From 546bec7511b07b99a4784c201587541eae1aca5e Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Thu, 8 Feb 2024 11:10:19 +0800 Subject: [PATCH] Fix CVE-2024-24577 --- CVE-2024-24577.patch | 47 ++++++++++++++++++++++++++++++++++++++++++++ libgit2.spec | 7 ++++++- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 CVE-2024-24577.patch diff --git a/CVE-2024-24577.patch b/CVE-2024-24577.patch new file mode 100644 index 0000000..21b9044 --- /dev/null +++ b/CVE-2024-24577.patch @@ -0,0 +1,47 @@ +From eb4c1716cd92bf56f2770653a915d5fc01eab8f3 Mon Sep 17 00:00:00 2001 +From: Edward Thomson +Date: Sat, 16 Dec 2023 11:19:07 +0000 +Subject: [PATCH] index: correct index has_dir_name check + +`has_dir_name` is used to check for directory/file collisions, +and attempts to determine whether the index contains a file with +a directory name that is a proper subset of the new index entry +that we're trying to add. + +To determine directory name, the function would walk the path string +backwards to identify a `/`, stopping at the end of the string. However, +the function assumed that the strings did not start with a `/`. If the +paths contain only a single `/` at the beginning of the string, then the +function would continue the loop, erroneously, when they should have +stopped at the first character. + +Correct the order of the tests to terminate properly. + +Credit to Michael Rodler (@f0rki) and Amazon AWS Security. +--- + src/index.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/index.c b/src/index.c +index 2b47e4d..80fa544 100644 +--- a/src/index.c ++++ b/src/index.c +@@ -1114,10 +1114,13 @@ static int has_dir_name(git_index *index, + size_t len, pos; + + for (;;) { +- if (*--slash == '/') +- break; ++ slash--; ++ + if (slash <= entry->path) + return retval; ++ ++ if (*slash == '/') ++ break; + } + len = slash - name; + +-- +2.33.0 + diff --git a/libgit2.spec b/libgit2.spec index 24f4a2b..17790c9 100644 --- a/libgit2.spec +++ b/libgit2.spec @@ -1,6 +1,6 @@ Name: libgit2 Version: 0.27.8 -Release: 7 +Release: 8 Summary: portable, pure C implementation of the Git core methods License: GPLv2 with exceptions URL: https://libgit2.org @@ -11,6 +11,8 @@ Patch0002: CVE-2020-12278.patch Patch0003: CVE-2020-12279.patch Patch0004: Remove-error-prone-redundant-test.patch Patch0005: CVE-2023-22742.patch +# https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3 +Patch0006: CVE-2024-24577.patch BuildRequires: gcc cmake >= 2.8.11 ninja-build http-parser-devel libcurl-devel BuildRequires: libssh2-devel openssl-devel python3 zlib-devel @@ -59,6 +61,9 @@ sed -i '/ADD_TEST(online/s/^/#/' tests/CMakeLists.txt %{_includedir}/git2* %changelog +* Thu Feb 08 2024 yaoxin - 0.27.8-8 +- Fix CVE-2024-24577 + * Thu Dec 14 2023 wangkai <13474090681@163.com> - 0.27.8-7 - Fix CVE-2023-22742