Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mercurial
hg-subrepo-bsc1071715-fix05.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-subrepo-bsc1071715-fix05.patch of Package mercurial
# HG changeset patch # User Yuya Nishihara <yuya@tcha.org> # Date 1509886302 -32400 # Sun Nov 05 21:51:42 2017 +0900 # Branch stable # Node ID 846942fd6d157a6e55783ebf2cf3fccf8cd9528b # Parent 828cf35f1de6b5d8512fc332ad194a79592b0d04 subrepo: disable git and svn subrepos by default (BC) (SEC) We have a security issue with git subrepos. I'm not sure if svn subrepo is vulnerable, but it seems not 100% safe to allow writing arbitrary data into a metadata directory. So for now, only hg subrepo is enabled by default. Maybe we should improve the help to describe why git/svn subrepos are disabled. --- mercurial/help/config.txt | 2 +- mercurial/subrepo.py | 2 +- tests/test-convert-git.t | 4 ++++ tests/test-mq-subrepo-svn.t | 4 ++++ tests/test-subrepo-git.t | 16 ++++++++++++++++ tests/test-subrepo-svn.t | 15 +++++++++++++++ 6 files changed, 41 insertions(+), 2 deletions(-) --- a/mercurial/help/config.txt +++ b/mercurial/help/config.txt @@ -1114,7 +1114,7 @@ subrepositories feature. See also :hg:`h When disallowed, any commands including :hg:`update` will fail if subrepositories are involved. - (default: `hg, git, svn`) + (default: `hg`) ``trusted`` ----------- --- a/mercurial/subrepo.py +++ b/mercurial/subrepo.py @@ -341,7 +341,7 @@ def _auditsubrepopath(repo, path): raise error.Abort(_("subrepo '%s' traverses symbolic link") % path) def _checktype(ui, kind): - if kind not in ui.configlist('subrepos', 'allowed', ['hg', 'git', 'svn']): + if kind not in ui.configlist('subrepos', 'allowed', ['hg']): raise error.Abort(_("subrepo type %s not allowed") % kind, hint=_("see 'hg help config.subrepos' for details")) if kind not in types: --- a/tests/test-convert-git.t +++ b/tests/test-convert-git.t @@ -7,6 +7,10 @@ $ echo "[extensions]" >> $HGRCPATH $ echo "convert=" >> $HGRCPATH $ echo 'hgext.graphlog =' >> $HGRCPATH + $ cat >> $HGRCPATH <<EOF + > [subrepos] + > allowed = hg, git + > EOF $ GIT_AUTHOR_NAME='test'; export GIT_AUTHOR_NAME $ GIT_AUTHOR_EMAIL='test@example.org'; export GIT_AUTHOR_EMAIL $ GIT_AUTHOR_DATE="2007-01-01 00:00:00 +0000"; export GIT_AUTHOR_DATE --- a/tests/test-mq-subrepo-svn.t +++ b/tests/test-mq-subrepo-svn.t @@ -4,6 +4,10 @@ $ echo "mq=" >> $HGRCPATH $ echo "[diff]" >> $HGRCPATH $ echo "nodates=1" >> $HGRCPATH + $ cat >> $HGRCPATH <<EOF + > [subrepos] + > allowed = hg, svn + > EOF fn to create new repository, and cd into it $ mkrepo() { --- a/tests/test-subrepo-git.t +++ b/tests/test-subrepo-git.t @@ -35,7 +35,23 @@ add subrepo clone $ echo 's = [git]../gitroot' > .hgsub $ git clone -q ../gitroot s $ hg add .hgsub + +git subrepo is disabled by default + $ hg commit -m 'new git subrepo' + abort: subrepo type git not allowed + (see 'hg help config.subrepos' for details) + [255] + +so enable it + + $ cat >> $HGRCPATH <<EOF + > [subrepos] + > allowed = hg, git + > EOF + + $ hg commit -m 'new git subrepo' + $ hg debugsub path s source ../gitroot --- a/tests/test-subrepo-svn.t +++ b/tests/test-subrepo-svn.t @@ -62,6 +62,21 @@ add first svn sub with leading whitespac $ mkdir subdir $ svn co --quiet "$SVNREPOURL"/src subdir/s $ hg add .hgsub + +svn subrepo is disabled by default + + $ hg ci -m1 + abort: subrepo type svn not allowed + (see 'hg help config.subrepos' for details) + [255] + +so enable it + + $ cat >> $HGRCPATH <<EOF + > [subrepos] + > allowed = hg, svn + > EOF + $ hg ci -m1 make sure we avoid empty commits (issue2445)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor