Hello community,

here is the log from the commit of package mercurial for openSUSE:Factory 
checked in at 2018-03-12 12:07:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mercurial (Old)
 and      /work/SRC/openSUSE:Factory/.mercurial.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mercurial"

Mon Mar 12 12:07:12 2018 rev:125 rq:584101 version:4.5.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/mercurial/mercurial.changes      2018-02-06 
16:46:13.816277309 +0100
+++ /work/SRC/openSUSE:Factory/.mercurial.new/mercurial.changes 2018-03-12 
12:07:16.169028642 +0100
@@ -1,0 +2,37 @@
+Wed Mar  7 08:10:06 UTC 2018 - devel...@develop7.info
+
+- Mercurial 4.5.2
+
+  (4.5.2 was released immediately after 4.5.1 to fix a release oversight.)
+  
+  1. Security Fixes
+    All versions of Mercurial prior to 4.5.2 have vulnerabilities in the HTTP 
+    server that allow permissions bypass to:
+    * Perform writes on repositories that should be read-only
+    * Perform reads on repositories that shouldn't allow read access
+  
+  2. Backwards Compatibility Changes
+    The "batch" wire protocol command now enforces permissions of each invoked 
+    sub-command. Wire protocol commands must define their operation type or 
the 
+    "batch" command will assume they can write data and will prevent their 
+    execution on HTTP servers unless the HTTP request method is POST, the 
+    server is configured to allow pushes, and the (possibly authenticated) 
HTTP 
+    user is authorized to perform a push.
+    Wire protocol commands not defining their operation type in 
+    "wireproto.PERMISSIONS" are now assumed to be used for "push" operations 
+    and access control to run those commands is now enforced accordingly.
+    
+  3. Bug Fixes
+    fileset: don't abort when running copied() on a revision with a removed 
file
+    date: fix parsing months
+    setup: only allow Python 3 from a source checkout (issue5804)
+    annotate: do not poorly split lines at CR (issue5798)
+    subrepo: don't attempt to share remote sources (issue5793)
+    subrepo: activate clone pooling to enable sharing with remote URLs
+    changegroup: do not delta lfs revisions
+    revlog: do not use delta for lfs revisions
+    revlog: resolve lfs rawtext to vanilla rawtext before applying delta
+  
+  See full cnahgelog on 
+  
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
+-------------------------------------------------------------------

Old:
----
  mercurial-4.5.tar.gz
  mercurial-4.5.tar.gz.asc

New:
----
  mercurial-4.5.2.tar.gz
  mercurial-4.5.2.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mercurial.spec ++++++
--- /var/tmp/diff_new_pack.E4wuWl/_old  2018-03-12 12:07:17.444982909 +0100
+++ /var/tmp/diff_new_pack.E4wuWl/_new  2018-03-12 12:07:17.448982765 +0100
@@ -20,10 +20,10 @@
 %{!?python_sitelib: %global python_sitelib %(python -c "from 
distutils.sysconfig import get_python_lib; print get_python_lib()")}
 %endif
 Name:           mercurial
-Version:        4.5
+Version:        4.5.2
 Release:        0
 Summary:        Scalable Distributed SCM
-License:        GPL-2.0+
+License:        GPL-2.0-or-later
 Group:          Development/Tools/Version Control
 Url:            https://www.mercurial-scm.org/
 Source:         
https://www.mercurial-scm.org/release/mercurial-%{version}.tar.gz

++++++ mercurial-4.5.tar.gz -> mercurial-4.5.2.tar.gz ++++++
++++ 4037 lines of diff (skipped)


Reply via email to