mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-10-31 00:12:05 +01:00
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
Patch-Source: https://sources.debian.org/data/main/libg/libgit-repository-perl/1.325-3/debian/patches/gh-22.patch
|
|
--
|
|
From 4dc8dedb97891f37b9da2220e5740c65685b0906 Mon Sep 17 00:00:00 2001
|
|
From: Jan Pazdziora <jpazdziora@redhat.com>
|
|
Date: Mon, 31 Oct 2022 17:26:00 +0100
|
|
Subject: [PATCH] Workaround change of behaviour in git 2.38.1 for
|
|
CVE-2022-39253.
|
|
|
|
By default, protocol.file.allow now defaults to user, preventing
|
|
clones with symlinks.
|
|
|
|
https://github.blog/2022-10-18-git-security-vulnerabilities-announced/#cve-2022-39253
|
|
|
|
|
|
Bug: https://rt.cpan.org/Public/Bug/Display.html?id=144889
|
|
Bug-Debian: https://bugs.debian.org/1023597
|
|
|
|
---
|
|
t/21-submodule.t | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/t/21-submodule.t b/t/21-submodule.t
|
|
index 444029c..97374f8 100644
|
|
--- a/t/21-submodule.t
|
|
+++ b/t/21-submodule.t
|
|
@@ -44,6 +44,7 @@ $s->run( checkout => 'master', { quiet => 1 } );
|
|
# now test adding a submodule
|
|
my $r = test_repository(@init);
|
|
$r->run(
|
|
+ ( Git::Repository->version_ge('2.38.1') ? ('-c', 'protocol.file.allow=always') : ()),
|
|
submodule => add => $s->work_tree => 'sub',
|
|
{ env => { GIT_WORK_TREE => undef } }
|
|
);
|