Hello community, here is the log from the commit of package git for openSUSE:Factory checked in at 2018-10-11 11:46:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/git (Old) and /work/SRC/openSUSE:Factory/.git.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "git" Thu Oct 11 11:46:47 2018 rev:224 rq:640121 version:2.19.1 Changes: -------- --- /work/SRC/openSUSE:Factory/git/git.changes 2018-09-18 11:40:52.348071693 +0200 +++ /work/SRC/openSUSE:Factory/.git.new/git.changes 2018-10-11 11:46:58.126670984 +0200 @@ -1,0 +2,8 @@ +Fri Oct 5 17:31:07 UTC 2018 - [email protected] + +- git 2.19.1: + * CVE-2018-17456: Specially crafted .gitmodules files may have + allowed arbitrary code execution when the repository is cloned + with --recurse-submodules (bsc#1110949) + +------------------------------------------------------------------- Old: ---- git-2.19.0.tar.sign git-2.19.0.tar.xz New: ---- git-2.19.1.tar.sign git-2.19.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ git.spec ++++++ --- /var/tmp/diff_new_pack.u1X0mq/_old 2018-10-11 11:46:59.386669380 +0200 +++ /var/tmp/diff_new_pack.u1X0mq/_new 2018-10-11 11:46:59.386669380 +0200 @@ -35,7 +35,7 @@ %bcond_without docs Name: git -Version: 2.19.0 +Version: 2.19.1 Release: 0 Summary: Fast, scalable, distributed revision control system License: GPL-2.0-only ++++++ git-2.19.0.tar.xz -> git-2.19.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/Documentation/RelNotes/2.14.5.txt new/git-2.19.1/Documentation/RelNotes/2.14.5.txt --- old/git-2.19.0/Documentation/RelNotes/2.14.5.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.19.1/Documentation/RelNotes/2.14.5.txt 2018-09-27 22:46:40.000000000 +0200 @@ -0,0 +1,16 @@ +Git v2.14.5 Release Notes +========================= + +This release is to address the recently reported CVE-2018-17456. + +Fixes since v2.14.4 +------------------- + + * Submodules' "URL"s come from the untrusted .gitmodules file, but + we blindly gave it to "git clone" to clone submodules when "git + clone --recurse-submodules" was used to clone a project that has + such a submodule. The code has been hardened to reject such + malformed URLs (e.g. one that begins with a dash). + +Credit for finding and fixing this vulnerability goes to joernchen +and Jeff King, respectively. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/Documentation/RelNotes/2.15.3.txt new/git-2.19.1/Documentation/RelNotes/2.15.3.txt --- old/git-2.19.0/Documentation/RelNotes/2.15.3.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.19.1/Documentation/RelNotes/2.15.3.txt 2018-09-27 22:46:40.000000000 +0200 @@ -0,0 +1,6 @@ +Git v2.15.3 Release Notes +========================= + +This release merges up the fixes that appear in v2.14.5 to address +the recently reported CVE-2018-17456; see the release notes for that +version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/Documentation/RelNotes/2.16.5.txt new/git-2.19.1/Documentation/RelNotes/2.16.5.txt --- old/git-2.19.0/Documentation/RelNotes/2.16.5.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.19.1/Documentation/RelNotes/2.16.5.txt 2018-09-27 22:46:40.000000000 +0200 @@ -0,0 +1,6 @@ +Git v2.16.5 Release Notes +========================= + +This release merges up the fixes that appear in v2.14.5 to address +the recently reported CVE-2018-17456; see the release notes for that +version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/Documentation/RelNotes/2.17.2.txt new/git-2.19.1/Documentation/RelNotes/2.17.2.txt --- old/git-2.19.0/Documentation/RelNotes/2.17.2.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.19.1/Documentation/RelNotes/2.17.2.txt 2018-09-27 22:46:40.000000000 +0200 @@ -0,0 +1,12 @@ +Git v2.17.2 Release Notes +========================= + +This release merges up the fixes that appear in v2.14.5 to address +the recently reported CVE-2018-17456; see the release notes for that +version for details. + +In addition, this release also teaches "fsck" and the server side +logic to reject pushes to repositories that attempt to create such a +problematic ".gitmodules" file as tracked contents, to help hosting +sites protect their customers by preventing malicious contents from +spreading. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/Documentation/RelNotes/2.18.1.txt new/git-2.19.1/Documentation/RelNotes/2.18.1.txt --- old/git-2.19.0/Documentation/RelNotes/2.18.1.