3 patches for repository http://darcs.net/releases/branch-2.5:

Fri Jul 23 14:45:33 BST 2010  Eric Kow <kowey@darcs.net>
  * Fix warnings in Darcs.Repository.HashedIO.

Wed Jan 19 15:32:32 GMT 2011  Eric Kow <kowey@darcs.net>
  * Accept issue2035: malicious subpaths not caught.

Wed Jan 19 15:34:50 GMT 2011  Eric Kow <kowey@darcs.net>
  * Resolve issue2035: Catch malicious subpaths.
  A longer-term fix would be to change our subpath representation
  to be components based (eg. like pathlib)


___________________________________________________________
This email has been scanned by MessageLabs' Email Security
System on behalf of the University of Brighton.
For more information see http://www.brighton.ac.uk/is/spam/
___________________________________________________________

Attachments

• fix-warnings-in-darcs_repository_hashedio_.dpatch
• unnamed

This looks fine. Feels rather ad-hoc, but I can't find any other holes 
from some playing.

This goes wrong on Windows: 
http://buildbot.darcs.net/builders/6.10.4%20Vista%20RELEASE/builds/18/st
eps/test/logs/stdio

I can't immediately figure out the problem, but presumably it's to do 
with a different definition of absolute paths. That raises two questions 
for me:

1) Is /foo/bar really a safe path on Windows? I would expect it to go to 
the root of the current drive, which doesn't seem good.

2) Should we have a test repo with a c:/ in it for use on Windows?

There's a straightforward fix for the test (don't grep for "malicious" - 
the get fails on Windows but for other reasons).

I'll also make a test repo that has c:/ in it.

I pushed the followup that doesn't check for 'malicious' straight to 
2.5.1 as it's trivial. I checked that repos with c: in them are also 
correctly rejected on windows, and also that .. is (now) caught by darcs 
too.

For various reasons the tests I wrote for those other things aren't in a 
good state to submit/push yet, so I will probably leave those out of 
2.5.1.