From efa63deedacd250fd20b86419769ad1c4ea6629a Mon Sep 17 00:00:00 2001 From: David Knaack Date: Mon, 9 May 2022 09:32:15 +0200 Subject: [PATCH] update libgit2 to 1.4.3 CVE 2022-24765 --- Cargo.toml | 4 ++-- git2-curl/Cargo.toml | 2 +- git2-curl/tests/all.rs | 5 +++++ libgit2-sys/Cargo.toml | 2 +- libgit2-sys/build.rs | 27 +++++++++++++-------------- libgit2-sys/lib.rs | 4 +++- libgit2-sys/libgit2 | 2 +- src/lib.rs | 2 +- src/opts.rs | 13 +++++++++++++ src/test.rs | 12 ++++++++++++ 10 files changed, 52 insertions(+), 21 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 84ca63a788..ff38c77e09 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "git2" -version = "0.14.3" +version = "0.15.0" authors = ["Josh Triplett ", "Alex Crichton "] license = "MIT OR Apache-2.0" readme = "README.md" @@ -20,7 +20,7 @@ url = "2.0" bitflags = "1.1.0" libc = "0.2" log = "0.4.8" -libgit2-sys = { path = "libgit2-sys", version = "0.13.3" } +libgit2-sys = { path = "libgit2-sys", version = "0.14.0+1.4.3" } [target."cfg(all(unix, not(target_os = \"macos\")))".dependencies] openssl-sys = { version = "0.9.0", optional = true } diff --git a/git2-curl/Cargo.toml b/git2-curl/Cargo.toml index a52bc21cfe..e249c7bca9 100644 --- a/git2-curl/Cargo.toml +++ b/git2-curl/Cargo.toml @@ -16,7 +16,7 @@ edition = "2018" curl = "0.4.33" url = "2.0" log = "0.4" -git2 = { path = "..", version = "0.14", default-features = false } +git2 = { path = "..", version = "0.15", default-features = false } [dev-dependencies] civet = "0.11" diff --git a/git2-curl/tests/all.rs b/git2-curl/tests/all.rs index c7f09dd40a..4fc327790a 100644 --- a/git2-curl/tests/all.rs +++ b/git2-curl/tests/all.rs @@ -9,6 +9,11 @@ const PORT: u16 = 7848; fn main() { unsafe { git2_curl::register(curl::easy::Easy::new()); + + // In tests on Windows, the repository is created in a temporary directory. + // The ownership check will fail in these directories, so we need to disable it in tests. + #[cfg(windows)] + let _ = git2::opts::set_verify_owner_validation(false); } // Spin up a server for git-http-backend diff --git a/libgit2-sys/Cargo.toml b/libgit2-sys/Cargo.toml index 8258c7a63d..5c52b0b4f2 100644 --- a/libgit2-sys/Cargo.toml +++ b/libgit2-sys/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libgit2-sys" -version = "0.13.3+1.4.2" +version = "0.14.0+1.4.3" authors = ["Josh Triplett ", "Alex Crichton "] links = "git2" build = "build.rs" diff --git a/libgit2-sys/build.rs b/libgit2-sys/build.rs index ef0468b40e..e655b3ea22 100644 --- a/libgit2-sys/build.rs +++ b/libgit2-sys/build.rs @@ -15,7 +15,7 @@ fn main() { if try_to_use_system_libgit2 { let mut cfg = pkg_config::Config::new(); if let Ok(lib) = cfg - .range_version("1.4.0".."1.5.0") + .range_version("1.4.3".."1.5.0") .print_system_libs(false) .probe("libgit2") { @@ -45,21 +45,20 @@ fn main() { cp_r("libgit2/include", &include); cfg.include(&include) - .include("libgit2/src/libgit2") + .include("libgit2/src") .include("libgit2/src/util") .out_dir(dst.join("build")) .warnings(false); // Include all cross-platform C files - add_c_files(&mut cfg, "libgit2/src/libgit2"); - add_c_files(&mut cfg, "libgit2/src/util"); - add_c_files(&mut cfg, "libgit2/src/libgit2/xdiff"); + add_c_files(&mut cfg, "libgit2/src"); + add_c_files(&mut cfg, "libgit2/src/xdiff"); // These are activated by features, but they're all unconditionally always // compiled apparently and have internal #define's to make sure they're // compiled correctly. - add_c_files(&mut cfg, "libgit2/src/libgit2/transports"); - add_c_files(&mut cfg, "libgit2/src/libgit2/streams"); + add_c_files(&mut cfg, "libgit2/src/transports"); + add_c_files(&mut cfg, "libgit2/src/streams"); // Always use bundled http-parser for now cfg.include("libgit2/deps/http-parser") @@ -88,11 +87,11 @@ fn main() { // when when COMPILE_PCRE8 is not defined, which is the default. add_c_files(&mut cfg, "libgit2/deps/pcre"); - cfg.file("libgit2/src/util/allocators/failalloc.c"); - cfg.file("libgit2/src/util/allocators/stdalloc.c"); + cfg.file("libgit2/src/allocators/failalloc.c"); + cfg.file("libgit2/src/allocators/stdalloc.c"); if windows { - add_c_files(&mut cfg, "libgit2/src/util/win32"); + add_c_files(&mut cfg, "libgit2/src/win32"); cfg.define("STRSAFE_NO_DEPRECATE", None); cfg.define("WIN32", None); cfg.define("_WIN32_WINNT", Some("0x0600")); @@ -104,7 +103,7 @@ fn main() { cfg.define("__USE_MINGW_ANSI_STDIO", "1"); } } else { - add_c_files(&mut cfg, "libgit2/src/util/unix"); + add_c_files(&mut cfg, "libgit2/src/unix"); cfg.flag("-fvisibility=hidden"); } if target.contains("solaris") || target.contains("illumos") { @@ -162,9 +161,9 @@ fn main() { cfg.define("SHA1DC_NO_STANDARD_INCLUDES", "1"); cfg.define("SHA1DC_CUSTOM_INCLUDE_SHA1_C", "\"common.h\""); cfg.define("SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C", "\"common.h\""); - cfg.file("libgit2/src/util/hash/sha1/collisiondetect.c"); - cfg.file("libgit2/src/util/hash/sha1/sha1dc/sha1.c"); - cfg.file("libgit2/src/util/hash/sha1/sha1dc/ubc_check.c"); + cfg.file("libgit2/src/hash/sha1/collisiondetect.c"); + cfg.file("libgit2/src/hash/sha1/sha1dc/sha1.c"); + cfg.file("libgit2/src/hash/sha1/sha1dc/ubc_check.c"); if let Some(path) = env::var_os("DEP_Z_INCLUDE") { cfg.include(path); diff --git a/libgit2-sys/lib.rs b/libgit2-sys/lib.rs index 259d5e8df1..7e468d7d26 100644 --- a/libgit2-sys/lib.rs +++ b/libgit2-sys/lib.rs @@ -1,4 +1,4 @@ -#![doc(html_root_url = "https://docs.rs/libgit2-sys/0.13")] +#![doc(html_root_url = "https://docs.rs/libgit2-sys/0.14")] #![allow(non_camel_case_types, unused_extern_crates)] // This is required to link libz when libssh2-sys is not included. @@ -1894,6 +1894,8 @@ git_enum! { GIT_OPT_SET_ODB_LOOSE_PRIORITY, GIT_OPT_GET_EXTENSIONS, GIT_OPT_SET_EXTENSIONS, + GIT_OPT_GET_OWNER_VALIDATION, + GIT_OPT_SET_OWNER_VALIDATION, } } diff --git a/libgit2-sys/libgit2 b/libgit2-sys/libgit2 index 2a0d0bd19b..465bbf88ea 160000 --- a/libgit2-sys/libgit2 +++ b/libgit2-sys/libgit2 @@ -1 +1 @@ -Subproject commit 2a0d0bd19b5d13e2ab7f3780e094404828cbb9a7 +Subproject commit 465bbf88ea939a965fbcbade72870c61f815e457 diff --git a/src/lib.rs b/src/lib.rs index cdc3648d83..11337e3bd9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -65,7 +65,7 @@ //! source `Repository`, to ensure that they do not outlive the repository //! itself. -#![doc(html_root_url = "https://docs.rs/git2/0.14")] +#![doc(html_root_url = "https://docs.rs/git2/0.15")] #![allow(trivial_numeric_casts, trivial_casts)] #![deny(missing_docs)] #![warn(rust_2018_idioms)] diff --git a/src/opts.rs b/src/opts.rs index a89df4e1c9..dc902aee63 100644 --- a/src/opts.rs +++ b/src/opts.rs @@ -178,6 +178,19 @@ where Ok(()) } +/// Set wheter or not to verify ownership before performing a repository. +/// Enabled by default, but disabling this can lead to code execution vulnerabilities. +pub unsafe fn set_verify_owner_validation(enabled: bool) -> Result<(), Error> { + let error = raw::git_libgit2_opts( + raw::GIT_OPT_SET_OWNER_VALIDATION as libc::c_int, + enabled as libc::c_int, + ); + // This function cannot actually fail, but the function has an error return + // for other options that can. + debug_assert!(error >= 0); + Ok(()) +} + #[cfg(test)] mod test { use super::*; diff --git a/src/test.rs b/src/test.rs index c1ff1de21f..f36d4eec43 100644 --- a/src/test.rs +++ b/src/test.rs @@ -3,11 +3,18 @@ use std::io; use std::path::{Path, PathBuf}; #[cfg(unix)] use std::ptr; +#[cfg(windows)] +use std::sync::Once; use tempfile::TempDir; use url::Url; use crate::{Branch, Oid, Repository, RepositoryInitOptions}; +/// In tests on Windows, the repository is created in a temporary directory. +/// The ownership check will fail in these directories, so we need to disable it in tests. +#[cfg(windows)] +static DISABLE_OWNER_CHECK: Once = Once::new(); + macro_rules! t { ($e:expr) => { match $e { @@ -18,6 +25,11 @@ macro_rules! t { } pub fn repo_init() -> (TempDir, Repository) { + #[cfg(windows)] + DISABLE_OWNER_CHECK.call_once(|| unsafe { + let _ = crate::opts::set_verify_owner_validation(false); + }); + let td = TempDir::new().unwrap(); let mut opts = RepositoryInitOptions::new(); opts.initial_head("main");