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.19.1/Documentation/RelNotes/2.18.1.txt 2018-09-27 22:46:40.000000000 +0200 @@ -0,0 +1,6 @@ +Git v2.18.1 Release Notes +========================= + +This release merges up the fixes that appear in v2.14.5 and in +v2.17.2 to address the recently reported CVE-2018-17456; see the +release notes for those versions for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/Documentation/RelNotes/2.19.1.txt new/git-2.19.1/Documentation/RelNotes/2.19.1.txt --- old/git-2.19.0/Documentation/RelNotes/2.19.1.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.19.1/Documentation/RelNotes/2.19.1.txt 2018-09-27 22:46:40.000000000 +0200 @@ -0,0 +1,6 @@ +Git v2.19.1 Release Notes +========================= + +This release merges up the fixes that appear in v2.14.5 and in +v2.17.2 to address the recently reported CVE-2018-17456; see the +release notes for those versions for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/GIT-VERSION-GEN new/git-2.19.1/GIT-VERSION-GEN --- old/git-2.19.0/GIT-VERSION-GEN 2018-09-10 20:39:13.000000000 +0200 +++ new/git-2.19.1/GIT-VERSION-GEN 2018-09-27 22:46:40.000000000 +0200 @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.19.0 +DEF_VER=v2.19.1 LF=' ' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/RelNotes new/git-2.19.1/RelNotes --- old/git-2.19.0/RelNotes 2018-10-11 11:47:00.742667655 +0200 +++ new/git-2.19.1/RelNotes 2018-10-11 11:47:00.746667650 +0200 @@ -1 +1 @@ -symbolic link to Documentation/RelNotes/2.19.0.txt +symbolic link to Documentation/RelNotes/2.19.1.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/builtin/submodule--helper.c new/git-2.19.1/builtin/submodule--helper.c --- old/git-2.19.0/builtin/submodule--helper.c 2018-09-10 20:39:13.000000000 +0200 +++ new/git-2.19.1/builtin/submodule--helper.c 2018-09-27 22:46:40.000000000 +0200 @@ -1233,6 +1233,7 @@ if (gitdir && *gitdir) argv_array_pushl(&cp.args, "--separate-git-dir", gitdir, NULL); + argv_array_push(&cp.args, "--"); argv_array_push(&cp.args, url); argv_array_push(&cp.args, path); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/configure new/git-2.19.1/configure --- old/git-2.19.0/configure 2018-09-10 20:39:13.000000000 +0200 +++ new/git-2.19.1/configure 2018-09-27 22:46:41.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for git 2.19.0. +# Generated by GNU Autoconf 2.69 for git 2.19.1. # # Report bugs to <[email protected]>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='git' PACKAGE_TARNAME='git' -PACKAGE_VERSION='2.19.0' -PACKAGE_STRING='git 2.19.0' +PACKAGE_VERSION='2.19.1' +PACKAGE_STRING='git 2.19.1' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1265,7 +1265,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures git 2.19.0 to adapt to many kinds of systems. +\`configure' configures git 2.19.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1327,7 +1327,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of git 2.19.0:";; + short | recursive ) echo "Configuration of git 2.19.1:";; esac cat <<\_ACEOF @@ -1472,7 +1472,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -git configure 2.19.0 +git configure 2.19.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1952,7 +1952,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by git $as_me 2.19.0, which was +It was created by git $as_me 2.19.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -8251,7 +8251,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by git $as_me 2.19.0, which was +This file was extended by git $as_me 2.19.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -8308,7 +8308,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -git config.status 2.19.0 +git config.status 2.19.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/fsck.c new/git-2.19.1/fsck.c --- old/git-2.19.0/fsck.c 2018-09-10 20:39:13.000000000 +0200 +++ new/git-2.19.1/fsck.c 2018-09-27 22:46:40.000000000 +0200 @@ -67,6 +67,8 @@ FUNC(GITMODULES_LARGE, ERROR) \ FUNC(GITMODULES_NAME, ERROR) \ FUNC(GITMODULES_SYMLINK, ERROR) \ + FUNC(GITMODULES_URL, ERROR) \ + FUNC(GITMODULES_PATH, ERROR) \ /* warnings */ \ FUNC(BAD_FILEMODE, WARN) \ FUNC(EMPTY_NAME, WARN) \ @@ -992,6 +994,18 @@ FSCK_MSG_GITMODULES_NAME, "disallowed submodule name: %s", name); + if (!strcmp(key, "url") && value && + looks_like_command_line_option(value)) + data->ret |= report(data->options, data->obj, + FSCK_MSG_GITMODULES_URL, + "disallowed submodule url: %s", + value); + if (!strcmp(key, "path") && value && + looks_like_command_line_option(value)) + data->ret |= report(data->options, data->obj, + FSCK_MSG_GITMODULES_PATH, + "disallowed submodule path: %s", + value); free(name); return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/submodule-config.c new/git-2.19.1/submodule-config.c --- old/git-2.19.0/submodule-config.c 2018-09-10 20:39:13.000000000 +0200 +++ new/git-2.19.1/submodule-config.c 2018-09-27 22:46:40.000000000 +0200 @@ -384,6 +384,12 @@ commit_string, name, option); } +static void warn_command_line_option(const char *var, const char *value) +{ + warning(_("ignoring '%s' which may be interpreted as" + " a command-line option: %s"), var, value); +} + struct parse_config_parameter { struct submodule_cache *cache; const struct object_id *treeish_name; @@ -409,6 +415,8 @@ if (!strcmp(item.buf, "path")) { if (!value) ret = config_error_nonbool(var); + else if (looks_like_command_line_option(value)) + warn_command_line_option(var, value); else if (!me->overwrite && submodule->path) warn_multiple_config(me->treeish_name, submodule->name, "path"); @@ -449,6 +457,8 @@ } else if (!strcmp(item.buf, "url")) { if (!value) { ret = config_error_nonbool(var); + } else if (looks_like_command_line_option(value)) { + warn_command_line_option(var, value); } else if (!me->overwrite && submodule->url) { warn_multiple_config(me->treeish_name, submodule->name, "url"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/t/t7416-submodule-dash-url.sh new/git-2.19.1/t/t7416-submodule-dash-url.sh --- old/git-2.19.0/t/t7416-submodule-dash-url.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.19.1/t/t7416-submodule-dash-url.sh 2018-09-27 22:46:40.000000000 +0200 @@ -0,0 +1,49 @@ +#!/bin/sh + +test_description='check handling of .gitmodule url with dash' +. ./test-lib.sh + +test_expect_success 'create submodule with protected dash in url' ' + git init upstream && + git -C upstream commit --allow-empty -m base && + mv upstream ./-upstream && + git submodule add ./-upstream sub && + git add sub .gitmodules && + git commit -m submodule +' + +test_expect_success 'clone can recurse submodule' ' + test_when_finished "rm -rf dst" && + git clone --recurse-submodules . dst && + echo base >expect && + git -C dst/sub log -1 --format=%s >actual && + test_cmp expect actual +' + +test_expect_success 'fsck accepts protected dash' ' + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + git push dst HEAD +' + +test_expect_success 'remove ./ protection from .gitmodules url' ' + perl -i -pe "s{\./}{}" .gitmodules && + git commit -am "drop protection" +' + +test_expect_success 'clone rejects unprotected dash' ' + test_when_finished "rm -rf dst" && + test_must_fail git clone --recurse-submodules . dst 2>err && + test_i18ngrep ignoring err +' + +test_expect_success 'fsck rejects unprotected dash' ' + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + +test_done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/t/t7417-submodule-path-url.sh new/git-2.19.1/t/t7417-submodule-path-url.sh --- old/git-2.19.0/t/t7417-submodule-path-url.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.19.1/t/t7417-submodule-path-url.sh 2018-09-27 22:46:40.000000000 +0200 @@ -0,0 +1,28 @@ +#!/bin/sh + +test_description='check handling of .gitmodule path with dash' +. ./test-lib.sh + +test_expect_success 'create submodule with dash in path' ' + git init upstream && + git -C upstream commit --allow-empty -m base && + git submodule add ./upstream sub && + git mv sub ./-sub && + git commit -m submodule +' + +test_expect_success 'clone rejects unprotected dash' ' + test_when_finished "rm -rf dst" && + git clone --recurse-submodules . dst 2>err && + test_i18ngrep ignoring err +' + +test_expect_success 'fsck rejects unprotected dash' ' + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesPath err +' + +test_done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.19.0/version new/git-2.19.1/version --- old/git-2.19.0/version 2018-09-10 20:39:13.000000000 +0200 +++ new/git-2.19.1/version 2018-09-27 22:46:41.000000000 +0200 @@ -1 +1 @@ -2.19.0 +2.19.1
