Path to this page:
Subject: CVS commit: pkgsrc/devel/py-mercurial
From: Maya Rashish
Date: 2017-08-14 03:31:56
Message id: 20170814013156.D3870FAD0@cvs.NetBSD.org
Log Message:
py-mercurial: update to 4.3.1
1. Mercurial 4.3 / 4.3.1 (2017-08-10)
(4.3.1 was released immediately after 4.3 to fix a release oversight.)
An overview of new features available. This is a regularly-scheduled quarterly \
feature release.
1.1. Notable changes
experimental amend extension providing the amend command
experimental sparse extension
Support for Python 2.6 has been dropped.
Bundles created by the strip extension now store phase information. It will \
be restored when unbundling.
The strip extension now removes relevant obsmarkers. If a backup requested \
(the default), the obsmarkers are stored in the backup bundle and will be \
restored when unbundling.
hg show work (from the experimental show extension) now displays more info
hg show stack is a new view for the current, in-progress changeset and \
others around it
Mitigation for two security vulnerabilities
1.2. CVE-2017-1000115
Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to \
write to files outside the repository.
1.3. CVE-2017-1000116
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection \
attacks on clients by specifying a hostname starting with -oProxyCommand. This \
is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so \
please patch those tools as well if you have them installed.
2. Mercurial 4.2.3 (2017-08-10)
This was an out-of-cycle backport of security fixes from 4.3 for users stuck on \
Python 2.6.
3. Mercurial 4.2.2 (2017-07-05)
This is a regularly-scheduled bugfix release.
largefiles: avoid a crash when archiving a subrepo with largefiles disabled
rebase: also test abort from pretxnclose error
rebase: backed out changes 2519994d25ca and cf8ad0e6c0e4 (issue5610)
rebase: reinforce testing around precommit hook interrupting a rebase
Files: