Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package libgit2
The main reasons is that i messed up the packaging of version 0.24.2-1, and
have flagged CVE-2016-8568 [0] as being fixed which is untrue. This package
both addresses this issue correctly and fixes the serious bug [1].
Thanks,
Russell
0. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227
1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841532
unblock libgit2/0.24.5-1
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
diff -Nru libgit2-0.24.2/debian/changelog libgit2-0.24.5/debian/changelog
--- libgit2-0.24.2/debian/changelog 2016-11-04 18:36:41.000000000 +1100
+++ libgit2-0.24.5/debian/changelog 2017-01-02 20:35:08.000000000 +1100
@@ -1,3 +1,11 @@
+libgit2 (0.24.5-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/patch/fix_gmt14_timzone_bug.patch (Closes: #841532)
+ * Correcty address CVE-2016-8568
+
+ -- Russell Sim <russell....@gmail.com> Mon, 02 Jan 2017 20:35:08 +1100
+
libgit2 (0.24.2-2) unstable; urgency=medium
* Upload to unstable.
diff -Nru libgit2-0.24.2/debian/patches/commit-always-initialize-commit-message.patch libgit2-0.24.5/debian/patches/commit-always-initialize-commit-message.patch
--- libgit2-0.24.2/debian/patches/commit-always-initialize-commit-message.patch 2016-11-04 18:36:41.000000000 +1100
+++ libgit2-0.24.5/debian/patches/commit-always-initialize-commit-message.patch 1970-01-01 10:00:00.000000000 +1000
@@ -1,43 +0,0 @@
-From a719ef5e6d4a1a8ec53469c7914032ed67922772 Mon Sep 17 00:00:00 2001
-From: Patrick Steinhardt <p...@pks.im>
-Date: Fri, 7 Oct 2016 09:31:41 +0200
-Subject: [PATCH] commit: always initialize commit message
-
-When parsing a commit, we will treat all bytes left after parsing
-the headers as the commit message. When no bytes are left, we
-leave the commit's message uninitialized. While uncommon to have
-a commit without message, this is the right behavior as Git
-unfortunately allows for empty commit messages.
-
-Given that this scenario is so uncommon, most programs acting on
-the commit message will never check if the message is actually
-set, which may lead to errors. To work around the error and not
-lay the burden of checking for empty commit messages to the
-developer, initialize the commit message with an empty string
-when no commit message is given.
----
- src/commit.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/commit.c b/src/commit.c
-index 99a8085..76e6dcb 100644
---- a/src/commit.c
-+++ b/src/commit.c
-@@ -459,10 +459,11 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj)
- buffer = buffer_start + header_len + 1;
-
- /* extract commit message */
-- if (buffer <= buffer_end) {
-+ if (buffer <= buffer_end)
- commit->raw_message = git__strndup(buffer, buffer_end - buffer);
-- GITERR_CHECK_ALLOC(commit->raw_message);
-- }
-+ else
-+ commit->raw_message = git__strdup("");
-+ GITERR_CHECK_ALLOC(commit->raw_message);
-
- return 0;
-
---
-2.8.1
-
diff -Nru libgit2-0.24.2/debian/patches/fix_gmt14_timzone_bug.patch libgit2-0.24.5/debian/patches/fix_gmt14_timzone_bug.patch
--- libgit2-0.24.2/debian/patches/fix_gmt14_timzone_bug.patch 1970-01-01 10:00:00.000000000 +1000
+++ libgit2-0.24.5/debian/patches/fix_gmt14_timzone_bug.patch 2017-01-02 20:35:08.000000000 +1100
@@ -0,0 +1,29 @@
+From 23c9ff8632d8ae90d211601d3254ab7f4d35e853 Mon Sep 17 00:00:00 2001
+From: Andreas Henriksson <andr...@fatal.se>
+Date: Sat, 17 Dec 2016 17:33:13 +0100
+Subject: [PATCH] Fix off-by-one problems in git_signature__parse
+
+Etc/GMT-14 aka UTC+14:00 is a thing....
+https://en.wikipedia.org/wiki/UTC%2B14:00
+
+Also allow offsets on the last minute (59).
