Page MenuHomePhabricator

Provide an explicit "-R" flag to "hg serve"
ClosedPublic

Authored by epriestley on Sep 15 2017, 12:53 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 13, 4:03 AM
Unknown Object (File)
Tue, Nov 5, 11:47 PM
Unknown Object (File)
Tue, Oct 29, 11:29 AM
Unknown Object (File)
Mon, Oct 28, 3:30 AM
Unknown Object (File)
Wed, Oct 23, 6:38 AM
Unknown Object (File)
Oct 14 2024, 12:49 AM
Unknown Object (File)
Oct 3 2024, 8:24 AM
Unknown Object (File)
Oct 3 2024, 8:23 AM
Subscribers
None

Details

Summary

See https://discourse.phabricator-community.org/t/unable-to-use-current-mercurial-on-debian-stretch/391.

The Mercurial commit is helpful in particular: https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499

We weren't vulnerable to the security issue (users can not control any part of the command) but pass the working directory explicitly to get past the new safety check.

I left setCWD() in place (a few lines below) just because it can't hurt, and in some other contexts it sometimes matter (for example, if commit hooks execute, they might inherit the parent CWD here or in other VCSes).

Test Plan
  • Cloned from a Mercurial repo locally over HTTP.
  • Verified that SSH cloning already uses -R (it does, see DiffusionMercurialServeSSHWorkflow).
  • Did not actually upgrade to Mercurial 4.0/4.1.3 to completely verify this, but a user in the Discourse thread asserted that a substantially similar fix worked correctly.

Diff Detail

Repository
rP Phabricator
Branch
hgcwd
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 18462
Build 24861: Run Core Tests
Build 24860: arc lint + arc unit