Sync with 2.17.2
* maint-2.17: Git 2.17.2 fsck: detect submodule paths starting with dash fsck: detect submodule urls starting with dash Git 2.16.5 Git 2.15.3 Git 2.14.5 submodule-config: ban submodule paths that start with a dash submodule-config: ban submodule urls that start with dash submodule--helper: use "--" to signal end of clone options
This commit is contained in:
commit
44f87dac99
16
Documentation/RelNotes/2.14.5.txt
Normal file
16
Documentation/RelNotes/2.14.5.txt
Normal file
@ -0,0 +1,16 @@
|
||||
Git v2.14.5 Release Notes
|
||||
=========================
|
||||
|
||||
This release is to address the recently reported CVE-2018-17456.
|
||||
|
||||
Fixes since v2.14.4
|
||||
-------------------
|
||||
|
||||
* Submodules' "URL"s come from the untrusted .gitmodules file, but
|
||||
we blindly gave it to "git clone" to clone submodules when "git
|
||||
clone --recurse-submodules" was used to clone a project that has
|
||||
such a submodule. The code has been hardened to reject such
|
||||
malformed URLs (e.g. one that begins with a dash).
|
||||
|
||||
Credit for finding and fixing this vulnerability goes to joernchen
|
||||
and Jeff King, respectively.
|
6
Documentation/RelNotes/2.15.3.txt
Normal file
6
Documentation/RelNotes/2.15.3.txt
Normal file
@ -0,0 +1,6 @@
|
||||
Git v2.15.3 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges up the fixes that appear in v2.14.5 to address
|
||||
the recently reported CVE-2018-17456; see the release notes for that
|
||||
version for details.
|
6
Documentation/RelNotes/2.16.5.txt
Normal file
6
Documentation/RelNotes/2.16.5.txt
Normal file
@ -0,0 +1,6 @@
|
||||
Git v2.16.5 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges up the fixes that appear in v2.14.5 to address
|
||||
the recently reported CVE-2018-17456; see the release notes for that
|
||||
version for details.
|
12
Documentation/RelNotes/2.17.2.txt
Normal file
12
Documentation/RelNotes/2.17.2.txt
Normal file
@ -0,0 +1,12 @@
|
||||
Git v2.17.2 Release Notes
|
||||
=========================
|
||||
|
||||
This release merges up the fixes that appear in v2.14.5 to address
|
||||
the recently reported CVE-2018-17456; see the release notes for that
|
||||
version for details.
|
||||
|
||||
In addition, this release also teaches "fsck" and the server side
|
||||
logic to reject pushes to repositories that attempt to create such a
|
||||
problematic ".gitmodules" file as tracked contents, to help hosting
|
||||
sites protect their customers by preventing malicious contents from
|
||||
spreading.
|
@ -1090,6 +1090,7 @@ static int clone_submodule(const char *path, const char *gitdir, const char *url
|
||||
if (gitdir && *gitdir)
|
||||
argv_array_pushl(&cp.args, "--separate-git-dir", gitdir, NULL);
|
||||
|
||||
argv_array_push(&cp.args, "--");
|
||||
argv_array_push(&cp.args, url);
|
||||
argv_array_push(&cp.args, path);
|
||||
|
||||
|
14
fsck.c
14
fsck.c
@ -64,6 +64,8 @@ static struct oidset gitmodules_done = OIDSET_INIT;
|
||||
FUNC(GITMODULES_PARSE, ERROR) \
|
||||
FUNC(GITMODULES_NAME, ERROR) \
|
||||
FUNC(GITMODULES_SYMLINK, ERROR) \
|
||||
FUNC(GITMODULES_URL, ERROR) \
|
||||
FUNC(GITMODULES_PATH, ERROR) \
|
||||
/* warnings */ \
|
||||
FUNC(BAD_FILEMODE, WARN) \
|
||||
FUNC(EMPTY_NAME, WARN) \
|
||||
@ -949,6 +951,18 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
|
||||
FSCK_MSG_GITMODULES_NAME,
|
||||
"disallowed submodule name: %s",
|
||||
name);
|
||||
if (!strcmp(key, "url") && value &&
|
||||
looks_like_command_line_option(value))
|
||||
data->ret |= report(data->options, data->obj,
|
||||
FSCK_MSG_GITMODULES_URL,
|
||||
"disallowed submodule url: %s",
|
||||
value);
|
||||
if (!strcmp(key, "path") && value &&
|
||||
looks_like_command_line_option(value))
|
||||
data->ret |= report(data->options, data->obj,
|
||||
FSCK_MSG_GITMODULES_PATH,
|
||||
"disallowed submodule path: %s",
|
||||
value);
|
||||
free(name);
|
||||
|
||||
return 0;
|
||||
|
@ -383,6 +383,12 @@ static void warn_multiple_config(const struct object_id *treeish_name,
|
||||
commit_string, name, option);
|
||||
}
|
||||
|
||||
static void warn_command_line_option(const char *var, const char *value)
|
||||
{
|
||||
warning(_("ignoring '%s' which may be interpreted as"
|
||||
" a command-line option: %s"), var, value);
|
||||
}
|
||||
|
||||
struct parse_config_parameter {
|
||||
struct submodule_cache *cache;
|
||||
const struct object_id *treeish_name;
|
||||
@ -408,6 +414,8 @@ static int parse_config(const char *var, const char *value, void *data)
|
||||
if (!strcmp(item.buf, "path")) {
|
||||
if (!value)
|
||||
ret = config_error_nonbool(var);
|
||||
else if (looks_like_command_line_option(value))
|
||||
warn_command_line_option(var, value);
|
||||
else if (!me->overwrite && submodule->path)
|
||||
warn_multiple_config(me->treeish_name, submodule->name,
|
||||
"path");
|
||||
@ -448,6 +456,8 @@ static int parse_config(const char *var, const char *value, void *data)
|
||||
} else if (!strcmp(item.buf, "url")) {
|
||||
if (!value) {
|
||||
ret = config_error_nonbool(var);
|
||||
} else if (looks_like_command_line_option(value)) {
|
||||
warn_command_line_option(var, value);
|
||||
} else if (!me->overwrite && submodule->url) {
|
||||
warn_multiple_config(me->treeish_name, submodule->name,
|
||||
"url");
|
||||
|
49
t/t7416-submodule-dash-url.sh
Executable file
49
t/t7416-submodule-dash-url.sh
Executable file
@ -0,0 +1,49 @@
|
||||
#!/bin/sh
|
||||
|
||||
test_description='check handling of .gitmodule url with dash'
|
||||
. ./test-lib.sh
|
||||
|
||||
test_expect_success 'create submodule with protected dash in url' '
|
||||
git init upstream &&
|
||||
git -C upstream commit --allow-empty -m base &&
|
||||
mv upstream ./-upstream &&
|
||||
git submodule add ./-upstream sub &&
|
||||
git add sub .gitmodules &&
|
||||
git commit -m submodule
|
||||
'
|
||||
|
||||
test_expect_success 'clone can recurse submodule' '
|
||||
test_when_finished "rm -rf dst" &&
|
||||
git clone --recurse-submodules . dst &&
|
||||
echo base >expect &&
|
||||
git -C dst/sub log -1 --format=%s >actual &&
|
||||
test_cmp expect actual
|
||||
'
|
||||
|
||||
test_expect_success 'fsck accepts protected dash' '
|
||||
test_when_finished "rm -rf dst" &&
|
||||
git init --bare dst &&
|
||||
git -C dst config transfer.fsckObjects true &&
|
||||
git push dst HEAD
|
||||
'
|
||||
|
||||
test_expect_success 'remove ./ protection from .gitmodules url' '
|
||||
perl -i -pe "s{\./}{}" .gitmodules &&
|
||||
git commit -am "drop protection"
|
||||
'
|
||||
|
||||
test_expect_success 'clone rejects unprotected dash' '
|
||||
test_when_finished "rm -rf dst" &&
|
||||
test_must_fail git clone --recurse-submodules . dst 2>err &&
|
||||
test_i18ngrep ignoring err
|
||||
'
|
||||
|
||||
test_expect_success 'fsck rejects unprotected dash' '
|
||||
test_when_finished "rm -rf dst" &&
|
||||
git init --bare dst &&
|
||||
git -C dst config transfer.fsckObjects true &&
|
||||
test_must_fail git push dst HEAD 2>err &&
|
||||
grep gitmodulesUrl err
|
||||
'
|
||||
|
||||
test_done
|
28
t/t7417-submodule-path-url.sh
Executable file
28
t/t7417-submodule-path-url.sh
Executable file
@ -0,0 +1,28 @@
|
||||
#!/bin/sh
|
||||
|
||||
test_description='check handling of .gitmodule path with dash'
|
||||
. ./test-lib.sh
|
||||
|
||||
test_expect_success 'create submodule with dash in path' '
|
||||
git init upstream &&
|
||||
git -C upstream commit --allow-empty -m base &&
|
||||
git submodule add ./upstream sub &&
|
||||
git mv sub ./-sub &&
|
||||
git commit -m submodule
|
||||
'
|
||||
|
||||
test_expect_success 'clone rejects unprotected dash' '
|
||||
test_when_finished "rm -rf dst" &&
|
||||
git clone --recurse-submodules . dst 2>err &&
|
||||
test_i18ngrep ignoring err
|
||||
'
|
||||
|
||||
test_expect_success 'fsck rejects unprotected dash' '
|
||||
test_when_finished "rm -rf dst" &&
|
||||
git init --bare dst &&
|
||||
git -C dst config transfer.fsckObjects true &&
|
||||
test_must_fail git push dst HEAD 2>err &&
|
||||
grep gitmodulesPath err
|
||||
'
|
||||
|
||||
test_done
|
Loading…
Reference in New Issue
Block a user