Hello community,
here is the log from the commit of package mercurial.12940 for
openSUSE:Leap:15.1:Update checked in at 2020-06-26 14:17:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/mercurial.12940 (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.mercurial.12940.new.3060 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mercurial.12940"
Fri Jun 26 14:17:01 2020 rev:1 rq:816553 version:4.5.2
Changes:
--------
New Changes file:
--- /dev/null 2020-06-25 10:56:43.568241769 +0200
+++
/work/SRC/openSUSE:Leap:15.1:Update/.mercurial.12940.new.3060/mercurial.changes
2020-06-26 14:17:06.506001063 +0200
@@ -0,0 +1,3062 @@
+-------------------------------------------------------------------
+Tue May 14 17:45:22 CEST 2019 - [email protected]
+
+- Fix incorrect patch-checking with symlinks and subrepos
+ (CVE-2019-3902, bsc#1133035):
+ hg-CVE-2019-3902-fix1.patch
+ hg-CVE-2019-3902-fix2.patch
+ hg-CVE-2019-3902-fix3.patch
+
+-------------------------------------------------------------------
+Tue Oct 9 13:52:42 CEST 2018 - [email protected]
+
+- Fix out-of-bounds read during parsing of a malformed manifest
+ entry (CVE-2018-17983, bsc#1110899):
+ hg-CVE-2018-17983.patch
+
+-------------------------------------------------------------------
+Fri Jul 6 12:23:12 CEST 2018 - [email protected]
+
+- Fix security issues in mpatch overflow and other misbehavior
+ (CVE-2018-13346, bsc#1100354, CVE-2018-13347, bsc#1100355,
+ CVE-2018-13348, bsc#1100353):
+ hg-mpatch-fix01.patch
+ hg-mpatch-fix02.patch
+ hg-mpatch-fix03.patch
+ hg-mpatch-fix04.patch
+ hg-mpatch-fix05.patch
+ hg-mpatch-fix06.patch
+ hg-mpatch-fix07.patch
+ hg-mpatch-fix08.patch
+ hg-mpatch-fix09.patch
+
+-------------------------------------------------------------------
+Sat Mar 10 05:41:23 UTC 2018 - [email protected]
+
+- Modernize spec-file by calling spec-cleaner
+
+-------------------------------------------------------------------
+Wed Mar 7 08:10:06 UTC 2018 - [email protected]
+
+- Mercurial 4.5.2
+
+ (4.5.2 was released immediately after 4.5.1 to fix a release oversight.)
+
+ 1. Security Fixes (CVE-2018-1000132,bsc#1085211)
+ All versions of Mercurial prior to 4.5.2 have vulnerabilities in the HTTP
+ server that allow permissions bypass to:
+ * Perform writes on repositories that should be read-only
+ * Perform reads on repositories that shouldn't allow read access
+
+ 2. Backwards Compatibility Changes
+ The "batch" wire protocol command now enforces permissions of each invoked
+ sub-command. Wire protocol commands must define their operation type or
the
+ "batch" command will assume they can write data and will prevent their
+ execution on HTTP servers unless the HTTP request method is POST, the
+ server is configured to allow pushes, and the (possibly authenticated)
HTTP
+ user is authorized to perform a push.
+ Wire protocol commands not defining their operation type in
+ "wireproto.PERMISSIONS" are now assumed to be used for "push" operations
+ and access control to run those commands is now enforced accordingly.
+
+ 3. Bug Fixes
+ fileset: don't abort when running copied() on a revision with a removed
file
+ date: fix parsing months
+ setup: only allow Python 3 from a source checkout (issue5804)
+ annotate: do not poorly split lines at CR (issue5798)
+ subrepo: don't attempt to share remote sources (issue5793)
+ subrepo: activate clone pooling to enable sharing with remote URLs
+ changegroup: do not delta lfs revisions
+ revlog: do not use delta for lfs revisions
+ revlog: resolve lfs rawtext to vanilla rawtext before applying delta
+
+ See full cnahgelog on
+
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
+-------------------------------------------------------------------
+Sun Feb 4 19:11:49 UTC 2018 - [email protected]
+
+- Mercurial 4.5
+
+ See full changelog on
+ https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5-rc_.282018-01-22.29
+
+ 1. New Features
+ 1.1. revert --interactive
+ The revert command now accepts the flag --interactive to allow reverting
+ only some of the changes to the specified files.
+ 1.2. Accessing hidden changesets
+ Set config option `experimental.directaccess = True` to access hidden
+ changesets from read only commands.
+ 1.3. githelp extension
+ The githelp extension provides the `hg githelp` command. This command
+ attempts to convert a git command to its Mercurial equivalent. The
+ extension can be useful to Git users new to Mercurial.
+ 1.4. Largefiles changes
+ largefiles: add a 'debuglfput' command to put largefile into the store
+ largefiles: add support for 'largefiles://' url scheme
+ largefiles: allow to run 'debugupgraderepo' on repo with largefiles
+ largefiles: convert EOL of hgrc before appending to bytes IO
+ largefiles: explicitly set the source and sink types to 'hg' for
lfconvert
+ largefiles: modernize how capabilities are added to the wire protocol
+ 2. hgweb changes
+ hgweb now shows more information about commits: phase (if it's not
public),
+ obsolescence status (with a short explanation and links to the successors)
+ and instabilities (e.g. orphan, phase-divergent or content-divergent).
+ Client-side graph code has been simplified by delegating more work to the
+ backend, so /graph page is now more in sync with /log page, visually and
+ feature-wise. Unfortunately, this code change means that 3rd-party themes
+ for 4.5+ are required to have graphentry.tmpl template available (copy it
+ from the base theme if you don't use %include and then reference it in map
+ file) and render entries in graph.tmpl -- look at one of the core themes
to
+ see what it needs to look like. JS functions that create graph vertices
and
+ edges are now available in Graph.prototype, making it possible to call the
+ original functions from custom theme-specific functions if needed.
+ Graph now shows different symbols for normal, branch-closing, obsolete and
+ unstable commits, and marks currently checked out commit with a circle
+ around its graph node.
+ There's also now json-graph API endpoint that can be used for rendering
+ commit graph in 3rd-party applications.
+ 2.1. Other Changes
+ When interactive revert is run against a revision other than the working
+ directory parent, the diff shown is the diff to _apply_ to the working
+ directory, rather than the diff to _discard_ from the working copy. This
is
+ in line with related user experiences with 'git' and appears to be less
+ confusing with 'ui.interface=curses'.
+ Let 'hg rebase' avoid content-divergence by skipping obsolete changesets
+ (and their descendants) when they are present in the rebase set along with
+ one of their successors but none of their successors is in destination.
+ A new experimental config flag, `rebase.experimental.inmemory`, makes
+ rebase perform an in-memory merge instead of doing it on-disk in the
+ working copy.
+ The `HGPLAINEXCEPT` environment variable can now include color to allow
+ automatic output colorization in otherwise automated environments.
+ A new `unamend` command in `uncommit` extension which undoes the effect of
+ the amend command by creating a new changeset which was there before amend
+ and moving the changes that were amended to the working directory.
+ A '--abort' flag to merge command to abort the ongoing merge.
+ An experimental flag '--rev' to 'hg branch' which can be used to change
+ branch of changesets.
+ bundle2 read I/O significantly improved
+ bundle2 memory use significantly reduced during read
+ clonebundle: it is now possible to serve the clonebundle using a git-lfs
+ compatible server.
+ templatefilters: add slashpath() to convert path separator to slash
+ (issue5572)
+ A new experimental config flag, 'inline-color-diff', adds within-line
color
+ diff capacity
+ histedit: add support to output nodechanges using formatter to help with
+ editor integrations
+ 3. Backwards Compatibility Changes
+ `log --follow-first -rREV`, which is deprecated, now follows the first
+ parent of merge revisions from the specified REV just like
+ `log --follow -rREV`.
+ `log --follow -rREV FILE..` now follows file history across copies and
+ renames.
+ transaction: register summary callbacks only at start of transaction
+ hgweb's graph view no longer supports browsers that lack <canvas> support
+ hgweb: only include graph-related data in jsdata variable on /graph pages
+ graphlog: add another graph node type, unstable, using character *
+ remove: print message for each file in verbose mode only while using '-A'
+
+-------------------------------------------------------------------
+Sat Nov 11 15:44:35 UTC 2017 - [email protected]
+
+- Mercurial 4.4.1
+
+ 1. Notable changes
+ * Git and Subversion subrepos have been disabled by default to mitigate a
+ potential security risk if files overlapping with a subrepo managed to
be
+ committed to a repository.
+ bsc#1071715 CVE-2017-17458
+ * Subrepos are now more paranoid about symlink traversal.
+ * The share extension handles drive letters on Windows better.
+
+ It is possible that a specially malformed repository can cause Git
+ subrepositories to run arbitrary code in the form of a
.git/hooks/post-update
+ script checked in to the repository in Mercurial 4.4 and earlier. Typical
use
+ of Mercurial prevents construction of such repositories, but they can be
+ created programmatically.
+
+-------------------------------------------------------------------
+Sun Nov 5 10:56:38 UTC 2017 - [email protected]
+
+- Mercurial 4.4
+
+ Notable changes
+ Control whitespace settings for annotation on hgweb
+
+ * /annotate URLs on hgweb now accept query string arguments to influence
how
+ whitespace changes impact results.
+ * The arguments "ignorews," "ignorewsamount," "ignorewseol," and
+ "ignoreblanklines" now have the same meaning as their [annotate] config
+ section counterparts. Any provided setting overrides the server default.
+ * HTML checkboxes have been added to the paper and gitweb themes to expose
+ current whitespace settings and to easily modify the current view.
