CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2019/02/02 09:08:07
Modified files:
devel/mercurial: Tag: OPENBSD_6_4 Makefile
devel/mercurial/pkg: Tag: OPENBSD_6_4 PLIST-main
Log message:
SECURITY:
Prior to 4.9, it's possible to use symlinks and subrepositories to defeat
Mercurial's path-checking logic and write files outside a repository.
As per recommendation of Augie Fackler (Mercurial developer), I'm
creating a global rc file to disable subrepos or any future dangerous
feature. If you need subrepos support, you can enable it in the
project rc file (i.e. myrepo/.hg/hgrc). Use it only with really trusty
sources.
