[Python-apps-commits] r11635 - in packages/mercurial/branches/wheezy/debian (7 files)
vicho at users.alioth.debian.org
vicho at users.alioth.debian.org
Sun Dec 21 13:20:21 UTC 2014
Date: Sunday, December 21, 2014 @ 13:20:20
Author: vicho
Revision: 11635
Security update for CVE-2014-9390: errors in handling case-sensitive
directories allow for remote code execution on pull.
Added:
packages/mercurial/branches/wheezy/debian/patches/from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch
packages/mercurial/branches/wheezy/debian/patches/from_upstream__encoding_add_hfsignoreclean_to_clean_out_HFS-ignored_characters.patch
packages/mercurial/branches/wheezy/debian/patches/from_upstream__pathauditor_check_for_Windows_shortname_aliases.patch
packages/mercurial/branches/wheezy/debian/patches/from_upstream__pathauditor_check_for_codepoints_ignored_on_OS_X.patch
packages/mercurial/branches/wheezy/debian/patches/from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch
Modified:
packages/mercurial/branches/wheezy/debian/changelog
packages/mercurial/branches/wheezy/debian/patches/series
Modified: packages/mercurial/branches/wheezy/debian/changelog
===================================================================
--- packages/mercurial/branches/wheezy/debian/changelog 2014-12-21 13:01:54 UTC (rev 11634)
+++ packages/mercurial/branches/wheezy/debian/changelog 2014-12-21 13:20:20 UTC (rev 11635)
@@ -1,3 +1,10 @@
+mercurial (2.2.2-3+deb7u1) UNRELEASED; urgency=high
+
+ * Security update for CVE-2014-9390: errors in handling case-sensitive
+ directories allow for remote code execution on pull.
+
+ -- Javi Merino <vicho at debian.org> Sun, 21 Dec 2014 12:58:24 +0100
+
mercurial (2.2.2-3) unstable; urgency=low
* Fix "Backport improvement to vimdiff configuration" by adding
Added: packages/mercurial/branches/wheezy/debian/patches/from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch
===================================================================
--- packages/mercurial/branches/wheezy/debian/patches/from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch (rev 0)
+++ packages/mercurial/branches/wheezy/debian/patches/from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch 2014-12-21 13:20:20 UTC (rev 11635)
@@ -0,0 +1,42 @@
+# HG changeset patch
+# User Augie Fackler <raf at durin42.com>
+# Date 1418753230 18000
+# Tue Dec 16 13:07:10 2014 -0500
+# Branch stable
+# Node ID 7a5bcd471f2ef302613b8551a79081d46d04be6e
+# Parent 885bd7c5c7e3efc10081c09c11e538a3fa19ace4
+darwin: omit ignorable codepoints when normcase()ing a file path
+
+This lets us avoid some nasty case collision problems in OS X with
+invisible codepoints.
+
+--- a/mercurial/posix.py
++++ b/mercurial/posix.py
+@@ -191,7 +191,9 @@ if sys.platform == 'darwin':
+ u = s.decode('utf-8')
+
+ # Decompose then lowercase (HFS+ technote specifies lower)
+- return unicodedata.normalize('NFD', u).lower().encode('utf-8')
++ enc = unicodedata.normalize('NFD', u).lower().encode('utf-8')
++ # drop HFS+ ignored characters
++ return encoding.hfsignoreclean(enc)
+
+ def realpath(path):
+ '''
+--- a/tests/test-casefolding.t
++++ b/tests/test-casefolding.t
+@@ -165,12 +165,11 @@ case changes.
+ We assume anyone running the tests on a case-insensitive volume on OS
+ X will be using HFS+. If that's not true, this test will fail.
+
+-Bug: some codepoints are to be ignored on HFS+:
+-
+ $ rm A
+ >>> open(u'a\u200c'.encode('utf-8'), 'w').write('unicode is fun')
+ $ hg status
+ M A
+- ? a\xe2\x80\x8c (esc)
++
+ #endif
++
+ $ cd ..
