meta/recipes-devtools/git/git-2.5.0/0012-CVE-2015-7545-5.patch - stefanberger/openbmc - Gitiles

 From b258116462399b318c86165c61a5c7123043cfd4 Mon Sep 17 00:00:00 2001
 From: Blake Burkhart <bburky@bburky.com>
 Date: Tue, 22 Sep 2015 18:06:20 -0400
 Subject: [PATCH] http: limit redirection depth

 By default, libcurl will follow circular http redirects
 forever. Let's put a cap on this so that somebody who can
 trigger an automated fetch of an arbitrary repository (e.g.,
 for CI) cannot convince git to loop infinitely.

 The value chosen is 20, which is the same default that
 Firefox uses.

 Signed-off-by: Jeff King <peff@peff.net>
 Signed-off-by: Junio C Hamano <gitster@pobox.com>

 Upstream-Status: Backport

 http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz

 CVE: CVE-2015-7545 #5
 Singed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  http.c                        | 1 +
  t/lib-httpd/apache.conf       | 3 +++
  t/t5812-proto-disable-http.sh | 4 ++++
  3 files changed, 8 insertions(+)

 Index: git-2.5.0/http.c
 ===================================================================
 --- git-2.5.0.orig/http.c	2015-12-11 12:48:02.900163824 -0500
 +++ git-2.5.0/http.c	2015-12-11 12:48:02.896163796 -0500
 @@ -396,6 +396,7 @@
  	}

  	curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1);
 +	curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
  #if LIBCURL_VERSION_NUM >= 0x071301
  	curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
  #elif LIBCURL_VERSION_NUM >= 0x071101
 Index: git-2.5.0/t/lib-httpd/apache.conf
 ===================================================================
 --- git-2.5.0.orig/t/lib-httpd/apache.conf	2015-12-11 12:48:02.900163824 -0500
 +++ git-2.5.0/t/lib-httpd/apache.conf	2015-12-11 12:48:02.896163796 -0500
 @@ -121,6 +121,9 @@
  RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
  RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]

 +RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
 +RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
 +
  <IfDefine SSL>
  LoadModule ssl_module modules/mod_ssl.so

 Index: git-2.5.0/t/t5812-proto-disable-http.sh
 ===================================================================
 --- git-2.5.0.orig/t/t5812-proto-disable-http.sh	2015-12-11 12:48:02.900163824 -0500
 +++ git-2.5.0/t/t5812-proto-disable-http.sh	2015-12-11 12:48:02.896163796 -0500
 @@ -25,5 +25,9 @@
  	}
  '

 +test_expect_success 'curl limits redirects' '
 +	test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git"
 +'
 +
  stop_httpd
  test_done
	From b258116462399b318c86165c61a5c7123043cfd4 Mon Sep 17 00:00:00 2001
	From: Blake Burkhart <bburky@bburky.com>
	Date: Tue, 22 Sep 2015 18:06:20 -0400
	Subject: [PATCH] http: limit redirection depth

	By default, libcurl will follow circular http redirects
	forever. Let's put a cap on this so that somebody who can
	trigger an automated fetch of an arbitrary repository (e.g.,
	for CI) cannot convince git to loop infinitely.

	The value chosen is 20, which is the same default that
	Firefox uses.

	Signed-off-by: Jeff King <peff@peff.net>
	Signed-off-by: Junio C Hamano <gitster@pobox.com>

	Upstream-Status: Backport

	http://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.5.0-1ubuntu0.1.debian.tar.xz

	CVE: CVE-2015-7545 #5
	Singed-off-by: Armin Kuster <akuster@mvista.com>

	---
	http.c \| 1 +
	t/lib-httpd/apache.conf \| 3 +++
	t/t5812-proto-disable-http.sh \| 4 ++++
	3 files changed, 8 insertions(+)

	Index: git-2.5.0/http.c
	===================================================================
	--- git-2.5.0.orig/http.c 2015-12-11 12:48:02.900163824 -0500
	+++ git-2.5.0/http.c 2015-12-11 12:48:02.896163796 -0500
	@@ -396,6 +396,7 @@
	}

	curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1);
	+ curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
	#if LIBCURL_VERSION_NUM >= 0x071301
	curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
	#elif LIBCURL_VERSION_NUM >= 0x071101
	Index: git-2.5.0/t/lib-httpd/apache.conf
	===================================================================
	--- git-2.5.0.orig/t/lib-httpd/apache.conf 2015-12-11 12:48:02.900163824 -0500
	+++ git-2.5.0/t/lib-httpd/apache.conf 2015-12-11 12:48:02.896163796 -0500
	@@ -121,6 +121,9 @@
	RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
	RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]

	+RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
	+RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
	+
	<IfDefine SSL>
	LoadModule ssl_module modules/mod_ssl.so

	Index: git-2.5.0/t/t5812-proto-disable-http.sh
	===================================================================
	--- git-2.5.0.orig/t/t5812-proto-disable-http.sh 2015-12-11 12:48:02.900163824 -0500
	+++ git-2.5.0/t/t5812-proto-disable-http.sh 2015-12-11 12:48:02.896163796 -0500
	@@ -25,5 +25,9 @@
	}
	'

	+test_expect_success 'curl limits redirects' '
	+ test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git"
	+'
	+
	stop_httpd
	test_done