Path to this page:
Subject: CVS commit: pkgsrc/devel/py-mercurial
From: Thomas Klausner
Date: 2017-11-23 21:44:47
Message id: 20171123204447.2F1D8FB40@cvs.NetBSD.org
Log Message:
py-mercurial: update to 4.4.1.
1.1. Notable changes
Git and Subversion subrepos have been disabled by default to
mitigate a potential security risk if files overlapping with
a subrepo managed to be committed to a repository.
Subrepos are now more paranoid about symlink traversal.
The share extension handles drive letters on Windows better.
It is possible that a specially malformed repository can cause Git
subrepositories to run arbitrary code in the form of a
.git/hooks/post-update script checked in to the repository in
Mercurial 4.4 and earlier. Typical use of Mercurial prevents
construction of such repositories, but they can be created
programmatically.
Files: