diff options
| author | Hiroshi SHIBATA <[email protected]> | 2022-10-19 19:40:00 +0900 |
|---|---|---|
| committer | Hiroshi SHIBATA <[email protected]> | 2022-10-19 20:34:45 +0900 |
| commit | dae843f6b7502f921a7e66f39e3714a39d860181 (patch) | |
| tree | 131499d636447aa2ccef3913e6ae20650b5c30eb | |
| parent | 567725ed303b6738493c80efaf93dc4c1e65a9c9 (diff) | |
Bypass git submodule add/update with git config protocol.file.allow=always option.
Co-authored-by: Nobuyoshi Nakada <[email protected]>
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/6587
| -rw-r--r-- | test/rubygems/test_gem_source_git.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/rubygems/test_gem_source_git.rb b/test/rubygems/test_gem_source_git.rb index 5702da0597..c3b324771f 100644 --- a/test/rubygems/test_gem_source_git.rb +++ b/test/rubygems/test_gem_source_git.rb @@ -63,6 +63,11 @@ class TestGemSourceGit < Gem::TestCase end def test_checkout_submodules + # We need to allow to checkout submodules with file:// protocol + # CVE-2022-39253 + # https://lore.kernel.org/lkml/[email protected]/ + system(@git, *%W"config --global protocol.file.allow always") + source = Gem::Source::Git.new @name, @repository, "master", true git_gem "b" |