Hello community, here is the log from the commit of package mercurial for openSUSE:Factory checked in at 2018-06-15 14:33:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mercurial (Old) and /work/SRC/openSUSE:Factory/.mercurial.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mercurial" Fri Jun 15 14:33:09 2018 rev:129 rq:615162 version:4.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/mercurial/mercurial.changes 2018-05-19 15:40:01.379991192 +0200 +++ /work/SRC/openSUSE:Factory/.mercurial.new/mercurial.changes 2018-06-15 14:33:11.637051709 +0200 @@ -1,0 +2,35 @@ +Fri Jun 8 07:32:56 UTC 2018 - [email protected] + +- Mercurial 4.6.1 + This is a regularly-scheduled bugfix release that also contains security + fixes. + + * Security Fixes + Multiple issues found in mpatch.c with a fuzzer: + + OVE-20180430-0001 + + OVE-20180430-0002 + + OVE-20180430-0004 + With the following fixes: + mpatch: be more careful about parsing binary patch data (SEC) + mpatch: protect against underflow in mpatch_apply (SEC) + mpatch: ensure fragment start isn't past the end of orig (SEC) + mpatch: fix UB in int overflows in gather() (SEC) + mpatch: fix UB integer overflows in discard() (SEC) + mpatch: avoid integer overflow in mpatch_decode (SEC) + mpatch: avoid integer overflow in combine() (SEC) + No exploits are known at the time, however, it is highly recommended that + all users upgrade. + + * Bug Fixes + Also included in this release are the following, + + zstandard: pull in bug fixes from upstream 0.9.1 (issue5884) + + bundle2: fix old clients from reading newer format (issue5872) + + bdiff: fix xdiff long/int64 conversion (issue5885) + + push: continue without locking on lock failure other than EEXIST (issue5882) + + lfs: fix crash in command server (issue5902) + + hghave: fix deadlock in test runner + + rebase: fix error when computing obsoletenotrebased (issue5907) + + rebase: prioritize indicating an interrupted rebase over update (issue5838) + + revset: pass in lookup function to matchany() (issue5879) + +------------------------------------------------------------------- Old: ---- mercurial-4.6.tar.gz mercurial-4.6.tar.gz.asc New: ---- mercurial-4.6.1.tar.gz mercurial-4.6.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mercurial.spec ++++++ --- /var/tmp/diff_new_pack.3AHn83/_old 2018-06-15 14:33:12.477020985 +0200 +++ /var/tmp/diff_new_pack.3AHn83/_new 2018-06-15 14:33:12.485020693 +0200 @@ -20,7 +20,7 @@ %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %endif Name: mercurial -Version: 4.6 +Version: 4.6.1 Release: 0 Summary: Scalable Distributed SCM License: GPL-2.0-or-later ++++++ mercurial-4.6.tar.gz -> mercurial-4.6.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/mercurial/mercurial-4.6.tar.gz /work/SRC/openSUSE:Factory/.mercurial.new/mercurial-4.6.1.tar.gz differ: char 5, line 1 ++++++ mercurial.keyring ++++++ ++++ 1884 lines (skipped) ++++ between mercurial.keyring ++++ and /work/SRC/openSUSE:Factory/.mercurial.new/mercurial.keyring
