parsers: fix buffer overflow by invalid parent revision read from revlog
If revlog file is corrupted, it can have parent pointing to invalid revision.
So we should validate it before updating nothead[], phases[], seen[], etc.
Otherwise it would cause segfault at best.
We could use "rev" instead of "maxrev" as upper bound, but I think the explicit
"maxrev" can clarify that we just want to avoid possible buffer overflow
vulnerability.
#!/bin/sh -e
#
# Build a Mercurial RPM from the current repo
#
# Tested on
# - Fedora 20
# - CentOS 5
# - centOS 6
. $(dirname $0)/packagelib.sh
BUILD=1
RPMBUILDDIR="$PWD/rpmbuild"
while [ "$1" ]; do
case "$1" in
--prepare )
shift
BUILD=
;;
--withpython | --with-python)
shift
PYTHONVER=2.7.9
PYTHONMD5=5eebcaa0030dc4061156d3429657fb83
;;
--rpmbuilddir )
shift
RPMBUILDDIR="$1"
shift
;;
* )
echo "Invalid parameter $1!" 1>&2
exit 1
;;
esac
done
cd "`dirname $0`/.."
specfile=$PWD/contrib/mercurial.spec
if [ ! -f $specfile ]; then
echo "Cannot find $specfile!" 1>&2
exit 1
fi
if [ ! -d .hg ]; then
echo 'You are not inside a Mercurial repository!' 1>&2
exit 1
fi
gethgversion
if [ "$PYTHONVER" ]; then
release=$release+$PYTHONVER
RPMPYTHONVER=$PYTHONVER
else
RPMPYTHONVER=%{nil}
fi
$HG archive -t tgz $RPMBUILDDIR/SOURCES/mercurial-$version-$release.tar.gz
if [ "$PYTHONVER" ]; then
(
mkdir -p build
cd build
PYTHON_SRCFILE=Python-$PYTHONVER.tgz
[ -f $PYTHON_SRCFILE ] || curl -Lo $PYTHON_SRCFILE http://www.python.org/ftp/python/$PYTHONVER/$PYTHON_SRCFILE
if [ "$PYTHONMD5" ]; then
echo "$PYTHONMD5 $PYTHON_SRCFILE" | md5sum -w -c
fi
ln -f $PYTHON_SRCFILE $RPMBUILDDIR/SOURCES/$PYTHON_SRCFILE
DOCUTILSVER=`sed -ne "s/^%global docutilsname docutils-//p" $specfile`
DOCUTILS_SRCFILE=docutils-$DOCUTILSVER.tar.gz
[ -f $DOCUTILS_SRCFILE ] || curl -Lo $DOCUTILS_SRCFILE http://downloads.sourceforge.net/project/docutils/docutils/$DOCUTILSVER/$DOCUTILS_SRCFILE
DOCUTILSMD5=`sed -ne "s/^%global docutilsmd5 //p" $specfile`
if [ "$DOCUTILSMD5" ]; then
echo "$DOCUTILSMD5 $DOCUTILS_SRCFILE" | md5sum -w -c
fi
ln -f $DOCUTILS_SRCFILE $RPMBUILDDIR/SOURCES/$DOCUTILS_SRCFILE
)
fi
rpmspec=$RPMBUILDDIR/SPECS/mercurial.spec
sed -e "s,^Version:.*,Version: $version," \
-e "s,^Release:.*,Release: $release," \
$specfile > $rpmspec
echo >> $rpmspec
echo "%changelog" >> $rpmspec
if echo $version | grep '+' > /dev/null 2>&1; then
latesttag="`echo $version | sed -e 's/+.*//'`"
$HG log -r .:"$latesttag" -fM \
--template '{date|hgdate}\t{author}\t{desc|firstline}\n' | python -c '
import sys, time
def datestr(date, format):
return time.strftime(format, time.gmtime(float(date[0]) - date[1]))
changelog = []
for l in sys.stdin.readlines():
tok = l.split("\t")
hgdate = tuple(int(v) for v in tok[0].split())
changelog.append((datestr(hgdate, "%F"), tok[1], hgdate, tok[2]))
prevtitle = ""
for l in sorted(changelog, reverse=True):
title = "* %s %s" % (datestr(l[2], "%a %b %d %Y"), l[1])
if prevtitle != title:
prevtitle = title
print
print title
print "- %s" % l[3].strip()
' >> $rpmspec
else
$HG log \
--template '{date|hgdate}\t{author}\t{desc|firstline}\n' \
.hgtags | python -c '
import sys, time
def datestr(date, format):
return time.strftime(format, time.gmtime(float(date[0]) - date[1]))
for l in sys.stdin.readlines():
tok = l.split("\t")
hgdate = tuple(int(v) for v in tok[0].split())
print "* %s %s\n- %s" % (datestr(hgdate, "%a %b %d %Y"), tok[1], tok[2])
' >> $rpmspec
fi
sed -i \
-e "s/^%define withpython.*$/%define withpython $RPMPYTHONVER/" \
$rpmspec
if [ "$BUILD" ]; then
rpmbuild --define "_topdir $RPMBUILDDIR" -ba $rpmspec --clean
if [ $? = 0 ]; then
echo
echo "Built packages for $version-$release:"
find $RPMBUILDDIR/*RPMS/ -type f -newer $rpmspec
fi
else
echo "Prepared sources for $version-$release $rpmspec are in $RPMBUILDDIR/SOURCES/ - use like:"
echo "rpmbuild --define '_topdir $RPMBUILDDIR' -ba $rpmspec --clean"
fi