From 7b3ce9e996ad2bfb9f4190320612bb48c2ddba63 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Wed, 15 Apr 2009 06:27:17 +0000 Subject: [PATCH 1/4] Initialize branch F-11 for git --- branch | 1 + 1 file changed, 1 insertion(+) create mode 100644 branch diff --git a/branch b/branch new file mode 100644 index 0000000..25c7708 --- /dev/null +++ b/branch @@ -0,0 +1 @@ +F-11 From 81cec54df49d0dd211ee2d3905333d138f1df773 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 19 Jun 2009 13:47:55 +0000 Subject: [PATCH 2/4] Update to 1.6.2.5 - Fix git-daemon hang on invalid input (CVE-2009-2108, bug 505761) --- .cvsignore | 2 +- git-1.6.2.5-daemon-extra-args.patch | 104 ++++++++++++++++++++++++++++ git.spec | 9 ++- sources | 2 +- 4 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 git-1.6.2.5-daemon-extra-args.patch diff --git a/.cvsignore b/.cvsignore index 7b52e58..75615c1 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -git-1.6.2.2.tar.bz2 +git-1.6.2.5.tar.bz2 diff --git a/git-1.6.2.5-daemon-extra-args.patch b/git-1.6.2.5-daemon-extra-args.patch new file mode 100644 index 0000000..150f98c --- /dev/null +++ b/git-1.6.2.5-daemon-extra-args.patch @@ -0,0 +1,104 @@ +From 73bb33a94ec67a53e7d805b12ad9264fa25f4f8d Mon Sep 17 00:00:00 2001 +From: Shawn O. Pearce +Date: Thu, 4 Jun 2009 18:33:32 -0700 +Subject: [PATCH] daemon: Strictly parse the "extra arg" part of the command + +Since 1.4.4.5 (49ba83fb67 "Add virtualization support to git-daemon") +git daemon enters an infinite loop and never terminates if a client +hides any extra arguments in the initial request line which is not +exactly "\0host=blah\0". + +Since that change, a client must never insert additional extra +arguments, or attempt to use any argument other than "host=", as +any daemon will get stuck parsing the request line and will never +complete the request. + +Since the client can't tell if the daemon is patched or not, it +is not possible to know if additional extra args might actually be +able to be safely requested. + +If we ever need to extend the git daemon protocol to support a new +feature, we may have to do something like this to the exchange: + + # If both support git:// v2 + # + C: 000cgit://v2 + S: 0010ok host user + C: 0018host git.kernel.org + C: 0027git-upload-pack /pub/linux-2.6.git + S: ...git-upload-pack header... + + # If client supports git:// v2, server does not: + # + C: 000cgit://v2 + S: + + C: 003bgit-upload-pack /pub/linux-2.6.git\0host=git.kernel.org\0 + S: ...git-upload-pack header... + +This requires the client to create two TCP connections to talk to +an older git daemon, however all daemons since the introduction of +daemon.c will safely reject the unknown "git://v2" command request, +so the client can quite easily determine the server supports an +older protocol. + +Signed-off-by: Shawn O. Pearce +Signed-off-by: Junio C Hamano + +diff --git a/connect.c b/connect.c +index f6b8ba6..958c831 100644 +--- a/connect.c ++++ b/connect.c +@@ -579,7 +579,10 @@ struct child_process *git_connect(int fd[2], const char *url_orig, + git_tcp_connect(fd, host, flags); + /* + * Separate original protocol components prog and path +- * from extended components with a NUL byte. ++ * from extended host header with a NUL byte. ++ * ++ * Note: Do not add any other headers here! Doing so ++ * will cause older git-daemon servers to crash. + */ + packet_write(fd[1], + "%s %s%chost=%s%c", +diff --git a/daemon.c b/daemon.c +index daa4c8e..b2babcc 100644 +--- a/daemon.c ++++ b/daemon.c +@@ -406,15 +406,15 @@ static char *xstrdup_tolower(const char *str) + } + + /* +- * Separate the "extra args" information as supplied by the client connection. ++ * Read the host as supplied by the client connection. + */ +-static void parse_extra_args(char *extra_args, int buflen) ++static void parse_host_arg(char *extra_args, int buflen) + { + char *val; + int vallen; + char *end = extra_args + buflen; + +- while (extra_args < end && *extra_args) { ++ if (extra_args < end && *extra_args) { + saw_extended_args = 1; + if (strncasecmp("host=", extra_args, 5) == 0) { + val = extra_args + 5; +@@ -436,6 +436,8 @@ static void parse_extra_args(char *extra_args, int buflen) + /* On to the next one */ + extra_args = val + vallen; + } ++ if (extra_args < end && *extra_args) ++ die("Invalid request"); + } + + /* +@@ -545,7 +547,7 @@ static int execute(struct sockaddr *addr) + hostname = canon_hostname = ip_address = tcp_port = NULL; + + if (len != pktlen) +- parse_extra_args(line + len + 1, pktlen - len - 1); ++ parse_host_arg(line + len + 1, pktlen - len - 1); + + for (i = 0; i < ARRAY_SIZE(daemon_service); i++) { + struct daemon_service *s = &(daemon_service[i]); diff --git a/git.spec b/git.spec index f2d67c2..241d84f 100644 --- a/git.spec +++ b/git.spec @@ -1,6 +1,6 @@ # Pass --without docs to rpmbuild if you don't want the documentation Name: git -Version: 1.6.2.2 +Version: 1.6.2.5 Release: 1%{?dist} Summary: Core git tools License: GPLv2 @@ -13,6 +13,8 @@ Source3: git.conf.httpd Patch0: git-1.5-gitweb-home-link.patch # https://bugzilla.redhat.com/490602 Patch1: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch +# http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9 +Patch2: git-1.6.2.5-daemon-extra-args.patch BuildRequires: zlib-devel >= 1.2, openssl-devel, libcurl-devel, expat-devel, emacs, gettext %{!?_without_docs:, xmlto, asciidoc > 6.0.3} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -143,6 +145,7 @@ Requires: git = %{version}-%{release}, emacs-common %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 # Use these same options for every invocation of 'make'. # Otherwise it will rebuild in %%install due to flags changes. @@ -298,6 +301,10 @@ rm -rf $RPM_BUILD_ROOT # No files for you! %changelog +* Fri Jun 19 2009 Todd Zullinger - 1.6.2.5-1 +- Update to 1.6.2.5 +- Fix git-daemon hang on invalid input (CVE-2009-2108, bug 505761) + * Fri Apr 03 2009 Todd Zullinger - 1.6.2.2-1 - git-1.6.2.2 - Include contrib/ dir in %%doc (bug 492490) diff --git a/sources b/sources index 7b92812..d755e96 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d219aa5480ed6396f8ab968f3f7eb0f9 git-1.6.2.2.tar.bz2 +7ecacfbc97188b7680addf954ecf481f git-1.6.2.5.tar.bz2 From dcf42505356f837cde164ea2a428431cc6711d2c Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Thu, 26 Nov 2009 01:56:49 +0000 Subject: [PATCH 3/4] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6c8a637..fbfe8aa 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ NAME := git SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From ad186f749660622aa0be9e665c5ff357e2daa3f0 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 28 Jul 2010 15:41:43 +0000 Subject: [PATCH 4/4] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- branch | 1 - 3 files changed, 22 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile delete mode 100644 branch diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index fbfe8aa..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: git -# $Id$ -NAME := git -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/branch b/branch deleted file mode 100644 index 25c7708..0000000 --- a/branch +++ /dev/null @@ -1 +0,0 @@ -F-11