1 files changed, 307 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch
new file mode 100644
index 0000000000..756ae660e9
--- /dev/null
+++ b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch
@@ -0,0 +1,307 @@
+From 2824e1841b99393d2469c495253d547c643bd8f1 Mon Sep 17 00:00:00 2001
+From: Jeff King <peff@peff.net>
+Date: Thu, 11 Feb 2016 17:28:36 -0500
+Subject: [PATCH] list-objects: pass full pathname to callbacks
+When we find a blob at "a/b/c", we currently pass this to
+our show_object_fn callbacks as two components: "a/b/" and
+"c". Callbacks which want the full value then call
+path_name(), which concatenates the two. But this is an
+inefficient interface; the path is a strbuf, and we could
+simply append "c" to it temporarily, then roll back the
+length, without creating a new copy.
+So we could improve this by teaching the callsites of
+path_name() this trick (and there are only 3). But we can
+also notice that no callback actually cares about the
+broken-down representation, and simply pass each callback
+the full path "a/b/c" as a string. The callback code becomes
+even simpler, then, as we do not have to worry about freeing
+an allocated buffer, nor rolling back our modification to
+the strbuf.
+This is theoretically less efficient, as some callbacks
+would not bother to format the final path component. But in
+practice this is not measurable. Since we use the same
+strbuf over and over, our work to grow it is amortized, and
+we really only pay to memcpy a few bytes.
+Signed-off-by: Jeff King <peff@peff.net>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+Upstream-Status: Backport
+CVE: CVE-2016-2315 and CVE-2016-2324 (actual fixs)
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ builtin/pack-objects.c | 15 ++-------------
+ builtin/rev-list.c     | 12 ++++--------
+ list-objects.c         | 14 +++++++++-----
+ list-objects.h         |  2 +-
+ pack-bitmap-write.c    |  3 +--
+ pack-bitmap.c          | 13 ++++---------
+ reachable.c            |  5 ++---
+ revision.c             | 17 ++---------------
+ revision.h             |  3 +--
+ 9 files changed, 26 insertions(+), 58 deletions(-)
+Index: git-2.5.0/builtin/pack-objects.c
+===================================================================
+--- git-2.5.0.orig/builtin/pack-objects.c
+++ git-2.5.0/builtin/pack-objects.c
+@@ -2284,21 +2284,11 @@ static void show_commit(struct commit *c
+                index_commit_for_bitmap(commit);
+ }
+ 
+-static void show_object(struct object *obj,
+-                       struct strbuf *path, const char *last,
+-                       void *data)
+static void show_object(struct object *obj, const char *name, void *data)
+ {
+-       char *name = path_name(path, last);
+-
+        add_preferred_base_object(name);
+        add_object_entry(obj->sha1, obj->type, name, 0);
+        obj->flags |= OBJECT_ADDED;
+-
+-       /*
+-        * We will have generated the hash from the name,
+-        * but not saved a pointer to it - we can free it
+-        */
+-       free((char *)name);
+ }
+ 
+ static void show_edge(struct commit *commit)
+@@ -2480,8 +2470,7 @@ static int get_object_list_from_bitmap(s
+ }
+ 
+ static void record_recent_object(struct object *obj,
+-                                struct strbuf *path,
+-                                const char *last,
+                                const char *name,
+                                 void *data)
+ {
+        sha1_array_append(&recent_objects, obj->sha1);
+Index: git-2.5.0/builtin/rev-list.c
+===================================================================
+--- git-2.5.0.orig/builtin/rev-list.c
+++ git-2.5.0/builtin/rev-list.c
+@@ -177,9 +177,7 @@ static void finish_commit(struct commit
+        free_commit_buffer(commit);
+ }
+ 
+-static void finish_object(struct object *obj,
+-                         struct strbuf *path, const char *name,
+-                         void *cb_data)
+static void finish_object(struct object *obj, const char *name, void *cb_data)
+ {
+        struct rev_list_info *info = cb_data;
+        if (obj->type == OBJ_BLOB && !has_sha1_file(obj->sha1))
