diff --git a/backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch b/backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d0b58f0ffcf31f2ca759319edb324170e8b5c82 --- /dev/null +++ b/backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch @@ -0,0 +1,111 @@ +From bccc37fdc7ec66377af454417013f7612aef75e6 Mon Sep 17 00:00:00 2001 +From: Adam Dinwoodie +Date: Thu, 29 Apr 2021 21:11:44 +0100 +Subject: [PATCH] cygwin: disallow backslashes in file names + +The backslash character is not a valid part of a file name on Windows. +If, in Windows, Git attempts to write a file that has a backslash +character in the filename, it will be incorrectly interpreted as a +directory separator. + +This caused CVE-2019-1354 in MinGW, as this behaviour can be manipulated +to cause the checkout to write to files it ought not write to, such as +adding code to the .git/hooks directory. This was fixed by e1d911dd4c +(mingw: disallow backslash characters in tree objects' file names, +2019-09-12). However, the vulnerability also exists in Cygwin: while +Cygwin mostly provides a POSIX-like path system, it will still interpret +a backslash as a directory separator. + +To avoid this vulnerability, CVE-2021-29468, extend the previous fix to +also apply to Cygwin. + +Similarly, extend the test case added by the previous version of the +commit. The test suite doesn't have an easy way to say "run this test +if in MinGW or Cygwin", so add a new test prerequisite that covers both. + +As well as checking behaviour in the presence of paths containing +backslashes, the existing test also checks behaviour in the presence of +paths that differ only by the presence of a trailing ".". MinGW follows +normal Windows application behaviour and treats them as the same path, +but Cygwin more closely emulates *nix systems (at the expense of +compatibility with native Windows applications) and will create and +distinguish between such paths. Gate the relevant bit of that test +accordingly. + +Reported-by: RyotaK +Helped-by: Johannes Schindelin +Signed-off-by: Adam Dinwoodie +Signed-off-by: Junio C Hamano +--- + read-cache.c | 2 +- + t/t7415-submodule-names.sh | 13 ++++++++----- + t/test-lib.sh | 2 ++ + 3 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/read-cache.c b/read-cache.c +index 5a907af..b6c13bc 100644 +--- a/read-cache.c ++++ b/read-cache.c +@@ -985,7 +985,7 @@ int verify_path(const char *path, unsigned mode) + } + } + if (protect_ntfs) { +-#ifdef GIT_WINDOWS_NATIVE ++#if defined GIT_WINDOWS_NATIVE || defined __CYGWIN__ + if (c == '\\') + return 0; + #endif +diff --git a/t/t7415-submodule-names.sh b/t/t7415-submodule-names.sh +index f70368b..6bf098a 100755 +--- a/t/t7415-submodule-names.sh ++++ b/t/t7415-submodule-names.sh +@@ -191,7 +191,7 @@ test_expect_success 'fsck detects corrupt .gitmodules' ' + ) + ' + +-test_expect_success MINGW 'prevent git~1 squatting on Windows' ' ++test_expect_success WINDOWS 'prevent git~1 squatting on Windows' ' + git init squatting && + ( + cd squatting && +@@ -219,10 +219,13 @@ test_expect_success MINGW 'prevent git~1 squatting on Windows' ' + test_tick && + git -c core.protectNTFS=false commit -m "module" + ) && +- test_must_fail git -c core.protectNTFS=false \ +- clone --recurse-submodules squatting squatting-clone 2>err && +- test_i18ngrep -e "directory not empty" -e "not an empty directory" err && +- ! grep gitdir squatting-clone/d/a/git~2 ++ if test_have_prereq MINGW ++ then ++ test_must_fail git -c core.protectNTFS=false \ ++ clone --recurse-submodules squatting squatting-clone 2>err && ++ test_i18ngrep -e "directory not empty" -e "not an empty directory" err && ++ ! grep gitdir squatting-clone/d/a/git~2 ++ fi + ' + + test_expect_success 'git dirs of sibling submodules must not be nested' ' +diff --git a/t/test-lib.sh b/t/test-lib.sh +index d3f6af6..e84b8c8 100644 +--- a/t/test-lib.sh ++++ b/t/test-lib.sh +@@ -1457,6 +1457,7 @@ case $uname_s in + test_set_prereq NATIVE_CRLF + test_set_prereq SED_STRIPS_CR + test_set_prereq GREP_STRIPS_CR ++ test_set_prereq WINDOWS + GIT_TEST_CMP=mingw_test_cmp + ;; + *CYGWIN*) +@@ -1465,6 +1466,7 @@ case $uname_s in + test_set_prereq CYGWIN + test_set_prereq SED_STRIPS_CR + test_set_prereq GREP_STRIPS_CR ++ test_set_prereq WINDOWS + ;; + *) + test_set_prereq POSIXPERM +-- +1.8.3.1 + diff --git a/git.spec b/git.spec index d54cccfce528a1ce46f4987da623ab9d5dbf7041..0a3f3b05f488519ee626b95afb8b773f3ee75dd5 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ %global gitexecdir %{_libexecdir}/git-core Name: git Version: 2.30.0 -Release: 3 +Release: 4 Summary: A popular and widely used Version Control System License: GPLv2+ or LGPLv2.1 URL: https://git-scm.com/ @@ -12,8 +12,10 @@ Source100: git-gui.desktop Source101: git@.service.in Source102: git.socket -Patch1: backport-CVE-2021-21300.patch +Patch1: backport-CVE-2021-21300.patch +Patch2: backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch +BuildRequires: gcc gettext BuildRequires: openssl-devel libcurl-devel expat-devel systemd asciidoc xmlto glib2-devel libsecret-devel pcre-devel desktop-file-utils BuildRequires: python3-devel perl-generators perl-interpreter perl-Error perl(Test::More) perl-MailTools perl(Test) gdb Requires: less zlib openssh-clients perl(Term::ReadKey) perl-Git @@ -261,6 +263,11 @@ make %{?_smp_mflags} test %{_mandir}/man7/git*.7.* %changelog +* Fri May 28 2021 panxiaohe - 2.30.0-4 +- Fix CVE-2021-29468 +- Add gcc and gettext to BuildRequires + - necessary for building and msgfmt command + * Fri Mar 19 2021 fuanan - 2.30.0-3 - Optimize compilation time @@ -268,7 +275,7 @@ make %{?_smp_mflags} test - Type:CVE - ID:NA - SUG:NA -- DESC:CVE-2021-21300 +- DESC:Fix CVE-2021-21300 * Wed Jan 27 2021 wangchen - 2.30.0-1 - Type:enhancement