diff options
Diffstat (limited to 'yocto-poky/meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch')
| -rw-r--r-- | yocto-poky/meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/yocto-poky/meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch b/yocto-poky/meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch deleted file mode 100644 index 76d66bad9..000000000 --- a/yocto-poky/meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch +++ /dev/null @@ -1,69 +0,0 @@ -From b258116462399b318c86165c61a5c7123043cfd4 Mon Sep 17 00:00:00 2001 -From: Blake Burkhart <bburky@bburky.com> -Date: Tue, 22 Sep 2015 18:06:20 -0400 -Subject: [PATCH] http: limit redirection depth - -By default, libcurl will follow circular http redirects -forever. Let's put a cap on this so that somebody who can -trigger an automated fetch of an arbitrary repository (e.g., -for CI) cannot convince git to loop infinitely. - -The value chosen is 20, which is the same default that -Firefox uses. - -Signed-off-by: Jeff King <peff@peff.net> -Signed-off-by: Junio C Hamano <gitster@pobox.com> - -Upstream-Status: Backport - -http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz - -CVE: CVE-2015-7545 #5 -Singed-off-by: Armin Kuster <akuster@mvista.com> - ---- - http.c | 1 + - t/lib-httpd/apache.conf | 3 +++ - t/t5812-proto-disable-http.sh | 4 ++++ - 3 files changed, 8 insertions(+) - -Index: git-2.5.0/http.c -=================================================================== ---- git-2.5.0.orig/http.c 2015-12-11 12:48:02.900163824 -0500 -+++ git-2.5.0/http.c 2015-12-11 12:48:02.896163796 -0500 -@@ -396,6 +396,7 @@ - } - - curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1); -+ curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20); - #if LIBCURL_VERSION_NUM >= 0x071301 - curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL); - #elif LIBCURL_VERSION_NUM >= 0x071101 -Index: git-2.5.0/t/lib-httpd/apache.conf -=================================================================== ---- git-2.5.0.orig/t/lib-httpd/apache.conf 2015-12-11 12:48:02.900163824 -0500 -+++ git-2.5.0/t/lib-httpd/apache.conf 2015-12-11 12:48:02.896163796 -0500 -@@ -121,6 +121,9 @@ - RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301] - RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302] - -+RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302] -+RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302] -+ - <IfDefine SSL> - LoadModule ssl_module modules/mod_ssl.so - -Index: git-2.5.0/t/t5812-proto-disable-http.sh -=================================================================== ---- git-2.5.0.orig/t/t5812-proto-disable-http.sh 2015-12-11 12:48:02.900163824 -0500 -+++ git-2.5.0/t/t5812-proto-disable-http.sh 2015-12-11 12:48:02.896163796 -0500 -@@ -25,5 +25,9 @@ - } - ' - -+test_expect_success 'curl limits redirects' ' -+ test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git" -+' -+ - stop_httpd - test_done |