diff --git a/SOURCES/0001-Tests-Explicitly-allow-usage-of-git-file-based-proto.patch b/SOURCES/0001-Tests-Explicitly-allow-usage-of-git-file-based-proto.patch
new file mode 100644
index 0000000..28f02b2
--- /dev/null
+++ b/SOURCES/0001-Tests-Explicitly-allow-usage-of-git-file-based-proto.patch
@@ -0,0 +1,41 @@
+From f72734ff7712d6aae837f940a45d6e7508bb182c Mon Sep 17 00:00:00 2001
+From: Brad King <brad.king@kitware.com>
+Date: Thu, 20 Oct 2022 13:38:20 -0400
+Subject: [PATCH] Tests: Explicitly allow usage of git file-based protocol in
+ test cases
+
+Due to CVE-2022-39253, Git 2.30.6 sets `protocol.file.allow=user` by
+default.  The change has also been backported to other Git versions by
+distros.  This breaks some of our test cases that use the file-based
+protocol locally to simulate real workflows without requiring network
+access.  In these cases the file protocol is safe, so explicitly enable
+it in the tests.
+
+(cherry picked from commit 79ce0f434e916684d734e136b92e14f472a9d14a)
+---
+ Tests/CMakeLists.txt | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt
+index 8e7c04fbd0..d011020f99 100644
+--- a/Tests/CMakeLists.txt
++++ b/Tests/CMakeLists.txt
+@@ -1540,6 +1540,7 @@ if(BUILD_TESTING)
+     )
+   list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/ExternalProject")
+   set_tests_properties(ExternalProject PROPERTIES
++    ENVIRONMENT GIT_ALLOW_PROTOCOL=file
+     RUN_SERIAL 1
+     TIMEOUT ${CMAKE_LONG_TEST_TIMEOUT})
+ 
+@@ -2653,6 +2654,7 @@ if(BUILD_TESTING)
+         -P "${CMake_BINARY_DIR}/Tests/CTestUpdateGIT.cmake"
+         )
+       list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/${CTestUpdateGIT_DIR}")
++      set_property(TEST CTest.UpdateGIT PROPERTY ENVIRONMENT GIT_ALLOW_PROTOCOL=file)
+     endif()
+ 
+     # Test CTest Update with HG
+-- 
+2.31.1
+
diff --git a/SPECS/cmake.spec b/SPECS/cmake.spec
index 7b89b8e..597cc00 100644
--- a/SPECS/cmake.spec
+++ b/SPECS/cmake.spec
@@ -65,7 +65,7 @@
 %{?rcsuf:%global versuf -%{rcsuf}}
 
 # For handling bump release by rpmdev-bumpspec and mass rebuild
-%global baserelease 7
+%global baserelease 8
 
 # Uncomment if building for EPEL
 #global name_suffix %%{major_version}
@@ -112,6 +112,9 @@ Patch103:       cmake-3.20-CPACK_THREADS.patch
 # see rhbz#1975096
 Patch104:       cmake-3.20.4-glibc_libdl.patch
 
+# rhbz#2162696
+Patch105:	0001-Tests-Explicitly-allow-usage-of-git-file-based-proto.patch
+
 # Patch for renaming on EPEL
 %if 0%{?name_suffix:1}
 Patch1:      %{name}-rename.patch
@@ -531,6 +534,9 @@ popd
 
 
 %changelog
+* Tue Jan 31 2023 Tom Stellard <tstellar@redhat.com> - 3.20.2-8
+- Fix test case broken by git fix for CVE-2022-39253
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.20.2-7
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688