Page MenuHomePhabricator

SubversionProject
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Of or relating to the Subversion VCS also known as SVN

Recent Activity

May 23 2019

asherkin closed T13293: `arc land` using git-svn fails in certain configurations as Resolved by committing rARC7329bc7c32b9: Fix arc land on odd/modern git-svn checkouts.
May 23 2019, 9:58 AM · Subversion, Git, Arcanist

May 22 2019

epriestley triaged T13293: `arc land` using git-svn fails in certain configurations as Low priority.
May 22 2019, 4:30 PM · Subversion, Git, Arcanist
epriestley added projects to T13293: `arc land` using git-svn fails in certain configurations: Arcanist, Git, Subversion.
May 22 2019, 4:30 PM · Subversion, Git, Arcanist

Apr 15 2019

epriestley moved T6537: The "Skip Past This Commit" results in exception (diffusion svn blame view) from Backlog to Subversion on the Diffusion board.
Apr 15 2019, 3:38 PM · Subversion, Diffusion

Oct 2 2018

epriestley lowered the priority of T2465: Context not available for revisions created on Windows from High to Low.
Oct 2 2018, 1:05 PM · Windows, Subversion, Arcanist
epriestley moved T2465: Context not available for revisions created on Windows from Backlog to Diff on the Windows board.
Oct 2 2018, 1:00 PM · Windows, Subversion, Arcanist

Sep 24 2018

epriestley moved T4682: With SVN 1.7, certain property changes won't show properly in Differential from Backlog to Diff Parsing on the Arcanist board.
Sep 24 2018, 3:54 PM · Subversion, Arcanist
epriestley moved T1947: Merged files in SVN don't pull content correctly when diffed from Backlog to Diff Parsing on the Arcanist board.
Sep 24 2018, 3:52 PM · Subversion, Arcanist

May 17 2018

epriestley closed T13140: Phabricator fails to parse unusual protocol requests emitted by Subversion as Resolved by committing rP3544620209cf: Parse unusual Subversion protocol frames which contain extra whitespace.
May 17 2018, 12:12 AM · Subversion

May 15 2018

epriestley added a revision to T13140: Phabricator fails to parse unusual protocol requests emitted by Subversion: D19451: Parse unusual Subversion protocol frames which contain extra whitespace.
May 15 2018, 10:58 PM · Subversion
epriestley triaged T13140: Phabricator fails to parse unusual protocol requests emitted by Subversion as Normal priority.
May 15 2018, 10:24 PM · Subversion

Feb 10 2018

epriestley added a parent task for T4698: Support for SVN patches, created by PhpStorm: T12664: Update diff/patch parsing to extract more metadata and parse a wider range of formats.
Feb 10 2018, 7:43 PM · Subversion, Differential

Aug 14 2017

epriestley closed T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`) as Resolved.

There doesn't seem to be anything actionable remaining on our end.

Aug 14 2017, 8:07 PM · Subversion, Mercurial, Git, Security

Aug 11 2017

epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

This cropped up in the HN thread -- works in my browsers (although Phabricator does not recognize it as a valid link):

Aug 11 2017, 8:07 PM · Subversion, Mercurial, Git, Security
avivey added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Thanks for the writeup :)

Aug 11 2017, 7:04 PM · Subversion, Mercurial, Git, Security
indygreg added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The reason the upstream projects aren't using -- is that it isn't portable. For example, Putty's ssh doesn't support it.

Aug 11 2017, 3:45 PM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:41 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The full set of mitigations is now available in stable, and I've promoted 2017 Week 32 (Mid August).

Aug 11 2017, 1:36 PM · Subversion, Mercurial, Git, Security
epriestley renamed T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`) from Assess Impact of CVE-2017-1000117 et al (`ssh://-...` executing code) to [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:31 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

See also this enormously valuable contribution I made to the Git LFS upstream in connection with T7789 some time ago:

Aug 11 2017, 1:19 PM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:14 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

So, all three major VCS had the exact same CVE, which was "we invoke ssh command line, don't sanitize input, and don't specify -- anywhere"?

Aug 11 2017, 12:50 PM · Subversion, Mercurial, Git, Security
quark.zju added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Thanks for the detailed explanations! I should have thought more carefully. Note old Mercurial also fails to do correct shell quoting on Windows (It uses ' where Windows needs "). But Phabricator does not run on Windows, it shouldn't be an issue.

Aug 11 2017, 3:22 AM · Subversion, Mercurial, Git, Security
avivey added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

So, all three major VCS had the exact same CVE, which was "we invoke ssh command line, don't sanitize input, and don't specify -- anywhere"?

Aug 11 2017, 2:53 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

@indygreg Thanks for the heads up about subrepos -- I would not have otherwise guessed that hg pull might run git.

Aug 11 2017, 2:40 AM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 2:24 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

From this writeup:

Aug 11 2017, 2:21 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The magic incantation I arrived at was slightly modified from one of the hg test cases:

Aug 11 2017, 2:14 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Never mind, I was able to get hg pull -u to interact. I'm going to land, cherry-pick, and hotfix D18390.

Aug 11 2017, 2:12 AM · Subversion, Mercurial, Git, Security
cspeckmim added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

I think this is related:
https://www.mercurial-scm.org/wiki/Subrepository#Synchronizing_in_subrepositories

Aug 11 2017, 2:10 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

And here's an extension which appears to be aimed at solving this problem, by adding a new command to execute hg pull -u in subrepositories:

Aug 11 2017, 2:04 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Also, although ui.ssh appears inneffective against the [git] and [svn] variants of subrepos (Mercurial does not appear to populate GIT_SSH or SVN_SSH based on the ui.ssh setting), I can't get hg to actually interact with remotes using hg clone --noupdate ... or hg pull -u -- <uri>, which are the only relevant commands we run. I can get it to interact with remotes with hg up or hg clone (without --noupdate).

Aug 11 2017, 1:56 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

In the example above, I put malicious content in .hgsub, like this:

Aug 11 2017, 1:32 AM · Subversion, Mercurial, Git, Security
quark.zju added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The subrepo issue is when .hgsub has malicious content (ex. foo = ssh://-oProxyCommand=touch%20BAR/). It's not related to command line or config files.

Aug 11 2017, 1:25 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

I'm going to cherry-pick rP794e185bf90e (the SSH wrapper stuff) to stable and hotfix production, although I'm not entirely certain hg pull -u -- <uri> is vulnerable.

Aug 11 2017, 12:54 AM · Subversion, Mercurial, Git, Security
epriestley added a revision to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`): D18390: Stop populating or updating working copies in observed Mercurial repositories.
Aug 11 2017, 12:49 AM · Subversion, Mercurial, Git, Security
epriestley added a revision to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`): D18389: Pass SSH wrappers to VCS commands unconditonally, not just if there's an SSH remote.
Aug 11 2017, 12:16 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

I also can't get hg pull -u -- <uri> to fetch subrepos, am I just not setting things up correctly? In my current working state, hg up tries to interact with the subrepo remote but hg pull -u -- <uri> (which is what we actually execute) does not.

Aug 11 2017, 12:14 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

See also T4416. Removing -u hasn't been a priority because no actual install has expressed interest in it.

Aug 11 2017, 12:02 AM · Subversion, Mercurial, Git, Security

Aug 10 2017

indygreg added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

That same code I pointed to for Mercurial also seems to perform Git working copy checkouts. Although I can't recall Git's semantics for automatically updating submodules (because I don't use them). It is worth auditing.

Aug 10 2017, 11:03 PM · Subversion, Mercurial, Git, Security
indygreg added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Note that Phabricator can manifest Mercurial working directories. See executeMercurialUpdate() in src/applications/repository/engine/PhabricatorRepositoryPullEngine.php. It does this when pulling non-hosted repos. I know this occurs when observing repos. Not sure where else this code is used.

Aug 10 2017, 10:59 PM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 10 2017, 10:48 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

I'll leave this open until I write up the release notes since it deserves a mention (users are still vulnerable if an attacker tricks them into running a suspicious git clone command), but I think we're otherwise unscathed by this.

Aug 10 2017, 10:40 PM · Subversion, Mercurial, Git, Security
epriestley added a revision to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`): D18388: Increase strictness of URI parsing, rejecting URIs in the form "ssh://-flag".
Aug 10 2017, 10:23 PM · Subversion, Mercurial, Git, Security
epriestley lowered the priority of T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`) from Unbreak Now! to Normal.
Aug 10 2017, 10:15 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

We also used to have a separate PhutilGitURI which had looser rules, but I removed this in D16100 (June 13, 2016) and all URI parsing now goes through PhutilURI which has the stricter rules.

Aug 10 2017, 10:14 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The theoretical attack here is:

Aug 10 2017, 9:56 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

These are slightly more fleshed-out versions of the attack in Mercurial:

Aug 10 2017, 9:48 PM · Subversion, Mercurial, Git, Security
chad added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

git, svn, and hg... wow

Aug 10 2017, 9:47 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The attack is basically:

Aug 10 2017, 9:45 PM · Subversion, Mercurial, Git, Security