Skip to content

Consolidated CVE fixes #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 29, 2024
Merged

Consolidated CVE fixes #2

merged 7 commits into from
Oct 29, 2024

Conversation

rickprice
Copy link

@rickprice rickprice commented Oct 21, 2024
edited
Loading

These are the fixes for:
CVE-2022-24439
CVE-2023-40267
CVE-2023-40590

@rickprice
CVE-2023-40590 Hand Cherry-Picking pull/1636
6991a2a
@rickprice
CVE-2023-40590 Hand Cherry-Picking pull/1636
20f5e42 
Fix syntax error

Switch to mock

Fix print function

Get TemporaryDirectory for Python2

We don't really care about the encoding of the file

Its a script

Use six to get assertRegex

Create a nullcontext

Fix unicode problem

Just use the Python2 methods
@rickprice rickprice force-pushed the Consolidated_CVE_Fixes branch from 37442c8 to 2e75588 Compare October 23, 2024 18:36
rickprice and others added 4 commits October 28, 2024 19:23
@rickprice
CVE-2022-24439 Hand Cherry-Pick GitPython/pull/1521
6b1c261 
More unfinished changes

Unfinished changes

Unfinished changes

All code changes should be in, time to test them

Fix things Tox didn't like for Python3

Fix more errors found during testing

Try to fix DDT problem with Python2
@rickprice
CVE-2023-40267 Hand Cherry-Pick ca965ec#diff-f50d635cf31b095a03b42fc1…
593800e 
…a73681a9c4025bbeb58b81e72588ba37e00cff87R355

Fix format string problems in Python2

Try to fix some errors

Fix importing of pathlib

Fixes to get GitPython to work on Python2

Backport Pathlib2 to Pathlib

This is probably more correct since it won't drag in tests we haven't tried before

Fix errors caused by git_unpack_args

More changes to try and deal with errors

Fix problem with test not running
@Harmon758 @rickprice
v2.1.15
2a21f09 
Try to merge changes from the patch, modified call to maybe_patch_caller_env

More code changes

More changes

Fix syntax error

Add blank line to remove it

Remove blank line again

Fix syntax error

Fix syntax error

Fix Python3 f string

Add in venv, and sort list

Change name of package to be more correct
@rickprice
Fix merge conflict
598191b
@rickprice rickprice force-pushed the Consolidated_CVE_Fixes branch from 07ce38c to 5224461 Compare October 28, 2024 23:30
@rickprice
Fixups: Code fixups to get all the tests to pass
d1e140f 
Fixups: Code fixups after squashing

Fixups: Fix test-requirements
@rickprice rickprice force-pushed the Consolidated_CVE_Fixes branch from 8d78e9c to d1e140f Compare October 29, 2024 00:03
icanhasmath
icanhasmath approved these changes Oct 29, 2024
View reviewed changes
Copy link

@icanhasmath icanhasmath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense - no red flags.

@icanhasmath icanhasmath marked this pull request as ready for review October 29, 2024 16:28
@icanhasmath icanhasmath merged commit a37a229 into 2.1.15.x Oct 29, 2024
@icanhasmath icanhasmath deleted the Consolidated_CVE_Fixes branch October 29, 2024 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@icanhasmath icanhasmath icanhasmath approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rickprice @icanhasmath @Harmon758