Mercurial > hg
changeset 34987:846942fd6d15 stable
subrepo: disable git and svn subrepos by default (BC) (SEC)
We have a security issue with git subrepos. I'm not sure if svn subrepo is
vulnerable, but it seems not 100% safe to allow writing arbitrary data into
a metadata directory. So for now, only hg subrepo is enabled by default.
Maybe we should improve the help to describe why git/svn subrepos are
disabled.
author | Yuya Nishihara <yuya@tcha.org> |
---|---|
date | Sun, 05 Nov 2017 21:51:42 +0900 |
parents | 828cf35f1de6 |
children | bd725a71f274 |
files | mercurial/help/config.txt mercurial/subrepo.py tests/test-convert-git.t tests/test-mq-subrepo-svn.t tests/test-subrepo-git.t tests/test-subrepo-svn.t |
diffstat | 6 files changed, 39 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/help/config.txt Sun Nov 05 21:48:58 2017 +0900 +++ b/mercurial/help/config.txt Sun Nov 05 21:51:42 2017 +0900 @@ -1905,7 +1905,7 @@ When disallowed, any commands including :hg:`update` will fail if subrepositories are involved. - (default: `hg, git, svn`) + (default: `hg`) ``templatealias`` -----------------
--- a/mercurial/subrepo.py Sun Nov 05 21:48:58 2017 +0900 +++ b/mercurial/subrepo.py Sun Nov 05 21:51:42 2017 +0900 @@ -366,7 +366,7 @@ raise error.Abort(_("subrepo '%s' traverses symbolic link") % path) def _checktype(ui, kind): - if kind not in ui.configlist('subrepos', 'allowed', ['hg', 'git', 'svn']): + if kind not in ui.configlist('subrepos', 'allowed', ['hg']): raise error.Abort(_("subrepo type %s not allowed") % kind, hint=_("see 'hg help config.subrepos' for details")) if kind not in types:
--- a/tests/test-convert-git.t Sun Nov 05 21:48:58 2017 +0900 +++ b/tests/test-convert-git.t Sun Nov 05 21:51:42 2017 +0900 @@ -6,6 +6,10 @@ $ echo "autocrlf = false" >> $HOME/.gitconfig $ echo "[extensions]" >> $HGRCPATH $ echo "convert=" >> $HGRCPATH + $ cat >> $HGRCPATH <<EOF + > [subrepos] + > allowed = hg, git + > EOF $ GIT_AUTHOR_NAME='test'; export GIT_AUTHOR_NAME $ GIT_AUTHOR_EMAIL='test@example.org'; export GIT_AUTHOR_EMAIL $ GIT_AUTHOR_DATE="2007-01-01 00:00:00 +0000"; export GIT_AUTHOR_DATE
--- a/tests/test-mq-subrepo-svn.t Sun Nov 05 21:48:58 2017 +0900 +++ b/tests/test-mq-subrepo-svn.t Sun Nov 05 21:51:42 2017 +0900 @@ -5,6 +5,8 @@ > mq = > [diff] > nodates = 1 + > [subrepos] + > allowed = hg, svn > EOF fn to create new repository, and cd into it
--- a/tests/test-subrepo-git.t Sun Nov 05 21:48:58 2017 +0900 +++ b/tests/test-subrepo-git.t Sun Nov 05 21:51:42 2017 +0900 @@ -41,7 +41,23 @@ $ echo 's = [git]../gitroot' > .hgsub $ git clone -q ../gitroot s $ hg add .hgsub + +git subrepo is disabled by default + $ hg commit -m 'new git subrepo' + abort: subrepo type git not allowed + (see 'hg help config.subrepos' for details) + [255] + +so enable it + + $ cat >> $HGRCPATH <<EOF + > [subrepos] + > allowed = hg, git + > EOF + + $ hg commit -m 'new git subrepo' + $ hg debugsub path s source ../gitroot
--- a/tests/test-subrepo-svn.t Sun Nov 05 21:48:58 2017 +0900 +++ b/tests/test-subrepo-svn.t Sun Nov 05 21:51:42 2017 +0900 @@ -57,6 +57,21 @@ $ mkdir subdir $ svn co --quiet "$SVNREPOURL"/src subdir/s $ hg add .hgsub + +svn subrepo is disabled by default + + $ hg ci -m1 + abort: subrepo type svn not allowed + (see 'hg help config.subrepos' for details) + [255] + +so enable it + + $ cat >> $HGRCPATH <<EOF + > [subrepos] + > allowed = hg, svn + > EOF + $ hg ci -m1 make sure we avoid empty commits (issue2445)