Update 'git' to '2.39.1' due to CVE-2022-41903 & CVE-2022-23521 (#331)

* Use git Feature - ubuntu & universal

* Update git

* address comment

* update cpp

Author: samruddhikhandale

src/anaconda/.devcontainer/Dockerfile

@@ -26,7 +26,6 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     && apt-get install -y --no-install-recommends \
         bzip2 \
         ca-certificates \
-        git \
         libglib2.0-0 \
         libsm6 \
         libxcomposite1 \

src/anaconda/test-project/test-utils.sh

@@ -108,7 +108,6 @@ checkExtension() {
 checkCommon()
 {
     PACKAGE_LIST="apt-utils \
-        git \
         openssh-client \
         less \
         iproute2 \

src/anaconda/test-project/test.sh

@@ -17,8 +17,17 @@ check "pydocstyle" pydocstyle --version
 check "pycodestyle" pycodestyle --version
 check "nvm" bash -c ". /usr/local/share/nvm/nvm.sh && nvm --version"
 
+check "git" git --version
+check "git-location" sh -c "which git | grep /usr/local/bin/git"
+
 git_version=$(git --version)
-check-version-ge "git-requirement" "${git_version}" "git version 2.38.1"
+check-version-ge "git-requirement" "${git_version}" "git version 2.39.1"
+
+check "set-git-config-user-name" sh -c "sudo git config --system user.name devcontainers"
+check "gitconfig-file-location" sh -c "ls /etc/gitconfig"
+check "gitconfig-contains-name" sh -c "cat /etc/gitconfig | grep 'name = devcontainers'"
+
+check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 
 joblib_version=$(python -c "import joblib; print(joblib.__version__)")
 check-version-ge "joblib-requirement" "${joblib_version}" "1.2.0"

src/base-alpine/.devcontainer/devcontainer.json

@@ -11,7 +11,8 @@
 			"userUid": "1000",
 			"userGid": "1000",
 			"upgradePackages": "true"
-		}
+		},
+		"./local-features/git": {}
 	},
 
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.

src/base-alpine/.devcontainer/local-features/git/devcontainer-feature.json

@@ -0,0 +1,4 @@
+{
+	"id": "git",
+	"name": "Git from source"
+}

src/base-alpine/.devcontainer/local-features/git/install.sh

@@ -0,0 +1,42 @@
+#!/bin/ash
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+
+set -e
+
+apk update
+apk add --no-cache \
+    --upgrade \
+    curl \
+    grep \
+    make \
+    zlib-dev \
+    --no-cache \
+    openssl-dev \
+    curl-dev \
+    expat-dev \
+    asciidoc \
+    xmlto \
+    perl-error \
+    perl-dev \
+    tcl \
+    tk \
+    gcc \
+    g++ \
+    python3-dev \
+    pcre2-dev
+
+GIT_VERSION_LIST="$(curl -sSL -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/git/git/tags" | grep -oP '"name":\s*"v\K[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"' | sort -rV )"
+GIT_VERSION="$(echo "${GIT_VERSION_LIST}" | head -n 1)"
+
+echo "Installing git v${GIT_VERSION}"
+curl -sL https://github.com/git/git/archive/v${GIT_VERSION}.tar.gz | tar -xzC /tmp 2>&1
+
+cd /tmp/git-${GIT_VERSION}
+
+make -s prefix=/usr/local sysconfdir=/etc all NO_REGEX=YesPlease NO_GETTEXT=YesPlease \
+    && make -s prefix=/usr/local sysconfdir=/etc NO_REGEX=YesPlease NO_GETTEXT=YesPlease install 2>&1
+
+rm -rf /tmp/git-${GIT_VERSION}

src/base-alpine/test-project/test-utils-alpine.sh

@@ -27,6 +27,23 @@ check() {
     fi
 }
 
+check-version-ge() {
+    LABEL=$1
+    CURRENT_VERSION=$2
+    REQUIRED_VERSION=$3
+    shift
+    echo -e "\n🧪 Testing $LABEL: '$CURRENT_VERSION' is >= '$REQUIRED_VERSION'"
+    local GREATER_VERSION=$((echo ${CURRENT_VERSION}; echo ${REQUIRED_VERSION}) | sort -V | tail -1)
+    if [ "${CURRENT_VERSION}" == "${GREATER_VERSION}" ]; then
+        echo "✅  Passed!"
+        return 0
+    else
+        echoStderr "❌ $LABEL check failed."
+        FAILED+=("$LABEL")
+        return 1
+    fi
+}
+
 checkMultiple() {
     PASSED=0
     LABEL="$1"
@@ -90,8 +107,7 @@ checkExtension() {
 
 checkCommon()
 {
-    PACKAGE_LIST="git \
-        openssh-client \
+    PACKAGE_LIST="openssh-client \
         gnupg \
         procps \
         lsof \

src/base-alpine/test-project/test.sh

@@ -6,5 +6,17 @@ source test-utils-alpine.sh vscode
 # Run common tests
 checkCommon
 
+check "git" git --version
+check "git-location" sh -c "which git | grep /usr/local/bin/git"
+
+git_version=$(git --version)
+check-version-ge "git-requirement" "${git_version}" "git version 2.39.1"
+
+check "set-git-config-user-name" sh -c "sudo git config --system user.name devcontainers"
+check "gitconfig-file-location" sh -c "ls /etc/gitconfig"
+check "gitconfig-contains-name" sh -c "cat /etc/gitconfig | grep 'name = devcontainers'"
+
+check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
+
 # Report result
 reportResults

src/base-debian/test-project/test-utils.sh

@@ -22,6 +22,23 @@ check() {
     fi
 }
 
+check-version-ge() {
+    LABEL=$1
+    CURRENT_VERSION=$2
+    REQUIRED_VERSION=$3
+    shift
+    echo -e "\n🧪 Testing $LABEL: '$CURRENT_VERSION' is >= '$REQUIRED_VERSION'"
+    local GREATER_VERSION=$((echo ${CURRENT_VERSION}; echo ${REQUIRED_VERSION}) | sort -V | tail -1)
+    if [ "${CURRENT_VERSION}" == "${GREATER_VERSION}" ]; then
+        echo "✅  Passed!"
+        return 0
+    else
+        echoStderr "❌ $LABEL check failed."
+        FAILED+=("$LABEL")
+        return 1
+    fi
+}
+
 checkMultiple() {
     PASSED=0
     LABEL="$1"

src/base-debian/test-project/test.sh

@@ -7,13 +7,16 @@ source test-utils.sh vscode
 checkCommon
 
 check "git" git --version
+check "git-location" sh -c "which git | grep /usr/local/bin/git"
 
-git_version_satisfied=false
-if (echo a version 2.38.1; git --version) | sort -Vk3 | tail -1 | grep -q git; then
-    git_version_satisfied=true
-fi
+git_version=$(git --version)
+check-version-ge "git-requirement" "${git_version}" "git version 2.39.1"
 
-check "git version satisfies requirement" echo $git_version_satisfied | grep "true"
+check "set-git-config-user-name" sh -c "sudo git config --system user.name devcontainers"
+check "gitconfig-file-location" sh -c "ls /etc/gitconfig"
+check "gitconfig-contains-name" sh -c "cat /etc/gitconfig | grep 'name = devcontainers'"
+
+check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 
 cd /tmp && git clone https://github.com/devcontainers/feature-starter.git
 cd feature-starter