The two machines I've seen this on have git versions 2.18.0 and 2.7.4. I will upgrade those. Will that upgrade fix the issue and allow us to migrate to the latest version of the GIT plugin?
thanks! On Monday, 21 October 2019 16:44:11 UTC+13, Mark Waite wrote: > > Git client plugin 2.8.4 to git client plugin provided only one change, a > fix for SECURITY-1534 > <https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534>. That > is a remote code execution risk from authenticated git commands when using > repository names that look like options to command line git. If your > command line git is 2.8.0 or newer, then that change prefixes the > repository URL argument with a '--' to inform command line git that no > further options will be passed on the command line and that all remaining > command line arguments are operands. > > Git client plugin 2.8.4 calls 'git fetch https://yourhost/your-repo > your-refspec' > > Git client plugin 2.8.5 calls 'git fetch -- https://yourhost/your-repo > your-refspec' > > Note the extra argument '--' that precedes the URL in the fetch command. > > The log file you provided shows that you are using a command line git that > is 2.8.0 or newer. You may want to confirm that with `git --version` to be > certain, but that's what the git client thinks it is detecting. > > You might try using "C:\Program Files\Git\bin\git.exe" instead of " > C:\Program Files\Git\bin\git.exe" as the git executable, in case the > command line argument processing in your version of command line git is > different between the 'cmd\git.exe' and bin\git.exe'. > > If your command line git is an older version (before git 2.20), you might > consider updating command line git to the most recent Git for Windows, > 2.23.0. > > On Sun, Oct 20, 2019 at 8:34 PM Patrick van der Velde < > [email protected] <javascript:>> wrote: > >> Hi >> >> Our setup >> >> Server: >> - Jenkins 2.190.1 >> - Ubuntu 16.04.5 >> >> Agent >> - Jenkins swarm slave >> - Windows 2016 >> >> Source control: >> - GIT on TFS2018 >> >> When running with git-client plugin 2.8.6 we get the following error in >> the build log >> >> Running as SYSTEM >> [EnvInject] - Loading node environment variables. >> Building remotely on BUILDAGENT (tool_nuget tool_powershell swarm >> role_generators team_development tool_msbuild tool_git) in workspace >> C:\ops\jenkins\workspace\testproduct12---b4eb99a4 >> [WS-CLEANUP] Deleting project workspace... >> [WS-CLEANUP] Deferred wipeout is used... >> using credential sandboxuser >> Cloning the remote Git repository >> Cloning repository >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> > C:\Program Files\Git\cmd\git.exe init >> C:\ops\jenkins\workspace\testproduct12---b4eb99a4 # timeout=10 >> Fetching upstream changes from >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> > C:\Program Files\Git\cmd\git.exe --version # timeout=10 >> using GIT_ASKPASS to set credentials User to access the sandbox >> project and the repos inside it. >> > C:\Program Files\Git\cmd\git.exe fetch --tags --progress -- >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> +refs/heads/*:refs/remotes/origin/* >> ERROR: Error cloning remote repo 'origin' >> hudson.plugins.git.GitException: Command "C:\Program >> Files\Git\cmd\git.exe fetch --tags --progress -- >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> +refs/heads/*:refs/remotes/origin/*" returned status code 128: >> stdout: >> stderr: fatal: Authentication failed for ' >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123/ >> ' >> >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2172) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1864) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:78) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:545) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:758) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146) >> at hudson.remoting.UserRequest.perform(UserRequest.java:212) >> at hudson.remoting.UserRequest.perform(UserRequest.java:54) >> at hudson.remoting.Request$2.run(Request.java:369) >> at >> hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) >> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >> at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) >> at java.lang.Thread.run(Thread.java:748) >> Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote >> call to JNLP4-connect connection from 172.17.35.148/172.17.35.148:49717 >> at >> hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743) >> at >> hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357) >> at hudson.remoting.Channel.call(Channel.java:957) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146) >> at sun.reflect.GeneratedMethodAccessor447.invoke(Unknown >> Source) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:498) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132) >> at com.sun.proxy.$Proxy73.execute(Unknown Source) >> at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1152) >> at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) >> at hudson.scm.SCM.checkout(SCM.java:504) >> at >> hudson.model.AbstractProject.checkout(AbstractProject.java:1208) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) >> at >> jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) >> at hudson.model.Run.execute(Run.java:1815) >> at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) >> at >> hudson.model.ResourceController.execute(ResourceController.java:97) >> at hudson.model.Executor.run(Executor.java:429) >> ERROR: Error cloning remote repo 'origin' >> Retrying after 10 seconds >> using credential sandboxuser >> > C:\Program Files\Git\cmd\git.exe rev-parse --is-inside-work-tree # >> timeout=10 >> Fetching changes from the remote Git repository >> > C:\Program Files\Git\cmd\git.exe config remote.origin.url >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> # timeout=10 >> Fetching upstream changes from >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> > C:\Program Files\Git\cmd\git.exe --version # timeout=10 >> using GIT_ASKPASS to set credentials User to access the sandbox >> project and the repos inside it. >> > C:\Program Files\Git\cmd\git.exe fetch --tags --progress -- >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> +refs/heads/*:refs/remotes/origin/* >> ERROR: Error fetching remote repo 'origin' >> hudson.plugins.git.GitException: Failed to fetch from >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:894) >> at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161) >> at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) >> at hudson.scm.SCM.checkout(SCM.java:504) >> at >> hudson.model.AbstractProject.checkout(AbstractProject.java:1208) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) >> at >> jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) >> at hudson.model.Run.execute(Run.java:1815) >> at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) >> at >> hudson.model.ResourceController.execute(ResourceController.java:97) >> at hudson.model.Executor.run(Executor.java:429) >> Caused by: hudson.plugins.git.GitException: Command "C:\Program >> Files\Git\cmd\git.exe fetch --tags --progress -- >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> +refs/heads/*:refs/remotes/origin/*" returned status code 128: >> stdout: >> stderr: fatal: Authentication failed for ' >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123/ >> ' >> >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2172) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1864) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:78) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:545) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146) >> at hudson.remoting.UserRequest.perform(UserRequest.java:212) >> at hudson.remoting.UserRequest.perform(UserRequest.java:54) >> at hudson.remoting.Request$2.run(Request.java:369) >> at >> hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) >> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >> at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) >> at java.lang.Thread.run(Thread.java:748) >> Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote >> call to JNLP4-connect connection from 172.17.35.148/172.17.35.148:49717 >> at >> hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743) >> at >> hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357) >> at hudson.remoting.Channel.call(Channel.java:957) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146) >> at sun.reflect.GeneratedMethodAccessor447.invoke(Unknown >> Source) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:498) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132) >> at com.sun.proxy.$Proxy74.execute(Unknown Source) >> at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:892) >> at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161) >> at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) >> at hudson.scm.SCM.checkout(SCM.java:504) >> at >> hudson.model.AbstractProject.checkout(AbstractProject.java:1208) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) >> at >> jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) >> at hudson.model.Run.execute(Run.java:1815) >> at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) >> at >> hudson.model.ResourceController.execute(ResourceController.java:97) >> at hudson.model.Executor.run(Executor.java:429) >> ERROR: Error fetching remote repo 'origin' >> Retrying after 10 seconds >> using credential sandboxuser >> > C:\Program Files\Git\cmd\git.exe rev-parse --is-inside-work-tree # >> timeout=10 >> Fetching changes from the remote Git repository >> > C:\Program Files\Git\cmd\git.exe config remote.origin.url >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> # timeout=10 >> Fetching upstream changes from >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> > C:\Program Files\Git\cmd\git.exe --version # timeout=10 >> using GIT_ASKPASS to set credentials User to access the sandbox >> project and the repos inside it. >> > C:\Program Files\Git\cmd\git.exe fetch --tags --progress -- >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> +refs/heads/*:refs/remotes/origin/* >> ERROR: Error fetching remote repo 'origin' >> hudson.plugins.git.GitException: Failed to fetch from >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:894) >> at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161) >> at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) >> at hudson.scm.SCM.checkout(SCM.java:504) >> at >> hudson.model.AbstractProject.checkout(AbstractProject.java:1208) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) >> at >> jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) >> at hudson.model.Run.execute(Run.java:1815) >> at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) >> at >> hudson.model.ResourceController.execute(ResourceController.java:97) >> at hudson.model.Executor.run(Executor.java:429) >> Caused by: hudson.plugins.git.GitException: Command "C:\Program >> Files\Git\cmd\git.exe fetch --tags --progress -- >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 >> +refs/heads/*:refs/remotes/origin/*" returned status code 128: >> stdout: >> stderr: fatal: Authentication failed for ' >> http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123/ >> ' >> >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2172) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1864) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:78) >> at >> org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:545) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146) >> at hudson.remoting.UserRequest.perform(UserRequest.java:212) >> at hudson.remoting.UserRequest.perform(UserRequest.java:54) >> at hudson.remoting.Request$2.run(Request.java:369) >> at >> hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) >> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >> at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) >> at java.lang.Thread.run(Thread.java:748) >> Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote >> call to JNLP4-connect connection from 172.17.35.148/172.17.35.148:49717 >> at >> hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743) >> at >> hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357) >> at hudson.remoting.Channel.call(Channel.java:957) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146) >> at sun.reflect.GeneratedMethodAccessor447.invoke(Unknown >> Source) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:498) >> at >> org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132) >> at com.sun.proxy.$Proxy74.execute(Unknown Source) >> at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:892) >> at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161) >> at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) >> at hudson.scm.SCM.checkout(SCM.java:504) >> at >> hudson.model.AbstractProject.checkout(AbstractProject.java:1208) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) >> at >> jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) >> at >> hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) >> at hudson.model.Run.execute(Run.java:1815) >> at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) >> at >> hudson.model.ResourceController.execute(ResourceController.java:97) >> at hudson.model.Executor.run(Executor.java:429) >> ERROR: Error fetching remote repo 'origin' >> Finished: FAILURE >> >> When running with git-client plugin 2.8.4 it works fine. >> >> I suspect 2.8.5 was the version that broke things because nothing >> important seems to have changed in 2.8.6. >> >> Can somebody let me know what the best course of action is? >> >> Thanks >> >> Petrik >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/53a6f448-03de-4931-86b1-c27a809ed24c%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/53a6f448-03de-4931-86b1-c27a809ed24c%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Thanks! > Mark Waite > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/ef47887a-bf6a-484a-883a-3662fb0350e7%40googlegroups.com.
