Uploaded image for project: 'Yetus'
  1. Yetus
  2. YETUS-1159

fixes for CVE-2022-24765

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • None
    • 0.14.0
    • Precommit
    • None
    • Hide
      <!-- markdown -->

      Users:

      If precommit is running within a container, set `GIT_DIR` and `GIT_CEILING_DIRECTORIES` to provide some assistance with CVE-2022-24765. If running outside of a container, there is an assumption that the user has a properly configured environment.

      Developers:

      This change now adds a new yetus_is_container function. It should be noted that there is no guaranteed way to determine if a process is in a container (especially from within the container) but there are some parts of the environment that are able to be checked to provide at least a pretty good guess.
      Show
      <!-- markdown --> Users: If precommit is running within a container, set `GIT_DIR` and `GIT_CEILING_DIRECTORIES` to provide some assistance with CVE-2022-24765. If running outside of a container, there is an assumption that the user has a properly configured environment. Developers: This change now adds a new yetus_is_container function. It should be noted that there is no guaranteed way to determine if a process is in a container (especially from within the container) but there are some parts of the environment that are able to be checked to provide at least a pretty good guess.
    • Important

    Description

      When using Github Actions, the test-patch action fails with 

        fatal: unsafe repository ('/github/workspace/src' is owned by someone else)
  To add an exception for this directory, call:
  
  	git config --global --add safe.directory /github/workspace/src
  ERROR: git reset is failing

      as a result of the changes triggered by new versions of git that have the fix for CVE-2022-24765.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            aw Allen Wittenauer
            aw Allen Wittenauer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h 40m
                1h 40m

                Slack

                  Issue deployment