Mercurial > public > mercurial-scm > hg-stable
comparison mercurial/subrepo.py @ 34965:846942fd6d15 stable
subrepo: disable git and svn subrepos by default (BC) (SEC)
We have a security issue with git subrepos. I'm not sure if svn subrepo is
vulnerable, but it seems not 100% safe to allow writing arbitrary data into
a metadata directory. So for now, only hg subrepo is enabled by default.
Maybe we should improve the help to describe why git/svn subrepos are
disabled.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Sun, 05 Nov 2017 21:51:42 +0900 |
| parents | 828cf35f1de6 |
| children | 1a314176da9c |
comparison
equal
deleted
inserted
replaced
| 34964:828cf35f1de6 | 34965:846942fd6d15 |
|---|---|
| 364 pathutil.pathauditor(repo.root)(path) | 364 pathutil.pathauditor(repo.root)(path) |
| 365 if repo.wvfs.islink(path): | 365 if repo.wvfs.islink(path): |
| 366 raise error.Abort(_("subrepo '%s' traverses symbolic link") % path) | 366 raise error.Abort(_("subrepo '%s' traverses symbolic link") % path) |
| 367 | 367 |
| 368 def _checktype(ui, kind): | 368 def _checktype(ui, kind): |
| 369 if kind not in ui.configlist('subrepos', 'allowed', ['hg', 'git', 'svn']): | 369 if kind not in ui.configlist('subrepos', 'allowed', ['hg']): |
| 370 raise error.Abort(_("subrepo type %s not allowed") % kind, | 370 raise error.Abort(_("subrepo type %s not allowed") % kind, |
| 371 hint=_("see 'hg help config.subrepos' for details")) | 371 hint=_("see 'hg help config.subrepos' for details")) |
| 372 if kind not in types: | 372 if kind not in types: |
| 373 raise error.Abort(_('unknown subrepo type %s') % kind) | 373 raise error.Abort(_('unknown subrepo type %s') % kind) |
| 374 | 374 |