summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-09-17 15:22:39 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-09-23 23:22:03 +0100
commitfc1ba0b67fd614ad1603f7d5282e90bceef069c8 (patch)
tree286bb69c9882e0c2d59d782d2893d3f84b4ffbf6
parent9657825ef32ab0c864b1d9de92325b661da046b0 (diff)
downloadpoky-fc1ba0b67fd614ad1603f7d5282e90bceef069c8.tar.gz
git: Security fix CVE-2016-2315 CVE-2016-2324
git versions < 2.5.5 & 2.7.4 (From OE-Core rev: 64ff6226d0c927c05fc42fd9ca8b31bac129b16d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch307
-rw-r--r--meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p1.patch115
-rw-r--r--meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p2.patch89
-rw-r--r--meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch160
-rw-r--r--meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p4.patch237
-rw-r--r--meta/recipes-devtools/git/git_2.5.0.bb5
6 files changed, 913 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch
new file mode 100644
index 0000000000..756ae660e9
--- /dev/null
+++ b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch
@@ -0,0 +1,307 @@
1From 2824e1841b99393d2469c495253d547c643bd8f1 Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Thu, 11 Feb 2016 17:28:36 -0500
4Subject: [PATCH] list-objects: pass full pathname to callbacks
5
6When we find a blob at "a/b/c", we currently pass this to
7our show_object_fn callbacks as two components: "a/b/" and
8"c". Callbacks which want the full value then call
9path_name(), which concatenates the two. But this is an
10inefficient interface; the path is a strbuf, and we could
11simply append "c" to it temporarily, then roll back the
12length, without creating a new copy.
13
14So we could improve this by teaching the callsites of
15path_name() this trick (and there are only 3). But we can
16also notice that no callback actually cares about the
17broken-down representation, and simply pass each callback
18the full path "a/b/c" as a string. The callback code becomes
19even simpler, then, as we do not have to worry about freeing
20an allocated buffer, nor rolling back our modification to
21the strbuf.
22
23This is theoretically less efficient, as some callbacks
24would not bother to format the final path component. But in
25practice this is not measurable. Since we use the same
26strbuf over and over, our work to grow it is amortized, and
27we really only pay to memcpy a few bytes.
28
29Signed-off-by: Jeff King <peff@peff.net>
30Signed-off-by: Junio C Hamano <gitster@pobox.com>
31
32Upstream-Status: Backport
33CVE: CVE-2016-2315 and CVE-2016-2324 (actual fixs)
34Signed-off-by: Armin Kuster <akuster@mvista.com>
35
36---
37 builtin/pack-objects.c | 15 ++-------------
38 builtin/rev-list.c | 12 ++++--------
39 list-objects.c | 14 +++++++++-----
40 list-objects.h | 2 +-
41 pack-bitmap-write.c | 3 +--
42 pack-bitmap.c | 13 ++++---------
43 reachable.c | 5 ++---
44 revision.c | 17 ++---------------
45 revision.h | 3 +--
46 9 files changed, 26 insertions(+), 58 deletions(-)
47
48Index: git-2.5.0/builtin/pack-objects.c
49===================================================================
50--- git-2.5.0.orig/builtin/pack-objects.c
51+++ git-2.5.0/builtin/pack-objects.c
52@@ -2284,21 +2284,11 @@ static void show_commit(struct commit *c
53 index_commit_for_bitmap(commit);
54 }
55
56-static void show_object(struct object *obj,
57- struct strbuf *path, const char *last,
58- void *data)
59+static void show_object(struct object *obj, const char *name, void *data)
60 {
61- char *name = path_name(path, last);
62-
63 add_preferred_base_object(name);
64 add_object_entry(obj->sha1, obj->type, name, 0);
65 obj->flags |= OBJECT_ADDED;
66-
67- /*
68- * We will have generated the hash from the name,
69- * but not saved a pointer to it - we can free it
70- */
71- free((char *)name);
72 }
73
74 static void show_edge(struct commit *commit)
75@@ -2480,8 +2470,7 @@ static int get_object_list_from_bitmap(s
76 }
77
78 static void record_recent_object(struct object *obj,
79- struct strbuf *path,
80- const char *last,
81+ const char *name,
82 void *data)
83 {
84 sha1_array_append(&recent_objects, obj->sha1);
85Index: git-2.5.0/builtin/rev-list.c
86===================================================================
87--- git-2.5.0.orig/builtin/rev-list.c
88+++ git-2.5.0/builtin/rev-list.c
89@@ -177,9 +177,7 @@ static void finish_commit(struct commit
90 free_commit_buffer(commit);
91 }
92
93-static void finish_object(struct object *obj,
94- struct strbuf *path, const char *name,
95- void *cb_data)
96+static void finish_object(struct object *obj, const char *name, void *cb_data)
97 {
98 struct rev_list_info *info = cb_data;
99 if (obj->type == OBJ_BLOB && !has_sha1_file(obj->sha1))
100@@ -188,15 +186,13 @@ static void finish_object(struct object
101 parse_object(obj->sha1);
102 }
103
104-static void show_object(struct object *obj,
105- struct strbuf *path, const char *component,
106- void *cb_data)
107+static void show_object(struct object *obj, const char *name, void *cb_data)
108 {
109 struct rev_list_info *info = cb_data;
110- finish_object(obj, path, component, cb_data);
111+ finish_object(obj, name, cb_data);
112 if (info->flags & REV_LIST_QUIET)
113 return;
114- show_object_with_name(stdout, obj, path, component);
115+ show_object_with_name(stdout, obj, name);
116 }
117
118 static void show_edge(struct commit *commit)
119Index: git-2.5.0/list-objects.c
120===================================================================
121--- git-2.5.0.orig/list-objects.c
122+++ git-2.5.0/list-objects.c
123@@ -16,6 +16,7 @@ static void process_blob(struct rev_info
124 void *cb_data)
125 {
126 struct object *obj = &blob->object;
127+ size_t pathlen;
128
129 if (!revs->blob_objects)
130 return;
131@@ -24,7 +25,11 @@ static void process_blob(struct rev_info
132 if (obj->flags & (UNINTERESTING | SEEN))
133 return;
134 obj->flags |= SEEN;
135- show(obj, path, name, cb_data);
136+
137+ pathlen = path->len;
138+ strbuf_addstr(path, name);
139+ show(obj, path->buf, cb_data);
140+ strbuf_setlen(path, pathlen);
141 }
142
143 /*
144@@ -86,9 +91,8 @@ static void process_tree(struct rev_info
145 }
146
147 obj->flags |= SEEN;
148- show(obj, base, name, cb_data);
149-
150 strbuf_addstr(base, name);
151+ show(obj, base->buf, cb_data);
152 if (base->len)
153 strbuf_addch(base, '/');
154
155@@ -207,7 +211,7 @@ void traverse_commit_list(struct rev_inf
156 continue;
157 if (obj->type == OBJ_TAG) {
158 obj->flags |= SEEN;
159- show_object(obj, NULL, name, data);
160+ show_object(obj, name, data);
161 continue;
162 }
163 if (!path)
164@@ -219,7 +223,7 @@ void traverse_commit_list(struct rev_inf
165 }
166 if (obj->type == OBJ_BLOB) {
167 process_blob(revs, (struct blob *)obj, show_object,
168- NULL, path, data);
169+ &base, path, data);
170 continue;
171 }
172 die("unknown pending object %s (%s)",
173Index: git-2.5.0/list-objects.h
174===================================================================
175--- git-2.5.0.orig/list-objects.h
176+++ git-2.5.0/list-objects.h
177@@ -2,7 +2,7 @@
178 #define LIST_OBJECTS_H
179
180 typedef void (*show_commit_fn)(struct commit *, void *);
181-typedef void (*show_object_fn)(struct object *, struct strbuf *, const char *, void *);
182+typedef void (*show_object_fn)(struct object *, const char *, void *);
183 void traverse_commit_list(struct rev_info *, show_commit_fn, show_object_fn, void *);
184
185 typedef void (*show_edge_fn)(struct commit *);
186Index: git-2.5.0/pack-bitmap-write.c
187===================================================================
188--- git-2.5.0.orig/pack-bitmap-write.c
189+++ git-2.5.0/pack-bitmap-write.c
190@@ -148,8 +148,7 @@ static uint32_t find_object_pos(const un
191 return entry->in_pack_pos;
192 }
193
194-static void show_object(struct object *object, struct strbuf *path,
195- const char *last, void *data)
196+static void show_object(struct object *object, const char *name, void *data)
197 {
198 struct bitmap *base = data;
199 bitmap_set(base, find_object_pos(object->sha1));
200Index: git-2.5.0/pack-bitmap.c
201===================================================================
202--- git-2.5.0.orig/pack-bitmap.c
203+++ git-2.5.0/pack-bitmap.c
204@@ -422,19 +422,15 @@ static int ext_index_add_object(struct o
205 return bitmap_pos + bitmap_git.pack->num_objects;
206 }
207
208-static void show_object(struct object *object, struct strbuf *path,
209- const char *last, void *data)
210+static void show_object(struct object *object, const char *name, void *data)
211 {
212 struct bitmap *base = data;
213 int bitmap_pos;
214
215 bitmap_pos = bitmap_position(object->sha1);
216
217- if (bitmap_pos < 0) {
218- char *name = path_name(path, last);
219+ if (bitmap_pos < 0)
220 bitmap_pos = ext_index_add_object(object, name);
221- free(name);
222- }
223
224 bitmap_set(base, bitmap_pos);
225 }
226@@ -902,9 +898,8 @@ struct bitmap_test_data {
227 size_t seen;
228 };
229
230-static void test_show_object(struct object *object,
231- struct strbuf *path,
232- const char *last, void *data)
233+static void test_show_object(struct object *object, const char *name,
234+ void *data)
235 {
236 struct bitmap_test_data *tdata = data;
237 int bitmap_pos;
238Index: git-2.5.0/reachable.c
239===================================================================
240--- git-2.5.0.orig/reachable.c
241+++ git-2.5.0/reachable.c
242@@ -37,15 +37,14 @@ static int add_one_ref(const char *path,
243 * The traversal will have already marked us as SEEN, so we
244 * only need to handle any progress reporting here.
245 */
246-static void mark_object(struct object *obj, struct strbuf *path,
247- const char *name, void *data)
248+static void mark_object(struct object *obj, const char *name, void *data)
249 {
250 update_progress(data);
251 }
252
253 static void mark_commit(struct commit *c, void *data)
254 {
255- mark_object(&c->object, NULL, NULL, data);
256+ mark_object(&c->object, NULL, data);
257 }
258
259 struct recent_data {
260Index: git-2.5.0/revision.c
261===================================================================
262--- git-2.5.0.orig/revision.c
263+++ git-2.5.0/revision.c
264@@ -21,27 +21,14 @@
265
266 volatile show_early_output_fn_t show_early_output;
267
268-char *path_name(struct strbuf *path, const char *name)
269+void show_object_with_name(FILE *out, struct object *obj, const char *name)
270 {
271- struct strbuf ret = STRBUF_INIT;
272- if (path)
273- strbuf_addbuf(&ret, path);
274- strbuf_addstr(&ret, name);
275- return strbuf_detach(&ret, NULL);
276-}
277-
278-void show_object_with_name(FILE *out, struct object *obj,
279- struct strbuf *path, const char *component)
280-{
281- char *name = path_name(path, component);
282- char *p;
283+ const char *p;
284
285 fprintf(out, "%s ", sha1_to_hex(obj->sha1));
286 for (p = name; *p && *p != '\n'; p++)
287 fputc(*p, out);
288 fputc('\n', out);
289-
290- free(name);
291 }
292
293 static void mark_blob_uninteresting(struct blob *blob)
294Index: git-2.5.0/revision.h
295===================================================================
296--- git-2.5.0.orig/revision.h
297+++ git-2.5.0/revision.h
298@@ -258,8 +258,7 @@ extern void mark_tree_uninteresting(stru
299
300 char *path_name(struct strbuf *path, const char *name);
301
302-extern void show_object_with_name(FILE *, struct object *,
303- struct strbuf *, const char *);
304+extern void show_object_with_name(FILE *, struct object *, const char *);
305
306 extern void add_pending_object(struct rev_info *revs,
307 struct object *obj, const char *name);
diff --git a/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p1.patch b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p1.patch
new file mode 100644
index 0000000000..d251a3d5ab
--- /dev/null
+++ b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p1.patch
@@ -0,0 +1,115 @@
1From c6bd2a1decc252d823104f9849c87ec8484b18ea Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Thu, 11 Feb 2016 17:23:48 -0500
4Subject: [PATCH] http-push: stop using name_path
5
6The graph traversal code here passes along a name_path to
7build up the pathname at which we find each blob. But we
8never actually do anything with the resulting names, making
9it a waste of code and memory.
10
11This usage came in aa1dbc9 (Update http-push functionality,
122006-03-07), and originally the result was passed to
13"add_object" (which stored it, but didn't really use it,
14either). But we stopped using that function in 1f1e895 (Add
15"named object array" concept, 2006-06-19) in favor of
16storing just the objects themselves.
17
18Moreover, the generation of the name in process_tree() is
19buggy. It sticks "name" onto the end of the name_path linked
20list, and then passes it down again as it recurses (instead
21of "entry.path"). So it's a good thing this was unused, as
22the resulting path for "a/b/c/d" would end up as "a/a/a/a".
23
24Signed-off-by: Jeff King <peff@peff.net>
25Signed-off-by: Junio C Hamano <gitster@pobox.com>
26
27Upstream-Status: Backport
28CVE: CVE-2016-2315 patch1
29Signed-off-by: Armin Kuster <akuster@mvista.com>
30
31---
32 http-push.c | 23 +++++++----------------
33 1 file changed, 7 insertions(+), 16 deletions(-)
34
35diff --git a/http-push.c b/http-push.c
36index c98dad2..8341909 100644
37--- a/http-push.c
38+++ b/http-push.c
39@@ -1276,9 +1276,7 @@ static struct object_list **add_one_object(struct object *obj, struct object_lis
40 }
41
42 static struct object_list **process_blob(struct blob *blob,
43- struct object_list **p,
44- struct name_path *path,
45- const char *name)
46+ struct object_list **p)
47 {
48 struct object *obj = &blob->object;
49
50@@ -1292,14 +1290,11 @@ static struct object_list **process_blob(struct blob *blob,
51 }
52
53 static struct object_list **process_tree(struct tree *tree,
54- struct object_list **p,
55- struct name_path *path,
56- const char *name)
57+ struct object_list **p)
58 {
59 struct object *obj = &tree->object;
60 struct tree_desc desc;
61 struct name_entry entry;
62- struct name_path me;
63
64 obj->flags |= LOCAL;
65
66@@ -1309,21 +1304,17 @@ static struct object_list **process_tree(struct tree *tree,
67 die("bad tree object %s", sha1_to_hex(obj->sha1));
68
69 obj->flags |= SEEN;
70- name = xstrdup(name);
71 p = add_one_object(obj, p);
72- me.up = path;
73- me.elem = name;
74- me.elem_len = strlen(name);
75
76 init_tree_desc(&desc, tree->buffer, tree->size);
77
78 while (tree_entry(&desc, &entry))
79 switch (object_type(entry.mode)) {
80 case OBJ_TREE:
81- p = process_tree(lookup_tree(entry.sha1), p, &me, name);
82+ p = process_tree(lookup_tree(entry.sha1), p);
83 break;
84 case OBJ_BLOB:
85- p = process_blob(lookup_blob(entry.sha1), p, &me, name);
86+ p = process_blob(lookup_blob(entry.sha1), p);
87 break;
88 default:
89 /* Subproject commit - not in this repository */
90@@ -1342,7 +1333,7 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock)
91 int count = 0;
92
93 while ((commit = get_revision(revs)) != NULL) {
94- p = process_tree(commit->tree, p, NULL, "");
95+ p = process_tree(commit->tree, p);
96 commit->object.flags |= LOCAL;
97 if (!(commit->object.flags & UNINTERESTING))
98 count += add_send_request(&commit->object, lock);
99@@ -1361,11 +1352,11 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock)
100 continue;
101 }
102 if (obj->type == OBJ_TREE) {
103- p = process_tree((struct tree *)obj, p, NULL, name);
104+ p = process_tree((struct tree *)obj, p);
105 continue;
106 }
107 if (obj->type == OBJ_BLOB) {
108- p = process_blob((struct blob *)obj, p, NULL, name);
109+ p = process_blob((struct blob *)obj, p);
110 continue;
111 }
112 die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name);
113--
1142.7.4
115
diff --git a/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p2.patch b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p2.patch
new file mode 100644
index 0000000000..92f65aa7cb
--- /dev/null
+++ b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p2.patch
@@ -0,0 +1,89 @@
1From 8eee9f9277b6e38ec46c84f4ca3be5d988ca0a33 Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Thu, 11 Feb 2016 17:24:18 -0500
4Subject: [PATCH] show_object_with_name: simplify by using path_name()
5
6When "git rev-list" shows an object with its associated path
7name, it does so by walking the name_path linked list and
8printing each component (stopping at any embedded NULs or
9newlines).
10
11We'd like to eventually get rid of name_path entirely in
12favor of a single buffer, and dropping this custom printing
13code is part of that. As a first step, let's use path_name()
14to format the list into a single buffer, and print that.
15This is strictly less efficient than the original, but it's
16a temporary step in the refactoring; our end game will be to
17get the fully formatted name in the first place.
