Compare commits
5 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
0d1a8e0b8e | ||
|
db69fd88dd | ||
|
b22ddb0e02 | ||
|
27d8494434 | ||
|
3de35f305e |
43
0001-commit-always-initialize-commit-message.patch
Normal file
43
0001-commit-always-initialize-commit-message.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From a719ef5e6d4a1a8ec53469c7914032ed67922772 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steinhardt <ps@pks.im>
|
||||
Date: Fri, 7 Oct 2016 09:31:41 +0200
|
||||
Subject: [PATCH] commit: always initialize commit message
|
||||
|
||||
When parsing a commit, we will treat all bytes left after parsing
|
||||
the headers as the commit message. When no bytes are left, we
|
||||
leave the commit's message uninitialized. While uncommon to have
|
||||
a commit without message, this is the right behavior as Git
|
||||
unfortunately allows for empty commit messages.
|
||||
|
||||
Given that this scenario is so uncommon, most programs acting on
|
||||
the commit message will never check if the message is actually
|
||||
set, which may lead to errors. To work around the error and not
|
||||
lay the burden of checking for empty commit messages to the
|
||||
developer, initialize the commit message with an empty string
|
||||
when no commit message is given.
|
||||
---
|
||||
src/commit.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/commit.c b/src/commit.c
|
||||
index 99a8085..76e6dcb 100644
|
||||
--- a/src/commit.c
|
||||
+++ b/src/commit.c
|
||||
@@ -459,10 +459,11 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj)
|
||||
buffer = buffer_start + header_len + 1;
|
||||
|
||||
/* extract commit message */
|
||||
- if (buffer <= buffer_end) {
|
||||
+ if (buffer <= buffer_end)
|
||||
commit->raw_message = git__strndup(buffer, buffer_end - buffer);
|
||||
- GITERR_CHECK_ALLOC(commit->raw_message);
|
||||
- }
|
||||
+ else
|
||||
+ commit->raw_message = git__strdup("");
|
||||
+ GITERR_CHECK_ALLOC(commit->raw_message);
|
||||
|
||||
return 0;
|
||||
|
||||
--
|
||||
2.10.1
|
||||
|
15
libgit2.spec
15
libgit2.spec
@ -1,10 +1,15 @@
|
||||
Name: libgit2
|
||||
Version: 0.23.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: C implementation of the Git core methods as a library with a solid API
|
||||
License: GPLv2 with exceptions
|
||||
URL: http://libgit2.github.com/
|
||||
Source0: https://github.com/libgit2/libgit2/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1383212
|
||||
# CVE-2016-8568 CVE-2016-8569
|
||||
# https://github.com/libgit2/libgit2/commit/a719ef5e6d4a1a8ec53469c7914032ed67922772
|
||||
Patch0001: 0001-commit-always-initialize-commit-message.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: http-parser-devel
|
||||
BuildRequires: libcurl-devel
|
||||
@ -29,7 +34,7 @@ This package contains libraries and header files for
|
||||
developing applications that use %{name}.
|
||||
|
||||
%prep
|
||||
%autosetup
|
||||
%autosetup -p1
|
||||
|
||||
# Remove VCS files from examples
|
||||
find examples -name ".gitignore" -delete -print
|
||||
@ -69,6 +74,9 @@ ctest -V
|
||||
%{_includedir}/git2/
|
||||
|
||||
%changelog
|
||||
* Mon Oct 10 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 0.23.4-2
|
||||
- Backport patch for CVE-2016-8568, CVE-2016-8569
|
||||
|
||||
* Sun Nov 22 2015 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.23.4-1
|
||||
- Update to 0.23.4 (RHBZ #1281633)
|
||||
|
||||
@ -82,6 +90,9 @@ ctest -V
|
||||
- Update to 0.23.1
|
||||
- Add curl support
|
||||
|
||||
* Tue Aug 04 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.23.0-1.1
|
||||
- Bump version to allow rebuild
|
||||
|
||||
* Thu Jul 30 2015 Igor Gnatenko <ignatenko@src.gnome.org> - 0.23.0-1
|
||||
- Update to 0.23.0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user