Mercurial > hg
diff tests/test-subrepo-git.t @ 34987:846942fd6d15 stable
subrepo: disable git and svn subrepos by default (BC) (SEC)
We have a security issue with git subrepos. I'm not sure if svn subrepo is
vulnerable, but it seems not 100% safe to allow writing arbitrary data into
a metadata directory. So for now, only hg subrepo is enabled by default.
Maybe we should improve the help to describe why git/svn subrepos are
disabled.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Sun, 05 Nov 2017 21:51:42 +0900 |
| parents | 828cf35f1de6 |
| children | 1a314176da9c |
line wrap: on
line diff
--- a/tests/test-subrepo-git.t Sun Nov 05 21:48:58 2017 +0900 +++ b/tests/test-subrepo-git.t Sun Nov 05 21:51:42 2017 +0900 @@ -41,7 +41,23 @@ $ echo 's = [git]../gitroot' > .hgsub $ git clone -q ../gitroot s $ hg add .hgsub + +git subrepo is disabled by default + $ hg commit -m 'new git subrepo' + abort: subrepo type git not allowed + (see 'hg help config.subrepos' for details) + [255] + +so enable it + + $ cat >> $HGRCPATH <<EOF + > [subrepos] + > allowed = hg, git + > EOF + + $ hg commit -m 'new git subrepo' + $ hg debugsub path s source ../gitroot