[Python-apps-commits] r1532 - in packages/mercurial/trunk/debian (3 files)
vdanjean at users.alioth.debian.org
vdanjean at users.alioth.debian.org
Tue Jul 8 19:04:30 UTC 2008
Date: Tuesday, July 8, 2008 @ 19:04:29
Author: vdanjean
Revision: 1532
Backport upstream fix for CVE-2008-2942
(changeset 6758:87c704ac92d4)
Added:
packages/mercurial/trunk/debian/patches/backport__CVE-2008-2942-fix.patch
Modified:
packages/mercurial/trunk/debian/changelog
packages/mercurial/trunk/debian/patches/series
Modified: packages/mercurial/trunk/debian/changelog
===================================================================
--- packages/mercurial/trunk/debian/changelog 2008-07-08 17:51:14 UTC (rev 1531)
+++ packages/mercurial/trunk/debian/changelog 2008-07-08 19:04:29 UTC (rev 1532)
@@ -1,3 +1,10 @@
+mercurial (1.0.1-2) unstable; urgency=high
+
+ * Backport from upstream: fix CVE-2008-2942 Insufficient input validation
+ (Closes: #488628)
+
+ -- Vincent Danjean <vdanjean at debian.org> Tue, 01 Jul 2008 18:44:19 +0200
+
mercurial (1.0.1-1) unstable; urgency=low
* New upstream release
Added: packages/mercurial/trunk/debian/patches/backport__CVE-2008-2942-fix.patch
===================================================================
--- packages/mercurial/trunk/debian/patches/backport__CVE-2008-2942-fix.patch (rev 0)
+++ packages/mercurial/trunk/debian/patches/backport__CVE-2008-2942-fix.patch 2008-07-08 19:04:29 UTC (rev 1532)
@@ -0,0 +1,46 @@
+diff -r 55c71226eceb -r 87c704ac92d4 mercurial/patch.py
+--- a/mercurial/patch.py Thu Jun 26 18:44:54 2008 -0500
++++ b/mercurial/patch.py Wed Jun 25 14:13:20 2008 -0700
+@@ -1039,9 +1039,12 @@
+ continue
+ elif state == 'git':
+ gitpatches = values
++ cwd = os.getcwd()
+ for gp in gitpatches:
+ if gp.op in ('COPY', 'RENAME'):
+- copyfile(gp.oldpath, gp.path)
++ src, dst = [util.canonpath(cwd, cwd, x)
++ for x in [gp.oldpath, gp.path]]
++ copyfile(src, dst)
+ changed[gp.path] = (gp.op, gp)
+ else:
+ raise util.Abort(_('unsupported parser state: %s') % state)
+diff -r 55c71226eceb -r 87c704ac92d4 tests/test-import
+--- a/tests/test-import Thu Jun 26 18:44:54 2008 -0500
++++ b/tests/test-import Wed Jun 25 14:13:20 2008 -0700
+@@ -261,3 +261,15 @@
+ hg status
+ cat a
+ cd ..
++
++echo % 'test paths outside repo root'
++mkdir outside
++touch outside/foo
++hg init inside
++cd inside
++hg import - <<EOF
++diff --git a/a b/b
++rename from ../outside/foo
++rename to bar
++EOF
++cd ..
+diff -r 55c71226eceb -r 87c704ac92d4 tests/test-import.out
+--- a/tests/test-import.out Thu Jun 26 18:44:54 2008 -0500
++++ b/tests/test-import.out Wed Jun 25 14:13:20 2008 -0700
+@@ -260,3 +260,6 @@
+ adding a
+ applying patch from stdin
+ bb
++% test paths outside repo root
++applying patch from stdin
++abort: ../outside/foo not under root
Modified: packages/mercurial/trunk/debian/patches/series
===================================================================
--- packages/mercurial/trunk/debian/patches/series 2008-07-08 17:51:14 UTC (rev 1531)
+++ packages/mercurial/trunk/debian/patches/series 2008-07-08 19:04:29 UTC (rev 1532)
@@ -5,3 +5,4 @@
deb_specific__hgk.py.patch
deb_specific__bash_completion_global_option_already_set.patch
deb_specific__ElementTree_for_darcs.patch
+backport__CVE-2008-2942-fix.patch
More information about the Python-apps-commits
mailing list