+@@ -188,15 +186,13 @@ static void finish_object(struct object
+                parse_object(obj->sha1);
+ }
+ 
+-static void show_object(struct object *obj,
+-                       struct strbuf *path, const char *component,
+-                       void *cb_data)
+static void show_object(struct object *obj, const char *name, void *cb_data)
+ {
+        struct rev_list_info *info = cb_data;
+-       finish_object(obj, path, component, cb_data);
+       finish_object(obj, name, cb_data);
+        if (info->flags & REV_LIST_QUIET)
+                return;
+-       show_object_with_name(stdout, obj, path, component);
+       show_object_with_name(stdout, obj, name);
+ }
+ 
+ static void show_edge(struct commit *commit)
+Index: git-2.5.0/list-objects.c
+===================================================================
+--- git-2.5.0.orig/list-objects.c
+++ git-2.5.0/list-objects.c
+@@ -16,6 +16,7 @@ static void process_blob(struct rev_info
+                         void *cb_data)
+ {
+        struct object *obj = &blob->object;
+       size_t pathlen;
+ 
+        if (!revs->blob_objects)
+                return;
+@@ -24,7 +25,11 @@ static void process_blob(struct rev_info
+        if (obj->flags & (UNINTERESTING | SEEN))
+                return;
+        obj->flags |= SEEN;
+-       show(obj, path, name, cb_data);
+
+       pathlen = path->len;
+       strbuf_addstr(path, name);
+       show(obj, path->buf, cb_data);
+       strbuf_setlen(path, pathlen);
+ }
+ 
+ /*
+@@ -86,9 +91,8 @@ static void process_tree(struct rev_info
+        }
+ 
+        obj->flags |= SEEN;
+-       show(obj, base, name, cb_data);
+-
+        strbuf_addstr(base, name);
+       show(obj, base->buf, cb_data);
+        if (base->len)
+                strbuf_addch(base, '/');
+ 
+@@ -207,7 +211,7 @@ void traverse_commit_list(struct rev_inf
+                        continue;
+                if (obj->type == OBJ_TAG) {
+                        obj->flags |= SEEN;
+-                       show_object(obj, NULL, name, data);
+                       show_object(obj, name, data);
+                        continue;
+                }
+                if (!path)
+@@ -219,7 +223,7 @@ void traverse_commit_list(struct rev_inf
+                }
+                if (obj->type == OBJ_BLOB) {
+                        process_blob(revs, (struct blob *)obj, show_object,
+-                                    NULL, path, data);
+                                    &base, path, data);
+                        continue;
+                }
+                die("unknown pending object %s (%s)",
+Index: git-2.5.0/list-objects.h
+===================================================================
+--- git-2.5.0.orig/list-objects.h
+++ git-2.5.0/list-objects.h
+@@ -2,7 +2,7 @@
+ #define LIST_OBJECTS_H
+ 
+ typedef void (*show_commit_fn)(struct commit *, void *);
+-typedef void (*show_object_fn)(struct object *, struct strbuf *, const char *, void *);
+typedef void (*show_object_fn)(struct object *, const char *, void *);
+ void traverse_commit_list(struct rev_info *, show_commit_fn, show_object_fn, void *);
+ 
+ typedef void (*show_edge_fn)(struct commit *);
+Index: git-2.5.0/pack-bitmap-write.c
+===================================================================
+--- git-2.5.0.orig/pack-bitmap-write.c
+++ git-2.5.0/pack-bitmap-write.c
+@@ -148,8 +148,7 @@ static uint32_t find_object_pos(const un
+        return entry->in_pack_pos;
+ }
+ 
+-static void show_object(struct object *object, struct strbuf *path,
+-                       const char *last, void *data)
+static void show_object(struct object *object, const char *name, void *data)
+ {
+        struct bitmap *base = data;
+        bitmap_set(base, find_object_pos(object->sha1));
+Index: git-2.5.0/pack-bitmap.c
+===================================================================
+--- git-2.5.0.orig/pack-bitmap.c
+++ git-2.5.0/pack-bitmap.c
+@@ -422,19 +422,15 @@ static int ext_index_add_object(struct o
+        return bitmap_pos + bitmap_git.pack->num_objects;
+ }
+ 
+-static void show_object(struct object *object, struct strbuf *path,
+-                       const char *last, void *data)
+static void show_object(struct object *object, const char *name, void *data)
+ {
+        struct bitmap *base = data;
+        int bitmap_pos;
+ 
+        bitmap_pos = bitmap_position(object->sha1);
+ 
+-       if (bitmap_pos < 0) {
+-               char *name = path_name(path, last);
+       if (bitmap_pos < 0)
+                bitmap_pos = ext_index_add_object(object, name);
+-               free(name);
+-       }
+ 
+        bitmap_set(base, bitmap_pos);
+ }
+@@ -902,9 +898,8 @@ struct bitmap_test_data {
+        size_t seen;
+ };
+ 
+-static void test_show_object(struct object *object,
+-                            struct strbuf *path,
+-                            const char *last, void *data)
+static void test_show_object(struct object *object, const char *name,
+                            void *data)
+ {
+        struct bitmap_test_data *tdata = data;
+        int bitmap_pos;
+Index: git-2.5.0/reachable.c
+===================================================================
+--- git-2.5.0.orig/reachable.c
+++ git-2.5.0/reachable.c
+@@ -37,15 +37,14 @@ static int add_one_ref(const char *path,
+  * The traversal will have already marked us as SEEN, so we
+  * only need to handle any progress reporting here.
+  */
+-static void mark_object(struct object *obj, struct strbuf *path,
+-                       const char *name, void *data)
+static void mark_object(struct object *obj, const char *name, void *data)
+ {
+        update_progress(data);
+ }
+ 
+ static void mark_commit(struct commit *c, void *data)
+ {
+-       mark_object(&c->object, NULL, NULL, data);
+       mark_object(&c->object, NULL, data);
+ }
+ 
+ struct recent_data {
+Index: git-2.5.0/revision.c
+===================================================================
+--- git-2.5.0.orig/revision.c
+++ git-2.5.0/revision.c
+@@ -21,27 +21,14 @@
+ 
+ volatile show_early_output_fn_t show_early_output;
+ 
+-char *path_name(struct strbuf *path, const char *name)
+void show_object_with_name(FILE *out, struct object *obj, const char *name)
+ {
+-       struct strbuf ret = STRBUF_INIT;
+-       if (path)
+-               strbuf_addbuf(&ret, path);
+-       strbuf_addstr(&ret, name);
+-       return strbuf_detach(&ret, NULL);
+-}
+-
+-void show_object_with_name(FILE *out, struct object *obj,
+-                          struct strbuf *path, const char *component)
+-{
+-       char *name = path_name(path, component);
+-       char *p;
+       const char *p;
+ 
+        fprintf(out, "%s ", sha1_to_hex(obj->sha1));
+        for (p = name; *p && *p != '\n'; p++)
+                fputc(*p, out);
+        fputc('\n', out);
+-
+-       free(name);
+ }
+ 
+ static void mark_blob_uninteresting(struct blob *blob)
+Index: git-2.5.0/revision.h
+===================================================================
+--- git-2.5.0.orig/revision.h
+++ git-2.5.0/revision.h
+@@ -258,8 +258,7 @@ extern void mark_tree_uninteresting(stru
+ 
+ char *path_name(struct strbuf *path, const char *name);
+ 
+-extern void show_object_with_name(FILE *, struct object *,
+-                                 struct strbuf *, const char *);
+extern void show_object_with_name(FILE *, struct object *, const char *);
+ 
+ extern void add_pending_object(struct rev_info *revs,
+                               struct object *obj, const char *name);

diff --git a/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch new file mode 100644 index 0000000000..756ae660e9 --- /dev/null +++ b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch
@@ -0,0 +1,307 @@
	1	From 2824e1841b99393d2469c495253d547c643bd8f1 Mon Sep 17 00:00:00 2001
	2	From: Jeff King <peff@peff.net>
	3	Date: Thu, 11 Feb 2016 17:28:36 -0500
	4	Subject: [PATCH] list-objects: pass full pathname to callbacks
	5
	6	When we find a blob at "a/b/c", we currently pass this to
	7	our show_object_fn callbacks as two components: "a/b/" and
	8	"c". Callbacks which want the full value then call
	9	path_name(), which concatenates the two. But this is an
	10	inefficient interface; the path is a strbuf, and we could
	11	simply append "c" to it temporarily, then roll back the
	12	length, without creating a new copy.
