Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2026-01-26 09:20:01 +01:00
Code Issues Packages Projects Releases Activity
12,301 Commits 35 Branches 225 Tags
1198d3003e2faeb89417469e7e86160e28547a89
Commit Graph

4435 Commits

Author SHA1 Message Date
Toshi MARUYAMA
02a2ca8c04 Merged r17062 from trunk to 3.2-stable (#27516) 
mercurial: work around faulty parsing of early command options

Use -sVALUE and --long=VALUE instead of "-s VALUE" and "--long VALUE"
respectively.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@17076 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:22:44 +00:00
Toshi MARUYAMA
3481b49a1a Merged r17060 from trunk to 3.2-stable (#27516) 
mercurial: reject malicious command argument

We've got a security report from the Phabricator team, which basically says
--config and --debugger arguments can be injected anywhere to lead to an
arbitrary command execution.

https://secure.phabricator.com/rPa7921a4448093d00defa8bd18f35b8c8f8bf3314

This is a fundamental issue of the argument parsing rules in Mercurial, which
allows extensions to populate their parsing rules and such extensions can be
loaded by "--config extensions.<name>=". There's a chicken and egg problem.
We're working on hardening the parsing rules, but which won't come in by
default as it would be a behavior change.

This patch adds a verification to reject malicious command arguments as a
last ditch. The subsequent patches will fix the problem in more appropriate
way.

Contributed by Yuya Nishihara.

git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@17074 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-07 12:22:22 +00:00
Jean-Philippe Lang
93d78771c6 Merged r16622 to r16625 (#26055). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16631 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-07 19:35:35 +00:00
Jean-Philippe Lang
e9a7d1be63 Merged r16619 (#26072). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16629 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-07 19:34:01 +00:00
Jean-Philippe Lang
3bb7524c1f Merged r16574 (#25760). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16621 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-06 21:17:16 +00:00
Jean-Philippe Lang
ba4744d4c4 Merged r16572 (#25861). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16618 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-06 20:56:47 +00:00
Jean-Philippe Lang
c2e613981a Merged r16568 (#25634). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16571 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-05-27 08:36:13 +00:00
Jean-Philippe Lang
d54ede781b Merged r16557 (#25713). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16567 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-05-27 07:40:24 +00:00
Jean-Philippe Lang
b64f8b4de9 Merged r16500 to r16503 (#25503). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16524 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-08 07:47:09 +00:00
Jean-Philippe Lang
ffd1ebda98 Merged r16504 (#25478). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16522 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-08 07:39:30 +00:00
Jean-Philippe Lang
e92f3127e4 total_spent_hours not returned in 3.2 (#25526). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16510 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-06 18:07:54 +00:00
Jean-Philippe Lang
c66898259c Merged r16492 (#25526). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16496 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-05 16:12:51 +00:00
Jean-Philippe Lang
1efe3eb3a1 Backported r16293 (#24875). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16309 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-30 17:54:08 +00:00
Jean-Philippe Lang
b67a46302f Test failure introduced in r16295 (#24199). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16305 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-30 17:36:49 +00:00
Jean-Philippe Lang
a5d45534b8 Merged r16283 (#23793). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16301 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-29 10:44:51 +00:00
Jean-Philippe Lang
a170c3d93c Merged r16287 to r16289 (#24416). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16299 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-29 10:42:58 +00:00
Jean-Philippe Lang
83921f27d4 Merged r16286 (#24307). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16297 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-29 10:41:33 +00:00
Jean-Philippe Lang
47d2775977 Merged r16118 to r16122 (#24693, #24718, #24722). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16133 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-04 20:50:27 +00:00
Jean-Philippe Lang
66f6d8a633 Merged r16114 (#24646). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16131 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-04 19:52:54 +00:00
Jean-Philippe Lang
5e9e640381 Merged r16116 (#22034). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16129 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-04 19:48:11 +00:00
Jean-Philippe Lang
c2eb894f67 Merged r16059, r16060, r16064, r16072. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16107 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-12-20 16:09:28 +00:00
Jean-Philippe Lang
c5697e01e4 Fix test in 3.2-stable (#14817). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16105 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-12-20 15:49:23 +00:00
Jean-Philippe Lang
0453c56b22 Merged r16071 (#24595). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16100 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-12-20 09:05:31 +00:00
Jean-Philippe Lang
e2b3fcabde Merged r16056 (#14817). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16098 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-12-20 09:02:14 +00:00
Jean-Philippe Lang
35dff9428f Merged r15955 and r15956 (#24297). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16000 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-11-26 09:01:20 +00:00
Jean-Philippe Lang
2e9009b820 Merged r15848 (#23764). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15871 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-10-02 10:19:12 +00:00
Jean-Philippe Lang
b5fddf0950 Merged r15846 (#23841). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15868 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-10-02 10:12:56 +00:00
Jean-Philippe Lang
10ac3a9c8b Merged r15852 and r15863 (#23839). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15865 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-10-02 10:10:11 +00:00
Jean-Philippe Lang
5597bf52a0 Merged r15816 (#23758). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15818 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-09-04 17:12:11 +00:00
Jean-Philippe Lang
09cfa67f67 Merged r15750 (#23655). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15766 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-08-31 16:52:01 +00:00
Jean-Philippe Lang
891736ef39 Merged r15609 (#23278). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15638 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-07-11 18:10:01 +00:00
Jean-Philippe Lang
e35c8f7e2e Merged r15607 (#23246). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15615 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-07-10 07:47:07 +00:00
Jean-Philippe Lang
3cbbba8513 Merged r15608 (#23206). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15613 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-07-10 07:45:54 +00:00
Jean-Philippe Lang
4566ac1ee9 Merged r15539 and r15550 (#23067). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15558 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-18 10:16:51 +00:00
Jean-Philippe Lang
1fb561782b Merged r15532 and r15533 (#23054). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15538 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-18 06:02:32 +00:00
Jean-Philippe Lang
3bd4124ab2 Merged r15510 (#22123). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15515 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-12 06:03:40 +00:00
Jean-Philippe Lang
f2ad8df5dd Merged r15442 (#22898). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15445 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-04 09:56:53 +00:00
Jean-Philippe Lang
ee408687c6 Merged r15431 to r15435 (#22924, #22925, #22926). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15441 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-04 07:25:12 +00:00
Jean-Philippe Lang
3b3478b8a3 Merged r15429 (#22911). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15439 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-06-04 07:19:27 +00:00
Jean-Philippe Lang
47fce166d0 Merged r15416 (#22808). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15419 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-05-21 06:50:25 +00:00
Jean-Philippe Lang
3d4d6c31f3 Merged r15318 and r15319 (#22342). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15329 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-04-12 16:55:30 +00:00
Jean-Philippe Lang
c03f54af45 Merged r15290 (#5156). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15308 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-04-09 05:53:40 +00:00
Jean-Philippe Lang
1f2150e839 Merged r15293 (#22305). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15306 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-04-09 05:52:15 +00:00
Toshi MARUYAMA
fb3ff98f80 Merged r15252 from trunk to 3.2-stable 
NameError: uninitialized constant Redmine::ApiTest::GroupsTest::MultiJson

git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15278 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-24 06:38:05 +00:00
Jean-Philippe Lang
b2131b3245 Merged r15238. 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15239 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-13 10:41:37 +00:00
Jean-Philippe Lang
54856b4699 Merged r15223 and r15225 (#22127). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15230 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-13 08:20:37 +00:00
Jean-Philippe Lang
65e2e932d1 Merged r15224 (#22178). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15227 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-13 08:03:08 +00:00
Jean-Philippe Lang
d09b080463 Merged r15202 (#22108). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15226 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-13 08:01:55 +00:00
Jean-Philippe Lang
985634ef9e Merged r15136 to r15138 (#21593). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15222 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-12 10:36:10 +00:00
Jean-Philippe Lang
56f6602e23 Merged r15196 (#22072). 
git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@15207 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-12 10:03:41 +00:00