Module name: ports
Changes by: juan...@cvs.openbsd.org 2017/08/10 13:36:59
devel/mercurial: Tag: OPENBSD_6_1 Makefile distinfo
devel/mercurial/pkg: Tag: OPENBSD_6_1 DESCR-main PLIST-main
devel/mercurial/patches: Tag: OPENBSD_6_1
devel/mercurial/patches: Tag: OPENBSD_6_1 patch-contrib_hg-ssh
Update to mercurial 4.2.3.
Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused
to write to files outside the repository.
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection
attacks by specifying a hostname starting with -oProxyCommand.