summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch')
-rw-r--r--meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch146
1 files changed, 146 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch b/meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch
new file mode 100644
index 0000000000..fafd3c2033
--- /dev/null
+++ b/meta/recipes-devtools/git/git-2.3.0/CVE-2015-7545_4.patch
@@ -0,0 +1,146 @@
+From f4113cac0c88b4f36ee6f3abf3218034440a68e3 Mon Sep 17 00:00:00 2001
+From: Blake Burkhart <bburky@bburky.com>
+Date: Tue, 22 Sep 2015 18:06:04 -0400
+Subject: [PATCH] http: limit redirection to protocol-whitelist
+
+Previously, libcurl would follow redirection to any protocol
+it was compiled for support with. This is desirable to allow
+redirection from HTTP to HTTPS. However, it would even
+successfully allow redirection from HTTP to SFTP, a protocol
+that git does not otherwise support at all. Furthermore
+git's new protocol-whitelisting could be bypassed by
+following a redirect within the remote helper, as it was
+only enforced at transport selection time.
+
+This patch limits redirects within libcurl to HTTP, HTTPS,
+FTP and FTPS. If there is a protocol-whitelist present, this
+list is limited to those also allowed by the whitelist. As
+redirection happens from within libcurl, it is impossible
+for an HTTP redirect to a protocol implemented within
+another remote helper.
+
+When the curl version git was compiled with is too old to
+support restrictions on protocol redirection, we warn the
+user if GIT_ALLOW_PROTOCOL restrictions were requested. This
+is a little inaccurate, as even without that variable in the
+environment, we would still restrict SFTP, etc, and we do
+not warn in that case. But anything else means we would
+literally warn every time git accesses an http remote.
+
+This commit includes a test, but it is not as robust as we
+would hope. It redirects an http request to ftp, and checks
+that curl complained about the protocol, which means that we
+are relying on curl's specific error message to know what
+happened. Ideally we would redirect to a working ftp server
+and confirm that we can clone without protocol restrictions,
+and not with them. But we do not have a portable way of
+providing an ftp server, nor any other protocol that curl
+supports (https is the closest, but we would have to deal
+with certificates).
+
+[jk: added test and version warning]
+
+Signed-off-by: Jeff King <peff@peff.net>
+Signed-off-by: Junio C Hamano <gitster@pobox.com>
+
+Upstream-Status: Backport
+https://kernel.googlesource.com/pub/scm/git/git/+/f4113cac0c88b4f36ee6f3abf3218034440a68e3%5E%21/
+CVE: CVE-2015-7545 patch #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ Documentation/git.txt | 5 -----
+ http.c | 17 +++++++++++++++++
+ t/lib-httpd/apache.conf | 1 +
+ t/t5812-proto-disable-http.sh | 9 +++++++++
+ 4 files changed, 27 insertions(+), 5 deletions(-)
+
+Index: git-2.3.0/Documentation/git.txt
+===================================================================
+--- git-2.3.0.orig/Documentation/git.txt
++++ git-2.3.0/Documentation/git.txt
+@@ -1049,11 +1049,6 @@ GIT_ICASE_PATHSPECS::
+
+ - any external helpers are named by their protocol (e.g., use
+ `hg` to allow the `git-remote-hg` helper)
+-+
+-Note that this controls only git's internal protocol selection.
+-If libcurl is used (e.g., by the `http` transport), it may
+-redirect to other protocols. There is not currently any way to
+-restrict this.
+
+
+ Discussion[[Discussion]]
+Index: git-2.3.0/http.c
+===================================================================
+--- git-2.3.0.orig/http.c
++++ git-2.3.0/http.c
+@@ -8,6 +8,7 @@
+ #include "credential.h"
+ #include "version.h"
+ #include "pkt-line.h"
++#include "transport.h"
+
+ int active_requests;
+ int http_is_verbose;
+@@ -300,6 +301,7 @@ static void set_curl_keepalive(CURL *c)
+ static CURL *get_curl_handle(void)
+ {
+ CURL *result = curl_easy_init();
++ long allowed_protocols = 0;
+
+ if (!result)
+ die("curl_easy_init failed");
+@@ -352,6 +354,21 @@ static CURL *get_curl_handle(void)
+ #elif LIBCURL_VERSION_NUM >= 0x071101
+ curl_easy_setopt(result, CURLOPT_POST301, 1);
+ #endif
++#if LIBCURL_VERSION_NUM >= 0x071304
++ if (is_transport_allowed("http"))
++ allowed_protocols |= CURLPROTO_HTTP;
++ if (is_transport_allowed("https"))
++ allowed_protocols |= CURLPROTO_HTTPS;
++ if (is_transport_allowed("ftp"))
++ allowed_protocols |= CURLPROTO_FTP;
++ if (is_transport_allowed("ftps"))
++ allowed_protocols |= CURLPROTO_FTPS;
++ curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols);
++#else
++ if (transport_restrict_protocols())
++ warning("protocol restrictions not applied to curl redirects because\n"
++ "your curl version is too old (>= 7.19.4)");
++#endif
+
+ if (getenv("GIT_CURL_VERBOSE"))
+ curl_easy_setopt(result, CURLOPT_VERBOSE, 1);
+Index: git-2.3.0/t/lib-httpd/apache.conf
+===================================================================
+--- git-2.3.0.orig/t/lib-httpd/apache.conf
++++ git-2.3.0/t/lib-httpd/apache.conf
+@@ -118,6 +118,7 @@ RewriteRule ^/smart-redir-perm/(.*)$ /sm
+ RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
+ RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
+ RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
++RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]
+
+ <IfDefine SSL>
+ LoadModule ssl_module modules/mod_ssl.so
+Index: git-2.3.0/t/t5812-proto-disable-http.sh
+===================================================================
+--- git-2.3.0.orig/t/t5812-proto-disable-http.sh
++++ git-2.3.0/t/t5812-proto-disable-http.sh
+@@ -16,5 +16,14 @@ test_expect_success 'create git-accessib
+
+ test_proto "smart http" http "$HTTPD_URL/smart/repo.git"
+
++test_expect_success 'curl redirects respect whitelist' '
++ test_must_fail env GIT_ALLOW_PROTOCOL=http:https \
++ git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr &&
++ {
++ test_i18ngrep "ftp.*disabled" stderr ||
++ test_i18ngrep "your curl version is too old"
++ }
++'
++
+ stop_httpd
+ test_done