Skip to content

Explicitly pass --git-dir as auto-discovery no longer works due to CVE-2022-24765

Chris Burr requested to merge cburr/git-cve/master into master

The lastest batch of git releases have broken using GitCondDB from CVMFS due to the CVE-2022-24765 mitigations.

$ cd /cvmfs/lhcb-condb.cern.ch/git-conddb/DDDB.git && git for-each-ref --python --sort=-creatordate '--format=(%(refname:short),%(taggername)" "%(taggeremail),%(taggerdate:iso8601),%(contents)),' 'refs/tags/'
fatal: unsafe repository ('/cvmfs/lhcb-condb.cern.ch/git-conddb/DDDB.git' is owned by someone else)
To add an exception for this directory, call:

	git config --global --add safe.directory /cvmfs/lhcb-condb.cern.ch/git-conddb/DDDB.git

Explicitly passing --git-dir works around the issue:

$ git --git-dir /cvmfs/lhcb-condb.cern.ch/git-conddb/DDDB.git for-each-ref --python --sort=-creatordate '--format=(%(refname:short),%(taggername)" "%(taggeremail),%(taggerdate:iso8601),%(contents)),' 'refs/tags/' | head -n 5
\n---'),pes: [Upgrade]3','Sajan Easo'" "'<sajan.easo@cern.ch>','2022-03-23 15:26:24 +0100','---
\n---'),pes: [Upgrade]1','Sajan Easo'" "'<sajan.easo@cern.ch>','2022-01-11 16:45:05 +0100','---
\n---'),pes: [Upgrade]9','Sajan Easo'" "'<sajan.easo@cern.ch>','2021-11-29 17:47:37 +0100','---
\n---'),pes: [Upgrade]7','Sajan Easo'" "'<sajan.easo@cern.ch>','2021-10-17 18:16:53 +0200','---
\n---'),pes: [Upgrade]7','Sajan Easo'" "'<sajan.easo@cern.ch>','2021-06-17 08:58:50 +0000','---

Merge request reports

Loading