Skip to content

Commit

Permalink
update libgit2 to newer snapshot
Browse files Browse the repository at this point in the history
CVE 2022-24765

Co-Authored-By: Eric Huss <43198+ehuss@users.noreply.github.com>
  • Loading branch information
davidkna and ehuss committed Jul 12, 2022
1 parent 61f8afd commit e86aaf5
Show file tree
Hide file tree
Showing 9 changed files with 49 additions and 15 deletions.
4 changes: 2 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "git2"
version = "0.14.4"
version = "0.15.0"
authors = ["Josh Triplett <josh@joshtriplett.org>", "Alex Crichton <alex@alexcrichton.com>"]
license = "MIT OR Apache-2.0"
readme = "README.md"
Expand All @@ -20,7 +20,7 @@ url = "2.0"
bitflags = "1.1.0"
libc = "0.2"
log = "0.4.8"
libgit2-sys = { path = "libgit2-sys", version = "0.13.4" }
libgit2-sys = { path = "libgit2-sys", version = "0.14.0" }

[target."cfg(all(unix, not(target_os = \"macos\")))".dependencies]
openssl-sys = { version = "0.9.0", optional = true }
Expand Down
2 changes: 1 addition & 1 deletion git2-curl/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ edition = "2018"
curl = "0.4.33"
url = "2.0"
log = "0.4"
git2 = { path = "..", version = "0.14", default-features = false }
git2 = { path = "..", version = "0.15", default-features = false }

[dev-dependencies]
civet = "0.11"
Expand Down
2 changes: 1 addition & 1 deletion libgit2-sys/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "libgit2-sys"
version = "0.13.4+1.4.2"
version = "0.14.0+1.4.4"
authors = ["Josh Triplett <josh@joshtriplett.org>", "Alex Crichton <alex@alexcrichton.com>"]
links = "git2"
build = "build.rs"
Expand Down
29 changes: 21 additions & 8 deletions libgit2-sys/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,7 @@ fn main() {
let try_to_use_system_libgit2 = !vendored && !zlib_ng_compat;
if try_to_use_system_libgit2 {
let mut cfg = pkg_config::Config::new();
if let Ok(lib) = cfg
.range_version("1.4.0".."1.5.0")
.print_system_libs(false)
.probe("libgit2")
{
if let Ok(lib) = cfg.range_version("1.4.4".."1.5.0").probe("libgit2") {
for include in &lib.include_paths {
println!("cargo:root={}", include.display());
}
Expand Down Expand Up @@ -162,9 +158,26 @@ fn main() {
cfg.define("SHA1DC_NO_STANDARD_INCLUDES", "1");
cfg.define("SHA1DC_CUSTOM_INCLUDE_SHA1_C", "\"common.h\"");
cfg.define("SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C", "\"common.h\"");
cfg.file("libgit2/src/util/hash/sha1/collisiondetect.c");
cfg.file("libgit2/src/util/hash/sha1/sha1dc/sha1.c");
cfg.file("libgit2/src/util/hash/sha1/sha1dc/ubc_check.c");
cfg.file("libgit2/src/util/hash/collisiondetect.c");
cfg.file("libgit2/src/util/hash/sha1dc/sha1.c");
cfg.file("libgit2/src/util/hash/sha1dc/ubc_check.c");

if https {
if windows {
features.push_str("#define GIT_SHA256_WIN32 1\n");
cfg.file("libgit2/src/util/hash/win32.c");
} else if target.contains("apple") {
features.push_str("#define GIT_SHA256_COMMON_CRYPTO 1\n");
cfg.file("libgit2/src/util/hash/common_crypto.c");
} else {
features.push_str("#define GIT_SHA256_OPENSSL 1\n");
cfg.file("libgit2/src/util/hash/openssl.c");
}
} else {
features.push_str("#define GIT_SHA256_BUILTIN 1\n");
cfg.file("libgit2/src/util/hash/builtin.c");
cfg.file("libgit2/src/util/hash/rfc6234/sha224-256.c");
}

if let Some(path) = env::var_os("DEP_Z_INCLUDE") {
cfg.include(path);
Expand Down
5 changes: 4 additions & 1 deletion libgit2-sys/lib.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#![doc(html_root_url = "https://docs.rs/libgit2-sys/0.13")]
#![doc(html_root_url = "https://docs.rs/libgit2-sys/0.14")]
#![allow(non_camel_case_types, unused_extern_crates)]

// This is required to link libz when libssh2-sys is not included.
Expand Down Expand Up @@ -195,6 +195,7 @@ git_enum! {
GIT_EMISMATCH = -33,
GIT_EINDEXDIRTY = -34,
GIT_EAPPLYFAIL = -35,
GIT_EOWNER = -36,
}
}

Expand Down Expand Up @@ -1894,6 +1895,8 @@ git_enum! {
GIT_OPT_SET_ODB_LOOSE_PRIORITY,
GIT_OPT_GET_EXTENSIONS,
GIT_OPT_SET_EXTENSIONS,
GIT_OPT_GET_OWNER_VALIDATION,
GIT_OPT_SET_OWNER_VALIDATION,
}
}

Expand Down
2 changes: 1 addition & 1 deletion libgit2-sys/libgit2
Submodule libgit2 updated 160 files
3 changes: 3 additions & 0 deletions src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ impl Error {
raw::GIT_EMISMATCH => super::ErrorCode::HashsumMismatch,
raw::GIT_EINDEXDIRTY => super::ErrorCode::IndexDirty,
raw::GIT_EAPPLYFAIL => super::ErrorCode::ApplyFail,
raw::GIT_EOWNER => super::ErrorCode::Owner,
_ => super::ErrorCode::GenericError,
}
}
Expand Down Expand Up @@ -163,6 +164,7 @@ impl Error {
ErrorCode::HashsumMismatch => raw::GIT_EMISMATCH,
ErrorCode::IndexDirty => raw::GIT_EINDEXDIRTY,
ErrorCode::ApplyFail => raw::GIT_EAPPLYFAIL,
ErrorCode::Owner => raw::GIT_EOWNER,
};
}

Expand Down Expand Up @@ -293,6 +295,7 @@ impl Error {
GIT_EMISMATCH,
GIT_EINDEXDIRTY,
GIT_EAPPLYFAIL,
GIT_EOWNER,
)
}

Expand Down
4 changes: 3 additions & 1 deletion src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
//! source `Repository`, to ensure that they do not outlive the repository
//! itself.
#![doc(html_root_url = "https://docs.rs/git2/0.14")]
#![doc(html_root_url = "https://docs.rs/git2/0.15")]
#![allow(trivial_numeric_casts, trivial_casts)]
#![deny(missing_docs)]
#![warn(rust_2018_idioms)]
Expand Down Expand Up @@ -215,6 +215,8 @@ pub enum ErrorCode {
IndexDirty,
/// Patch application failed
ApplyFail,
/// The object is not owned by the current user
Owner,
}

/// An enumeration of possible categories of things that can have
Expand Down
13 changes: 13 additions & 0 deletions src/opts.rs
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,19 @@ where
Ok(())
}

/// Set wheter or not to verify ownership before performing a repository.
/// Enabled by default, but disabling this can lead to code execution vulnerabilities.
pub unsafe fn set_verify_owner_validation(enabled: bool) -> Result<(), Error> {
let error = raw::git_libgit2_opts(
raw::GIT_OPT_SET_OWNER_VALIDATION as libc::c_int,
enabled as libc::c_int,
);
// This function cannot actually fail, but the function has an error return
// for other options that can.
debug_assert!(error >= 0);
Ok(())
}

#[cfg(test)]
mod test {
use super::*;
Expand Down

0 comments on commit e86aaf5

Please sign in to comment.