Hello community, here is the log from the commit of package git for openSUSE:Factory checked in at 2020-04-25 20:16:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/git (Old) and /work/SRC/openSUSE:Factory/.git.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "git" Sat Apr 25 20:16:43 2020 rev:248 rq:797168 version:2.26.2 Changes: -------- --- /work/SRC/openSUSE:Factory/git/git.changes 2020-04-19 21:35:32.738402061 +0200 +++ /work/SRC/openSUSE:Factory/.git.new.2738/git.changes 2020-04-25 20:20:07.173006930 +0200 @@ -1,0 +2,23 @@ +Tue Apr 21 19:41:46 UTC 2020 - Michal Suchanek <[email protected]> + +- With recent switch to protocol v2 people are reporting fetches transferring + unreasonable amount of data. Upstream proposes switching the protocol back + until the issue is properly diagnosed. The regression is problematic for + people with lower network connection speed. + Added: Revert-fetch-default-to-protocol-version-2.patch + +------------------------------------------------------------------- +Mon Apr 20 18:35:15 UTC 2020 - Andreas Stieger <[email protected]> + +- git 2.26.2: + * CVE-2020-11008: Specially crafted URLs may have tricked the + credentials helper to providing credential information that + is not appropriate for the protocol in use and host being + contacted (boo#1169936) + +------------------------------------------------------------------- +Mon Apr 20 07:19:07 UTC 2020 - Marketa Calabkova <[email protected]> + +- Submit to SLE15 / resubmit to Factory (bsc#1169786, jsc#SLE-12396, bsc#1149792) + +------------------------------------------------------------------- Old: ---- git-2.26.1.tar.sign git-2.26.1.tar.xz New: ---- Revert-fetch-default-to-protocol-version-2.patch git-2.26.2.tar.sign git-2.26.2.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ git.spec ++++++ --- /var/tmp/diff_new_pack.Y9bRvA/_old 2020-04-25 20:20:09.473011673 +0200 +++ /var/tmp/diff_new_pack.Y9bRvA/_new 2020-04-25 20:20:09.477011681 +0200 @@ -32,7 +32,7 @@ %endif Name: git -Version: 2.26.1 +Version: 2.26.2 Release: 0 Summary: Fast, scalable, distributed revision control system License: GPL-2.0-only @@ -58,6 +58,7 @@ Patch10: setup-don-t-fail-if-commondir-reference-is-deleted.patch Patch11: 0001-DOC-Move-to-DocBook-5-when-using-asciidoctor.patch Patch13: 0002-Also-use-DocBook-5-stylesheet-when-generating-HTML-o.patch +Patch14: Revert-fetch-default-to-protocol-version-2.patch BuildRequires: fdupes BuildRequires: gpg2 BuildRequires: libcurl-devel @@ -286,6 +287,7 @@ %patch10 -p1 %patch11 -p1 %patch13 -p1 +%patch14 -p1 %build cat > .make <<'EOF' ++++++ Revert-fetch-default-to-protocol-version-2.patch ++++++ >From 3063fdec2a274235925c1b202ba8c65537e48211 Mon Sep 17 00:00:00 2001 From: Michal Suchanek <[email protected]> Date: Tue, 21 Apr 2020 21:38:48 +0200 Subject: [PATCH] Revert "fetch: default to protocol version 2" This reverts commit 684ceae32dae726c6a5c693b257b156926aba8b7. Causes a lot of data fetched from the Linux tree. --- Documentation/config/protocol.txt | 2 +- protocol.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/config/protocol.txt b/Documentation/config/protocol.txt index 756591d77b08..0b40141613e3 100644 --- a/Documentation/config/protocol.txt +++ b/Documentation/config/protocol.txt @@ -48,7 +48,7 @@ protocol.version:: If set, clients will attempt to communicate with a server using the specified protocol version. If the server does not support it, communication falls back to version 0. - If unset, the default is `2`. + If unset, the default is `0`. Supported versions: + -- diff --git a/protocol.c b/protocol.c index 803bef5c87e0..d390391ebac8 100644 --- a/protocol.c +++ b/protocol.c @@ -39,7 +39,7 @@ enum protocol_version get_protocol_version_config(void) return env; } - return protocol_v2; + return protocol_v0; } enum protocol_version determine_protocol_version_server(void) -- 2.26.0 ++++++ git-2.26.1.tar.xz -> git-2.26.2.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.17.5.txt new/git-2.26.2/Documentation/RelNotes/2.17.5.txt --- old/git-2.26.1/Documentation/RelNotes/2.17.5.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.17.5.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,22 @@ +Git v2.17.5 Release Notes +========================= + +This release is to address a security issue: CVE-2020-11008 + +Fixes since v2.17.4 +------------------- + + * With a crafted URL that contains a newline or empty host, or lacks + a scheme, the credential helper machinery can be fooled into + providing credential information that is not appropriate for the + protocol in use and host being contacted. + + Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the + credentials are not for a host of the attacker's choosing; instead, + they are for some unspecified host (based on how the configured + credential helper handles an absent "host" parameter). + + The attack has been made impossible by refusing to work with + under-specified credential patterns. + +Credit for finding the vulnerability goes to Carlo Arenas. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.18.4.txt new/git-2.26.2/Documentation/RelNotes/2.18.4.txt --- old/git-2.26.1/Documentation/RelNotes/2.18.4.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.18.4.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.18.4 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.19.5.txt new/git-2.26.2/Documentation/RelNotes/2.19.5.txt --- old/git-2.26.1/Documentation/RelNotes/2.19.5.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.19.5.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.19.5 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.20.4.txt new/git-2.26.2/Documentation/RelNotes/2.20.4.txt --- old/git-2.26.1/Documentation/RelNotes/2.20.4.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.20.4.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.20.4 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.21.3.txt new/git-2.26.2/Documentation/RelNotes/2.21.3.txt --- old/git-2.26.1/Documentation/RelNotes/2.21.3.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.21.3.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.21.3 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.22.4.txt new/git-2.26.2/Documentation/RelNotes/2.22.4.txt --- old/git-2.26.1/Documentation/RelNotes/2.22.4.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.22.4.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.22.4 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.23.3.txt new/git-2.26.2/Documentation/RelNotes/2.23.3.txt --- old/git-2.26.1/Documentation/RelNotes/2.23.3.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.23.3.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.23.3 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.24.3.txt new/git-2.26.2/Documentation/RelNotes/2.24.3.txt --- old/git-2.26.1/Documentation/RelNotes/2.24.3.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.24.3.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.24.3 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.25.4.txt new/git-2.26.2/Documentation/RelNotes/2.25.4.txt --- old/git-2.26.1/Documentation/RelNotes/2.25.4.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.25.4.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.25.4 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/Documentation/RelNotes/2.26.2.txt new/git-2.26.2/Documentation/RelNotes/2.26.2.txt --- old/git-2.26.1/Documentation/RelNotes/2.26.2.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/git-2.26.2/Documentation/RelNotes/2.26.2.txt 2020-04-20 17:52:30.000000000 +0200 @@ -0,0 +1,5 @@ +Git v2.26.2 Release Notes +========================= + +This release merges the security fix that appears in v2.17.5; see +the release notes for that version for details. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/GIT-VERSION-GEN new/git-2.26.2/GIT-VERSION-GEN --- old/git-2.26.1/GIT-VERSION-GEN 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/GIT-VERSION-GEN 2020-04-20 17:52:30.000000000 +0200 @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.26.1 +DEF_VER=v2.26.2 LF=' ' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/RelNotes new/git-2.26.2/RelNotes --- old/git-2.26.1/RelNotes 2020-04-25 20:20:10.877014567 +0200 +++ new/git-2.26.2/RelNotes 2020-04-25 20:20:10.885014584 +0200 @@ -1 +1 @@ -symbolic link to Documentation/RelNotes/2.26.1.txt +symbolic link to Documentation/RelNotes/2.26.2.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/configure new/git-2.26.2/configure --- old/git-2.26.1/configure 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/configure 2020-04-20 17:52:30.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for git 2.26.1. +# Generated by GNU Autoconf 2.69 for git 2.26.2. # # Report bugs to <[email protected]>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='git' PACKAGE_TARNAME='git' -PACKAGE_VERSION='2.26.1' -PACKAGE_STRING='git 2.26.1' +PACKAGE_VERSION='2.26.2' +PACKAGE_STRING='git 2.26.2' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1265,7 +1265,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures git 2.26.1 to adapt to many kinds of systems. +\`configure' configures git 2.26.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1327,7 +1327,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of git 2.26.1:";; + short | recursive ) echo "Configuration of git 2.26.2:";; esac cat <<\_ACEOF @@ -1472,7 +1472,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -git configure 2.26.1 +git configure 2.26.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1952,7 +1952,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by git $as_me 2.26.1, which was +It was created by git $as_me 2.26.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -8360,7 +8360,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by git $as_me 2.26.1, which was +This file was extended by git $as_me 2.26.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -8417,7 +8417,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -git config.status 2.26.1 +git config.status 2.26.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/credential.c new/git-2.26.2/credential.c --- old/git-2.26.1/credential.c 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/credential.c 2020-04-20 17:52:30.000000000 +0200 @@ -88,6 +88,11 @@ struct urlmatch_config config = { STRING_LIST_INIT_DUP }; struct strbuf url = STRBUF_INIT; + if (!c->host) + die(_("refusing to work with credential missing host field")); + if (!c->protocol) + die(_("refusing to work with credential missing protocol field")); + if (c->configured) return; @@ -222,8 +227,11 @@ return 0; } -static void credential_write_item(FILE *fp, const char *key, const char *value) +static void credential_write_item(FILE *fp, const char *key, const char *value, + int required) { + if (!value && required) + BUG("credential value for %s is missing", key); if (!value) return; if (strchr(value, '\n')) @@ -233,11 +241,11 @@ void credential_write(const struct credential *c, FILE *fp) { - credential_write_item(fp, "protocol", c->protocol); - credential_write_item(fp, "host", c->host); - credential_write_item(fp, "path", c->path); - credential_write_item(fp, "username", c->username); - credential_write_item(fp, "password", c->password); + credential_write_item(fp, "protocol", c->protocol, 1); + credential_write_item(fp, "host", c->host, 1); + credential_write_item(fp, "path", c->path, 0); + credential_write_item(fp, "username", c->username, 0); + credential_write_item(fp, "password", c->password, 0); } static int run_credential_helper(struct credential *c, @@ -383,8 +391,11 @@ * (3) proto://<user>:<pass>@<host>/... */ proto_end = strstr(url, "://"); - if (!proto_end) - return 0; + if (!proto_end || proto_end == url) { + if (!quiet) + warning(_("url has no scheme: %s"), url); + return -1; + } cp = proto_end + 3; at = strchr(cp, '@'); colon = strchr(cp, ':'); @@ -409,10 +420,8 @@ host = at + 1; } - if (proto_end - url > 0) - c->protocol = xmemdupz(url, proto_end - url); - if (slash - host > 0) - c->host = url_decode_mem(host, slash - host); + c->protocol = xmemdupz(url, proto_end - url); + c->host = url_decode_mem(host, slash - host); /* Trim leading and trailing slashes from path */ while (*slash == '/') slash++; @@ -436,8 +445,6 @@ void credential_from_url(struct credential *c, const char *url) { - if (credential_from_url_gently(c, url, 0) < 0) { - warning(_("skipping credential lookup for url: %s"), url); - credential_clear(c); - } + if (credential_from_url_gently(c, url, 0) < 0) + die(_("credential url cannot be parsed: %s"), url); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/fsck.c new/git-2.26.2/fsck.c --- old/git-2.26.1/fsck.c 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/fsck.c 2020-04-20 17:52:30.000000000 +0200 @@ -9,6 +9,7 @@ #include "tag.h" #include "fsck.h" #include "refs.h" +#include "url.h" #include "utf8.h" #include "decorate.h" #include "oidset.h" @@ -911,17 +912,147 @@ return ret; } +/* + * Like builtin/submodule--helper.c's starts_with_dot_slash, but without + * relying on the platform-dependent is_dir_sep helper. + * + * This is for use in checking whether a submodule URL is interpreted as + * relative to the current directory on any platform, since \ is a + * directory separator on Windows but not on other platforms. + */ +static int starts_with_dot_slash(const char *str) +{ + return str[0] == '.' && (str[1] == '/' || str[1] == '\\'); +} + +/* + * Like starts_with_dot_slash, this is a variant of submodule--helper's + * helper of the same name with the twist that it accepts backslash as a + * directory separator even on non-Windows platforms. + */ +static int starts_with_dot_dot_slash(const char *str) +{ + return str[0] == '.' && starts_with_dot_slash(str + 1); +} + +static int submodule_url_is_relative(const char *url) +{ + return starts_with_dot_slash(url) || starts_with_dot_dot_slash(url); +} + +/* + * Count directory components that a relative submodule URL should chop + * from the remote_url it is to be resolved against. + * + * In other words, this counts "../" components at the start of a + * submodule URL. + * + * Returns the number of directory components to chop and writes a + * pointer to the next character of url after all leading "./" and + * "../" components to out. + */ +static int count_leading_dotdots(const char *url, const char **out) +{ + int result = 0; + while (1) { + if (starts_with_dot_dot_slash(url)) { + result++; + url += strlen("../"); + continue; + } + if (starts_with_dot_slash(url)) { + url += strlen("./"); + continue; + } + *out = url; + return result; + } +} +/* + * Check whether a transport is implemented by git-remote-curl. + * + * If it is, returns 1 and writes the URL that would be passed to + * git-remote-curl to the "out" parameter. + * + * Otherwise, returns 0 and leaves "out" untouched. + * + * Examples: + * http::https://example.com/repo.git -> 1, https://example.com/repo.git + * https://example.com/repo.git -> 1, https://example.com/repo.git + * git://example.com/repo.git -> 0 + * + * This is for use in checking for previously exploitable bugs that + * required a submodule URL to be passed to git-remote-curl. + */ +static int url_to_curl_url(const char *url, const char **out) +{ + /* + * We don't need to check for case-aliases, "http.exe", and so + * on because in the default configuration, is_transport_allowed + * prevents URLs with those schemes from being cloned + * automatically. + */ + if (skip_prefix(url, "http::", out) || + skip_prefix(url, "https::", out) || + skip_prefix(url, "ftp::", out) || + skip_prefix(url, "ftps::", out)) + return 1; + if (starts_with(url, "http://";) || + starts_with(url, "https://";) || + starts_with(url, "ftp://";) || + starts_with(url, "ftps://")) { + *out = url; + return 1; + } + return 0; +} + static int check_submodule_url(const char *url) { - struct credential c = CREDENTIAL_INIT; - int ret; + const char *curl_url; if (looks_like_command_line_option(url)) return -1; - ret = credential_from_url_gently(&c, url, 1); - credential_clear(&c); - return ret; + if (submodule_url_is_relative(url)) { + char *decoded; + const char *next; + int has_nl; + + /* + * This could be appended to an http URL and url-decoded; + * check for malicious characters. + */ + decoded = url_decode(url); + has_nl = !!strchr(decoded, '\n'); + + free(decoded); + if (has_nl) + return -1; + + /* + * URLs which escape their root via "../" can overwrite + * the host field and previous components, resolving to + * URLs like https::example.com/submodule.git and + * https:///example.com/submodule.git that were + * susceptible to CVE-2020-11008. + */ + if (count_leading_dotdots(url, &next) > 0 && + (*next == ':' || *next == '/')) + return -1; + } + + else if (url_to_curl_url(url, &curl_url)) { + struct credential c = CREDENTIAL_INIT; + int ret = 0; + if (credential_from_url_gently(&c, curl_url, 1) || + !