Is there an existing issue for this?
What happened?
Per this PR and the changelog you can no longer feed arbitrary arguments to prevent remote code execution.
Easy fix, just use the built kwarg that's already there for it.
https://github.com/AUTOMATIC1111/stable-diffusion-webui/blame/0cc0ee1bcb4c24a8c9715f66cede06601bfc00c8/modules/extensions.py#LL69C28-L69C28
there may be other places in the code as well, I'll take a peek
Steps to reproduce the problem
- `pip install 'gitpython>=3.1.30'
- run the web-ui and try to install/check for updates while watching terminal
What should have happened?
Should have successfully run the git commands and updated the git repos
Commit where the problem happens
0cc0ee1
What platforms do you use to access the UI ?
Windows
What browsers do you use to access the UI ?
Google Chrome
Command Line Arguments
List of extensions
No
Console logs
Traceback (most recent call last):
File "/mnt/d/stable-diffusion/stable-diffusion-webui/modules/ui_extensions.py", line 66, in check_updates
ext.check_updates()
File "/mnt/d/stable-diffusion/stable-diffusion-webui/modules/extensions.py", line 69, in check_updates
for fetch in repo.remote().fetch("--dry-run"):
File "/home/adam/.cache/pypoetry/virtualenvs/sd-deps-z4SYejYZ-py3.10/lib/python3.10/site-packages/git/remote.py", line 1007, in fetch
res = self._get_fetch_info_from_stderr(proc, progress, kill_after_timeout=kill_after_timeout)
File "/home/adam/.cache/pypoetry/virtualenvs/sd-deps-z4SYejYZ-py3.10/lib/python3.10/site-packages/git/remote.py", line 848, in _get_fetch_info_from_stderr
proc.wait(stderr=stderr_text)
File "/home/adam/.cache/pypoetry/virtualenvs/sd-deps-z4SYejYZ-py3.10/lib/python3.10/site-packages/git/cmd.py", line 604, in wait
raise GitCommandError(remove_password_if_present(self.args), status, errstr)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
cmdline: git fetch -v -- origin --dry-run
stderr: 'fatal: couldn't find remote ref --dry-run'Additional information
No response
Is there an existing issue for this?
What happened?
Per this PR and the changelog you can no longer feed arbitrary arguments to prevent remote code execution.
Easy fix, just use the built kwarg that's already there for it.
https://github.com/AUTOMATIC1111/stable-diffusion-webui/blame/0cc0ee1bcb4c24a8c9715f66cede06601bfc00c8/modules/extensions.py#LL69C28-L69C28
there may be other places in the code as well, I'll take a peek
Steps to reproduce the problem
What should have happened?
Should have successfully run the git commands and updated the git repos
Commit where the problem happens
0cc0ee1
What platforms do you use to access the UI ?
Windows
What browsers do you use to access the UI ?
Google Chrome
Command Line Arguments
List of extensions
No
Console logs
Additional information
No response