Augie Fackler <raf@durin42.com> [Tue, 07 Nov 2017 13:15:34 -0500] rev 34994
Added tag 4.4.1 for changeset cabc840ffdee
Yuya Nishihara <yuya@tcha.org> [Sat, 21 Oct 2017 17:46:41 +0900] rev 34993
templatekw: add verbosity keyword to select template by -q/-v/--debug flag
This can be used in conjunction with the ifeq() function.
Yuya Nishihara <yuya@tcha.org> [Sat, 21 Oct 2017 17:31:13 +0900] rev 34992
templatekw: move loadkeyword() to bottom
loadkeyword() isn't a template keyword function.
Yuya Nishihara <yuya@tcha.org> [Sat, 21 Oct 2017 17:05:04 +0900] rev 34991
help: hide phaseidx template keyword
I don't think it's great idea to expose the internal representation of phases.
Let's discourage use of the phaseidx keyword.
Augie Fackler <augie@google.com> [Tue, 07 Nov 2017 11:22:24 -0500] rev 34990
stable: merge with security patches
Gregory Szorc <gregory.szorc@gmail.com> [Mon, 06 Nov 2017 22:32:41 -0800] rev 34989
subrepo: use per-type config options to enable subrepos
We change subrepos.allowed from a list of allowed subrepo types to
a combination of a master switch and per-type boolean flag.
If the master switch is set, subrepos can be disabled wholesale.
If subrepos are globally enabled, then per-type options are
consulted. Mercurial repos are enabled by default. Everything else
is disabled by default.
Augie Fackler <augie@google.com> [Mon, 06 Nov 2017 14:56:17 -0500] rev 34988
config: add some more documentation around why svn and git subrepos are off
Yuya Nishihara <yuya@tcha.org> [Sun, 05 Nov 2017 21:51:42 +0900] rev 34987
subrepo: disable git and svn subrepos by default (BC) (SEC)
We have a security issue with git subrepos. I'm not sure if svn subrepo is
vulnerable, but it seems not 100% safe to allow writing arbitrary data into
a metadata directory. So for now, only hg subrepo is enabled by default.
Maybe we should improve the help to describe why git/svn subrepos are
disabled.
Yuya Nishihara <yuya@tcha.org> [Sun, 05 Nov 2017 21:48:58 +0900] rev 34986
subrepo: extend config option to disable subrepos by type (SEC)
This allows us to minimize the behavior change introduced by the next patch.
I have no idea which config style is preferred in UX POV, but I decided to
get things done.
a) list: 'allowed = hg, git, svn'
b) sub option: 'allowed.hg = True' or 'allowed:hg = True'
c) per-type action: 'hg = allow', 'git = abort'
Yuya Nishihara <yuya@tcha.org> [Sun, 05 Nov 2017 21:22:07 +0900] rev 34985
subrepo: add config option to reject any subrepo operations (SEC)
This is an alternative workaround for the issue5730.
Perhaps this is the simplest way of disabling subrepo operations. It does
nothing clever, but just aborts if Mercurial starts accessing to a subrepo.
I think Greg's patch is more useful since it allows us to at least check
out the parent repository. However, that would be confusing if the default
is flipped to checkout=False and subrepos are silently ignored.
I don't like the config name 'allowed', but I couldn't get any better name.