Upgrade 1.3.2
Signed-off-by: cherry530 <xuping33@huawei.com> (cherry picked from commit 494e4dc0bcf8b82aec787f3bd260baa286851476)
This commit is contained in:
cherry530
openeuler-sync-bot
parent
f41b0483a1
commit
f42615efc1
@ -1,59 +0,0 @@
|
||||
From 415a8ae9c9b6ac18f0524b6af8e58408b426457d Mon Sep 17 00:00:00 2001
|
||||
From: Edward Thomson <ethomson@edwardthomson.com>
|
||||
Date: Thu, 13 Sep 2018 13:27:07 +0100
|
||||
Subject: [PATCH] tests: don't run buf::oom on 32-bit systems
|
||||
|
||||
On a 32-bit Linux systems, the value large enough to make malloc
|
||||
guarantee a failure is also large enough that valgrind considers it
|
||||
"fishy". Skip this test on those systems entirely.
|
||||
---
|
||||
tests/buf/oom.c | 14 +++++++++-----
|
||||
1 file changed, 9 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/tests/buf/oom.c b/tests/buf/oom.c
|
||||
index 2741a8ddf2..ec3bad9979 100644
|
||||
--- a/tests/buf/oom.c
|
||||
+++ b/tests/buf/oom.c
|
||||
@@ -11,12 +11,8 @@
|
||||
*/
|
||||
#if defined(GIT_ARCH_64) && defined(__linux__)
|
||||
# define TOOBIG 0x0fffffffffffffff
|
||||
-#elif defined(__linux__)
|
||||
-# define TOOBIG 0x0fffffff
|
||||
#elif defined(GIT_ARCH_64)
|
||||
# define TOOBIG 0xffffffffffffff00
|
||||
-#else
|
||||
-# define TOOBIG 0xffffff00
|
||||
#endif
|
||||
|
||||
/**
|
||||
@@ -25,13 +21,18 @@
|
||||
* will fail. And because the git_buf_grow() wrapper always
|
||||
* sets mark_oom, the code in git_buf_try_grow() will free
|
||||
* the internal buffer and set it to git_buf__oom.
|
||||
- *
|
||||
+ *
|
||||
* We initialized the internal buffer to (the static variable)
|
||||
* git_buf__initbuf. The purpose of this test is to make sure
|
||||
* that we don't try to free the static buffer.
|
||||
+ *
|
||||
+ * Skip this test entirely on 32-bit platforms; a buffer large enough
|
||||
+ * to guarantee malloc failures is so large that valgrind considers
|
||||
+ * it likely to be an error.
|
||||
*/
|
||||
void test_buf_oom__grow(void)
|
||||
{
|
||||
+#ifdef GIT_ARCH_64
|
||||
git_buf buf = GIT_BUF_INIT;
|
||||
|
||||
git_buf_clear(&buf);
|
||||
@@ -40,6 +41,9 @@ void test_buf_oom__grow(void)
|
||||
cl_assert(git_buf_oom(&buf));
|
||||
|
||||
git_buf_free(&buf);
|
||||
+#else
|
||||
+ cl_skip();
|
||||
+#endif
|
||||
}
|
||||
|
||||
void test_buf_oom__grow_by(void)
|
||||
@ -1,44 +0,0 @@
|
||||
From e1832eb20a7089f6383cfce474f213157f5300cb Mon Sep 17 00:00:00 2001
|
||||
From: Johannes Schindelin <johannes.schindelin@gmx.de>
|
||||
Date: Wed, 18 Sep 2019 16:33:18 +0200
|
||||
Subject: [PATCH] path: also guard `.gitmodules` against NTFS Alternate Data
|
||||
Streams
|
||||
|
||||
We just safe-guarded `.git` against NTFS Alternate Data Stream-related
|
||||
attack vectors, and now it is time to do the same for `.gitmodules`.
|
||||
|
||||
Note: In the added regression test, we refrain from verifying all kinds
|
||||
of variations between short names and NTFS Alternate Data Streams: as
|
||||
the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it
|
||||
is enough to test one in order to know that all of them are guarded
|
||||
against.
