Bug#850014: marked as done (unblock: libgit2/0.24.5-1)

To: Emilio Pozuelo Monfort <pochu@debian.org>
Subject: Bug#850014: marked as done (unblock: libgit2/0.24.5-1)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 04 Jan 2017 13:15:05 +0000
Message-id: <[🔎] handler.850014.D850014.148353557423715.ackdone@bugs.debian.org>
References: <1cb38428-a8ad-230a-d59b-650a7cc59cd5@debian.org> <[🔎] 148342749628.17840.11709538197880903127.reportbug@marvin.home>

Your message dated Wed, 4 Jan 2017 14:12:45 +0100
with message-id <1cb38428-a8ad-230a-d59b-650a7cc59cd5@debian.org>
and subject line Re: Bug#850014: unblock: libgit2/0.24.5-1
has caused the Debian Bug report #850014,
regarding unblock: libgit2/0.24.5-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
850014: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850014
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: libgit2/0.24.5-1
From: Russell Sim <russell.sim@gmail.com>
Date: Tue, 03 Jan 2017 18:11:36 +1100
Message-id: <[🔎] 148342749628.17840.11709538197880903127.reportbug@marvin.home>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libgit2

The main reasons is that i messed up the packaging of version 0.24.2-1, and
have flagged CVE-2016-8568 [0] as being fixed which is untrue.  This package
both addresses this issue correctly and fixes the serious bug [1].

Thanks,
Russell

0. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227
1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841532


unblock libgit2/0.24.5-1

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

diff -Nru libgit2-0.24.2/debian/changelog libgit2-0.24.5/debian/changelog
--- libgit2-0.24.2/debian/changelog	2016-11-04 18:36:41.000000000 +1100
+++ libgit2-0.24.5/debian/changelog	2017-01-02 20:35:08.000000000 +1100
@@ -1,3 +1,11 @@
+libgit2 (0.24.5-1) unstable; urgency=medium
+
+  * New upstream release.
+  * debian/patch/fix_gmt14_timzone_bug.patch (Closes: #841532)
+  * Correcty address CVE-2016-8568
+
+ -- Russell Sim <russell.sim@gmail.com>  Mon, 02 Jan 2017 20:35:08 +1100
+
 libgit2 (0.24.2-2) unstable; urgency=medium
 
   * Upload to unstable.
diff -Nru libgit2-0.24.2/debian/patches/commit-always-initialize-commit-message.patch libgit2-0.24.5/debian/patches/commit-always-initialize-commit-message.patch
--- libgit2-0.24.2/debian/patches/commit-always-initialize-commit-message.patch	2016-11-04 18:36:41.000000000 +1100
+++ libgit2-0.24.5/debian/patches/commit-always-initialize-commit-message.patch	1970-01-01 10:00:00.000000000 +1000
@@ -1,43 +0,0 @@
-From a719ef5e6d4a1a8ec53469c7914032ed67922772 Mon Sep 17 00:00:00 2001
-From: Patrick Steinhardt <ps@pks.im>
-Date: Fri, 7 Oct 2016 09:31:41 +0200
-Subject: [PATCH] commit: always initialize commit message
-
-When parsing a commit, we will treat all bytes left after parsing
-the headers as the commit message. When no bytes are left, we
-leave the commit's message uninitialized. While uncommon to have
-a commit without message, this is the right behavior as Git
-unfortunately allows for empty commit messages.
-
-Given that this scenario is so uncommon, most programs acting on
-the commit message will never check if the message is actually
-set, which may lead to errors. To work around the error and not
-lay the burden of checking for empty commit messages to the
-developer, initialize the commit message with an empty string
-when no commit message is given.
----
- src/commit.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/commit.c b/src/commit.c
-index 99a8085..76e6dcb 100644
---- a/src/commit.c
-+++ b/src/commit.c
-@@ -459,10 +459,11 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj)
- 	buffer = buffer_start + header_len + 1;
- 
- 	/* extract commit message */
--	if (buffer <= buffer_end) {
-+	if (buffer <= buffer_end)
- 		commit->raw_message = git__strndup(buffer, buffer_end - buffer);
--		GITERR_CHECK_ALLOC(commit->raw_message);
--	}
-+	else
-+		commit->raw_message = git__strdup("");
-+	GITERR_CHECK_ALLOC(commit->raw_message);
- 
- 	return 0;
- 
--- 
-2.8.1
-
diff -Nru libgit2-0.24.2/debian/patches/fix_gmt14_timzone_bug.patch libgit2-0.24.5/debian/patches/fix_gmt14_timzone_bug.patch
--- libgit2-0.24.2/debian/patches/fix_gmt14_timzone_bug.patch	1970-01-01 10:00:00.000000000 +1000
+++ libgit2-0.24.5/debian/patches/fix_gmt14_timzone_bug.patch	2017-01-02 20:35:08.000000000 +1100
@@ -0,0 +1,29 @@
+From 23c9ff8632d8ae90d211601d3254ab7f4d35e853 Mon Sep 17 00:00:00 2001
+From: Andreas Henriksson <andreas@fatal.se>
+Date: Sat, 17 Dec 2016 17:33:13 +0100
+Subject: [PATCH] Fix off-by-one problems in git_signature__parse
+
+Etc/GMT-14 aka UTC+14:00 is a thing....
+https://en.wikipedia.org/wiki/UTC%2B14:00
+
+Also allow offsets on the last minute (59).
+
+Addresses: https://bugs.debian.org/841532
+Fixes: #3970
+---
+ src/signature.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/signature.c b/src/signature.c
+index dcc3797..22cba7e 100644
+--- a/src/signature.c
++++ b/src/signature.c
+@@ -251,7 +251,7 @@ int git_signature__parse(git_signature *sig, const char **buffer_out,
+ 			 * only store timezone if it's not overflowing;
+ 			 * see http://www.worldtimezone.com/faq.html
+ 			 */
+-			if (hours < 14 && mins < 59) {
++			if (hours <= 14 && mins <= 59) {
+ 				sig->when.offset = (hours * 60) + mins;
+ 				if (tz_start[0] == '-')
+ 					sig->when.offset = -sig->when.offset;
diff -Nru libgit2-0.24.2/debian/patches/series libgit2-0.24.5/debian/patches/series
--- libgit2-0.24.2/debian/patches/series	2016-11-04 18:36:41.000000000 +1100
+++ libgit2-0.24.5/debian/patches/series	2017-01-02 20:35:08.000000000 +1100
@@ -1,2 +1,2 @@
 disable_tests.patch
-commit-always-initialize-commit-message.patch
+fix_gmt14_timzone_bug.patch
diff -Nru libgit2-0.24.2/debian/rules libgit2-0.24.5/debian/rules
--- libgit2-0.24.2/debian/rules	2016-11-04 18:36:41.000000000 +1100
+++ libgit2-0.24.5/debian/rules	2017-01-02 20:35:08.000000000 +1100
@@ -44,11 +44,9 @@
 
 override_dh_auto_test:
 	mkdir -p build-debian-release/tmp
-	# Force the timezone to GMT to work around bug with GMT-14 timezone
-	# https://github.com/libgit2/libgit2/issues/3970
-	TZ=/usr/share/zoneinfo/Etc/GMT dh_auto_test --builddirectory=build-debian-release
+	dh_auto_test --builddirectory=build-debian-release
 	mkdir -p build-debian-devel/tmp
-	TZ=/usr/share/zoneinfo/Etc/GMT dh_auto_test --builddirectory=build-debian-devel
+	dh_auto_test --builddirectory=build-debian-devel
 
 override_dh_strip:
 	dh_strip --dbgsym-migration='libgit2-dbg (<< 0.24.0-2~)'
diff -Nru libgit2-0.24.2/include/git2/version.h libgit2-0.24.5/include/git2/version.h
--- libgit2-0.24.2/include/git2/version.h	2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/include/git2/version.h	2017-01-02 20:47:27.000000000 +1100
@@ -7,10 +7,10 @@
 #ifndef INCLUDE_git_version_h__
 #define INCLUDE_git_version_h__
 
-#define LIBGIT2_VERSION "0.24.2"
+#define LIBGIT2_VERSION "0.24.5"
 #define LIBGIT2_VER_MAJOR 0
 #define LIBGIT2_VER_MINOR 24
-#define LIBGIT2_VER_REVISION 2
+#define LIBGIT2_VER_REVISION 5
 #define LIBGIT2_VER_PATCH 0
 
 #define LIBGIT2_SOVERSION 24
diff -Nru libgit2-0.24.2/script/cibuild.sh libgit2-0.24.5/script/cibuild.sh
--- libgit2-0.24.2/script/cibuild.sh	2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/script/cibuild.sh	2017-01-02 20:47:27.000000000 +1100
@@ -44,8 +44,13 @@
 cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
 ssh-keyscan -t rsa localhost >>~/.ssh/known_hosts
 
-# Get the fingerprint for localhost and remove the colons so we can parse it as a hex number
-export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -F localhost -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':')
+# Get the fingerprint for localhost and remove the colons so we can parse it as
+# a hex number. The Mac version is newer so it has a different output format.
+if [ "$TRAVIS_OS_NAME" = "osx" ]; then
+    export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -E md5 -F localhost -l | tail -n 1 | cut -d ' ' -f 3 | cut -d : -f2- | tr -d :)
+else
+    export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -F localhost -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':')
+fi
 
 export GITTEST_REMOTE_URL="ssh://localhost/$HOME/_temp/test.git"
 export GITTEST_REMOTE_USER=$USER
diff -Nru libgit2-0.24.2/src/commit.c libgit2-0.24.5/src/commit.c
--- libgit2-0.24.2/src/commit.c	2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/src/commit.c	2017-01-02 20:47:27.000000000 +1100
@@ -410,10 +410,11 @@
 	buffer = buffer_start + header_len + 1;
 
 	/* extract commit message */
-	if (buffer <= buffer_end) {
+	if (buffer <= buffer_end)
 		commit->raw_message = git__strndup(buffer, buffer_end - buffer);
-		GITERR_CHECK_ALLOC(commit->raw_message);
-	}
+	else
+		commit->raw_message = git__strdup("");
+	GITERR_CHECK_ALLOC(commit->raw_message);
 
 	return 0;
 
diff -Nru libgit2-0.24.2/src/openssl_stream.c libgit2-0.24.5/src/openssl_stream.c
--- libgit2-0.24.2/src/openssl_stream.c	2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/src/openssl_stream.c	2017-01-02 20:47:27.000000000 +1100
@@ -13,6 +13,7 @@
 #include "posix.h"
 #include "stream.h"
 #include "socket_stream.h"
+#include "openssl_stream.h"
 #include "netops.h"
 #include "git2/transport.h"
 #include "git2/sys/openssl.h"
@@ -71,12 +72,20 @@
 
 #endif /* GIT_THREADS */
 
+static BIO_METHOD *git_stream_bio_method;
+static int init_bio_method(void);
+
 /**
  * This function aims to clean-up the SSL context which
  * we allocated.
  */
 static void shutdown_ssl(void)
 {
+	if (git_stream_bio_method) {
+		BIO_meth_free(git_stream_bio_method);
+		git_stream_bio_method = NULL;
+	}
+
 	if (git__ssl_ctx) {
 		SSL_CTX_free(git__ssl_ctx);
 		git__ssl_ctx = NULL;
@@ -121,6 +130,13 @@
 		git__ssl_ctx = NULL;
 		return -1;
 	}
+
+	if (init_bio_method() < 0) {
+		SSL_CTX_free(git__ssl_ctx);
+		git__ssl_ctx = NULL;
+		return -1;
+	}
+
 #endif
 
 	git__on_shutdown(shutdown_ssl);
@@ -156,10 +172,8 @@
 
 static int bio_create(BIO *b)
 {
-	b->init = 1;
-	b->num = 0;
-	b->ptr = NULL;
-	b->flags = 0;
+	BIO_set_init(b, 1);
+	BIO_set_data(b, NULL);
 
 	return 1;
 }
@@ -169,23 +183,22 @@
 	if (!b)
 		return 0;
 
