From 4e76779702316f07e1f6d52940fb49dd7c39ffa2 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 12 2018 11:00:01 +0000
Subject: import rh-git29-git-2.9.3-8.el7


---

diff --git a/SOURCES/git-cve-2018-17456-arbitrary-execution-fsck-tests.patch b/SOURCES/git-cve-2018-17456-arbitrary-execution-fsck-tests.patch
new file mode 100644
index 0000000..4a18161
--- /dev/null
+++ b/SOURCES/git-cve-2018-17456-arbitrary-execution-fsck-tests.patch
@@ -0,0 +1,46 @@
+diff -ruN git-2.9.3/t/t7416-submodule-dash-url.sh git-2.9.3_patched/t/t7416-submodule-dash-url.sh
+--- git-2.9.3/t/t7416-submodule-dash-url.sh	2018-10-29 17:34:24.026464641 +0100
++++ git-2.9.3_patched/t/t7416-submodule-dash-url.sh	2018-10-29 17:36:35.839468588 +0100
+@@ -20,6 +20,13 @@
+ 	test_cmp expect actual
+ '
+ 
++test_expect_success 'fsck accepts protected dash' '
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	git push dst HEAD
++'
++
+ test_expect_success 'remove ./ protection from .gitmodules url' '
+ 	perl -i -pe "s{\./}{}" .gitmodules &&
+ 	git commit -am "drop protection"
+@@ -31,4 +38,12 @@
+ 	test_i18ngrep ignoring err
+ '
+ 
++test_expect_success 'fsck rejects unprotected dash' '
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesUrl err
++'
++
+ test_done
+diff -ruN git-2.9.3/t/t7417-submodule-path-url.sh git-2.9.3_patched/t/t7417-submodule-path-url.sh
+--- git-2.9.3/t/t7417-submodule-path-url.sh	2018-10-29 17:34:24.026464641 +0100
++++ git-2.9.3_patched/t/t7417-submodule-path-url.sh	2018-10-29 17:34:44.272493015 +0100
+@@ -17,4 +17,12 @@
+ 	test_i18ngrep ignoring err
+ '
+ 
++test_expect_success 'fsck rejects unprotected dash' '
++	test_when_finished "rm -rf dst" &&
++	git init --bare dst &&
++	git -C dst config transfer.fsckObjects true &&
++	test_must_fail git push dst HEAD 2>err &&
++	grep gitmodulesPath err
++'
++
+ test_done
diff --git a/SOURCES/git-cve-2018-17456-arbitrary-execution-fsck.patch b/SOURCES/git-cve-2018-17456-arbitrary-execution-fsck.patch
new file mode 100644
index 0000000..9fc4f47
--- /dev/null
+++ b/SOURCES/git-cve-2018-17456-arbitrary-execution-fsck.patch
@@ -0,0 +1,34 @@
+diff -ruN git-2.9.3/fsck.c git-2.9.3_patched/fsck.c
+--- git-2.9.3/fsck.c	2018-10-29 17:34:24.023464636 +0100
++++ git-2.9.3_patched/fsck.c	2018-10-29 17:37:41.345363601 +0100
+@@ -94,7 +94,9 @@
+ 	FUNC(GITMODULES_BLOB, ERROR) \
+ 	FUNC(GITMODULES_PARSE, ERROR) \
+ 	FUNC(GITMODULES_NAME, ERROR) \
++	FUNC(GITMODULES_PATH, ERROR) \
+ 	FUNC(GITMODULES_SYMLINK, ERROR) \
++	FUNC(GITMODULES_URL, ERROR) \
+ 	/* warnings */ \
+ 	FUNC(BAD_FILEMODE, WARN) \
+ 	FUNC(EMPTY_NAME, WARN) \
+@@ -872,6 +874,20 @@
+ 				    FSCK_MSG_GITMODULES_NAME,
+ 				    "disallowed submodule name: %s",
+ 				    name);
++
++	if (!strcmp(key, "path") && value &&
++	    looks_like_command_line_option(value))
++		data->ret |= report(data->options, data->obj,
++				    FSCK_MSG_GITMODULES_PATH,
++				    "disallowed submodule path: %s",
++				    value);
++
++	if (!strcmp(key, "url") && value &&
++	    looks_like_command_line_option(value))
++		data->ret |= report(data->options, data->obj,
++				    FSCK_MSG_GITMODULES_URL,
++				    "disallowed submodule url: %s",
++				    value);
+ 	free(name);
+ 
+ 	return 0;
diff --git a/SOURCES/git-cve-2018-17456-arbitrary-execution-tests.patch b/SOURCES/git-cve-2018-17456-arbitrary-execution-tests.patch
new file mode 100644
index 0000000..1bbd91b
--- /dev/null
+++ b/SOURCES/git-cve-2018-17456-arbitrary-execution-tests.patch
@@ -0,0 +1,80 @@
+diff -ruN git-2.9.3/t/t7400-submodule-basic.sh git-2.9.3_patched/t/t7400-submodule-basic.sh
+--- git-2.9.3/t/t7400-submodule-basic.sh	2016-08-12 21:38:45.000000000 +0200
++++ git-2.9.3_patched/t/t7400-submodule-basic.sh	2018-10-24 17:15:18.869070834 +0200
+@@ -38,6 +38,14 @@
+ 	test_i18ngrep "Submodule path .sub. not initialized" actual
+ '
+ 
++test_expect_success 'submodule update aborts on missing gitmodules url' '
++	test_when_finished "git update-index --remove sub" &&
++	git update-index --add --cacheinfo 160000,$(git rev-parse HEAD),sub &&
++	test_when_finished "rm -f .gitmodules" &&
++	git config -f .gitmodules submodule.s.path sub &&
++	test_must_fail git submodule init
++'
++
+ test_expect_success 'configuration parsing' '
+ 	test_when_finished "rm -f .gitmodules" &&
+ 	cat >.gitmodules <<-\EOF &&
+diff -ruN git-2.9.3/t/t7416-submodule-dash-url.sh git-2.9.3_patched/t/t7416-submodule-dash-url.sh
+--- git-2.9.3/t/t7416-submodule-dash-url.sh	1970-01-01 01:00:00.000000000 +0100
++++ git-2.9.3_patched/t/t7416-submodule-dash-url.sh	2018-10-24 17:14:53.014897346 +0200
+@@ -0,0 +1,34 @@
++#!/bin/sh
++
++test_description='check handling of .gitmodule url with dash'
++. ./test-lib.sh
++
++test_expect_success 'create submodule with protected dash in url' '
++	git init upstream &&
++	git -C upstream commit --allow-empty -m base &&
++	mv upstream ./-upstream &&
++	git submodule add ./-upstream sub &&
++	git add sub .gitmodules &&
++	git commit -m submodule
++'
++
++test_expect_success 'clone can recurse submodule' '
++	test_when_finished "rm -rf dst" &&
++	git clone --recurse-submodules . dst &&
++	echo base >expect &&
++	git -C dst/sub log -1 --format=%s >actual &&
++	test_cmp expect actual
++'
++
++test_expect_success 'remove ./ protection from .gitmodules url' '
++	perl -i -pe "s{\./}{}" .gitmodules &&
++	git commit -am "drop protection"
++'
++
++test_expect_success 'clone rejects unprotected dash' '
++	test_when_finished "rm -rf dst" &&
++	test_must_fail git clone --recurse-submodules . dst 2>err &&
++	test_i18ngrep ignoring err
++'
++
++test_done
+diff -ruN git-2.9.3/t/t7417-submodule-path-url.sh git-2.9.3_patched/t/t7417-submodule-path-url.sh
+--- git-2.9.3/t/t7417-submodule-path-url.sh	1970-01-01 01:00:00.000000000 +0100
++++ git-2.9.3_patched/t/t7417-submodule-path-url.sh	2018-10-24 17:13:59.893500178 +0200
+@@ -0,0 +1,20 @@
++#!/bin/sh
++
++test_description='check handling of .gitmodule path with dash'
++. ./test-lib.sh
++
++test_expect_success 'create submodule with dash in path' '
++	git init upstream &&
++	git -C upstream commit --allow-empty -m base &&
++	git submodule add ./upstream sub &&
++	git mv sub ./-sub &&
++	git commit -m submodule
++'
++
++test_expect_success 'clone rejects unprotected dash' '
++	test_when_finished "rm -rf dst" &&
++	test_might_fail git clone --recurse-submodules . dst 2>err &&
++	test_i18ngrep ignoring err
++'
++
++test_done
diff --git a/SOURCES/git-cve-2018-17456-arbitrary-execution.patch b/SOURCES/git-cve-2018-17456-arbitrary-execution.patch
new file mode 100644
index 0000000..c94a041
--- /dev/null
+++ b/SOURCES/git-cve-2018-17456-arbitrary-execution.patch
@@ -0,0 +1,61 @@
+diff -ruN git-2.9.3/builtin/submodule--helper.c git-2.9.3_patched/builtin/submodule--helper.c
+--- git-2.9.3/builtin/submodule--helper.c	2018-10-24 17:19:08.952614832 +0200
++++ git-2.9.3_patched/builtin/submodule--helper.c	2018-10-24 17:15:18.869070834 +0200
+@@ -332,12 +332,12 @@
+ 	strbuf_reset(&sb);
+ 	strbuf_addf(&sb, "submodule.%s.url", sub->name);
+ 	if (git_config_get_string(sb.buf, &url)) {
+-		url = xstrdup(sub->url);
+-
+-		if (!url)
++		if (!sub->url)
+ 			die(_("No url found for submodule path '%s' in .gitmodules"),
+ 				displaypath);
+ 
++		url = xstrdup(sub->url);
++
+ 		/* Possibly a url relative to parent */
+ 		if (starts_with_dot_dot_slash(url) ||
+ 		    starts_with_dot_slash(url)) {
+@@ -458,6 +458,7 @@
+ 	if (gitdir && *gitdir)
+ 		argv_array_pushl(&cp.args, "--separate-git-dir", gitdir, NULL);
+ 
++	argv_array_push(&cp.args, "--");
+ 	argv_array_push(&cp.args, url);
+ 	argv_array_push(&cp.args, path);
+ 
+diff -ruN git-2.9.3/submodule-config.c git-2.9.3_patched/submodule-config.c
+--- git-2.9.3/submodule-config.c	2018-10-24 17:19:08.952614832 +0200
++++ git-2.9.3_patched/submodule-config.c	2018-10-24 17:14:53.013897339 +0200
+@@ -302,6 +302,12 @@
+ 			commit_string, name, option);
+ }
+ 
++static void warn_command_line_option(const char *var, const char *value)
++{
++	warning(_("ignoring '%s' which may be interpreted as"
++		  " a command-line option: %s"), var, value);
++}
++
+ struct parse_config_parameter {
+ 	struct submodule_cache *cache;
+ 	const unsigned char *commit_sha1;
+@@ -327,6 +333,8 @@
+ 	if (!strcmp(item.buf, "path")) {
+ 		if (!value)
+ 			ret = config_error_nonbool(var);
++		else if (looks_like_command_line_option(value))
++			warn_command_line_option(var, value);
+ 		else if (!me->overwrite && submodule->path)
+ 			warn_multiple_config(me->commit_sha1, submodule->name,
+ 					"path");
+@@ -367,6 +375,8 @@
+ 	} else if (!strcmp(item.buf, "url")) {
+ 		if (!value) {
+ 			ret = config_error_nonbool(var);
++		} else if (looks_like_command_line_option(value)) {
++			warn_command_line_option(var, value);
+ 		} else if (!me->overwrite && submodule->url) {
+ 			warn_multiple_config(me->commit_sha1, submodule->name,
+ 					"url");
diff --git a/SPECS/git.spec b/SPECS/git.spec
index 8c2f699..8f923ee 100644
--- a/SPECS/git.spec
+++ b/SPECS/git.spec
@@ -71,7 +71,7 @@
 
 Name:           %{?scl_prefix}git
 Version:        2.9.3
-Release:        5%{?dist}
+Release:        8%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
 Group:          Development/Tools
@@ -123,6 +123,10 @@ Patch8:         git-cve-2017-1000117.patch
 # which is part of the patch series git-cve-2018-11235.patch
 Patch9:         git-cve-2018-11235.patch
 Patch10:        git-cve-2018-11235-fsck.patch
+Patch11:        git-cve-2018-17456-arbitrary-execution.patch
+Patch12:        git-cve-2018-17456-arbitrary-execution-tests.patch
+Patch13:        git-cve-2018-17456-arbitrary-execution-fsck.patch
+Patch14:        git-cve-2018-17456-arbitrary-execution-fsck-tests.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -467,8 +471,12 @@ rm -rf "$gpghome" # Cleanup tmp gpg home dir
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
 
-chmod a+x t/t0011-hashmap.sh t/t1307-config-blob.sh t/t4139-apply-escape.sh t/t7415-submodule-names.sh
+chmod a+x t/t0011-hashmap.sh t/t1307-config-blob.sh t/t4139-apply-escape.sh t/t7415-submodule-names.sh t/t7416-submodule-dash-url.sh t/t7417-submodule-path-url.sh
 
 %if %{use_prebuilt_docs}
 mkdir -p prebuilt_docs/{html,man}
@@ -732,12 +740,12 @@ grep -E "$not_core_re" bin-man-doc-files > bin-man-doc-git-files
   grep -qi "^Name=%{scl}" %{buildroot}%{appdesktopdir}/*git-gui.desktop
   grep -qi "^GenericName=%{scl}" %{buildroot}%{appdesktopdir}/*git-gui.desktop
 
-  # Run tests with enabled scl, so that httpd24-libcurl dependencies
-  # are searched for at the right place (/opt/rh/httpd24)
-  %{?scl:scl enable %{scl_httpd} - << "EOF"}
-    make test
-  %{?scl:EOF}
 %endif
+# Run tests with enabled scl, so that httpd24-libcurl dependencies
+# are searched for at the right place (/opt/rh/httpd24)
+%{?scl:scl enable %{scl_httpd} - << "EOF"}
+make test
+%{?scl:EOF}
 
 %clean
 rm -rf %{buildroot}
@@ -885,6 +893,21 @@ rm -rf %{buildroot}
 # No files for you!
 
 %changelog
+* Wed Oct 31 2018 Marcel Plch <mplch@redhat.com> - 2.9.3-8
+- Edit wording in changelog
+- Related: CVE-2018-17456
+
+* Tue Oct 30 2018 Marcel Plch <mplch@redhat.com> - 2.9.3-7
+- Add fsck fix missing in previous commit
+- Resolves: CVE-2018-17456
+
+* Wed Oct 24 2018 Marcel Plch <mplch@redhat.com> - 2.9.3-6
+- Patch for arbitrary code execution via .gitmodules (CVE-2018-17456)
+- Original backport by Jonathan Nieder for Debian
+- Original backport: https://repo.or.cz/git/debian.git/commit/63af93488dc4066a937aaa130b35dff398db2368
+- Original tests: https://repo.or.cz/git/debian.git/commit/2b4d394113d28a856f2cf375d0cbef3806e9a2c8
+- Resolves: rhbz#1638265
+
 * Fri Aug 24 2018 Pavel Cahyna <pcahyna@redhat.com> - 2.9.3-5
 - rebuild for all arches (#1618394)