mbthomas created this revision. Herald added a subscriber: mercurial-devel. Herald added a reviewer: hg-reviewers.
REVISION SUMMARY https://phab.mercurial-scm.org/D785 regressed behavior in path auditing: files can be deleted if they have a path that conflicts with a filename from a malicious remote or bundle. This test demonstrates the problem - the file should not have been deleted. REPOSITORY rHG Mercurial REVISION DETAIL https://phab.mercurial-scm.org/D1156 AFFECTED FILES tests/test-audit-path.t CHANGE DETAILS diff --git a/tests/test-audit-path.t b/tests/test-audit-path.t --- a/tests/test-audit-path.t +++ b/tests/test-audit-path.t @@ -118,9 +118,14 @@ $ hg manifest -r3 ../test + $ mkdir ../test + $ echo data > ../test/file $ hg update -Cr3 abort: path contains illegal component: ../test (glob) [255] + $ cat ../test/file + cat: ../test/file: No such file or directory + [1] attack /tmp/test To: mbthomas, #hg-reviewers Cc: mercurial-devel _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel