* [PATCH] bb.tests.fetch.GitShallowTest: always allow file transport
@ 2022-10-21 8:34 alexandre.belloni
2022-10-21 8:42 ` [bitbake-devel] " Martin Jansa
0 siblings, 1 reply; 3+ messages in thread
From: alexandre.belloni @ 2022-10-21 8:34 UTC (permalink / raw)
To: bitbake-devel; +Cc: Alexandre Belloni
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
Following CVE-2022-39253, distributions are disabling file:// transport for
submodules. See https://git.launchpad.net/ubuntu/+source/git/tree/debian/patches/CVE-2022-39253-11.patch?h=applied/ubuntu/jammy-security
[YOCTO #14941]
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
---
lib/bb/tests/fetch.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py
index b4ed691f3319..4ef2ed2b66b8 100644
--- a/lib/bb/tests/fetch.py
+++ b/lib/bb/tests/fetch.py
@@ -1865,6 +1865,9 @@ class GitShallowTest(FetcherTest):
# Make this look like it was cloned from a remote...
self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir)
self.git('config --add remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir)
+
+ self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always")
+
self.add_empty_file('asub', cwd=smdir)
self.add_empty_file('bsub', cwd=smdir)
@@ -1898,6 +1901,8 @@ class GitShallowTest(FetcherTest):
self.add_empty_file('asub', cwd=smdir)
self.add_empty_file('bsub', cwd=smdir)
+ self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always")
+
self.git('submodule init', cwd=self.srcdir)
self.git('submodule add file://%s' % smdir, cwd=self.srcdir)
self.git('submodule update', cwd=self.srcdir)
--
2.37.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [bitbake-devel] [PATCH] bb.tests.fetch.GitShallowTest: always allow file transport
2022-10-21 8:34 [PATCH] bb.tests.fetch.GitShallowTest: always allow file transport alexandre.belloni
@ 2022-10-21 8:42 ` Martin Jansa
2022-10-21 8:45 ` Alexandre Belloni
0 siblings, 1 reply; 3+ messages in thread
From: Martin Jansa @ 2022-10-21 8:42 UTC (permalink / raw)
To: alexandre.belloni; +Cc: bitbake-devel
[-- Attachment #1: Type: text/plain, Size: 2404 bytes --]
Not sure how to fix it, but before adding more "-c
core.fsyncobjectfiles=0", please check
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14939
On Fri, Oct 21, 2022 at 10:34 AM Alexandre Belloni via
lists.openembedded.org <alexandre.belloni=bootlin.com@lists.openembedded.org>
wrote:
> From: Alexandre Belloni <alexandre.belloni@bootlin.com>
>
> Following CVE-2022-39253, distributions are disabling file:// transport for
> submodules. See
> https://git.launchpad.net/ubuntu/+source/git/tree/debian/patches/CVE-2022-39253-11.patch?h=applied/ubuntu/jammy-security
>
> [YOCTO #14941]
>
> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> ---
> lib/bb/tests/fetch.py | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py
> index b4ed691f3319..4ef2ed2b66b8 100644
> --- a/lib/bb/tests/fetch.py
> +++ b/lib/bb/tests/fetch.py
> @@ -1865,6 +1865,9 @@ class GitShallowTest(FetcherTest):
> # Make this look like it was cloned from a remote...
> self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir)
> self.git('config --add remote.origin.fetch
> "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir)
> +
> + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c
> gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always")
> +
> self.add_empty_file('asub', cwd=smdir)
> self.add_empty_file('bsub', cwd=smdir)
>
> @@ -1898,6 +1901,8 @@ class GitShallowTest(FetcherTest):
> self.add_empty_file('asub', cwd=smdir)
> self.add_empty_file('bsub', cwd=smdir)
>
> + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c
> gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always")
> +
> self.git('submodule init', cwd=self.srcdir)
> self.git('submodule add file://%s' % smdir, cwd=self.srcdir)
> self.git('submodule update', cwd=self.srcdir)
> --
> 2.37.3
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#14044):
> https://lists.openembedded.org/g/bitbake-devel/message/14044
> Mute This Topic: https://lists.openembedded.org/mt/94472006/3617156
> Group Owner: bitbake-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/bitbake-devel/unsub [
> Martin.Jansa@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 3909 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bitbake-devel] [PATCH] bb.tests.fetch.GitShallowTest: always allow file transport
2022-10-21 8:42 ` [bitbake-devel] " Martin Jansa
@ 2022-10-21 8:45 ` Alexandre Belloni
0 siblings, 0 replies; 3+ messages in thread
From: Alexandre Belloni @ 2022-10-21 8:45 UTC (permalink / raw)
To: Martin Jansa; +Cc: bitbake-devel
On 21/10/2022 10:42:45+0200, Martin Jansa wrote:
> Not sure how to fix it, but before adding more "-c
> core.fsyncobjectfiles=0", please check
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=14939
>
Yeah, I just copied the default value, I should probably append instead
> On Fri, Oct 21, 2022 at 10:34 AM Alexandre Belloni via
> lists.openembedded.org <alexandre.belloni=bootlin.com@lists.openembedded.org>
> wrote:
>
> > From: Alexandre Belloni <alexandre.belloni@bootlin.com>
> >
> > Following CVE-2022-39253, distributions are disabling file:// transport for
> > submodules. See
> > https://git.launchpad.net/ubuntu/+source/git/tree/debian/patches/CVE-2022-39253-11.patch?h=applied/ubuntu/jammy-security
> >
> > [YOCTO #14941]
> >
> > Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> > ---
> > lib/bb/tests/fetch.py | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py
> > index b4ed691f3319..4ef2ed2b66b8 100644
> > --- a/lib/bb/tests/fetch.py
> > +++ b/lib/bb/tests/fetch.py
> > @@ -1865,6 +1865,9 @@ class GitShallowTest(FetcherTest):
> > # Make this look like it was cloned from a remote...
> > self.git('config --add remote.origin.url "%s"' % smdir, cwd=smdir)
> > self.git('config --add remote.origin.fetch
> > "+refs/heads/*:refs/remotes/origin/*"', cwd=smdir)
> > +
> > + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c
> > gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always")
> > +
> > self.add_empty_file('asub', cwd=smdir)
> > self.add_empty_file('bsub', cwd=smdir)
> >
> > @@ -1898,6 +1901,8 @@ class GitShallowTest(FetcherTest):
> > self.add_empty_file('asub', cwd=smdir)
> > self.add_empty_file('bsub', cwd=smdir)
> >
> > + self.d.setVar('FETCHCMD_git', "git -c core.fsyncobjectfiles=0 -c
> > gc.autoDetach=false -c core.pager=cat -c protocol.file.allow=always")
> > +
> > self.git('submodule init', cwd=self.srcdir)
> > self.git('submodule add file://%s' % smdir, cwd=self.srcdir)
> > self.git('submodule update', cwd=self.srcdir)
> > --
> > 2.37.3
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#14044):
> > https://lists.openembedded.org/g/bitbake-devel/message/14044
> > Mute This Topic: https://lists.openembedded.org/mt/94472006/3617156
> > Group Owner: bitbake-devel+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/bitbake-devel/unsub [
> > Martin.Jansa@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
> >
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-21 8:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-21 8:34 [PATCH] bb.tests.fetch.GitShallowTest: always allow file transport alexandre.belloni
2022-10-21 8:42 ` [bitbake-devel] " Martin Jansa
2022-10-21 8:45 ` Alexandre Belloni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.