CVSROOT: /cvs
Module name: ports
Changes by: juan...@cvs.openbsd.org 2017/11/09 12:25:11
Modified files:
devel/mercurial: Tag: OPENBSD_6_2 Makefile distinfo
Added files:
devel/mercurial/patches: Tag: OPENBSD_6_2
patch-mercurial_configitems_py
patch-mercurial_help_config_txt
patch-mercurial_subrepo_py
patch-tests_test-audit-subrepo_t
patch-tests_test-convert-git_t
patch-tests_test-mq-subrepo-svn_t
patch-tests_test-subrepo-git_t
patch-tests_test-subrepo-svn_t
patch-tests_test-subrepo_t
Log message:
SECURITY update. No CVE. Update to 4.3.3 + changes backported from 4.4.1.
"It is possible that a specially malformed repository can cause Git
subrepositories to run arbitrary code in the form of a .git/hooks/post-update
script checked in to the repository in Mercurial 4.4 and earlier. Typical use
of Mercurial prevents construction of such repositories, but they can be
created programmatically."
