1 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch
new file mode 100644
index 0000000000..935d47795f
--- /dev/null
+++ b/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch
@@ -0,0 +1,114 @@
+From 5e06d0781a963d62413ae7eab4eb78cc7195af8b Mon Sep 17 00:00:00 2001
+From: Jonathan Nieder <jrnieder@gmail.com>
+Date: Sat, 18 Apr 2020 20:54:57 -0700
+Subject: [PATCH 11/12] credential: treat URL with empty scheme as invalid
+Until "credential: refuse to operate when missing host or protocol",
+Git's credential handling code interpreted URLs with empty scheme to
+mean "give me credentials matching this host for any protocol".
+Luckily libcurl does not recognize such URLs (it tries to look for a
+protocol named "" and fails). Just in case that changes, let's reject
+them within Git as well. This way, credential_from_url is guaranteed to
+always produce a "struct credential" with protocol and host set.
+Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
+Upstream-Status: Backport
+CVE: CVE-2020-11008 (8)
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ credential.c                  |  5 ++---
+ t/t5550-http-fetch-dumb.sh    |  9 +++++++++
+ t/t7416-submodule-dash-url.sh | 32 ++++++++++++++++++++++++++++++++
+ 3 files changed, 43 insertions(+), 3 deletions(-)
+diff --git a/credential.c b/credential.c
+index 1e1aed5..cf11cc9 100644
+--- a/credential.c
+++ b/credential.c
+@@ -360,7 +360,7 @@ int credential_from_url_gently(struct credential *c, const char *url,
+         *   (3) proto://<user>:<pass>@<host>/...
+         */
+        proto_end = strstr(url, "://");
+-       if (!proto_end) {
+       if (!proto_end || proto_end == url) {
+                if (!quiet)
+                        warning(_("url has no scheme: %s"), url);
+                return -1;
+@@ -385,8 +385,7 @@ int credential_from_url_gently(struct credential *c, const char *url,
+                host = at + 1;
+        }
+ 
+-       if (proto_end - url > 0)
+-               c->protocol = xmemdupz(url, proto_end - url);
+       c->protocol = xmemdupz(url, proto_end - url);
+        c->host = url_decode_mem(host, slash - host);
+        /* Trim leading and trailing slashes from path */
+        while (*slash == '/')
+diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
+index 1c9e5d3..ea2688b 100755
+--- a/t/t5550-http-fetch-dumb.sh
+++ b/t/t5550-http-fetch-dumb.sh
+@@ -325,6 +325,15 @@ test_expect_success 'remote-http complains cleanly about malformed urls' '
+        test_i18ngrep "url has no scheme" stderr
+ '
+ 
+# NEEDSWORK: Writing commands to git-remote-curl can race against the latter
+# erroring out, producing SIGPIPE. Remove "ok=sigpipe" once transport-helper has
+# learned to handle early remote helper failures more cleanly.
+test_expect_success 'remote-http complains cleanly about empty scheme' '
+       test_must_fail ok=sigpipe git ls-remote \
+               http::${HTTPD_URL#http}/dumb/repo.git 2>stderr &&
+       test_i18ngrep "url has no scheme" stderr
+'
+
+ test_expect_success 'redirects can be forbidden/allowed' '
+        test_must_fail git -c http.followRedirects=false \
+                clone $HTTPD_URL/dumb-redir/repo.git dumb-redir &&
+diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
+index 249dc3d..9309040 100755
+--- a/t/t7416-submodule-dash-url.sh
+++ b/t/t7416-submodule-dash-url.sh
+@@ -92,6 +92,38 @@ test_expect_success 'fsck rejects relative URL resolving to missing scheme' '
+        grep gitmodulesUrl err
+ '
+ 
+test_expect_success 'fsck rejects empty URL scheme' '
+       git checkout --orphan empty-scheme &&
+       cat >.gitmodules <<-\EOF &&
+       [submodule "foo"]
+               url = http::://one.example.com/foo.git
+       EOF
+       git add .gitmodules &&
+       test_tick &&
+       git commit -m "gitmodules with empty URL scheme" &&
+       test_when_finished "rm -rf dst" &&
+       git init --bare dst &&
+       git -C dst config transfer.fsckObjects true &&
+       test_must_fail git push dst HEAD 2>err &&
+       grep gitmodulesUrl err
+'
+
+test_expect_success 'fsck rejects relative URL resolving to empty scheme' '
+       git checkout --orphan relative-empty-scheme &&
+       cat >.gitmodules <<-\EOF &&
+       [submodule "foo"]
+               url = ../../../:://one.example.com/foo.git
+       EOF
+       git add .gitmodules &&
+       test_tick &&
+       git commit -m "relative gitmodules URL resolving to empty scheme" &&
+       test_when_finished "rm -rf dst" &&
+       git init --bare dst &&
+       git -C dst config transfer.fsckObjects true &&
+       test_must_fail git push dst HEAD 2>err &&
+       grep gitmodulesUrl err
+'
+
+ test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
+        git checkout --orphan newscheme &&
+        cat >.gitmodules <<-\EOF &&
+-- 
+1.9.1

diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch new file mode 100644 index 0000000000..935d47795f --- /dev/null +++ b/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch
@@ -0,0 +1,114 @@
	1	From 5e06d0781a963d62413ae7eab4eb78cc7195af8b Mon Sep 17 00:00:00 2001
	2	From: Jonathan Nieder <jrnieder@gmail.com>
	3	Date: Sat, 18 Apr 2020 20:54:57 -0700
	4	Subject: [PATCH 11/12] credential: treat URL with empty scheme as invalid
	5
	6	Until "credential: refuse to operate when missing host or protocol",
	7	Git's credential handling code interpreted URLs with empty scheme to
	8	mean "give me credentials matching this host for any protocol".
	9
	10	Luckily libcurl does not recognize such URLs (it tries to look for a
	11	protocol named "" and fails). Just in case that changes, let's reject
	12	them within Git as well. This way, credential_from_url is guaranteed to
	13	always produce a "struct credential" with protocol and host set.
	14
	15	Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
	16
	17	Upstream-Status: Backport
	18	CVE: CVE-2020-11008 (8)
	19	Signed-off-by: Li Zhou <li.zhou@windriver.com>
	20	---
	21	credential.c \| 5 ++---
	22	t/t5550-http-fetch-dumb.sh \| 9 +++++++++
	23	t/t7416-submodule-dash-url.sh \| 32 ++++++++++++++++++++++++++++++++
	24	3 files changed, 43 insertions(+), 3 deletions(-)
	25
	26	diff --git a/credential.c b/credential.c
	27	index 1e1aed5..cf11cc9 100644
	28	--- a/credential.c
	29	+++ b/credential.c
	30	@@ -360,7 +360,7 @@ int credential_from_url_gently(struct credential c, const char url,
	31	* (3) proto://<user>:<pass>@<host>/...
	32	*/
	33	proto_end = strstr(url, "://");
	34	- if (!proto_end) {
	35	+ if (!proto_end \|\| proto_end == url) {
	36	if (!quiet)
	37	warning(_("url has no scheme: %s"), url);
	38	return -1;
	39	@@ -385,8 +385,7 @@ int credential_from_url_gently(struct credential c, const char url,
	40	host = at + 1;
	41	}
	42
	43	- if (proto_end - url > 0)
	44	- c->protocol = xmemdupz(url, proto_end - url);
	45	+ c->protocol = xmemdupz(url, proto_end - url);
	46	c->host = url_decode_mem(host, slash - host);
	47	/* Trim leading and trailing slashes from path */
	48	while (*slash == '/')
	49	diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
	50	index 1c9e5d3..ea2688b 100755
	51	--- a/t/t5550-http-fetch-dumb.sh
	52	+++ b/t/t5550-http-fetch-dumb.sh
	53	@@ -325,6 +325,15 @@ test_expect_success 'remote-http complains cleanly about malformed urls' '
	54	test_i18ngrep "url has no scheme" stderr
	55	'
	56
	57	+# NEEDSWORK: Writing commands to git-remote-curl can race against the latter
	58	+# erroring out, producing SIGPIPE. Remove "ok=sigpipe" once transport-helper has
	59	+# learned to handle early remote helper failures more cleanly.
	60	+test_expect_success 'remote-http complains cleanly about empty scheme' '
	61	+ test_must_fail ok=sigpipe git ls-remote \
	62	+ http::${HTTPD_URL#http}/dumb/repo.git 2>stderr &&
	63	+ test_i18ngrep "url has no scheme" stderr
	64	+'
	65	+
	66	test_expect_success 'redirects can be forbidden/allowed' '
	67	test_must_fail git -c http.followRedirects=false \
	68	clone $HTTPD_URL/dumb-redir/repo.git dumb-redir &&
	69	diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
	70	index 249dc3d..9309040 100755
	71	--- a/t/t7416-submodule-dash-url.sh
	72	+++ b/t/t7416-submodule-dash-url.sh
	73	@@ -92,6 +92,38 @@ test_expect_success 'fsck rejects relative URL resolving to missing scheme' '
	74	grep gitmodulesUrl err
	75	'
	76
	77	+test_expect_success 'fsck rejects empty URL scheme' '
	78	+ git checkout --orphan empty-scheme &&
	79	+ cat >.gitmodules <<-\EOF &&
	80	+ [submodule "foo"]
	81	+ url = http::://one.example.com/foo.git
	82	+ EOF
	83	+ git add .gitmodules &&
	84	+ test_tick &&
	85	+ git commit -m "gitmodules with empty URL scheme" &&
	86	+ test_when_finished "rm -rf dst" &&
	87	+ git init --bare dst &&
	88	+ git -C dst config transfer.fsckObjects true &&
	89	+ test_must_fail git push dst HEAD 2>err &&
	90	+ grep gitmodulesUrl err
	91	+'
	92	+
	93	+test_expect_success 'fsck rejects relative URL resolving to empty scheme' '
	94	+ git checkout --orphan relative-empty-scheme &&
	95	+ cat >.gitmodules <<-\EOF &&
	96	+ [submodule "foo"]
	97	+ url = ../../../:://one.example.com/foo.git
	98	+ EOF
	99	+ git add .gitmodules &&
	100	+ test_tick &&
	101	+ git commit -m "relative gitmodules URL resolving to empty scheme" &&
	102	+ test_when_finished "rm -rf dst" &&
	103	+ git init --bare dst &&
	104	+ git -C dst config transfer.fsckObjects true &&
	105	+ test_must_fail git push dst HEAD 2>err &&
	106	+ grep gitmodulesUrl err
	107	+'
	108	+
	109	test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
	110	git checkout --orphan newscheme &&
	111	cat >.gitmodules <<-\EOF &&
	112	--
	113	1.9.1
	114