diff options
author | Armin Kuster <akuster@mvista.com> | 2016-02-23 17:38:25 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-03-03 11:11:40 +0000 |
commit | f98b8b767d66e0e4bfa6f3e8ef7e44a4d45270e3 (patch) | |
tree | eaf1e0b535b1f650b15c25daef6fb3274ccedb58 /meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch | |
parent | 3aa8ba185b381088f4c51d7ba48fb109f2fc679b (diff) | |
download | poky-f98b8b767d66e0e4bfa6f3e8ef7e44a4d45270e3.tar.gz |
git: Security fixes CVE-2015-7545
CVE-2015-7545 git: arbitrary code execution via crafted URLs
(From OE-Core rev: 0c4bdd61acbc1fa1b9bfb167d8eaf90c8bccc25c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Already in Jethro, not needed in master due to shipping a version of git
which is already fixes (> 2.6.1)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch')
-rw-r--r-- | meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch b/meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch new file mode 100644 index 0000000000..fafd3c2033 --- /dev/null +++ b/meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch | |||
@@ -0,0 +1,146 @@ | |||
1 | From f4113cac0c88b4f36ee6f3abf3218034440a68e3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Blake Burkhart <bburky@bburky.com> | ||
3 | Date: Tue, 22 Sep 2015 18:06:04 -0400 | ||
4 | Subject: [PATCH] http: limit redirection to protocol-whitelist | ||
5 | |||
6 | Previously, libcurl would follow redirection to any protocol | ||
7 | it was compiled for support with. This is desirable to allow | ||
8 | redirection from HTTP to HTTPS. However, it would even | ||
9 | successfully allow redirection from HTTP to SFTP, a protocol | ||
10 | that git does not otherwise support at all. Furthermore | ||
11 | git's new protocol-whitelisting could be bypassed by | ||
12 | following a redirect within the remote helper, as it was | ||
13 | only enforced at transport selection time. | ||
14 | |||
15 | This patch limits redirects within libcurl to HTTP, HTTPS, | ||
16 | FTP and FTPS. If there is a protocol-whitelist present, this | ||
17 | list is limited to those also allowed by the whitelist. As | ||
18 | redirection happens from within libcurl, it is impossible | ||
19 | for an HTTP redirect to a protocol implemented within | ||
20 | another remote helper. | ||
21 | |||
22 | When the curl version git was compiled with is too old to | ||
23 | support restrictions on protocol redirection, we warn the | ||
24 | user if GIT_ALLOW_PROTOCOL restrictions were requested. This | ||
25 | is a little inaccurate, as even without that variable in the | ||
26 | environment, we would still restrict SFTP, etc, and we do | ||
27 | not warn in that case. But anything else means we would | ||
28 | literally warn every time git accesses an http remote. | ||
29 | |||
30 | This commit includes a test, but it is not as robust as we | ||
31 | would hope. It redirects an http request to ftp, and checks | ||
32 | that curl complained about the protocol, which means that we | ||
33 | are relying on curl's specific error message to know what | ||
34 | happened. Ideally we would redirect to a working ftp server | ||
35 | and confirm that we can clone without protocol restrictions, | ||
36 | and not with them. But we do not have a portable way of | ||
37 | providing an ftp server, nor any other protocol that curl | ||
38 | supports (https is the closest, but we would have to deal | ||
39 | with certificates). | ||
40 | |||
41 | [jk: added test and version warning] | ||
42 | |||
43 | Signed-off-by: Jeff King <peff@peff.net> | ||
44 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
45 | |||
46 | Upstream-Status: Backport | ||
47 | https://kernel.googlesource.com/pub/scm/git/git/+/f4113cac0c88b4f36ee6f3abf3218034440a68e3%5E%21/ | ||
48 | CVE: CVE-2015-7545 patch #1 | ||
49 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
50 | |||
51 | --- | ||
52 | Documentation/git.txt | 5 ----- | ||
53 | http.c | 17 +++++++++++++++++ | ||
54 | t/lib-httpd/apache.conf | 1 + | ||
55 | t/t5812-proto-disable-http.sh | 9 +++++++++ | ||
