[Bug 2069293] Re: Autopkgtests failing due to new git 2.45

Launchpad Bug Tracker 2069293 at bugs.launchpad.net
Mon Jun 17 17:49:18 UTC 2024 

This bug was fixed in the package ikiwiki-hosting - 0.20220716-2ubuntu1

---------------
ikiwiki-hosting (0.20220716-2ubuntu1) oracular; urgency=medium

  * debian/tests/create-delete: Set the repository used for tests as
    safe. This is required by git >= 2.45 after CVE-2024-32004. (LP: #2069293)

 -- Danilo Egea Gondolfo <danilo.egea.gondolfo at canonical.com>  Thu, 13
Jun 2024 14:11:28 +0100

** Changed in: ikiwiki-hosting (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-32004

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to git in Ubuntu.
https://bugs.launchpad.net/bugs/2069293

Title:
  Autopkgtests failing due to new git 2.45

Status in git package in Ubuntu:
  New
Status in ikiwiki-hosting package in Ubuntu:
  Fix Released

Bug description:
  The step where the ikiwiki-hosting managed git repository is cloned is
  failing:

  git clone git://foo.example.com/source.git
  Cloning into 'source'...
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

  The reason is that the new git doesn't trust it:

  2024-06-13T12:06:08.678455+00:00 autopkgtest-lxd-xukspx git-daemon[7458]: [7458] Interpolated dir '/var/lib/ikiwiki-hosting-web/git/foo.example.com'
  2024-06-13T12:06:08.678481+00:00 autopkgtest-lxd-xukspx git-daemon[7458]: fatal: detected dubious ownership in repository at '/var/lib/ikiwiki-hosting-web/git/foo.example.com.git'
  2024-06-13T12:06:08.678504+00:00 autopkgtest-lxd-xukspx git-daemon[7458]: To add an exception for this directory, call:
  2024-06-13T12:06:08.678526+00:00 autopkgtest-lxd-xukspx git-daemon[7458]: #011git config --global --add safe.directory /var/lib/ikiwiki-hosting-web/git/foo.example.com.git

  I suspect that this change in behavior is related to recent git CVEs:
  https://github.blog/2024-05-14-securing-git-addressing-5-new-
  vulnerabilities/. More specifically this one
  https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/2069293/+subscriptions

More information about the foundations-bugs mailing list