Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2017-08-15 21:06:53 by Benny Siegert | Files touched by this commit (4) | |
Log message:
Pullup ticket #5533 - requested by maya
devel/py-mercurial: security fix
Revisions pulled up:
- devel/py-mercurial/Makefile 1.13-1.14
- devel/py-mercurial/Makefile.version 1.51
- devel/py-mercurial/PLIST 1.16
- devel/py-mercurial/distinfo 1.51-1.52
---
Module Name: pkgsrc
Committed By: joerg
Date: Tue Jul 25 16:09:40 UTC 2017
Modified Files:
pkgsrc/devel/py-mercurial: Makefile distinfo
Added Files:
pkgsrc/devel/py-mercurial/patches: patch-mercurial_localrepo.py
patch-mercurial_statichttprepo.py
Log message:
Fix a memory leak, from upstream. Bump revision.
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Aug 14 01:31:56 UTC 2017
Modified Files:
pkgsrc/devel/py-mercurial: Makefile Makefile.version PLIST distinfo
Removed Files:
pkgsrc/devel/py-mercurial/patches: patch-mercurial_localrepo.py
patch-mercurial_statichttprepo.py
Log message:
py-mercurial: update to 4.3.1
1. Mercurial 4.3 / 4.3.1 (2017-08-10)
(4.3.1 was released immediately after 4.3 to fix a release oversight.)
An overview of new features available. This is a regularly-scheduled \
quarterly feature release.
1.1. Notable changes
experimental amend extension providing the amend command
experimental sparse extension
Support for Python 2.6 has been dropped.
Bundles created by the strip extension now store phase information. It \
will be restored when unbundling.
The strip extension now removes relevant obsmarkers. If a backup \
requested (the default), the obsmarkers are stored in the backup bundle and will \
be restored when unbundling.
hg show work (from the experimental show extension) now displays more info
hg show stack is a new view for the current, in-progress changeset and \
others around it
Mitigation for two security vulnerabilities
1.2. CVE-2017-1000115
Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused \
to write to files outside the repository.
1.3. CVE-2017-1000116
Mercurial was not sanitizing hostnames passed to ssh, allowing shell \
injection attacks on clients by specifying a hostname starting with \
-oProxyCommand. This is also present in Git (CVE-2017-1000117)
and Subversion (CVE-2017-9800), so please patch those tools as well if you \
have them installed.
2. Mercurial 4.2.3 (2017-08-10)
This was an out-of-cycle backport of security fixes from 4.3 for users stuck \
on Python 2.6.-1000117)
and Subversion (CVE-2017-9800), so please patch those tools as well if you \
have them installed.
2. Mercurial 4.2.3 (2017-08-10)
This was an out-of-cycle backport of security fixes from 4.3 for users stuck \
on Python 2.6.
3. Mercurial 4.2.2 (2017-07-05)
This is a regularly-scheduled bugfix release.
largefiles: avoid a crash when archiving a subrepo with largefiles disabled
rebase: also test abort from pretxnclose error
rebase: backed out changes 2519994d25ca and cf8ad0e6c0e4 (issue5610)
rebase: reinforce testing around precommit hook interrupting a rebase
|
Next | Query returned 1 messages, browsing 1 to 10 | previous