+ Fast, heuristic copy-tracing
+ A new fast heuristic algorithm for copytracing which assumes that the
+ files moves are either:
++++ 2865 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.1:Update/.mercurial.12940.new.3060/mercurial.changes
New:
----
cacerts.rc
hg-CVE-2018-17983.patch
hg-CVE-2019-3902-fix1.patch
hg-CVE-2019-3902-fix2.patch
hg-CVE-2019-3902-fix3.patch
hg-mpatch-fix01.patch
hg-mpatch-fix02.patch
hg-mpatch-fix03.patch
hg-mpatch-fix04.patch
hg-mpatch-fix05.patch
hg-mpatch-fix06.patch
hg-mpatch-fix07.patch
hg-mpatch-fix08.patch
hg-mpatch-fix09.patch
mercurial-4.5.2.tar.gz
mercurial-4.5.2.tar.gz.asc
mercurial-docutils-compat.diff
mercurial-hgk-path-fix.diff
mercurial-locale-path-fix.patch
mercurial-rpmlintrc
mercurial.changes
mercurial.keyring
mercurial.spec
tests.blacklist
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mercurial.spec ++++++
#
# spec file for package mercurial
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitelib: %global python_sitelib %(python -c "from
distutils.sysconfig import get_python_lib; print get_python_lib()")}
%endif
Name: mercurial
Version: 4.5.2
Release: 0
Summary: Scalable Distributed SCM
License: GPL-2.0-or-later
Group: Development/Tools/Version Control
Url: https://www.mercurial-scm.org/
Source:
https://www.mercurial-scm.org/release/mercurial-%{version}.tar.gz
Source1: cacerts.rc
Source2:
https://www.mercurial-scm.org/release/mercurial-%{version}.tar.gz.asc
Source3: mercurial.keyring
Source99: mercurial-rpmlintrc
Patch0: mercurial-hgk-path-fix.diff
# PATCH-FIX-OPENSUSE mercurial-docutils-compat.diff -- Fix for new docutils
options not available on 11.1 and older
Patch1: mercurial-docutils-compat.diff
# PATCH-FIX-OPENSUSE mercurial-locale-path-fix.patch [email protected] -- locales
are found in /usr/share/locale
Patch2: mercurial-locale-path-fix.patch
# Upstream fixes: CVE-2018-13346 CVE-2018-13347 CVE-2018-13348
Patch11: hg-mpatch-fix01.patch
Patch12: hg-mpatch-fix02.patch
Patch13: hg-mpatch-fix03.patch
Patch14: hg-mpatch-fix04.patch
Patch15: hg-mpatch-fix05.patch
Patch16: hg-mpatch-fix06.patch
Patch17: hg-mpatch-fix07.patch
Patch18: hg-mpatch-fix08.patch
Patch19: hg-mpatch-fix09.patch
Patch20: hg-CVE-2018-17983.patch
Patch21: hg-CVE-2019-3902-fix1.patch
Patch22: hg-CVE-2019-3902-fix2.patch
Patch23: hg-CVE-2019-3902-fix3.patch
BuildRequires: fdupes
BuildRequires: python-devel
BuildRequires: python-xml
Requires: python
Requires: python-curses
Requires: python-xml
Recommends: %{name}-lang
Provides: hg = %{version}
%if 0%{?suse_version} < 1210
BuildRequires: docutils
%else
BuildRequires: python-docutils
%endif
%if 0%{?sles_version}
Requires: openssl-certs
%else
Requires: ca-certificates
%endif
%if 0%{?with_tests}
Source90: tests.blacklist
BuildRequires: bzr
BuildRequires: git
BuildRequires: gpg
BuildRequires: ncurses-devel
BuildRequires: python-Pygments
BuildRequires: python-openssl
BuildRequires: subversion-python
BuildRequires: unzip
#BuildRequires: python-pyflakes
%endif
%description
Mercurial is a fast, lightweight source control management system
designed for efficient handling of very large distributed projects.
%lang_package
%prep
%setup -q
%patch0
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%patch1
%endif
%patch2 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
chmod 644 hgweb.cgi
%build
make %{?_smp_mflags} all
%install
make install PREFIX="%{_prefix}" DESTDIR=%{buildroot}
# Move locales to proper location
mkdir -p %{buildroot}%{_datadir}/locale
mv %{buildroot}%{python_sitearch}/mercurial/locale/*
%{buildroot}%{_datadir}/locale
%find_lang hg
# Install stuff in contrib
install -m0755 contrib/hgk %{buildroot}%{_bindir}
install -Dm0644 contrib/bash_completion
%{buildroot}%{_sysconfdir}/bash_completion.d/mercurial.sh
install -Dm0644 contrib/zsh_completion
%{buildroot}%{_datadir}/zsh/site-functions/_mercurial
mkdir -p %{buildroot}%{_datadir}/{x,}emacs/site-lisp
install -m0644 contrib/*.el %{buildroot}%{_datadir}/emacs/site-lisp
install -m0644 contrib/*.el %{buildroot}%{_datadir}/xemacs/site-lisp
install -Dm0644 %{SOURCE1}
%{buildroot}%{_sysconfdir}/mercurial/hgrc.d/cacerts.rc
%fdupes -s %{buildroot}%{_prefix}
%if 0%{?with_tests}
%check
make %{?_smp_mflags} tests TESTFLAGS="-v --blacklist=%{SOURCE90}"
%endif
%files lang -f hg.lang
%files
%license COPYING
%doc README.rst CONTRIBUTORS hgweb.cgi
%{_bindir}/*
%{_sysconfdir}/bash_completion.d/*
%{_datadir}/zsh/
%dir %{_sysconfdir}/mercurial
%dir %{_sysconfdir}/mercurial/hgrc.d
%config %{_sysconfdir}/mercurial/hgrc.d/*
%{_datadir}/emacs
%{_datadir}/xemacs
%{_mandir}/man1/hg.1%{?ext_man}
%{_mandir}/man5/hgignore.5%{?ext_man}
%{_mandir}/man5/hgrc.5%{?ext_man}
%{_mandir}/man8/hg-ssh.8%{?ext_man}
%{python_sitearch}/*
%changelog
++++++ cacerts.rc ++++++
[web]
cacerts = /etc/ssl/ca-bundle.pem
++++++ hg-CVE-2018-17983.patch ++++++
# HG changeset patch
# User Yuya Nishihara <[email protected]>
# Date 1536150209 -32400
# Node ID 5405cb1a79010ac50c58cd84e6f50c4556bf2a4c
# Parent e85462d48cb3a59f67a595510fc7977cba6ed358
manifest: fix out-of-bounds read of corrupted manifest entry
Spotted by ASAN.
diff -r e85462d48cb3 -r 5405cb1a7901 mercurial/cext/manifest.c
--- a/mercurial/cext/manifest.c Wed Sep 05 21:32:45 2018 +0900
+++ b/mercurial/cext/manifest.c Wed Sep 05 21:23:29 2018 +0900
@@ -51,7 +51,12 @@
{
char *s = l->start;
ssize_t llen = pathlen(l);
- PyObject *hash = unhexlify(s + llen + 1, 40);
+ PyObject *hash;
+ if (llen + 1 + 40 + 1 > l->len) { /* path '\0' hash '\n' */
+ PyErr_SetString(PyExc_ValueError, "manifest line too short");
+ return NULL;
+ }
+ hash = unhexlify(s + llen + 1, 40);
if (!hash) {
return NULL;
}
@@ -249,10 +254,13 @@
pl = pathlen(l);
path = PyBytes_FromStringAndSize(l->start, pl);
hash = nodeof(l);
+ if (!path || !hash) {
+ goto done;
+ }
consumed = pl + 41;
flags = PyBytes_FromStringAndSize(l->start + consumed,
l->len - consumed - 1);
- if (!path || !hash || !flags) {
+ if (!flags) {
goto done;
}
ret = PyTuple_Pack(3, path, hash, flags);
++++++ hg-CVE-2019-3902-fix1.patch ++++++
# HG changeset patch
# User Yuya Nishihara <[email protected]>
# Date 1546951914 -32400
# Tue Jan 08 21:51:54 2019 +0900
# Branch stable
# Node ID 31286c9282dfa734e9da085649b7ae5a8ba290ad
# Parent 8427fea0401708ba95a27810163c17cee54ed4b0
subrepo: extend path auditing test to include more weird patterns (SEC)
While reviewing patches for the issue 5739, "$foo in repository path
expanded", I realized that subrepo paths can also be cheated. This patch
includes various subrepo paths which are potentially unsafe.
Since an expanded subrepo path isn't audited, this bug allows symlink check
bypass. As a result, a malicious subrepository could be checked out to a
sub tree of e.g. $HOME directory. The good news is that the destination
directory must be empty or nonexistent, so the existing ~/.bashrc wouldn't
be overwritten. See the last part of the tests for details.
diff -r 8427fea04017 -r 31286c9282df tests/test-audit-subrepo.t
--- a/tests/test-audit-subrepo.t Thu Jan 31 13:32:21 2019 +0800
+++ b/tests/test-audit-subrepo.t Tue Jan 08 21:51:54 2019 +0900
@@ -36,6 +36,330 @@
abort: path 'sub/.hg' is inside nested repo 'sub'
[255]
+Test absolute path
+------------------
+
+on commit:
+
+ $ hg init absolutepath
+ $ cd absolutepath
+ $ hg init sub
+ $ echo '/sub = sub' >> .hgsub
+ $ hg ci -qAm 'add subrepo "/sub"'
+ abort: path contains illegal component: /sub
+ [255]
+
+prepare tampered repo (including the commit above):
+
+ $ hg import --bypass -qm 'add subrepo "/sub"' - <<'EOF'
+ > diff --git a/.hgsub b/.hgsub
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsub
+ > @@ -0,0 +1,1 @@
+ > +/sub = sub
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsubstate
+ > @@ -0,0 +1,1 @@
+ > +0000000000000000000000000000000000000000 /sub
+ > EOF
+ $ cd ..
+
+on clone (and update):
+
+ $ hg clone -q absolutepath absolutepath2
+ abort: path contains illegal component: /sub
+ [255]
+
+Test root path
+--------------
+
+on commit:
+
+ $ hg init rootpath
+ $ cd rootpath
+ $ hg init sub
+ $ echo '/ = sub' >> .hgsub
+ $ hg ci -qAm 'add subrepo "/"'
+ abort: path ends in directory separator: /
+ [255]
+
+prepare tampered repo (including the commit above):
+
+ $ hg import --bypass -qm 'add subrepo "/"' - <<'EOF'
+ > diff --git a/.hgsub b/.hgsub
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsub
+ > @@ -0,0 +1,1 @@
+ > +/ = sub
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsubstate
+ > @@ -0,0 +1,1 @@
+ > +0000000000000000000000000000000000000000 /
+ > EOF
+ $ cd ..
+
+on clone (and update):
+
+ $ hg clone -q rootpath rootpath2
+ abort: path ends in directory separator: /
+ [255]
+
+Test empty path
+---------------
+
+on commit:
+
+ $ hg init emptypath
+ $ cd emptypath
+ $ hg init sub
+ $ echo '= sub' >> .hgsub
+ $ hg ci -qAm 'add subrepo ""'
+ hg: parse error at .hgsub:1: = sub
+ [255]
+
+prepare tampered repo (including the commit above):
+
+ $ hg import --bypass -qm 'add subrepo ""' - <<'EOF'
+ > diff --git a/.hgsub b/.hgsub
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsub
+ > @@ -0,0 +1,1 @@
+ > += sub
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsubstate
+ > @@ -0,0 +1,1 @@
+ > +0000000000000000000000000000000000000000
+ > EOF
+ $ cd ..
