--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libgit2
This version is a minor update which contains some fixes for CVE-2016-10128
CVE-2016-10129 CVE-2016-10130 [0]
Sorry about the version number.
0. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406
unblock libgit2/0.25.1+really0.24.6-1
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
diff -Nru libgit2-0.24.5/debian/changelog libgit2-0.25.1+really0.24.6/debian/changelog
--- libgit2-0.24.5/debian/changelog 2017-01-02 10:35:08.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/debian/changelog 2017-05-21 18:18:47.000000000 +0200
@@ -1,3 +1,25 @@
+libgit2 (0.25.1+really0.24.6-1) unstable; urgency=medium
+
+ * Revert 0.25.1 in unstable, 0.24.5 was already in unstable 0.25.1 was
+ uploaded after the freeze.
+ * Release 0.24.6 (CVE-2016-10128, CVE-2016-10129, CVE-2016-10130)
+ (Closes: #851406)
+
+ -- Russell Sim <russell.sim@gmail.com> Sun, 21 May 2017 18:18:47 +0200
+
+libgit2 (0.25.1-2) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Russell Sim <russell.sim@gmail.com> Sat, 20 May 2017 19:27:39 +0200
+
+libgit2 (0.25.1-1) experimental; urgency=medium
+
+ * New upstream release. (CVE-2016-10128, CVE-2016-10129, CVE-2016-10130)
+ (Closes: #851406, #857068)
+
+ -- Russell Sim <russell.sim@gmail.com> Tue, 25 Apr 2017 07:29:37 +0200
+
libgit2 (0.24.5-1) unstable; urgency=medium
* New upstream release.
diff -Nru libgit2-0.24.5/include/git2/version.h libgit2-0.25.1+really0.24.6/include/git2/version.h
--- libgit2-0.24.5/include/git2/version.h 2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/include/git2/version.h 2017-01-09 21:26:28.000000000 +0100
@@ -7,10 +7,10 @@
#ifndef INCLUDE_git_version_h__
#define INCLUDE_git_version_h__
-#define LIBGIT2_VERSION "0.24.5"
+#define LIBGIT2_VERSION "0.24.6"
#define LIBGIT2_VER_MAJOR 0
#define LIBGIT2_VER_MINOR 24
-#define LIBGIT2_VER_REVISION 5
+#define LIBGIT2_VER_REVISION 6
#define LIBGIT2_VER_PATCH 0
#define LIBGIT2_SOVERSION 24
diff -Nru libgit2-0.24.5/src/transports/http.c libgit2-0.25.1+really0.24.6/src/transports/http.c
--- libgit2-0.24.5/src/transports/http.c 2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/src/transports/http.c 2017-01-09 21:26:28.000000000 +0100
@@ -602,13 +602,12 @@
if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL &&
git_stream_is_encrypted(t->io)) {
git_cert *cert;
- int is_valid;
+ int is_valid = (error == GIT_OK);
if ((error = git_stream_certificate(&cert, t->io)) < 0)
return error;
giterr_clear();
- is_valid = error != GIT_ECERTIFICATE;
error = t->owner->certificate_check_cb(cert, is_valid, t->connection_data.host, t->owner->message_cb_payload);
if (error < 0) {
diff -Nru libgit2-0.24.5/src/transports/smart_pkt.c libgit2-0.25.1+really0.24.6/src/transports/smart_pkt.c
--- libgit2-0.24.5/src/transports/smart_pkt.c 2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/src/transports/smart_pkt.c 2017-01-09 21:26:28.000000000 +0100
@@ -427,15 +427,23 @@
if (bufflen > 0 && bufflen < (size_t)len)
return GIT_EBUFS;
+ /*
+ * The length has to be exactly 0 in case of a flush
+ * packet or greater than PKT_LEN_SIZE, as the decoded
+ * length includes its own encoded length of four bytes.
+ */
+ if (len != 0 && len < PKT_LEN_SIZE)
+ return GIT_ERROR;
+
line += PKT_LEN_SIZE;
/*
- * TODO: How do we deal with empty lines? Try again? with the next
- * line?
+ * The Git protocol does not specify empty lines as part
+ * of the protocol. Not knowing what to do with an empty
+ * line, we should return an error upon hitting one.
*/
if (len == PKT_LEN_SIZE) {
- *head = NULL;
- *out = line;
- return 0;
+ giterr_set_str(GITERR_NET, "Invalid empty packet");
+ return GIT_ERROR;
}
if (len == 0) { /* Flush pkt */
diff -Nru libgit2-0.24.5/src/transports/smart_protocol.c libgit2-0.25.1+really0.24.6/src/transports/smart_protocol.c
--- libgit2-0.24.5/src/transports/smart_protocol.c 2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/src/transports/smart_protocol.c 2017-01-09 21:26:28.000000000 +0100
@@ -759,14 +759,6 @@
line_len -= (line_end - line);
line = line_end;
- /* When a valid packet with no content has been
- * read, git_pkt_parse_line does not report an
- * error, but the pkt pointer has not been set.
- * Handle this by skipping over empty packets.
- */
- if (pkt == NULL)
- continue;
-
error = add_push_report_pkt(push, pkt);
git_pkt_free(pkt);
@@ -821,9 +813,6 @@
error = 0;
- if (pkt == NULL)
- continue;
-
switch (pkt->type) {
case GIT_PKT_DATA:
/* This is a sideband packet which contains other packets */
diff -Nru libgit2-0.24.5/tests/online/badssl.c libgit2-0.25.1+really0.24.6/tests/online/badssl.c
--- libgit2-0.24.5/tests/online/badssl.c 2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/tests/online/badssl.c 2017-01-09 21:26:28.000000000 +0100
@@ -10,37 +10,71 @@
static bool g_has_ssl = false;
#endif
+static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
+{
+ GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);
+
+ cl_assert_equal_i(0, valid);
+
+ return GIT_ECERTIFICATE;
+}
+
void test_online_badssl__expired(void)
{
+ git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+ opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
if (!g_has_ssl)
cl_skip();
cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", NULL));
+
+ cl_git_fail_with(GIT_ECERTIFICATE,
+ git_clone(&g_repo, "https://expired.badssl.com/fake.git", "./fake", &opts));
}
void test_online_badssl__wrong_host(void)
{
+ git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+ opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
if (!g_has_ssl)
cl_skip();
cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", NULL));
+ cl_git_fail_with(GIT_ECERTIFICATE,
+ git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git", "./fake", &opts));
}
void test_online_badssl__self_signed(void)
{
+ git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+ opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
if (!g_has_ssl)
cl_skip();
cl_git_fail_with(GIT_ECERTIFICATE,
git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", NULL));
+ cl_git_fail_with(GIT_ECERTIFICATE,
+ git_clone(&g_repo, "https://self-signed.badssl.com/fake.git", "./fake", &opts));
}
void test_online_badssl__old_cipher(void)
{
+ git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+ opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
+ /* FIXME: we don't actually reject RC4 anywhere, figure out what to tweak */
+ cl_skip();
+
if (!g_has_ssl)
cl_skip();
- cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
+ cl_git_fail_with(GIT_ECERTIFICATE,
+ git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", NULL));
+ cl_git_fail_with(GIT_ECERTIFICATE,
+ git_clone(&g_repo, "https://rc4.badssl.com/fake.git", "./fake", &opts));
}
--- End Message ---