Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package libgit2 This version is a minor update which contains some fixes for CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 [0] Sorry about the version number. 0. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406 unblock libgit2/0.25.1+really0.24.6-1 -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
diff -Nru libgit2-0.24.5/debian/changelog libgit2-0.25.1+really0.24.6/debian/changelog --- libgit2-0.24.5/debian/changelog 2017-01-02 10:35:08.000000000 +0100 +++ libgit2-0.25.1+really0.24.6/debian/changelog 2017-05-21 18:18:47.000000000 +0200 @@ -1,3 +1,25 @@ +libgit2 (0.25.1+really0.24.6-1) unstable; urgency=medium + + * Revert 0.25.1 in unstable, 0.24.5 was already in unstable 0.25.1 was + uploaded after the freeze. + * Release 0.24.6 (CVE-2016-10128, CVE-2016-10129, CVE-2016-10130) + (Closes: #851406) + + -- Russell Sim <russell....@gmail.com> Sun, 21 May 2017 18:18:47 +0200 + +libgit2 (0.25.1-2) unstable; urgency=medium + + * Upload to unstable + + -- Russell Sim <russell....@gmail.com> Sat, 20 May 2017 19:27:39 +0200 + +libgit2 (0.25.1-1) experimental; urgency=medium + + * New upstream release. (CVE-2016-10128, CVE-2016-10129, CVE-2016-10130) + (Closes: #851406, #857068) + + -- Russell Sim <russell....@gmail.com> Tue, 25 Apr 2017 07:29:37 +0200 + libgit2 (0.24.5-1) unstable; urgency=medium * New upstream release. diff -Nru libgit2-0.24.5/include/git2/version.h libgit2-0.25.1+really0.24.6/include/git2/version.h --- libgit2-0.24.5/include/git2/version.h 2017-01-02 10:47:27.000000000 +0100 +++ libgit2-0.25.1+really0.24.6/include/git2/version.h 2017-01-09 21:26:28.000000000 +0100 @@ -7,10 +7,10 @@ #ifndef INCLUDE_git_version_h__ #define INCLUDE_git_version_h__ -#define LIBGIT2_VERSION "0.24.5" +#define LIBGIT2_VERSION "0.24.6" #define LIBGIT2_VER_MAJOR 0 #define LIBGIT2_VER_MINOR 24 -#define LIBGIT2_VER_REVISION 5 +#define LIBGIT2_VER_REVISION 6 #define LIBGIT2_VER_PATCH 0 #define LIBGIT2_SOVERSION 24 diff -Nru libgit2-0.24.5/src/transports/http.c libgit2-0.25.1+really0.24.6/src/transports/http.c --- libgit2-0.24.5/src/transports/http.c 2017-01-02 10:47:27.000000000 +0100 +++ libgit2-0.25.1+really0.24.6/src/transports/http.c 2017-01-09 21:26:28.000000000 +0100 @@ -602,13 +602,12 @@ if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL && git_stream_is_encrypted(t->io)) { git_cert *cert; - int is_valid; + int is_valid = (error == GIT_OK); if ((error = git_stream_certificate(&cert, t->io)) < 0) return error; giterr_clear(); - is_valid = error != GIT_ECERTIFICATE; error = t->owner->certificate_check_cb(cert, is_valid, t->connection_data.host, t->owner->message_cb_payload); if (error < 0) { diff -Nru libgit2-0.24.5/src/transports/smart_pkt.c libgit2-0.25.1+really0.24.6/src/transports/smart_pkt.c --- libgit2-0.24.5/src/transports/smart_pkt.c 2017-01-02 10:47:27.000000000 +0100 +++ libgit2-0.25.1+really0.24.6/src/transports/smart_pkt.c 2017-01-09 21:26:28.000000000 +0100 @@ -427,15 +427,23 @@ if (bufflen > 0 && bufflen < (size_t)len) return GIT_EBUFS; + /* + * The length has to be exactly 0 in case of a flush + * packet or greater than PKT_LEN_SIZE, as the decoded + * length includes its own encoded length of four bytes. + */ + if (len != 0 && len < PKT_LEN_SIZE) + return GIT_ERROR; + line += PKT_LEN_SIZE; /* - * TODO: How do we deal with empty lines? Try again? with the next - * line? + * The Git protocol does not specify empty lines as part + * of the protocol. Not knowing what to do with an empty + * line, we should return an error upon hitting one. */ if (len == PKT_LEN_SIZE) { - *head = NULL; - *out = line; - return 0; + giterr_set_str(GITERR_NET, "Invalid empty packet"); + return GIT_ERROR; } if (len == 0) { /* Flush pkt */ diff -Nru libgit2-0.24.5/src/transports/smart_protocol.c libgit2-0.25.1+really0.24.6/src/transports/smart_protocol.c --- libgit2-0.24.5/src/transports/smart_protocol.c 2017-01-02 10:47:27.000000000 +0100 +++ libgit2-0.25.1+really0.24.6/src/transports/smart_protocol.c 2017-01-09 21:26:28.000000000 +0100 @@ -759,14 +759,6 @@ line_len -= (line_end - line); line = line_end; - /* When a valid packet with no content has been - * read, git_pkt_parse_line does not report an - * error, but the pkt pointer has not been set. - * Handle this by skipping over empty packets. - */ - if (pkt == NULL) - continue; - error = add_push_report_pkt(push, pkt); git_pkt_free(pkt); @@ -821,9 +813,6 @@ error = 0; - if (pkt == NULL) - continue; - switch (pkt->type) { case GIT_PKT_DATA: /* This is a sideband packet which contains other packets */ diff -Nru libgit2-0.24.5/tests/online/badssl.c libgit2-0.25.1+really0.24.6/tests/online/badssl.c --- libgit2-0.24.5/tests/online/badssl.c 2017-01-02 10:47:27.000000000 +0100 +++ libgit2-0.25.1+really0.24.6/tests/online/badssl.c 2017-01-09 21:26:28.000000000 +0100 @@ -10,37 +10,71 @@ static bool g_has_ssl = false; #endif +static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload) +{ + GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload); + + cl_assert_equal_i(0, valid); + + return GIT_ECERTIFICATE; +} + void test_online_badssl__expired(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL)); + + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__wrong_host(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__self_signed(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + if (!g_has_ssl) cl_skip(); cl_git_fail_with(GIT_ECERTIFICATE, git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts)); } void test_online_badssl__old_cipher(void) { + git_clone_options opts = GIT_CLONE_OPTIONS_INIT; + opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid; + + /* FIXME: we don't actually reject RC4 anywhere, figure out what to tweak */ + cl_skip(); + if (!g_has_ssl) cl_skip(); - cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL)); + cl_git_fail_with(GIT_ECERTIFICATE, + git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts)); }