*c.host) + ret = -1; + credential_clear(&c); + return ret; + } + + return 0; } struct fsck_gitmodules_data { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/http.c new/git-2.26.2/http.c --- old/git-2.26.1/http.c 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/http.c 2020-04-20 17:52:30.000000000 +0200 @@ -558,6 +558,7 @@ return 0; if (!cert_auth.password) { cert_auth.protocol = xstrdup("cert"); + cert_auth.host = xstrdup(""); cert_auth.username = xstrdup(""); cert_auth.path = xstrdup(ssl_cert); credential_fill(&cert_auth); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/t/t0300-credentials.sh new/git-2.26.2/t/t0300-credentials.sh --- old/git-2.26.1/t/t0300-credentials.sh 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/t/t0300-credentials.sh 2020-04-20 17:52:30.000000000 +0200 @@ -22,6 +22,11 @@ exit 0 EOF + write_script git-credential-quit <<-\EOF && + . ./dump + echo quit=1 + EOF + write_script git-credential-verbatim <<-\EOF && user=$1; shift pass=$1; shift @@ -35,43 +40,71 @@ test_expect_success 'credential_fill invokes helper' ' check fill "verbatim foo bar" <<-\EOF + protocol=http + host=example.com -- + protocol=http + host=example.com username=foo password=bar -- verbatim: get + verbatim: protocol=http + verbatim: host=example.com EOF ' test_expect_success 'credential_fill invokes multiple helpers' ' check fill useless "verbatim foo bar" <<-\EOF + protocol=http + host=example.com -- + protocol=http + host=example.com username=foo password=bar -- useless: get + useless: protocol=http + useless: host=example.com verbatim: get + verbatim: protocol=http + verbatim: host=example.com EOF ' test_expect_success 'credential_fill stops when we get a full response' ' check fill "verbatim one two" "verbatim three four" <<-\EOF + protocol=http + host=example.com -- + protocol=http + host=example.com username=one password=two -- verbatim: get + verbatim: protocol=http + verbatim: host=example.com EOF ' test_expect_success 'credential_fill continues through partial response' ' check fill "verbatim one \"\"" "verbatim two three" <<-\EOF + protocol=http + host=example.com -- + protocol=http + host=example.com username=two password=three -- verbatim: get + verbatim: protocol=http + verbatim: host=example.com verbatim: get + verbatim: protocol=http + verbatim: host=example.com verbatim: username=one EOF ' @@ -97,14 +130,20 @@ test_expect_success 'credential_approve calls all helpers' ' check approve useless "verbatim one two" <<-\EOF + protocol=http + host=example.com username=foo password=bar -- -- useless: store + useless: protocol=http + useless: host=example.com useless: username=foo useless: password=bar verbatim: store + verbatim: protocol=http + verbatim: host=example.com verbatim: username=foo verbatim: password=bar EOF @@ -112,6 +151,8 @@ test_expect_success 'do not bother storing password-less credential' ' check approve useless <<-\EOF + protocol=http + host=example.com username=foo -- -- @@ -121,14 +162,20 @@ test_expect_success 'credential_reject calls all helpers' ' check reject useless "verbatim one two" <<-\EOF + protocol=http + host=example.com username=foo password=bar -- -- useless: erase + useless: protocol=http + useless: host=example.com useless: username=foo useless: password=bar verbatim: erase + verbatim: protocol=http + verbatim: host=example.com verbatim: username=foo verbatim: password=bar EOF @@ -136,33 +183,49 @@ test_expect_success 'usernames can be preserved' ' check fill "verbatim \"\" three" <<-\EOF + protocol=http + host=example.com username=one -- + protocol=http + host=example.com username=one password=three -- verbatim: get + verbatim: protocol=http + verbatim: host=example.com verbatim: username=one EOF ' test_expect_success 'usernames can be overridden' ' check fill "verbatim two three" <<-\EOF + protocol=http + host=example.com username=one -- + protocol=http + host=example.com username=two password=three -- verbatim: get + verbatim: protocol=http + verbatim: host=example.com verbatim: username=one EOF ' test_expect_success 'do not bother completing already-full credential' ' check fill "verbatim three four" <<-\EOF + protocol=http + host=example.com username=one password=two -- + protocol=http + host=example.com username=one password=two -- @@ -174,23 +237,31 @@ # askpass helper is run, we know the internal getpass is working. test_expect_success 'empty helper list falls back to internal getpass' ' check fill <<-\EOF + protocol=http + host=example.com -- + protocol=http + host=example.com username=askpass-username password=askpass-password -- - askpass: Username: - askpass: Password: + askpass: Username for '\''http://example.com'\'': + askpass: Password for '\''http://[email protected]'\'': EOF ' test_expect_success 'internal getpass does not ask for known username' ' check fill <<-\EOF + protocol=http + host=example.com username=foo -- + protocol=http + host=example.com username=foo password=askpass-password -- - askpass: Password: + askpass: Password for '\''http://[email protected]'\'': EOF ' @@ -202,7 +273,11 @@ test_expect_success 'respect configured credentials' ' test_config credential.helper "$HELPER" && check fill <<-\EOF + protocol=http + host=example.com -- + protocol=http + host=example.com username=foo password=bar -- @@ -419,35 +494,85 @@ test_expect_success 'helpers can abort the process' ' test_must_fail git \ - -c credential.helper="!f() { echo quit=1; }; f" \ + -c credential.helper=quit \ -c credential.helper="verbatim foo bar" \ - credential fill >stdout && - test_must_be_empty stdout + credential fill >stdout 2>stderr <<-\EOF && + protocol=http + host=example.com + EOF + test_must_be_empty stdout && + cat >expect <<-\EOF && + quit: get + quit: protocol=http + quit: host=example.com + fatal: credential helper '\''quit'\'' told us to quit + EOF + test_i18ncmp expect stderr ' test_expect_success 'empty helper spec resets helper list' ' test_config credential.helper "verbatim file file" && check fill "" "verbatim cmdline cmdline" <<-\EOF + protocol=http + host=example.com -- + protocol=http + host=example.com username=cmdline password=cmdline -- verbatim: get + verbatim: protocol=http + verbatim: host=example.com EOF ' -test_expect_success 'url parser ignores embedded newlines' ' - check fill <<-EOF +test_expect_success 'url parser rejects embedded newlines' ' + test_must_fail git credential fill 2>stderr <<-\EOF && url=https://one.example.com?%0ahost=two.example.com/ + EOF + cat >expect <<-\EOF && + warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/ + fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/ + EOF + test_i18ncmp expect stderr +' + +test_expect_success 'host-less URLs are parsed as empty host' ' + check fill "verbatim foo bar" <<-\EOF + url=cert:///path/to/cert.pem -- - username=askpass-username - password=askpass-password + protocol=cert + host= + path=path/to/cert.pem + username=foo + password=bar -- - warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/ - warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/ - askpass: Username: - askpass: Password: + verbatim: get + verbatim: protocol=cert + verbatim: host= + verbatim: path=path/to/cert.pem + EOF +' + +test_expect_success 'credential system refuses to work with missing host' ' + test_must_fail git credential fill 2>stderr <<-\EOF && + protocol=http + EOF + cat >expect <<-\EOF && + fatal: refusing to work with credential missing host field + EOF + test_i18ncmp expect stderr +' + +test_expect_success 'credential system refuses to work with missing protocol' ' + test_must_fail git credential fill 2>stderr <<-\EOF && + host=example.com + EOF + cat >expect <<-\EOF && + fatal: refusing to work with credential missing protocol field EOF + test_i18ncmp expect stderr ' test_done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/t/t5550-http-fetch-dumb.sh new/git-2.26.2/t/t5550-http-fetch-dumb.sh --- old/git-2.26.1/t/t5550-http-fetch-dumb.sh 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/t/t5550-http-fetch-dumb.sh 2020-04-20 17:52:30.000000000 +0200 @@ -321,11 +321,17 @@ ' test_expect_success 'remote-http complains cleanly about malformed urls' ' - # do not actually issue "list" or other commands, as we do not - # want to rely on what curl would actually do with such a broken - # URL. This is just about making sure we do not segfault during - # initialization. - test_must_fail git remote-http http::/example.com/repo.git + test_must_fail git remote-http http::/example.com/repo.git 2>stderr && + test_i18ngrep "url has no scheme" stderr +' + +# NEEDSWORK: Writing commands to git-remote-curl can race against the latter +# erroring out, producing SIGPIPE. Remove "ok=sigpipe" once transport-helper