CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2019/02/02 08:26:07
Modified files:
devel/mercurial: Makefile
devel/mercurial/pkg: PLIST-main
Log message:
SECURITY:
Prior to 4.9, it's possible to use symlinks and subrepositories to defeat
Mercurial's path-checking logic and write files outside a repository.
As per recommendation of Augie Fackler (Mercurial developer), I'm
creating a global rc file to disable subrepos or any future dangerous
feature. If you need subrepos support, you can enable it in the
project rc file (i.e. myrepo/.hg/hgrc). Use it only with really trusty
sources.