-	b->init = 0;
-	b->num = 0;
-	b->ptr = NULL;
-	b->flags = 0;
+	BIO_set_data(b, NULL);
 
 	return 1;
 }
 
 static int bio_read(BIO *b, char *buf, int len)
 {
-	git_stream *io = (git_stream *) b->ptr;
+	git_stream *io = (git_stream *) BIO_get_data(b);
+
 	return (int) git_stream_read(io, buf, len);
 }
 
 static int bio_write(BIO *b, const char *buf, int len)
 {
-	git_stream *io = (git_stream *) b->ptr;
+	git_stream *io = (git_stream *) BIO_get_data(b);
+
 	return (int) git_stream_write(io, buf, len, 0);
 }
 
@@ -214,17 +227,22 @@
 	return bio_write(b, str, strlen(str));
 }
 
-static BIO_METHOD git_stream_bio_method = {
-	BIO_TYPE_SOURCE_SINK,
-	"git_stream",
-	bio_write,
-	bio_read,
-	bio_puts,
-	bio_gets,
-	bio_ctrl,
-	bio_create,
-	bio_destroy
-};
+static int init_bio_method(void)
+{
+	/* Set up the BIO_METHOD we use for wrapping our own stream implementations */
+	git_stream_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK | BIO_get_new_index(), "git_stream");
+	GITERR_CHECK_ALLOC(git_stream_bio_method);
+
+	BIO_meth_set_write(git_stream_bio_method, bio_write);
+	BIO_meth_set_read(git_stream_bio_method, bio_read);
+	BIO_meth_set_puts(git_stream_bio_method, bio_puts);
+	BIO_meth_set_gets(git_stream_bio_method, bio_gets);
+	BIO_meth_set_ctrl(git_stream_bio_method, bio_ctrl);
+	BIO_meth_set_create(git_stream_bio_method, bio_create);
+	BIO_meth_set_destroy(git_stream_bio_method, bio_destroy);
+
+	return 0;
+}
 
 static int ssl_set_error(SSL *ssl, int error)
 {
@@ -339,7 +357,7 @@
 		num = sk_GENERAL_NAME_num(alts);
 		for (i = 0; i < num && matched != 1; i++) {
 			const GENERAL_NAME *gn = sk_GENERAL_NAME_value(alts, i);
-			const char *name = (char *) ASN1_STRING_data(gn->d.ia5);
+			const char *name = (char *) ASN1_STRING_get0_data(gn->d.ia5);
 			size_t namelen = (size_t) ASN1_STRING_length(gn->d.ia5);
 
 			/* Skip any names of a type we're not looking for */
@@ -394,7 +412,7 @@
 		if (size > 0) {
 			peer_cn = OPENSSL_malloc(size + 1);
 			GITERR_CHECK_ALLOC(peer_cn);
-			memcpy(peer_cn, ASN1_STRING_data(str), size);
+			memcpy(peer_cn, ASN1_STRING_get0_data(str), size);
 			peer_cn[size] = '\0';
 		} else {
 			goto cert_fail_name;
@@ -445,11 +463,12 @@
 
 	st->connected = true;
 
-	bio = BIO_new(&git_stream_bio_method);
+	bio = BIO_new(git_stream_bio_method);
 	GITERR_CHECK_ALLOC(bio);
-	bio->ptr = st->io;
 
+	BIO_set_data(bio, st->io);
 	SSL_set_bio(st->ssl, bio, bio);
+
 	/* specify the host in case SNI is needed */
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	SSL_set_tlsext_host_name(st->ssl, st->host);
diff -Nru libgit2-0.24.2/src/openssl_stream.h libgit2-0.24.5/src/openssl_stream.h
--- libgit2-0.24.2/src/openssl_stream.h	2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/src/openssl_stream.h	2017-01-02 20:47:27.000000000 +1100
@@ -13,4 +13,110 @@
 
 extern int git_openssl_stream_new(git_stream **out, const char *host, const char *port);
 
+/*
+ * OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
+ * which do not exist in previous versions. We define these inline functions so
+ * we can program against the interface instead of littering the implementation
+ * with ifdefs.
+ */
+#ifdef GIT_OPENSSL
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# include <openssl/x509v3.h>
+# include <openssl/bio.h>
+
+
+
+# if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
+{
+	BIO_METHOD *meth = git__calloc(1, sizeof(BIO_METHOD));
+	if (!meth) {
+		return NULL;
+	}
+
+	meth->type = type;
+	meth->name = name;
+
+	return meth;
+}
+
+GIT_INLINE(void) BIO_meth_free(BIO_METHOD *biom)
+{
+	git__free(biom);
+}
+
+GIT_INLINE(int) BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int))
+{
+	biom->bwrite = write;
+	return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int))
+{
+	biom->bread = read;
+	return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *))
+{
+	biom->bputs = puts;
+	return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int))
+
+{
+	biom->bgets = gets;
+	return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *))
+{
+	biom->ctrl = ctrl;
+	return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
+{
+	biom->create = create;
+	return 1;
+}
+
+GIT_INLINE(int) BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
+{
+	biom->destroy = destroy;
+	return 1;
+}
+
+GIT_INLINE(int) BIO_get_new_index(void)
+{
+	/* This exists as of 1.1 so before we'd just have 0 */
+	return 0;
+}
+
+GIT_INLINE(void) BIO_set_init(BIO *b, int init)
+{
+	b->init = init;
+}
+
+GIT_INLINE(void) BIO_set_data(BIO *a, void *ptr)
+{
+	a->ptr = ptr;
+}
+
+GIT_INLINE(void*) BIO_get_data(BIO *a)
+{
+	return a->ptr;
+}
+
+GIT_INLINE(const unsigned char *) ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+	return ASN1_STRING_data((ASN1_STRING *)x);
+}
+
+# endif // OpenSSL < 1.1
+#endif // GIT_OPENSSL
+
 #endif
diff -Nru libgit2-0.24.2/src/tree.c libgit2-0.24.5/src/tree.c
--- libgit2-0.24.2/src/tree.c	2016-10-27 19:30:40.000000000 +1100
+++ libgit2-0.24.5/src/tree.c	2017-01-02 20:47:27.000000000 +1100
@@ -447,7 +447,12 @@
 		if ((nul = memchr(buffer, 0, buffer_end - buffer)) == NULL)
 			return tree_error("Failed to parse tree. Object is corrupted", NULL);
 
-		filename_len = nul - buffer;
+		if ((filename_len = nul - buffer) == 0)
+			return tree_error("Failed to parse tree. Can't parse filename", NULL);
+
+		if ((buffer_end - (nul + 1)) < GIT_OID_RAWSZ)
+			return tree_error("Failed to parse tree. Can't parse OID", NULL);
+
 		/* Allocate the entry */
 		{
 			entry = git_array_alloc(tree->entries);

--- End Message ---

--- Begin Message ---

To: Russell Sim <russell.sim@gmail.com>, 850014-done@bugs.debian.org

Subject: Re: Bug#850014: unblock: libgit2/0.24.5-1

From: Emilio Pozuelo Monfort <pochu@debian.org>

Date: Wed, 4 Jan 2017 14:12:45 +0100

Message-id: <1cb38428-a8ad-230a-d59b-650a7cc59cd5@debian.org>

In-reply-to: <[🔎] 148342749628.17840.11709538197880903127.reportbug@marvin.home>

References: <[🔎] 148342749628.17840.11709538197880903127.reportbug@marvin.home>
On 03/01/17 08:11, Russell Sim wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package libgit2
> 
> The main reasons is that i messed up the packaging of version 0.24.2-1, and
> have flagged CVE-2016-8568 [0] as being fixed which is untrue.  This package
> both addresses this issue correctly and fixes the serious bug [1].
> 
> Thanks,
> Russell
> 
> 0. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227
> 1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841532
> 
> 
> unblock libgit2/0.24.5-1

# #850014
age-days 2 libgit2/0.24.5-1

Emilio
--- End Message ---

Reply to:

References:
- Bug#850014: unblock: libgit2/0.24.5-1
  - From: Russell Sim <russell.sim@gmail.com>

Prev by Date: Processed: Re: Bug#846352: jessie-pu: package nvidia-graphics-drivers/340.98-1
Next by Date: Bug#849855: marked as done (unblock: unrtf/0.21.9-clean-3)
Previous by thread: Bug#850014: unblock: libgit2/0.24.5-1
Next by thread: Bug#850084: jessie-pu: package asterisk/1:11.13.1~dfsg-2+deb8u2
Index(es):
- Date
- Thread