|
||||
|
||||
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
||||
---
|
||||
src/path.c | 2 +-
|
||||
tests/path/dotgit.c | 1 +
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/path.c b/src/path.c
|
||||
index 7844da67227..b3a8fc32f83 100644
|
||||
--- a/src/path.c
|
||||
+++ b/src/path.c
|
||||
@@ -1646,7 +1646,7 @@ GIT_INLINE(bool) only_spaces_and_dots(const char *path)
|
||||
const char *c = path;
|
||||
|
||||
for (;; c++) {
|
||||
- if (*c == '\0')
|
||||
+ if (*c == '\0' || *c == ':')
|
||||
return true;
|
||||
if (*c != ' ' && *c != '.')
|
||||
return false;
|
||||
diff --git a/tests/path/dotgit.c b/tests/path/dotgit.c
|
||||
index 30996694512..ceb7330d248 100644
|
||||
--- a/tests/path/dotgit.c
|
||||
+++ b/tests/path/dotgit.c
|
||||
@@ -116,4 +116,5 @@ void test_path_dotgit__dotgit_modules_symlink(void)
|
||||
cl_assert_equal_b(true, git_path_isvalid(NULL, ".gitmodules", 0, GIT_PATH_REJECT_DOT_GIT_HFS|GIT_PATH_REJECT_DOT_GIT_NTFS));
|
||||
cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_HFS));
|
||||
cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
|
||||
+ cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules . .::$DATA", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
|
||||
}
|
||||
@ -1,57 +0,0 @@
|
||||
From 64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 Mon Sep 17 00:00:00 2001
|
||||
From: Johannes Schindelin <johannes.schindelin@gmx.de>
|
||||
Date: Wed, 18 Sep 2019 15:25:02 +0200
|
||||
Subject: [PATCH] Protect against 8.3 "short name" attacks also on Linux/macOS
|
||||
|
||||
The Windows Subsystem for Linux (WSL) is getting increasingly popular,
|
||||
in particular because it makes it _so_ easy to run Linux software on
|
||||
Windows' files, via the auto-mounted Windows drives (`C:\` is mapped to
|
||||
`/mnt/c/`, no need to set that up manually).
|
||||
|
||||
Unfortunately, files/directories on the Windows drives can be accessed
|
||||
via their _short names_, if that feature is enabled (which it is on the
|
||||
`C:` drive by default).
|
||||
|
||||
Which means that we have to safeguard even our Linux users against the
|
||||
short name attacks.
|
||||
|
||||
Further, while the default options of CIFS/SMB-mounts seem to disallow
|
||||
accessing files on network shares via their short names on Linux/macOS,
|
||||
it _is_ possible to do so with the right options.
|
||||
|
||||
So let's just safe-guard against short name attacks _everywhere_.
|
||||
|
||||
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
||||
---
|
||||
src/checkout.c | 2 +-
|
||||
tests/checkout/nasty.c | 3 +--
|
||||
2 files changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/checkout.c b/src/checkout.c
|
||||
index 5cfa7280baa..5b20ede466b 100644
|
||||
--- a/src/checkout.c
|
||||
+++ b/src/checkout.c
|
||||
@@ -1271,7 +1271,7 @@ static int checkout_verify_paths(
|
||||
int action,
|
||||
git_diff_delta *delta)
|
||||
{
|
||||
- unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS;
|
||||
+ unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS | GIT_PATH_REJECT_DOT_GIT_NTFS;
|
||||
|
||||
if (action & CHECKOUT_ACTION__REMOVE) {
|
||||
if (!git_path_isvalid(repo, delta->old_file.path, delta->old_file.mode, flags)) {
|
||||
diff --git a/tests/checkout/nasty.c b/tests/checkout/nasty.c
|
||||
index 3897878cef1..a0ac738a812 100644
|
||||
--- a/tests/checkout/nasty.c
|
||||
+++ b/tests/checkout/nasty.c
|
||||
@@ -206,9 +206,8 @@ void test_checkout_nasty__dot_git_dot(void)
|
||||
*/
|
||||
void test_checkout_nasty__git_tilde1(void)
|
||||
{
|
||||
-#ifdef GIT_WIN32
|
||||
test_checkout_fails("refs/heads/git_tilde1", ".git/foobar");
|
||||
-#endif
|
||||
+ test_checkout_fails("refs/heads/git_tilde1", "git~1/foobar");
|
||||
}
|
||||
|
||||
/* A tree that contains an entry "git~2", when we have forced the short
|
||||
@ -1,13 +0,0 @@
|
||||
diff --git a/tests/refs/revparse.c b/tests/refs/revparse.c
|
||||
index 459188c..2bb19ff 100644
|
||||
--- a/tests/refs/revparse.c
|
||||
+++ b/tests/refs/revparse.c
|
||||
@@ -400,8 +400,6 @@ void test_refs_revparse__date(void)
|
||||
* a65fedf HEAD@{1335806603 -0900}: commit:
|
||||
* be3563a HEAD@{1335806563 -0700}: clone: from /Users/ben/src/libgit2/tests/resour
|
||||
*/
|
||||
- test_object("HEAD@{10 years ago}", NULL);
|
||||
-
|
||||
test_object("HEAD@{1 second}", "a65fedf39aefe402d3bb6e24df4d4f5fe4547750");
|
||||
test_object("HEAD@{1 second ago}", "a65fedf39aefe402d3bb6e24df4d4f5fe4547750");
|
||||
test_object("HEAD@{2 days ago}", "a65fedf39aefe402d3bb6e24df4d4f5fe4547750");
|
||||
21
libgit2.spec
21
libgit2.spec
@ -1,18 +1,14 @@
|
||||
Name: libgit2
|
||||
Version: 0.27.8
|
||||
Release: 5
|
||||
Version: 1.3.2
|
||||
Release: 1
|
||||
Summary: portable, pure C implementation of the Git core methods
|
||||
License: GPLv2 with exceptions
|
||||
URL: https://libgit2.org
|
||||
Source0: https://github.com/libgit2/libgit2/archive/v%{version}.tar.gz
|
||||
|
||||
Patch0001: 0001-tests-don-t-run-buf-oom-on-32-bit-systems.patch
|
||||
Patch0002: CVE-2020-12278.patch
|
||||
Patch0003: CVE-2020-12279.patch
|
||||
Patch0004: Remove-error-prone-redundant-test.patch
|
||||
|
||||
BuildRequires: gcc cmake >= 2.8.11 ninja-build http-parser-devel libcurl-devel
|
||||
BuildRequires: libssh2-devel openssl-devel python3 zlib-devel
|
||||
BuildRequires: pcre2-devel
|
||||
Provides: bundled(libxdiff)
|
||||
|
||||
%description
|
||||
@ -29,12 +25,14 @@ This package contains libraries and headers for developing applications that use
|
||||
|
||||
%prep
|
||||
%autosetup -n %{name}-%{version} -p1
|
||||
rm -rfv examples/network/.gitignore deps
|
||||
sed -i '/ADD_TEST(online/s/^/#/' tests/CMakeLists.txt
|
||||
find examples -name ".gitignore" -delete -print
|
||||
sed -i '/-sonline/s/^/#/' tests/CMakeLists.txt
|
||||
rm -vr deps
|
||||
|
||||
%build
|
||||
%cmake . -B%{_target_platform} -GNinja -DCMAKE_BUILD_TYPE=RelWithDebInfo \
|
||||
-DSHA1_BACKEND=OpenSSL -DUSE_HTTPS=OpenSSL %{nil}
|
||||
-DREGEX_BACKEND=pcre2 -DUSE_SHA1=HTTPS -DUSE_HTTP_PARSER=system \
|
||||
-DUSE_NTLMCLIENT=OFF -DUSE_HTTPS=OpenSSL %{nil}
|
||||
%ninja_build -C %{_target_platform}
|
||||
|
||||
%install
|
||||
@ -58,6 +56,9 @@ sed -i '/ADD_TEST(online/s/^/#/' tests/CMakeLists.txt
|
||||
%{_includedir}/git2*
|
||||
|
||||
%changelog
|
||||
* Mon Jul 25 2022 xu_ping <xuping33@h-partners.com> - 1.3.2-1
|
||||
- Upgrade 1.3.2
|
||||
|
||||
* Fri May 13 2022 liyanan <liyanan32@h-partners.com> - 0.27.8-5
|
||||
- Remove error-prone, redundant test
|
||||
|
||||
|
||||
BIN
v0.27.8.tar.gz
BIN
v0.27.8.tar.gz
Binary file not shown.
BIN
v1.3.2.tar.gz
Normal file
BIN
v1.3.2.tar.gz
Normal file
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user