Fix test case broken by git fix for CVE-2022-39253

Resolves: rhbz#2162700
This commit is contained in:
Tom Stellard 2023-01-30 21:30:34 -08:00
parent d1aef33c46
commit 70e0238b7d
2 changed files with 48 additions and 1 deletions

View File

@ -0,0 +1,41 @@
From f72734ff7712d6aae837f940a45d6e7508bb182c Mon Sep 17 00:00:00 2001
From: Brad King <brad.king@kitware.com>
Date: Thu, 20 Oct 2022 13:38:20 -0400
Subject: [PATCH] Tests: Explicitly allow usage of git file-based protocol in
test cases
Due to CVE-2022-39253, Git 2.30.6 sets `protocol.file.allow=user` by
default. The change has also been backported to other Git versions by
distros. This breaks some of our test cases that use the file-based
protocol locally to simulate real workflows without requiring network
access. In these cases the file protocol is safe, so explicitly enable
it in the tests.
(cherry picked from commit 79ce0f434e916684d734e136b92e14f472a9d14a)
---
Tests/CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt
index 8e7c04fbd0..d011020f99 100644
--- a/Tests/CMakeLists.txt
+++ b/Tests/CMakeLists.txt
@@ -1540,6 +1540,7 @@ if(BUILD_TESTING)
)
list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/ExternalProject")
set_tests_properties(ExternalProject PROPERTIES
+ ENVIRONMENT GIT_ALLOW_PROTOCOL=file
RUN_SERIAL 1
TIMEOUT ${CMAKE_LONG_TEST_TIMEOUT})
@@ -2653,6 +2654,7 @@ if(BUILD_TESTING)
-P "${CMake_BINARY_DIR}/Tests/CTestUpdateGIT.cmake"
)
list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/${CTestUpdateGIT_DIR}")
+ set_property(TEST CTest.UpdateGIT PROPERTY ENVIRONMENT GIT_ALLOW_PROTOCOL=file)
endif()
# Test CTest Update with HG
--
2.31.1

View File

@ -65,7 +65,7 @@
%{?rcsuf:%global versuf -%{rcsuf}} %{?rcsuf:%global versuf -%{rcsuf}}
# For handling bump release by rpmdev-bumpspec and mass rebuild # For handling bump release by rpmdev-bumpspec and mass rebuild
%global baserelease 7 %global baserelease 8
# Uncomment if building for EPEL # Uncomment if building for EPEL
#global name_suffix %%{major_version} #global name_suffix %%{major_version}
@ -112,6 +112,9 @@ Patch103: cmake-3.20-CPACK_THREADS.patch
# see rhbz#1975096 # see rhbz#1975096
Patch104: cmake-3.20.4-glibc_libdl.patch Patch104: cmake-3.20.4-glibc_libdl.patch
# rhbz#2162696
Patch105: 0001-Tests-Explicitly-allow-usage-of-git-file-based-proto.patch
# Patch for renaming on EPEL # Patch for renaming on EPEL
%if 0%{?name_suffix:1} %if 0%{?name_suffix:1}
Patch1: %{name}-rename.patch Patch1: %{name}-rename.patch
@ -531,6 +534,9 @@ popd
%changelog %changelog
* Tue Jan 31 2023 Tom Stellard <tstellar@redhat.com> - 3.20.2-8
- Fix test case broken by git fix for CVE-2022-39253
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.20.2-7 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.20.2-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688 Related: rhbz#1991688