18
19Signed-off-by: Jeff King <peff@peff.net>
20Signed-off-by: Junio C Hamano <gitster@pobox.com>
21
22Upstream-Status: Backport
23CVE: CVE-2016-2315 patch2
24Signed-off-by: Armin Kuster <akuster@mvista.com>
25
26---
27 revision.c | 40 ++++++----------------------------------
28 1 file changed, 6 insertions(+), 34 deletions(-)
29
30diff --git a/revision.c b/revision.c
31index 0b322b4..cf544b6 100644
32--- a/revision.c
33+++ b/revision.c
34@@ -45,46 +45,18 @@ char *path_name(const struct name_path *path, const char *name)
35 return n;
36 }
37
38-static int show_path_component_truncated(FILE *out, const char *name, int len)
39-{
40- int cnt;
41- for (cnt = 0; cnt < len; cnt++) {
42- int ch = name[cnt];
43- if (!ch || ch == '\n')
44- return -1;
45- fputc(ch, out);
46- }
47- return len;
48-}
49-
50-static int show_path_truncated(FILE *out, const struct name_path *path)
51-{
52- int emitted, ours;
53-
54- if (!path)
55- return 0;
56- emitted = show_path_truncated(out, path->up);
57- if (emitted < 0)
58- return emitted;
59- if (emitted)
60- fputc('/', out);
61- ours = show_path_component_truncated(out, path->elem, path->elem_len);
62- if (ours < 0)
63- return ours;
64- return ours || emitted;
65-}
66-
67 void show_object_with_name(FILE *out, struct object *obj,
68 const struct name_path *path, const char *component)
69 {
70- struct name_path leaf;
71- leaf.up = (struct name_path *)path;
72- leaf.elem = component;
73- leaf.elem_len = strlen(component);
74+ char *name = path_name(path, component);
75+ char *p;
76
77 fprintf(out, "%s ", sha1_to_hex(obj->sha1));
78- show_path_truncated(out, &leaf);
79+ for (p = name; *p && *p != '\n'; p++)
80+ fputc(*p, out);
81 fputc('\n', out);
82+
83+ free(name);
84 }
85
86 static void mark_blob_uninteresting(struct blob *blob)
87--
882.7.4
89
diff --git a/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch
new file mode 100644
index 0000000000..35aded049d
--- /dev/null
+++ b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch
@@ -0,0 +1,160 @@
1From f3badaed5106a16499d0fae31a382f9047b272d7 Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Thu, 11 Feb 2016 17:26:18 -0500
4Subject: [PATCH] list-objects: convert name_path to a strbuf
5
6The "struct name_path" data is examined in only two places:
7we generate it in process_tree(), and we convert it to a
8single string in path_name(). Everyone else just passes it
9through to those functions.
10
11We can further note that process_tree() already keeps a
12single strbuf with the leading tree path, for use with
13tree_entry_interesting().
14
15Instead of building a separate name_path linked list, let's
16just use the one we already build in "base". This reduces
17the amount of code (especially tricky code in path_name()
18which did not check for integer overflows caused by deep
19or large pathnames).
20
21It is also more efficient in some instances. Any time we
22were using tree_entry_interesting, we were building up the
23strbuf anyway, so this is an immediate and obvious win
24there. In cases where we were not, we trade off storing
25"pathname/" in a strbuf on the heap for each level of the
26path, instead of two pointers and an int on the stack (with
27one pointer into the tree object). On a 64-bit system, the
28latter is 20 bytes; so if path components are less than that
29on average, this has lower peak memory usage. In practice
30it probably doesn't matter either way; we are already
31holding in memory all of the tree objects leading up to each
32pathname, and for normal-depth pathnames, we are only
33talking about hundreds of bytes.
34
35This patch leaves "struct name_path" as a thin wrapper
36around the strbuf, to avoid disrupting callbacks. We should
37fix them, but leaving it out makes this diff easier to view.
