mirror of
https://github.com/git/git.git
synced 2024-12-11 10:54:21 +08:00
Git 2.26.1
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE4fA2sf7nIh/HeOzvsLXohpav5ssFAl57uiUACgkQsLXohpav 5ssUdQ/+MINTr0vCUL6PUvdhDI4S3+GZ8tryZm6yysIzUHbngbGiPsG2I6XkZQb4 uCdMLcuFMn7BZ3fbP0tZeX9GwqJu8RnZ1Nt+Eh8uKc51AklS/5w322Xb/gL6xA3p 2zLXwruGiR5wmlbkFaeQmLggrFqFWknXVqGdpJ7ei/pl1RTfmfdVz/tWXUME/Q6/ thTEbW2ru6yMuR/GGHQs2J6xYlE0de/Yidvlcl3cK9aGN0rpKe/di/mZwBp1jWam icfDoncNpinzEtube9ML1/aG1fCy/aGKe7CYxKz0zEuM/ODCOaCqU7eLza03M5mJ KPjZGBrfGHwVDzlqeVp8MS7uvhHB4pA8wivHKrbEpbaeCtSc66EhtXGyyoPGpP77 aqwcgbExUUTZm0BNWEdPkKZ0IeYiXbabDsFmESVQnMKvjRcwLGZv5tfFIA56yCql Px/pkQSbKz07f6WR1P49EUDfLNONNYFpY9Q7LZo8Iw1FfiARaXwYvcb9/Mt2CGW3 VUxUKUXaz8PkYFbmEwSxSznqjA+5ZDeC5Q0Ntzvq0YghmenLO+fC3yjT4HSVyGUE uaxNygzbqMwCDLRhbOv0RC81thfwgLYr4X6ZAD0GKZqaGdQbvseo+vr9TwqsA+U/ 7lPh8FBJjoGsMfqt6mgLzLSVscussuOaNeojDMTHaSXJDt/psFU= =4jfG -----END PGP SIGNATURE----- Sync with v2.26.1
This commit is contained in:
commit
efe3874640
16
Documentation/RelNotes/2.17.4.txt
Normal file
16
Documentation/RelNotes/2.17.4.txt
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
Git v2.17.4 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release is to address the security issue: CVE-2020-5260
|
||||||
|
|
||||||
|
Fixes since v2.17.3
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
* With a crafted URL that contains a newline in it, the credential
|
||||||
|
helper machinery can be fooled to give credential information for
|
||||||
|
a wrong host. The attack has been made impossible by forbidding
|
||||||
|
a newline character in any value passed via the credential
|
||||||
|
protocol.
|
||||||
|
|
||||||
|
Credit for finding the vulnerability goes to Felix Wilhelm of Google
|
||||||
|
Project Zero.
|
5
Documentation/RelNotes/2.18.3.txt
Normal file
5
Documentation/RelNotes/2.18.3.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.18.3 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
5
Documentation/RelNotes/2.19.4.txt
Normal file
5
Documentation/RelNotes/2.19.4.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.19.4 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
5
Documentation/RelNotes/2.20.3.txt
Normal file
5
Documentation/RelNotes/2.20.3.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.20.3 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
5
Documentation/RelNotes/2.21.2.txt
Normal file
5
Documentation/RelNotes/2.21.2.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.21.2 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
5
Documentation/RelNotes/2.22.3.txt
Normal file
5
Documentation/RelNotes/2.22.3.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.22.3 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
5
Documentation/RelNotes/2.23.2.txt
Normal file
5
Documentation/RelNotes/2.23.2.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.23.2 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
5
Documentation/RelNotes/2.24.2.txt
Normal file
5
Documentation/RelNotes/2.24.2.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.24.2 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
5
Documentation/RelNotes/2.25.3.txt
Normal file
5
Documentation/RelNotes/2.25.3.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.25.3 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
5
Documentation/RelNotes/2.26.1.txt
Normal file
5
Documentation/RelNotes/2.26.1.txt
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Git v2.26.1 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release merges the security fix that appears in v2.17.4; see
|
||||||
|
the release notes for that version for details.
