Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mercurial
hg-subrepo-bsc1071715-fix02.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-subrepo-bsc1071715-fix02.patch of Package mercurial
# HG changeset patch # User Yuya Nishihara <yuya@tcha.org> # Date 1509707570 -32400 # Fri Nov 03 20:12:50 2017 +0900 # Branch stable # Node ID 071cbeba421217d722a69a5d614ec934684d62d5 # Parent 80d7dbda92940c49e0fd66230ae07cd526b3629c subrepo: disallow symlink traversal across subrepo mount point (SEC) It wasn't easy to extend the pathauditor to check symlink traversal across subrepos because pathauditor._checkfs() rejects a directory having ".hg" directory. That's why I added the explicit islink() check. No idea if this patch is necessary after we've fixed the issue5730 by splitting submerge() into planning and execution phases. --- mercurial/subrepo.py | 8 +++++++- tests/test-audit-subrepo.t | 24 +++++++++++++++++++++--- tests/test-subrepo-git.t | 14 ++++++++++++++ 3 files changed, 42 insertions(+), 4 deletions(-) --- a/mercurial/subrepo.py +++ b/mercurial/subrepo.py @@ -334,6 +334,12 @@ def itersubrepos(ctx1, ctx2): for subpath, ctx in sorted(subpaths.iteritems()): yield subpath, ctx.sub(subpath) +def _auditsubrepopath(repo, path): + # auditor doesn't check if the path itself is a symlink + scmutil.pathauditor(repo.root)(path) + if repo.wvfs.islink(path): + raise error.Abort(_("subrepo '%s' traverses symbolic link") % path) + def subrepo(ctx, path): """return instance of the right subrepo class for subrepo in path""" # subrepo inherently violates our import layering rules @@ -344,7 +350,7 @@ def subrepo(ctx, path): import hg as h hg = h - scmutil.pathauditor(ctx._repo.root)(path) + _auditsubrepopath(ctx._repo, path) state = ctx.substate[path] if state[2] not in types: raise util.Abort(_('unknown subrepo type %s') % state[2]) --- a/tests/test-audit-subrepo.t +++ b/tests/test-audit-subrepo.t @@ -50,17 +50,35 @@ on commit: $ hg ci -qAm 'add symlink "out"' $ hg init ../out $ echo 'out = out' >> .hgsub -BROKEN: should fail $ hg ci -qAm 'add subrepo "out"' + abort: subrepo 'out' traverses symbolic link + [255] + +prepare tampered repo (including the commit above): + + $ hg import --bypass -qm 'add subrepo "out"' - <<'EOF' + > diff --git a/.hgsub b/.hgsub + > new file mode 100644 + > --- /dev/null + > +++ b/.hgsub + > @@ -0,0 +1,1 @@ + > +out = out + > diff --git a/.hgsubstate b/.hgsubstate + > new file mode 100644 + > --- /dev/null + > +++ b/.hgsubstate + > @@ -0,0 +1,1 @@ + > +0000000000000000000000000000000000000000 out + > EOF $ cd ../.. on clone (and update): $ mkdir hgsymdir2 -BROKEN: should fail to update $ hg clone -q hgsymdir/root hgsymdir2/root + abort: subrepo 'out' traverses symbolic link + [255] $ ls hgsymdir2 - out root #endif --- a/tests/test-subrepo-git.t +++ b/tests/test-subrepo-git.t @@ -364,6 +364,20 @@ Don't crash if the subrepo is missing $ hg commit --subrepos -qm missing abort: subrepo s is missing (in subrepo s) [255] + +Don't crash if subrepo is a broken symlink + $ ln -s broken s + $ hg status -S + abort: subrepo 's' traverses symbolic link + [255] + $ hg push -q + abort: subrepo 's' traverses symbolic link + [255] + $ hg commit --subrepos -qm missing + abort: subrepo 's' traverses symbolic link + [255] + $ rm s + $ hg update -C 2> /dev/null cloning subrepo s from $TESTTMP/gitroot 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor