From ce65f11de081ec3903ac388c59f5fdf021ccd237 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 26 Sep 2022 14:48:58 -0400 Subject: [PATCH] enable-tor: Fix breakage caused by git's fix for CVE-2022-24765 This relies on bfa451fc4e621700883fb3b34600bdf71f515a62 and is a bit of an ugly hack. Sponsored-by: Noam Kremen on Patreon --- CHANGELOG | 1 + Command/EnableTor.hs | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 0a4c8f300c..7f2a6773f3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -38,6 +38,7 @@ git-annex (10.20220823) UNRELEASED; urgency=medium * Run annex.freezecontent-command and annex.thawcontent-command when on a crippled filesystem. Thanks, Reiko Asakura + * enable-tor: Fix breakage caused by git's fix for CVE-2022-24765. * Let GIT_DIR and --git-dir override git's protection against operating in a repository owned by another user. diff --git a/Command/EnableTor.hs b/Command/EnableTor.hs index 0e07d14367..aeae96be92 100644 --- a/Command/EnableTor.hs +++ b/Command/EnableTor.hs @@ -1,6 +1,6 @@ {- git-annex command - - - Copyright 2016 Joey Hess + - Copyright 2016-2022 Joey Hess - - Licensed under the GNU AGPL version 3 or higher. -} @@ -22,6 +22,8 @@ import P2P.IO import qualified P2P.Protocol as P2P import Utility.ThreadScheduler import RemoteDaemon.Transport.Tor +import Git.Types +import Config import Control.Concurrent.Async import qualified Network.Socket as S @@ -70,6 +72,15 @@ start _os = do #endif where go userid = do + -- Usually git will refuse to read local configs of a git + -- repo belonging to another user. But in this case, the + -- user wants this command, run as root, to operate on + -- their repo. Behave as if --git-dir had been used to + -- specify that the git directory is intended to be used. + Annex.adjustGitRepo $ \r -> return $ r + { gitDirSpecifiedExplicitly = True } + reloadConfig + uuid <- getUUID when (uuid == NoUUID) $ giveup "This can only be run in a git-annex repository."