From 06e25f1f8b97a8c2ce8d51bda29b7c768e5d45b9 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Mon, 11 Sep 2023 11:10:25 +0800
Subject: [PATCH] Fix CVE-2023-41040

(cherry picked from commit ed7313a993448f83d1074d8ea48909354c076422)
---
 CVE-2023-41040.patch  | 28 ++++++++++++++++++++++++++++
 python-GitPython.spec |  7 ++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-41040.patch

diff --git a/CVE-2023-41040.patch b/CVE-2023-41040.patch
new file mode 100644
index 0000000..2cba63f
--- /dev/null
+++ b/CVE-2023-41040.patch
@@ -0,0 +1,28 @@
+From 64ebb9fcdfbe48d5d61141a557691fd91f1e88d6 Mon Sep 17 00:00:00 2001
+From: Facundo Tuesca <facundo.tuesca@trailofbits.com>
+Date: Tue, 5 Sep 2023 09:51:50 +0200
+Subject: [PATCH] Fix CVE-2023-41040
+
+This change adds a check during reference resolving to see if it
+contains an up-level reference ('..'). If it does, it raises an
+exception.
+
+This fixes CVE-2023-41040, which allows an attacker to access files
+outside the repository's directory.
+---
+ git/refs/symbolic.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/git/refs/symbolic.py b/git/refs/symbolic.py
+index 33c3bf15b..5c293aa7b 100644
+--- a/git/refs/symbolic.py
++++ b/git/refs/symbolic.py
+@@ -168,6 +168,8 @@ def _get_ref_info_helper(
+         """Return: (str(sha), str(target_ref_path)) if available, the sha the file at
+         rela_path points to, or None. target_ref_path is the reference we
+         point to, or None"""
++        if ".." in str(ref_path):
++            raise ValueError(f"Invalid reference '{ref_path}'")
+         tokens: Union[None, List[str], Tuple[str, str]] = None
+         repodir = _git_dir(repo, ref_path)
+         try:
diff --git a/python-GitPython.spec b/python-GitPython.spec
index caacd90..e34fa55 100644
--- a/python-GitPython.spec
+++ b/python-GitPython.spec
@@ -1,11 +1,13 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-GitPython
 Version:	3.1.32
-Release:	1
+Release:	2
 Summary:	Python Git Library
 License:	BSD
 URL:		https://github.com/gitpython-developers/GitPython
 Source0:        %{pypi_source GitPython}
+# https://github.com/gitpython-developers/GitPython/commit/64ebb9fcdfbe48d5d61141a557691fd91f1e88d6
+Patch0:         CVE-2023-41040.patch
 BuildArch:	noarch
 %description
 GitPython is a python library used to interact with git repositories,\
@@ -72,6 +74,9 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Mon Sep 11 2023 yaoxin <yao_xin001@hoperun.com> - 3.1.32-2
+- Fix CVE-2023-41040
+
 * Thu Aug 17 2023 yaoxin <yao_xin001@hoperun.com> - 3.1.32-1
 - Upgrade to 3.1.32 for fix CVE-2022-24439 and CVE-2023-40267
 
-- 
Gitee