Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Git submodule tests started failing after security patch #3617

Closed
dcharkes opened this issue Oct 20, 2022 · 3 comments
Closed

Git submodule tests started failing after security patch #3617

dcharkes opened this issue Oct 20, 2022 · 3 comments
Assignees
@sigurdm
Labels
type-bug Incorrect behavior (everything from a crash to more subtle misbehavior)

Comments

@dcharkes
Copy link
Contributor

Tests started failing because of the use of https://github.blog/2022-10-18-git-security-vulnerabilities-announced/#cve-2022-39253

❌ test/lish/archives_and_uploads_a_package_test.dart: with an empty Git submodule (failed)
  Git error. Command: `git submodule add ../empty empty`
  stdout: 
  stderr: Cloning into 'C:/Users/runneradmin/AppData/Local/Temp/dart_test_25e6b504/myapp/empty'...
  fatal: transport 'file' not allowed
  fatal: clone of 'C:/Users/runneradmin/AppData/Local/Temp/dart_test_25e6b504/empty' into submodule path 'C:/Users/runneradmin/AppData/Local/Temp/dart_test_25e6b504/myapp/empty' failed
  exit code: 128
  package:pub/src/git.dart 65:7                             run
  ===== asynchronous gap ===========================
  test\lish\archives_and_uploads_a_package_test.dart 105:5  main.<fn>

❌ test/package_list_files_test.dart: with git with a submodule respects its .gitignore with useGitIgnore (failed)
  Git error. Command: `git submodule add ../submodule`
  stdout: 
  stderr: Cloning into '/tmp/dart_test_IEEKIJ/myapp/submodule'...
  fatal: transport 'file' not allowed
  fatal: clone of '/tmp/dart_test_IEEKIJ/submodule' into submodule path '/tmp/dart_test_IEEKIJ/myapp/submodule' failed
  exit code: 128
  package:pub/src/git.dart 65:7            run
  ===== asynchronous gap ===========================
  test/package_list_files_test.dart 279:9  main.<fn>.<fn>.<fn>

Fails on #3613 on all 3 OSes.

cc @sigurdm @jonasfj
@dcharkes dcharkes mentioned this issue Oct 20, 2022
Merged
@vielmetti
Copy link

This is almost certainly CVE-2022-39253 which prompted changes in git
due to security problems identified.

You may find this issue summary useful with an account of some workarounds
done by other projects.

https://vielmetti.typepad.com/logbook/2022/10/git-security-fixes-lead-to-fatal-transport-file-not-allowed-error-in-ci-systems-cve-2022-39253.html

@kartheekp-ms kartheekp-ms mentioned this issue Oct 21, 2022
Merged
5 tasks
@jglick
Copy link

jglick commented Oct 24, 2022

https://bugs.launchpad.net/ubuntu/+source/git/+bug/1993586

@sigurdm sigurdm self-assigned this Nov 3, 2022
@sigurdm sigurdm added the type-bug Incorrect behavior (everything from a crash to more subtle misbehavior) label Nov 3, 2022
@Tobias-Fischer Tobias-Fischer mentioned this issue Dec 2, 2022
Merged
13 tasks
@sigurdm
Copy link
Contributor

sigurdm commented Feb 20, 2023

We fixed this in #3633

@sigurdm sigurdm closed this as completed Feb 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sigurdm sigurdm

Labels
type-bug Incorrect behavior (everything from a crash to more subtle misbehavior)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vielmetti @jglick @dcharkes @sigurdm