Resolves: CVE-2014-9938
do not put unsanitized branch names in $PS1
This commit is contained in:
Petr Stodulka
parent
8478810fb2
commit
a5e5a352fe
2 changed files with 61 additions and 1 deletions
53
0007-git-prompt.patch
Normal file
53
0007-git-prompt.patch
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
From 7e546ae76da784185ba9515ed86e435ba17fdd65 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Stodulka <pstodulk@redhat.com>
|
||||
Date: Wed, 29 Mar 2017 13:08:28 +0200
|
||||
Subject: [PATCH] git-prompt.sh: don't put unsanitized branch names in $PS1
|
||||
|
||||
---
|
||||
contrib/completion/git-prompt.sh | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/contrib/completion/git-prompt.sh b/contrib/completion/git-prompt.sh
|
||||
index eaf5c36..2c872e5 100644
|
||||
--- a/contrib/completion/git-prompt.sh
|
||||
+++ b/contrib/completion/git-prompt.sh
|
||||
@@ -360,8 +360,11 @@ __git_ps1 ()
|
||||
fi
|
||||
|
||||
local f="$w$i$s$u"
|
||||
+ b=${b##refs/heads/}
|
||||
if [ $pcmode = yes ]; then
|
||||
local gitstring=
|
||||
+ __git_ps1_branch_name=$b
|
||||
+ b="\${__git_ps1_branch_name}"
|
||||
if [ -n "${GIT_PS1_SHOWCOLORHINTS-}" ]; then
|
||||
local c_red='\e[31m'
|
||||
local c_green='\e[32m'
|
||||
@@ -371,7 +374,7 @@ __git_ps1 ()
|
||||
local ok_color=$c_green
|
||||
local branch_color="$c_clear"
|
||||
local flags_color="$c_lblue"
|
||||
- local branchstring="$c${b##refs/heads/}"
|
||||
+ local branchstring="$c$b"
|
||||
|
||||
if [ $detached = no ]; then
|
||||
branch_color="$ok_color"
|
||||
@@ -400,13 +403,13 @@ __git_ps1 ()
|
||||
fi
|
||||
gitstring="$gitstring\[$c_clear\]$r$p"
|
||||
else
|
||||
- gitstring="$c${b##refs/heads/}${f:+ $f}$r$p"
|
||||
+ gitstring="$c$b${f:+ $f}$r$p"
|
||||
fi
|
||||
gitstring=$(printf -- "$printf_format" "$gitstring")
|
||||
PS1="$ps1pc_start$gitstring$ps1pc_end"
|
||||
else
|
||||
# NO color option unless in PROMPT_COMMAND mode
|
||||
- printf -- "$printf_format" "$c${b##refs/heads/}${f:+ $f}$r$p"
|
||||
+ printf -- "$printf_format" "$c$b${f:+ $f}$r$p"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
--
|
||||
2.5.5
|
||||
|
||||
9
git.spec
9
git.spec
|
|
@ -44,7 +44,7 @@
|
|||
|
||||
Name: git
|
||||
Version: 1.8.2.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Fast Version Control System
|
||||
License: GPLv2
|
||||
Group: Development/Tools
|
||||
|
|
@ -73,6 +73,8 @@ Patch10: 0004-http-limit-redirection-to-protocol-whitelist.patch
|
|||
Patch11: 0005-http-limit-redirection-depth.patch
|
||||
# CVE-2016-2315 / CVE-2016-2324
|
||||
Patch12: 0001-Fix-CVE-2016-2315-CVE-2016-2324.patch
|
||||
# CVE-2014-9938
|
||||
Patch13: 0007-git-prompt.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
|
|
@ -286,6 +288,7 @@ Requires: emacs-git = %{version}-%{release}
|
|||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
|
||||
%if %{use_prebuilt_docs}
|
||||
mkdir -p prebuilt_docs/{html,man}
|
||||
|
|
@ -577,6 +580,10 @@ rm -rf %{buildroot}
|
|||
# No files for you!
|
||||
|
||||
%changelog
|
||||
* Wed Mar 29 2017 Petr Stodulka <pstodulk@redhat.com> - 1.8.2.3-2
|
||||
- do not put unsanitized branch names in $PS1
|
||||
Resolves: CVE-2014-9938
|
||||
|
||||
* Mon Apr 18 2016 Todd Zullinger <tmz@pobox.com> - 1.8.2.3-1
|
||||
- Update to 1.8.2.3
|
||||
- Apply Petr's fix for CVE-2016-2315 CVE-2016-2324 from el6 (#1318252)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue