Merge branch 'maint/v1.4' into opencor.

Author: agarny

CMakeLists.txt

@@ -3,7 +3,7 @@
 
 cmake_minimum_required(VERSION 3.5.1)
 
-project(libgit2 VERSION "1.4.0" LANGUAGES C)
+project(libgit2 VERSION "1.4.3" LANGUAGES C)
 
 # Add find modules to the path
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake")

docs/changelog.md

@@ -1,3 +1,23 @@
+v1.4.3
+------
+
+🔒 This is a security release to provide compatibility with git's changes to address [CVE 2022-24765](https://github.blog/2022-04-12-git-security-vulnerability-announced/).
+
+**libgit2 is not directly affected** by this vulnerability, because libgit2 does not directly invoke any executable. But we are providing these changes as a security release for any users that use libgit2 for repository discovery and then _also_ use git on that repository. In this release, we will now validate that the user opening the repository is the same user that owns the on-disk repository. This is to match git's behavior.
+
+In addition, we are providing several correctness fixes where invalid input can lead to a crash. These may prevent possible denial of service attacks. At this time there are not known exploits to these issues.
+
+Full list of changes:
+
+* Validate repository directory ownership (v1.4) by @ethomson in https://github.com/libgit2/libgit2/pull/6267
+* midx: Fix an undefined behavior (left-shift signed overflow) by @lhchavez in https://github.com/libgit2/libgit2/pull/6260
+* fetch: support OID refspec without dst by @ethomson in https://github.com/libgit2/libgit2/pull/6251
+* Fix crash when regenerating a patch with unquoted spaces in filename by @jorio in https://github.com/libgit2/libgit2/pull/6244
+
+All users of the v1.4 release line are recommended to upgrade.
+
+**Full Changelog**: https://github.com/libgit2/libgit2/compare/v1.4.2...v1.4.3
+
 v1.4.2
 ------
 

fuzzers/corpora/midx/666a779eed16847c6930a71c0547a34e52db409e

@@ -214,7 +214,9 @@ typedef enum {
 	GIT_OPT_SET_ODB_PACKED_PRIORITY,
 	GIT_OPT_SET_ODB_LOOSE_PRIORITY,
 	GIT_OPT_GET_EXTENSIONS,
-	GIT_OPT_SET_EXTENSIONS
+	GIT_OPT_SET_EXTENSIONS,
+	GIT_OPT_GET_OWNER_VALIDATION,
+	GIT_OPT_SET_OWNER_VALIDATION
 } git_libgit2_opt_t;
 
 /**
@@ -452,6 +454,14 @@ typedef enum {
  *      > to support repositories with the `noop` extension but does want
  *      > to support repositories with the `newext` extension.
  *
+ *   opts(GIT_OPT_GET_OWNER_VALIDATION, int *enabled)
+ *      > Gets the owner validation setting for repository
+ *      > directories.
+ *
+ *   opts(GIT_OPT_SET_OWNER_VALIDATION, int enabled)
+ *      > Set that repository directories should be owned by the current
+ *      > user. The default is to validate ownership.
+ *
  * @param option Option key
  * @param ... value to set the option
  * @return 0 on success, <0 on failure

include/git2/common.h

@@ -57,7 +57,8 @@ typedef enum {
 	GIT_RETRY           = -32,	/**< Internal only */
 	GIT_EMISMATCH       = -33,	/**< Hashsum mismatch in object */
 	GIT_EINDEXDIRTY     = -34,	/**< Unsaved changes in the index would be overwritten */
-	GIT_EAPPLYFAIL      = -35	/**< Patch application failed */
+	GIT_EAPPLYFAIL      = -35,	/**< Patch application failed */
+	GIT_EOWNER          = -36	/**< The object is not owned by the current user */
 } git_error_code;
 
 /**

include/git2/errors.h

@@ -7,10 +7,10 @@
 #ifndef INCLUDE_git_version_h__
 #define INCLUDE_git_version_h__
 
-#define LIBGIT2_VERSION "1.4.2"
+#define LIBGIT2_VERSION "1.4.3"
 #define LIBGIT2_VER_MAJOR 1
 #define LIBGIT2_VER_MINOR 4
-#define LIBGIT2_VER_REVISION 2
+#define LIBGIT2_VER_REVISION 3
 #define LIBGIT2_VER_PATCH 0
 
 #define LIBGIT2_SOVERSION "1.4"

include/git2/version.h

@@ -1,6 +1,6 @@
 {
   "name": "libgit2",
-  "version": "1.4.0",
+  "version": "1.4.3",
   "repo": "https://github.com/libgit2/libgit2",
   "description": " A cross-platform, linkable library implementation of Git that you can use in your application.",
   "install": "mkdir build && cd build && cmake .. && cmake --build ."

package.json

@@ -1170,14 +1170,18 @@ int git_config_find_programdata(git_buf *path)
 
 int git_config__find_programdata(git_str *path)
 {
-	int ret;
+	bool is_safe;
 
-	ret = git_sysdir_find_programdata_file(path, GIT_CONFIG_FILENAME_PROGRAMDATA);
+	if (git_sysdir_find_programdata_file(path, GIT_CONFIG_FILENAME_PROGRAMDATA) < 0 ||
+	    git_fs_path_owner_is_system_or_current_user(&is_safe, path->ptr) < 0)
+		return -1;
 
-	if (ret != GIT_OK)
-		return ret;
+	if (!is_safe) {
+		git_error_set(GIT_ERROR_CONFIG, "programdata path has invalid ownership");
+		return -1;
+	}
 
-	return git_fs_path_validate_system_file_ownership(path->ptr);
+	return 0;
 }
 
 int git_config__global_location(git_str *buf)

src/config.c

@@ -652,7 +652,7 @@ int git_describe_commit(
 {
 	struct get_name_data data;
 	struct commit_name *name;
-	git_commit *commit;
+	git_commit *commit = NULL;
 	int error = -1;
 	git_describe_options normalized;
 

src/describe.c

@@ -316,6 +316,11 @@ static int diff_print_oid_range(
 static int diff_delta_format_path(
 	git_str *out, const char *prefix, const char *filename)
 {
+	if (!filename) {
+		/* don't prefix "/dev/null" */
+ 		return git_str_puts(out, "/dev/null");
+	}
+
 	if (git_str_joinpath(out, prefix, filename) < 0)
 		return -1;