Mercurial > hg
view tests/test-diff-hashes.t @ 29051:a56296f55a5e stable 3.8.1
convert: pass absolute paths to git (SEC)
Fixes CVE-2016-3105 (1/1).
Previously, it was possible for the repository path passed to git-ls-remote
to be misinterpreted as a URL.
Always passing an absolute path to git is a simple way to avoid this.
author | Blake Burkhart <bburky@bburky.com> |
---|---|
date | Wed, 06 Apr 2016 22:57:46 -0500 |
parents | f2719b387380 |
children | 251332dbf33d |
line wrap: on
line source
$ hg init a $ cd a $ hg diff inexistent1 inexistent2 inexistent1: * (glob) inexistent2: * (glob) $ echo bar > foo $ hg add foo $ hg ci -m 'add foo' $ echo foobar > foo $ hg ci -m 'change foo' $ hg --quiet diff -r 0 -r 1 --- a/foo Thu Jan 01 00:00:00 1970 +0000 +++ b/foo Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +1,1 @@ -bar +foobar $ hg diff -r 0 -r 1 diff -r a99fb63adac3 -r 9b8568d3af2f foo --- a/foo Thu Jan 01 00:00:00 1970 +0000 +++ b/foo Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +1,1 @@ -bar +foobar $ hg --verbose diff -r 0 -r 1 diff -r a99fb63adac3 -r 9b8568d3af2f foo --- a/foo Thu Jan 01 00:00:00 1970 +0000 +++ b/foo Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +1,1 @@ -bar +foobar $ hg --debug diff -r 0 -r 1 diff -r a99fb63adac3f31816a22f665bc3b7a7655b30f4 -r 9b8568d3af2f1749445eef03aede868a6f39f210 foo --- a/foo Thu Jan 01 00:00:00 1970 +0000 +++ b/foo Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +1,1 @@ -bar +foobar $ cd ..