upstream/mercurial-mirror Commit - r28670:ff0d3b6b

merge with stable

Matt Mackall -

r28670:ff0d3b6b default

parent child

tests/test-revlog.t

0 created 644 +15 0

@@ -0,0 +1,15 b''
	1	Test for CVE-2016-3630
	2
	3	$ hg init
	4
	5	>>> open("a.i", "w").write(
	6	... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
	7	... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
	8	... .decode("base64").decode("zlib"))
	9
	10	$ hg debugindex a.i
	11	rev offset length delta linkrev nodeid p1 p2
	12	0 0 19 -1 2 99e0332bd498 000000000000 000000000000
	13	1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000
	14	$ hg debugdata a.i 1 2>&1 \| grep decoded
	15	mpatch.mpatchError: patch cannot be decoded

.hgsigs

0 +1 0

             2408645de650d8a29a6ce9e7dce601d8dd0d1474 0 iQIVAwUAVq/xFSBXgaxoKi1yAQLsxhAAg+E6uJCtZZOugrrFi9S6C20SRPBwHwmw22PC5z3Ufp9Vf3vqSL/+zmWI9d/yezIVcTXgM9rKCvq58sZvo4FuO2ngPx7bL9LMJ3qx0IyHUKjwa3AwrzjSzvVhNIrRoimD+lVBI/GLmoszpMICM+Nyg3D41fNJKs6YpnwwsHNJkjMwz0n2SHAShWAgIilyANNVnwnzHE68AIkB/gBkUGtrjf6xB9mXQxAv4GPco/234FAkX9xSWsM0Rx+JLLrSBXoHmIlmu9LPjC0AKn8/DDke+fj7bFaF7hdJBUYOtlYH6f7NIvyZSpw0FHl7jPxoRCtXzIV+1dZEbbIMIXzNtzPFVDYDfMhLqpTgthkZ9x0UaMaHecCUWYYBp8G/IyVS40GJodl8xnRiXUkFejbK/NDdR1f9iZS0dtiFu66cATMdb6d+MG+zW0nDKiQmBt6bwynysqn4g3SIGQFEPyEoRy0bXiefHrlkeHbdfc4zgoejx3ywcRDMGvUbpWs5C43EPu44irKXcqC695vAny3A7nZpt/XP5meDdOF67DNQPvhFdjPPbJBpSsUi2hUlZ+599wUfr3lNVzeEzHT7XApTOf6ysuGtHH3qcVHpFqQSRL1MI0f2xL13UadgTVWYrnHEis7f+ncwlWiR0ucpJB3+dQQh3NVGVo89MfbIZPkA8iil03U=
             b698abf971e7377d9b7ec7fc8c52df45255b0329 0 iQIVAwUAVrJ4YCBXgaxoKi1yAQJsKw/+JHSR0bIyarO4/VilFwsYxCprOnPxmUdS4qc4yjvpbf7Dqqr/OnOHJA29LrMoqWqsHgREepemjqiNindwNtlZec+KgmbF08ihSBBpls96UTTYTcytKRkkbrB+FhwB0iDl/o8RgGPniyG6M7gOp6p8pXQVRCOToIY1B/G0rtpkcU1N3GbiZntO5Fm/LPAVIE74VaDsamMopQ/wEB8qiERngX/M8SjO1ZSaVNW6KjRUsarLXQB9ziVJBolK/WnQsDwEeuWU2udpjBiOHnFC6h84uBpc8rLGhr419bKMJcjgl+0sl2zHGPY2edQYuJqVjVENzf4zzZA+xPgKw3GrSTpd37PEnGU/fufdJ0X+pp3kvmO1cV3TsvVMTCn7NvS6+w8SGdHdwKQQwelYI6vmJnjuOCATbafJiHMaOQ0GVYYk6PPoGrYcQ081x6dStCMaHIPOV1Wirwd2wq+SN9Ql8H6njftBf5Sa5tVWdW/zrhsltMsdZYZagZ/oFT3t83exL0rgZ96bZFs0j3HO3APELygIVuQ6ybPsFyToMDbURNDvr7ZqPKhQkkdHIUMqEez5ReuVgpbO9CWV/yWpB1/ZCpjNBZyDvw05kG2mOoC7AbHc8aLUS/8DetAmhwyb48LW4qjfUkO7RyxVSxqdnaBOMlsg1wsP2S+SlkZKsDHjcquZJ5U=
             d493d64757eb45ada99fcb3693e479a51b7782da 0 iQIVAwUAVtYt4SBXgaxoKi1yAQL6TQ/9FzYE/xOSC2LYqPdPjCXNjGuZdN1WMf/8fUMYT83NNOoLEBGx37C0bAxgD4/P03FwYMuP37IjIcX8vN6fWvtG9Oo0o2n/oR3SKjpsheh2zxhAFX3vXhFD4U18wCz/DnM0O1qGJwJ49kk/99WNgDWeW4n9dMzTFpcaeZBCu1REbZQS40Z+ArXTDCr60g5TLN1XR1WKEzQJvF71rvaE6P8d3GLoGobTIJMLi5UnMwGsnsv2/EIPrWHQiAY9ZEnYq6deU/4RMh9c7afZie9I+ycIA/qVH6vXNt3/a2BP3Frmv8IvKPzqwnoWmIUamew9lLf1joD5joBy8Yu+qMW0/s6DYUGQ4Slk9qIfn6wh4ySgT/7FJUMcayx9ONDq7920RjRc+XFpD8B3Zhj2mM+0g9At1FgX2w2Gkf957oz2nlgTVh9sdPvP6UvWzhqszPMpdG5Vt0oc5vuyobW333qSkufCxi5gmH7do1DIzErMcy8b6IpZUDeQ/dakKwLQpZVVPF15IrNa/zsOW55SrGrL8/ErM/mXNQBBAqvRsOLq2njFqK2JaoG6biH21DMjHVZFw2wBRoLQxbOppfz2/e3mNkNy9HjgJTW3+0iHWvRzMSjwRbk9BlbkmH6kG5163ElHq3Ft3uuQyZBL9I5SQxlHi9s/CV0YSTYthpWR3ChKIMoqBQ0=
+            ae279d4a19e9683214cbd1fe8298cf0b50571432 0 iQIVAwUAVvqzViBXgaxoKi1yAQKUCxAAtctMD3ydbe+li3iYjhY5qT0wyHwPr9fcLqsQUJ4ZtD4sK3oxCRZFWFxNBk5bIIyiwusSEJPiPddoQ7NljSZlYDI0HR3R4vns55fmDwPG07Ykf7aSyqr+c2ppCGzn2/2ID476FNtzKqjF+LkVyadgI9vgZk5S4BgdSlfSRBL+1KtB1BlF5etIZnc5U9qs1uqzZJc06xyyF8HlrmMZkAvRUbsx/JzA5LgzZ2WzueaxZgYzYjDk0nPLgyPPBj0DVyWXnW/kdRNmKHNbaZ9aZlWmdPCEoq5iBm71d7Xoa61shmeuVZWvxHNqXdjVMHVeT61cRxjdfxTIkJwvlRGwpy7V17vTgzWFxw6QJpmr7kupRo3idsDydLDPHGUsxP3uMZFsp6+4rEe6qbafjNajkRyiw7kVGCxboOFN0rLVJPZwZGksEIkw58IHcPhZNT1bHHocWOA/uHJTAynfKsAdv/LDdGKcZWUCFOzlokw54xbPvdrBtEOnYNp15OY01IAJd2FCUki5WHvhELUggTjfank1Tc3/Rt1KrGOFhg80CWq6eMiuiWkHGvYq3fjNLbgjl3JJatUFoB+cX1ulDOGsLJEXQ4v5DNHgel0o2H395owNlStksSeW1UBVk0hUK/ADtVUYKAPEIFiboh1iDpEOl40JVnYdsGz3w5FLj2w+16/1vWs=

.hgtags

0 +1 0

             2408645de650d8a29a6ce9e7dce601d8dd0d1474 3.7
             b698abf971e7377d9b7ec7fc8c52df45255b0329 3.7.1
             d493d64757eb45ada99fcb3693e479a51b7782da 3.7.2
+            ae279d4a19e9683214cbd1fe8298cf0b50571432 3.7.3

hgext/convert/common.py

0 +3 0

                 def _run2(self, cmd, *args, **kwargs):
                     return self._dorun(util.popen2, cmd, *args, **kwargs)
+                def _run3(self, cmd, *args, **kwargs):
+                    return self._dorun(util.popen3, cmd, *args, **kwargs)
                 def _dorun(self, openfunc, cmd,  *args, **kwargs):
                     cmdline = self._cmdline(cmd, *args, **kwargs)
                     self.ui.debug('running: %s\n' % (cmdline,))

hgext/convert/git.py

0 +53 -79

                 def hgsubstate(self):
                     return "%s %s" % (self.node, self.path)
-            class convert_git(common.converter_source):
+            class convert_git(common.converter_source, common.commandline):
                 # Windows does not support GIT_DIR= construct while other systems
                 # cannot remove environment variable. Just assume none have
                 # both issues.
-                if util.safehasattr(os, 'unsetenv'):
-                    def gitopen(self, s, err=None):
+                def _gitcmd(self, cmd, *args, **kwargs):
-                        prevgitdir = os.environ.get('GIT_DIR')
+                    return cmd('--git-dir=%s' % self.path, *args, **kwargs)
-                        os.environ['GIT_DIR'] = self.path
-                        try:
+                def gitrun0(self, *args, **kwargs):
-                            if err == subprocess.PIPE:
+                    return self._gitcmd(self.run0, *args, **kwargs)
-                                (stdin, stdout, stderr) = util.popen3(s)
-                                return stdout
-                            elif err == subprocess.STDOUT:
-                                return self.popen_with_stderr(s)
-                            else:
-                                return util.popen(s, 'rb')
-                        finally:
-                            if prevgitdir is None:
-                                del os.environ['GIT_DIR']
-                            else:
-                                os.environ['GIT_DIR'] = prevgitdir
-                    def gitpipe(self, s):
+                def gitrun(self, *args, **kwargs):
-                        prevgitdir = os.environ.get('GIT_DIR')
+                    return self._gitcmd(self.run, *args, **kwargs)
-                        os.environ['GIT_DIR'] = self.path
-                        try:
+                def gitrunlines0(self, *args, **kwargs):
-                            return util.popen3(s)
+                    return self._gitcmd(self.runlines0, *args, **kwargs)
-                        finally:
-                            if prevgitdir is None:
-                                del os.environ['GIT_DIR']
-                            else:
-                                os.environ['GIT_DIR'] = prevgitdir
-                else:
+                def gitrunlines(self, *args, **kwargs):
-                    def gitopen(self, s, err=None):
+                    return self._gitcmd(self.runlines, *args, **kwargs)
-                        if err == subprocess.PIPE:
-                            (sin, so, se) = util.popen3('GIT_DIR=%s %s' % (self.path, s))
-                            return so
-                        elif err == subprocess.STDOUT:
-                                return self.popen_with_stderr(s)
-                        else:
-                            return util.popen('GIT_DIR=%s %s' % (self.path, s), 'rb')
-                    def gitpipe(self, s):
+                def gitpipe(self, *args, **kwargs):
-                        return util.popen3('GIT_DIR=%s %s' % (self.path, s))
+                    return self._gitcmd(self._run3, *args, **kwargs)
-                def popen_with_stderr(self, s):
-                    p = subprocess.Popen(s, shell=True, bufsize=-1,
-                                         close_fds=util.closefds,
-                                         stdin=subprocess.PIPE,
-                                         stdout=subprocess.PIPE,
-                                         stderr=subprocess.STDOUT,
-                                         universal_newlines=False,
-                                         env=None)
-                    return p.stdout
                 def gitread(self, s):
                     fh = self.gitopen(s)
                 def __init__(self, ui, path, revs=None):
                     super(convert_git, self).__init__(ui, path, revs=revs)
+                    common.commandline.__init__(self, ui, 'git')
                     if os.path.isdir(path + "/.git"):
                         path += "/.git"
                     if similarity < 0 or similarity > 100:
                         raise error.Abort(_('similarity must be between 0 and 100'))
                     if similarity > 0:
-                        self.simopt = '-C%d%%' % similarity
+                        self.simopt = ['-C%d%%' % similarity]
                         findcopiesharder = ui.configbool('convert', 'git.findcopiesharder',
                                                          False)
                         if findcopiesharder:
-                            self.simopt += ' --find-copies-harder'
+                            self.simopt.append('--find-copies-harder')
                     else:
-                        self.simopt = ''
+                        self.simopt = []
                     common.checktool('git', 'git')
                     self.path = path
                     self.submodules = []
-                    self.catfilepipe = self.gitpipe('git cat-file --batch')
+                    self.catfilepipe = self.gitpipe('cat-file', '--batch')
                 def after(self):
                     for f in self.catfilepipe:
                 def getheads(self):
                     if not self.revs:
-                        heads, ret = self.gitread('git rev-parse --branches --remotes')
+                        output, status = self.gitrun('rev-parse', '--branches', '--remotes')
-                        heads = heads.splitlines()
+                        heads = output.splitlines()
-                        if ret:
+                        if status:
                             raise error.Abort(_('cannot retrieve git heads'))
                     else:
                         heads = []
                         for rev in self.revs:
-                            rawhead, ret = self.gitread("git rev-parse --verify %s" % rev)
+                            rawhead, ret = self.gitrun('rev-parse', '--verify', rev)
                             heads.append(rawhead[:-1])
                             if ret:
                                 raise error.Abort(_('cannot retrieve git head "%s"') % rev)
                             self.submodules.append(submodule(s['path'], '', s['url']))
                 def retrievegitmodules(self, version):
-                    modules, ret = self.gitread("git show %s:%s" % (version, '.gitmodules'))
+                    modules, ret = self.gitrun('show', '%s:%s' % (version, '.gitmodules'))
                     if ret:
                         # This can happen if a file is in the repo that has permissions
                         # 160000, but there is no .gitmodules file.
                         return
                     for m in self.submodules:
-                        node, ret = self.gitread("git rev-parse %s:%s" % (version, m.path))
+                        node, ret = self.gitrun('rev-parse', '%s:%s' % (version, m.path))
                         if ret:
                             continue
                         m.node = node.strip()
                     if full:
                         raise error.Abort(_("convert from git does not support --full"))
                     self.modecache = {}
-                    fh = self.gitopen("git diff-tree -z --root -m -r %s %s" % (
+                    cmd = ['diff-tree','-z', '--root', '-m', '-r'] + self.simopt + [version]
-                        self.simopt, version))
+                    output, status = self.gitrun(*cmd)
+                    if status:
+                        raise error.Abort(_('cannot read changes in %s') % version)
                     changes = []
                     copies = {}
                     seen = set()
                     entry = None
                     subexists = [False]
                     subdeleted = [False]
-                    difftree = fh.read().split('\x00')
+                    difftree = output.split('\x00')
                     lcount = len(difftree)
                     i = 0
                                 if f != '.gitmodules' and fdest != '.gitmodules':
                                     copies[fdest] = f
                         entry = None
-                    if fh.close():
-                        raise error.Abort(_('cannot read changes in %s') % version)
                     if subexists[0]:
                         if subdeleted[0]:
                     return c
                 def numcommits(self):
-                    return len([None for _ in self.gitopen('git rev-list --all')])
+                    output, ret = self.gitrunlines('rev-list', '--all')
+                    if ret:
+                        raise error.Abort(_('cannot retrieve number of commits in %s') \
+                                          % self.path)
+                    return len(output)
                 def gettags(self):
                     tags = {}
                     alltags = {}
-                    fh = self.gitopen('git ls-remote --tags "%s"' % self.path,
+                    output, status = self.gitrunlines('ls-remote', '--tags', self.path)
-                                      err=subprocess.STDOUT)
+                    if status:
+                        raise error.Abort(_('cannot read tags from %s') % self.path)
                     prefix = 'refs/tags/'
                     # Build complete list of tags, both annotated and bare ones
-                    for line in fh:
+                    for line in output:
                         line = line.strip()
                         if line.startswith("error:") or line.startswith("fatal:"):
                             raise error.Abort(_('cannot read tags from %s') % self.path)
                         if not tag.startswith(prefix):
                             continue
                         alltags[tag[len(prefix):]] = node
-                    if fh.close():
-                        raise error.Abort(_('cannot read tags from %s') % self.path)
                     # Filter out tag objects for annotated tag refs
                     for tag in alltags:
                 def getchangedfiles(self, version, i):
                     changes = []
                     if i is None:
-                        fh = self.gitopen("git diff-tree --root -m -r %s" % version)
+                        output, status = self.gitrunlines('diff-tree', '--root', '-m',
-                        for l in fh:
+                                                          '-r', version)
+                        if status:
+                            raise error.Abort(_('cannot read changes in %s') % version)
+                        for l in output:
                             if "\t" not in l:
                                 continue
                             m, f = l[:-1].split("\t")
                             changes.append(f)
                     else:
-                        fh = self.gitopen('git diff-tree --name-only --root -r %s '
+                        output, status = self.gitrunlines('diff-tree', '--name-only',
-                                          '"%s^%s" --' % (version, version, i + 1))
+                                                          '--root', '-r', version,
-                        changes = [f.rstrip('\n') for f in fh]
+                                                          '%s^%s' % (version, i + 1), '--')
-                    if fh.close():
+                        changes = [f.rstrip('\n') for f in output]
-                        raise error.Abort(_('cannot read changes in %s') % version)
                     return changes
                     ])
                     try:
-                        fh = self.gitopen('git show-ref', err=subprocess.PIPE)
+                        output, status = self.gitrunlines('show-ref')
-                        for line in fh:
+                        for line in output:
                             line = line.strip()
                             rev, name = line.split(None, 1)
                             # Process each type of branch

mercurial/mpatch.c

0 +3 -3

             	int pos = 0;
             	/* assume worst case size, we won't have many of these lists */
-            	l = lalloc(len / 12);
+            	l = lalloc(len / 12 + 1);
             	if (!l)
             		return NULL;
             		lt->start = getbe32(bin + pos);
             		lt->end = getbe32(bin + pos + 4);
             		lt->len = getbe32(bin + pos + 8);
-            		if (lt->start > lt->end)
-            			break; /* sanity check */
             		lt->data = bin + pos + 12;
             		pos += 12 + lt->len;
+            		if (lt->start > lt->end || lt->len < 0)
+            			break; /* sanity check */
             		lt++;
             	}

mercurial/subrepo.py

0 +5 0

                     are not supported and very probably fail.
                     """
                     self.ui.debug('%s: git %s\n' % (self._relpath, ' '.join(commands)))
+                    if env is None:
+                        env = os.environ.copy()
+                    # fix for Git CVE-2015-7545
+                    if 'GIT_ALLOW_PROTOCOL' not in env:
+                        env['GIT_ALLOW_PROTOCOL'] = 'file:git:http:https:ssh'
                     # unless ui.quiet is set, print git's stderr,
                     # which is mostly progress and useful info
                     errpipe = None

tests/test-convert-git.t

0 +18 -1

@@ -714,7 +714,7 b' damage git repository by renaming a comm'
714	$ COMMIT_OBJ=1c/0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd	714	$ COMMIT_OBJ=1c/0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd
715	$ mv git-repo4/.git/objects/$COMMIT_OBJ git-repo4/.git/objects/$COMMIT_OBJ.tmp	715	$ mv git-repo4/.git/objects/$COMMIT_OBJ git-repo4/.git/objects/$COMMIT_OBJ.tmp
716	$ hg convert git-repo4 git-repo4-broken-hg 2>&1 \| grep 'abort:'	716	$ hg convert git-repo4 git-repo4-broken-hg 2>&1 \| grep 'abort:'
717	abort: cannot re~~ad tags from~~ git-repo4/.git	717	abort: cannot retrieve number of commits in git-repo4/.git
718	$ mv git-repo4/.git/objects/$COMMIT_OBJ.tmp git-repo4/.git/objects/$COMMIT_OBJ	718	$ mv git-repo4/.git/objects/$COMMIT_OBJ.tmp git-repo4/.git/objects/$COMMIT_OBJ
719	damage git repository by renaming a blob object	719	damage git repository by renaming a blob object
720		720
@@ -729,3 +729,20 b' damage git repository by renaming a tree'
729	$ mv git-repo4/.git/objects/$TREE_OBJ git-repo4/.git/objects/$TREE_OBJ.tmp	729	$ mv git-repo4/.git/objects/$TREE_OBJ git-repo4/.git/objects/$TREE_OBJ.tmp
730	$ hg convert git-repo4 git-repo4-broken-hg 2>&1 \| grep 'abort:'	730	$ hg convert git-repo4 git-repo4-broken-hg 2>&1 \| grep 'abort:'
731	abort: cannot read changes in 1c0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd	731	abort: cannot read changes in 1c0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd
		732
		733	test for escaping the repo name (CVE-2016-3069)
		734
		735	$ git init '`echo pwned >COMMAND-INJECTION`'
		736	Initialized empty Git repository in $TESTTMP/`echo pwned >COMMAND-INJECTION`/.git/
		737	$ cd '`echo pwned >COMMAND-INJECTION`'
		738	$ git commit -q --allow-empty -m 'empty'
		739	$ cd ..
		740	$ hg convert '`echo pwned >COMMAND-INJECTION`' 'converted'
		741	initializing destination converted repository
		742	scanning source...
		743	sorting...
		744	converting...
		745	0 empty
		746	updating bookmarks
		747	$ test -f COMMAND-INJECTION
		748	[1]

tests/test-subrepo-git.t

0 +32 0

@@ -1132,4 +1132,36 b' make sure we show changed files, rather '
1132	? s/foobar.orig	1132	? s/foobar.orig
1133	? s/snake.python.orig	1133	? s/snake.python.orig
1134		1134
		1135	test for Git CVE-2016-3068
		1136	$ hg init malicious-subrepository
		1137	$ cd malicious-subrepository
		1138	$ echo "s = [git]ext::sh -c echo% pwned% >&2" > .hgsub
		1139	$ git init s
		1140	Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/
		1141	$ cd s
		1142	$ git commit --allow-empty -m 'empty'
		1143	[master (root-commit) 153f934] empty
1135	$ cd ..	1144	$ cd ..
		1145	$ hg add .hgsub
		1146	$ hg commit -m "add subrepo"
		1147	$ cd ..
		1148	$ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected
		1149	Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'...
		1150	fatal: transport 'ext' not allowed
		1151	updating to branch default
		1152	cloning subrepo s from ext::sh -c echo% pwned% >&2
		1153	abort: git clone error 128 in s (in subrepo s)
		1154	[255]
		1155
		1156	whitelisting of ext should be respected (that's the git submodule behaviour)
		1157	$ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed
		1158	Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'...
		1159	pwned
		1160	fatal: Could not read from remote repository.
		1161
		1162	Please make sure you have the correct access rights
		1163	and the repository exists.
		1164	updating to branch default
		1165	cloning subrepo s from ext::sh -c echo% pwned% >&2
		1166	abort: git clone error 128 in s (in subrepo s)
		1167	[255]

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages