Not able to apply the patches from #1521 PR · gitpython-developers/GitPython · Discussion #1529

nrpt-m
Jan 5, 2023

I am working on fixing the CVE-2022-24439 on our source code. Our product is currently having python3-git with 3.1.27 version. As I got to know that #1521 PR is fixing the CVE-2022-24439 so, started backporting the patches. But, after applying patches observed that in our python3-git source code there is no "test/" directory available and due to which patches are failing to apply.

Later on found that there no test/ directory in original tarball downloaded from this https://files.pythonhosted.org/packages/source/G/GitPython/GitPython-3.1.27.tar.gz

Could you please tell me if I can ignore the changes in test/ directory & apply the patches then, will it fix the CVE-2022-24439 issue ? If not then how to fix this CVE-2022-24439 in this source code where test/ directory is not at available ?

Thanks.

Answered by stsewd

Jan 5, 2023

You should be good ignoring the changes to tests, make also sure to apply the changes from #1518.

View full answer

Replies: 1 comment 7 replies

stsewd
Jan 5, 2023

You should be good ignoring the changes to tests, make also sure to apply the changes from #1518.

7 replies

@nrpt-m

nrpt-m Jan 10, 2023
Author

@stsewd Could you please check these patches & confirm if these patches will be able to fix the CVE-2022-24439 ?

@stsewd

stsewd Jan 12, 2023

Hi there, I've been busy, took a quick look and patches look okay.

@nrpt-m

nrpt-m Jan 12, 2023
Author

Thanks a lot @stsewd & @Byron !!

@philsuth

philsuth Feb 6, 2023

@nrpt-m - In line 294 of your PR1521 patch I think there's an indentation error (breaking line 700 of remote.py): the "url = Git.polish_url(url)" is indented one space too far. Noticed this over in yocto/poky where the patches have been recently merged into Kirkstone. Will you follow up there or should I?

@nrpt-m

nrpt-m Feb 6, 2023
Author

@philsuth, Thanks for your sharp observations. It would be great help if you could follow up there.

Answer selected by nrpt-m

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Not able to apply the patches from #1521 PR #1529

Uh oh!

{{title}}

Uh oh!

nrpt-m
Jan 5, 2023

Replies: 1 comment 7 replies

Uh oh!

{{title}}

Uh oh!

stsewd
Jan 5, 2023

Uh oh!

{{title}}

Uh oh!

nrpt-m Jan 10, 2023
Author

Uh oh!

{{title}}

Uh oh!

stsewd Jan 12, 2023

Uh oh!

{{title}}

Uh oh!

nrpt-m Jan 12, 2023
Author

Uh oh!

{{title}}

Uh oh!

philsuth Feb 6, 2023

Uh oh!

{{title}}

Uh oh!

nrpt-m Feb 6, 2023
Author

Select a reply

Uh oh!

Uh oh!

Not able to apply the patches from #1521 PR #1529

Uh oh!

nrpt-m Jan 5, 2023

Replies: 1 comment · 7 replies

Uh oh!

stsewd Jan 5, 2023

Uh oh!

nrpt-m Jan 10, 2023 Author

Uh oh!

stsewd Jan 12, 2023

Uh oh!

nrpt-m Jan 12, 2023 Author

Uh oh!

philsuth Feb 6, 2023

Uh oh!

nrpt-m Feb 6, 2023 Author

nrpt-m
Jan 5, 2023

Replies: 1 comment 7 replies

stsewd
Jan 5, 2023

nrpt-m Jan 10, 2023
Author

nrpt-m Jan 12, 2023
Author

nrpt-m Feb 6, 2023
Author