The git package in Buildroot is quite lagging behind (v2.31.4, released
on July 12, 2022 while the baseline v2.31.0 was released on March 15,
2021). Bump the package to v2.39.0 (released December 12, 2022).
While at it, also replace patch fixing uclibc no threads build with two
patches cherry-picked from upstream next branch, which fixes the same
issue by fixing the handling of flockfile(), funlockfile(), and
getc_unlocked() declarations. These patches missed the release but
planned for next maintenance release (v2.39.1).
The reason for replacing the patch is when original fix patch was
upstreamed [1], Jeff King noted that the build failure root cause
was flockfile() is defined regardless of whether uclibc is configured with
threads support or not [2].
Release notes for v2.39.0 is available on release announcement on Git
mailing list at [3].
[1]: https://lore.kernel.org/git/20221125092339.29433-1-bagasdotme@gmail.com/
[2]: https://lore.kernel.org/git/Y4RAr04vS%2FTOM5uh@coredump.intra.peff.net/
[3]: https://lore.kernel.org/git/xmqqlencspnl.fsf@gitster.g/
Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
* CVE-2022-39253:
When relying on the `--local` clone optimization, Git dereferences
symbolic links in the source repository before creating hardlinks
(or copies) of the dereferenced link in the destination repository.
This can lead to surprising behavior where arbitrary files are
present in a repository's `$GIT_DIR` when cloning from a malicious
repository.
Git will no longer dereference symbolic links via the `--local`
clone mechanism, and will instead refuse to clone repositories that
have symbolic links present in the `$GIT_DIR/objects` directory.
Additionally, the value of `protocol.file.allow` is changed to be
"user" by default.
* CVE-2022-39260:
An overly-long command string given to `git shell` can result in
overflow in `split_cmdline()`, leading to arbitrary heap writes and
remote code execution when `git shell` is exposed and the directory
`$HOME/git-shell-commands` exists.
`git shell` is taught to refuse interactive commands that are
longer than 4MiB in size. `split_cmdline()` is hardened to reject
inputs larger than 2GiB.
https://github.com/git/git/blob/v2.31.5/Documentation/RelNotes/2.31.5.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix CVE-2022-29187: Git is a distributed revision control system. Git
prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3,
2.31.4, and 2.30.5, is vulnerable to privilege escalation in all
platforms. An unsuspecting user could still be affected by the issue
reported in CVE-2022-24765, for example when navigating as root into a
shared tmp directory that is owned by them, but where an attacker could
create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4,
2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The
simplest way to avoid being affected by the exploit described in the
example is to avoid running git as root (or an Administrator in
Windows), and if needed to reduce its use to a minimum. While a generic
workaround is not possible, a system could be hardened from the exploit
described in the example by removing any such repository if it exists
already and creating one as root to block any future attacks.
https://github.com/git/git/blob/v2.31.4/Documentation/RelNotes/2.31.4.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue:
CVE-2022-24765:
On multi-user machines, Git users might find themselves unexpectedly in
a Git worktree, e.g. when there is a scratch space (`/scratch/`) intended
for all users and another user created a repository in `/scratch/.git`.
Merely having a Git-aware prompt that runs `git status` (or `git diff`)
and navigating to a directory which is supposedly not a Git worktree, or
opening such a directory in an editor or IDE such as VS Code or Atom, will
potentially run commands defined by that other user via
`/scratch/.git/config`.
https://www.openwall.com/lists/oss-security/2022/04/12/7
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
xdg SELinux module is needed to avoid the following build failure raised
since bump of refpolicy to version 2.20220106 in commit
f6691d122c and
64e637d895:
policy/modules/services/git.te:121:ERROR 'attribute xdg_config_type is not declared' at token ';' on line 115358:
typeattribute git_xdg_config_t xdg_config_type;
#line 121
checkpolicy: error(s) encountered while parsing configuration
Rules.monolithic:78: recipe for target 'policy.30' failed
Fixes:
- http://autobuild.buildroot.org/results/98d5b3db313000855721c0ad994951fe8cc781c0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
As pointed by Peter combined condition of the 2 gcc bugs is potentially
wrong, but as Thomas pointed in this case it's not harmful. Let's fix it
anyway since it's basically wrong even it doesn't cause harm.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
* CVE-2019-1348:
The --export-marks option of git fast-import is exposed also via
the in-stream command feature export-marks=... and it allows
overwriting arbitrary paths.
* CVE-2019-1349:
When submodules are cloned recursively, under certain circumstances
Git could be fooled into using the same Git directory twice. We now
require the directory to be empty.
* CVE-2019-1350:
Incorrect quoting of command-line arguments allowed remote code
execution during a recursive clone in conjunction with SSH URLs.
* CVE-2019-1351:
While the only permitted drive letters for physical drives on
Windows are letters of the US-English alphabet, this restriction
does not apply to virtual drives assigned via subst <letter>:
<path>. Git mistook such paths for relative paths, allowing writing
outside of the worktree while cloning.
* CVE-2019-1352:
Git was unaware of NTFS Alternate Data Streams, allowing files
inside the .git/ directory to be overwritten during a clone.
* CVE-2019-1353:
When running Git in the Windows Subsystem for Linux (also known as
"WSL") while accessing a working directory on a regular Windows
drive, none of the NTFS protections were active.
* CVE-2019-1354:
Filenames on Linux/Unix can contain backslashes. On Windows,
backslashes are directory separators. Git did not use to refuse to
write out tracked files with such filenames.
* CVE-2019-1387:
Recursive clones are currently affected by a vulnerability that is
caused by too-lax validation of submodule names, allowing very
targeted attacks via remote code execution in recursive clones.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
After (8aa5ee1721 package/git: bump to version 2.22.0) autoreconf
is not needed anymore because patch which modified the configure
script was removed.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Remove patch with NLS fix because it is was added into latest version.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:
/home/test/autobuild/run/instance-2/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_cert.o): In function `CRYPTO_DOWN_REF':
/home/test/autobuild/run/instance-2/output/build/libopenssl-1.1.1a/include/internal/refcount.h:50: undefined reference to `__atomic_fetch_sub_4'
This is often for example the case on sparcv8 32 bit.
To fix this issue, use pkg-config to retrieve openssl dependencies
including atomic library, these dependencies must be passed to
LIB_4_CRYPTO IN GIT_MAKE_OPTS
Fixes:
- http://autobuild.buildroot.org/results/3093897d14a854a7252b25b2fa1f8fdcbb26c9b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Forward port of security fixes from the 2.13.7 release. The 2.13.7
release notes say this:
* Submodule "names" come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting "../" into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235).
Credit for finding this vulnerability and the proof of concept from
which the test script was adapted goes to Etienne Stalmans.
* It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233).
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Renamed --with-libpcre to --with-libpcre1. Currently --with-libpcre
activates pcre1 support but this can change in the future to pcre2:
df7fd961a9/configure.ac (L258)
Please note that we cannot use --with-/--without because it will lead
to an error reported by configure, for example
--with-libpcre1 --without-libpcre2
will produce
configure: error: Only supply one of --with-libpcre1 or --with-libpcre2!
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The check-package script when ran gives warnings on text wrapping
on all of these Config files. This patch cleans up all warnings
related to the text wrapping for the Config files starting with
the letter g in the package directory.
The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit switches to use the new gettext logic, which involves
using TARGET_NLS_DEPENDENCIES instead of hand-encoded dependencies
on gettext/host-gettext.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The check-package script when ran gave warnings on only using
one space before backslashes on all of these makefiles.
This patch cleans up all warnings related to the one space before
backslashes rule in the make files in the package directory.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
When building git with toolchain that don't have thread support, we
get following build errors:
CC builtin/hash-object.o
builtin/grep.c: In function 'grep_submodule_launch':
builtin/grep.c:596:34: error: dereferencing pointer to incomplete type 'struct work_item'
status = capture_command(&cp, &w->out, 0);
^
builtin/grep.c: In function 'grep_submodule':
builtin/grep.c:644:20: error: storage size of 'w' isn't known
struct work_item w;
^
make[2]: *** [builtin/grep.o] Error 1
make[2]: *** Waiting for unfinished jobs....
Add two upstream patches to fix this issue.
Fixes:
http://autobuild.buildroot.net/results/94b/94bce9a99a5ce9894a6918774ab75e23d12c1394/
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
