Compare commits
5 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
0d1a8e0b8e | ||
|
db69fd88dd | ||
|
b22ddb0e02 | ||
|
27d8494434 | ||
|
3de35f305e |
43
0001-commit-always-initialize-commit-message.patch
Normal file
43
0001-commit-always-initialize-commit-message.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From a719ef5e6d4a1a8ec53469c7914032ed67922772 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Patrick Steinhardt <ps@pks.im>
|
||||||
|
Date: Fri, 7 Oct 2016 09:31:41 +0200
|
||||||
|
Subject: [PATCH] commit: always initialize commit message
|
||||||
|
|
||||||
|
When parsing a commit, we will treat all bytes left after parsing
|
||||||
|
the headers as the commit message. When no bytes are left, we
|
||||||
|
leave the commit's message uninitialized. While uncommon to have
|
||||||
|
a commit without message, this is the right behavior as Git
|
||||||
|
unfortunately allows for empty commit messages.
|
||||||
|
|
||||||
|
Given that this scenario is so uncommon, most programs acting on
|
||||||
|
the commit message will never check if the message is actually
|
||||||
|
set, which may lead to errors. To work around the error and not
|
||||||
|
lay the burden of checking for empty commit messages to the
|
||||||
|
developer, initialize the commit message with an empty string
|
||||||
|
when no commit message is given.
|
||||||
|
---
|
||||||
|
src/commit.c | 7 ++++---
|
||||||
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/commit.c b/src/commit.c
|
||||||
|
index 99a8085..76e6dcb 100644
|
||||||
|
--- a/src/commit.c
|
||||||
|
+++ b/src/commit.c
|
||||||
|
@@ -459,10 +459,11 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj)
|
||||||
|
buffer = buffer_start + header_len + 1;
|
||||||
|
|
||||||
|
/* extract commit message */
|
||||||
|
- if (buffer <= buffer_end) {
|
||||||
|
+ if (buffer <= buffer_end)
|
||||||
|
commit->raw_message = git__strndup(buffer, buffer_end - buffer);
|
||||||
|
- GITERR_CHECK_ALLOC(commit->raw_message);
|
||||||
|
- }
|
||||||
|
+ else
|
||||||
|
+ commit->raw_message = git__strdup("");
|
||||||
|
+ GITERR_CHECK_ALLOC(commit->raw_message);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.10.1
|
||||||
|
|
15
libgit2.spec
15
libgit2.spec
@ -1,10 +1,15 @@
|
|||||||
Name: libgit2
|
Name: libgit2
|
||||||
Version: 0.23.4
|
Version: 0.23.4
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: C implementation of the Git core methods as a library with a solid API
|
Summary: C implementation of the Git core methods as a library with a solid API
|
||||||
License: GPLv2 with exceptions
|
License: GPLv2 with exceptions
|
||||||
URL: http://libgit2.github.com/
|
URL: http://libgit2.github.com/
|
||||||
Source0: https://github.com/libgit2/libgit2/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
Source0: https://github.com/libgit2/libgit2/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1383212
|
||||||
|
# CVE-2016-8568 CVE-2016-8569
|
||||||
|
# https://github.com/libgit2/libgit2/commit/a719ef5e6d4a1a8ec53469c7914032ed67922772
|
||||||
|
Patch0001: 0001-commit-always-initialize-commit-message.patch
|
||||||
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: http-parser-devel
|
BuildRequires: http-parser-devel
|
||||||
BuildRequires: libcurl-devel
|
BuildRequires: libcurl-devel
|
||||||
@ -29,7 +34,7 @@ This package contains libraries and header files for
|
|||||||
developing applications that use %{name}.
|
developing applications that use %{name}.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup
|
%autosetup -p1
|
||||||
|
|
||||||
# Remove VCS files from examples
|
# Remove VCS files from examples
|
||||||
find examples -name ".gitignore" -delete -print
|
find examples -name ".gitignore" -delete -print
|
||||||
@ -69,6 +74,9 @@ ctest -V
|
|||||||
%{_includedir}/git2/
|
%{_includedir}/git2/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 10 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 0.23.4-2
|
||||||
|
- Backport patch for CVE-2016-8568, CVE-2016-8569
|
||||||
|
|
||||||
* Sun Nov 22 2015 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.23.4-1
|
* Sun Nov 22 2015 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.23.4-1
|
||||||
- Update to 0.23.4 (RHBZ #1281633)
|
- Update to 0.23.4 (RHBZ #1281633)
|
||||||
|
|
||||||
@ -82,6 +90,9 @@ ctest -V
|
|||||||
- Update to 0.23.1
|
- Update to 0.23.1
|
||||||
- Add curl support
|
- Add curl support
|
||||||
|
|
||||||
|
* Tue Aug 04 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.23.0-1.1
|
||||||
|
- Bump version to allow rebuild
|
||||||
|
|
||||||
* Thu Jul 30 2015 Igor Gnatenko <ignatenko@src.gnome.org> - 0.23.0-1
|
* Thu Jul 30 2015 Igor Gnatenko <ignatenko@src.gnome.org> - 0.23.0-1
|
||||||
- Update to 0.23.0
|
- Update to 0.23.0
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user