[asterisk-bugs] [JIRA] (ASTERISK-30029) build: Git security vulnerability fix is sad with our accessing git as root during "make install"
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Wed Jul 13 17:26:09 CDT 2022
[ https://issues.asterisk.org/jira/browse/ASTERISK-30029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=259707#comment-259707 ]
Friendly Automation commented on ASTERISK-30029:
------------------------------------------------
Change 18605 merged by Friendly Automation:
Makefile: Avoid git-make user conflict
[https://gerrit.asterisk.org/c/asterisk/+/18605|https://gerrit.asterisk.org/c/asterisk/+/18605]
> build: Git security vulnerability fix is sad with our accessing git as root during "make install"
> -------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-30029
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-30029
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/BuildSystem
> Affects Versions: 16.25.1, 18.11.1, 19.3.1
> Reporter: Joshua C. Colp
> Severity: Major
>
> When installing Asterisk we seemingly use git in some way. If this is run as root but the git repo is your user, then recent versions of git complain due to a fix for a security vulnerability[1].
> [1] https://github.blog/2022-04-12-git-security-vulnerability-announced/
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list