1 files changed, 103 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch b/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch
new file mode 100644
index 0000000000..23931e6313
--- /dev/null
+++ b/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch
@@ -0,0 +1,103 @@
+From 1c9f8cedd34302575db40016231bdf502f17901e Mon Sep 17 00:00:00 2001
+From: Li Zhou <li.zhou@windriver.com>
+Date: Mon, 27 Apr 2020 13:49:39 +0800
+Subject: [PATCH 03/12] fsck: detect gitmodules URLs with embedded newlines
+The credential protocol can't handle values with newlines. We already
+detect and block any such URLs from being used with credential helpers,
+but let's also add an fsck check to detect and block gitmodules files
+with such URLs. That will let us notice the problem earlier when
+transfer.fsckObjects is turned on. And in particular it will prevent bad
+objects from spreading, which may protect downstream users running older
+versions of Git.
+We'll file this under the existing gitmodulesUrl flag, which covers URLs
+with option injection. There's really no need to distinguish the exact
+flaw in the URL in this context. Likewise, I've expanded the description
+of t7416 to cover all types of bogus URLs.
+Upstream-Status: Backport
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ fsck.c                        | 16 +++++++++++++++-
+ t/t7416-submodule-dash-url.sh | 18 +++++++++++++++++-
+ 2 files changed, 32 insertions(+), 2 deletions(-)
+diff --git a/fsck.c b/fsck.c
+index ef8b343..ea46eea 100644
+--- a/fsck.c
+++ b/fsck.c
+@@ -15,6 +15,7 @@
+ #include "packfile.h"
+ #include "submodule-config.h"
+ #include "config.h"
+#include "credential.h"
+ #include "help.h"
+ 
+ static struct oidset gitmodules_found = OIDSET_INIT;
+@@ -947,6 +948,19 @@ static int fsck_tag(struct tag *tag, const char *data,
+        return fsck_tag_buffer(tag, data, size, options);
+ }
+ 
+static int check_submodule_url(const char *url)
+{
+       struct credential c = CREDENTIAL_INIT;
+       int ret;
+
+       if (looks_like_command_line_option(url))
+               return -1;
+
+       ret = credential_from_url_gently(&c, url, 1);
+       credential_clear(&c);
+       return ret;
+}
+
+ struct fsck_gitmodules_data {
+        struct object *obj;
+        struct fsck_options *options;
+@@ -971,7 +985,7 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
+                                    "disallowed submodule name: %s",
+                                    name);
+        if (!strcmp(key, "url") && value &&
+-           looks_like_command_line_option(value))
+           check_submodule_url(value) < 0)
+                data->ret |= report(data->options, data->obj,
+                                    FSCK_MSG_GITMODULES_URL,
+                                    "disallowed submodule url: %s",
+diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
+index 5ba041f..41431b1 100755
+--- a/t/t7416-submodule-dash-url.sh
+++ b/t/t7416-submodule-dash-url.sh
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+ 
+-test_description='check handling of .gitmodule url with dash'
+test_description='check handling of disallowed .gitmodule urls'
+ . ./test-lib.sh
+ 
+ test_expect_success 'create submodule with protected dash in url' '
+@@ -60,4 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' '
+        test_i18ngrep ! "unknown option" err
+ '
+ 
+test_expect_success 'fsck rejects embedded newline in url' '
+       # create an orphan branch to avoid existing .gitmodules objects
+       git checkout --orphan newline &&
+       cat >.gitmodules <<-\EOF &&
+       [submodule "foo"]
+       url = "https://one.example.com?%0ahost=two.example.com/foo.git"
+       EOF
+       git add .gitmodules &&
+       git commit -m "gitmodules with newline" &&
+       test_when_finished "rm -rf dst" &&
+       git init --bare dst &&
+       git -C dst config transfer.fsckObjects true &&
+       test_must_fail git push dst HEAD 2>err &&
+       grep gitmodulesUrl err
+'
+
+ test_done
+-- 
+1.9.1

diff --git a/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch b/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch new file mode 100644 index 0000000000..23931e6313 --- /dev/null +++ b/meta/recipes-devtools/git/git/0003-fsck-detect-gitmodules-URLs-with-embedded-newlines.patch
@@ -0,0 +1,103 @@
	1	From 1c9f8cedd34302575db40016231bdf502f17901e Mon Sep 17 00:00:00 2001
	2	From: Li Zhou <li.zhou@windriver.com>
	3	Date: Mon, 27 Apr 2020 13:49:39 +0800
	4	Subject: [PATCH 03/12] fsck: detect gitmodules URLs with embedded newlines
	5
	6	The credential protocol can't handle values with newlines. We already
	7	detect and block any such URLs from being used with credential helpers,
	8	but let's also add an fsck check to detect and block gitmodules files
	9	with such URLs. That will let us notice the problem earlier when
	10	transfer.fsckObjects is turned on. And in particular it will prevent bad
	11	objects from spreading, which may protect downstream users running older
	12	versions of Git.
	13
	14	We'll file this under the existing gitmodulesUrl flag, which covers URLs
	15	with option injection. There's really no need to distinguish the exact
	16	flaw in the URL in this context. Likewise, I've expanded the description
	17	of t7416 to cover all types of bogus URLs.
	18
	19	Upstream-Status: Backport
	20
	21	Signed-off-by: Li Zhou <li.zhou@windriver.com>
	22	---
	23	fsck.c \| 16 +++++++++++++++-
	24	t/t7416-submodule-dash-url.sh \| 18 +++++++++++++++++-
	25	2 files changed, 32 insertions(+), 2 deletions(-)
	26
	27	diff --git a/fsck.c b/fsck.c
	28	index ef8b343..ea46eea 100644
	29	--- a/fsck.c
	30	+++ b/fsck.c
	31	@@ -15,6 +15,7 @@
	32	#include "packfile.h"
	33	#include "submodule-config.h"
	34	#include "config.h"
	35	+#include "credential.h"
	36	#include "help.h"
	37
	38	static struct oidset gitmodules_found = OIDSET_INIT;
	39	@@ -947,6 +948,19 @@ static int fsck_tag(struct tag tag, const char data,
	40	return fsck_tag_buffer(tag, data, size, options);
	41	}
	42
	43	+static int check_submodule_url(const char *url)
	44	+{
	45	+ struct credential c = CREDENTIAL_INIT;
	46	+ int ret;
	47	+
	48	+ if (looks_like_command_line_option(url))
	49	+ return -1;
	50	+
	51	+ ret = credential_from_url_gently(&c, url, 1);
	52	+ credential_clear(&c);
	53	+ return ret;
	54	+}
	55	+
	56	struct fsck_gitmodules_data {
	57	struct object *obj;
	58	struct fsck_options *options;
	59	@@ -971,7 +985,7 @@ static int fsck_gitmodules_fn(const char var, const char value, void *vdata)
	60	"disallowed submodule name: %s",
	61	name);
	62	if (!strcmp(key, "url") && value &&
	63	- looks_like_command_line_option(value))
	64	+ check_submodule_url(value) < 0)
	65	data->ret \|= report(data->options, data->obj,
	66	FSCK_MSG_GITMODULES_URL,
	67	"disallowed submodule url: %s",
	68	diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
	69	index 5ba041f..41431b1 100755
	70	--- a/t/t7416-submodule-dash-url.sh
	71	+++ b/t/t7416-submodule-dash-url.sh
	72	@@ -1,6 +1,6 @@
	73	#!/bin/sh
	74
	75	-test_description='check handling of .gitmodule url with dash'
	76	+test_description='check handling of disallowed .gitmodule urls'
	77	. ./test-lib.sh
	78
	79	test_expect_success 'create submodule with protected dash in url' '
	80	@@ -60,4 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' '
	81	test_i18ngrep ! "unknown option" err
	82	'
	83
	84	+test_expect_success 'fsck rejects embedded newline in url' '
	85	+ # create an orphan branch to avoid existing .gitmodules objects
	86	+ git checkout --orphan newline &&
	87	+ cat >.gitmodules <<-\EOF &&
	88	+ [submodule "foo"]
	89	+ url = "https://one.example.com?%0ahost=two.example.com/foo.git"
	90	+ EOF
	91	+ git add .gitmodules &&
	92	+ git commit -m "gitmodules with newline" &&
	93	+ test_when_finished "rm -rf dst" &&
	94	+ git init --bare dst &&
	95	+ git -C dst config transfer.fsckObjects true &&
	96	+ test_must_fail git push dst HEAD 2>err &&
	97	+ grep gitmodulesUrl err
	98	+'
	99	+
	100	test_done
	101	--
	102	1.9.1
	103