has +# learned to handle early remote helper failures more cleanly. +test_expect_success 'remote-http complains cleanly about empty scheme' ' + test_must_fail ok=sigpipe git ls-remote \ + http::${HTTPD_URL#http}/dumb/repo.git 2>stderr && + test_i18ngrep "url has no scheme" stderr ' test_expect_success 'redirects can be forbidden/allowed' ' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/t/t7416-submodule-dash-url.sh new/git-2.26.2/t/t7416-submodule-dash-url.sh --- old/git-2.26.1/t/t7416-submodule-dash-url.sh 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/t/t7416-submodule-dash-url.sh 2020-04-20 17:52:30.000000000 +0200 @@ -60,6 +60,116 @@ test_i18ngrep ! "unknown option" err ' +test_expect_success 'fsck rejects missing URL scheme' ' + git checkout --orphan missing-scheme && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = http::one.example.com/foo.git + EOF + git add .gitmodules && + test_tick && + git commit -m "gitmodules with missing URL scheme" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + +test_expect_success 'fsck rejects relative URL resolving to missing scheme' ' + git checkout --orphan relative-missing-scheme && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = "..\\../.\\../:one.example.com/foo.git" + EOF + git add .gitmodules && + test_tick && + git commit -m "gitmodules with relative URL that strips off scheme" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + +test_expect_success 'fsck rejects empty URL scheme' ' + git checkout --orphan empty-scheme && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = http::://one.example.com/foo.git + EOF + git add .gitmodules && + test_tick && + git commit -m "gitmodules with empty URL scheme" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + +test_expect_success 'fsck rejects relative URL resolving to empty scheme' ' + git checkout --orphan relative-empty-scheme && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = ../../../:://one.example.com/foo.git + EOF + git add .gitmodules && + test_tick && + git commit -m "relative gitmodules URL resolving to empty scheme" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + +test_expect_success 'fsck rejects empty hostname' ' + git checkout --orphan empty-host && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = http:///one.example.com/foo.git + EOF + git add .gitmodules && + test_tick && + git commit -m "gitmodules with extra slashes" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + +test_expect_success 'fsck rejects relative url that produced empty hostname' ' + git checkout --orphan messy-relative && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = ../../..//one.example.com/foo.git + EOF + git add .gitmodules && + test_tick && + git commit -m "gitmodules abusing relative_path" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + +test_expect_success 'fsck permits embedded newline with unrecognized scheme' ' + git checkout --orphan newscheme && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = "data://acjbkd%0akajfdickajkd" + EOF + git add .gitmodules && + git commit -m "gitmodules with unrecognized scheme" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && + git push dst HEAD +' + test_expect_success 'fsck rejects embedded newline in url' ' # create an orphan branch to avoid existing .gitmodules objects git checkout --orphan newline && @@ -72,6 +182,21 @@ test_when_finished "rm -rf dst" && git init --bare dst && git -C dst config transfer.fsckObjects true && + test_must_fail git push dst HEAD 2>err && + grep gitmodulesUrl err +' + +test_expect_success 'fsck rejects embedded newline in relative url' ' + git checkout --orphan relative-newline && + cat >.gitmodules <<-\EOF && + [submodule "foo"] + url = "./%0ahost=two.example.com/foo.git" + EOF + git add .gitmodules && + git commit -m "relative url with newline" && + test_when_finished "rm -rf dst" && + git init --bare dst && + git -C dst config transfer.fsckObjects true && test_must_fail git push dst HEAD 2>err && grep gitmodulesUrl err ' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/git-2.26.1/version new/git-2.26.2/version --- old/git-2.26.1/version 2020-04-14 03:51:03.000000000 +0200 +++ new/git-2.26.2/version 2020-04-20 17:52:30.000000000 +0200 @@ -1 +1 @@ -2.26.1 +2.26.2
