1 files changed, 154 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/files/CVE-2023-22490-3.patch b/meta/recipes-devtools/git/files/CVE-2023-22490-3.patch
new file mode 100644
index 0000000000..08fb7f840b
--- /dev/null
+++ b/meta/recipes-devtools/git/files/CVE-2023-22490-3.patch
@@ -0,0 +1,154 @@
+From bffc762f87ae8d18c6001bf0044a76004245754c Mon Sep 17 00:00:00 2001
+From: Taylor Blau <me@ttaylorr.com>
+Date: Tue, 24 Jan 2023 19:43:51 -0500
+Subject: [PATCH 3/3] dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
+When using the dir_iterator API, we first stat(2) the base path, and
+then use that as a starting point to enumerate the directory's contents.
+If the directory contains symbolic links, we will immediately die() upon
+encountering them without the `FOLLOW_SYMLINKS` flag. The same is not
+true when resolving the top-level directory, though.
+As explained in a previous commit, this oversight in 6f054f9
+(builtin/clone.c: disallow `--local` clones with symlinks, 2022-07-28)
+can be used as an attack vector to include arbitrary files on a victim's
+filesystem from outside of the repository.
+Prevent resolving top-level symlinks unless the FOLLOW_SYMLINKS flag is
+given, which will cause clones of a repository with a symlink'd
+"$GIT_DIR/objects" directory to fail.
+Signed-off-by: Taylor Blau <me@ttaylorr.com>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Upstream-Status: Backport
+[https://github.com/git/git/commit/bffc762f87ae8d18c6001bf0044a76004245754c]
+CVE: CVE-2023-22490
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ dir-iterator.c             | 13 +++++++++----
+ dir-iterator.h             |  5 +++++
+ t/t0066-dir-iterator.sh    | 27 ++++++++++++++++++++++++++-
+ t/t5604-clone-reference.sh | 16 ++++++++++++++++
+ 4 files changed, 56 insertions(+), 5 deletions(-)
+diff --git a/dir-iterator.c b/dir-iterator.c
+index b17e9f9..3764dd8 100644
+--- a/dir-iterator.c
+++ b/dir-iterator.c
+@@ -203,7 +203,7 @@ struct dir_iterator *dir_iterator_begin(const char *path, unsigned int flags)
+ {
+        struct dir_iterator_int *iter = xcalloc(1, sizeof(*iter));
+        struct dir_iterator *dir_iterator = &iter->base;
+-       int saved_errno;
+       int saved_errno, err;
+ 
+        strbuf_init(&iter->base.path, PATH_MAX);
+        strbuf_addstr(&iter->base.path, path);
+@@ -213,10 +213,15 @@ struct dir_iterator *dir_iterator_begin(const char *path, unsigned int flags)
+        iter->flags = flags;
+ 
+        /*
+-        * Note: stat already checks for NULL or empty strings and
+-        * inexistent paths.
+        * Note: stat/lstat already checks for NULL or empty strings and
+        * nonexistent paths.
+         */
+-       if (stat(iter->base.path.buf, &iter->base.st) < 0) {
+       if (iter->flags & DIR_ITERATOR_FOLLOW_SYMLINKS)
+               err = stat(iter->base.path.buf, &iter->base.st);
+       else
+               err = lstat(iter->base.path.buf, &iter->base.st);
+
+       if (err < 0) {
+                saved_errno = errno;
+                goto error_out;
+        }
+diff --git a/dir-iterator.h b/dir-iterator.h
+index 0822915..e3b6ff2 100644
+--- a/dir-iterator.h
+++ b/dir-iterator.h
+@@ -61,6 +61,11 @@
+  *   not the symlinks themselves, which is the default behavior. Broken
+  *   symlinks are ignored.
+  *
+ *   Note: setting DIR_ITERATOR_FOLLOW_SYMLINKS affects resolving the
+ *   starting path as well (e.g., attempting to iterate starting at a
+ *   symbolic link pointing to a directory without FOLLOW_SYMLINKS will
+ *   result in an error).