+
+Addresses: https://bugs.debian.org/841532
+Fixes: #3970
+---
+ src/signature.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/signature.c b/src/signature.c
+index dcc3797..22cba7e 100644
+--- a/src/signature.c
++++ b/src/signature.c
+@@ -251,7 +251,7 @@ int git_signature__parse(git_signature *sig, const char **buffer_out,
+ * only store timezone if it's not overflowing;
+ * see http://www.worldtimezone.com/faq.html
+ */
+- if (hours < 14 && mins < 59) {
++ if (hours <= 14 && mins <= 59) {
+ sig->when.offset = (hours * 60) + mins;
+ if (tz_start[0] == '-')
+ sig->when.offset = -sig->when.offset;
diff -Nru libgit2-0.24.2/debian/patches/series libgit2-0.24.5/debian/patches/series
--- libgit2-0.24.2/debian/patches/series 2016-11-04 18:36:41.000000000 +1100
+++ libgit2-0.24.5/debian/patches/series 2017-01-02 20:35:08.000000000 +1100
@@ -1,2 +1,2 @@
disable_tests.patch
-commit-always-initialize-commit-message.patch
+fix_gmt14_timzone_bug.patch
diff -Nru libgit2-0.24.2/debian/rules libgit2-0.24.5/debian/rules
--- libgit2-0.24.2/debian/rules 2016-11-04 18:36:41.000000000 +1100
+++ libgit2-0.24.5/debian/rules 2017-01-02 20:35:08.000000000 +1100
@@ -44,11 +44,9 @@
override_dh_auto_test:
mkdir -p build-debian-release/tmp
- # Force the timezone to GMT to work around bug with GMT-14 timezone
- # https://github.com/libgit2/libgit2/issues/3970
- TZ=/usr/share/zoneinfo/Etc/GMT dh_auto_test --builddirectory=build-debian-release
+ dh_auto_test --builddirectory=build-debian-release
mkdir -p build-debian-devel/tmp
- TZ=/usr/share/zoneinfo/Etc/GMT dh_auto_test --builddirectory=build-debian-devel
+ dh_auto_test --builddirectory=build-debian-devel
override_dh_strip:
dh_strip --dbgsym-migration='libgit2-dbg (<< 0.24.0-2~)'
diff -Nru libgit2-0.24.2/include/git2/version.h libgit2-0.24.5/include/git2/version.h
--- libgit2-0.24.2/include/git2/version.h 2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/include/git2/version.h 2017-01-02 20:47:27.000000000 +1100
@@ -7,10 +7,10 @@
#ifndef INCLUDE_git_version_h__
#define INCLUDE_git_version_h__
-#define LIBGIT2_VERSION "0.24.2"
+#define LIBGIT2_VERSION "0.24.5"
#define LIBGIT2_VER_MAJOR 0
#define LIBGIT2_VER_MINOR 24
-#define LIBGIT2_VER_REVISION 2
+#define LIBGIT2_VER_REVISION 5
#define LIBGIT2_VER_PATCH 0
#define LIBGIT2_SOVERSION 24
diff -Nru libgit2-0.24.2/script/cibuild.sh libgit2-0.24.5/script/cibuild.sh
--- libgit2-0.24.2/script/cibuild.sh 2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/script/cibuild.sh 2017-01-02 20:47:27.000000000 +1100
@@ -44,8 +44,13 @@
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
ssh-keyscan -t rsa localhost >>~/.ssh/known_hosts
-# Get the fingerprint for localhost and remove the colons so we can parse it as a hex number
-export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -F localhost -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':')
+# Get the fingerprint for localhost and remove the colons so we can parse it as
+# a hex number. The Mac version is newer so it has a different output format.
