|
|
|
|
Changelog for mercurial-4.9-2.4.i586.rpm :
Fri Feb 1 13:00:00 2019 Andrei Dziahel - Mercurial 4.9 This is a regularly-scheduled quarterly feature release. See complete changelog at https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29 * Security Fixes It was possible to use symlinks and subrepositories to defeat Mercurial\'s path-checking logic and write files outside a repository. This has been fixed. Users on older versions can either disable subrepositories with ``` [subrepos] allowed = false ``` in their configuration or by ensuring any cloned repositories don\'t contain malicious symlinks. * New Features + \'hg histedit\' will now present a curses UI if curses is available and \'ui.interface\' or \'ui.interface.histedit\' is set to \'curses\'. + The \'sparse-revlog\' delta strategy is enabled by default for new repositories. See `hg help config.format.sparse-revlog` for details. * Other Notable Features + New `rewrite.update-timestamp=True` option to update the commit timestamp on history editing (e.g. amend.) + New `ui.message-output=stderr` option for scripting, which prevents status messages from interleaved. + New `rootglob:` filename pattern for a glob that is rooted at the root of the repository. See `hg help patterns` and `hg help hgignore` for details. + Some more reimplementation of ancestry algorithms in Rust for better performance. * Backwards Compatibility Changes + Boolean options passed to the logtoprocess extension are now formatted as \"0\" or \"1\" instead of \"None\", \"False\", or \"True\". + The logtoprocess extension no longer supports invalid \"ui.log()\" arguments. A log message is always formatted and passed in to the \"$MSG1\" environment variable. * Internal API Changes + Status messages may be sent to a dedicated stream depending on configuration. Don\'t use \"ui.status()\", etc. as a shorthand for conditional writes. Use \"ui.write()\" for data output. + Add \'exthelper\' class to simplify extension writing by allowing functions, commands, and configitems to be registered via annotations. The previous APIs are still available for use. + The extension hook \"extsetup\" without a \'ui\' argument has been deprecated, and will be removed in the next version. Add a \'ui\' argument to avoid the deprecation warning.
Tue Jan 8 13:00:00 2019 Andrei Dziahel - Mercurial 4.8.2 This is a regularly-scheduled bugfix release containing following fixes: * commands + update: do not pass in user revspec as default destination (issue6044) * core + match: fix assertion for fileset with no context (issue6046) + revlog: catch delta base value under -1 + revlog: catch revlog corruption in index_baserev + server: always close http socket if responding with an error (issue6033) + vfs: ensure closewrapbase fh doesn\'t escape by entering context manager * extensions + phabricator: properly encode boolean types in the request body * unsorted + windows: ensure mixedfilemodewrapper fd doesn\'t escape by entering context mgr + worker: do not swallow exception occurred in main process
Wed Dec 5 13:00:00 2018 Andrei Dziahel - Mercurial 4.8.1 A regularly scheduled bugfix release. Some security fixes are included, but all are expected to be low-risk. * commands - commandserver: get around ETIMEDOUT raised by selectors2 - graft: do not try to skip rev derived from ancestor more than once (issue6024) - verify: provide unit to ui.makeprogress() * core - revlog: fix out-of-bounds access by negative parents read from revlog (SEC) * extensions - rebase: abort in-mem rebase if there\'s a dirty merge state - rebase: fix dir/file conflict detection when using in-mem merge - rebase: fix path auditing to audit path relative to repo root (issue5818) - rebase: preserve working copy when redoing in-mem rebase on disk * unsorted - tests: stabilize test-inherit-mode.t on FreeBSD and macOS (issue6026)
Tue Nov 6 13:00:00 2018 Andrei Dziahel - mercurial-4.8-python2-shebang.patch: fixes boo#1114895 - explicitly depend on Python 2.7+
Sat Nov 3 13:00:00 2018 Andrei Dziahel - Mercurial 4.8 This is a regularly-scheduled quarterly feature release. See release overview at https://www.mercurial-scm.org/wiki/Release4.8 and complete changelog at https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.8_.282018-11-02.29
Tue Oct 2 14:00:00 2018 Andrei Dziahel - Mercurial 4.7.2 This is a regularly-scheduled bugfix release containing following fixes: * security + Fix a potential out-of-bounds read in manifest parsing C code. * core + various minor correctness fixes in revsets for commonancestors() and similar * unsorted + chgserver: do not send system() back to client if stdio redirected (issue5992) + procutil: compare fd number to see if stdio protection is needed (issue5992)
Wed Sep 5 14:00:00 2018 Andrei Dziahel - Mercurial 4.7.1 This is a regularly-scheduled bugfix release containing following fixes: * commands + merge: do not delete untracked files silently (issue5962) * core + revlog: fix descendant deprecated method * hgweb + hgweb: load revcount + 1 entries to fill nextentry in log page (issue5972) * performance + remotephase: avoid full changelog iteration (issue5964) + remotephase: fast path newheads computation in simple case (issue5964) + scmutil: avoid quadratic membership testing (issue5969) + sparse-revlog: fix delta validity computation
Sun Aug 12 14:00:00 2018 develop7AATTdevelop7.info - Mercurial 4.7 This is a regularly-scheduled quarterly feature release and has it\'s own release notes page which can be found here: [Full release notes](https://www.mercurial-scm.org/wiki/Release4.7)
Tue Jul 3 14:00:00 2018 develop7AATTdevelop7.info - Mercurial 4.6.2 This is a regularly-scheduled bugfix release containing following fixes: * merge: do not fill manifest of committed revision with pseudo node (issue5526) * crecord: fix line number in hunk header (issue5917) * lazymanifest: don\'t crash when out of memory (issue5916) * procutil: use unbuffered stdout on Windows
Fri Jun 8 14:00:00 2018 develop7AATTdevelop7.info - Mercurial 4.6.1 This is a regularly-scheduled bugfix release that also contains security fixes. * Security Fixes Multiple issues found in mpatch.c with a fuzzer: + OVE-20180430-0001 + OVE-20180430-0002 + OVE-20180430-0004 With the following fixes: mpatch: be more careful about parsing binary patch data (SEC) mpatch: protect against underflow in mpatch_apply (SEC) mpatch: ensure fragment start isn\'t past the end of orig (SEC) mpatch: fix UB in int overflows in gather() (SEC) mpatch: fix UB integer overflows in discard() (SEC) mpatch: avoid integer overflow in mpatch_decode (SEC) mpatch: avoid integer overflow in combine() (SEC) No exploits are known at the time, however, it is highly recommended that all users upgrade. * Bug Fixes Also included in this release are the following, + zstandard: pull in bug fixes from upstream 0.9.1 (issue5884) + bundle2: fix old clients from reading newer format (issue5872) + bdiff: fix xdiff long/int64 conversion (issue5885) + push: continue without locking on lock failure other than EEXIST (issue5882) + lfs: fix crash in command server (issue5902) + hghave: fix deadlock in test runner + rebase: fix error when computing obsoletenotrebased (issue5907) + rebase: prioritize indicating an interrupted rebase over update (issue5838) + revset: pass in lookup function to matchany() (issue5879)
Fri May 11 14:00:00 2018 develop7AATTdevelop7.info - Mercurial 4.6 This is a regularly-scheduled quarterly feature release. See complete changelog at https://www.mercurial-scm.org/wiki/Release4.6
Wed Apr 4 14:00:00 2018 develop7AATTdevelop7.info - Mercurial 4.5.3 This is a regularly-scheduled bugfix release. * Bug Fixes + rebase: on abort, don\'t strip commits that didn\'t need to be rebased (issue5822) + hgweb: garbage collect on every request + amend: abort if unresolved merge conflicts found (issue5805)
Sat Mar 10 13:00:00 2018 develop7AATTdevelop7.info - Modernize spec-file by calling spec-cleaner
Wed Mar 7 13:00:00 2018 develop7AATTdevelop7.info - Mercurial 4.5.2 (4.5.2 was released immediately after 4.5.1 to fix a release oversight.) 1. Security Fixes (CVE-2018-1000132,bsc#1085211) All versions of Mercurial prior to 4.5.2 have vulnerabilities in the HTTP server that allow permissions bypass to: * Perform writes on repositories that should be read-only * Perform reads on repositories that shouldn\'t allow read access 2. Backwards Compatibility Changes The \"batch\" wire protocol command now enforces permissions of each invoked sub-command. Wire protocol commands must define their operation type or the \"batch\" command will assume they can write data and will prevent their execution on HTTP servers unless the HTTP request method is POST, the server is configured to allow pushes, and the (possibly authenticated) HTTP user is authorized to perform a push. Wire protocol commands not defining their operation type in \"wireproto.PERMISSIONS\" are now assumed to be used for \"push\" operations and access control to run those commands is now enforced accordingly. 3. Bug Fixes fileset: don\'t abort when running copied() on a revision with a removed file date: fix parsing months setup: only allow Python 3 from a source checkout (issue5804) annotate: do not poorly split lines at CR (issue5798) subrepo: don\'t attempt to share remote sources (issue5793) subrepo: activate clone pooling to enable sharing with remote URLs changegroup: do not delta lfs revisions revlog: do not use delta for lfs revisions revlog: resolve lfs rawtext to vanilla rawtext before applying delta See full cnahgelog on https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
Sun Feb 4 13:00:00 2018 develop7AATTdevelop7.info - Mercurial 4.5 See full changelog on https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5-rc_.282018-01-22.29 1. New Features 1.1. revert --interactive The revert command now accepts the flag --interactive to allow reverting only some of the changes to the specified files. 1.2. Accessing hidden changesets Set config option `experimental.directaccess = True` to access hidden changesets from read only commands. 1.3. githelp extension The githelp extension provides the `hg githelp` command. This command attempts to convert a git command to its Mercurial equivalent. The extension can be useful to Git users new to Mercurial. 1.4. Largefiles changes largefiles: add a \'debuglfput\' command to put largefile into the store largefiles: add support for \'largefiles://\' url scheme largefiles: allow to run \'debugupgraderepo\' on repo with largefiles largefiles: convert EOL of hgrc before appending to bytes IO largefiles: explicitly set the source and sink types to \'hg\' for lfconvert largefiles: modernize how capabilities are added to the wire protocol 2. hgweb changes hgweb now shows more information about commits: phase (if it\'s not public), obsolescence status (with a short explanation and links to the successors) and instabilities (e.g. orphan, phase-divergent or content-divergent). Client-side graph code has been simplified by delegating more work to the backend, so /graph page is now more in sync with /log page, visually and feature-wise. Unfortunately, this code change means that 3rd-party themes for 4.5+ are required to have graphentry.tmpl template available (copy it from the base theme if you don\'t use %include and then reference it in map file) and render entries in graph.tmpl -- look at one of the core themes to see what it needs to look like. JS functions that create graph vertices and edges are now available in Graph.prototype, making it possible to call the original functions from custom theme-specific functions if needed. Graph now shows different symbols for normal, branch-closing, obsolete and unstable commits, and marks currently checked out commit with a circle around its graph node. There\'s also now json-graph API endpoint that can be used for rendering commit graph in 3rd-party applications. 2.1. Other Changes When interactive revert is run against a revision other than the working directory parent, the diff shown is the diff to _apply_ to the working directory, rather than the diff to _discard_ from the working copy. This is in line with related user experiences with \'git\' and appears to be less confusing with \'ui.interface=curses\'. Let \'hg rebase\' avoid content-divergence by skipping obsolete changesets (and their descendants) when they are present in the rebase set along with one of their successors but none of their successors is in destination. A new experimental config flag, `rebase.experimental.inmemory`, makes rebase perform an in-memory merge instead of doing it on-disk in the working copy. The `HGPLAINEXCEPT` environment variable can now include color to allow automatic output colorization in otherwise automated environments. A new `unamend` command in `uncommit` extension which undoes the effect of the amend command by creating a new changeset which was there before amend and moving the changes that were amended to the working directory. A \'--abort\' flag to merge command to abort the ongoing merge. An experimental flag \'--rev\' to \'hg branch\' which can be used to change branch of changesets. bundle2 read I/O significantly improved bundle2 memory use significantly reduced during read clonebundle: it is now possible to serve the clonebundle using a git-lfs compatible server. templatefilters: add slashpath() to convert path separator to slash (issue5572) A new experimental config flag, \'inline-color-diff\', adds within-line color diff capacity histedit: add support to output nodechanges using formatter to help with editor integrations 3. Backwards Compatibility Changes `log --follow-first -rREV`, which is deprecated, now follows the first parent of merge revisions from the specified REV just like `log --follow -rREV`. `log --follow -rREV FILE..` now follows file history across copies and renames. transaction: register summary callbacks only at start of transaction hgweb\'s graph view no longer supports browsers that lack |
|
|