From 4dc8dedb97891f37b9da2220e5740c65685b0906 Mon Sep 17 00:00:00 2001 From: Jan Pazdziora Date: Mon, 31 Oct 2022 17:26:00 +0100 Subject: [PATCH] Workaround change of behaviour in git 2.38.1 for CVE-2022-39253. By default, protocol.file.allow now defaults to user, preventing clones with symlinks. https://github.blog/2022-10-18-git-security-vulnerabilities-announced/#cve-2022-39253 --- t/21-submodule.t | 1 + 1 file changed, 1 insertion(+) diff --git a/t/21-submodule.t b/t/21-submodule.t index 444029c..97374f8 100644 --- a/t/21-submodule.t +++ b/t/21-submodule.t @@ -44,6 +44,7 @@ $s->run( checkout => 'master', { quiet => 1 } ); # now test adding a submodule my $r = test_repository(@init); $r->run( + ( Git::Repository->version_ge('2.38.1') ? ('-c', 'protocol.file.allow=always') : ()), submodule => add => $s->work_tree => 'sub', { env => { GIT_WORK_TREE => undef } } );