import git-2.39.1-1.el9

c9 imports/c9/git-2.39.1-1.el9
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
parent 4eb6f91600
commit 81787cb003

@ -1,2 +1,2 @@
a66f98f88bf7734f8463446ac0735cee190da1dc SOURCES/git-2.31.1.tar.xz
3a35d0571c517f7f4cb2e1dfbd315e7c32023e2b SOURCES/git-2.39.1.tar.xz
87d3a395bad523277647f8614fbd9fefe0450fc6 SOURCES/gpgkey-junio.asc

2
.gitignore vendored

@ -1,2 +1,2 @@
SOURCES/git-2.31.1.tar.xz
SOURCES/git-2.39.1.tar.xz
SOURCES/gpgkey-junio.asc

@ -0,0 +1,85 @@
From aa5105dc115b43edc6c9c11714b092583f1221aa Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Fri, 26 Aug 2022 18:28:44 -0400
Subject: [PATCH] t/lib-git-svn: try harder to find a port
As with the previous commits, try harder to find an open port to avoid
intermittent failures on busy/shared build systems.
By default, we make 3 attempts. This may be overridden by setting
GIT_TEST_START_SVNSERVE_TRIES to a different value.
Run svnserve in daemon mode and use 'test_atexit' to stop it. This is
cleaner than running in the foreground with --listen-once and having to
manage the PID ourselves.
Signed-off-by: Todd Zullinger <tmz@pobox.com>
---
t/lib-git-svn.sh | 34 +++++++++++++++++++++++++----
t/t9113-git-svn-dcommit-new-file.sh | 1 -
2 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/t/lib-git-svn.sh b/t/lib-git-svn.sh
index ea28971e8e..04e660e2ba 100644
--- a/t/lib-git-svn.sh
+++ b/t/lib-git-svn.sh
@@ -17,6 +17,7 @@ fi
GIT_DIR=$PWD/.git
GIT_SVN_DIR=$GIT_DIR/svn/refs/remotes/git-svn
SVN_TREE=$GIT_SVN_DIR/svn-tree
+SVNSERVE_PIDFILE="$PWD"/daemon.pid
test_set_port SVNSERVE_PORT
svn >/dev/null 2>&1
@@ -119,10 +120,35 @@ require_svnserve () {
}
start_svnserve () {
- svnserve --listen-port $SVNSERVE_PORT \
- --root "$rawsvnrepo" \
- --listen-once \
- --listen-host 127.0.0.1 &
+ test_atexit stop_svnserve
+
+ i=0
+ while test $i -lt ${GIT_TEST_START_SVNSERVE_TRIES:-3}
+ do
+ say >&3 "Starting svnserve on port $SVNSERVE_PORT ..."
+ svnserve --listen-port $SVNSERVE_PORT \
+ --root "$rawsvnrepo" \
+ --daemon --pid-file="$SVNSERVE_PIDFILE" \
+ --listen-host 127.0.0.1
+ ret=$?
+ # increment port and retry if unsuccessful
+ if test $ret -ne 0
+ then
+ SVNSERVE_PORT=$(($SVNSERVE_PORT + 1))
+ export SVNSERVE_PORT
+ else
+ break
+ fi
+ done
+}
+
+stop_svnserve () {
+ say >&3 "Stopping svnserve ..."
+ SVNSERVE_PID="$(cat "$SVNSERVE_PIDFILE")"
+ if test -n "$SVNSERVE_PID"
+ then
+ kill "$SVNSERVE_PID" 2>/dev/null
+ fi
}
prepare_utf8_locale () {
diff --git a/t/t9113-git-svn-dcommit-new-file.sh b/t/t9113-git-svn-dcommit-new-file.sh
index e8479cec7a..5925891f5d 100755
--- a/t/t9113-git-svn-dcommit-new-file.sh
+++ b/t/t9113-git-svn-dcommit-new-file.sh
@@ -28,7 +28,6 @@ test_expect_success 'create files in new directory with dcommit' "
echo hello > git-new-dir/world &&
git update-index --add git-new-dir/world &&
git commit -m hello &&
- start_svnserve &&
git svn dcommit
"

@ -1,745 +0,0 @@
diff -ur b/attr.c a/attr.c
--- b/attr.c 2021-03-26 23:03:34.000000000 +0100
+++ a/attr.c 2023-01-25 17:55:11.665410385 +0100
@@ -28,7 +28,7 @@
#endif
struct git_attr {
- int attr_nr; /* unique attribute number */
+ unsigned int attr_nr; /* unique attribute number */
char name[FLEX_ARRAY]; /* attribute name */
};
@@ -210,7 +210,7 @@
* dictionary. If no entry is found, create a new attribute and store it in
* the dictionary.
*/
-static const struct git_attr *git_attr_internal(const char *name, int namelen)
+static const struct git_attr *git_attr_internal(const char *name, size_t namelen)
{
struct git_attr *a;
@@ -226,8 +226,8 @@
a->attr_nr = hashmap_get_size(&g_attr_hashmap.map);
attr_hashmap_add(&g_attr_hashmap, a->name, namelen, a);
- assert(a->attr_nr ==
- (hashmap_get_size(&g_attr_hashmap.map) - 1));
+ if (a->attr_nr != hashmap_get_size(&g_attr_hashmap.map) - 1)
+ die(_("unable to add additional attribute"));
}
hashmap_unlock(&g_attr_hashmap);
@@ -272,7 +272,7 @@
const struct git_attr *attr;
} u;
char is_macro;
- unsigned num_attr;
+ size_t num_attr;
struct attr_state state[FLEX_ARRAY];
};
@@ -289,7 +289,7 @@
struct attr_state *e)
{
const char *ep, *equals;
- int len;
+ size_t len;
ep = cp + strcspn(cp, blank);
equals = strchr(cp, '=');
@@ -333,8 +333,7 @@
static struct match_attr *parse_attr_line(const char *line, const char *src,
int lineno, int macro_ok)
{
- int namelen;
- int num_attr, i;
+ size_t namelen, num_attr, i;
const char *cp, *name, *states;
struct match_attr *res = NULL;
int is_macro;
@@ -345,6 +344,11 @@
return NULL;
name = cp;
+ if (strlen(line) >= ATTR_MAX_LINE_LENGTH) {
+ warning(_("ignoring overly long attributes line %d"), lineno);
+ return NULL;
+ }
+
if (*cp == '"' && !unquote_c_style(&pattern, name, &states)) {
name = pattern.buf;
namelen = pattern.len;
@@ -381,10 +385,9 @@
goto fail_return;
}
- res = xcalloc(1,
- sizeof(*res) +
- sizeof(struct attr_state) * num_attr +
- (is_macro ? 0 : namelen + 1));
+ res = xcalloc(1, st_add3(sizeof(*res),
+ st_mult(sizeof(struct attr_state), num_attr),
+ is_macro ? 0 : namelen + 1));
if (is_macro) {
res->u.attr = git_attr_internal(name, namelen);
} else {
@@ -447,11 +450,12 @@
static void attr_stack_free(struct attr_stack *e)
{
- int i;
+ unsigned i;
free(e->origin);
for (i = 0; i < e->num_matches; i++) {
struct match_attr *a = e->attrs[i];
- int j;
+ size_t j;
+
for (j = 0; j < a->num_attr; j++) {
const char *setto = a->state[j].setto;
if (setto == ATTR__TRUE ||
@@ -660,8 +664,8 @@
a = parse_attr_line(line, src, lineno, macro_ok);
if (!a)
return;
- ALLOC_GROW(res->attrs, res->num_matches + 1, res->alloc);
- res->attrs[res->num_matches++] = a;
+ ALLOC_GROW_BY(res->attrs, res->num_matches, 1, res->alloc);
+ res->attrs[res->num_matches - 1] = a;
}
static struct attr_stack *read_attr_from_array(const char **list)
@@ -700,21 +704,37 @@
static struct attr_stack *read_attr_from_file(const char *path, int macro_ok)
{
+ struct strbuf buf = STRBUF_INIT;
FILE *fp = fopen_or_warn(path, "r");
struct attr_stack *res;
- char buf[2048];
int lineno = 0;
+ int fd;
+ struct stat st;
if (!fp)
return NULL;
+
+ fd = fileno(fp);
+ if (fstat(fd, &st)) {
+ warning_errno(_("cannot fstat gitattributes file '%s'"), path);
+ fclose(fp);
+ return NULL;
+ }
+ if (st.st_size >= ATTR_MAX_FILE_SIZE) {
+ warning(_("ignoring overly large gitattributes file '%s'"), path);
+ fclose(fp);
+ return NULL;
+ }
+
CALLOC_ARRAY(res, 1);
- while (fgets(buf, sizeof(buf), fp)) {
- char *bufp = buf;
- if (!lineno)
- skip_utf8_bom(&bufp, strlen(bufp));
- handle_attr_line(res, bufp, path, ++lineno, macro_ok);
+ while (strbuf_getline(&buf, fp) != EOF) {
+ if (!lineno && starts_with(buf.buf, utf8_bom))
+ strbuf_remove(&buf, 0, strlen(utf8_bom));
+ handle_attr_line(res, buf.buf, path, ++lineno, macro_ok);
}
+
fclose(fp);
+ strbuf_release(&buf);
return res;
}
@@ -725,13 +745,18 @@
struct attr_stack *res;
char *buf, *sp;
int lineno = 0;
+ size_t size;
if (!istate)
return NULL;
- buf = read_blob_data_from_index(istate, path, NULL);
+ buf = read_blob_data_from_index(istate, path, &size);
if (!buf)
return NULL;
+ if (size >= ATTR_MAX_FILE_SIZE) {
+ warning(_("ignoring overly large gitattributes blob '%s'"), path);
+ return NULL;
+ }
CALLOC_ARRAY(res, 1);
for (sp = buf; *sp; ) {
@@ -1001,12 +1026,12 @@
static int fill_one(const char *what, struct all_attrs_item *all_attrs,
const struct match_attr *a, int rem)
{
- int i;
+ size_t i;
- for (i = a->num_attr - 1; rem > 0 && i >= 0; i--) {
- const struct git_attr *attr = a->state[i].attr;
+ for (i = a->num_attr; rem > 0 && i > 0; i--) {
+ const struct git_attr *attr = a->state[i - 1].attr;
const char **n = &(all_attrs[attr->attr_nr].value);
- const char *v = a->state[i].setto;
+ const char *v = a->state[i - 1].setto;
if (*n == ATTR__UNKNOWN) {
debug_set(what,
@@ -1025,11 +1050,11 @@
struct all_attrs_item *all_attrs, int rem)
{
for (; rem > 0 && stack; stack = stack->prev) {
- int i;
+ unsigned i;
const char *base = stack->origin ? stack->origin : "";
- for (i = stack->num_matches - 1; 0 < rem && 0 <= i; i--) {
- const struct match_attr *a = stack->attrs[i];
+ for (i = stack->num_matches; 0 < rem && 0 < i; i--) {
+ const struct match_attr *a = stack->attrs[i - 1];
if (a->is_macro)
continue;
if (path_matches(path, pathlen, basename_offset,
@@ -1060,11 +1085,11 @@
const struct attr_stack *stack)
{
for (; stack; stack = stack->prev) {
- int i;
- for (i = stack->num_matches - 1; i >= 0; i--) {
- const struct match_attr *ma = stack->attrs[i];
+ unsigned i;
+ for (i = stack->num_matches; i > 0; i--) {
+ const struct match_attr *ma = stack->attrs[i - 1];
if (ma->is_macro) {
- int n = ma->u.attr->attr_nr;
+ unsigned int n = ma->u.attr->attr_nr;
if (!all_attrs[n].macro) {
all_attrs[n].macro = ma;
}
@@ -1116,7 +1141,7 @@
collect_some_attrs(istate, path, check);
for (i = 0; i < check->nr; i++) {
- size_t n = check->items[i].attr->attr_nr;
+ unsigned int n = check->items[i].attr->attr_nr;
const char *value = check->all_attrs[n].value;
if (value == ATTR__UNKNOWN)
value = ATTR__UNSET;
diff -ur b/attr.h a/attr.h
--- b/attr.h 2021-03-26 23:03:34.000000000 +0100
+++ a/attr.h 2023-01-25 17:55:44.310607076 +0100
@@ -107,6 +107,18 @@
* - Free the `attr_check` struct by calling `attr_check_free()`.
