diff options
| author | nagachika <nagachika@ruby-lang.org> | 2022-10-20 20:30:28 +0900 |
|---|---|---|
| committer | usa <usa@garbagecollect.jp> | 2022-11-24 11:20:51 +0900 |
| commit | 233634fbdcb1f2f8979603feb8ba9865ab30c823 (patch) | |
| tree | eeb26fb9847ab44de21ae7d7fa655ff9fce372ae | |
| parent | 7f1163e9a564f88075ce53389165d9aef9593e66 (diff) | |
merge revision(s) 4f1e0bfacd93c28bff549e2f3603c3b4942429a3:
Followed up CVE-2022-39253 for bundler examples
---
spec/bundler/cache/git_spec.rb | 3 +++
spec/bundler/install/gemfile/git_spec.rb | 9 +++++++++
spec/bundler/update/git_spec.rb | 3 +++
3 files changed, 15 insertions(+)
| -rw-r--r-- | spec/bundler/cache/git_spec.rb | 3 | ||||
| -rw-r--r-- | spec/bundler/install/gemfile/git_spec.rb | 6 | ||||
| -rw-r--r-- | spec/bundler/update/git_spec.rb | 3 |
3 files changed, 12 insertions, 0 deletions
diff --git a/spec/bundler/cache/git_spec.rb b/spec/bundler/cache/git_spec.rb index 75525d405b..8123c514b6 100644 --- a/spec/bundler/cache/git_spec.rb +++ b/spec/bundler/cache/git_spec.rb @@ -149,6 +149,9 @@ RSpec.describe "bundle cache with git" do end it "copies repository to vendor cache, including submodules" do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_git "submodule", "1.0" git = build_git "has_submodule", "1.0" do |s| diff --git a/spec/bundler/install/gemfile/git_spec.rb b/spec/bundler/install/gemfile/git_spec.rb index 00f8e96625..c5ea2c202d 100644 --- a/spec/bundler/install/gemfile/git_spec.rb +++ b/spec/bundler/install/gemfile/git_spec.rb @@ -826,6 +826,9 @@ RSpec.describe "bundle install with git sources" do end it "ignores submodules if :submodule is not passed" do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_git "submodule", "1.0" build_git "has_submodule", "1.0" do |s| s.add_dependency "submodule" @@ -846,6 +849,9 @@ RSpec.describe "bundle install with git sources" do end it "handles repos with submodules" do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_git "submodule", "1.0" build_git "has_submodule", "1.0" do |s| s.add_dependency "submodule" diff --git a/spec/bundler/update/git_spec.rb b/spec/bundler/update/git_spec.rb index 752033c842..8a41ab86db 100644 --- a/spec/bundler/update/git_spec.rb +++ b/spec/bundler/update/git_spec.rb @@ -117,6 +117,9 @@ RSpec.describe "bundle update" do describe "with submodules" do before :each do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_repo4 do build_gem "submodule" do |s| s.write "lib/submodule.rb", "puts 'GEM'" |