Log Message:
py-mercurial: update to 4.3.1

1. Mercurial 4.3 / 4.3.1 (2017-08-10)

(4.3.1 was released immediately after 4.3 to fix a release oversight.)

An overview of new features available. This is a regularly-scheduled quarterly \ 
feature release.

1.1. Notable changes

    experimental amend extension providing the amend command
    experimental sparse extension
    Support for Python 2.6 has been dropped.
    Bundles created by the strip extension now store phase information. It will \ 
be restored when unbundling.
    The strip extension now removes relevant obsmarkers. If a backup requested \ 
(the default), the obsmarkers are stored in the backup bundle and will be \ 
restored when unbundling.

    hg show work (from the experimental show extension) now displays more info

    hg show stack is a new view for the current, in-progress changeset and \ 
others around it
    Mitigation for two security vulnerabilities

1.2. CVE-2017-1000115

Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to \ 
write to files outside the repository.

1.3. CVE-2017-1000116

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection \ 
attacks on clients by specifying a hostname starting with -oProxyCommand. This \ 
is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so \ 
please patch those tools as well if you have them installed.

2. Mercurial 4.2.3 (2017-08-10)

This was an out-of-cycle backport of security fixes from 4.3 for users stuck on \ 
Python 2.6.

3. Mercurial 4.2.2 (2017-07-05)

This is a regularly-scheduled bugfix release.

    largefiles: avoid a crash when archiving a subrepo with largefiles disabled
    rebase: also test abort from pretxnclose error

    rebase: backed out changes 2519994d25ca and cf8ad0e6c0e4 (issue5610)
    rebase: reinforce testing around precommit hook interrupting a rebase