diff options
author | nagachika <nagachika@ruby-lang.org> | 2022-10-20 20:30:28 +0900 |
---|---|---|
committer | usa <usa@garbagecollect.jp> | 2022-11-24 11:21:28 +0900 |
commit | bdb8980f01fb119074ccb8c82447cd0dd061d640 (patch) | |
tree | 73916d0960a64e85906171ffea30da797bf7152d | |
parent | 3b231086cb3e4347ec025aed3a5c10f9e577bef5 (diff) | |
download | ruby-bdb8980f01fb119074ccb8c82447cd0dd061d640.tar.gz |
merge revision(s) 4f1e0bfacd93c28bff549e2f3603c3b4942429a3:
Followed up CVE-2022-39253 for bundler examples
---
spec/bundler/cache/git_spec.rb | 3 +++
spec/bundler/install/gemfile/git_spec.rb | 9 +++++++++
spec/bundler/update/git_spec.rb | 3 +++
3 files changed, 15 insertions(+)
-rw-r--r-- | spec/bundler/cache/git_spec.rb | 3 | ||||
-rw-r--r-- | spec/bundler/install/gemfile/git_spec.rb | 9 | ||||
-rw-r--r-- | spec/bundler/update/git_spec.rb | 3 |
3 files changed, 15 insertions, 0 deletions
diff --git a/spec/bundler/cache/git_spec.rb b/spec/bundler/cache/git_spec.rb index b88993e9b1..10e44656b8 100644 --- a/spec/bundler/cache/git_spec.rb +++ b/spec/bundler/cache/git_spec.rb @@ -156,6 +156,9 @@ RSpec.describe "bundle cache with git" do end it "copies repository to vendor cache, including submodules" do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_git "submodule", "1.0" git = build_git "has_submodule", "1.0" do |s| diff --git a/spec/bundler/install/gemfile/git_spec.rb b/spec/bundler/install/gemfile/git_spec.rb index 150fcf2c42..fd3afe366a 100644 --- a/spec/bundler/install/gemfile/git_spec.rb +++ b/spec/bundler/install/gemfile/git_spec.rb @@ -872,6 +872,9 @@ RSpec.describe "bundle install with git sources" do end it "ignores submodules if :submodule is not passed" do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_git "submodule", "1.0" build_git "has_submodule", "1.0" do |s| s.add_dependency "submodule" @@ -891,6 +894,9 @@ RSpec.describe "bundle install with git sources" do end it "handles repos with submodules" do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_git "submodule", "1.0" build_git "has_submodule", "1.0" do |s| s.add_dependency "submodule" @@ -909,6 +915,9 @@ RSpec.describe "bundle install with git sources" do end it "does not warn when deiniting submodules" do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_git "submodule", "1.0" build_git "has_submodule", "1.0" diff --git a/spec/bundler/update/git_spec.rb b/spec/bundler/update/git_spec.rb index 0787ee41a7..f02fb37d0f 100644 --- a/spec/bundler/update/git_spec.rb +++ b/spec/bundler/update/git_spec.rb @@ -124,6 +124,9 @@ RSpec.describe "bundle update" do describe "with submodules" do before :each do + # CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/ + system(*%W[git config --global protocol.file.allow always]) + build_repo4 do build_gem "submodule" do |s| s.write "lib/submodule.rb", "puts 'GEM'" |