← Back to branch summary

~ubuntu-branches/ubuntu/trusty/mercurial/trusty-security

« back to all changes in this revision

Viewing changes to mercurial/scmutil.py

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers, Jamie Strandboge, Marc Deslauriers
  • Date: 2015-06-17 10:51:42 UTC
  • Revision ID: package-import@ubuntu.com-20150617105142-5pe4odmv44b1p509
Tags: 2.8.2-1ubuntu1.3
https://launchpad.net/bugs/1404035
[ Jamie Strandboge ]
* SECURITY UPDATE: fix for improperly handling case-insensitive paths on
  Windows and OS X clients
  - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3
  - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
  - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a
  - CVE-2014-9390
  - LP: #1404035

[ Marc Deslauriers ]
* SECURITY UPDATE: arbitrary command exection via crafted repository
  name in a clone command
  - d/p/from_upstream__sshpeer_more_thorough_shell_quoting.patch: add
    more thorough shell quoting to mercurial/sshpeer.py.
  - CVE-2014-9462
* debian/patches/fix_ftbfs_patchbomb_test.patch: fix patchbomb test.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mercurial/scmutil.py
5
5
# This software may be used and distributed according to the terms of the
6
6
# GNU General Public License version 2 or any later version.
7
7
 
 
8
import encoding
8
9
from i18n import _
9
10
from mercurial.node import nullrev
10
11
import util, error, osutil, revset, similar, encoding, phases, parsers
19
20
systemrcpath = scmplatform.systemrcpath
20
21
userrcpath = scmplatform.userrcpath
21
22
 
 
23
def _lowerclean(s):
 
24
    return encoding.hfsignoreclean(s.lower())
 
25
 
22
26
def nochangesfound(ui, repo, excluded=None):
23
27
    '''Report no changes for push/pull, excluded is None or a list of
24
28
    nodes excluded from the push/pull.
143
147
            raise util.Abort(_("path ends in directory separator: %s") % path)
144
148
        parts = util.splitpath(path)
145
149
        if (os.path.splitdrive(path)[0]
146
 
            or parts[0].lower() in ('.hg', '.hg.', '')
 
150
            or _lowerclean(parts[0]) in ('.hg', '.hg.', '')
147
151
            or os.pardir in parts):
148
152
            raise util.Abort(_("path contains illegal component: %s") % path)
149
 
        if '.hg' in path.lower():
150
 
            lparts = [p.lower() for p in parts]
 
153
        # Windows shortname aliases
 
154
        for p in parts:
 
155
            if "~" in p:
 
156
                first, last = p.split("~", 1)
 
157
                if last.isdigit() and first.upper() in ["HG", "HG8B6C"]:
 
158
                    raise util.Abort(_("path contains illegal component: %s")
 
159
                                     % path)
 
160
        if '.hg' in _lowerclean(path):
 
161
            lparts = [_lowerclean(p.lower()) for p in parts]
151
162
            for p in '.hg', '.hg.':
152
163
                if p in lparts[1:]:
153
164
                    pos = lparts.index(p)