Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update GitPython to version 3.1.37 #8765

Merged
merged 1 commit into from
Oct 18, 2023
Merged

Update GitPython to version 3.1.37 #8765

merged 1 commit into from
Oct 18, 2023

Conversation

smuzaffar
Copy link
Contributor

@smuzaffar smuzaffar commented Oct 17, 2023
edited
Loading

New version contains the Blind local file inclusion issue

In order to resolve some git references, GitPython reads files from the .git directory, 
in some places the name of the file being read is provided by the user, GitPython 
doesn't check if this file is located outside the .git directory. This allows an attacker 
to make GitPython read any file from the system.

@cmsbuild
Copy link
Contributor

A new Pull Request was created by @smuzaffar (Malik Shahzad Muzaffar) for branch IB/CMSSW_13_3_X/master.

@aandvalenzuela, @smuzaffar, @iarspider, @cmsbuild can you please review it and eventually sign? Thanks.
@antoniovilela, @sextonkennedy, @rappoccio you are the release manager for this.
cms-bot commands are listed here

@smuzaffar
Copy link
Contributor Author

please test

@cmsbuild
Copy link
Contributor

+1

Summary: https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-75be8b/35235/summary.html
COMMIT: 24bb044
CMSSW: CMSSW_13_3_X_2023-10-17-1100/el8_amd64_gcc12
User test area: For local testing, you can use /cvmfs/cms-ci.cern.ch/week1/cms-sw/cmsdist/8765/35235/install.sh to create a dev area with all the needed externals and cmssw changes.

The following merge commits were also included on top of IB + this PR after doing git cms-merge-topic:

You can see more details here:
https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-75be8b/35235/git-recent-commits.json
https://cmssdt.cern.ch/SDT/jenkins-artifacts/pull-request-integration/PR-75be8b/35235/git-merge-result

Comparison Summary

Summary:

  • You potentially added 1 lines to the logs
  • Reco comparison results: 2987 differences found in the comparisons
  • DQMHistoTests: Total files compared: 50
  • DQMHistoTests: Total histograms compared: 3357400
  • DQMHistoTests: Total failures: 6126
  • DQMHistoTests: Total nulls: 0
  • DQMHistoTests: Total successes: 3351252
  • DQMHistoTests: Total skipped: 22
  • DQMHistoTests: Total Missing objects: 0
  • DQMHistoSizes: Histogram memory added: 0.0 KiB( 49 files compared)
  • Checked 214 log files, 167 edm output root files, 50 DQM output files
  • TriggerResults: found differences in 1 / 48 workflows

@smuzaffar
Copy link
Contributor Author

+externals

@smuzaffar smuzaffar merged commit 43f0894 into IB/CMSSW_13_3_X/master Oct 18, 2023
9 checks passed
@smuzaffar smuzaffar deleted the smuzaffar-patch-6 branch October 18, 2023 05:34
@cmsbuild
Copy link
Contributor

This pull request is fully signed and it will be integrated in one of the next IB/CMSSW_13_3_X/master IBs (tests are also fine). This pull request will now be reviewed by the release team before it's merged. @rappoccio, @sextonkennedy, @antoniovilela (and backports should be raised in the release meeting by the corresponding L2)

This was referenced Oct 18, 2023
Merged
Merged
Closed
Merged
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
externals-approved fully-signed orp-pending tests-approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@smuzaffar @cmsbuild