[
https://issues.apache.org/jira/browse/YETUS-1159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated YETUS-1159:
------------------------------------
Flags: Important
Release Note:
<!-- markdown -->
Users:
If precommit is running within a container, set `GIT_DIR` and
`GIT_CEILING_DIRECTORIES` to provide some assistance with CVE-2022-24765. If
running outside of a container, there is an assumption that the user has a
properly configured environment.
Developers:
This change now adds a new yetus_is_container function. It should be noted
that there is no guaranteed way to determine if a process is in a container
(especially from within the container) but there are some parts of the
environment that are able to be checked to provide at least a pretty good guess.
> fixes for CVE-2022-24765
> -------------------------
>
> Key: YETUS-1159
> URL: https://issues.apache.org/jira/browse/YETUS-1159
> Project: Yetus
> Issue Type: Bug
> Components: Precommit
> Reporter: Allen Wittenauer
> Assignee: Allen Wittenauer
> Priority: Blocker
> Fix For: 0.14.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> When using Github Actions, the test-patch action fails with
> {code}
> fatal: unsafe repository ('/github/workspace/src' is owned by someone else)
> To add an exception for this directory, call:
>
> git config --global --add safe.directory /github/workspace/src
> ERROR: git reset is failing
> {code}
> as a result of the changes triggered by new versions of git that have the fix
> for CVE-2022-24765.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