38
39Signed-off-by: Jeff King <peff@peff.net>
40Signed-off-by: Junio C Hamano <gitster@pobox.com>
41
42Upstream-Status: Backport
43CVE: CVE-2016-2315 patch3
44Signed-off-by: Armin Kuster <akuster@mvista.com>
45
46---
47 list-objects.c | 22 +++++++++-------------
48 revision.c | 25 +++++--------------------
49 revision.h | 4 +---
50 3 files changed, 15 insertions(+), 36 deletions(-)
51
52diff --git a/list-objects.c b/list-objects.c
53index 41736d2..dc46b9a 100644
54--- a/list-objects.c
55+++ b/list-objects.c
56@@ -62,7 +62,6 @@ static void process_gitlink(struct rev_info *revs,
57 static void process_tree(struct rev_info *revs,
58 struct tree *tree,
59 show_object_fn show,
60- struct name_path *path,
61 struct strbuf *base,
62 const char *name,
63 void *cb_data)
64@@ -86,17 +85,14 @@ static void process_tree(struct rev_info *revs,
65 return;
66 die("bad tree object %s", sha1_to_hex(obj->sha1));
67 }
68+
69 obj->flags |= SEEN;
70- show(obj, path, name, cb_data);
71- me.up = path;
72- me.elem = name;
73- me.elem_len = strlen(name);
74-
75- if (!match) {
76- strbuf_addstr(base, name);
77- if (base->len)
78- strbuf_addch(base, '/');
79- }
80+ me.base = base;
81+ show(obj, &me, name, cb_data);
82+
83+ strbuf_addstr(base, name);
84+ if (base->len)
85+ strbuf_addch(base, '/');
86
87 init_tree_desc(&desc, tree->buffer, tree->size);
88
89@@ -113,7 +109,7 @@ static void process_tree(struct rev_info *revs,
90 if (S_ISDIR(entry.mode))
91 process_tree(revs,
92 lookup_tree(entry.sha1),
93- show, &me, base, entry.path,
94+ show, base, entry.path,
95 cb_data);
96 else if (S_ISGITLINK(entry.mode))
97 process_gitlink(revs, entry.sha1,
98@@ -220,7 +216,7 @@ void traverse_commit_list(struct rev_info *revs,
99 path = "";
100 if (obj->type == OBJ_TREE) {
101 process_tree(revs, (struct tree *)obj, show_object,
102- NULL, &base, path, data);
103+ &base, path, data);
104 continue;
105 }
106 if (obj->type == OBJ_BLOB) {
107diff --git a/revision.c b/revision.c
108index cf544b6..f8c3034 100644
109--- a/revision.c
110+++ b/revision.c
111@@ -23,26 +23,11 @@ volatile show_early_output_fn_t show_early_output;
112
113 char *path_name(const struct name_path *path, const char *name)
114 {
115- const struct name_path *p;
116- char *n, *m;
117- int nlen = strlen(name);
118- int len = nlen + 1;
119-
120- for (p = path; p; p = p->up) {
121- if (p->elem_len)
122- len += p->elem_len + 1;
123- }
124- n = xmalloc(len);
125- m = n + len - (nlen + 1);
126- strcpy(m, name);
127- for (p = path; p; p = p->up) {
128- if (p->elem_len) {
129- m -= p->elem_len + 1;
130- memcpy(m, p->elem, p->elem_len);
131- m[p->elem_len] = '/';
132- }
133- }
134- return n;
135+ struct strbuf ret = STRBUF_INIT;
136+ if (path)
137+ strbuf_addbuf(&ret, path->base);
138+ strbuf_addstr(&ret, name);
139+ return strbuf_detach(&ret, NULL);
140 }
141
142 void show_object_with_name(FILE *out, struct object *obj,
143diff --git a/revision.h b/revision.h
144index 0ea8b4e..5e3c47c 100644
145--- a/revision.h
146+++ b/revision.h
147@@ -257,9 +257,7 @@ extern void mark_parents_uninteresting(struct commit *commit);
148 extern void mark_tree_uninteresting(struct tree *tree);
149
150 struct name_path {
151- struct name_path *up;
152- int elem_len;
153- const char *elem;
154+ struct strbuf *base;
155 };
156
157 char *path_name(const struct name_path *path, const char *name);
158--
1592.7.4
160
diff --git a/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p4.patch b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p4.patch
new file mode 100644
index 0000000000..ee2d8cde35
--- /dev/null
+++ b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p4.patch
@@ -0,0 +1,237 @@
1From dc06dc880013d48f2b09c6b4295419382f3b8230 Mon Sep 17 00:00:00 2001
2From: Jeff King <peff@peff.net>
3Date: Thu, 11 Feb 2016 17:26:44 -0500
4Subject: [PATCH] list-objects: drop name_path entirely
5
6In the previous commit, we left name_path as a thin wrapper
7around a strbuf. This patch drops it entirely. As a result,
8every show_object_fn callback needs to be adjusted. However,
9none of their code needs to be changed at all, because the
10only use was to pass it to path_name(), which now handles
11the bare strbuf.
12
13Signed-off-by: Jeff King <peff@peff.net>
14Signed-off-by: Junio C Hamano <gitster@pobox.com>
15
16Upstream-Status: Backport
17CVE: CVE-2016-2315 patch4
18Signed-off-by: Armin Kuster <akuster@mvista.com>
19
20---
21 builtin/pack-objects.c | 4 ++--
22 builtin/rev-list.c | 4 ++--
23 list-objects.c | 12 +++++-------
24 list-objects.h | 2 +-
25 pack-bitmap-write.c | 2 +-
26 pack-bitmap.c | 4 ++--
27 reachable.c | 2 +-
28 revision.c | 6 +++---
29 revision.h | 8 ++------
30 9 files changed, 19 insertions(+), 25 deletions(-)
31
32Index: git-2.5.0/builtin/pack-objects.c
33===================================================================
34--- git-2.5.0.orig/builtin/pack-objects.c
35+++ git-2.5.0/builtin/pack-objects.c
36@@ -2285,7 +2285,7 @@ static void show_commit(struct commit *c
37 }
38
39 static void show_object(struct object *obj,
40- const struct name_path *path, const char *last,
41+ struct strbuf *path, const char *last,
42 void *data)
43 {
44 char *name = path_name(path, last);
45@@ -2480,7 +2480,7 @@ static int get_object_list_from_bitmap(s
46 }
47
48 static void record_recent_object(struct object *obj,
49- const struct name_path *path,
50+ struct strbuf *path,
51 const char *last,
52 void *data)
53 {
54Index: git-2.5.0/builtin/rev-list.c
55===================================================================
56--- git-2.5.0.orig/builtin/rev-list.c
57+++ git-2.5.0/builtin/rev-list.c
58@@ -178,7 +178,7 @@ static void finish_commit(struct commit
59 }
60
61 static void finish_object(struct object *obj,
62- const struct name_path *path, const char *name,
63+ struct strbuf *path, const char *name,
64 void *cb_data)
65 {
66 struct rev_list_info *info = cb_data;
67@@ -189,7 +189,7 @@ static void finish_object(struct object
68 }
69
70 static void show_object(struct object *obj,
71- const struct name_path *path, const char *component,
72+ struct strbuf *path, const char *component,
73 void *cb_data)
74 {
75 struct rev_list_info *info = cb_data;
76Index: git-2.5.0/list-objects.c
77===================================================================
78--- git-2.5.0.orig/list-objects.c
79+++ git-2.5.0/list-objects.c
80@@ -11,7 +11,7 @@
81 static void process_blob(struct rev_info *revs,
82 struct blob *blob,
83 show_object_fn show,
84- struct name_path *path,
85+ struct strbuf *path,
86 const char *name,
87 void *cb_data)
88 {
89@@ -52,7 +52,7 @@ static void process_blob(struct rev_info
90 static void process_gitlink(struct rev_info *revs,
91 const unsigned char *sha1,
92 show_object_fn show,
93- struct name_path *path,
94+ struct strbuf *path,
95 const char *name,
96 void *cb_data)
97 {
98@@ -69,7 +69,6 @@ static void process_tree(struct rev_info
99 struct object *obj = &tree->object;
100 struct tree_desc desc;
101 struct name_entry entry;
102- struct name_path me;
103 enum interesting match = revs->diffopt.pathspec.nr == 0 ?
104 all_entries_interesting: entry_not_interesting;
105 int baselen = base->len;
106@@ -87,8 +86,7 @@ static void process_tree(struct rev_info
107 }
108
109 obj->flags |= SEEN;
110- me.base = base;
111- show(obj, &me, name, cb_data);
112+ show(obj, base, name, cb_data);
113
114 strbuf_addstr(base, name);
115 if (base->len)
116@@ -113,12 +111,12 @@ static void process_tree(struct rev_info
117 cb_data);
118 else if (S_ISGITLINK(entry.mode))
119 process_gitlink(revs, entry.sha1,
120- show, &me, entry.path,
121+ show, base, entry.path,
122 cb_data);
123 else
124 process_blob(revs,
125 lookup_blob(entry.sha1),
126- show, &me, entry.path,
127+ show, base, entry.path,
128 cb_data);
129 }
130 strbuf_setlen(base, baselen);
131Index: git-2.5.0/list-objects.h
132===================================================================
133--- git-2.5.0.orig/list-objects.h
134+++ git-2.5.0/list-objects.h
135@@ -2,7 +2,7 @@
136 #define LIST_OBJECTS_H
137
138 typedef void (*show_commit_fn)(struct commit *, void *);
139-typedef void (*show_object_fn)(struct object *, const struct name_path *, const char *, void *);
140+typedef void (*show_object_fn)(struct object *, struct strbuf *, const char *, void *);
141 void traverse_commit_list(struct rev_info *, show_commit_fn, show_object_fn, void *);
142
143 typedef void (*show_edge_fn)(struct commit *);
144Index: git-2.5.0/pack-bitmap-write.c
145===================================================================
146--- git-2.5.0.orig/pack-bitmap-write.c
147+++ git-2.5.0/pack-bitmap-write.c
148@@ -148,7 +148,7 @@ static uint32_t find_object_pos(const un
149 return entry->in_pack_pos;
150 }
151
152-static void show_object(struct object *object, const struct name_path *path,
153+static void show_object(struct object *object, struct strbuf *path,
154 const char *last, void *data)
155 {
156 struct bitmap *base = data;
157Index: git-2.5.0/pack-bitmap.c
158===================================================================
159--- git-2.5.0.orig/pack-bitmap.c
160+++ git-2.5.0/pack-bitmap.c
161@@ -422,7 +422,7 @@ static int ext_index_add_object(struct o
162 return bitmap_pos + bitmap_git.pack->num_objects;
163 }
164
165-static void show_object(struct object *object, const struct name_path *path,
166+static void show_object(struct object *object, struct strbuf *path,
167 const char *last, void *data)
168 {
169 struct bitmap *base = data;
170@@ -903,7 +903,7 @@ struct bitmap_test_data {
171 };
172
173 static void test_show_object(struct object *object,
174- const struct name_path *path,
175+ struct strbuf *path,
176 const char *last, void *data)
177 {
178 struct bitmap_test_data *tdata = data;
179Index: git-2.5.0/reachable.c
180===================================================================
181--- git-2.5.0.orig/reachable.c
182+++ git-2.5.0/reachable.c
183@@ -37,7 +37,7 @@ static int add_one_ref(const char *path,
184 * The traversal will have already marked us as SEEN, so we
185 * only need to handle any progress reporting here.
186 */
187-static void mark_object(struct object *obj, const struct name_path *path,
188+static void mark_object(struct object *obj, struct strbuf *path,
189 const char *name, void *data)
190 {
191 update_progress(data);
192Index: git-2.5.0/revision.c
193===================================================================
194--- git-2.5.0.orig/revision.c
195+++ git-2.5.0/revision.c
196@@ -21,17 +21,17 @@
197
198 volatile show_early_output_fn_t show_early_output;
199
200-char *path_name(const struct name_path *path, const char *name)
201+char *path_name(struct strbuf *path, const char *name)
202 {
203 struct strbuf ret = STRBUF_INIT;
204 if (path)
205- strbuf_addbuf(&ret, path->base);
206+ strbuf_addbuf(&ret, path);
207 strbuf_addstr(&ret, name);
208 return strbuf_detach(&ret, NULL);
209 }
210
211 void show_object_with_name(FILE *out, struct object *obj,
212- const struct name_path *path, const char *component)
213+ struct strbuf *path, const char *component)
214 {
215 char *name = path_name(path, component);
216 char *p;
217Index: git-2.5.0/revision.h
218===================================================================
219--- git-2.5.0.orig/revision.h
220+++ git-2.5.0/revision.h
221@@ -256,14 +256,10 @@ extern void put_revision_mark(const stru
222 extern void mark_parents_uninteresting(struct commit *commit);
223 extern void mark_tree_uninteresting(struct tree *tree);
224
225-struct name_path {
226- struct strbuf *base;
227-};
228-
229-char *path_name(const struct name_path *path, const char *name);
230+char *path_name(struct strbuf *path, const char *name);
231
232 extern void show_object_with_name(FILE *, struct object *,
233- const struct name_path *, const char *);
234+ struct strbuf *, const char *);
235
236 extern void add_pending_object(struct rev_info *revs,
237 struct object *obj, const char *name);
diff --git a/meta/recipes-devtools/git/git_2.5.0.bb b/meta/recipes-devtools/git/git_2.5.0.bb
index 792f258388..d5ceba5319 100644
--- a/meta/recipes-devtools/git/git_2.5.0.bb
+++ b/meta/recipes-devtools/git/git_2.5.0.bb
@@ -16,4 +16,9 @@ SRC_URI += "\
16 file://0010-CVE-2015-7545-3.patch \ 16 file://0010-CVE-2015-7545-3.patch \
17 file://0011-CVE-2015-7545-4.patch \ 17 file://0011-CVE-2015-7545-4.patch \
18 file://0012-CVE-2015-7545-5.patch \ 18 file://0012-CVE-2015-7545-5.patch \
19 file://CVE-2016-2315_p1.patch \
20 file://CVE-2016-2315_p2.patch \
21 file://CVE-2016-2315_p3.patch \
22 file://CVE-2016-2315_p4.patch \
23 file://CVE-2016-2315_2324.patch \
19 " 24 "