Added: packages/mercurial/branches/wheezy/debian/patches/from_upstream__encoding_add_hfsignoreclean_to_clean_out_HFS-ignored_characters.patch
===================================================================
--- packages/mercurial/branches/wheezy/debian/patches/from_upstream__encoding_add_hfsignoreclean_to_clean_out_HFS-ignored_characters.patch (rev 0)
+++ packages/mercurial/branches/wheezy/debian/patches/from_upstream__encoding_add_hfsignoreclean_to_clean_out_HFS-ignored_characters.patch 2014-12-21 13:20:20 UTC (rev 11635)
@@ -0,0 +1,47 @@
+# HG changeset patch
+# User Augie Fackler <raf at durin42.com>
+# Date 1418753201 18000
+# Tue Dec 16 13:06:41 2014 -0500
+# Branch stable
+# Node ID 885bd7c5c7e3efc10081c09c11e538a3fa19ace4
+# Parent 035434b407be60e5ae7a0da56f9d7a187a6bef5a
+encoding: add hfsignoreclean to clean out HFS-ignored characters
+
+According to Apple Technote 1150 (unavailable from Apple as far as I
+can tell, but archived in several places online), HFS+ ignores sixteen
+specific unicode runes when doing path normalization. We need to
+handle those cases, so this function lets us efficiently strip the
+offending characters from a UTF-8 encoded string (which is the only
+way it seems to matter on OS X.)
+
+--- a/mercurial/encoding.py
++++ b/mercurial/encoding.py
+@@ -8,6 +8,28 @@
+ import error
+ import unicodedata, locale, os
+
++# These unicode characters are ignored by HFS+ (Apple Technote 1150,
++# "Unicode Subtleties"), so we need to ignore them in some places for
++# sanity.
++_ignore = [unichr(int(x, 16)).encode("utf-8") for x in
++ "200c 200d 200e 200f 202a 202b 202c 202d 202e "
++ "206a 206b 206c 206d 206e 206f feff".split()]
++# verify the next function will work
++assert set([i[0] for i in _ignore]) == set(["\xe2", "\xef"])
++
++def hfsignoreclean(s):
++ """Remove codepoints ignored by HFS+ from s.
++
++ >>> hfsignoreclean(u'.h\u200cg'.encode('utf-8'))
++ '.hg'
++ >>> hfsignoreclean(u'.h\ufeffg'.encode('utf-8'))
++ '.hg'
++ """
++ if "\xe2" in s or "\xef" in s:
++ for c in _ignore:
++ s = s.replace(c, '')
++ return s
++
+ def _getpreferredencoding():
+ '''
+ On darwin, getpreferredencoding ignores the locale environment and
Added: packages/mercurial/branches/wheezy/debian/patches/from_upstream__pathauditor_check_for_Windows_shortname_aliases.patch
===================================================================
--- packages/mercurial/branches/wheezy/debian/patches/from_upstream__pathauditor_check_for_Windows_shortname_aliases.patch (rev 0)
+++ packages/mercurial/branches/wheezy/debian/patches/from_upstream__pathauditor_check_for_Windows_shortname_aliases.patch 2014-12-21 13:20:20 UTC (rev 11635)
@@ -0,0 +1,70 @@
+# HG changeset patch
+# User Matt Mackall <mpm at selenic.com>
+# Date 1418933908 21600
+# Thu Dec 18 14:18:28 2014 -0600
+# Branch stable
+# Node ID 6dad422ecc5adb63d9fa649eeb8e05a5f9bc4900
+# Parent c02a05cc6f5e661b09b0b0c65ec7bc874e161f9c
+pathauditor: check for Windows shortname aliases
+
+--- a/tests/test-commit.t
++++ b/tests/test-commit.t
+@@ -234,6 +234,42 @@ verify pathauditor blocks evil filepaths
+ abort: path contains illegal component: .h\xe2\x80\x8cg/hgrc (esc)
+ [255]
+
++ $ hg rollback -f
++ repository tip rolled back to revision 1 (undo commit)
++ $ cat > evil-commit.py <<EOF
++ > from mercurial import ui, hg, context, node
++ > notrc = "HG~1/hgrc"
++ > u = ui.ui()
++ > r = hg.repository(u, '.')