*/
+/**
+ * The maximum line length for a gitattributes file. If the line exceeds this
+ * length we will ignore it.
+ */
+#define ATTR_MAX_LINE_LENGTH 2048
+
+ /**
+ * The maximum size of the giattributes file. If the file exceeds this size we
+ * will ignore it.
+ */
+#define ATTR_MAX_FILE_SIZE (100 * 1024 * 1024)
+
struct index_state;
/**
diff -ur b/column.c a/column.c
--- b/column.c 2021-03-26 23:03:34.000000000 +0100
+++ a/column.c 2023-01-25 17:35:25.867526707 +0100
@@ -23,7 +23,7 @@
/* return length of 's' in letters, ANSI escapes stripped */
static int item_length(const char *s)
{
- return utf8_strnwidth(s, -1, 1);
+ return utf8_strnwidth(s, strlen(s), 1);
}
/*
diff -ur b/git-compat-util.h a/git-compat-util.h
--- b/git-compat-util.h 2021-03-26 23:03:34.000000000 +0100
+++ a/git-compat-util.h 2023-01-25 17:36:06.128731483 +0100
@@ -854,6 +854,14 @@
return a - b;
}
+static inline int cast_size_t_to_int(size_t a)
+{
+ if (a > INT_MAX)
+ die("number too large to represent as int on this platform: %"PRIuMAX,
+ (uintmax_t)a);
+ return (int)a;
+}
+
#ifdef HAVE_ALLOCA_H
# include <alloca.h>
# define xalloca(size) (alloca(size))
diff -ur b/pretty.c a/pretty.c
--- b/pretty.c 2021-03-26 23:03:34.000000000 +0100
+++ a/pretty.c 2023-01-25 17:39:45.405061148 +0100
@@ -13,6 +13,13 @@
#include "gpg-interface.h"
#include "trailer.h"
+/*
+ * The limit for formatting directives, which enable the caller to append
+ * arbitrarily many bytes to the formatted buffer. This includes padding
+ * and wrapping formatters.
+ */
+#define FORMATTING_LIMIT (16 * 1024)
+
static char *user_format;
static struct cmt_fmt_map {
const char *name;
@@ -916,7 +923,9 @@
if (pos)
strbuf_add(&tmp, sb->buf, pos);
strbuf_add_wrapped_text(&tmp, sb->buf + pos,
- (int) indent1, (int) indent2, (int) width);
+ cast_size_t_to_int(indent1),
+ cast_size_t_to_int(indent2),
+ cast_size_t_to_int(width));
strbuf_swap(&tmp, sb);
strbuf_release(&tmp);
}
@@ -1042,9 +1051,18 @@
const char *end = start + strcspn(start, ",)");
char *next;
int width;
- if (!end || end == start)
+ if (!*end || end == start)
return 0;
width = strtol(start, &next, 10);
+
+ /*
+ * We need to limit the amount of padding, or otherwise this
+ * would allow the user to pad the buffer by arbitrarily many
+ * bytes and thus cause resource exhaustion.
+ */
+ if (width < -FORMATTING_LIMIT || width > FORMATTING_LIMIT)
+ return 0;
+
if (next == start || width == 0)
return 0;
if (width < 0) {
@@ -1260,6 +1278,16 @@
}
if (*next != ')')
return 0;
+
+ /*
+ * We need to limit the format here as it allows the
+ * user to prepend arbitrarily many bytes to the buffer
+ * when rewrapping.
+ */
+ if (width > FORMATTING_LIMIT ||
+ indent1 > FORMATTING_LIMIT ||
+ indent2 > FORMATTING_LIMIT)
+ return 0;
}
rewrap_message_tail(sb, c, width, indent1, indent2);
return end - placeholder + 1;
@@ -1507,19 +1535,21 @@
struct format_commit_context *c)
{
struct strbuf local_sb = STRBUF_INIT;
- int total_consumed = 0, len, padding = c->padding;
+ size_t total_consumed = 0;
+ int len, padding = c->padding;
+
if (padding < 0) {
const char *start = strrchr(sb->buf, '\n');
int occupied;
if (!start)
start = sb->buf;
- occupied = utf8_strnwidth(start, -1, 1);
+ occupied = utf8_strnwidth(start, strlen(start), 1);
occupied += c->pretty_ctx->graph_width;
padding = (-padding) - occupied;
}
while (1) {
int modifier = *placeholder == 'C';
- int consumed = format_commit_one(&local_sb, placeholder, c);
+ size_t consumed = format_commit_one(&local_sb, placeholder, c);
total_consumed += consumed;
if (!modifier)
@@ -1531,7 +1561,7 @@
placeholder++;
total_consumed++;
}
- len = utf8_strnwidth(local_sb.buf, -1, 1);
+ len = utf8_strnwidth(local_sb.buf, local_sb.len, 1);
if (c->flush_type == flush_left_and_steal) {
const char *ch = sb->buf + sb->len - 1;
@@ -1546,7 +1576,7 @@
if (*ch != 'm')
break;
p = ch - 1;
- while (ch - p < 10 && *p != '\033')
+ while (p > sb->buf && ch - p < 10 && *p != '\033')
p--;
if (*p != '\033' ||
ch + 1 - p != display_mode_esc_sequence_len(p))
@@ -1585,7 +1615,7 @@
}
strbuf_addbuf(sb, &local_sb);
} else {
- int sb_len = sb->len, offset = 0;
+ size_t sb_len = sb->len, offset = 0;
if (c->flush_type == flush_left)
offset = padding - len;
else if (c->flush_type == flush_both)
@@ -1608,8 +1638,7 @@
const char *placeholder,
void *context)
{
- int consumed;
- size_t orig_len;
+ size_t consumed, orig_len;
enum {
NO_MAGIC,
ADD_LF_BEFORE_NON_EMPTY,
@@ -1630,9 +1659,21 @@
default:
break;
}
- if (magic != NO_MAGIC)
+ if (magic != NO_MAGIC) {
placeholder++;
+ switch (placeholder[0]) {
+ case 'w':
+ /*
+ * `%+w()` cannot ever expand to a non-empty string,
+ * and it potentially changes the layout of preceding
+ * contents. We're thus not able to handle the magic in
+ * this combination and refuse the pattern.
+ */
+ return 0;
+ };
+ }
+
orig_len = sb->len;
if (((struct format_commit_context *)context)->flush_type != no_flush)
consumed = format_and_pad_commit(sb, placeholder, context);
diff -ur b/t/t0003-attributes.sh a/t/t0003-attributes.sh
--- b/t/t0003-attributes.sh 2021-03-26 23:03:34.000000000 +0100
+++ a/t/t0003-attributes.sh 2023-01-25 17:56:18.656788243 +0100
@@ -339,4 +339,63 @@
test_cmp expect actual
'
+test_expect_success 'large attributes line ignored in tree' '
+ test_when_finished "rm .gitattributes" &&
+ printf "path %02043d" 1 >.gitattributes &&
+ git check-attr --all path >actual 2>err &&
+ echo "warning: ignoring overly long attributes line 1" >expect &&
+ test_cmp expect err &&
+ test_must_be_empty actual
+'
+
+test_expect_success 'large attributes line ignores trailing content in tree' '
+ test_when_finished "rm .gitattributes" &&
+ # older versions of Git broke lines at 2048 bytes; the 2045 bytes
+ # of 0-padding here is accounting for the three bytes of "a 1", which
+ # would knock "trailing" to the "next" line, where it would be
+ # erroneously parsed.
+ printf "a %02045dtrailing attribute\n" 1 >.gitattributes &&
+ git check-attr --all trailing >actual 2>err &&
+ echo "warning: ignoring overly long attributes line 1" >expect &&
+ test_cmp expect err &&
+ test_must_be_empty actual
+'
+
+test_expect_success EXPENSIVE 'large attributes file ignored in tree' '
+ test_when_finished "rm .gitattributes" &&
+ dd if=/dev/zero of=.gitattributes bs=101M count=1 2>/dev/null &&
+ git check-attr --all path >/dev/null 2>err &&
+ echo "warning: ignoring overly large gitattributes file ${SQ}.gitattributes${SQ}" >expect &&
+ test_cmp expect err
+'
+
+test_expect_success 'large attributes line ignored in index' '
+ test_when_finished "git update-index --remove .gitattributes" &&
+ blob=$(printf "path %02043d" 1 | git hash-object -w --stdin) &&
+ git update-index --add --cacheinfo 100644,$blob,.gitattributes &&
+ git check-attr --cached --all path >actual 2>err &&
+ echo "warning: ignoring overly long attributes line 1" >expect &&
+ test_cmp expect err &&
+ test_must_be_empty actual
+'
+
+test_expect_success 'large attributes line ignores trailing content in index' '
+ test_when_finished "git update-index --remove .gitattributes" &&
+ blob=$(printf "a %02045dtrailing attribute\n" 1 | git hash-object -w --stdin) &&
+ git update-index --add --cacheinfo 100644,$blob,.gitattributes &&
+ git check-attr --cached --all trailing >actual 2>err &&
+ echo "warning: ignoring overly long attributes line 1" >expect &&
+ test_cmp expect err &&
+ test_must_be_empty actual
+'
+
+test_expect_success EXPENSIVE 'large attributes file ignored in index' '
+ test_when_finished "git update-index --remove .gitattributes" &&
+ blob=$(dd if=/dev/zero bs=101M count=1 2>/dev/null | git hash-object -w --stdin) &&
+ git update-index --add --cacheinfo 100644,$blob,.gitattributes &&
+ git check-attr --cached --all path >/dev/null 2>err &&
+ echo "warning: ignoring overly large gitattributes blob ${SQ}.gitattributes${SQ}" >expect &&
+ test_cmp expect err
+'
+
test_done
diff -ur b/t/t4205-log-pretty-formats.sh a/t/t4205-log-pretty-formats.sh
--- b/t/t4205-log-pretty-formats.sh 2021-03-26 23:03:34.000000000 +0100
+++ a/t/t4205-log-pretty-formats.sh 2023-01-25 17:40:19.966850121 +0100
@@ -962,4 +962,80 @@
test_cmp expect actual
'
+test_expect_success 'log --pretty with space stealing' '
+ printf mm0 >expect &&
+ git log -1 --pretty="format:mm%>>|(1)%x30" >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success 'log --pretty with invalid padding format' '
+ printf "%s%%<(20" "$(git rev-parse HEAD)" >expect &&
+ git log -1 --pretty="format:%H%<(20" >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success 'log --pretty with magical wrapping directives' '
+ commit_id=$(git commit-tree HEAD^{tree} -m "describe me") &&
+ git tag describe-me $commit_id &&
+ printf "\n(tag:\ndescribe-me)%%+w(2)" >expect &&
+ git log -1 --pretty="format:%w(1)%+d%+w(2)" $commit_id >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping directive' '
+ printf "%%w(2147483649,1,1)0" >expect &&
+ git log -1 --pretty="format:%w(2147483649,1,1)%x30" >actual &&
+ test_cmp expect actual &&
+ printf "%%w(1,2147483649,1)0" >expect &&
+ git log -1 --pretty="format:%w(1,2147483649,1)%x30" >actual &&
+ test_cmp expect actual &&
+ printf "%%w(1,1,2147483649)0" >expect &&
+ git log -1 --pretty="format:%w(1,1,2147483649)%x30" >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing padding directive' '
+ printf "%%<(2147483649)0" >expect &&
+ git log -1 --pretty="format:%<(2147483649)%x30" >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success 'log --pretty with padding and preceding control chars' '
+ printf "\20\20 0" >expect &&
+ git log -1 --pretty="format:%x10%x10%>|(4)%x30" >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success 'log --pretty truncation with control chars' '
+ test_commit "$(printf "\20\20\20\20xxxx")" file contents commit-with-control-chars &&
+ printf "\20\20\20\20x.." >expect &&
+ git log -1 --pretty="format:%<(3,trunc)%s" commit-with-control-chars >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' '
+ # We only assert that this command does not crash. This needs to be
+ # executed with the address sanitizer to demonstrate failure.
+ git log -1 --pretty="format:%>(2147483646)%x41%41%>(2147483646)%x41" >/dev/null
+'
+
+test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'set up huge commit' '
+ test-tool genzeros 2147483649 | tr "\000" "1" >expect &&
+ huge_commit=$(git commit-tree -F expect HEAD^{tree})
+'
+
+test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' '
+ git log -1 --format="%B%<(1)%x30" $huge_commit >actual &&
+ echo 0 >>expect &&
+ test_cmp expect actual
+'
+
+test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message does not cause allocation failure' '
+ test_must_fail git log -1 --format="%<(1)%B" $huge_commit 2>error &&
+ cat >expect <<-EOF &&
+ fatal: number too large to represent as int on this platform: 2147483649
+ EOF
+ test_cmp expect error
+'
+
test_done
diff -ur b/t/test-lib.sh a/t/test-lib.sh
--- b/t/test-lib.sh 2021-03-26 23:03:34.000000000 +0100
+++ a/t/test-lib.sh 2023-01-25 17:41:35.007391936 +0100
@@ -1635,6 +1635,10 @@
sed -ne "s/^$1: //p"
}
+test_lazy_prereq SIZE_T_IS_64BIT '
+ test 8 -eq "$(build_option sizeof-size_t)"
+'
+
test_lazy_prereq LONG_IS_64BIT '
test 8 -le "$(build_option sizeof-long)"
'
diff -ur b/utf8.c a/utf8.c
--- b/utf8.c 2021-03-26 23:03:34.000000000 +0100
+++ a/utf8.c 2023-01-25 18:34:55.927040924 +0100
@@ -206,26 +206,34 @@
* string, assuming that the string is utf8. Returns strlen() instead
* if the string does not look like a valid utf8 string.
*/
-int utf8_strnwidth(const char *string, int len, int skip_ansi)
+int utf8_strnwidth(const char *string, size_t len, int skip_ansi)
{
- int width = 0;
const char *orig = string;
+ size_t width = 0;
- if (len == -1)
- len = strlen(string);
while (string && string < orig + len) {
- int skip;
+ int glyph_width;
+ size_t skip;
+
while (skip_ansi &&
(skip = display_mode_esc_sequence_len(string)) != 0)
string += skip;
- width += utf8_width(&string, NULL);
+
+ glyph_width = utf8_width(&string, NULL);
+ if (glyph_width > 0)
+ width += glyph_width;
}
- return string ? width : len;
+
+ /*
+ * TODO: fix the interface of this function and `utf8_strwidth()` to
+ * return `size_t` instead of `int`.
+ */
+ return cast_size_t_to_int(string ? width : len);
}
int utf8_strwidth(const char *string)
{
- return utf8_strnwidth(string, -1, 0);
+ return utf8_strnwidth(string, strlen(string), 0);
}
int is_utf8(const char *text)
@@ -357,51 +365,51 @@
void strbuf_utf8_replace(struct strbuf *sb_src, int pos, int width,
const char *subst)
{
- struct strbuf sb_dst = STRBUF_INIT;
- char *src = sb_src->buf;
- char *end = src + sb_src->len;
- char *dst;
- int w = 0, subst_len = 0;
-
- if (subst)
- subst_len = strlen(subst);
- strbuf_grow(&sb_dst, sb_src->len + subst_len);
- dst = sb_dst.buf;
+ const char *src = sb_src->buf, *end = sb_src->buf + sb_src->len;
+ struct strbuf dst;
+ int w = 0;
+
+ strbuf_init(&dst, sb_src->len);
while (src < end) {
- char *old;
+ const char *old;
+ int glyph_width;
size_t n;
while ((n = display_mode_esc_sequence_len(src))) {
- memcpy(dst, src, n);
+ strbuf_add(&dst, src, n);
src += n;
- dst += n;
}
if (src >= end)
break;
old = src;
- n = utf8_width((const char**)&src, NULL);
- if (!src) /* broken utf-8, do nothing */
+ glyph_width = utf8_width((const char**)&src, NULL);
+ if (!src) /* broken utf-8, do nothing */
goto out;
- if (n && w >= pos && w < pos + width) {
+
+ /*
+ * In case we see a control character we copy it into the
+ * buffer, but don't add it to the width.
+ */
+ if (glyph_width < 0)
+ glyph_width = 0;
+
+ if (glyph_width && w >= pos && w < pos + width) {
if (subst) {
- memcpy(dst, subst, subst_len);
- dst += subst_len;
+ strbuf_addstr(&dst, subst);
subst = NULL;
}
- w += n;
- continue;
+ } else {
+ strbuf_add(&dst, old, src - old);
}
- memcpy(dst, old, src - old);
- dst += src - old;
- w += n;
+
+ w += glyph_width;
}
- strbuf_setlen(&sb_dst, dst - sb_dst.buf);
- strbuf_swap(sb_src, &sb_dst);
+ strbuf_swap(sb_src, &dst);
out:
- strbuf_release(&sb_dst);
+ strbuf_release(&dst);
}
/*
@@ -791,7 +799,7 @@
void strbuf_utf8_align(struct strbuf *buf, align_type position, unsigned int width,
const char *s)
{
- int slen = strlen(s);
+ size_t slen = strlen(s);
int display_len = utf8_strnwidth(s, slen, 0);
int utf8_compensation = slen - display_len;
diff -ur b/utf8.h a/utf8.h
--- b/utf8.h 2021-03-26 23:03:34.000000000 +0100
+++ a/utf8.h 2023-01-25 17:22:31.971590518 +0100
@@ -7,7 +7,7 @@
size_t display_mode_esc_sequence_len(const char *s);
int utf8_width(const char **start, size_t *remainder_p);
-int utf8_strnwidth(const char *string, int len, int skip_ansi);
+int utf8_strnwidth(const char *string, size_t len, int skip_ansi);
int utf8_strwidth(const char *string);
int is_utf8(const char *text);
int is_encoding_utf8(const char *name);

Binary file not shown.

@ -1,7 +1,7 @@
diff -ur a/builtin/receive-pack.c b/builtin/receive-pack.c
--- a/builtin/receive-pack.c 2020-06-01 17:49:27.000000000 +0200
+++ b/builtin/receive-pack.c 2020-06-15 15:28:48.149268576 +0200
@@ -29,6 +29,8 @@
--- a/builtin/receive-pack.c 2022-10-07 06:48:26.000000000 +0200
+++ b/builtin/receive-pack.c 2022-11-21 16:34:02.417278135 +0100
@@ -30,6 +30,8 @@
#include "commit-reach.h"
#include "worktree.h"
#include "shallow.h"
@ -10,7 +10,7 @@ diff -ur a/builtin/receive-pack.c b/builtin/receive-pack.c
static const char * const receive_pack_usage[] = {
N_("git receive-pack <git-dir>"),
@@ -419,43 +421,11 @@
@@ -528,43 +530,11 @@
return 0;
}
@ -57,10 +57,10 @@ diff -ur a/builtin/receive-pack.c b/builtin/receive-pack.c
static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp)
diff -ur a/Makefile b/Makefile
--- a/Makefile 2020-06-01 17:49:27.000000000 +0200
+++ b/Makefile 2020-06-15 15:00:45.212758547 +0200
@@ -1830,6 +1830,8 @@
BASIC_CFLAGS += -DHAVE_GETDELIM
--- a/Makefile 2022-10-07 06:48:26.000000000 +0200
+++ b/Makefile 2022-11-21 16:35:56.986792752 +0100
@@ -2008,6 +2008,8 @@
EXTLIBS += -lcrypto -lssl
endif
+EXTLIBS += -lcrypto

Binary file not shown.

@ -1,62 +0,0 @@
diff -ur b/t/lib-git-svn.sh c/t/lib-git-svn.sh
--- b/t/lib-git-svn.sh 2021-03-26 23:03:34.000000000 +0100
+++ c/t/lib-git-svn.sh 2023-01-26 13:39:32.822183929 +0100
@@ -13,6 +13,7 @@
GIT_DIR=$PWD/.git
GIT_SVN_DIR=$GIT_DIR/svn/refs/remotes/git-svn
SVN_TREE=$GIT_SVN_DIR/svn-tree
+SVNSERVE_PIDFILE="$PWD"/daemon.pid
test_set_port SVNSERVE_PORT
svn >/dev/null 2>&1
@@ -115,10 +116,35 @@
}
start_svnserve () {
- svnserve --listen-port $SVNSERVE_PORT \
- --root "$rawsvnrepo" \
- --listen-once \
- --listen-host 127.0.0.1 &
+ test_atexit stop_svnserve
+
+ i=0
+ while test $i -lt ${GIT_TEST_START_SVNSERVE_TRIES:-3}
+ do
+ say >&3 "Starting svnserve on port $SVNSERVE_PORT ..."
+ svnserve --listen-port $SVNSERVE_PORT \
+ --root "$rawsvnrepo" \
+ --daemon --pid-file="$SVNSERVE_PIDFILE" \
+ --listen-host 127.0.0.1
+ ret=$?
+ # increment port and retry if unsuccessful
+ if test $ret -ne 0
+ then
+ SVNSERVE_PORT=$(($SVNSERVE_PORT + 1))
+ export SVNSERVE_PORT
+ else
+ break
+ fi
+ done
+}
+
+stop_svnserve () {
+ say >&3 "Stopping svnserve ..."
+ SVNSERVE_PID="$(cat "$SVNSERVE_PIDFILE")"
+ if test -n "$SVNSERVE_PID"
+ then
+ kill "$SVNSERVE_PID" 2>/dev/null
+ fi
}
prepare_a_utf8_locale () {
diff -ur b/t/t9113-git-svn-dcommit-new-file.sh c/t/t9113-git-svn-dcommit-new-file.sh
--- b/t/t9113-git-svn-dcommit-new-file.sh 2021-03-26 23:03:34.000000000 +0100
+++ c/t/t9113-git-svn-dcommit-new-file.sh 2023-01-26 13:39:30.314168109 +0100
@@ -28,7 +28,6 @@
echo hello > git-new-dir/world &&
git update-index --add git-new-dir/world &&
git commit -m hello &&
- start_svnserve &&
git svn dcommit
"

@ -92,12 +92,15 @@
%global build_ldflags -Wl,-z,relro -Wl,-z,now
%endif
# Set path to the package-notes linker script
%global _package_note_file %{_builddir}/%{name}-%{version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld
# Define for release candidates
#global rcrev .rc0
Name: git
Version: 2.31.1
Release: 3%{?rcrev}%{?dist}
Version: 2.39.1
Release: 1%{?rcrev}%{?dist}
Summary: Fast Version Control System
License: GPLv2
URL: https://git-scm.com/
@ -129,19 +132,17 @@ Source99: print-failed-test-output
# https://bugzilla.redhat.com/490602
Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch
# https://bugzilla.redhat.com/1956345
Patch1: git-2.27.0-core-crypto-hmac.patch
# https://bugzilla.redhat.com/2162069
Patch2: git-2.31.1-cve-2022-23521-cve-2022-41903.patch
Patch1: git-2.38.1-core-crypto-hmac.patch
# https://bugzilla.redhat.com/2114531
# tests: try harder to find open ports for apache, git, and svn
#
# https://github.com/tmzullinger/git/commit/aedeaaf788
Patch3: 0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch
Patch2: 0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch
# https://github.com/tmzullinger/git/commit/16750d024c
Patch4: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch
Patch3: 0002-t-lib-git-daemon-try-harder-to-find-a-port.patch
# https://github.com/tmzullinger/git/commit/aa5105dc11
Patch5: t-lib-git-svn-try-harder-to-find-a-port-2.31.1.patch
Patch4: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch
%if %{with docs}
# pod2man is needed to build Git.3pm
@ -153,6 +154,7 @@ BuildRequires: rubygem-asciidoctor
BuildRequires: asciidoc >= 8.4.1
%endif
# endif with asciidoctor
BuildRequires: perl(File::Compare)
BuildRequires: xmlto
%if %{with linkcheck}
BuildRequires: linkchecker
@ -216,6 +218,8 @@ BuildRequires: acl
%if 0%{?fedora} >= 27 || 0%{?rhel} > 7
# Needed by t5540-http-push-webdav.sh
BuildRequires: apr-util-bdb
# Needed by t5559-http-fetch-smart-http2.sh
BuildRequires: mod_http2
%endif
# endif fedora >= 27
BuildRequires: bash
@ -431,7 +435,22 @@ Summary: Git tools for sending patches via email
BuildArch: noarch
Requires: git = %{version}-%{release}
Requires: perl(Authen::SASL)
Requires: perl(Cwd)
Requires: perl(File::Spec)
Requires: perl(File::Spec::Functions)
Requires: perl(File::Temp)
Requires: perl(IO::Socket::SSL)
Requires: perl(Mail::Address)
Requires: perl(MIME::Base64)
Requires: perl(MIME::QuotedPrint)
Requires: perl(Net::Domain)
Requires: perl(Net::SMTP)
Requires: perl(Net::SMTP::SSL)
Requires: perl(POSIX)
Requires: perl(Sys::Hostname)
Requires: perl(Term::ANSIColor)
Requires: perl(Term::ReadLine)
Requires: perl(Text::ParseWords)
%description email
%{summary}.
@ -651,25 +670,17 @@ export SOURCE_DATE_EPOCH=$(date -r version +%%s 2>/dev/null)
# Fix shebang in a few places to silence rpmlint complaints
%if %{with python2}
sed -i -e '1s@#! */usr/bin/env python$@#!%{__python2}@' \
contrib/fast-import/import-zips.py \
contrib/hooks/multimail/git_multimail.py \
contrib/hooks/multimail/migrate-mailhook-config \
contrib/hooks/multimail/post-receive.example
contrib/fast-import/import-zips.py
%else
# Remove contrib/fast-import/import-zips.py which requires python2.
rm -rf contrib/fast-import/import-zips.py
%endif
# endif with python2
# The multimail hook is installed with git. Use python3 to avoid an
# unnecessary python2 dependency, if possible. Also fix contrib/hg-to-git
# while here.
# Use python3 to avoid an unnecessary python2 dependency, if possible.
%if %{with python3}
sed -i -e '1s@#!\( */usr/bin/env python\|%{__python2}\)$@#!%{__python3}@' \
contrib/hg-to-git/hg-to-git.py \
contrib/hooks/multimail/git_multimail.py \
contrib/hooks/multimail/migrate-mailhook-config \
contrib/hooks/multimail/post-receive.example
contrib/hg-to-git/hg-to-git.py
%endif
# endif with python3
@ -714,6 +725,9 @@ install -Dpm 0755 contrib/diff-highlight/diff-highlight \
%{buildroot}%{_datadir}/git-core/contrib/diff-highlight
rm -rf contrib/diff-highlight/{Makefile,diff-highlight,*.perl,t}
# Remove contrib/scalar to avoid cruft in the git-core-doc docdir
rm -rf contrib/scalar
# Clean up contrib/subtree to avoid cruft in the git-core-doc docdir
rm -rf contrib/subtree/{INSTALL,Makefile,git-subtree*,t}
@ -777,9 +791,6 @@ mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion
install -pm 644 contrib/completion/git-completion.tcsh \
%{buildroot}%{_datadir}/git-core/contrib/completion/
# Drop .py extension from git_multimail to avoid byte-compiling
mv contrib/hooks/multimail/git_multimail{.py,}
# Move contrib/hooks out of %%docdir
mkdir -p %{buildroot}%{_datadir}/git-core/contrib
mv contrib/hooks %{buildroot}%{_datadir}/git-core/contrib
@ -867,8 +878,11 @@ find %{buildroot}%{_pkgdocdir} -name "*.html" -print0 | xargs -r0 linkchecker
%endif
# endif with docs && with linkcheck
# t5559-http-fetch-smart-http2 runs t5551-http-fetch-smart with
# HTTP_PROTO=HTTP/2. Unfortunately, it fails quite regularly.
# https://lore.kernel.org/git/Y4fUntdlc1mqwad5@pobox.com/
# Tests to skip on all releases and architectures
GIT_SKIP_TESTS=""
GIT_SKIP_TESTS="t5559"
%ifarch aarch64 %{arm} %{power64}
# Skip tests which fail on aarch64, arm, and ppc
@ -877,20 +891,39 @@ GIT_SKIP_TESTS=""