+ *
+  * Warning: circular symlinks are also followed when
+  * DIR_ITERATOR_FOLLOW_SYMLINKS is set. The iteration may end up with
+  * an ELOOP if they happen and DIR_ITERATOR_PEDANTIC is set.
+diff --git a/t/t0066-dir-iterator.sh b/t/t0066-dir-iterator.sh
+index 92910e4..c826f60 100755
+--- a/t/t0066-dir-iterator.sh
+++ b/t/t0066-dir-iterator.sh
+@@ -109,7 +109,9 @@ test_expect_success SYMLINKS 'setup dirs with symlinks' '
+        mkdir -p dir5/a/c &&
+        ln -s ../c dir5/a/b/d &&
+        ln -s ../ dir5/a/b/e &&
+-       ln -s ../../ dir5/a/b/f
+       ln -s ../../ dir5/a/b/f &&
+
+       ln -s dir4 dir6
+ '
+ 
+ test_expect_success SYMLINKS 'dir-iterator should not follow symlinks by default' '
+@@ -145,4 +147,27 @@ test_expect_success SYMLINKS 'dir-iterator should follow symlinks w/ follow flag
+        test_cmp expected-follow-sorted-output actual-follow-sorted-output
+ '
+ 
+test_expect_success SYMLINKS 'dir-iterator does not resolve top-level symlinks' '
+       test_must_fail test-tool dir-iterator ./dir6 >out &&
+
+       grep "ENOTDIR" out
+'
+
+test_expect_success SYMLINKS 'dir-iterator resolves top-level symlinks w/ follow flag' '
+       cat >expected-follow-sorted-output <<-EOF &&
+       [d] (a) [a] ./dir6/a
+       [d] (a/f) [f] ./dir6/a/f
+       [d] (a/f/c) [c] ./dir6/a/f/c
+       [d] (b) [b] ./dir6/b
+       [d] (b/c) [c] ./dir6/b/c
+       [f] (a/d) [d] ./dir6/a/d
+       [f] (a/e) [e] ./dir6/a/e
+       EOF
+
+       test-tool dir-iterator --follow-symlinks ./dir6 >out &&
+       sort out >actual-follow-sorted-output &&
+
+       test_cmp expected-follow-sorted-output actual-follow-sorted-output
+'
+
+ test_done
+diff --git a/t/t5604-clone-reference.sh b/t/t5604-clone-reference.sh
+index 4894237..615b981 100755
+--- a/t/t5604-clone-reference.sh
+++ b/t/t5604-clone-reference.sh
+@@ -354,4 +354,20 @@ test_expect_success SYMLINKS 'clone repo with symlinked or unknown files at obje
+        test_must_be_empty T--shared.objects-symlinks.raw
+ '
+ 
+test_expect_success SYMLINKS 'clone repo with symlinked objects directory' '
+       test_when_finished "rm -fr sensitive malicious" &&
+
+       mkdir -p sensitive &&
+       echo "secret" >sensitive/file &&
+
+       git init malicious &&
+       rm -fr malicious/.git/objects &&
+       ln -s "$(pwd)/sensitive" ./malicious/.git/objects &&
+
+       test_must_fail git clone --local malicious clone 2>err &&
+
+       test_path_is_missing clone &&
+       grep "failed to start iterator over" err
+'
+
+ test_done
+-- 
+2.25.1

diff --git a/meta/recipes-devtools/git/files/CVE-2023-22490-3.patch b/meta/recipes-devtools/git/files/CVE-2023-22490-3.patch new file mode 100644 index 0000000000..08fb7f840b --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2023-22490-3.patch
@@ -0,0 +1,154 @@
	1	From bffc762f87ae8d18c6001bf0044a76004245754c Mon Sep 17 00:00:00 2001
	2	From: Taylor Blau <me@ttaylorr.com>
	3	Date: Tue, 24 Jan 2023 19:43:51 -0500
	4	Subject: [PATCH 3/3] dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
	5
	6	When using the dir_iterator API, we first stat(2) the base path, and
	7	then use that as a starting point to enumerate the directory's contents.
	8
	9	If the directory contains symbolic links, we will immediately die() upon
	10	encountering them without the `FOLLOW_SYMLINKS` flag. The same is not
	11	true when resolving the top-level directory, though.
	12
	13	As explained in a previous commit, this oversight in 6f054f9
	14	(builtin/clone.c: disallow `--local` clones with symlinks, 2022-07-28)
	15	can be used as an attack vector to include arbitrary files on a victim's
	16	filesystem from outside of the repository.
	17
	18	Prevent resolving top-level symlinks unless the FOLLOW_SYMLINKS flag is
	19	given, which will cause clones of a repository with a symlink'd
	20	"$GIT_DIR/objects" directory to fail.
	21
	22	Signed-off-by: Taylor Blau <me@ttaylorr.com>
	23	Signed-off-by: Junio C Hamano <gitster@pobox.com>
	24
	25	Upstream-Status: Backport
	26	[https://github.com/git/git/commit/bffc762f87ae8d18c6001bf0044a76004245754c]
	27	CVE: CVE-2023-22490
	28	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	29	---
	30	dir-iterator.c \| 13 +++++++++----
	31	dir-iterator.h \| 5 +++++
	32	t/t0066-dir-iterator.sh \| 27 ++++++++++++++++++++++++++-
	33	t/t5604-clone-reference.sh \| 16 ++++++++++++++++
	34	4 files changed, 56 insertions(+), 5 deletions(-)
	35
	36	diff --git a/dir-iterator.c b/dir-iterator.c
	37	index b17e9f9..3764dd8 100644
	38	--- a/dir-iterator.c
	39	+++ b/dir-iterator.c
	40	@@ -203,7 +203,7 @@ struct dir_iterator dir_iterator_begin(const char path, unsigned int flags)
	41	{
	42	struct dir_iterator_int iter = xcalloc(1, sizeof(iter));
	43	struct dir_iterator *dir_iterator = &iter->base;
	44	- int saved_errno;
	45	+ int saved_errno, err;
	46
	47	strbuf_init(&iter->base.path, PATH_MAX);
	48	strbuf_addstr(&iter->base.path, path);
	49	@@ -213,10 +213,15 @@ struct dir_iterator dir_iterator_begin(const char path, unsigned int flags)
	50	iter->flags = flags;
	51
	52	/*
	53	- * Note: stat already checks for NULL or empty strings and
	54	- * inexistent paths.
	55	+ * Note: stat/lstat already checks for NULL or empty strings and
	56	+ * nonexistent paths.
	57	*/
	58	- if (stat(iter->base.path.buf, &iter->base.st) < 0) {
	59	+ if (iter->flags & DIR_ITERATOR_FOLLOW_SYMLINKS)
	60	+ err = stat(iter->base.path.buf, &iter->base.st);
	61	+ else
	62	+ err = lstat(iter->base.path.buf, &iter->base.st);
	63	+
	64	+ if (err < 0) {
	65	saved_errno = errno;
	66	goto error_out;
	67	}
	68	diff --git a/dir-iterator.h b/dir-iterator.h
	69	index 0822915..e3b6ff2 100644
	70	--- a/dir-iterator.h
	71	+++ b/dir-iterator.h
	72	@@ -61,6 +61,11 @@
	73	* not the symlinks themselves, which is the default behavior. Broken
	74	* symlinks are ignored.
	75	*
	76	+ * Note: setting DIR_ITERATOR_FOLLOW_SYMLINKS affects resolving the
	77	+ * starting path as well (e.g., attempting to iterate starting at a
	78	+ * symbolic link pointing to a directory without FOLLOW_SYMLINKS will
	79	+ * result in an error).
