Log message:
Pullup ticket #5533 - requested by maya
devel/py-mercurial: security fix

Revisions pulled up:
- devel/py-mercurial/Makefile                                   1.13-1.14
- devel/py-mercurial/Makefile.version                           1.51
- devel/py-mercurial/PLIST                                      1.16
- devel/py-mercurial/distinfo                                   1.51-1.52

---
   Module Name:    pkgsrc
   Committed By:   joerg
   Date:           Tue Jul 25 16:09:40 UTC 2017

   Modified Files:
           pkgsrc/devel/py-mercurial: Makefile distinfo
   Added Files:
           pkgsrc/devel/py-mercurial/patches: patch-mercurial_localrepo.py
               patch-mercurial_statichttprepo.py

   Log message:
   Fix a memory leak, from upstream. Bump revision.

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Mon Aug 14 01:31:56 UTC 2017

   Modified Files:
           pkgsrc/devel/py-mercurial: Makefile Makefile.version PLIST distinfo
   Removed Files:
           pkgsrc/devel/py-mercurial/patches: patch-mercurial_localrepo.py
               patch-mercurial_statichttprepo.py

   Log message:
   py-mercurial: update to 4.3.1

   1. Mercurial 4.3 / 4.3.1 (2017-08-10)

   (4.3.1 was released immediately after 4.3 to fix a release oversight.)

   An overview of new features available. This is a regularly-scheduled \ 
quarterly feature release.

   1.1. Notable changes

       experimental amend extension providing the amend command
       experimental sparse extension
       Support for Python 2.6 has been dropped.
       Bundles created by the strip extension now store phase information. It \ 
will be restored when unbundling.
       The strip extension now removes relevant obsmarkers. If a backup \ 
requested (the default), the obsmarkers are stored in the backup bundle and will \ 
be restored when unbundling.

       hg show work (from the experimental show extension) now displays more info

       hg show stack is a new view for the current, in-progress changeset and \ 
others around it
       Mitigation for two security vulnerabilities

   1.2. CVE-2017-1000115

   Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused \ 
to write to files outside the repository.

   1.3. CVE-2017-1000116

   Mercurial was not sanitizing hostnames passed to ssh, allowing shell \ 
injection attacks on clients by specifying a hostname starting with \ 
-oProxyCommand. This is also present in Git (CVE-2017-1000117)
   and Subversion (CVE-2017-9800), so please patch those tools as well if you \ 
have them installed.

   2. Mercurial 4.2.3 (2017-08-10)

   This was an out-of-cycle backport of security fixes from 4.3 for users stuck \ 
on Python 2.6.-1000117)
   and Subversion (CVE-2017-9800), so please patch those tools as well if you \ 
have them installed.

   2. Mercurial 4.2.3 (2017-08-10)

   This was an out-of-cycle backport of security fixes from 4.3 for users stuck \ 
on Python 2.6.

   3. Mercurial 4.2.2 (2017-07-05)

   This is a regularly-scheduled bugfix release.

       largefiles: avoid a crash when archiving a subrepo with largefiles disabled
       rebase: also test abort from pretxnclose error

       rebase: backed out changes 2519994d25ca and cf8ad0e6c0e4 (issue5610)
       rebase: reinforce testing around precommit hook interrupting a rebase