+
+on clone (and update):
+
+ $ hg clone -q emptypath emptypath2
+ hg: parse error at .hgsub:1: = sub
+ [255]
+
+Test current path
+-----------------
+
+on commit:
+BROKEN: should fail
+
+ $ hg init currentpath
+ $ cd currentpath
+ $ hg init sub
+ $ echo '. = sub' >> .hgsub
+ $ hg ci -qAm 'add subrepo "."'
+ $ cd ..
+
+on clone (and update):
+
+ $ hg clone -q currentpath currentpath2 --config ui.timeout=1
+ waiting for lock on working directory of $TESTTMP/currentpath2/. * (glob)
+ abort: working directory of $TESTTMP/currentpath2/.: timed out waiting for
lock held by '*' (glob)
+ [255]
+
+Test outer path
+---------------
+
+on commit:
+
+ $ mkdir outerpath
+ $ cd outerpath
+ $ hg init main
+ $ cd main
+ $ hg init ../sub
+ $ echo '../sub = ../sub' >> .hgsub
+ $ hg ci -qAm 'add subrepo "../sub"'
+ abort: path contains illegal component: ../sub
+ [255]
+
+prepare tampered repo (including the commit above):
+
+ $ hg import --bypass -qm 'add subrepo "../sub"' - <<'EOF'
+ > diff --git a/.hgsub b/.hgsub
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsub
+ > @@ -0,0 +1,1 @@
+ > +../sub = ../sub
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsubstate
+ > @@ -0,0 +1,1 @@
+ > +0000000000000000000000000000000000000000 ../sub
+ > EOF
+ $ cd ..
+
+on clone (and update):
+
+ $ hg clone -q main main2
+ abort: path contains illegal component: ../sub
+ [255]
+ $ cd ..
+
+Test variable expansion
+-----------------------
+
+Subrepository paths shouldn't be expanded, but we fail to handle them
+properly. Any local repository paths are expanded.
+
+on commit:
+BROKEN: wrong error message
+
+ $ mkdir envvar
+ $ cd envvar
+ $ hg init main
+ $ cd main
+ $ hg init sub1
+ $ cat <<'EOF' > sub1/hgrc
+ > [hooks]
+ > log = echo pwned
+ > EOF
+ $ hg -R sub1 ci -qAm 'add sub1 files'
+ $ hg -R sub1 log -r. -T '{node}\n'
+ 39eb4b4d3e096527668784893a9280578a8f38b8
+ $ echo '$SUB = sub1' >> .hgsub
+ $ SUB=sub1 hg ci -qAm 'add subrepo "$SUB"'
+ abort: repository $TESTTMP/envvar/main/$SUB already exists!
+ [255]
+
+prepare tampered repo (including the changes above as two commits):
+
+ $ hg import --bypass -qm 'add subrepo "$SUB"' - <<'EOF'
+ > diff --git a/.hgsub b/.hgsub
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsub
+ > @@ -0,0 +1,1 @@
+ > +$SUB = sub1
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsubstate
+ > @@ -0,0 +1,1 @@
+ > +0000000000000000000000000000000000000000 $SUB
+ > EOF
+ $ hg debugsetparents 0
+ $ hg import --bypass -qm 'update subrepo "$SUB"' - <<'EOF'
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > --- a/.hgsubstate
+ > +++ b/.hgsubstate
+ > @@ -1,1 +1,1 @@
+ > -0000000000000000000000000000000000000000 $SUB
+ > +39eb4b4d3e096527668784893a9280578a8f38b8 $SUB
+ > EOF
+ $ cd ..
+
+on clone (and update) with various substitutions:
+
+ $ hg clone -q main main2
+ $ ls main2
+ $SUB
+
+ $ SUB=sub1 hg clone -q main main3
+ $ ls main3
+ sub1
+
+ $ SUB=sub2 hg clone -q main main4
+ $ ls main4
+ sub2
+
+on clone empty subrepo into .hg, then pull (and update), which at least fails:
+BROKEN: the first clone should fail
+
+ $ SUB=.hg hg clone -qr0 main main5
+ $ ls main5
+ $ ls -d main5/.hg/.hg
+ main5/.hg/.hg
+ $ SUB=.hg hg -R main5 pull -u
+ pulling from $TESTTMP/envvar/main
+ searching for changes
+ adding changesets
+ adding manifests
+ adding file changes
+ added 1 changesets with 1 changes to 1 files
+ new changesets 7a2f0e59146f
+ abort: repository $TESTTMP/envvar/main5/$SUB already exists!
+ [255]
+ $ cat main5/.hg/hgrc | grep pwned
+ [1]
+
+on clone (and update) into .hg, which at least fails:
+
+ $ SUB=.hg hg clone -q main main6
+ abort: destination '$TESTTMP/envvar/main6/.hg' is not empty (in
subrepository ".hg")
+ [255]
+ $ ls main6
+ $ cat main6/.hg/hgrc | grep pwned
+ [1]
+
+on clone (and update) into .hg/* subdir:
+BROKEN: should fail
+
+ $ SUB=.hg/foo hg clone -q main main7
+ $ ls main7
+ $ ls main7/.hg/foo
+ hgrc
+
+on clone (and update) into outer tree:
+BROKEN: should fail
+
+ $ SUB=../out-of-tree-write hg clone -q main main8
+ $ ls main8
+
+on clone (and update) into e.g. $HOME, which doesn't work since subrepo paths
+are concatenated prior to variable expansion:
+
+ $ SUB="$TESTTMP/envvar/fakehome" hg clone -q main main9
+ $ ls main9 | wc -l
+ \s*1 (re)
+
+ $ ls
+ main
+ main2
+ main3
+ main4
+ main5
+ main6
+ main7
+ main8
+ main9
+ out-of-tree-write
+ $ cd ..
+
+Test tilde
+----------
+
+The leading tilde may be expanded to $HOME, but it's a valid subrepo path.
+However, we might want to prohibit it as it seems potentially unsafe.
+
+on commit:
+
+ $ hg init tilde
+ $ cd tilde
+ $ hg init './~'
+ $ echo '~ = ~' >> .hgsub
+ $ hg ci -qAm 'add subrepo "~"'
+ $ ls
+ ~
+ $ cd ..
+
+on clone (and update):
+
+ $ hg clone -q tilde tilde2
+ $ ls tilde2
+ ~
+
Test direct symlink traversal
-----------------------------
@@ -130,3 +454,166 @@
root
#endif
+
+Test symlink traversal by variable expansion
+--------------------------------------------
+
+#if symlink
+
+ $ FAKEHOME="$TESTTMP/envvarsym/fakehome"
+
+on commit:
+BROKEN: wrong error message
+
+ $ mkdir envvarsym
+ $ cd envvarsym
+ $ hg init main
+ $ cd main
+ $ ln -s "`echo "$FAKEHOME" | sed 's|\(.\)/.*|\1|'`"
+ $ hg ci -qAm 'add symlink to top-level system directory'
+
+ $ hg init sub1
+ $ echo pwned > sub1/pwned
+ $ hg -R sub1 ci -qAm 'add sub1 files'
+ $ hg -R sub1 log -r. -T '{node}\n'
+ f40c9134ba1b6961e12f250868823f0092fb68a8
+ $ echo '$SUB = sub1' >> .hgsub
+ $ SUB="$FAKEHOME" hg ci -qAm 'add subrepo "$SUB"'
+ abort: repository $TESTTMP/envvarsym/main/$SUB already exists!
+ [255]
+
+prepare tampered repo (including the changes above as two commits):
+
+ $ hg import --bypass -qm 'add subrepo "$SUB"' - <<'EOF'
+ > diff --git a/.hgsub b/.hgsub
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsub
+ > @@ -0,0 +1,1 @@
+ > +$SUB = sub1
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsubstate
+ > @@ -0,0 +1,1 @@
+ > +0000000000000000000000000000000000000000 $SUB
+ > EOF
+ $ hg debugsetparents 1
+ $ hg import --bypass -qm 'update subrepo "$SUB"' - <<'EOF'
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > --- a/.hgsubstate
+ > +++ b/.hgsubstate
+ > @@ -1,1 +1,1 @@
+ > -0000000000000000000000000000000000000000 $SUB
+ > +f40c9134ba1b6961e12f250868823f0092fb68a8 $SUB
+ > EOF
+ $ cd ..
+
+on clone (and update) without fakehome directory:
+BROKEN: should fail
+
+ $ rm -fR "$FAKEHOME"
+ $ SUB="$FAKEHOME" hg clone -q main main2
+ $ ls "$FAKEHOME"
+ pwned
+
+on clone (and update) with empty fakehome directory:
+BROKEN: should fail
+
+ $ rm -fR "$FAKEHOME"
+ $ mkdir "$FAKEHOME"
+ $ SUB="$FAKEHOME" hg clone -q main main3
+ $ ls "$FAKEHOME"
+ pwned
+
+on clone (and update) with non-empty fakehome directory:
+BROKEN: wrong error message
+
+ $ rm -fR "$FAKEHOME"
+ $ mkdir "$FAKEHOME"
+ $ touch "$FAKEHOME/a"
+ $ SUB="$FAKEHOME" hg clone -q main main4
+ abort: destination '$TESTTMP/envvarsym/fakehome' is not empty (in
subrepository "*") (glob)
+ [255]
+ $ ls "$FAKEHOME"
+ a
+
+on clone empty subrepo with non-empty fakehome directory,
+then pull (and update):
+BROKEN: the first clone should fail
+
+ $ rm -fR "$FAKEHOME"
+ $ mkdir "$FAKEHOME"
+ $ touch "$FAKEHOME/a"
+ $ SUB="$FAKEHOME" hg clone -qr1 main main5
+ $ ls "$FAKEHOME"
+ a
+ $ ls -d "$FAKEHOME/.hg"
+ $TESTTMP/envvarsym/fakehome/.hg
+ $ SUB="$FAKEHOME" hg -R main5 pull -u
+ pulling from $TESTTMP/envvarsym/main
+ searching for changes
+ adding changesets
+ adding manifests
+ adding file changes
+ added 1 changesets with 1 changes to 1 files
+ new changesets * (glob)
+ abort: repository $TESTTMP/envvarsym/main5/$SUB already exists!
+ [255]
+ $ ls "$FAKEHOME"
+ a
+
+on clone empty subrepo with hg-managed fakehome directory,
+then pull (and update):
+BROKEN: wrong error message
+
+ $ rm -fR "$FAKEHOME"
+ $ hg init "$FAKEHOME"
+ $ touch "$FAKEHOME/a"
+ $ hg -R "$FAKEHOME" ci -qAm 'add fakehome file'
+ $ SUB="$FAKEHOME" hg clone -qr1 main main6
+ abort: repository $TESTTMP/envvarsym/main6/$SUB already exists!
+ [255]
+ $ ls "$FAKEHOME"
+ a
+ $ SUB="$FAKEHOME" hg -R main6 pull -u
+ pulling from $TESTTMP/envvarsym/main
+ searching for changes
+ adding changesets
+ adding manifests
+ adding file changes
+ added 1 changesets with 1 changes to 1 files
+ new changesets * (glob)
+ .hgsubstate: untracked file differs
+ abort: untracked files in working directory differ from files in requested
revision
+ [255]
+ $ ls "$FAKEHOME"
+ a
+
+on clone only symlink with hg-managed fakehome directory,
+then pull (and update):
+BROKEN: wrong error message
+
+ $ rm -fR "$FAKEHOME"
+ $ hg init "$FAKEHOME"
+ $ touch "$FAKEHOME/a"
+ $ hg -R "$FAKEHOME" ci -qAm 'add fakehome file'
+ $ SUB="$FAKEHOME" hg clone -qr0 main main7
+ $ ls "$FAKEHOME"
+ a
+ $ SUB="$FAKEHOME" hg -R main7 pull -uf
+ pulling from $TESTTMP/envvarsym/main
+ searching for changes
+ adding changesets
+ adding manifests
+ adding file changes
+ added 2 changesets with 3 changes to 2 files
+ new changesets * (glob)
+ abort: repository $TESTTMP/envvarsym/main7/$SUB already exists!
+ [255]
+ $ ls "$FAKEHOME"
+ a
+
+ $ cd ..
+
+#endif
++++++ hg-CVE-2019-3902-fix2.patch ++++++
# HG changeset patch
# User Yuya Nishihara <[email protected]>
# Date 1546952865 -32400
# Tue Jan 08 22:07:45 2019 +0900
# Branch stable
# Node ID 6c10eba6b9cddab020de49fd4fabcb2cadcd85d0
# Parent 31286c9282dfa734e9da085649b7ae5a8ba290ad
subrepo: prohibit variable expansion on creation of hg subrepo (SEC)
It's probably wrong to expand path at localrepo.*repository() layer, but
fixing the layering issue would require careful inspection of call paths.
So, this patch adds add a validation to the subrepo constructor.
os.path.realpath(util.expandpath(root)) is what vfsmod.vfs() would do.
diff -r 31286c9282df -r 6c10eba6b9cd mercurial/subrepo.py
--- a/mercurial/subrepo.py Tue Jan 08 21:51:54 2019 +0900
+++ b/mercurial/subrepo.py Tue Jan 08 22:07:45 2019 +0900
@@ -403,7 +403,16 @@
r = ctx.repo()
root = r.wjoin(path)
create = allowcreate and not r.wvfs.exists('%s/.hg' % path)
+ # repository constructor does expand variables in path, which is
+ # unsafe since subrepo path might come from untrusted source.
+ if os.path.realpath(util.expandpath(root)) != root:
+ raise error.Abort(_('subrepo path contains illegal component: %s')
+ % path)
self._repo = hg.repository(r.baseui, root, create=create)
+ if self._repo.root != root:
+ raise error.ProgrammingError('failed to reject unsafe subrepo '
+ 'path: %s (expanded to %s)'
+ % (root, self._repo.root))
# Propagate the parent's --hidden option
if r is r.unfiltered():
diff -r 31286c9282df -r 6c10eba6b9cd tests/test-audit-subrepo.t
--- a/tests/test-audit-subrepo.t Tue Jan 08 21:51:54 2019 +0900
+++ b/tests/test-audit-subrepo.t Tue Jan 08 22:07:45 2019 +0900
@@ -151,20 +151,37 @@
-----------------
on commit:
-BROKEN: should fail
$ hg init currentpath
$ cd currentpath
$ hg init sub
$ echo '. = sub' >> .hgsub
$ hg ci -qAm 'add subrepo "."'
+ abort: subrepo path contains illegal component: .
+ [255]
+
+prepare tampered repo (including the commit above):
+
+ $ hg import --bypass -qm 'add subrepo "."' - <<'EOF'
+ > diff --git a/.hgsub b/.hgsub
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsub
+ > @@ -0,0 +1,1 @@
+ > +.= sub
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsubstate
+ > @@ -0,0 +1,1 @@
+ > +0000000000000000000000000000000000000000 .
+ > EOF
$ cd ..
on clone (and update):
- $ hg clone -q currentpath currentpath2 --config ui.timeout=1
- waiting for lock on working directory of $TESTTMP/currentpath2/. * (glob)
- abort: working directory of $TESTTMP/currentpath2/.: timed out waiting for
lock held by '*' (glob)
+ $ hg clone -q currentpath currentpath2
+ abort: subrepo path contains illegal component: .
[255]
Test outer path
@@ -214,7 +231,6 @@
properly. Any local repository paths are expanded.
on commit:
-BROKEN: wrong error message
$ mkdir envvar
$ cd envvar
@@ -230,7 +246,7 @@
39eb4b4d3e096527668784893a9280578a8f38b8
$ echo '$SUB = sub1' >> .hgsub
$ SUB=sub1 hg ci -qAm 'add subrepo "$SUB"'
- abort: repository $TESTTMP/envvar/main/$SUB already exists!
+ abort: subrepo path contains illegal component: $SUB
[255]
prepare tampered repo (including the changes above as two commits):
@@ -267,20 +283,23 @@
$SUB
$ SUB=sub1 hg clone -q main main3
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls main3
- sub1
$ SUB=sub2 hg clone -q main main4
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls main4
- sub2
on clone empty subrepo into .hg, then pull (and update), which at least fails:
-BROKEN: the first clone should fail
$ SUB=.hg hg clone -qr0 main main5
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls main5
- $ ls -d main5/.hg/.hg
- main5/.hg/.hg
+ $ test -d main5/.hg/.hg
+ [1]
$ SUB=.hg hg -R main5 pull -u
pulling from $TESTTMP/envvar/main
searching for changes
@@ -289,7 +308,8 @@
adding file changes
added 1 changesets with 1 changes to 1 files
new changesets 7a2f0e59146f
- abort: repository $TESTTMP/envvar/main5/$SUB already exists!
+ .hgsubstate: untracked file differs
+ abort: untracked files in working directory differ from files in requested
revision
[255]
$ cat main5/.hg/hgrc | grep pwned
[1]
@@ -297,32 +317,36 @@
on clone (and update) into .hg, which at least fails:
$ SUB=.hg hg clone -q main main6
- abort: destination '$TESTTMP/envvar/main6/.hg' is not empty (in
subrepository ".hg")
+ abort: subrepo path contains illegal component: $SUB
[255]
$ ls main6
$ cat main6/.hg/hgrc | grep pwned
[1]
on clone (and update) into .hg/* subdir:
-BROKEN: should fail
$ SUB=.hg/foo hg clone -q main main7
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls main7
- $ ls main7/.hg/foo
- hgrc
+ $ test -d main7/.hg/.hg
+ [1]
on clone (and update) into outer tree:
-BROKEN: should fail
$ SUB=../out-of-tree-write hg clone -q main main8
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls main8
on clone (and update) into e.g. $HOME, which doesn't work since subrepo paths
are concatenated prior to variable expansion:
$ SUB="$TESTTMP/envvar/fakehome" hg clone -q main main9
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls main9 | wc -l
- \s*1 (re)
+ \s*0 (re)
$ ls
main
@@ -334,7 +358,6 @@
main7
main8
main9
- out-of-tree-write
$ cd ..
Test tilde
@@ -463,7 +486,6 @@
$ FAKEHOME="$TESTTMP/envvarsym/fakehome"
on commit:
-BROKEN: wrong error message
$ mkdir envvarsym
$ cd envvarsym
@@ -479,7 +501,7 @@
f40c9134ba1b6961e12f250868823f0092fb68a8
$ echo '$SUB = sub1' >> .hgsub
$ SUB="$FAKEHOME" hg ci -qAm 'add subrepo "$SUB"'
- abort: repository $TESTTMP/envvarsym/main/$SUB already exists!
+ abort: subrepo path contains illegal component: $SUB
[255]
prepare tampered repo (including the changes above as two commits):
@@ -510,46 +532,47 @@
$ cd ..
on clone (and update) without fakehome directory:
-BROKEN: should fail
$ rm -fR "$FAKEHOME"
$ SUB="$FAKEHOME" hg clone -q main main2
- $ ls "$FAKEHOME"
- pwned
+ abort: subrepo path contains illegal component: $SUB
+ [255]
+ $ test -d "$FAKEHOME"
+ [1]
on clone (and update) with empty fakehome directory:
-BROKEN: should fail
$ rm -fR "$FAKEHOME"
$ mkdir "$FAKEHOME"
$ SUB="$FAKEHOME" hg clone -q main main3
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls "$FAKEHOME"
- pwned
on clone (and update) with non-empty fakehome directory:
-BROKEN: wrong error message
$ rm -fR "$FAKEHOME"
$ mkdir "$FAKEHOME"
$ touch "$FAKEHOME/a"
$ SUB="$FAKEHOME" hg clone -q main main4
- abort: destination '$TESTTMP/envvarsym/fakehome' is not empty (in
subrepository "*") (glob)
+ abort: subrepo path contains illegal component: $SUB
[255]
$ ls "$FAKEHOME"
a
on clone empty subrepo with non-empty fakehome directory,
then pull (and update):
-BROKEN: the first clone should fail
$ rm -fR "$FAKEHOME"
$ mkdir "$FAKEHOME"
$ touch "$FAKEHOME/a"
$ SUB="$FAKEHOME" hg clone -qr1 main main5
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls "$FAKEHOME"
a
- $ ls -d "$FAKEHOME/.hg"
- $TESTTMP/envvarsym/fakehome/.hg
+ $ test -d "$FAKEHOME/.hg"
+ [1]
$ SUB="$FAKEHOME" hg -R main5 pull -u
pulling from $TESTTMP/envvarsym/main
searching for changes
@@ -558,21 +581,23 @@
adding file changes
added 1 changesets with 1 changes to 1 files
new changesets * (glob)
- abort: repository $TESTTMP/envvarsym/main5/$SUB already exists!
+ .hgsubstate: untracked file differs
+ abort: untracked files in working directory differ from files in requested
revision
[255]
$ ls "$FAKEHOME"
a
+ $ test -d "$FAKEHOME/.hg"
+ [1]
on clone empty subrepo with hg-managed fakehome directory,
then pull (and update):
-BROKEN: wrong error message
$ rm -fR "$FAKEHOME"
$ hg init "$FAKEHOME"
$ touch "$FAKEHOME/a"
$ hg -R "$FAKEHOME" ci -qAm 'add fakehome file'
$ SUB="$FAKEHOME" hg clone -qr1 main main6
- abort: repository $TESTTMP/envvarsym/main6/$SUB already exists!
+ abort: subrepo path contains illegal component: $SUB
[255]
$ ls "$FAKEHOME"
a
@@ -592,7 +617,6 @@
on clone only symlink with hg-managed fakehome directory,
then pull (and update):
-BROKEN: wrong error message
$ rm -fR "$FAKEHOME"
$ hg init "$FAKEHOME"
@@ -609,7 +633,7 @@
adding file changes
added 2 changesets with 3 changes to 2 files
new changesets * (glob)
- abort: repository $TESTTMP/envvarsym/main7/$SUB already exists!
+ abort: subrepo path contains illegal component: $SUB
[255]
$ ls "$FAKEHOME"
a
++++++ hg-CVE-2019-3902-fix3.patch ++++++
# HG changeset patch
# User Yuya Nishihara <[email protected]>
# Date 1546953576 -32400
# Tue Jan 08 22:19:36 2019 +0900
# Branch stable
# Node ID 83377b4b4ae0e9a6b8e579f7b0a693b8cf5c3b10
# Parent 6c10eba6b9cddab020de49fd4fabcb2cadcd85d0
subrepo: reject potentially unsafe subrepo paths (BC) (SEC)
In addition to the previous patch, this prohibits '~', '$nonexistent', etc.
for any subrepo types. I think this is safer, and real-world subrepos wouldn't
use such (local) paths.
diff -r 6c10eba6b9cd -r 83377b4b4ae0 mercurial/subrepo.py
--- a/mercurial/subrepo.py Tue Jan 08 22:07:45 2019 +0900
+++ b/mercurial/subrepo.py Tue Jan 08 22:19:36 2019 +0900
@@ -115,6 +115,10 @@
vfs.unlink(vfs.reljoin(dirname, f))
def _auditsubrepopath(repo, path):
+ # sanity check for potentially unsafe paths such as '~' and '$FOO'
+ if path.startswith('~') or '$' in path or util.expandpath(path) != path:
+ raise error.Abort(_('subrepo path contains illegal component: %s')
+ % path)
# auditor doesn't check if the path itself is a symlink
pathutil.pathauditor(repo.root)(path)
if repo.wvfs.islink(path):
diff -r 6c10eba6b9cd -r 83377b4b4ae0 tests/test-audit-subrepo.t
--- a/tests/test-audit-subrepo.t Tue Jan 08 22:07:45 2019 +0900
+++ b/tests/test-audit-subrepo.t Tue Jan 08 22:19:36 2019 +0900
@@ -279,8 +279,9 @@
on clone (and update) with various substitutions:
$ hg clone -q main main2
+ abort: subrepo path contains illegal component: $SUB
+ [255]
$ ls main2
- $SUB
$ SUB=sub1 hg clone -q main main3
abort: subrepo path contains illegal component: $SUB
@@ -363,8 +364,9 @@
Test tilde
----------
-The leading tilde may be expanded to $HOME, but it's a valid subrepo path.
-However, we might want to prohibit it as it seems potentially unsafe.
+The leading tilde may be expanded to $HOME, but it can be a valid subrepo
+path in theory. However, we want to prohibit it as there might be unsafe
+handling of such paths.
on commit:
@@ -373,15 +375,32 @@
$ hg init './~'
$ echo '~ = ~' >> .hgsub
$ hg ci -qAm 'add subrepo "~"'
- $ ls
- ~
+ abort: subrepo path contains illegal component: ~
+ [255]
+
+prepare tampered repo (including the commit above):
+
+ $ hg import --bypass -qm 'add subrepo "~"' - <<'EOF'
+ > diff --git a/.hgsub b/.hgsub
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsub
+ > @@ -0,0 +1,1 @@
+ > +~ = ~
+ > diff --git a/.hgsubstate b/.hgsubstate
+ > new file mode 100644
+ > --- /dev/null
+ > +++ b/.hgsubstate
+ > @@ -0,0 +1,1 @@
+ > +0000000000000000000000000000000000000000 ~
+ > EOF
$ cd ..
on clone (and update):
$ hg clone -q tilde tilde2
- $ ls tilde2
- ~
+ abort: subrepo path contains illegal component: ~
+ [255]
Test direct symlink traversal
-----------------------------
++++++ hg-mpatch-fix01.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1524890536 14400
# Node ID 90a274965de74cb0b4bea01a564b29b12a6af814
# Parent c0081d3e1598e0c82cf5024422dc206db83687de
mpatch: be more careful about parsing binary patch data (SEC)
It appears to have been possible to trivially walk off the end of an
allocated region with a malformed patch. Oops.
Caught when writing an mpatch fuzzer for oss-fuzz.
This defect is OVE-20180430-0001. A CVE has not been obtained as of
this writing.
diff -r c0081d3e1598 -r 90a274965de7 mercurial/mpatch.c
--- a/mercurial/mpatch.c Wed Jun 06 09:14:33 2018 -0700
+++ b/mercurial/mpatch.c Sat Apr 28 00:42:16 2018 -0400
@@ -197,7 +197,9 @@
lt = l->tail;
- while (pos >= 0 && pos < len) {
+ /* We check against len-11 to ensure we have at least 12 bytes
+ left in the patch so we can read our three be32s out of it. */
+ while (pos >= 0 && pos < (len - 11)) {
lt->start = getbe32(bin + pos);
lt->end = getbe32(bin + pos + 4);
lt->len = getbe32(bin + pos + 8);
++++++ hg-mpatch-fix02.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1524895496 14400
# Node ID 1acfc35d478cdae60cf62c6f07fa6b6ad3070ea7
# Parent 90a274965de74cb0b4bea01a564b29b12a6af814
mpatch: protect against underflow in mpatch_apply (SEC)
Also caught by oss-fuzz fuzzer during development.
This defect is OVE-20180430-0002. A CVE has not been obtained as of this
writing.
diff -r 90a274965de7 -r 1acfc35d478c mercurial/mpatch.c
--- a/mercurial/mpatch.c Sat Apr 28 00:42:16 2018 -0400
+++ b/mercurial/mpatch.c Sat Apr 28 02:04:56 2018 -0400
@@ -248,7 +248,7 @@
char *p = buf;
while (f != l->tail) {
- if (f->start < last || f->end > len) {
+ if (f->start < last || f->end > len || last < 0) {
return MPATCH_ERR_INVALID_PATCH;
}
memcpy(p, orig + last, f->start - last);
@@ -258,6 +258,9 @@
p += f->len;
f++;
}
+ if (last < 0) {
+ return MPATCH_ERR_INVALID_PATCH;
+ }
memcpy(p, orig + last, len - last);
return 0;
}
++++++ hg-mpatch-fix03.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1524924552 14400
# Node ID faa924469635512b72868b1552a1866a0f91db20
# Parent 1acfc35d478cdae60cf62c6f07fa6b6ad3070ea7
mpatch: ensure fragment start isn't past the end of orig (SEC)
Caught by oss-fuzz fuzzer during development.
This defect is OVE-20180430-0004. A CVE has not been obtained as of
this writing.
diff -r 1acfc35d478c -r faa924469635 mercurial/mpatch.c
--- a/mercurial/mpatch.c Sat Apr 28 02:04:56 2018 -0400
+++ b/mercurial/mpatch.c Sat Apr 28 10:09:12 2018 -0400
@@ -248,7 +248,8 @@
char *p = buf;
while (f != l->tail) {
- if (f->start < last || f->end > len || last < 0) {
+ if (f->start < last || f->start > len || f->end > len ||
+ last < 0) {
return MPATCH_ERR_INVALID_PATCH;
}
memcpy(p, orig + last, f->start - last);
++++++ hg-mpatch-fix04.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1525140822 14400
# Node ID 1ec4cb8cbc87004ffbeeb1b5d98acef04c38d59a
# Parent faa924469635512b72868b1552a1866a0f91db20
mpatch: introduce a safeadd() helper to work around UB int overflow
We're about to make extensive use of this. This change duplicates some
stdbool.h portability hacks from cext/util.h. We should probably clean
that up in the future, but we'll skip that for now in order to make
security backports easier.
diff -r faa924469635 -r 1ec4cb8cbc87 mercurial/mpatch.c
--- a/mercurial/mpatch.c Sat Apr 28 10:09:12 2018 -0400
+++ b/mercurial/mpatch.c Mon Apr 30 22:13:42 2018 -0400
@@ -20,6 +20,7 @@
of the GNU General Public License, incorporated herein by reference.
*/
+#include <limits.h>
#include <stdlib.h>
#include <string.h>
@@ -27,6 +28,15 @@
#include "compat.h"
#include "mpatch.h"
+/* VC9 doesn't include bool and lacks stdbool.h based on cext/util.h */
+#if defined(_MSC_VER) || __STDC_VERSION__ < 199901L
+#define true 1
+#define false 0
+typedef unsigned char bool;
+#else
+#include <stdbool.h>
+#endif
+
static struct mpatch_flist *lalloc(ssize_t size)
{
struct mpatch_flist *a = NULL;
@@ -60,6 +70,24 @@
return a->tail - a->head;
}
+/* add helper to add src and *dest iff it won't overflow */
+static inline bool safeadd(int src, int *dest)
+{
+ if ((src > 0) == (*dest > 0)) {
+ if (*dest > 0) {
+ if (src > (INT_MAX - *dest)) {
+ return false;
+ }
+ } else {
+ if (src < (INT_MIN - *dest)) {
+ return false;
+ }
+ }
+ }
+ *dest += src;
+ return true;
+}
+
/* move hunks in source that are less cut to dest, compensating
for changes in offset. the last hunk may be split if necessary.
*/
++++++ hg-mpatch-fix05.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1525366460 14400
# Node ID b8b253aec9538b2614295f6ba4ecefe335ad8bf5
# Parent 1ec4cb8cbc87004ffbeeb1b5d98acef04c38d59a
mpatch: introduce a safesub() helper as well
Same reason as safeadd().
diff -r 1ec4cb8cbc87 -r b8b253aec953 mercurial/mpatch.c
--- a/mercurial/mpatch.c Mon Apr 30 22:13:42 2018 -0400
+++ b/mercurial/mpatch.c Thu May 03 12:54:20 2018 -0400
@@ -88,6 +88,17 @@
return true;
}
+/* subtract src from dest and store result in dest */
+static inline bool safesub(int src, int *dest)
+{
+ if (((src > 0) && (*dest < INT_MIN + src)) ||
+ ((src < 0) && (*dest > INT_MAX + src))) {
+ return false;
+ }
+ *dest -= src;
+ return true;
+}
+
/* move hunks in source that are less cut to dest, compensating
for changes in offset. the last hunk may be split if necessary.
*/
++++++ hg-mpatch-fix06.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1525140911 14400
# Node ID 0b208c13781c18deae8fddb1dd63677f61fd64b5
# Parent b8b253aec9538b2614295f6ba4ecefe335ad8bf5
mpatch: fix UB in int overflows in gather() (SEC)
diff -r b8b253aec953 -r 0b208c13781c mercurial/mpatch.c
--- a/mercurial/mpatch.c Thu May 03 12:54:20 2018 -0400
+++ b/mercurial/mpatch.c Mon Apr 30 22:15:11 2018 -0400
@@ -109,17 +109,36 @@
int postend, c, l;
while (s != src->tail) {
- if (s->start + offset >= cut)
+ int soffset = s->start;
+ if (!safeadd(offset, &soffset))
+ break; /* add would overflow, oh well */
+ if (soffset >= cut)
break; /* we've gone far enough */
- postend = offset + s->start + s->len;
+ postend = offset;
+ if (!safeadd(s->start, &postend) ||
+ !safeadd(s->len, &postend)) {
+ break;
+ }
if (postend <= cut) {
/* save this hunk */
- offset += s->start + s->len - s->end;
+ int tmp = s->start;
+ if (!safesub(s->end, &tmp)) {
+ break;
+ }
+ if (!safeadd(s->len, &tmp)) {
+ break;
+ }
+ if (!safeadd(tmp, &offset)) {
+ break; /* add would overflow, oh well */
+ }
*d++ = *s++;
} else {
/* break up this hunk */
- c = cut - offset;
+ c = cut;
+ if (!safesub(offset, &c)) {
+ break;
+ }
if (s->end < c)
c = s->end;
l = cut - offset - s->start;
++++++ hg-mpatch-fix07.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1525141213 14400
# Node ID 7f22ef3c0ee721da8a568613dff48a7051fad8d7
# Parent 0b208c13781c18deae8fddb1dd63677f61fd64b5
mpatch: fix UB integer overflows in discard() (SEC)
diff -r 0b208c13781c -r 7f22ef3c0ee7 mercurial/mpatch.c
--- a/mercurial/mpatch.c Mon Apr 30 22:15:11 2018 -0400
+++ b/mercurial/mpatch.c Mon Apr 30 22:20:13 2018 -0400
@@ -172,15 +172,39 @@
int postend, c, l;
while (s != src->tail) {
- if (s->start + offset >= cut)
+ int cmpcut = s->start;
+ if (!safeadd(offset, &cmpcut)) {
+ break;
+ }
+ if (cmpcut >= cut)
break;
- postend = offset + s->start + s->len;
+ postend = offset;
+ if (!safeadd(s->start, &postend)) {
+ break;
+ }
+ if (!safeadd(s->len, &postend)) {
+ break;
+ }
if (postend <= cut) {
- offset += s->start + s->len - s->end;
+ /* do the subtraction first to avoid UB integer overflow
+ */
+ int tmp = s->start;
+ if (!safesub(s->end, &tmp)) {
+ break;
+ }
+ if (!safeadd(s->len, &tmp)) {
+ break;
+ }
+ if (!safeadd(tmp, &offset)) {
+ break;
+ }
s++;
} else {
- c = cut - offset;
+ c = cut;
+ if (!safesub(offset, &c)) {
+ break;
+ }
if (s->end < c)
c = s->end;
l = cut - offset - s->start;
++++++ hg-mpatch-fix08.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1525141386 14400
# Node ID 59837a16896da36d26e795881f4ba4454cb8ae41
# Parent 7f22ef3c0ee721da8a568613dff48a7051fad8d7
mpatch: avoid integer overflow in mpatch_decode (SEC)
diff -r 7f22ef3c0ee7 -r 59837a16896d mercurial/mpatch.c
--- a/mercurial/mpatch.c Mon Apr 30 22:20:13 2018 -0400
+++ b/mercurial/mpatch.c Mon Apr 30 22:23:06 2018 -0400
@@ -285,10 +285,15 @@
lt->start = getbe32(bin + pos);
lt->end = getbe32(bin + pos + 4);
lt->len = getbe32(bin + pos + 8);
- lt->data = bin + pos + 12;
- pos += 12 + lt->len;
- if (lt->start > lt->end || lt->len < 0)
+ if (lt->start < 0 || lt->start > lt->end || lt->len < 0)
break; /* sanity check */
+ if (!safeadd(12, &pos)) {
+ break;
+ }
+ lt->data = bin + pos;
+ if (!safeadd(lt->len, &pos)) {
+ break;
+ }
lt++;
}
++++++ hg-mpatch-fix09.patch ++++++
# HG changeset patch
# User Augie Fackler <[email protected]>
# Date 1525141498 14400
# Node ID 9c5ced5276d6e7d54f7c3dadf5247b7ee98ec79c
# Parent 59837a16896da36d26e795881f4ba4454cb8ae41
mpatch: avoid integer overflow in combine() (SEC)
All the callers of this function can handle a NULL return, so that
appears to be the "safe" way to report an error.
diff -r 59837a16896d -r 9c5ced5276d6 mercurial/mpatch.c
--- a/mercurial/mpatch.c Mon Apr 30 22:23:06 2018 -0400
+++ b/mercurial/mpatch.c Mon Apr 30 22:24:58 2018 -0400
@@ -247,8 +247,18 @@
/* insert new hunk */
ct = c->tail;
- ct->start = bh->start - offset;
- ct->end = bh->end - post;
+ ct->start = bh->start;
+ ct->end = bh->end;
+ if (!safesub(offset, &(ct->start)) ||
+ !safesub(post, &(ct->end))) {
+ /* It was already possible to exit
+ * this function with a return value
+ * of NULL before the safesub()s were
+ * added, so this should be fine. */
+ mpatch_lfree(c);
+ c = NULL;
+ goto done;
+ }
ct->len = bh->len;
ct->data = bh->data;
c->tail++;
@@ -259,7 +269,7 @@
memcpy(c->tail, a->head, sizeof(struct mpatch_frag) * lsize(a));
c->tail += lsize(a);
}
-
+done:
mpatch_lfree(a);
mpatch_lfree(b);
return c;
++++++ mercurial-docutils-compat.diff ++++++
--- doc/Makefile.orig 2011-03-09 13:05:17.000000000 +0100
+++ doc/Makefile 2011-03-09 13:06:03.000000000 +0100
@@ -27,7 +27,7 @@
%: %.txt %.gendoc.txt common.txt
$(PYTHON) runrst hgmanpage $(RSTARGS) --halt warning \
- --strip-elements-with-class htmlonly $*.txt $*
+ $*.txt $*
%.html: %.txt %.gendoc.txt common.txt
$(PYTHON) runrst html $(RSTARGS) --halt warning \
++++++ mercurial-hgk-path-fix.diff ++++++
Index: contrib/hgk
===================================================================
--- contrib/hgk.orig
+++ contrib/hgk
@@ -4086,6 +4086,10 @@ proc getconfig {} {
}
# defaults...
+if {![info exists env(HG)]} {
+ set env(HG) "hg"
+}
+
set datemode 0
set boldnames 0
set diffopts "-U 5 -p"
++++++ mercurial-locale-path-fix.patch ++++++
Index: mercurial-4.1/mercurial/i18n.py
===================================================================
--- mercurial-4.1.orig/mercurial/i18n.py
+++ mercurial-4.1/mercurial/i18n.py
@@ -50,7 +50,7 @@ _ugettext = None
def setdatapath(datapath):
datapath = pycompat.fsdecode(datapath)
- localedir = os.path.join(datapath, pycompat.sysstr('locale'))
+ localedir = '/usr/share/locale'
t = gettextmod.translation('hg', localedir, _languages, fallback=True)
global _ugettext
try:
++++++ mercurial-rpmlintrc ++++++
addFilter("python-naming-policy-not-applied")
addFilter("non-conffile-in-etc /etc/bash_completion.d/mercurial.sh")
++++++ mercurial.keyring ++++++
pub rsa4096 2013-08-05 [SC] [expires: 2018-08-04]
3A8155163D0E20A530FCB78647A67FFAA346AACE
uid [ unknown] Kevin Bullock <[email protected]>
uid [ unknown] Kevin Bullock <[email protected]>
uid [ unknown] Kevin Bullock <[email protected]>
uid [ unknown] Kevin Bullock <[email protected]>
uid [ unknown] Kevin Bullock <[email protected]>
sub rsa4096 2013-08-05 [E] [expires: 2018-08-04]
pub rsa4096 2012-05-13 [SC] [expires: 2019-03-04]
2BCCE14F5C6725AA2EA8AEB7B9C9DC824AA5BDD5
uid [ unknown] Augie Fackler <[email protected]>
sub rsa4096 2012-05-13 [E] [expires: 2019-03-04]
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFH/ChIBEADEajjD1+fw19RfXYGwuez6W3PL7w1NQ6AsDVyd0rqTwIGv30Z7
sO3jt4I6C39/ZcNWyI4sJOvr0RGp6NaKV+BuL4I1R/cvVpC6eV1swC3iYca1DWIZ
pyHgjZt4EylXWCAljAZB85UMELKbklghYO4wMlwzwHmpFM0OasG+amFdpjvZWPWw
I6ofi39exrb43+UhDJ070wlvSdrZ7hNUpCjHcEbkdoI8X1SuCB9TmYEcNzxI8pr/
/pAaRUnNwGNeDAnHC5cOWulbOSz7se4EiHtRGATXg83rQucH7XgPJO7tvSWhVXHW
ZgOWVblR/5q1q8IKfD+R8ljIcHn04lO0su54D8e+4D0CgVb4XWeF82vnLMYPqoOI
8BM/kYyI5S/Kd4FF2BYU0JqXC4WZJrSOvVbMCSWF64x7R3FMYvsu8kG9/e54mMoo
aV1DQeTTidVTBY1/f7XWBnsTCNsTtqfCPWL6cuqpD7gEg24wrT5lepSjmUub6bKd
xOYt0M1Ku2byOjDiihqqkBTSAT34n59e8i9abV0i4IB7IeKr6Hvy2gfd68uwg/13
Cuo/tUhRn+3NUQs9BzEqE6Wo3oqGS/zxuND2Wk+WEyORvV4MjbIL7W6gSaRgomm7
63TvkTKGBrx/Srv1LNZVcjQVug45LwjLlBlHNsRJHXlfSdy4SIqnfsoIrwARAQAB
tCBLZXZpbiBCdWxsb2NrIDxrYnVsbG9ja0B1bW4uZWR1PokCPgQTAQIAKAUCUf8M
zgIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQR6Z/+qNGqs6i
Lg//Q7WLllLFHaMEzrHnYz6TcztZVOoaU1gDljzYlPnsME4GDyJ1Eh9EE9vTbgfn
FGHGMPIs4sgX/O86rV2vLif9x5y2zawi7drIYeffeDWKagWySdCV9aqJMLIUGKBH
/eUqqehntuNnK82TuzhWjNn3iGJ+mU77TS+uWcF0xGlILY2Yd1V79Y+97hgqDsPG
aBVN96Il/401GIHYWTfTd+Sl82Lcthtq2qNVaqMw9wfyFE4TABDt9wNqIeTRGrtP
h23vNckLuIxNCJbyExfKYBlQa9AesDTjxEzKGIoAD2xQnGawBtEpgN/d9PqVb9xx
IFNbBwWNGPg13TO3EssSPGwkUxE2Th0YzCA+3+bMahNhc5ZnJYU92LpnCdNo5nWs
g7JpxCU3Z21ws8YijRQC4WmZo1YCjPxrHXcR4ROqzMzLKr16AAOmqCucarzI1Z5Y
2GJjqoaCXlGUpvcWb5NamUidtPrUWvJEJkbDbxqTorTk9EedTjVvg9d0vipk9o39
W2oprXBfjLwRwaTbT6nZa5U+wi8YnRnffCRUGvIBRAp9THeSlEQ8V6lEuJ7KbvSa
uxTNhTlC0jMwZo90QF1CsM84+pe6hhBB5MLVrdxHsTWE02lCSdr1qctg7722lS3t
nQG8QOumjw/FJ21e7g9TA9MZD4/fuiUEODwdV48n+mISnpO0JUtldmluIEJ1bGxv
Y2sgPGd1aXRhcmtAcmluZ3dvcmxkLm9yZz6JAj4EEwECACgFAlH/CqYCGwMFCQlm
AYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEEemf/qjRqrOB7kQAL4d1vrE
GT0M+x4IHbAueHyrhd5ovC5+NfBgVaOtJ9409msymdz7rfCRot6qSwECm0wDJDup
I5wqmOTi1t8JT2Hovu4tETBp9qjB6W/gCdXxwWP6wn2jwf4PcZDul4bRhzYBNRJx
VECs/i97Re+v4d10tow/v5lCbrgSYL+RcM07QwvmjB7sUait74w9E5Qc+3EL/sK3
SIVlgfU49qjZEKBQhK57MDswLOWHFNfLx4swfOtUEmYnFcvNiVwmEwgBdfXhabX6
UlcpYAJGHoPEw7KBtNJhHAD6UxYomsV+5CSB+VD8toaCuxsWkSiBpv4ud901m1YH
aaxCuwCjcQje4gwawMwgLVNYLO97txbetWlCmAAvQfbqGNCG+tMcJsdVaFT2e/3G
hMNWO7dKnL3qBmjz+T/o7OCDkolyk/Wdo2xC49KDaH4iamGA2TkGLZLCzUvX4pIg
7mHdw3RngxO3+7BKujgCdQofRRS2p2PNDQfNRz9N1dDWuspFIGUS0Gs0AS64IvKO
sGbhnff175eIey7LouW8JpphBVad6/FK76tXLkr5k6LZTSc/MbYomqxSyburcuyK
9FYxYbTWTwAUecnKLSRa2TZdXUTCJ4GSyghA2M95RL8pGTv8pkV5ZFltkU0863Cq
P4gCTnzzUdvGSp228lYTw1zkkes9LnWvOBGDtCZLZXZpbiBCdWxsb2NrIDxrYnVs
bG9ja0ByaW5nd29ybGQub3JnPokCQQQTAQIAKwIbAwUJCWYBgAYLCQgHAwIGFQgC
CQoLBBYCAwECHgECF4AFAlgr6RECGQEACgkQR6Z/+qNGqs7kLA//awiiFtFTsbfY
WcLMaeIHkMfSUxbxX4MI7AO0Gon17w/U0fkbEqIzQhpiKzP4w7fQ+CISNoNMnDMm
VcJ1DgZBA23vzcSn5NmZJGcHOp1FYTHuoMBxCAQ+i/n0l5cwbE4vnQQx830BnALd
mx3+trDWDDXzh2p27ccOqy6tnab64U121NGJGK/pcIer4GuSxVatiFy6QYE6Vd2m
71uwtqYKf3puSfqlybuFYz1I0A4o1p3pZUnkNRc2QqlHDdVFTtGdqkVCbtNkKYYF
HSdAPhqZkVWgK2IeaZHkHn4SHFXThUK0aj7MzmqqsxzW0ycFw357vzt67i7jMe9N
Z92Z8jCMJLN+IddcVYhwV2nRf8yR5RGrBETNeQPKC9OBBr8Hafxxhkcr+Haz9ZBh
wAYYsI2e539W7WppvawvUxcBnDlt26stPPw8xCIWyrPF3EX3fZ1XtovvQIOct4J7
+gxU5VIpeWPujCJEqCs2MQjtqcwPZtCCpsiZvS+3X+g8Pg4XdOvhJSnYcXIJiyHA
QkYvCb0kQvgmW8sEczq26V+WyB++fbArIdYllHAmUYhldvkODJCLvEacThQoe+Ai
c28OC8Zkx+p3KL/G6BzTYqo2zVRtbG8cP90y0vvFWgcRmXAT6goMQayZ7yE4VhXI
9OXxw1RMqj13bpEGLFIH5ANB9w7XMJu0KUtldmluIEJ1bGxvY2sgPGtldmluQHNv
ZnR3YXJlZm9yZ29vZC5jb20+iQI+BBMBAgAoBQJR/wqWAhsDBQkJZgGABgsJCAcD
AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBHpn/6o0aqzvhxD/0Q+kcNXDCp0aSBuZPz
LGcNMQPbfeSOgkJCueWBF0hLrhd2vZKe+8DSZS+GlIIQClWl0bKD+/bfolnilBps
yVrQnCUtu9wgBNI9ZxtBm8uhCLg+E7QDL4VFiq9Dg0d2KOaP3QenrLVOgns8kR/B
jLPi9xGRZNNQe0KUGta42Rn27NYFX3Hl5Xy+df2N7klQtRnw6evwxY9rdpV6y1V2
cBq90uR1/siDbiJ2rzdzJWteC07Fo0957jHmmNosUIi8jMnrycXyfoGfqH77FLYt
6vpxX2lVJOZlLgcqBcEqVF814E9FPWTegRY8doMV1MXjwAWOtGf2UJN69BVEySCU
xRIwA60TGGKZOy0HCOgF+/OskHZUTSUtMTRUPc9rIbUMOrv/InjThfvSHE6YBpgz
W0xmOSw68IUiK9ixtrP9VXNnDiwzFZk5DFxDDwQn6ZkH7yNBcnw55ttIgnyraMjS
c7zlE2yL2VEh6dwxMH01yzMe5u96SvB/heYRs0iM7e9ADq3hJqrLq+PwiVt3v932
O9oIuO9vr761e8gK2mvYp4t/UjhdAStMNU4w93lDolj5fDHPXaYQaXhTgdaP49xv
7zya92TQ85vb9MLIDBfltRBGGdrN1SW60qYnd8+zYvSnHs+vLFNr496jmOYv5I0p
7hrKGWNdC/HRxniVSw0MKPInk7QwS2V2aW4gQnVsbG9jayA8a2J1bGxvY2srbWVy
Y3VyaWFsQHJpbmd3b3JsZC5vcmc+iQI+BBMBAgAoBQJR/wqFAhsDBQkJZgGABgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBHpn/6o0aqzmCxEACha7nLAgbyt9UN
gqeX6sUyIU1Ms8uS4H9lng+ynYQ8bW4j8tiejbbwwleWw9GwaFYw1JmspU1Sa+pD
s/aj6YBZzHt+NW1t3DKEJ18JATs1Pi0ynmMINwCU1tN3bgCq9TQQaJ/OUV67xquD
ChgtItZ7D4hM/dBgTOsK48XXPOJA7+wzOXRL1DdweRNDOe2N7DqllKDInrPQLlMU
vRB1o7EUBFZDiDpvn39ioNWiF735nJS+XKzzjIAr5va2MX3VCx17Dm1yVkCGRr4x
burJJvWVkdyzDfihTdZUp7+suleA88ehGuZxNjhmLgyGyhIuxFNaQM4LWOdEFk5o
pnMccJ9SXOaET2wwoV0Wv+RMK6785hleTGoibd0xVQPGUZWB6HzPGs9jx4WCPaoc
pNcKBYqAxxsbi71ctaqIFf8kQdCNgW4W08N+yvLevP6AnLlHJHPkBlo3d6k0KODX
x4TM0vTFmpDE15hjQlV/APsC9BFdna9o/4tZ3o/mnCZrl9FAn+s24cApLfvn+Fu9
P9j0qC0wfaoQYk4LBvOkp6r3adLfXmvjJ7d0hC7XjnvBYSqMJZfdM/g0tsZGwEZG
CIs3bb1Vc7BUwTLabUTrd4paE2R2n9w7QKctKMYhkhxhRtiI0RD4J6USxVpTUI3V
yn/Ll4nGt66JJXzsTv1ewCYzlpmPL7kCDQRR/woSARAArTfmbtQazuuqHyM4D6Vs
vLnCHt2MDare1L4hPqT33afJBTKJXtMwCGMhx4vq7snBPKovuMIv81ueDNMsgz3t
PE/bUKvcJkdJsu1wJkxpqNBG7E877T6kzQlFG3dDm269Ig1q11ujlzLyoJWYDeIG
nYoy9qmAw+PpG7BVut+RTW2zOFJ/6GQt3CyllF1b75H9UvyxRI+QxGfZtyHyYKhN
zUxc08dMZgCNHmHfdBTNxH1kpQMs/1GpHbCzjeV65fw1AzSRR1HeHAW0L+kqL5B3
J8WViwAu0d6loUvQlhr/4w6cwDsuU5ftSe4Yi/mmwx0hXdfscBOOAFrItBoQ+bVQ
o87YdaJVAFnuXs1ll0s61BXes2mZsHlCUscNkzt0/v8tmuVcWRCKyVZHUuczXFmo
8ZwMcf/nsRBbpprxlUNrkx5r3O3z1HRcOF37jWDim9OlL675RodXoyU8ShVVTsBw
6Gp3YaVcIjxuzYXUJ72LTVETw0GYZvXw4pwKaU44nsL06BADbeg2wchoFiva43dh
aqXXDLjB0WMO7+3byAAZ3rHtJFy104lTNjZDC/GBJ2VuZOzkx1avL3DbSkwVDtTx
e7kDxZ11LgmDzoEVp079k25r1TcEcQJdmSiO9pHmsQ7k9rjzoHWEue2AZUzt2qoD
B4r94UgQaG9zztsiF0W3jNkAEQEAAYkCJQQYAQIADwUCUf8KEgIbDAUJCWYBgAAK
CRBHpn/6o0aqzl2kD/4vLg53w7EwI7AUUTkwvNIV4ju1uNwNYJeYTPqt77QzDWLS
zugzJboyzaxAC9wWV89d2UluMMa/991CvnfGBz6cldUuuzX+Pz/DMS9DdiN2M39P
IqkzciXGP5xglILP2hYexBRjiXmTXRWEoQhYzLvGJ4e6bswG0DUPJezSeUpcqeCb
5zGPYrHt5mGmQhfam0ppWlRYsCLEpBrQugf+rVVHOWBEbgspbSrJc3oY96H1Rw87
ubKi5THfZKtn8CN7m1w8FDi3Pc592t3llnI2Dk1YUUiZc3N4pw+9EPCmG+ljrzww
a0UUH3Cp/H1ndGUPJ/2xfzQ3Wo1kvJMWAbMiiZQSVk+9COK69EwqWd4bnSLjwnl4
bOZ6dV2TvE5j6N2wJKrZBjpHZ+6OaKMnl9Vd1g/DGCXvo5jP+WpLxsWFRncftG/h
Li4/qINXG3lh2zcx9j51rR+LTDERw4OkoTAtXkJLrW6IA0CLAusLB87eDlzqtbN4
Nwst6ZWtz7PYqLHgqKNWl4gf/1oiLkmaFN/rxEEmBfCl9yPKKICe4sjBca8bxDXD
4xBYiaFocuOMo1nhH+xDIqgd5U2vZd33dXb5vcO2jZI/2mtg4bFcZMbSgZkTgVZb
wCiHshhkgf0lP6G1slV7uvMpUyMpJ4qTDsUxumc/wGh8RvP+87tLeysPNeI+TpkC
DQRPsBdOARAA0/CqIyRjQuPQcVFe76ur5bW1zcTQMSoCgPBPlYBft+Kxq+rpP1dN
xTJLt7Gc79iyOmFy5OVdLDAq45CMyEWjQDPmg2g5/9cglKpUhmhIdPyyhaGkMWuz
nim7fASPSTSM1Stn8O3L+yE/wyeqJ4icCKC4Cmkfr6SAUbt+7zUnaVqvJ22+orba
Z3fwo2T3nV/WXnuN/hMyYq3VLIu4Qe7D9yxOSbUw/3PuKq1LQ5FpZQcishVRs0DQ
GJWzIEAx1sXw/pf7tu0UQ2YzwIsZ6nqtHaIKC7hOUi6bI0ZWzkjLlQJv9DpLFyid
yg4AFjcxBH7TbnUeX8f7cyUT/Pry3EfN/FSft7zp6RSzMcrEhyu+skTABMRZ7+9d
rv1PggGJa6sFjjTUb7qv6m94E1Bz8Xar4jh59xel/0LsyEvSr141+csQdAjItS9G
82Bf6j43f/Tl9PYRthDPDhxBjothEe6jrI6y76LLBpZAetuAQJfX6+Uv2AhWbDyO
bKssfqRXIjN1XBzmRm3k5SGBtZuB5Y6Xc2yxH1HOx37Z9210bXxKLcoHrCw6uAkB
Rk9KeYomKcwMIyep9DFaY1z55bR56ZM9M+TMWXJupdjPDWwnDTA0HsX+gJMsY7iF
4fxeMHPGaPjSMz9aRA3/hN4sr0TfndwuSN5sm7E2BdGpVt4yGlGC0eUAEQEAAbQf
QXVnaWUgRmFja2xlciA8cmFmQGR1cmluNDIuY29tPokCPgQTAQIAKAIbAwYLCQgH
AwIGFQgCCQoLBBYCAwECHgECF4AFAli4xDMFCQzMZWUACgkQucncgkqlvdV0CBAA
j+lUagxOimANCC/Mt/KWi1Zg/PFj36WmuuoIj7GTcO9nXKVd+Htu1lg/0+4KxA/k
FDxogsmG9Wy/SgKCJcX93nGDZ6h3X0SxYHvomSXtlWPTw59zDGEuQeVzCNWJcFTa
FDeS0OVMVA0DQKVqcGCOP6+lLiKM3FkviYlyvDqNTqmdWnJ+EdR3wCafjq+dabv7
Q1gr+BWkJ9Q4rwE3l09OdqKXaoj6LiomAVDE8NXRQwE7j/D4q3EnwzJDKJmHYj9c
zBjAESf1TBJuB5SBEsHymoERdpcmIZlTRSwlJE7ob4tG10nj2rJn17gU0PA4qlJE
EDn6BvrKpL5l4A4X2HVF2VxpOoWzUO21CVk5tfm+42hvBz/IxxJ7Pd7P7Puaqa+i
15zDu3tTUiGs+BkBFxUtxU230i5dMkW0z9ESRGwthI+4hY4uKfQbAdQ/JNvRgtKu
cmROEB5g9BoNYb4bJYuk65AeHfOaX0F6TEh8fOPMyMVqhH8JmizhW4MNKSRIQy4r
9zuZU6lks1LG7oooNjj0A3TZANtiU95O7mNZ6kWbKgzSTi4iHLbrfipFI6e9ROW+
V0IBi9pOQJtwkGzDXs/fFrmnDu0VbGyA5XvlTTTCm9R3u46W6LFp1xaa4OTkfGiH
qIVb7vPXXQoz8bxj6yTMMGxa98dydC+ELWeTWkcy+se5Ag0ET7AXTgEQAKDyEur5
9nCQxShx1851/jA3YSMQusLuTewaVc6Ou5CCb7wFYmSzWosEJcRUgtJr6ZDWiQrR
tdYHR1Oek1tlrPcMk9ZAKpIKdrZfI6Vj+j29RVEKpi9O50YzNdbCkORsrkU3c9ey
mBVzAidatsq5/Ng/cGZJ6mOkb93sZg3seWKvod7s5RT3+x2YHdNGT/UVuwlA0xMm
qR0T3+E3WbKfWDQ/x0+kkZWzNlTAGi6dZzAUAbpsDMGsTJjiizw9Z3MD5bsvkjxO
6b1iK9uKXcEWgXFjUa78Il8OxTN4wNH4luah3ZOuUbDReOoFehBVSxrZIfwylyZ7
l1wbWUwRbbnbJTUtArO9dhQ6XXjaxDqODE5a3wQ5yjSOZD+Vrfr7C3/aOeinALKO
dQNHEjHZUxsX/917nqesWT1lPZE+/+gviLe9Yq64QDUKs5+wIqibCFfYbTejwRLW
cY3MpWtRzI2kwJ27rMCaC60fj+JIKcK8ajbeCzVCiVMmY9hIu70MBTc1B1fKus6o
EDyEMmXAA+0X9UAVU2of6vwQlOmhRMsgCmdSAceT8wwq/9tGQ81J/o2lMPwOKlcj
zz6YjIOQmFYithwJSGFuT6iJv8sEcmQW62XcPL7QsEu4NtUIOkwrfxD2uXoysSzN
6ynKU9xbK/QZ+G+9uKZfDa5zIhFDeI9t4y5VABEBAAGJAiUEGAECAA8CGwwFAljl
PFMFCQzNXAUACgkQucncgkqlvdW+aA//VZDHln6RHgBsjN2urjC5jgJDGi/yhIJt
NSgVMQf9F2SscE/UyodDgYVg7/n/Sj0DRVSYumcva4jlLqcRIxRmwdx55gps9dT9
sGEp2HYByjxA87JIE2cHZv4UjhJ4ucjurw2xGOwx7LwUl4I7KdHjosVqcNaa0ay2
shOY2fCM3YO1VfahGp+Vc8rFGYhyGYNHHd13If4MLCDV6yVVdU50LSxu1/uwRh0w
vgjUcHtwtrvRoxuia+tKsi0YQ+Wbnl7lO/1Y4ai8x/7SQh2xC7tQMYISewpVin17
DMAQPQ4ny8XuFH82czs684db55ojmiJpQ+YVcKHKDettYyq40FbWNjd+dsAiOHgY
ocHd6IhNfS0OnwlwEQdHC/nwP3Q0WkNXgr7bBfJUULkJWR7v1ntiEQ05YZ9NOmRQ
9exOEqLpqwOikXiMiZoK/VHgy5iD/yk5Y2yOSBQY/+v8wU7sh27HV5Nx2Bt8My6a
RwIaclhVwwFQ0o8N6dNddj0tjOVpcftnhgThKZIPgd1X2OxpBlpPamGfAYYhgSBK
iyBTiN4/VkC/VWTLsXGwZyABoNAVKKngzr3NU0IpHsirFkmoeFkXEIZ3qx+gF0Ad
A1FJbQ8G6TcCoVKKLVG4PE/o13DMzeSZD7Pp39amSFwctcq1qaSkaVHMdmW/T28G
TzS5+bI22JU=
=9+1L
-----END PGP PUBLIC KEY BLOCK-----
++++++ tests.blacklist ++++++
test-i18n.t
test-status-color.t
