Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
mercurial.11266
CVE-2017-1000116-0012.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-1000116-0012.patch of Package mercurial.11266
# HG changeset patch # User Yuya Nishihara <yuya@tcha.org> # Date 1502112148 -32400 # Mon Aug 07 22:22:28 2017 +0900 # Branch stable # Node ID 943c91326b23954e6e1c6960d0239511f9530258 # Parent 00a75672a9cbc80d8ea3e1dd00a55b9ccc93c703 ssh: unban the use of pipe character in user@host:port string This vulnerability was fixed by the previous patch and there were more ways to exploit than using '|shellcmd'. So it doesn't make sense to reject only pipe character. Test cases are updated to actually try to exploit the bug. As the SSH bridge of git/svn subrepos are not managed by our code, the tests for non-hg subrepos are just removed. This may be folded into the original patches. --- mercurial/util.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/mercurial/util.py +++ b/mercurial/util.py @@ -1895,8 +1895,7 @@ def checksafessh(path): Raises an error.Abort when the url is unsafe. """ path = urllib.unquote(path) - if (path.startswith('ssh://-') or path.startswith('svn+ssh://-') - or '|' in path): + if path.startswith('ssh://-') or path.startswith('svn+ssh://-'): raise error.Abort(_('potentially unsafe url: %r') % (path,))
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor