File hg-subrepo-bsc1071715-fix05.patch of Package mercurial.11266
# HG changeset patch
# User Yuya Nishihara <yuya@tcha.org>
# Date 1509886302 -32400
# Sun Nov 05 21:51:42 2017 +0900
# Branch stable
# Node ID 846942fd6d157a6e55783ebf2cf3fccf8cd9528b
# Parent 828cf35f1de6b5d8512fc332ad194a79592b0d04
subrepo: disable git and svn subrepos by default (BC) (SEC)
We have a security issue with git subrepos. I'm not sure if svn subrepo is
vulnerable, but it seems not 100% safe to allow writing arbitrary data into
a metadata directory. So for now, only hg subrepo is enabled by default.
Maybe we should improve the help to describe why git/svn subrepos are
disabled.
---
mercurial/help/config.txt | 2 +-
mercurial/subrepo.py | 2 +-
tests/test-convert-git.t | 4 ++++
tests/test-mq-subrepo-svn.t | 4 ++++
tests/test-subrepo-git.t | 16 ++++++++++++++++
tests/test-subrepo-svn.t | 15 +++++++++++++++
6 files changed, 41 insertions(+), 2 deletions(-)
--- a/mercurial/help/config.txt
+++ b/mercurial/help/config.txt
@@ -1114,7 +1114,7 @@ subrepositories feature. See also :hg:`h
When disallowed, any commands including :hg:`update` will fail if
subrepositories are involved.
- (default: `hg, git, svn`)
+ (default: `hg`)
``trusted``
-----------
--- a/mercurial/subrepo.py
+++ b/mercurial/subrepo.py
@@ -341,7 +341,7 @@ def _auditsubrepopath(repo, path):
raise error.Abort(_("subrepo '%s' traverses symbolic link") % path)
def _checktype(ui, kind):
- if kind not in ui.configlist('subrepos', 'allowed', ['hg', 'git', 'svn']):
+ if kind not in ui.configlist('subrepos', 'allowed', ['hg']):
raise error.Abort(_("subrepo type %s not allowed") % kind,
hint=_("see 'hg help config.subrepos' for details"))
if kind not in types:
--- a/tests/test-convert-git.t
+++ b/tests/test-convert-git.t
@@ -7,6 +7,10 @@
$ echo "[extensions]" >> $HGRCPATH
$ echo "convert=" >> $HGRCPATH
$ echo 'hgext.graphlog =' >> $HGRCPATH
+ $ cat >> $HGRCPATH <<EOF
+ > [subrepos]
+ > allowed = hg, git
+ > EOF
$ GIT_AUTHOR_NAME='test'; export GIT_AUTHOR_NAME
$ GIT_AUTHOR_EMAIL='test@example.org'; export GIT_AUTHOR_EMAIL
$ GIT_AUTHOR_DATE="2007-01-01 00:00:00 +0000"; export GIT_AUTHOR_DATE
--- a/tests/test-mq-subrepo-svn.t
+++ b/tests/test-mq-subrepo-svn.t
@@ -4,6 +4,10 @@
$ echo "mq=" >> $HGRCPATH
$ echo "[diff]" >> $HGRCPATH
$ echo "nodates=1" >> $HGRCPATH
+ $ cat >> $HGRCPATH <<EOF
+ > [subrepos]
+ > allowed = hg, svn
+ > EOF
fn to create new repository, and cd into it
$ mkrepo() {
--- a/tests/test-subrepo-git.t
+++ b/tests/test-subrepo-git.t
@@ -35,7 +35,23 @@ add subrepo clone
$ echo 's = [git]../gitroot' > .hgsub
$ git clone -q ../gitroot s
$ hg add .hgsub
+
+git subrepo is disabled by default
+
$ hg commit -m 'new git subrepo'
+ abort: subrepo type git not allowed
+ (see 'hg help config.subrepos' for details)
+ [255]
+
+so enable it
+
+ $ cat >> $HGRCPATH <<EOF
+ > [subrepos]
+ > allowed = hg, git
+ > EOF
+
+ $ hg commit -m 'new git subrepo'
+
$ hg debugsub
path s
source ../gitroot
--- a/tests/test-subrepo-svn.t
+++ b/tests/test-subrepo-svn.t
@@ -62,6 +62,21 @@ add first svn sub with leading whitespac
$ mkdir subdir
$ svn co --quiet "$SVNREPOURL"/src subdir/s
$ hg add .hgsub
+
+svn subrepo is disabled by default
+
+ $ hg ci -m1
+ abort: subrepo type svn not allowed
+ (see 'hg help config.subrepos' for details)
+ [255]
+
+so enable it
+
+ $ cat >> $HGRCPATH <<EOF
+ > [subrepos]
+ > allowed = hg, svn
+ > EOF
+
$ hg ci -m1
make sure we avoid empty commits (issue2445)