# to limit the maximum stack size.
# t5541.35 'push 2000 tags over http'
# t5551.25 'clone the 2,000 tag repo to check OS command line overflow'
GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.35 t5551.25"
GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5541.37 t5551.25"
%endif
# endif aarch64 %%{arm} %%{power64}
%ifarch %{power64}
# Skip tests which fail on ppc
%if 0%{?rhel} == 8 && "%{_arch}" == "s390x"
# Skip tests which fail on s390x on rhel-8
#
# t9115-git-svn-dcommit-funky-renames is disabled because it frequently fails.
# The port it uses (9115) is already in use. It is unclear if this is
# due to an issue in the test suite or a conflict with some other process on
# the build host. It only appears to occur on ppc-arches.
GIT_SKIP_TESTS="$GIT_SKIP_TESTS t9115"
%endif
# endif %%{power64}
# The following tests fail on s390x & el8. The cause should be investigated.
# However, it's a lower priority since the same tests work consistently on
# s390x with Fedora and RHEL-9. The failures seem to originate in t5300.
#
# t5300.10 'unpack without delta'
# t5300.12 'unpack with REF_DELTA'
# t5300.13 'unpack with REF_DELTA'
# t5300.14 'unpack with OFS_DELTA'
# t5300.18 'compare delta flavors'
# t5300.20 'use packed deltified (REF_DELTA) objects'
# t5300.23 'verify pack'
# t5300.24 'verify pack -v'
# t5300.25 'verify-pack catches mismatched .idx and .pack files'
# t5300.29 'verify-pack catches a corrupted sum of the index file itself'
# t5300.30 'build pack index for an existing pack'
# t5300.45 'make sure index-pack detects the SHA1 collision'
# t5300.46 'make sure index-pack detects the SHA1 collision (large blobs)'
# t5303.5 'create corruption in data of first object'
# t5303.7 '... and loose copy of second object allows for partial recovery'
# t5303.11 'create corruption in data of first delta'
# t6300.35 'basic atom: head objectsize:disk'
# t6300.91 'basic atom: tag objectsize:disk'
# t6300.92 'basic atom: tag *objectsize:disk'
GIT_SKIP_TESTS="$GIT_SKIP_TESTS t5300.1[02348] t5300.2[03459] t5300.30 t5300.4[56] t5303.[57] t5303.11 t6300.35 t6300.9[12]"
%endif
# endif rhel == 8 && arch == s390x
export GIT_SKIP_TESTS
@ -898,11 +931,13 @@ export GIT_SKIP_TESTS
export LANG=en_US.UTF-8
# Explicitly enable tests which may be skipped opportunistically
# (Check for variables set via test_tristate in the test suite)
export GIT_SVN_TEST_HTTPD=true
# Check for variables set via test_bool_env in the test suite:
# git grep 'test_bool_env GIT_' -- t/{lib-,t[0-9]}*.sh |
# sed -r 's/.* (GIT_[^ ]+) .*/\1/g' | sort -u
export GIT_TEST_GIT_DAEMON=true
export GIT_TEST_HTTPD=true
export GIT_TEST_SVNSERVE=true
export GIT_TEST_SVN_HTTPD=true
# Create tmpdir for test output and update GIT_TEST_OPTS
# Also update GIT-BUILD-OPTIONS to keep make from any needless rebuilding
@ -942,7 +977,6 @@ rmdir --ignore-fail-on-non-empty "$testdir"
%endif
# endif with emacs && emacs_filesystem
%{_datadir}/git-core/contrib/diff-highlight
%{_datadir}/git-core/contrib/hooks/multimail
%{_datadir}/git-core/contrib/hooks/update-paranoid
%{_datadir}/git-core/contrib/hooks/setgitperms.perl
%{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample
@ -959,7 +993,6 @@ rmdir --ignore-fail-on-non-empty "$testdir"
%license COPYING
# exclude is best way here because of troubles with symlinks inside git-core/
%exclude %{_datadir}/git-core/contrib/diff-highlight
%exclude %{_datadir}/git-core/contrib/hooks/multimail
%exclude %{_datadir}/git-core/contrib/hooks/update-paranoid
%exclude %{_datadir}/git-core/contrib/hooks/setgitperms.perl
%exclude %{_datadir}/git-core/templates/hooks/fsmonitor-watchman.sample
@ -1084,10 +1117,21 @@ rmdir --ignore-fail-on-non-empty "$testdir"
%{?with_docs:%{_pkgdocdir}/git-svn.html}
%changelog
* Wed Jan 25 2023 Ondřej Pohořelský <opohorel@redhat.com> - 2.31.1-3
- Fixes CVE-2022-23521 and CVE-2022-41903
- Tests: try harder to find open ports for apache, git, and svn
- Resolves: #2162069
* Thu Jan 19 2023 Ondřej Pohořelský <opohorel@redhat.com> - 2.39.1-1
- Update to 2.39.1
- Resolves: #2162070
* Wed Dec 14 2022 Ondřej Pohořelský <opohorel@redhat.com> - 2.39.0-2
- Remove perl(Email::Valid) require from git-email
- Related: #2139379
* Tue Dec 13 2022 Ondřej Pohořelský <opohorel@redhat.com> - 2.39.0-1
- Update to 2.39.0
- Related: #2139379
* Wed Dec 07 2022 Ondřej Pohořelský <opohorel@redhat.com> - 2.38.1-1
- Update to 2.38.1
- Resolves: #2139379
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.31.1-2.2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
@ -1095,8 +1139,7 @@ rmdir --ignore-fail-on-non-empty "$testdir"
* Tue Jun 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.31.1-2.1
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
Related: rhbz#1971065
* Mon May 03 2021 Ondřej Pohořelský <opohorel@redhat.com> - 2.31.1-2
- Use HMAC from libcrypto instead of git's implementation

Loading…
Cancel
Save