++ > def filectxfn(repo, memctx, path):
++ > return context.memfilectx(repo, path, '[hooks]\nupdate = echo owned')
++ > c = context.memctx(r, [r['tip'].node(), node.nullid],
++ > 'evil', [notrc], filectxfn, 0)
++ > r.commitctx(c)
++ > EOF
++ $ $PYTHON evil-commit.py
++ $ hg co --clean tip
++ abort: path contains illegal component: HG~1/hgrc
++ [255]
++
++ $ hg rollback -f
++ repository tip rolled back to revision 1 (undo commit)
++ $ cat > evil-commit.py <<EOF
++ > from mercurial import ui, hg, context, node
++ > notrc = "HG8B6C~2/hgrc"
++ > u = ui.ui()
++ > r = hg.repository(u, '.')
++ > def filectxfn(repo, memctx, path):
++ > return context.memfilectx(repo, path, '[hooks]\nupdate = echo owned')
++ > c = context.memctx(r, [r['tip'].node(), node.nullid],
++ > 'evil', [notrc], filectxfn, 0)
++ > r.commitctx(c)
++ > EOF
++ $ $PYTHON evil-commit.py
++ $ hg co --clean tip
++ abort: path contains illegal component: HG8B6C~2/hgrc
++ [255]
++
+ Issue1049: Hg permits partial commit of merge without warning
+
+ $ cd ..
+--- a/mercurial/scmutil.py
++++ b/mercurial/scmutil.py
+@@ -108,6 +108,13 @@ class pathauditor(object):
+ or _lowerclean(parts[0]) in ('.hg', '.hg.', '')
+ or os.pardir in parts):
+ raise util.Abort(_("path contains illegal component: %s") % path)
++ # Windows shortname aliases
++ for p in parts:
++ if "~" in p:
++ first, last = p.split("~", 1)
++ if last.isdigit() and first.upper() in ["HG", "HG8B6C"]:
++ raise util.Abort(_("path contains illegal component: %s")
++ % path)
+ if '.hg' in _lowerclean(path):
+ lparts = [_lowerclean(p.lower()) for p in parts]
+ for p in '.hg', '.hg.':
Added: packages/mercurial/branches/wheezy/debian/patches/from_upstream__pathauditor_check_for_codepoints_ignored_on_OS_X.patch
===================================================================
--- packages/mercurial/branches/wheezy/debian/patches/from_upstream__pathauditor_check_for_codepoints_ignored_on_OS_X.patch (rev 0)
+++ packages/mercurial/branches/wheezy/debian/patches/from_upstream__pathauditor_check_for_codepoints_ignored_on_OS_X.patch 2014-12-21 13:20:20 UTC (rev 11635)
@@ -0,0 +1,63 @@
+# HG changeset patch
+# User Augie Fackler <raf at durin42.com>
+# Date 1418753297 18000
+# Tue Dec 16 13:08:17 2014 -0500
+# Branch stable
+# Node ID c02a05cc6f5e661b09b0b0c65ec7bc874e161f9c
+# Parent 7a5bcd471f2ef302613b8551a79081d46d04be6e
+pathauditor: check for codepoints ignored on OS X
+
+--- a/tests/test-commit.t
++++ b/tests/test-commit.t
+@@ -216,7 +216,23 @@ subdir log
+ summary: commit-foo-subdir
+
+ $ cd ..
+- $ cd ..
++
++verify pathauditor blocks evil filepaths
++ $ cat > evil-commit.py <<EOF
++ > from mercurial import ui, hg, context, node
++ > notrc = u".h\u200cg".encode('utf-8') + '/hgrc'
++ > u = ui.ui()
++ > r = hg.repository(u, '.')
++ > def filectxfn(repo, memctx, path):
++ > return context.memfilectx(repo, path, '[hooks]\nupdate = echo owned')
++ > c = context.memctx(r, [r['tip'].node(), node.nullid],
++ > 'evil', [notrc], filectxfn, 0)
++ > r.commitctx(c)
++ > EOF
++ $ $PYTHON evil-commit.py
++ $ hg co --clean tip
++ abort: path contains illegal component: .h\xe2\x80\x8cg/hgrc (esc)
++ [255]
+
+ Issue1049: Hg permits partial commit of merge without warning
+
+--- a/mercurial/scmutil.py
++++ b/mercurial/scmutil.py
+@@ -10,6 +10,9 @@ import util, error, osutil, revset, simi
+ import match as matchmod
+ import os, errno, re, stat, sys, glob
+
++def _lowerclean(s):
++ return encoding.hfsignoreclean(s.lower())
++
+ def nochangesfound(ui, secretlist=None):
+ '''report no changes for push/pull'''
+ if secretlist:
+@@ -102,11 +105,11 @@ class pathauditor(object):
+ raise util.Abort(_("path ends in directory separator: %s") % path)
+ parts = util.splitpath(path)
+ if (os.path.splitdrive(path)[0]
+- or parts[0].lower() in ('.hg', '.hg.', '')
++ or _lowerclean(parts[0]) in ('.hg', '.hg.', '')
+ or os.pardir in parts):
+ raise util.Abort(_("path contains illegal component: %s") % path)
+- if '.hg' in path.lower():
+- lparts = [p.lower() for p in parts]
++ if '.hg' in _lowerclean(path):
++ lparts = [_lowerclean(p.lower()) for p in parts]
+ for p in '.hg', '.hg.':
+ if p in lparts[1:]:
+ pos = lparts.index(p)
Added: packages/mercurial/branches/wheezy/debian/patches/from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch
===================================================================
--- packages/mercurial/branches/wheezy/debian/patches/from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch (rev 0)
+++ packages/mercurial/branches/wheezy/debian/patches/from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch 2014-12-21 13:20:20 UTC (rev 11635)
@@ -0,0 +1,29 @@
+# HG changeset patch
+# User Augie Fackler <raf at durin42.com>
+# Date 1418330569 18000
+# Thu Dec 11 15:42:49 2014 -0500
+# Branch stable
+# Node ID 035434b407be60e5ae7a0da56f9d7a187a6bef5a
+# Parent 6f53629ad2733199ae2194bfb33569cf7b2fef1d
+test-casefolding.t: demonstrate a bug with HFS+ ignoring some codepoints
+
+--- a/tests/test-casefolding.t
++++ b/tests/test-casefolding.t
+@@ -160,4 +160,17 @@ case changes.
+ $ hg status -A
+ C MiXeDcAsE
+
++#if osx
++
++We assume anyone running the tests on a case-insensitive volume on OS
++X will be using HFS+. If that's not true, this test will fail.
++
++Bug: some codepoints are to be ignored on HFS+:
++
++ $ rm A
++ >>> open(u'a\u200c'.encode('utf-8'), 'w').write('unicode is fun')
++ $ hg status
++ M A
++ ? a\xe2\x80\x8c (esc)
++#endif
+ $ cd ..
Modified: packages/mercurial/branches/wheezy/debian/patches/series
===================================================================
--- packages/mercurial/branches/wheezy/debian/patches/series 2014-12-21 13:01:54 UTC (rev 11634)
+++ packages/mercurial/branches/wheezy/debian/patches/series 2014-12-21 13:20:20 UTC (rev 11635)
@@ -11,3 +11,8 @@
from_upstream__set_vimdiff_to_check_changed.patch
from_upstream__mergetools_vimdiff_issue_warning.patch
from_upstream__mergetools_refine_vimdiff_warning_message.patch
+from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch
+from_upstream__encoding_add_hfsignoreclean_to_clean_out_HFS-ignored_characters.patch
+from_upstream__pathauditor_check_for_codepoints_ignored_on_OS_X.patch
+from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch
+from_upstream__pathauditor_check_for_Windows_shortname_aliases.patch
More information about the Python-apps-commits
mailing list