|
38
credential.c
38
credential.c
@ -226,6 +226,8 @@ static void credential_write_item(FILE *fp, const char *key, const char *value)
|
|||||||
{
|
{
|
||||||
if (!value)
|
if (!value)
|
||||||
return;
|
return;
|
||||||
|
if (strchr(value, '\n'))
|
||||||
|
die("credential value for %s contains newline", key);
|
||||||
fprintf(fp, "%s=%s\n", key, value);
|
fprintf(fp, "%s=%s\n", key, value);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -353,7 +355,22 @@ void credential_reject(struct credential *c)
|
|||||||
c->approved = 0;
|
c->approved = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void credential_from_url(struct credential *c, const char *url)
|
static int check_url_component(const char *url, int quiet,
|
||||||
|
const char *name, const char *value)
|
||||||
|
{
|
||||||
|
if (!value)
|
||||||
|
return 0;
|
||||||
|
if (!strchr(value, '\n'))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (!quiet)
|
||||||
|
warning(_("url contains a newline in its %s component: %s"),
|
||||||
|
name, url);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int credential_from_url_gently(struct credential *c, const char *url,
|
||||||
|
int quiet)
|
||||||
{
|
{
|
||||||
const char *at, *colon, *cp, *slash, *host, *proto_end;
|
const char *at, *colon, *cp, *slash, *host, *proto_end;
|
||||||
|
|
||||||
@ -367,7 +384,7 @@ void credential_from_url(struct credential *c, const char *url)
|
|||||||
*/
|
*/
|
||||||
proto_end = strstr(url, "://");
|
proto_end = strstr(url, "://");
|
||||||
if (!proto_end)
|
if (!proto_end)
|
||||||
return;
|
return 0;
|
||||||
cp = proto_end + 3;
|
cp = proto_end + 3;
|
||||||
at = strchr(cp, '@');
|
at = strchr(cp, '@');
|
||||||
colon = strchr(cp, ':');
|
colon = strchr(cp, ':');
|
||||||
@ -406,4 +423,21 @@ void credential_from_url(struct credential *c, const char *url)
|
|||||||
while (p > c->path && *p == '/')
|
while (p > c->path && *p == '/')
|
||||||
*p-- = '\0';
|
*p-- = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (check_url_component(url, quiet, "username", c->username) < 0 ||
|
||||||
|
check_url_component(url, quiet, "password", c->password) < 0 ||
|
||||||
|
check_url_component(url, quiet, "protocol", c->protocol) < 0 ||
|
||||||
|
check_url_component(url, quiet, "host", c->host) < 0 ||
|
||||||
|
check_url_component(url, quiet, "path", c->path) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void credential_from_url(struct credential *c, const char *url)
|
||||||
|
{
|
||||||
|
if (credential_from_url_gently(c, url, 0) < 0) {
|
||||||
|
warning(_("skipping credential lookup for url: %s"), url);
|
||||||
|
credential_clear(c);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
15
credential.h
15
credential.h
@ -173,8 +173,21 @@ void credential_reject(struct credential *);
|
|||||||
int credential_read(struct credential *, FILE *);
|
int credential_read(struct credential *, FILE *);
|
||||||
void credential_write(const struct credential *, FILE *);
|
void credential_write(const struct credential *, FILE *);
|
||||||
|
|
||||||
/* Parse a URL into broken-down credential fields. */
|
/*
|
||||||
|
* Parse a url into a credential struct, replacing any existing contents.
|
||||||
|
*
|
||||||
|
* If the url can't be parsed (e.g., a missing "proto://" component), the
|
||||||
|
* resulting credential will be empty but we'll still return success from the
|
||||||
|
* "gently" form.
|
||||||
|
*
|
||||||
|
* If we encounter a component which cannot be represented as a credential
|
||||||
|
* value (e.g., because it contains a newline), the "gently" form will return
|
||||||
|
* an error but leave the broken state in the credential object for further
|
||||||
|
* examination. The non-gentle form will issue a warning to stderr and return
|
||||||
|
* an empty credential.
|
||||||
|
*/
|
||||||
void credential_from_url(struct credential *, const char *url);
|
void credential_from_url(struct credential *, const char *url);
|
||||||
|
int credential_from_url_gently(struct credential *, const char *url, int quiet);
|
||||||
|
|
||||||
int credential_match(const struct credential *have,
|
int credential_match(const struct credential *have,
|
||||||
const struct credential *want);
|
const struct credential *want);
|
||||||
|
16
fsck.c
16
fsck.c
@ -15,6 +15,7 @@
|
|||||||
#include "packfile.h"
|
#include "packfile.h"
|
||||||
#include "submodule-config.h"
|
#include "submodule-config.h"
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
#include "credential.h"
|
||||||
#include "help.h"
|
#include "help.h"
|
||||||
|
|
||||||
static struct oidset gitmodules_found = OIDSET_INIT;
|
static struct oidset gitmodules_found = OIDSET_INIT;
|
||||||
@ -910,6 +911,19 @@ done:
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int check_submodule_url(const char *url)
|
||||||
|
{
|
||||||
|
struct credential c = CREDENTIAL_INIT;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if (looks_like_command_line_option(url))
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
ret = credential_from_url_gently(&c, url, 1);
|
||||||
|
credential_clear(&c);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
struct fsck_gitmodules_data {
|
struct fsck_gitmodules_data {
|
||||||
const struct object_id *oid;
|
const struct object_id *oid;
|
||||||
struct fsck_options *options;
|
struct fsck_options *options;
|
||||||
@ -935,7 +949,7 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
|
|||||||
"disallowed submodule name: %s",
|
"disallowed submodule name: %s",
|
||||||
name);
|
name);
|
||||||
if (!strcmp(key, "url") && value &&
|
if (!strcmp(key, "url") && value &&
|
||||||
looks_like_command_line_option(value))
|
check_submodule_url(value) < 0)
|
||||||
data->ret |= report(data->options,
|
data->ret |= report(data->options,
|
||||||
data->oid, OBJ_BLOB,
|
data->oid, OBJ_BLOB,
|
||||||
FSCK_MSG_GITMODULES_URL,
|
FSCK_MSG_GITMODULES_URL,
|
||||||
|
@ -19,7 +19,7 @@ check() {
|
|||||||
false
|
false
|
||||||
fi &&
|
fi &&
|
||||||
test_cmp expect-stdout stdout &&
|
test_cmp expect-stdout stdout &&
|
||||||
test_cmp expect-stderr stderr
|
test_i18ncmp expect-stderr stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
read_chunk() {
|
read_chunk() {
|
||||||
|
@ -436,4 +436,18 @@ test_expect_success 'empty helper spec resets helper list' '
|
|||||||
EOF
|
EOF
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success 'url parser ignores embedded newlines' '
|
||||||
|
check fill <<-EOF
|
||||||
|
url=https://one.example.com?%0ahost=two.example.com/
|
||||||
|
--
|
||||||
|
username=askpass-username
|
||||||
|
password=askpass-password
|
||||||
|
--
|
||||||
|
warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/
|
||||||
|
warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/
|
||||||
|
askpass: Username:
|
||||||
|
askpass: Password:
|
||||||
|
EOF
|
||||||
|
'
|
||||||
|
|
||||||
test_done
|
test_done
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
test_description='check handling of .gitmodule url with dash'
|
test_description='check handling of disallowed .gitmodule urls'
|
||||||
. ./test-lib.sh
|
. ./test-lib.sh
|
||||||
|
|
||||||
test_expect_success 'create submodule with protected dash in url' '
|
test_expect_success 'create submodule with protected dash in url' '
|
||||||
@ -60,4 +60,20 @@ test_expect_success 'trailing backslash is handled correctly' '
|
|||||||
test_i18ngrep ! "unknown option" err
|
test_i18ngrep ! "unknown option" err
|
||||||
'
|
'
|
||||||
|
|
||||||
|
test_expect_success 'fsck rejects embedded newline in url' '
|
||||||
|
# create an orphan branch to avoid existing .gitmodules objects
|
||||||
|
git checkout --orphan newline &&
|
||||||
|
cat >.gitmodules <<-\EOF &&
|
||||||
|
[submodule "foo"]
|
||||||
|
url = "https://one.example.com?%0ahost=two.example.com/foo.git"
|
||||||
|
EOF
|
||||||
|
git add .gitmodules &&
|
||||||
|
git commit -m "gitmodules with newline" &&
|
||||||
|
test_when_finished "rm -rf dst" &&
|
||||||
|
git init --bare dst &&
|
||||||
|
git -C dst config transfer.fsckObjects true &&
|
||||||
|
test_must_fail git push dst HEAD 2>err &&
|
||||||
|
grep gitmodulesUrl err
|
||||||
|
'
|
||||||
|
|
||||||
test_done
|
test_done
|
||||||
|
Loading…
Reference in New Issue
Block a user