56 | 4 files changed, 27 insertions(+), 5 deletions(-) | ||
57 | |||
58 | Index: git-2.3.0/Documentation/git.txt | ||
59 | =================================================================== | ||
60 | --- git-2.3.0.orig/Documentation/git.txt | ||
61 | +++ git-2.3.0/Documentation/git.txt | ||
62 | @@ -1049,11 +1049,6 @@ GIT_ICASE_PATHSPECS:: | ||
63 | |||
64 | - any external helpers are named by their protocol (e.g., use | ||
65 | `hg` to allow the `git-remote-hg` helper) | ||
66 | -+ | ||
67 | -Note that this controls only git's internal protocol selection. | ||
68 | -If libcurl is used (e.g., by the `http` transport), it may | ||
69 | -redirect to other protocols. There is not currently any way to | ||
70 | -restrict this. | ||
71 | |||
72 | |||
73 | Discussion[[Discussion]] | ||
74 | Index: git-2.3.0/http.c | ||
75 | =================================================================== | ||
76 | --- git-2.3.0.orig/http.c | ||
77 | +++ git-2.3.0/http.c | ||
78 | @@ -8,6 +8,7 @@ | ||
79 | #include "credential.h" | ||
80 | #include "version.h" | ||
81 | #include "pkt-line.h" | ||
82 | +#include "transport.h" | ||
83 | |||
84 | int active_requests; | ||
85 | int http_is_verbose; | ||
86 | @@ -300,6 +301,7 @@ static void set_curl_keepalive(CURL *c) | ||
87 | static CURL *get_curl_handle(void) | ||
88 | { | ||
89 | CURL *result = curl_easy_init(); | ||
90 | + long allowed_protocols = 0; | ||
91 | |||
92 | if (!result) | ||
93 | die("curl_easy_init failed"); | ||
94 | @@ -352,6 +354,21 @@ static CURL *get_curl_handle(void) | ||
95 | #elif LIBCURL_VERSION_NUM >= 0x071101 | ||
96 | curl_easy_setopt(result, CURLOPT_POST301, 1); | ||
97 | #endif | ||
98 | +#if LIBCURL_VERSION_NUM >= 0x071304 | ||
99 | + if (is_transport_allowed("http")) | ||
100 | + allowed_protocols |= CURLPROTO_HTTP; | ||
101 | + if (is_transport_allowed("https")) | ||
102 | + allowed_protocols |= CURLPROTO_HTTPS; | ||
103 | + if (is_transport_allowed("ftp")) | ||
104 | + allowed_protocols |= CURLPROTO_FTP; | ||
105 | + if (is_transport_allowed("ftps")) | ||
106 | + allowed_protocols |= CURLPROTO_FTPS; | ||
107 | + curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols); | ||
108 | +#else | ||
109 | + if (transport_restrict_protocols()) | ||
110 | + warning("protocol restrictions not applied to curl redirects because\n" | ||
111 | + "your curl version is too old (>= 7.19.4)"); | ||
112 | +#endif | ||
113 | |||
114 | if (getenv("GIT_CURL_VERBOSE")) | ||
115 | curl_easy_setopt(result, CURLOPT_VERBOSE, 1); | ||
116 | Index: git-2.3.0/t/lib-httpd/apache.conf | ||
117 | =================================================================== | ||
118 | --- git-2.3.0.orig/t/lib-httpd/apache.conf | ||
119 | +++ git-2.3.0/t/lib-httpd/apache.conf | ||
120 | @@ -118,6 +118,7 @@ RewriteRule ^/smart-redir-perm/(.*)$ /sm | ||
121 | RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302] | ||
122 | RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301] | ||
123 | RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301] | ||
124 | +RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302] | ||
125 | |||
126 | <IfDefine SSL> | ||
127 | LoadModule ssl_module modules/mod_ssl.so | ||
128 | Index: git-2.3.0/t/t5812-proto-disable-http.sh | ||
129 | =================================================================== | ||
130 | --- git-2.3.0.orig/t/t5812-proto-disable-http.sh | ||
131 | +++ git-2.3.0/t/t5812-proto-disable-http.sh | ||
132 | @@ -16,5 +16,14 @@ test_expect_success 'create git-accessib | ||
133 | |||
134 | test_proto "smart http" http "$HTTPD_URL/smart/repo.git" | ||
135 | |||
136 | +test_expect_success 'curl redirects respect whitelist' ' | ||
137 | + test_must_fail env GIT_ALLOW_PROTOCOL=http:https \ | ||
138 | + git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr && | ||
139 | + { | ||
140 | + test_i18ngrep "ftp.*disabled" stderr || | ||
141 | + test_i18ngrep "your curl version is too old" | ||
142 | + } | ||
143 | +' | ||
144 | + | ||
145 | stop_httpd | ||
146 | test_done | ||