Path to this page:
Subject: CVS commit: pkgsrc/devel/py-mercurial
From: Thomas Klausner
Date: 2018-06-17 13:24:12
Message id: 20180617112412.E4300FBEC@cvs.NetBSD.org
Log Message:
py-mercurial: update to 4.6.1.
Mercurial 4.6.1 (2018-06-06)
This is a regularly-scheduled bugfix release that also contains security fixes.
1.1. Security Fixes
Multiple issues found in mpatch.c with a fuzzer:
OVE-20180430-0001
OVE-20180430-0002
OVE-20180430-0004
With the following fixes:
mpatch: be more careful about parsing binary patch data (SEC)
mpatch: protect against underflow in mpatch_apply (SEC)
mpatch: ensure fragment start isn't past the end of orig (SEC)
mpatch: fix UB in int overflows in gather() (SEC)
mpatch: fix UB integer overflows in discard() (SEC)
mpatch: avoid integer overflow in mpatch_decode (SEC)
mpatch: avoid integer overflow in combine() (SEC)
No exploits are known at the time, however, it is highly recommended that all \
users upgrade.
1.2. Bug Fixes
Also included in this release are the following,
zstandard: pull in bug fixes from upstream 0.9.1 (issue5884)
bundle2: fix old clients from reading newer format (issue5872)
bdiff: fix xdiff long/int64 conversion (issue5885)
push: continue without locking on lock failure other than EEXIST (issue5882)
lfs: fix crash in command server (issue5902)
hghave: fix deadlock in test runner
rebase: fix error when computing obsoletenotrebased (issue5907)
rebase: prioritize indicating an interrupted rebase over update (issue5838)
revset: pass in lookup function to matchany() (issue5879)
Files: