diff options
Diffstat (limited to 'yocto-poky/meta/recipes-devtools/git/git-2.5.0/0009-CVE-2015-7545-2.patch')
-rw-r--r-- | yocto-poky/meta/recipes-devtools/git/git-2.5.0/0009-CVE-2015-7545-2.patch | 112 |
1 files changed, 0 insertions, 112 deletions
diff --git a/yocto-poky/meta/recipes-devtools/git/git-2.5.0/0009-CVE-2015-7545-2.patch b/yocto-poky/meta/recipes-devtools/git/git-2.5.0/0009-CVE-2015-7545-2.patch deleted file mode 100644 index 8000e26d7..000000000 --- a/yocto-poky/meta/recipes-devtools/git/git-2.5.0/0009-CVE-2015-7545-2.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 33cfccbbf35a56e190b79bdec5c85457c952a021 Mon Sep 17 00:00:00 2001 -From: Jeff King <peff@peff.net> -Date: Wed, 16 Sep 2015 13:13:12 -0400 -Subject: [PATCH] submodule: allow only certain protocols for submodule fetches - -Some protocols (like git-remote-ext) can execute arbitrary -code found in the URL. The URLs that submodules use may come -from arbitrary sources (e.g., .gitmodules files in a remote -repository). Let's restrict submodules to fetching from a -known-good subset of protocols. - -Note that we apply this restriction to all submodule -commands, whether the URL comes from .gitmodules or not. -This is more restrictive than we need to be; for example, in -the tests we run: - - git submodule add ext::... - -which should be trusted, as the URL comes directly from the -command line provided by the user. But doing it this way is -simpler, and makes it much less likely that we would miss a -case. And since such protocols should be an exception -(especially because nobody who clones from them will be able -to update the submodules!), it's not likely to inconvenience -anyone in practice. - -Reported-by: Blake Burkhart <bburky@bburky.com> -Signed-off-by: Jeff King <peff@peff.net> -Signed-off-by: Junio C Hamano <gitster@pobox.com> - -Upstream-Status: Backport - -http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz - -CVE: CVE-2015-7545 #2 -Singed-off-by: Armin Kuster <akuster@mvista.com> - ---- - git-submodule.sh | 9 +++++++++ - t/t5815-submodule-protos.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 52 insertions(+) - create mode 100755 t/t5815-submodule-protos.sh - -diff --git a/git-submodule.sh b/git-submodule.sh -index 36797c3..78c2740 100755 ---- a/git-submodule.sh -+++ b/git-submodule.sh -@@ -22,6 +22,15 @@ require_work_tree - wt_prefix=$(git rev-parse --show-prefix) - cd_to_toplevel - -+# Restrict ourselves to a vanilla subset of protocols; the URLs -+# we get are under control of a remote repository, and we do not -+# want them kicking off arbitrary git-remote-* programs. -+# -+# If the user has already specified a set of allowed protocols, -+# we assume they know what they're doing and use that instead. -+: ${GIT_ALLOW_PROTOCOL=file:git:http:https:ssh} -+export GIT_ALLOW_PROTOCOL -+ - command= - branch= - force= -diff --git a/t/t5815-submodule-protos.sh b/t/t5815-submodule-protos.sh -new file mode 100755 -index 0000000..06f55a1 ---- /dev/null -+++ b/t/t5815-submodule-protos.sh -@@ -0,0 +1,43 @@ -+#!/bin/sh -+ -+test_description='test protocol whitelisting with submodules' -+. ./test-lib.sh -+. "$TEST_DIRECTORY"/lib-proto-disable.sh -+ -+setup_ext_wrapper -+setup_ssh_wrapper -+ -+test_expect_success 'setup repository with submodules' ' -+ mkdir remote && -+ git init remote/repo.git && -+ (cd remote/repo.git && test_commit one) && -+ # submodule-add should probably trust what we feed it on the cmdline, -+ # but its implementation is overly conservative. -+ GIT_ALLOW_PROTOCOL=ssh git submodule add remote:repo.git ssh-module && -+ GIT_ALLOW_PROTOCOL=ext git submodule add "ext::fake-remote %S repo.git" ext-module && -+ git commit -m "add submodules" -+' -+ -+test_expect_success 'clone with recurse-submodules fails' ' -+ test_must_fail git clone --recurse-submodules . dst -+' -+ -+test_expect_success 'setup individual updates' ' -+ rm -rf dst && -+ git clone . dst && -+ git -C dst submodule init -+' -+ -+test_expect_success 'update of ssh allowed' ' -+ git -C dst submodule update ssh-module -+' -+ -+test_expect_success 'update of ext not allowed' ' -+ test_must_fail git -C dst submodule update ext-module -+' -+ -+test_expect_success 'user can override whitelist' ' -+ GIT_ALLOW_PROTOCOL=ext git -C dst submodule update ext-module -+' -+ -+test_done |