diff options
Diffstat (limited to 'meta/recipes-devtools/git/git/CVE-2020-11008-1.patch')
-rw-r--r-- | meta/recipes-devtools/git/git/CVE-2020-11008-1.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-1.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-1.patch new file mode 100644 index 0000000000..9cf98ea7b4 --- /dev/null +++ b/meta/recipes-devtools/git/git/CVE-2020-11008-1.patch | |||
@@ -0,0 +1,70 @@ | |||
1 | From 863f8067d8b4012904ca3bb881c659ac9894df97 Mon Sep 17 00:00:00 2001 | ||
2 | From: Li Zhou <li.zhou@windriver.com> | ||
3 | Date: Mon, 27 Apr 2020 14:36:03 +0800 | ||
4 | Subject: [PATCH 04/12] t0300: make "quit" helper more realistic | ||
5 | |||
6 | We test a toy credential helper that writes "quit=1" and confirms that | ||
7 | we stop running other helpers. However, that helper is unrealistic in | ||
8 | that it does not bother to read its stdin at all. | ||
9 | |||
10 | For now we don't send any input to it, because we feed git-credential a | ||
11 | blank credential. But that will change in the next patch, which will | ||
12 | cause this test to racily fail, as git-credential will get SIGPIPE | ||
13 | writing to the helper rather than exiting because it was asked to. | ||
14 | |||
15 | Let's make this one-off helper more like our other sample helpers, and | ||
16 | have it source the "dump" script. That will read stdin, fixing the | ||
17 | SIGPIPE problem. But it will also write what it sees to stderr. We can | ||
18 | make the test more robust by checking that output, which confirms that | ||
19 | we do run the quit helper, don't run any other helpers, and exit for the | ||
20 | reason we expected. | ||
21 | |||
22 | Signed-off-by: Jeff King <peff@peff.net> | ||
23 | Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | ||
24 | |||
25 | Upstream-Status: Backport | ||
26 | CVE: CVE-2020-11008 (1) | ||
27 | Signed-off-by: Li Zhou <li.zhou@windriver.com> | ||
28 | --- | ||
29 | t/t0300-credentials.sh | 17 ++++++++++++++--- | ||
30 | 1 file changed, 14 insertions(+), 3 deletions(-) | ||
31 | |||
32 | diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh | ||
33 | index b9c0f1f..0206b3b 100755 | ||
34 | --- a/t/t0300-credentials.sh | ||
35 | +++ b/t/t0300-credentials.sh | ||
36 | @@ -22,6 +22,11 @@ test_expect_success 'setup helper scripts' ' | ||
37 | exit 0 | ||
38 | EOF | ||
39 | |||
40 | + write_script git-credential-quit <<-\EOF && | ||
41 | + . ./dump | ||
42 | + echo quit=1 | ||
43 | + EOF | ||
44 | + | ||
45 | write_script git-credential-verbatim <<-\EOF && | ||
46 | user=$1; shift | ||
47 | pass=$1; shift | ||
48 | @@ -291,10 +296,16 @@ test_expect_success 'http paths can be part of context' ' | ||
49 | |||
50 | test_expect_success 'helpers can abort the process' ' | ||
51 | test_must_fail git \ | ||
52 | - -c credential.helper="!f() { echo quit=1; }; f" \ | ||
53 | + -c credential.helper=quit \ | ||
54 | -c credential.helper="verbatim foo bar" \ | ||
55 | - credential fill >stdout && | ||
56 | - test_must_be_empty stdout | ||
57 | + credential fill >stdout 2>stderr && | ||
58 | + >expect && | ||
59 | + test_cmp expect stdout && | ||
60 | + cat >expect <<-\EOF && | ||
61 | + quit: get | ||
62 | + fatal: credential helper '\''quit'\'' told us to quit | ||
63 | + EOF | ||
64 | + test_i18ncmp expect stderr | ||
65 | ' | ||
66 | |||
67 | test_expect_success 'empty helper spec resets helper list' ' | ||
68 | -- | ||
69 | 1.9.1 | ||
70 | |||