Bug#863486: marked as done (unblock: libgit2/0.25.1+really0.24.6-1)

To: Ivo De Decker <ivodd@respighi.debian.org>
Subject: Bug#863486: marked as done (unblock: libgit2/0.25.1+really0.24.6-1)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 27 May 2017 19:57:11 +0000
Message-id: <[🔎] handler.863486.D863486.1495914828837.ackdone@bugs.debian.org>
References: <E1dEhmT-0003qI-Vn@respighi.debian.org> <[🔎] 149590353252.25630.5255683639932256879.reportbug@marvin.home>

Your message dated Sat, 27 May 2017 19:53:45 +0000
with message-id <E1dEhmT-0003qI-Vn@respighi.debian.org>
and subject line unblock libgit2
has caused the Debian Bug report #863486,
regarding unblock: libgit2/0.25.1+really0.24.6-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
863486: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863486
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: libgit2/0.25.1+really0.24.6-1
From: Russell Sim <russell.sim@gmail.com>
Date: Sat, 27 May 2017 18:45:32 +0200
Message-id: <[🔎] 149590353252.25630.5255683639932256879.reportbug@marvin.home>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libgit2

This version is a minor update which contains some fixes for CVE-2016-10128
CVE-2016-10129 CVE-2016-10130 [0]

Sorry about the version number.

0. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406

unblock libgit2/0.25.1+really0.24.6-1

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

diff -Nru libgit2-0.24.5/debian/changelog libgit2-0.25.1+really0.24.6/debian/changelog
--- libgit2-0.24.5/debian/changelog	2017-01-02 10:35:08.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/debian/changelog	2017-05-21 18:18:47.000000000 +0200
@@ -1,3 +1,25 @@
+libgit2 (0.25.1+really0.24.6-1) unstable; urgency=medium
+
+  * Revert 0.25.1 in unstable, 0.24.5 was already in unstable 0.25.1 was
+    uploaded after the freeze.
+  * Release 0.24.6 (CVE-2016-10128, CVE-2016-10129, CVE-2016-10130)
+    (Closes: #851406)
+
+ -- Russell Sim <russell.sim@gmail.com>  Sun, 21 May 2017 18:18:47 +0200
+
+libgit2 (0.25.1-2) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Russell Sim <russell.sim@gmail.com>  Sat, 20 May 2017 19:27:39 +0200
+
+libgit2 (0.25.1-1) experimental; urgency=medium
+
+  * New upstream release. (CVE-2016-10128, CVE-2016-10129, CVE-2016-10130)
+    (Closes: #851406, #857068)
+
+ -- Russell Sim <russell.sim@gmail.com>  Tue, 25 Apr 2017 07:29:37 +0200
+
 libgit2 (0.24.5-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libgit2-0.24.5/include/git2/version.h libgit2-0.25.1+really0.24.6/include/git2/version.h
--- libgit2-0.24.5/include/git2/version.h	2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/include/git2/version.h	2017-01-09 21:26:28.000000000 +0100
@@ -7,10 +7,10 @@
 #ifndef INCLUDE_git_version_h__
 #define INCLUDE_git_version_h__
 
-#define LIBGIT2_VERSION "0.24.5"
+#define LIBGIT2_VERSION "0.24.6"
 #define LIBGIT2_VER_MAJOR 0
 #define LIBGIT2_VER_MINOR 24
-#define LIBGIT2_VER_REVISION 5
+#define LIBGIT2_VER_REVISION 6
 #define LIBGIT2_VER_PATCH 0
 
 #define LIBGIT2_SOVERSION 24
diff -Nru libgit2-0.24.5/src/transports/http.c libgit2-0.25.1+really0.24.6/src/transports/http.c
--- libgit2-0.24.5/src/transports/http.c	2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/src/transports/http.c	2017-01-09 21:26:28.000000000 +0100
@@ -602,13 +602,12 @@
 	if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL &&
 	    git_stream_is_encrypted(t->io)) {
 		git_cert *cert;
-		int is_valid;
+		int is_valid = (error == GIT_OK);
 
 		if ((error = git_stream_certificate(&cert, t->io)) < 0)
 			return error;
 
 		giterr_clear();
-		is_valid = error != GIT_ECERTIFICATE;
 		error = t->owner->certificate_check_cb(cert, is_valid, t->connection_data.host, t->owner->message_cb_payload);
 
 		if (error < 0) {
diff -Nru libgit2-0.24.5/src/transports/smart_pkt.c libgit2-0.25.1+really0.24.6/src/transports/smart_pkt.c
--- libgit2-0.24.5/src/transports/smart_pkt.c	2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/src/transports/smart_pkt.c	2017-01-09 21:26:28.000000000 +0100
@@ -427,15 +427,23 @@
 	if (bufflen > 0 && bufflen < (size_t)len)
 		return GIT_EBUFS;
 
