Bug#1023597: FTBFS: t/21-submodule.t: fatal: transport 'file' not allowed
Hi, On Mon, 07 Nov 2022 12:31:05 +0100 gregor herrmann wrote: libgit-repository-perl's test suite started to fail recently: Cloning into '/tmp/M19xNBDPV8/sub'... fatal: transport 'file' not allowed fatal: clone of '/tmp/tC7mgf7E52' into submodule path '/tmp/M19xNBDPV8/sub' failed at t/21-submodule.t line 46. # Looks like your test exited with 128 before it could output anything. t/21-submodule.t ... 1..1 Dubious, test returned 128 (wstat 32768, 0x8000) Failed 1/1 subtests AUR is "fixing" this with "protocol.file.allow=always": https://wiki.archlinux.org/title/VCS_package_guidelines#Git_submodules This has a nice write up: https://vielmetti.typepad.com/logbook/2022/10/git-security-fixes-lead-to-fatal-transport-file-not-allowed-error-in-ci-systems-cve-2022-39253.html Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1023597: FTBFS: t/21-submodule.t: fatal: transport 'file' not allowed
Source: libgit-repository-perl Version: 1.325-1 Severity: serious Tags: ftbfs Justification: fails to build from source -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 libgit-repository-perl's test suite started to fail recently: Cloning into '/tmp/M19xNBDPV8/sub'... fatal: transport 'file' not allowed fatal: clone of '/tmp/tC7mgf7E52' into submodule path '/tmp/M19xNBDPV8/sub' failed at t/21-submodule.t line 46. # Looks like your test exited with 128 before it could output anything. t/21-submodule.t ... 1..1 Dubious, test returned 128 (wstat 32768, 0x8000) Failed 1/1 subtests Propably caused by changes in git: git (1:2.38.1-1) unstable; urgency=medium * new upstream release (closes: #1022046; see RelNotes/2.38.0.txt, RelNotes/2.38.1.txt). * Addresses the security issue CVE-2022-39253: cloning an attacker-controlled local repository could store arbitrary files in the ".git" directory of the destination repository. Cheers, gregor -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmNo7HVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgaWbA//Zodx1kLFKEaU9L8rgk545iISZXU8BBU/vdLp7VROP9CvkA2mqa4m9MtU VwMZuQ0HMbxocdjXIi6HZnyAGgh7goaolQV8qDPpLAp33WHZsuVLDQWC+NGMi87E 8imtl3TbKAlSMxXUvIj0gEAHQ650dchjtLKYeNvP0xMgpKviG1Rzf+Nl/3mcfIYX zP7avstGrnfGrLEz6CgCdzAoeOI1Fs0B5uase5kuBNv3irj9V2Rvl1LDOiTB4JFB eSBADjAe5rtiTdRhE7z4IvfOIjLHSTHf3w8LcIfPdhQtUWQBb2jkos1PpOfdN1W8 XeLl8SARf2vNRsCqv4GQuBPGhc8xTbSyMPWf8gZADoQcV6rMkTy//ejUdESPXfE4 JdCQazfPONbq213SWF46pduk7N/heZjWdYDf4geVe0kq4nOSPlkst2S/nakMXV5e uB+eTb/IwTZ1uc6m+MLwUB8D0jinzgnL3eRoGYCokSNJ55kid3UWJbW9eKGQ69/J 6WbaRjCKbmJAL23djEw65Sj8SbpE2jJyaGQFPbU5Wxl25ukCN0/yoMGp6QOs9l/r bP64+2iYXJeqrXE06QhFO7iRtv+sPa9Sh/Etc9txtJbutbhMf6ig/DcjBzWYL0xP LXRG5aYSE94B6bKXnA0NFdtCGB04SuT6AsFLd5VkSb5oNUXIFxU= =qypE -END PGP SIGNATURE-