssl_module modules/mod_ssl.so | ||
132 | Index: git-2.5.0/t/t5812-proto-disable-http.sh | ||
133 | =================================================================== | ||
134 | --- git-2.5.0.orig/t/t5812-proto-disable-http.sh 2015-12-11 12:47:18.707849212 -0500 | ||
135 | +++ git-2.5.0/t/t5812-proto-disable-http.sh 2015-12-11 12:47:18.703849183 -0500 | ||
136 | @@ -16,5 +16,14 @@ | ||
137 | |||
138 | test_proto "smart http" http "$HTTPD_URL/smart/repo.git" | ||
139 | |||
140 | +test_expect_success 'curl redirects respect whitelist' ' | ||
141 | + test_must_fail env GIT_ALLOW_PROTOCOL=http:https \ | ||
142 | + git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr && | ||
143 | + { | ||
144 | + test_i18ngrep "ftp.*disabled" stderr || | ||
145 | + test_i18ngrep "your curl version is too old" | ||
146 | + } | ||
147 | +' | ||
148 | + | ||
149 | stop_httpd | ||
150 | test_done | ||
diff --git a/meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch b/meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch new file mode 100644 index 0000000000..76d66bad9d --- /dev/null +++ b/meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch | |||
@@ -0,0 +1,69 @@ | |||
1 | From b258116462399b318c86165c61a5c7123043cfd4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Blake Burkhart <bburky@bburky.com> | ||
3 | Date: Tue, 22 Sep 2015 18:06:20 -0400 | ||
4 | Subject: [PATCH] http: limit redirection depth | ||
5 | |||
6 | By default, libcurl will follow circular http redirects | ||
7 | forever. Let's put a cap on this so that somebody who can | ||
8 | trigger an automated fetch of an arbitrary repository (e.g., | ||
9 | for CI) cannot convince git to loop infinitely. | ||
10 | |||
11 | The value chosen is 20, which is the same default that | ||
12 | Firefox uses. | ||
13 | |||
14 | Signed-off-by: Jeff King <peff@peff.net> | ||
15 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | |||
19 | http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz | ||
20 | |||
21 | CVE: CVE-2015-7545 #5 | ||
22 | Singed-off-by: Armin Kuster <akuster@mvista.com> | ||
23 | |||
24 | --- | ||
25 | http.c | 1 + | ||
26 | t/lib-httpd/apache.conf | 3 +++ | ||
27 | t/t5812-proto-disable-http.sh | 4 ++++ | ||
28 | 3 files changed, 8 insertions(+) | ||
29 | |||
30 | Index: git-2.5.0/http.c | ||
31 | =================================================================== | ||
32 | --- git-2.5.0.orig/http.c 2015-12-11 12:48:02.900163824 -0500 | ||
33 | +++ git-2.5.0/http.c 2015-12-11 12:48:02.896163796 -0500 | ||
34 | @@ -396,6 +396,7 @@ | ||
35 | } | ||
36 | |||
37 | curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1); | ||
38 | + curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20); | ||
39 | #if LIBCURL_VERSION_NUM >= 0x071301 | ||
40 | curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL); | ||
41 | #elif LIBCURL_VERSION_NUM >= 0x071101 | ||
42 | Index: git-2.5.0/t/lib-httpd/apache.conf | ||
43 | =================================================================== | ||
44 | --- git-2.5.0.orig/t/lib-httpd/apache.conf 2015-12-11 12:48:02.900163824 -0500 | ||
45 | +++ git-2.5.0/t/lib-httpd/apache.conf 2015-12-11 12:48:02.896163796 -0500 | ||
46 | @@ -121,6 +121,9 @@ | ||
47 | RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301] | ||
48 | RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302] | ||
49 | |||
50 | +RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302] | ||
51 | +RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302] | ||
52 | + | ||
53 | <IfDefine SSL> | ||
54 | LoadModule ssl_module modules/mod_ssl.so | ||
55 | |||
56 | Index: git-2.5.0/t/t5812-proto-disable-http.sh | ||
57 | =================================================================== | ||
58 | --- git-2.5.0.orig/t/t5812-proto-disable-http.sh 2015-12-11 12:48:02.900163824 -0500 | ||
59 | +++ git-2.5.0/t/t5812-proto-disable-http.sh 2015-12-11 12:48:02.896163796 -0500 | ||
60 | @@ -25,5 +25,9 @@ | ||
61 | } | ||
62 | ' | ||
63 | |||
64 | +test_expect_success 'curl limits redirects' ' | ||
65 | + test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git" | ||
66 | +' | ||
67 | + | ||
68 | stop_httpd | ||
69 | test_done | ||
diff --git a/meta/recipes-devtools/git/git_2.5.0.bb b/meta/recipes-devtools/git/git_2.5.0.bb index de686c2b24..792f258388 100644 --- a/meta/recipes-devtools/git/git_2.5.0.bb +++ b/meta/recipes-devtools/git/git_2.5.0.bb | |||
@@ -9,3 +9,11 @@ SRC_URI[tarball.md5sum] = "3bc9b0a803ae8ec6c5316cc64f0b7f78" | |||
9 | SRC_URI[tarball.sha256sum] = "8fa13ba8434ff83d24f57f831d55dbb9046434c266641180a37744facfce72ac" | 9 | SRC_URI[tarball.sha256sum] = "8fa13ba8434ff83d24f57f831d55dbb9046434c266641180a37744facfce72ac" |
10 | SRC_URI[manpages.md5sum] = "134b049e51420a336049aac21c88a75a" | 10 | SRC_URI[manpages.md5sum] = "134b049e51420a336049aac21c88a75a" |
11 | SRC_URI[manpages.sha256sum] = "745e4e797fe5061e781c880d370b1beb480199127da5acaf4e376e0b09d4d685" | 11 | SRC_URI[manpages.sha256sum] = "745e4e797fe5061e781c880d370b1beb480199127da5acaf4e376e0b09d4d685" |
12 | |||
13 | SRC_URI += "\ | ||
14 | file://0008-CVE-2015-7545-1.patch \ | ||
15 | file://0009-CVE-2015-7545-2.patch \ | ||
16 | file://0010-CVE-2015-7545-3.patch \ | ||
17 | file://0011-CVE-2015-7545-4.patch \ | ||
18 | file://0012-CVE-2015-7545-5.patch \ | ||
19 | " | ||