From: Simon McVittie <smcv@debian.org>
Date: Mon, 26 Dec 2016 18:45:02 +0000 (+0000)
Subject: Try revert operations (on a branch) before approving them
X-Git-Tag: debian/3.20120629.2+deb7u2~24
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/9b3c1867c8fb53c73cdad85dc73578261df481af?hp=9b3c1867c8fb53c73cdad85dc73578261df481af

Try revert operations (on a branch) before approving them

Otherwise, we have a time-of-check/time-of-use vulnerability:
rcs_preprevert previously looked at what changed in the commit we are
reverting, not at what would result from reverting it now. In
particular, if some files were renamed since the commit we are
reverting, a revert of changes that were within the designated
subdirectory and allowed by check_canchange() might now affect
files that are outside the designated subdirectory or disallowed
by check_canchange().

OVE-20161226-0002
---