	80	+ *
	81	* Warning: circular symlinks are also followed when
	82	* DIR_ITERATOR_FOLLOW_SYMLINKS is set. The iteration may end up with
	83	* an ELOOP if they happen and DIR_ITERATOR_PEDANTIC is set.
	84	diff --git a/t/t0066-dir-iterator.sh b/t/t0066-dir-iterator.sh
	85	index 92910e4..c826f60 100755
	86	--- a/t/t0066-dir-iterator.sh
	87	+++ b/t/t0066-dir-iterator.sh
	88	@@ -109,7 +109,9 @@ test_expect_success SYMLINKS 'setup dirs with symlinks' '
	89	mkdir -p dir5/a/c &&
	90	ln -s ../c dir5/a/b/d &&
	91	ln -s ../ dir5/a/b/e &&
	92	- ln -s ../../ dir5/a/b/f
	93	+ ln -s ../../ dir5/a/b/f &&
	94	+
	95	+ ln -s dir4 dir6
	96	'
	97
	98	test_expect_success SYMLINKS 'dir-iterator should not follow symlinks by default' '
	99	@@ -145,4 +147,27 @@ test_expect_success SYMLINKS 'dir-iterator should follow symlinks w/ follow flag
	100	test_cmp expected-follow-sorted-output actual-follow-sorted-output
	101	'
	102
	103	+test_expect_success SYMLINKS 'dir-iterator does not resolve top-level symlinks' '
	104	+ test_must_fail test-tool dir-iterator ./dir6 >out &&
	105	+
	106	+ grep "ENOTDIR" out
	107	+'
	108	+
	109	+test_expect_success SYMLINKS 'dir-iterator resolves top-level symlinks w/ follow flag' '
	110	+ cat >expected-follow-sorted-output <<-EOF &&
	111	+ [d] (a) [a] ./dir6/a
	112	+ [d] (a/f) [f] ./dir6/a/f
	113	+ [d] (a/f/c) [c] ./dir6/a/f/c
	114	+ [d] (b) [b] ./dir6/b
	115	+ [d] (b/c) [c] ./dir6/b/c
	116	+ [f] (a/d) [d] ./dir6/a/d
	117	+ [f] (a/e) [e] ./dir6/a/e
	118	+ EOF
	119	+
	120	+ test-tool dir-iterator --follow-symlinks ./dir6 >out &&
	121	+ sort out >actual-follow-sorted-output &&
	122	+
	123	+ test_cmp expected-follow-sorted-output actual-follow-sorted-output
	124	+'
	125	+
	126	test_done
	127	diff --git a/t/t5604-clone-reference.sh b/t/t5604-clone-reference.sh
	128	index 4894237..615b981 100755
	129	--- a/t/t5604-clone-reference.sh
	130	+++ b/t/t5604-clone-reference.sh
	131	@@ -354,4 +354,20 @@ test_expect_success SYMLINKS 'clone repo with symlinked or unknown files at obje
	132	test_must_be_empty T--shared.objects-symlinks.raw
	133	'
	134
	135	+test_expect_success SYMLINKS 'clone repo with symlinked objects directory' '
	136	+ test_when_finished "rm -fr sensitive malicious" &&
	137	+
	138	+ mkdir -p sensitive &&
	139	+ echo "secret" >sensitive/file &&
	140	+
	141	+ git init malicious &&
	142	+ rm -fr malicious/.git/objects &&
	143	+ ln -s "$(pwd)/sensitive" ./malicious/.git/objects &&
	144	+
	145	+ test_must_fail git clone --local malicious clone 2>err &&
	146	+
	147	+ test_path_is_missing clone &&
	148	+ grep "failed to start iterator over" err
	149	+'
	150	+
	151	test_done
	152	--
	153	2.25.1
	154