Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
mercurial.11266
hg-subrepo-bsc1071715-fix06.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-subrepo-bsc1071715-fix06.patch of Package mercurial.11266
# HG changeset patch # User Augie Fackler <augie@google.com> # Date 1509998177 18000 # Mon Nov 06 14:56:17 2017 -0500 # Branch stable # Node ID bd725a71f274b37206b0bc776050a4d3336cde30 # Parent 846942fd6d157a6e55783ebf2cf3fccf8cd9528b config: add some more documentation around why svn and git subrepos are off --- mercurial/help/config.txt | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mercurial/help/config.txt +++ b/mercurial/help/config.txt @@ -1114,6 +1114,13 @@ subrepositories feature. See also :hg:`h When disallowed, any commands including :hg:`update` will fail if subrepositories are involved. + + Security note: auditing in Mercurial is known to be insufficient + to prevent clone-time code execution with carefully constructed + Git subrepos. It is unknown if a similar defect is present in + Subversion subrepos, so both are disabled by default out of an + abundance of caution. Re-enable such subrepos via this setting + with caution. (default: `hg`) ``trusted``
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor