[Bug 1999511] Re: DEP8 failure: cannot add submodule using file transport
Andreas Hasenack
1999511 at bugs.launchpad.net
Tue Dec 13 11:43:16 UTC 2022
Bug about the config change, marked invalid:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1993586
** Description changed:
The git security update for CVE 2022-39253 changed a config setting to
disallow the file transport submodule by default. This is resulting in
DEP8 tests failing all over the place:
-
$ git submodule add ../repo3 sub3
Cloning into '/tmp/test-pyus71xi-check-manifest/repo2/sub3'...
fatal: transport 'file' not allowed
fatal: clone of '/tmp/test-pyus71xi-check-manifest/repo3' into submodule path '/tmp/test-pyus71xi-check-manifest/repo2/sub3' failed
-
- This probably wasn't seen at the time of the security update probably because DEP8 tests are not run publicly then due to embargo.
+ This probably wasn't seen at the time of the security update probably
+ because DEP8 tests are not run publicly then due to embargo.
It's also affecting the devel release, where git is migrating from 2.37
to 2.38 (2.38 has the security fix).
+
+ The DEP8 fix might have to be backported to stable releases as well, or
+ else SRUing git in the future (for non-security updates) will be a pain.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to git in Ubuntu.
https://bugs.launchpad.net/bugs/1999511
Title:
DEP8 failure: cannot add submodule using file transport
Status in git package in Ubuntu:
New
Bug description:
The git security update for CVE 2022-39253 changed a config setting to
disallow the file transport submodule by default. This is resulting in
DEP8 tests failing all over the place:
$ git submodule add ../repo3 sub3
Cloning into '/tmp/test-pyus71xi-check-manifest/repo2/sub3'...
fatal: transport 'file' not allowed
fatal: clone of '/tmp/test-pyus71xi-check-manifest/repo3' into submodule path '/tmp/test-pyus71xi-check-manifest/repo2/sub3' failed
This probably wasn't seen at the time of the security update probably
because DEP8 tests are not run publicly then due to embargo.
It's also affecting the devel release, where git is migrating from
2.37 to 2.38 (2.38 has the security fix).
The DEP8 fix might have to be backported to stable releases as well,
or else SRUing git in the future (for non-security updates) will be a
pain.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1999511/+subscriptions
More information about the foundations-bugs
mailing list