+	/*
+	 * The length has to be exactly 0 in case of a flush
+	 * packet or greater than PKT_LEN_SIZE, as the decoded
+	 * length includes its own encoded length of four bytes.
+	 */
+	if (len != 0 && len < PKT_LEN_SIZE)
+		return GIT_ERROR;
+
 	line += PKT_LEN_SIZE;
 	/*
-	 * TODO: How do we deal with empty lines? Try again? with the next
-	 * line?
+	 * The Git protocol does not specify empty lines as part
+	 * of the protocol. Not knowing what to do with an empty
+	 * line, we should return an error upon hitting one.
 	 */
 	if (len == PKT_LEN_SIZE) {
-		*head = NULL;
-		*out = line;
-		return 0;
+		giterr_set_str(GITERR_NET, "Invalid empty packet");
+		return GIT_ERROR;
 	}
 
 	if (len == 0) { /* Flush pkt */
diff -Nru libgit2-0.24.5/src/transports/smart_protocol.c libgit2-0.25.1+really0.24.6/src/transports/smart_protocol.c
--- libgit2-0.24.5/src/transports/smart_protocol.c	2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/src/transports/smart_protocol.c	2017-01-09 21:26:28.000000000 +0100
@@ -759,14 +759,6 @@
 		line_len -= (line_end - line);
 		line = line_end;
 
-		/* When a valid packet with no content has been
-		 * read, git_pkt_parse_line does not report an
-		 * error, but the pkt pointer has not been set.
-		 * Handle this by skipping over empty packets.
-		 */
-		if (pkt == NULL)
-			continue;
-
 		error = add_push_report_pkt(push, pkt);
 
 		git_pkt_free(pkt);
@@ -821,9 +813,6 @@
 
 		error = 0;
 
-		if (pkt == NULL)
-			continue;
-
 		switch (pkt->type) {
 			case GIT_PKT_DATA:
 				/* This is a sideband packet which contains other packets */
diff -Nru libgit2-0.24.5/tests/online/badssl.c libgit2-0.25.1+really0.24.6/tests/online/badssl.c
--- libgit2-0.24.5/tests/online/badssl.c	2017-01-02 10:47:27.000000000 +0100
+++ libgit2-0.25.1+really0.24.6/tests/online/badssl.c	2017-01-09 21:26:28.000000000 +0100
@@ -10,37 +10,71 @@
 static bool g_has_ssl = false;
 #endif
 
+static int cert_check_assert_invalid(git_cert *cert, int valid, const char* host, void *payload)
+{
+	GIT_UNUSED(cert); GIT_UNUSED(host); GIT_UNUSED(payload);
+
+	cl_assert_equal_i(0, valid);
+
+	return GIT_ECERTIFICATE;
+}
+
 void test_online_badssl__expired(void)
 {
+	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
 	if (!g_has_ssl)
 		cl_skip();
 
 	cl_git_fail_with(GIT_ECERTIFICATE,
 			 git_clone(&g_repo, "https://expired.badssl.com/fake.git";, "./fake", NULL));
+
+	cl_git_fail_with(GIT_ECERTIFICATE,
+			 git_clone(&g_repo, "https://expired.badssl.com/fake.git";, "./fake", &opts));
 }
 
 void test_online_badssl__wrong_host(void)
 {
+	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
 	if (!g_has_ssl)
 		cl_skip();
 
 	cl_git_fail_with(GIT_ECERTIFICATE,
 			 git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git";, "./fake", NULL));
+	cl_git_fail_with(GIT_ECERTIFICATE,
+			 git_clone(&g_repo, "https://wrong.host.badssl.com/fake.git";, "./fake", &opts));
 }
 
 void test_online_badssl__self_signed(void)
 {
+	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
 	if (!g_has_ssl)
 		cl_skip();
 
 	cl_git_fail_with(GIT_ECERTIFICATE,
 			 git_clone(&g_repo, "https://self-signed.badssl.com/fake.git";, "./fake", NULL));
+	cl_git_fail_with(GIT_ECERTIFICATE,
+			 git_clone(&g_repo, "https://self-signed.badssl.com/fake.git";, "./fake", &opts));
 }
 
 void test_online_badssl__old_cipher(void)
 {
+	git_clone_options opts = GIT_CLONE_OPTIONS_INIT;
+	opts.fetch_opts.callbacks.certificate_check = cert_check_assert_invalid;
+
+	/* FIXME: we don't actually reject RC4 anywhere, figure out what to tweak */
+	cl_skip();
+
 	if (!g_has_ssl)
 		cl_skip();
 
-	cl_git_fail(git_clone(&g_repo, "https://rc4.badssl.com/fake.git";, "./fake", NULL));
+	cl_git_fail_with(GIT_ECERTIFICATE,
+			 git_clone(&g_repo, "https://rc4.badssl.com/fake.git";, "./fake", NULL));
+	cl_git_fail_with(GIT_ECERTIFICATE,
+			 git_clone(&g_repo, "https://rc4.badssl.com/fake.git";, "./fake", &opts));
 }

--- End Message ---

--- Begin Message ---

To: 863486-done@bugs.debian.org

Subject: unblock libgit2

From: Ivo De Decker <ivodd@respighi.debian.org>

Date: Sat, 27 May 2017 19:53:45 +0000

Message-id: <E1dEhmT-0003qI-Vn@respighi.debian.org>
Unblocked libgit2.
--- End Message ---

Reply to:

References:
- Bug#863486: unblock: libgit2/0.25.1+really0.24.6-1
  - From: Russell Sim <russell.sim@gmail.com>

Prev by Date: Bug#863476: marked as done (unblock: kodi/2:17.1+dfsg1-3)
Next by Date: Bug#863489: marked as done (unblock python-biplist/1.0.2-1)
Previous by thread: Bug#863486: unblock: libgit2/0.25.1+really0.24.6-1
Next by thread: Bug#863489: unblock python-biplist/1.0.2-1
Index(es):
- Date
- Thread