1 |
# HG changeset patch |
2 |
# User Yuya Nishihara <yuya@tcha.org> |
3 |
# Date 1509886302 -32400 |
4 |
# Sun Nov 05 21:51:42 2017 +0900 |
5 |
# Branch stable |
6 |
# Node ID 846942fd6d157a6e55783ebf2cf3fccf8cd9528b |
7 |
# Parent 828cf35f1de6b5d8512fc332ad194a79592b0d04 |
8 |
subrepo: disable git and svn subrepos by default (BC) (SEC) |
9 |
|
10 |
We have a security issue with git subrepos. I'm not sure if svn subrepo is |
11 |
vulnerable, but it seems not 100% safe to allow writing arbitrary data into |
12 |
a metadata directory. So for now, only hg subrepo is enabled by default. |
13 |
|
14 |
Maybe we should improve the help to describe why git/svn subrepos are |
15 |
disabled. |
16 |
|
17 |
--- |
18 |
mercurial/help/config.txt | 2 +- |
19 |
mercurial/subrepo.py | 2 +- |
20 |
tests/test-convert-git.t | 4 ++++ |
21 |
tests/test-mq-subrepo-svn.t | 2 ++ |
22 |
tests/test-subrepo-git.t | 16 ++++++++++++++++ |
23 |
tests/test-subrepo-svn.t | 15 +++++++++++++++ |
24 |
6 files changed, 39 insertions(+), 2 deletions(-) |
25 |
|
26 |
--- a/mercurial/help/config.txt |
27 |
+++ b/mercurial/help/config.txt |
28 |
@@ -1500,7 +1500,7 @@ subrepositories feature. See also :hg:`h |
29 |
|
30 |
When disallowed, any commands including :hg:`update` will fail if |
31 |
subrepositories are involved. |
32 |
- (default: `hg, git, svn`) |
33 |
+ (default: `hg`) |
34 |
|
35 |
``trusted`` |
36 |
----------- |
37 |
--- a/mercurial/subrepo.py |
38 |
+++ b/mercurial/subrepo.py |
39 |
@@ -347,7 +347,7 @@ def _auditsubrepopath(repo, path): |
40 |
raise util.Abort(_("subrepo '%s' traverses symbolic link") % path) |
41 |
|
42 |
def _checktype(ui, kind): |
43 |
- if kind not in ui.configlist('subrepos', 'allowed', ['hg', 'git', 'svn']): |
44 |
+ if kind not in ui.configlist('subrepos', 'allowed', ['hg']): |
45 |
raise util.Abort(_("subrepo type %s not allowed") % kind, |
46 |
hint=_("see 'hg help config.subrepos' for details")) |
47 |
if kind not in types: |
48 |
--- a/tests/test-convert-git.t |
49 |
+++ b/tests/test-convert-git.t |
50 |
@@ -6,6 +6,10 @@ |
51 |
$ echo "autocrlf = false" >> $HOME/.gitconfig |
52 |
$ echo "[extensions]" >> $HGRCPATH |
53 |
$ echo "convert=" >> $HGRCPATH |
54 |
+ $ cat >> $HGRCPATH <<EOF |
55 |
+ > [subrepos] |
56 |
+ > allowed = hg, git |
57 |
+ > EOF |
58 |
$ GIT_AUTHOR_NAME='test'; export GIT_AUTHOR_NAME |
59 |
$ GIT_AUTHOR_EMAIL='test@example.org'; export GIT_AUTHOR_EMAIL |
60 |
$ GIT_AUTHOR_DATE="2007-01-01 00:00:00 +0000"; export GIT_AUTHOR_DATE |
61 |
--- a/tests/test-mq-subrepo-svn.t |
62 |
+++ b/tests/test-mq-subrepo-svn.t |
63 |
@@ -4,6 +4,8 @@ |
64 |
$ echo "mq=" >> $HGRCPATH |
65 |
$ echo "[diff]" >> $HGRCPATH |
66 |
$ echo "nodates=1" >> $HGRCPATH |
67 |
+ $ echo "[subrepos]" >> $HGRCPATH |
68 |
+ $ echo "allowed = hg, svn" >> $HGRCPATH |
69 |
|
70 |
fn to create new repository, and cd into it |
71 |
$ mkrepo() { |
72 |
--- a/tests/test-subrepo-git.t |
73 |
+++ b/tests/test-subrepo-git.t |
74 |
@@ -36,7 +36,23 @@ add subrepo clone |
75 |
$ echo 's = [git]../gitroot' > .hgsub |
76 |
$ git clone -q ../gitroot s |
77 |
$ hg add .hgsub |
78 |
+ |
79 |
+git subrepo is disabled by default |
80 |
+ |
81 |
$ hg commit -m 'new git subrepo' |
82 |
+ abort: subrepo type git not allowed |
83 |
+ (see 'hg help config.subrepos' for details) |
84 |
+ [255] |
85 |
+ |
86 |
+so enable it |
87 |
+ |
88 |
+ $ cat >> $HGRCPATH <<EOF |
89 |
+ > [subrepos] |
90 |
+ > allowed = hg, git |
91 |
+ > EOF |
92 |
+ |
93 |
+ $ hg commit -m 'new git subrepo' |
94 |
+ |
95 |
$ hg debugsub |
96 |
path s |
97 |
source ../gitroot |
98 |
--- a/tests/test-subrepo-svn.t |
99 |
+++ b/tests/test-subrepo-svn.t |
100 |
@@ -57,6 +57,21 @@ add first svn sub with leading whitespac |
101 |
$ mkdir subdir |
102 |
$ svn co --quiet "$SVNREPOURL"/src subdir/s |
103 |
$ hg add .hgsub |
104 |
+ |
105 |
+svn subrepo is disabled by default |
106 |
+ |
107 |
+ $ hg ci -m1 |
108 |
+ abort: subrepo type svn not allowed |
109 |
+ (see 'hg help config.subrepos' for details) |
110 |
+ [255] |
111 |
+ |
112 |
+so enable it |
113 |
+ |
114 |
+ $ cat >> $HGRCPATH <<EOF |
115 |
+ > [subrepos] |
116 |
+ > allowed = hg, svn |
117 |
+ > EOF |
118 |
+ |
119 |
$ hg ci -m1 |
120 |
|
121 |
make sure we avoid empty commits (issue2445) |