+if [ "$TRAVIS_OS_NAME" = "osx" ]; then
+ export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -E md5 -F localhost -l | tail -n 1 | cut -d ' ' -f 3 | cut -d : -f2- | tr -d :)
+else
+ export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -F localhost -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':')
+fi
export GITTEST_REMOTE_URL="ssh://localhost/$HOME/_temp/test.git"
export GITTEST_REMOTE_USER=$USER
diff -Nru libgit2-0.24.2/src/commit.c libgit2-0.24.5/src/commit.c
--- libgit2-0.24.2/src/commit.c 2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/src/commit.c 2017-01-02 20:47:27.000000000 +1100
@@ -410,10 +410,11 @@
buffer = buffer_start + header_len + 1;
/* extract commit message */
- if (buffer <= buffer_end) {
+ if (buffer <= buffer_end)
commit->raw_message = git__strndup(buffer, buffer_end - buffer);
- GITERR_CHECK_ALLOC(commit->raw_message);
- }
+ else
+ commit->raw_message = git__strdup("");
+ GITERR_CHECK_ALLOC(commit->raw_message);
return 0;
diff -Nru libgit2-0.24.2/src/openssl_stream.c libgit2-0.24.5/src/openssl_stream.c
--- libgit2-0.24.2/src/openssl_stream.c 2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/src/openssl_stream.c 2017-01-02 20:47:27.000000000 +1100
@@ -13,6 +13,7 @@
#include "posix.h"
#include "stream.h"
#include "socket_stream.h"
+#include "openssl_stream.h"
#include "netops.h"
#include "git2/transport.h"
#include "git2/sys/openssl.h"
@@ -71,12 +72,20 @@
#endif /* GIT_THREADS */
+static BIO_METHOD *git_stream_bio_method;
+static int init_bio_method(void);
+
/**
* This function aims to clean-up the SSL context which
* we allocated.
*/
static void shutdown_ssl(void)
{
+ if (git_stream_bio_method) {
+ BIO_meth_free(git_stream_bio_method);
+ git_stream_bio_method = NULL;
+ }
+
if (git__ssl_ctx) {
SSL_CTX_free(git__ssl_ctx);
git__ssl_ctx = NULL;
@@ -121,6 +130,13 @@
git__ssl_ctx = NULL;
return -1;
}
+
+ if (init_bio_method() < 0) {
+ SSL_CTX_free(git__ssl_ctx);
+ git__ssl_ctx = NULL;
+ return -1;
+ }
+
#endif
git__on_shutdown(shutdown_ssl);
@@ -156,10 +172,8 @@
static int bio_create(BIO *b)
{
- b->init = 1;
- b->num = 0;
- b->ptr = NULL;
- b->flags = 0;
+ BIO_set_init(b, 1);
+ BIO_set_data(b, NULL);
return 1;
}
@@ -169,23 +183,22 @@
if (!b)
return 0;
- b->init = 0;
- b->num = 0;
- b->ptr = NULL;
- b->flags = 0;
+ BIO_set_data(b, NULL);
return 1;
}
static int bio_read(BIO *b, char *buf, int len)
{
- git_stream *io = (git_stream *) b->ptr;
+ git_stream *io = (git_stream *) BIO_get_data(b);
+
return (int) git_stream_read(io, buf, len);
}
static int bio_write(BIO *b, const char *buf, int len)
{
- git_stream *io = (git_stream *) b->ptr;
+ git_stream *io = (git_stream *) BIO_get_data(b);
+
return (int) git_stream_write(io, buf, len, 0);
}
@@ -214,17 +227,22 @@
return bio_write(b, str, strlen(str));
}
-static BIO_METHOD git_stream_bio_method = {
- BIO_TYPE_SOURCE_SINK,
- "git_stream",
- bio_write,
- bio_read,
- bio_puts,
- bio_gets,
- bio_ctrl,
- bio_create,
- bio_destroy
-};
+static int init_bio_method(void)
+{
+ /* Set up the BIO_METHOD we use for wrapping our own stream implementations */
+ git_stream_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK | BIO_get_new_index(), "git_stream");
+ GITERR_CHECK_ALLOC(git_stream_bio_method);
+
+ BIO_meth_set_write(git_stream_bio_method, bio_write);
+ BIO_meth_set_read(git_stream_bio_method, bio_read);
+ BIO_meth_set_puts(git_stream_bio_method, bio_puts);
+ BIO_meth_set_gets(git_stream_bio_method, bio_gets);
+ BIO_meth_set_ctrl(git_stream_bio_method, bio_ctrl);
+ BIO_meth_set_create(git_stream_bio_method, bio_create);
+ BIO_meth_set_destroy(git_stream_bio_method, bio_destroy);
+
+ return 0;
+}
static int ssl_set_error(SSL *ssl, int error)
{
@@ -339,7 +357,7 @@
num = sk_GENERAL_NAME_num(alts);
for (i = 0; i < num && matched != 1; i++) {
const GENERAL_NAME *gn = sk_GENERAL_NAME_value(alts, i);
- const char *name = (char *) ASN1_STRING_data(gn->d.ia5);
+ const char *name = (char *) ASN1_STRING_get0_data(gn->d.ia5);
size_t namelen = (size_t) ASN1_STRING_length(gn->d.ia5);
/* Skip any names of a type we're not looking for */
@@ -394,7 +412,7 @@
if (size > 0) {
peer_cn = OPENSSL_malloc(size + 1);
GITERR_CHECK_ALLOC(peer_cn);
- memcpy(peer_cn, ASN1_STRING_data(str), size);
+ memcpy(peer_cn, ASN1_STRING_get0_data(str), size);
peer_cn[size] = '\0';
} else {
goto cert_fail_name;
@@ -445,11 +463,12 @@
st->connected = true;
- bio = BIO_new(&git_stream_bio_method);
+ bio = BIO_new(git_stream_bio_method);
GITERR_CHECK_ALLOC(bio);
- bio->ptr = st->io;
+ BIO_set_data(bio, st->io);
SSL_set_bio(st->ssl, bio, bio);
+
/* specify the host in case SNI is needed */
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_set_tlsext_host_name(st->ssl, st->host);
diff -Nru libgit2-0.24.2/src/openssl_stream.h libgit2-0.24.5/src/openssl_stream.h
--- libgit2-0.24.2/src/openssl_stream.h 2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/src/openssl_stream.h 2017-01-02 20:47:27.000000000 +1100
@@ -13,4 +13,110 @@
extern int git_openssl_stream_new(git_stream **out, const char *host, const char *port);
+/*
+ * OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
+ * which do not exist in previous versions. We define these inline functions so
+ * we can program against the interface instead of littering the implementation
+ * with ifdefs.
+ */
+#ifdef GIT_OPENSSL
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# include <openssl/x509v3.h>
+# include <openssl/bio.h>
+
+
+
+# if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
+{
+ BIO_METHOD *meth = git__calloc(1, sizeof(BIO_METHOD));
+ if (!meth) {
+ return NULL;
+ }
+
+ meth->type = type;
+ meth->name = name;
+
+ return meth;
+}
+
+GIT_INLINE(void) BIO_meth_free(BIO_METHOD *biom)
+{
+ git__free(biom);
+}
+
+GIT_INLINE(int) BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int))
+{
+ biom->bwrite = write;
+ return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int))
+{
+ biom->bread = read;
+ return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *))
+{
+ biom->bputs = puts;
+ return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int))
+
+{
+ biom->bgets = gets;
+ return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *))
+{
+ biom->ctrl = ctrl;
+ return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
+{
+ biom->create = create;
+ return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
+{
+ biom->destroy = destroy;
+ return 1;
+}
+
+GIT_INLINE(int) BIO_get_new_index(void)
+{
+ /* This exists as of 1.1 so before we'd just have 0 */
+ return 0;
+}
+
+GIT_INLINE(void) BIO_set_init(BIO *b, int init)
+{
+ b->init = init;
+}
+
+GIT_INLINE(void) BIO_set_data(BIO *a, void *ptr)
+{
+ a->ptr = ptr;
+}
+
+GIT_INLINE(void*) BIO_get_data(BIO *a)
+{
+ return a->ptr;
+}
+
+GIT_INLINE(const unsigned char *) ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+ return ASN1_STRING_data((ASN1_STRING *)x);
+}
+
+# endif // OpenSSL < 1.1
+#endif // GIT_OPENSSL
+
#endif
diff -Nru libgit2-0.24.2/src/tree.c libgit2-0.24.5/src/tree.c
--- libgit2-0.24.2/src/tree.c 2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/src/tree.c 2017-01-02 20:47:27.000000000 +1100
@@ -447,7 +447,12 @@
if ((nul = memchr(buffer, 0, buffer_end - buffer)) == NULL)
return tree_error("Failed to parse tree. Object is corrupted", NULL);
- filename_len = nul - buffer;
+ if ((filename_len = nul - buffer) == 0)
+ return tree_error("Failed to parse tree. Can't parse filename", NULL);
+
+ if ((buffer_end - (nul + 1)) < GIT_OID_RAWSZ)
+ return tree_error("Failed to parse tree. Can't parse OID", NULL);
+
/* Allocate the entry */
{
entry = git_array_alloc(tree->entries);
