dist-git conversion

Fix typo that causes a failure to update the common directory. (releng
#2781)
2010-07-28 15:41:43 +00:00 · 2009-11-26 01:56:49 +00:00 · 2009-06-19 13:47:55 +00:00 · 2009-04-15 06:27:17 +00:00
6 changed files with 114 additions and 24 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +0,0 @@
 git-1.6.2.2.tar.bz2
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 git-1.6.2.5.tar.bz2
--- a/21
+++ b/21
@ -1,21 +0,0 @@
 # Makefile for source rpm: git
 # $Id$
 NAME := git
 SPECFILE = $(firstword $(wildcard *.spec))
 define find-makefile-common
 for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef
 MAKEFILE_COMMON := $(shell $(find-makefile-common))
 ifeq ($(MAKEFILE_COMMON),)
 # attept a checkout
 define checkout-makefile-common
 test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
 endef
 MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
 endif
 include $(MAKEFILE_COMMON)
--- a/git-1.6.2.5-daemon-extra-args.patch
+++ b/git-1.6.2.5-daemon-extra-args.patch
@ -0,0 +1,104 @@
 From 73bb33a94ec67a53e7d805b12ad9264fa25f4f8d Mon Sep 17 00:00:00 2001
 From: Shawn O. Pearce <spearce@spearce.org>
 Date: Thu, 4 Jun 2009 18:33:32 -0700
 Subject: [PATCH] daemon: Strictly parse the "extra arg" part of the command
 Since 1.4.4.5 (49ba83fb67 "Add virtualization support to git-daemon")
 git daemon enters an infinite loop and never terminates if a client
 hides any extra arguments in the initial request line which is not
 exactly "\0host=blah\0".
 Since that change, a client must never insert additional extra
 arguments, or attempt to use any argument other than "host=", as
 any daemon will get stuck parsing the request line and will never
 complete the request.
 Since the client can't tell if the daemon is patched or not, it
 is not possible to know if additional extra args might actually be
 able to be safely requested.
 If we ever need to extend the git daemon protocol to support a new
 feature, we may have to do something like this to the exchange:
  # If both support git:// v2
  #
  C: 000cgit://v2
  S: 0010ok host user
  C: 0018host git.kernel.org
  C: 0027git-upload-pack /pub/linux-2.6.git
  S: ...git-upload-pack header...
  # If client supports git:// v2, server does not:
  #
  C: 000cgit://v2
  S: <EOF>
  C: 003bgit-upload-pack /pub/linux-2.6.git\0host=git.kernel.org\0
  S: ...git-upload-pack header...
 This requires the client to create two TCP connections to talk to
 an older git daemon, however all daemons since the introduction of
 daemon.c will safely reject the unknown "git://v2" command request,
 so the client can quite easily determine the server supports an
 older protocol.
 Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
 Signed-off-by: Junio C Hamano <gitster@pobox.com>
 diff --git a/connect.c b/connect.c
 index f6b8ba6..958c831 100644
 --- a/connect.c
 +++ b/connect.c
@@ -579,7 +579,10 @@ struct child_process *git_connect(int fd[2], const char *url_orig,
 			git_tcp_connect(fd, host, flags);
 		/*
 		 * Separate original protocol components prog and path
 -		 * from extended components with a NUL byte.
 +		 * from extended host header with a NUL byte.
 +		 *
 +		 * Note: Do not add any other headers here!  Doing so
 +		 * will cause older git-daemon servers to crash.
 		 */
 		packet_write(fd[1],
 			     "%s %s%chost=%s%c",
 diff --git a/daemon.c b/daemon.c
 index daa4c8e..b2babcc 100644
 --- a/daemon.c
 +++ b/daemon.c
@@ -406,15 +406,15 @@ static char *xstrdup_tolower(const char *str)
 }
 /*
 - * Separate the "extra args" information as supplied by the client connection.
 + * Read the host as supplied by the client connection.
  */
 -static void parse_extra_args(char *extra_args, int buflen)
 +static void parse_host_arg(char *extra_args, int buflen)
 {
 	char *val;
 	int vallen;
 	char *end = extra_args + buflen;
 -	while (extra_args < end && *extra_args) {
 +	if (extra_args < end && *extra_args) {
 		saw_extended_args = 1;
 		if (strncasecmp("host=", extra_args, 5) == 0) {
 			val = extra_args + 5;
@@ -436,6 +436,8 @@ static void parse_extra_args(char *extra_args, int buflen)
 			/* On to the next one */
 			extra_args = val + vallen;
 		}
 +		if (extra_args < end && *extra_args)
 +			die("Invalid request");
 	}
 	/*
@@ -545,7 +547,7 @@ static int execute(struct sockaddr *addr)
 	hostname = canon_hostname = ip_address = tcp_port = NULL;
 	if (len != pktlen)
 -		parse_extra_args(line + len + 1, pktlen - len - 1);
 +		parse_host_arg(line + len + 1, pktlen - len - 1);
 	for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
 		struct daemon_service *s = &(daemon_service[i]);
--- a/git.spec
+++ b/git.spec
@ -1,6 +1,6 @@
 # Pass --without docs to rpmbuild if you don't want the documentation
 Name:           git
-Version:        1.6.2.2
+Version:        1.6.2.5
 Release:        1%{?dist}
 Summary:        Core git tools
 License:        GPLv2
@ -13,6 +13,8 @@ Source3:        git.conf.httpd
 Patch0:         git-1.5-gitweb-home-link.patch
 # https://bugzilla.redhat.com/490602
 Patch1:         git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch
 # http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9
 Patch2:         git-1.6.2.5-daemon-extra-args.patch
 BuildRequires:  zlib-devel >= 1.2, openssl-devel, libcurl-devel, expat-devel, emacs, gettext %{!?_without_docs:, xmlto, asciidoc > 6.0.3}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -143,6 +145,7 @@ Requires:       git = %{version}-%{release}, emacs-common
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 # Use these same options for every invocation of 'make'.
 # Otherwise it will rebuild in %%install due to flags changes.
@ -298,6 +301,10 @@ rm -rf $RPM_BUILD_ROOT
 # No files for you!
 %changelog
 * Fri Jun 19 2009 Todd Zullinger <tmz@pobox.com> - 1.6.2.5-1
 - Update to 1.6.2.5
 - Fix git-daemon hang on invalid input (CVE-2009-2108, bug 505761)
 * Fri Apr 03 2009 Todd Zullinger <tmz@pobox.com> - 1.6.2.2-1
 - git-1.6.2.2
 - Include contrib/ dir in %%doc (bug 492490)
--- a/2
+++ b/2
@ -1 +1 @@
-d219aa5480ed6396f8ab968f3f7eb0f9  git-1.6.2.2.tar.bz2
+7ecacfbc97188b7680addf954ecf481f  git-1.6.2.5.tar.bz2
Author	SHA1	Message	Date
Fedora Release Engineering	ad186f7496	dist-git conversion	2010-07-28 15:41:43 +00:00
Bill Nottingham	dcf4250535	Fix typo that causes a failure to update the common directory. (releng #2781)	2009-11-26 01:56:49 +00:00
Todd Zullinger	81cec54df4	Update to 1.6.2.5 - Fix git-daemon hang on invalid input (CVE-2009-2108, bug 505761)	2009-06-19 13:47:55 +00:00
Jesse Keating	7b3ce9e996	Initialize branch F-11 for git	2009-04-15 06:27:17 +00:00
`@ -1 +1 @@`
	`d219aa5480ed6396f8ab968f3f7eb0f9 git-1.6.2.2.tar.bz2`	`7ecacfbc97188b7680addf954ecf481f git-1.6.2.5.tar.bz2`