Bug 1368384

Summary: Git is unable to use HTTP(S)-SSO because of fix for CVE-2011-2192
Product: Red Hat Enterprise Linux 6 Reporter: Andreas Bleischwitz <ableisch>
Component: gitAssignee: Petr Stodulka <pstodulk>
Status: CLOSED ERRATA QA Contact: Andrej Dzilský <adzilsky>
Severity: high Docs Contact: Lenka Špačková <lkuprova>
Priority: high    
Version: 6.8CC: adzilsky, ccheney, fsumsal, kdudka, ovasik, pstodulk, qe-baseos-daemons
Target Milestone: rc   
Target Release: 6.9   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: git-1.7.1-8.el6 Doc Type: Bug Fix
Doc Text:
*Git* can now be used with HTTP or HTTPS and SSO Since *libcurl* version 7.19.7-30, a new paramater for delegating Kerberos tickets is required because of CVE-2011-2192. Previously, *Git* did not provide a way to set such a parameter. As a consequence, using *Git* with HTTP or HTTPS and Single Sign-On (SSO) was impossible. With this update, *Git* provides a new `http.delegation` configuration variable, which corresponds to the cURL `--delegation` parameter. Users need to set this parameter when delegation of Kerberos tickets is required.
 Story Points: ---
Clone Of: 1359176
: 1369173 (view as bug list) Environment:
Last Closed: 2017-03-21 10:01:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1369173    
Bug Blocks: 1430723    
Attachments:
Description Flags
patch none

Comment 2 Kamil Dudka 2016-08-22 15:07:53 UTC 
libcurl provides the CURLOPT_GSSAPI_DELEGATION option to configure credential delegation at the application level:

https://curl.haxx.se/libcurl/c/CURLOPT_GSSAPI_DELEGATION.html

git does not seem to use it currently.  The solution for this bug needs to be discussed with git's upstream first to make sure that we stay compatible with future releases of git.
Comment 6 Petr Stodulka 2016-12-05 15:59:08 UTC 
Created attachment 1228099 [details]
patch

Backported patch for git-1.7.1.
Comment 10 errata-xmlrpc 2017-03-21 10:01:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0640.html