	13
	14	So we could improve this by teaching the callsites of
	15	path_name() this trick (and there are only 3). But we can
	16	also notice that no callback actually cares about the
	17	broken-down representation, and simply pass each callback
	18	the full path "a/b/c" as a string. The callback code becomes
	19	even simpler, then, as we do not have to worry about freeing
	20	an allocated buffer, nor rolling back our modification to
	21	the strbuf.
	22
	23	This is theoretically less efficient, as some callbacks
	24	would not bother to format the final path component. But in
	25	practice this is not measurable. Since we use the same
	26	strbuf over and over, our work to grow it is amortized, and
	27	we really only pay to memcpy a few bytes.
	28
	29	Signed-off-by: Jeff King <peff@peff.net>
	30	Signed-off-by: Junio C Hamano <gitster@pobox.com>
	31
	32	Upstream-Status: Backport
	33	CVE: CVE-2016-2315 and CVE-2016-2324 (actual fixs)
	34	Signed-off-by: Armin Kuster <akuster@mvista.com>
	35
	36	---
	37	builtin/pack-objects.c \| 15 ++-------------
	38	builtin/rev-list.c \| 12 ++++--------
	39	list-objects.c \| 14 +++++++++-----
	40	list-objects.h \| 2 +-
	41	pack-bitmap-write.c \| 3 +--
	42	pack-bitmap.c \| 13 ++++---------
	43	reachable.c \| 5 ++---
	44	revision.c \| 17 ++---------------
	45	revision.h \| 3 +--
	46	9 files changed, 26 insertions(+), 58 deletions(-)
	47
	48	Index: git-2.5.0/builtin/pack-objects.c
	49	===================================================================
	50	--- git-2.5.0.orig/builtin/pack-objects.c
	51	+++ git-2.5.0/builtin/pack-objects.c
	52	@@ -2284,21 +2284,11 @@ static void show_commit(struct commit *c
	53	index_commit_for_bitmap(commit);
	54	}
	55
	56	-static void show_object(struct object *obj,
	57	- struct strbuf path, const char last,
	58	- void *data)
	59	+static void show_object(struct object obj, const char name, void *data)
	60	{
	61	- char *name = path_name(path, last);
	62	-
	63	add_preferred_base_object(name);
	64	add_object_entry(obj->sha1, obj->type, name, 0);
	65	obj->flags \|= OBJECT_ADDED;
	66	-
	67	- /*
	68	- * We will have generated the hash from the name,
	69	- * but not saved a pointer to it - we can free it
	70	- */
	71	- free((char *)name);
	72	}
	73
	74	static void show_edge(struct commit *commit)
	75	@@ -2480,8 +2470,7 @@ static int get_object_list_from_bitmap(s
	76	}
	77
	78	static void record_recent_object(struct object *obj,
	79	- struct strbuf *path,
	80	- const char *last,
	81	+ const char *name,
	82	void *data)
	83	{
	84	sha1_array_append(&recent_objects, obj->sha1);
	85	Index: git-2.5.0/builtin/rev-list.c
	86	===================================================================
	87	--- git-2.5.0.orig/builtin/rev-list.c
	88	+++ git-2.5.0/builtin/rev-list.c
	89	@@ -177,9 +177,7 @@ static void finish_commit(struct commit
	90	free_commit_buffer(commit);
	91	}
	92
	93	-static void finish_object(struct object *obj,
	94	- struct strbuf path, const char name,
	95	- void *cb_data)
	96	+static void finish_object(struct object obj, const char name, void *cb_data)
	97	{
	98	struct rev_list_info *info = cb_data;
	99	if (obj->type == OBJ_BLOB && !has_sha1_file(obj->sha1))
	100	@@ -188,15 +186,13 @@ static void finish_object(struct object
	101	parse_object(obj->sha1);
	102	}
	103
	104	-static void show_object(struct object *obj,
	105	- struct strbuf path, const char component,
	106	- void *cb_data)
	107	+static void show_object(struct object obj, const char name, void *cb_data)
	108	{
	109	struct rev_list_info *info = cb_data;
	110	- finish_object(obj, path, component, cb_data);
	111	+ finish_object(obj, name, cb_data);
	112	if (info->flags & REV_LIST_QUIET)
	113	return;
	114	- show_object_with_name(stdout, obj, path, component);
	115	+ show_object_with_name(stdout, obj, name);
	116	}
	117
	118	static void show_edge(struct commit *commit)
	119	Index: git-2.5.0/list-objects.c
	120	===================================================================
	121	--- git-2.5.0.orig/list-objects.c
	122	+++ git-2.5.0/list-objects.c
	123	@@ -16,6 +16,7 @@ static void process_blob(struct rev_info
	124	void *cb_data)
	125	{
	126	struct object *obj = &blob->object;
	127	+ size_t pathlen;
	128
	129	if (!revs->blob_objects)
	130	return;
	131	@@ -24,7 +25,11 @@ static void process_blob(struct rev_info
	132	if (obj->flags & (UNINTERESTING \| SEEN))
	133	return;
	134	obj->flags \|= SEEN;
	135	- show(obj, path, name, cb_data);
	136	+
	137	+ pathlen = path->len;
	138	+ strbuf_addstr(path, name);
	139	+ show(obj, path->buf, cb_data);
	140	+ strbuf_setlen(path, pathlen);
	141	}
	142
	143	/*
	144	@@ -86,9 +91,8 @@ static void process_tree(struct rev_info
	145	}
	146
	147	obj->flags \|= SEEN;
	148	- show(obj, base, name, cb_data);
	149	-
	150	strbuf_addstr(base, name);
	151	+ show(obj, base->buf, cb_data);
	152	if (base->len)
	153	strbuf_addch(base, '/');
	154
	155	@@ -207,7 +211,7 @@ void traverse_commit_list(struct rev_inf
	156	continue;
	157	if (obj->type == OBJ_TAG) {
	158	obj->flags \|= SEEN;
	159	- show_object(obj, NULL, name, data);
	160	+ show_object(obj, name, data);
	161	continue;
	162	}
	163	if (!path)
	164	@@ -219,7 +223,7 @@ void traverse_commit_list(struct rev_inf
	165	}
	166	if (obj->type == OBJ_BLOB) {
	167	process_blob(revs, (struct blob *)obj, show_object,
	168	- NULL, path, data);
	169	+ &base, path, data);
	170	continue;
	171	}
	172	die("unknown pending object %s (%s)",
	173	Index: git-2.5.0/list-objects.h
	174	===================================================================
	175	--- git-2.5.0.orig/list-objects.h
	176	+++ git-2.5.0/list-objects.h
	177	@@ -2,7 +2,7 @@
	178	#define LIST_OBJECTS_H
	179
	180	typedef void (show_commit_fn)(struct commit , void *);
	181	-typedef void (show_object_fn)(struct object , struct strbuf , const char , void *);
	182	+typedef void (show_object_fn)(struct object , const char , void );
	183	void traverse_commit_list(struct rev_info , show_commit_fn, show_object_fn, void );
	184
	185	typedef void (show_edge_fn)(struct commit );
	186	Index: git-2.5.0/pack-bitmap-write.c
	187	===================================================================
	188	--- git-2.5.0.orig/pack-bitmap-write.c
	189	+++ git-2.5.0/pack-bitmap-write.c
	190	@@ -148,8 +148,7 @@ static uint32_t find_object_pos(const un
	191	return entry->in_pack_pos;
	192	}
	193
	194	-static void show_object(struct object object, struct strbuf path,
	195	- const char last, void data)
	196	+static void show_object(struct object object, const char name, void *data)
	197	{
	198	struct bitmap *base = data;
	199	bitmap_set(base, find_object_pos(object->sha1));
	200	Index: git-2.5.0/pack-bitmap.c
	201	===================================================================
	202	--- git-2.5.0.orig/pack-bitmap.c
	203	+++ git-2.5.0/pack-bitmap.c
	204	@@ -422,19 +422,15 @@ static int ext_index_add_object(struct o
	205	return bitmap_pos + bitmap_git.pack->num_objects;
	206	}
	207
	208	-static void show_object(struct object object, struct strbuf path,
	209	- const char last, void data)
	210	+static void show_object(struct object object, const char name, void *data)
	211	{
	212	struct bitmap *base = data;
	213	int bitmap_pos;
	214
	215	bitmap_pos = bitmap_position(object->sha1);
	216
	217	- if (bitmap_pos < 0) {
	218	- char *name = path_name(path, last);
	219	+ if (bitmap_pos < 0)
	220	bitmap_pos = ext_index_add_object(object, name);
	221	- free(name);
	222	- }
	223
	224	bitmap_set(base, bitmap_pos);
	225	}
	226	@@ -902,9 +898,8 @@ struct bitmap_test_data {
	227	size_t seen;
	228	};
	229
	230	-static void test_show_object(struct object *object,
	231	- struct strbuf *path,
	232	- const char last, void data)
	233	+static void test_show_object(struct object object, const char name,
	234	+ void *data)
	235	{
	236	struct bitmap_test_data *tdata = data;
	237	int bitmap_pos;
	238	Index: git-2.5.0/reachable.c
	239	===================================================================
	240	--- git-2.5.0.orig/reachable.c
	241	+++ git-2.5.0/reachable.c
	242	@@ -37,15 +37,14 @@ static int add_one_ref(const char *path,
	243	* The traversal will have already marked us as SEEN, so we
	244	* only need to handle any progress reporting here.
	245	*/
	246	-static void mark_object(struct object obj, struct strbuf path,
	247	- const char name, void data)
	248	+static void mark_object(struct object obj, const char name, void *data)
	249	{
	250	update_progress(data);
	251	}
	252
	253	static void mark_commit(struct commit c, void data)
	254	{
	255	- mark_object(&c->object, NULL, NULL, data);
	256	+ mark_object(&c->object, NULL, data);
	257	}
	258
	259	struct recent_data {
	260	Index: git-2.5.0/revision.c
	261	===================================================================
	262	--- git-2.5.0.orig/revision.c
	263	+++ git-2.5.0/revision.c
	264	@@ -21,27 +21,14 @@
	265
	266	volatile show_early_output_fn_t show_early_output;
	267
	268	-char path_name(struct strbuf path, const char *name)
	269	+void show_object_with_name(FILE out, struct object obj, const char *name)
	270	{
	271	- struct strbuf ret = STRBUF_INIT;
	272	- if (path)
	273	- strbuf_addbuf(&ret, path);
	274	- strbuf_addstr(&ret, name);
	275	- return strbuf_detach(&ret, NULL);
	276	-}
	277	-
	278	-void show_object_with_name(FILE out, struct object obj,
	279	- struct strbuf path, const char component)
	280	-{
	281	- char *name = path_name(path, component);
	282	- char *p;
	283	+ const char *p;
	284
	285	fprintf(out, "%s ", sha1_to_hex(obj->sha1));
	286	for (p = name; p && p != '\n'; p++)
	287	fputc(*p, out);
	288	fputc('\n', out);
	289	-
	290	- free(name);
	291	}
	292
	293	static void mark_blob_uninteresting(struct blob *blob)
	294	Index: git-2.5.0/revision.h
	295	===================================================================
	296	--- git-2.5.0.orig/revision.h
	297	+++ git-2.5.0/revision.h
	298	@@ -258,8 +258,7 @@ extern void mark_tree_uninteresting(stru
	299
	300	char path_name(struct strbuf path, const char *name);
	301
	302	-extern void show_object_with_name(FILE , struct object ,
	303	- struct strbuf , const char );
	304	+extern void show_object_with_name(FILE , struct object , const char *);
	305
	306	extern void add_pending_object(struct rev_info *revs,
	307	struct object obj, const char name);