diff options
Diffstat (limited to 'meta/recipes-devtools/git')
-rw-r--r-- | meta/recipes-devtools/git/git/CVE-2023-25652.patch | 94 | ||||
-rw-r--r-- | meta/recipes-devtools/git/git_2.35.7.bb | 1 |
2 files changed, 95 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git/CVE-2023-25652.patch b/meta/recipes-devtools/git/git/CVE-2023-25652.patch new file mode 100644 index 0000000000..825701eaff --- /dev/null +++ b/meta/recipes-devtools/git/git/CVE-2023-25652.patch | |||
@@ -0,0 +1,94 @@ | |||
1 | From 9db05711c98efc14f414d4c87135a34c13586e0b Mon Sep 17 00:00:00 2001 | ||
2 | From: Johannes Schindelin <Johannes.Schindelin@gmx.de> | ||
3 | Date: Thu Mar 9 16:02:54 2023 +0100 | ||
4 | Subject: [PATCH] apply --reject: overwrite existing `.rej` symlink if it | ||
5 | exists | ||
6 | |||
7 | The `git apply --reject` is expected to write out `.rej` files in case | ||
8 | one or more hunks fail to apply cleanly. Historically, the command | ||
9 | overwrites any existing `.rej` files. The idea being that | ||
10 | apply/reject/edit cycles are relatively common, and the generated `.rej` | ||
11 | files are not considered precious. | ||
12 | |||
13 | But the command does not overwrite existing `.rej` symbolic links, and | ||
14 | instead follows them. This is unsafe because the same patch could | ||
15 | potentially create such a symbolic link and point at arbitrary paths | ||
16 | outside the current worktree, and `git apply` would write the contents | ||
17 | of the `.rej` file into that location. | ||
18 | |||
19 | Therefore, let's make sure that any existing `.rej` file or symbolic | ||
20 | link is removed before writing it. | ||
21 | |||
22 | Reported-by: RyotaK <ryotak.mail@gmail.com> | ||
23 | Helped-by: Taylor Blau <me@ttaylorr.com> | ||
24 | Helped-by: Junio C Hamano <gitster@pobox.com> | ||
25 | Helped-by: Linus Torvalds <torvalds@linuxfoundation.org> | ||
26 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> | ||
27 | |||
28 | CVE: CVE-2023-25652 | ||
29 | Upstream-Status: Backport [https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b] | ||
30 | |||
31 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
32 | --- | ||
33 | apply.c | 14 ++++++++++++-- | ||
34 | t/t4115-apply-symlink.sh | 15 +++++++++++++++ | ||
35 | 2 files changed, 27 insertions(+), 2 deletions(-) | ||
36 | |||
37 | diff --git a/apply.c b/apply.c | ||
38 | index fc6f484..47f2686 100644 | ||
39 | --- a/apply.c | ||
40 | +++ b/apply.c | ||
41 | @@ -4584,7 +4584,7 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch) | ||
42 | FILE *rej; | ||
43 | char namebuf[PATH_MAX]; | ||
44 | struct fragment *frag; | ||
45 | - int cnt = 0; | ||
46 | + int fd, cnt = 0; | ||
47 | struct strbuf sb = STRBUF_INIT; | ||
48 | |||
49 | for (cnt = 0, frag = patch->fragments; frag; frag = frag->next) { | ||
50 | @@ -4624,7 +4624,17 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch) | ||
51 | memcpy(namebuf, patch->new_name, cnt); | ||
52 | memcpy(namebuf + cnt, ".rej", 5); | ||
53 | |||
54 | - rej = fopen(namebuf, "w"); | ||
55 | + fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666); | ||
56 | + if (fd < 0) { | ||
57 | + if (errno != EEXIST) | ||
58 | + return error_errno(_("cannot open %s"), namebuf); | ||
59 | + if (unlink(namebuf)) | ||
60 | + return error_errno(_("cannot unlink '%s'"), namebuf); | ||
61 | + fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666); | ||
62 | + if (fd < 0) | ||
63 | + return error_errno(_("cannot open %s"), namebuf); | ||
64 | + } | ||
65 | + rej = fdopen(fd, "w"); | ||
66 | if (!rej) | ||
67 | return error_errno(_("cannot open %s"), namebuf); | ||
68 | |||
69 | diff --git a/t/t4115-apply-symlink.sh b/t/t4115-apply-symlink.sh | ||
70 | index 65ac7df..e95e6d4 100755 | ||
71 | --- a/t/t4115-apply-symlink.sh | ||
72 | +++ b/t/t4115-apply-symlink.sh | ||
73 | @@ -126,4 +126,19 @@ test_expect_success SYMLINKS 'symlink escape when deleting file' ' | ||
74 | test_path_is_file .git/delete-me | ||
75 | ' | ||
76 | |||
77 | +test_expect_success SYMLINKS '--reject removes .rej symlink if it exists' ' | ||
78 | + test_when_finished "git reset --hard && git clean -dfx" && | ||
79 | + | ||
80 | + test_commit file && | ||
81 | + echo modified >file.t && | ||
82 | + git diff -- file.t >patch && | ||
83 | + echo modified-again >file.t && | ||
84 | + | ||
85 | + ln -s foo file.t.rej && | ||
86 | + test_must_fail git apply patch --reject 2>err && | ||
87 | + test_i18ngrep "Rejected hunk" err && | ||
88 | + test_path_is_missing foo && | ||
89 | + test_path_is_file file.t.rej | ||
90 | +' | ||
91 | + | ||
92 | test_done | ||
93 | -- | ||
94 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/git/git_2.35.7.bb b/meta/recipes-devtools/git/git_2.35.7.bb index 199ac950fa..99d3d70683 100644 --- a/meta/recipes-devtools/git/git_2.35.7.bb +++ b/meta/recipes-devtools/git/git_2.35.7.bb | |||
@@ -11,6 +11,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ | |||
11 | file://fixsort.patch \ | 11 | file://fixsort.patch \ |
12 | file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \ | 12 | file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \ |
13 | file://CVE-2023-29007.patch \ | 13 | file://CVE-2023-29007.patch \ |
14 | file://CVE-2023-25652.patch \ | ||
14 | " | 15 | " |
15 | 16 | ||
16 | S = "${WORKDIR}/git-${PV}" | 17 | S = "${WORKDIR}/git-${PV}" |