New upstream version 1.7.2+ds

This commit is contained in:
Timo Röhling 2024-02-08 09:08:57 +01:00
parent d11d1f257e
commit 810f20f573
8 changed files with 56 additions and 8 deletions

View File

@ -6,7 +6,7 @@
cmake_minimum_required(VERSION 3.5.1)
project(libgit2 VERSION "1.7.1" LANGUAGES C)
project(libgit2 VERSION "1.7.2" LANGUAGES C)
# Add find modules to the path
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake")

View File

@ -1,3 +1,20 @@
v1.7.2
------
## What's Changed
This release fixes three bugs that can cause undefined behavior when given well-crafted inputs, either in input files or over network connections. These bugs may be able to be leveraged to cause denial of service attacks or unauthorized code execution.
Two of these issues were discovered and reported by security engineers at Amazon Web Services. We thank the AWS Security team for their efforts to identify these issues, provide helpful reproduction cases, and responsibly disclose their findings.
### Security fixes
* transport: safely handle messages with no caps
* revparse: fix parsing bug for trailing `@`
* index: correct index has_dir_name check
**Full Changelog**: https://github.com/libgit2/libgit2/compare/v1.7.1...v1.7.2
v1.7.1
------

View File

@ -11,7 +11,7 @@
* The version string for libgit2. This string follows semantic
* versioning (v2) guidelines.
*/
#define LIBGIT2_VERSION "1.7.1"
#define LIBGIT2_VERSION "1.7.2"
/** The major version number for this version of libgit2. */
#define LIBGIT2_VER_MAJOR 1
@ -20,7 +20,7 @@
#define LIBGIT2_VER_MINOR 7
/** The revision ("teeny") version number for this version of libgit2. */
#define LIBGIT2_VER_REVISION 1
#define LIBGIT2_VER_REVISION 2
/** The Windows DLL patch number for this version of libgit2. */
#define LIBGIT2_VER_PATCH 0

View File

@ -1,6 +1,6 @@
{
"name": "libgit2",
"version": "1.7.1",
"version": "1.7.2",
"repo": "https://github.com/libgit2/libgit2",
"description": " A cross-platform, linkable library implementation of Git that you can use in your application.",
"install": "mkdir build && cd build && cmake .. && cmake --build ."

View File

@ -1185,10 +1185,13 @@ static int has_dir_name(git_index *index,
size_t len, pos;
for (;;) {
if (*--slash == '/')
break;
slash--;
if (slash <= entry->path)
return 0;
if (*slash == '/')
break;
}
len = slash - name;

View File

@ -701,6 +701,7 @@ static int revparse(
git_object *base_rev = NULL;
bool should_return_reference = true;
bool parsed = false;
GIT_ASSERT_ARG(object_out);
GIT_ASSERT_ARG(reference_out);
@ -710,7 +711,7 @@ static int revparse(
*object_out = NULL;
*reference_out = NULL;
while (spec[pos]) {
while (!parsed && spec[pos]) {
switch (spec[pos]) {
case '^':
should_return_reference = false;
@ -817,6 +818,8 @@ static int revparse(
break;
} else if (spec[pos+1] == '\0') {
spec = "HEAD";
identifier_len = 4;
parsed = true;
break;
}
/* fall through */

View File

@ -232,7 +232,8 @@ static int set_data(
GIT_ASSERT_ARG(data);
if ((caps = memchr(line, '\0', len)) != NULL) {
if ((caps = memchr(line, '\0', len)) != NULL &&
len > (size_t)((caps - line) + 1)) {
caps++;
if (strncmp(caps, "object-format=", CONST_STRLEN("object-format=")) == 0)

View File

@ -82,3 +82,27 @@ void test_index_add__invalid_entries_succeeds_by_default(void)
test_add_entry(true, valid_commit_id, GIT_FILEMODE_LINK);
}
void test_index_add__two_slash_prefixed(void)
{
git_index_entry one = {{0}}, two = {{0}};
const git_index_entry *result;
size_t orig_count;
orig_count = git_index_entrycount(g_index);
cl_git_pass(git_oid__fromstr(&one.id, "fa49b077972391ad58037050f2a75f74e3671e92", GIT_OID_SHA1));
one.path = "/a";
one.mode = GIT_FILEMODE_BLOB;
cl_git_pass(git_oid__fromstr(&two.id, "3697d64be941a53d4ae8f6a271e4e3fa56b022cc", GIT_OID_SHA1));
two.path = "/a";
two.mode = GIT_FILEMODE_BLOB;
cl_git_pass(git_index_add(g_index, &one));
cl_git_pass(git_index_add(g_index, &two));
cl_assert_equal_i(orig_count + 1, git_index_entrycount(g_index));
cl_assert(result = git_index_get_bypath(g_index, "/a", 0));
cl_assert_equal_oid(&two.id, &result->id);
}