Michał Górny posted on Sat, 19 Aug 2017 10:25:02 +0200 as excerpted:
> Explicitly warn about any URI that uses an unsecure protocol (git, http)
> even if it's a fallback URI. This is necessary because an attacker may
> block HTTPS connections, effectively forcing the fallback to
> the unsecure protocol.
Thanks for this pair of patches. One minor correction, below.
> eclass/git-r3.eclass | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass
> index 42b586811368..1eb0baedc67f 100644
> --- a/eclass/git-r3.eclass
> +++ b/eclass/git-r3.eclass
> @@ -570,6 +570,15 @@ git-r3_fetch() {
>
> [[ ${repos[@]} ]] || die "No URI provided and EGIT_REPO_URI unset"
>
> + local r
> + for r in "${repos[@]}"; do
> + if [[ ${r} == git:* || ${r} == http:* ]]; then
> + ewarn "git-r3: ${r%%:*} protocol in unsafe and may be
> subject to MITM attacks"
s/in unsafe/is unsafe/
(Tho I can imagine a point at which "unsafe" becomes a list/array, defined
at the top of the function along with the other defines, or in a new
git-r3_check_unsafe
function, at which point "in unsafe" could make sense. But that's not the
structure here.)
> + ewarn "(even if used only as fallback). Please use
> https instead."
> + ewarn "[URI: ${r}]"
> + fi
> + done
> +
> local -x GIT_DIR
> _git-r3_set_gitdir "${repos[0]}"
>
> @@ -582,7 +591,7 @@ git-r3_fetch() {
> fi
>
> # try to fetch from the remote
> - local r success saved_umask
> + local success saved_umask
> if [[ ${EVCS_UMASK} ]]; then
> saved_umask=$(umask)
> umask "${EVCS_UMASK}" || die "Bad options to umask:
> ${EVCS_UMASK}"
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
