diff --git a/backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch b/backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d0b58f0ffcf31f2ca759319edb324170e8b5c82 --- /dev/null +++ b/backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch @@ -0,0 +1,111 @@ +From bccc37fdc7ec66377af454417013f7612aef75e6 Mon Sep 17 00:00:00 2001 +From: Adam Dinwoodie +Date: Thu, 29 Apr 2021 21:11:44 +0100 +Subject: [PATCH] cygwin: disallow backslashes in file names + +The backslash character is not a valid part of a file name on Windows. +If, in Windows, Git attempts to write a file that has a backslash +character in the filename, it will be incorrectly interpreted as a +directory separator. + +This caused CVE-2019-1354 in MinGW, as this behaviour can be manipulated +to cause the checkout to write to files it ought not write to, such as +adding code to the .git/hooks directory. This was fixed by e1d911dd4c +(mingw: disallow backslash characters in tree objects' file names, +2019-09-12). However, the vulnerability also exists in Cygwin: while +Cygwin mostly provides a POSIX-like path system, it will still interpret +a backslash as a directory separator. + +To avoid this vulnerability, CVE-2021-29468, extend the previous fix to +also apply to Cygwin. + +Similarly, extend the test case added by the previous version of the +commit. The test suite doesn't have an easy way to say "run this test +if in MinGW or Cygwin", so add a new test prerequisite that covers both. + +As well as checking behaviour in the presence of paths containing +backslashes, the existing test also checks behaviour in the presence of +paths that differ only by the presence of a trailing ".". MinGW follows +normal Windows application behaviour and treats them as the same path, +but Cygwin more closely emulates *nix systems (at the expense of +compatibility with native Windows applications) and will create and +distinguish between such paths. Gate the relevant bit of that test +accordingly. + +Reported-by: RyotaK +Helped-by: Johannes Schindelin +Signed-off-by: Adam Dinwoodie +Signed-off-by: Junio C Hamano +--- + read-cache.c | 2 +- + t/t7415-submodule-names.sh | 13 ++++++++----- + t/test-lib.sh | 2 ++ + 3 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/read-cache.c b/read-cache.c +index 5a907af..b6c13bc 100644 +--- a/read-cache.c ++++ b/read-cache.c +@@ -985,7 +985,7 @@ int verify_path(const char *path, unsigned mode) + } + } + if (protect_ntfs) { +-#ifdef GIT_WINDOWS_NATIVE ++#if defined GIT_WINDOWS_NATIVE || defined __CYGWIN__ + if (c == '\\') + return 0; + #endif +diff --git a/t/t7415-submodule-names.sh b/t/t7415-submodule-names.sh +index f70368b..6bf098a 100755 +--- a/t/t7415-submodule-names.sh ++++ b/t/t7415-submodule-names.sh +@@ -191,7 +191,7 @@ test_expect_success 'fsck detects corrupt .gitmodules' ' + ) + ' + +-test_expect_success MINGW 'prevent git~1 squatting on Windows' ' ++test_expect_success WINDOWS 'prevent git~1 squatting on Windows' ' + git init squatting && + ( + cd squatting && +@@ -219,10 +219,13 @@ test_expect_success MINGW 'prevent git~1 squatting on Windows' ' + test_tick && + git -c core.protectNTFS=false commit -m "module" + ) && +- test_must_fail git -c core.protectNTFS=false \ +- clone --recurse-submodules squatting squatting-clone 2>err && +- test_i18ngrep -e "directory not empty" -e "not an empty directory" err && +- ! grep gitdir squatting-clone/d/a/git~2 ++ if test_have_prereq MINGW ++ then ++ test_must_fail git -c core.protectNTFS=false \ ++ clone --recurse-submodules squatting squatting-clone 2>err && ++ test_i18ngrep -e "directory not empty" -e "not an empty directory" err && ++ ! grep gitdir squatting-clone/d/a/git~2 ++ fi + ' + + test_expect_success 'git dirs of sibling submodules must not be nested' ' +diff --git a/t/test-lib.sh b/t/test-lib.sh +index d3f6af6..e84b8c8 100644 +--- a/t/test-lib.sh ++++ b/t/test-lib.sh +@@ -1457,6 +1457,7 @@ case $uname_s in + test_set_prereq NATIVE_CRLF + test_set_prereq SED_STRIPS_CR + test_set_prereq GREP_STRIPS_CR ++ test_set_prereq WINDOWS + GIT_TEST_CMP=mingw_test_cmp + ;; + *CYGWIN*) +@@ -1465,6 +1466,7 @@ case $uname_s in + test_set_prereq CYGWIN + test_set_prereq SED_STRIPS_CR + test_set_prereq GREP_STRIPS_CR ++ test_set_prereq WINDOWS + ;; + *) + test_set_prereq POSIXPERM +-- +1.8.3.1 + diff --git a/backport-t4210-detect-REG_ILLSEQ-dynamically-and-skip-affecte.patch b/backport-t4210-detect-REG_ILLSEQ-dynamically-and-skip-affecte.patch new file mode 100644 index 0000000000000000000000000000000000000000..1c11fe73a8ccd3844723709698ff819cfc3a054e --- /dev/null +++ b/backport-t4210-detect-REG_ILLSEQ-dynamically-and-skip-affecte.patch @@ -0,0 +1,168 @@ +From c4c2a96ec73775b1a4d4d850bb9ae7f50bc6912e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= +Date: Mon, 18 May 2020 11:44:16 -0700 +Subject: [PATCH] t4210: detect REG_ILLSEQ dynamically and skip affected tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +7187c7bbb8 (t4210: skip i18n tests that don't work on FreeBSD, 2019-11-27) +adds a REG_ILLSEQ prerequisite, and to do that copies the common branch in +test-lib and expands it to include it in a special case for FreeBSD. + +Instead; test for it using a previously added extension to test-tool and +use that, together with a function that identifies when regcomp/regexec +will be called with broken patterns to avoid any test that would otherwise +rely on undefined behaviour. + +The description of the first test which wasn't accurate has been corrected, +and the test rearranged for clarity, including a helper function that avoids +overly long lines. + +Only the affected engines will have their tests suppressed, also including +"fixed" if the PCRE optimization that uses LIBPCRE2 since b65abcafc7 +(grep: use PCRE v2 for optimized fixed-string search, 2019-07-01) is not +available. + +Helped-by: Eric Sunshine +Signed-off-by: Carlo Marcelo Arenas Belón +Signed-off-by: Junio C Hamano +--- + t/t4210-log-i18n.sh | 77 ++++++++++++++++++++++++++++++++++++++++------------- + t/test-lib.sh | 6 ----- + 2 files changed, 59 insertions(+), 24 deletions(-) + +diff --git a/t/t4210-log-i18n.sh b/t/t4210-log-i18n.sh +index c379208..d2dfcf1 100755 +--- a/t/t4210-log-i18n.sh ++++ b/t/t4210-log-i18n.sh +@@ -10,6 +10,13 @@ latin1_e=$(printf '\351') + # invalid UTF-8 + invalid_e=$(printf '\303\50)') # ")" at end to close opening "(" + ++have_reg_illseq= ++if test_have_prereq GETTEXT_LOCALE && ++ ! LC_ALL=$is_IS_locale test-tool regex --silent $latin1_e ++then ++ have_reg_illseq=1 ++fi ++ + test_expect_success 'create commits in different encodings' ' + test_tick && + cat >msg <<-EOF && +@@ -51,43 +58,77 @@ test_expect_success !MINGW 'log --grep does not find non-reencoded values (utf8) + test_must_be_empty actual + ' + +-test_expect_success !MINGW 'log --grep does not find non-reencoded values (latin1)' ' ++test_expect_success 'log --grep does not find non-reencoded values (latin1)' ' + git log --encoding=ISO-8859-1 --format=%s --grep=$utf8_e >actual && + test_must_be_empty actual + ' + ++triggers_undefined_behaviour () { ++ local engine=$1 ++ ++ case $engine in ++ fixed) ++ if test -n "$have_reg_illseq" && ++ ! test_have_prereq LIBPCRE2 ++ then ++ return 0 ++ fi ++ ;; ++ basic|extended) ++ if test -n "$have_reg_illseq" ++ then ++ return 0 ++ fi ++ ;; ++ esac ++ return 1 ++} ++ ++mismatched_git_log () { ++ local pattern=$1 ++ ++ LC_ALL=$is_IS_locale git log --encoding=ISO-8859-1 --format=%s \ ++ --grep=$pattern ++} ++ + for engine in fixed basic extended perl + do + prereq= + if test $engine = "perl" + then +- prereq="PCRE" +- else +- prereq="" ++ prereq=PCRE + fi + force_regex= + if test $engine != "fixed" + then +- force_regex=.* ++ force_regex='.*' + fi +- test_expect_success !MINGW,!REGEX_ILLSEQ,GETTEXT_LOCALE,$prereq "-c grep.patternType=$engine log --grep does not find non-reencoded values (latin1 + locale)" " +- cat >expect <<-\EOF && +- latin1 +- utf8 +- EOF +- LC_ALL=\"$is_IS_locale\" git -c grep.patternType=$engine log --encoding=ISO-8859-1 --format=%s --grep=\"$force_regex$latin1_e\" >actual && +- test_cmp expect actual +- " + +- test_expect_success !MINGW,GETTEXT_LOCALE,$prereq "-c grep.patternType=$engine log --grep does not find non-reencoded values (latin1 + locale)" " +- LC_ALL=\"$is_IS_locale\" git -c grep.patternType=$engine log --encoding=ISO-8859-1 --format=%s --grep=\"$force_regex$utf8_e\" >actual && +- test_must_be_empty actual ++ test_expect_success $prereq "config grep.patternType=$engine" " ++ git config grep.patternType $engine + " + +- test_expect_success !MINGW,!REGEX_ILLSEQ,GETTEXT_LOCALE,$prereq "-c grep.patternType=$engine log --grep does not die on invalid UTF-8 value (latin1 + locale + invalid needle)" " +- LC_ALL=\"$is_IS_locale\" git -c grep.patternType=$engine log --encoding=ISO-8859-1 --format=%s --grep=\"$force_regex$invalid_e\" >actual && ++ test_expect_success GETTEXT_LOCALE,$prereq "log --grep does not find non-reencoded values (latin1 + locale)" " ++ mismatched_git_log '$force_regex$utf8_e' >actual && + test_must_be_empty actual + " ++ ++ if ! triggers_undefined_behaviour $engine ++ then ++ test_expect_success !MINGW,GETTEXT_LOCALE,$prereq "log --grep searches in log output encoding (latin1 + locale)" " ++ cat >expect <<-\EOF && ++ latin1 ++ utf8 ++ EOF ++ mismatched_git_log '$force_regex$latin1_e' >actual && ++ test_cmp expect actual ++ " ++ ++ test_expect_success GETTEXT_LOCALE,$prereq "log --grep does not die on invalid UTF-8 value (latin1 + locale + invalid needle)" " ++ mismatched_git_log '$force_regex$invalid_e' >actual && ++ test_must_be_empty actual ++ " ++ fi + done + + test_done +diff --git a/t/test-lib.sh b/t/test-lib.sh +index 0ea1e5a..81473fe 100644 +--- a/t/test-lib.sh ++++ b/t/test-lib.sh +@@ -1454,12 +1454,6 @@ case $uname_s in + test_set_prereq SED_STRIPS_CR + test_set_prereq GREP_STRIPS_CR + ;; +-FreeBSD) +- test_set_prereq REGEX_ILLSEQ +- test_set_prereq POSIXPERM +- test_set_prereq BSLASHPSPEC +- test_set_prereq EXECKEEPSPID +- ;; + *) + test_set_prereq POSIXPERM + test_set_prereq BSLASHPSPEC +-- +1.8.3.1 + diff --git a/git.spec b/git.spec index a14e324517342b78fc76fc6704e217d7a78ef38a..d6e555bdff11fe33d07d10373735321be9d8f670 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ %global gitexecdir %{_libexecdir}/git-core Name: git Version: 2.27.0 -Release: 3 +Release: 4 Summary: A popular and widely used Version Control System License: GPLv2+ or LGPLv2.1 URL: https://git-scm.com/ @@ -12,8 +12,11 @@ Source100: git-gui.desktop Source101: git@.service.in Source102: git.socket -Patch1: backport-CVE-2021-21300.patch +Patch1: backport-CVE-2021-21300.patch +Patch2: backport-t4210-detect-REG_ILLSEQ-dynamically-and-skip-affecte.patch +Patch3: backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch +BuildRequires: gcc gettext BuildRequires: openssl-devel libcurl-devel expat-devel systemd asciidoc xmlto glib2-devel libsecret-devel pcre-devel desktop-file-utils BuildRequires: python3-devel perl-generators perl-interpreter perl-Error perl(Test::More) perl-MailTools perl(Test) gdb Requires: less zlib openssh-clients perl(Term::ReadKey) perl-Git @@ -261,11 +264,16 @@ make test %{_mandir}/man7/git*.7.* %changelog +* Fri May 28 2021 panxiaohe - 2.27.0-4 +- Fix CVE-2021-29468 +- Add gcc and gettext to BuildRequires + - necessary for building and msgfmt command + * Thu Mar 18 2021 lirui - 2.27.0-3 - Type:CVE - ID:NA - SUG:NA -- DESC:CVE-2021-21300 +- DESC:Fix CVE-2021-21300 * Fri Sep 25 2020 yangzhuangzhuang - 2.27.0-2 - Type:bugfix