Page MenuHomePhabricator

SubversionProject
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Of or relating to the Subversion VCS also known as SVN

Recent Activity

May 22 2020

sshannin added a comment to T7469: Handle folder copies/moves more gracefully.

(there's usually no value in reviewing individual file-level changes in a "create a new branch X" commit)

Completely agree that there's no value in reviewing those individually. But to be clear, my point in making this ticket was mostly that you can't discern from the browser that this was a "create a new branch" commit. Right now it just renders the whole file tree saying showing 3000 files individually copied instead of a simpler/single line saying the whole directory was copied.

May 22 2020, 6:10 PM · Diffusion, Subversion

Apr 22 2020

epriestley closed T7469: Handle folder copies/moves more gracefully as Wontfix.

I'm not aware of any current customer interest in improving this behavior, and it's likely a lot of work to improve what is largely a moot case (there's usually no value in reviewing individual file-level changes in a "create a new branch X" commit) that only affects Subversion.

Apr 22 2020, 6:19 PM · Diffusion, Subversion

May 23 2019

asherkin closed T13293: `arc land` using git-svn fails in certain configurations as Resolved by committing rARC7329bc7c32b9: Fix arc land on odd/modern git-svn checkouts.
May 23 2019, 9:58 AM · Subversion, Git, Arcanist

May 22 2019

epriestley triaged T13293: `arc land` using git-svn fails in certain configurations as Low priority.
May 22 2019, 4:30 PM · Subversion, Git, Arcanist
epriestley added projects to T13293: `arc land` using git-svn fails in certain configurations: Arcanist, Git, Subversion.
May 22 2019, 4:30 PM · Subversion, Git, Arcanist

Apr 15 2019

epriestley moved T6537: The "Skip Past This Commit" results in exception (diffusion svn blame view) from Backlog to Subversion on the Diffusion board.
Apr 15 2019, 3:38 PM · Subversion, Diffusion

Oct 2 2018

epriestley lowered the priority of T2465: Context not available for revisions created on Windows from High to Low.
Oct 2 2018, 1:05 PM · Windows, Subversion, Arcanist
epriestley moved T2465: Context not available for revisions created on Windows from Backlog to Diff on the Windows board.
Oct 2 2018, 1:00 PM · Windows, Subversion, Arcanist

Sep 24 2018

epriestley moved T4682: With SVN 1.7, certain property changes won't show properly in Differential from Backlog to Diff Parsing on the Arcanist board.
Sep 24 2018, 3:54 PM · Subversion, Arcanist
epriestley moved T1947: Merged files in SVN don't pull content correctly when diffed from Backlog to Diff Parsing on the Arcanist board.
Sep 24 2018, 3:52 PM · Subversion, Arcanist

May 17 2018

epriestley closed T13140: Phabricator fails to parse unusual protocol requests emitted by Subversion as Resolved by committing rP3544620209cf: Parse unusual Subversion protocol frames which contain extra whitespace.
May 17 2018, 12:12 AM · Subversion

May 15 2018

epriestley added a revision to T13140: Phabricator fails to parse unusual protocol requests emitted by Subversion: D19451: Parse unusual Subversion protocol frames which contain extra whitespace.
May 15 2018, 10:58 PM · Subversion
epriestley triaged T13140: Phabricator fails to parse unusual protocol requests emitted by Subversion as Normal priority.
May 15 2018, 10:24 PM · Subversion

Feb 10 2018

epriestley added a parent task for T4698: Support for SVN patches, created by PhpStorm: T12664: Update diff/patch parsing to extract more metadata and parse a wider range of formats.
Feb 10 2018, 7:43 PM · Subversion, Differential

Aug 14 2017

epriestley closed T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`) as Resolved.

There doesn't seem to be anything actionable remaining on our end.

Aug 14 2017, 8:07 PM · Subversion, Mercurial, Git, Security

Aug 11 2017

epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

This cropped up in the HN thread -- works in my browsers (although Phabricator does not recognize it as a valid link):

Aug 11 2017, 8:07 PM · Subversion, Mercurial, Git, Security
avivey added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Thanks for the writeup :)

Aug 11 2017, 7:04 PM · Subversion, Mercurial, Git, Security
indygreg added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The reason the upstream projects aren't using -- is that it isn't portable. For example, Putty's ssh doesn't support it.

Aug 11 2017, 3:45 PM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:41 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The full set of mitigations is now available in stable, and I've promoted 2017 Week 32 (Mid August).

Aug 11 2017, 1:36 PM · Subversion, Mercurial, Git, Security
epriestley renamed T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`) from Assess Impact of CVE-2017-1000117 et al (`ssh://-...` executing code) to [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:31 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

See also this enormously valuable contribution I made to the Git LFS upstream in connection with T7789 some time ago:

Aug 11 2017, 1:19 PM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 1:14 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

So, all three major VCS had the exact same CVE, which was "we invoke ssh command line, don't sanitize input, and don't specify -- anywhere"?

Aug 11 2017, 12:50 PM · Subversion, Mercurial, Git, Security
quark.zju added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Thanks for the detailed explanations! I should have thought more carefully. Note old Mercurial also fails to do correct shell quoting on Windows (It uses ' where Windows needs "). But Phabricator does not run on Windows, it shouldn't be an issue.

Aug 11 2017, 3:22 AM · Subversion, Mercurial, Git, Security
avivey added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

So, all three major VCS had the exact same CVE, which was "we invoke ssh command line, don't sanitize input, and don't specify -- anywhere"?

Aug 11 2017, 2:53 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

@indygreg Thanks for the heads up about subrepos -- I would not have otherwise guessed that hg pull might run git.

Aug 11 2017, 2:40 AM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 11 2017, 2:24 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

From this writeup:

Aug 11 2017, 2:21 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The magic incantation I arrived at was slightly modified from one of the hg test cases:

Aug 11 2017, 2:14 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Never mind, I was able to get hg pull -u to interact. I'm going to land, cherry-pick, and hotfix D18390.

Aug 11 2017, 2:12 AM · Subversion, Mercurial, Git, Security
cspeckmim added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

I think this is related:
https://www.mercurial-scm.org/wiki/Subrepository#Synchronizing_in_subrepositories

Aug 11 2017, 2:10 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

And here's an extension which appears to be aimed at solving this problem, by adding a new command to execute hg pull -u in subrepositories:

Aug 11 2017, 2:04 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Also, although ui.ssh appears inneffective against the [git] and [svn] variants of subrepos (Mercurial does not appear to populate GIT_SSH or SVN_SSH based on the ui.ssh setting), I can't get hg to actually interact with remotes using hg clone --noupdate ... or hg pull -u -- <uri>, which are the only relevant commands we run. I can get it to interact with remotes with hg up or hg clone (without --noupdate).

Aug 11 2017, 1:56 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

In the example above, I put malicious content in .hgsub, like this:

Aug 11 2017, 1:32 AM · Subversion, Mercurial, Git, Security
quark.zju added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The subrepo issue is when .hgsub has malicious content (ex. foo = ssh://-oProxyCommand=touch%20BAR/). It's not related to command line or config files.

Aug 11 2017, 1:25 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

I'm going to cherry-pick rP794e185bf90e (the SSH wrapper stuff) to stable and hotfix production, although I'm not entirely certain hg pull -u -- <uri> is vulnerable.

Aug 11 2017, 12:54 AM · Subversion, Mercurial, Git, Security
epriestley added a revision to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`): D18390: Stop populating or updating working copies in observed Mercurial repositories.
Aug 11 2017, 12:49 AM · Subversion, Mercurial, Git, Security
epriestley added a revision to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`): D18389: Pass SSH wrappers to VCS commands unconditonally, not just if there's an SSH remote.
Aug 11 2017, 12:16 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

I also can't get hg pull -u -- <uri> to fetch subrepos, am I just not setting things up correctly? In my current working state, hg up tries to interact with the subrepo remote but hg pull -u -- <uri> (which is what we actually execute) does not.

Aug 11 2017, 12:14 AM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

See also T4416. Removing -u hasn't been a priority because no actual install has expressed interest in it.

Aug 11 2017, 12:02 AM · Subversion, Mercurial, Git, Security

Aug 10 2017

indygreg added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

That same code I pointed to for Mercurial also seems to perform Git working copy checkouts. Although I can't recall Git's semantics for automatically updating submodules (because I don't use them). It is worth auditing.

Aug 10 2017, 11:03 PM · Subversion, Mercurial, Git, Security
indygreg added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

Note that Phabricator can manifest Mercurial working directories. See executeMercurialUpdate() in src/applications/repository/engine/PhabricatorRepositoryPullEngine.php. It does this when pulling non-hosted repos. I know this occurs when observing repos. Not sure where else this code is used.

Aug 10 2017, 10:59 PM · Subversion, Mercurial, Git, Security
epriestley updated the task description for T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).
Aug 10 2017, 10:48 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

I'll leave this open until I write up the release notes since it deserves a mention (users are still vulnerable if an attacker tricks them into running a suspicious git clone command), but I think we're otherwise unscathed by this.

Aug 10 2017, 10:40 PM · Subversion, Mercurial, Git, Security
epriestley added a revision to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`): D18388: Increase strictness of URI parsing, rejecting URIs in the form "ssh://-flag".
Aug 10 2017, 10:23 PM · Subversion, Mercurial, Git, Security
epriestley lowered the priority of T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`) from Unbreak Now! to Normal.
Aug 10 2017, 10:15 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

We also used to have a separate PhutilGitURI which had looser rules, but I removed this in D16100 (June 13, 2016) and all URI parsing now goes through PhutilURI which has the stricter rules.

Aug 10 2017, 10:14 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

The theoretical attack here is:

Aug 10 2017, 9:56 PM · Subversion, Mercurial, Git, Security
epriestley added a comment to T12961: [CVE-2017-1000117, et al] Git, Mercurial and Subversion could all execute arbitrary commands when interacting with malicious SSH URIs (`ssh://-...`).

These are slightly more fleshed-out versions of the attack in Mercurial:

Aug 10 2017, 9:48 PM · Subversion, Mercurial, Git, Security