|
|
|
|
Changelog for mercurial-lang-4.5.2-lp152.7.3.1.noarch.rpm :
* Tue May 14 2019 tiwaiAATTsuse.de- Fix incorrect patch-checking with symlinks and subrepos (CVE-2019-3902, bsc#1133035): hg-CVE-2019-3902-fix1.patch hg-CVE-2019-3902-fix2.patch hg-CVE-2019-3902-fix3.patch * Tue Oct 09 2018 tiwaiAATTsuse.de- Fix out-of-bounds read during parsing of a malformed manifest entry (CVE-2018-17983, bsc#1110899): hg-CVE-2018-17983.patch * Fri Jul 06 2018 tiwaiAATTsuse.de- Fix security issues in mpatch overflow and other misbehavior (CVE-2018-13346, bsc#1100354, CVE-2018-13347, bsc#1100355, CVE-2018-13348, bsc#1100353): hg-mpatch-fix01.patch hg-mpatch-fix02.patch hg-mpatch-fix03.patch hg-mpatch-fix04.patch hg-mpatch-fix05.patch hg-mpatch-fix06.patch hg-mpatch-fix07.patch hg-mpatch-fix08.patch hg-mpatch-fix09.patch * Sat Mar 10 2018 develop7AATTdevelop7.info- Modernize spec-file by calling spec-cleaner * Wed Mar 07 2018 develop7AATTdevelop7.info- Mercurial 4.5.2 (4.5.2 was released immediately after 4.5.1 to fix a release oversight.) 1. Security Fixes (CVE-2018-1000132,bsc#1085211) All versions of Mercurial prior to 4.5.2 have vulnerabilities in the HTTP server that allow permissions bypass to: * Perform writes on repositories that should be read-only * Perform reads on repositories that shouldn\'t allow read access 2. Backwards Compatibility Changes The \"batch\" wire protocol command now enforces permissions of each invoked sub-command. Wire protocol commands must define their operation type or the \"batch\" command will assume they can write data and will prevent their execution on HTTP servers unless the HTTP request method is POST, the server is configured to allow pushes, and the (possibly authenticated) HTTP user is authorized to perform a push. Wire protocol commands not defining their operation type in \"wireproto.PERMISSIONS\" are now assumed to be used for \"push\" operations and access control to run those commands is now enforced accordingly. 3. Bug Fixes fileset: don\'t abort when running copied() on a revision with a removed file date: fix parsing months setup: only allow Python 3 from a source checkout (issue5804) annotate: do not poorly split lines at CR (issue5798) subrepo: don\'t attempt to share remote sources (issue5793) subrepo: activate clone pooling to enable sharing with remote URLs changegroup: do not delta lfs revisions revlog: do not use delta for lfs revisions revlog: resolve lfs rawtext to vanilla rawtext before applying delta See full cnahgelog on https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29 * Sun Feb 04 2018 develop7AATTdevelop7.info- Mercurial 4.5 See full changelog on https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5-rc_.282018-01-22.29 1. New Features 1.1. revert --interactive The revert command now accepts the flag --interactive to allow reverting only some of the changes to the specified files. 1.2. Accessing hidden changesets Set config option `experimental.directaccess = True` to access hidden changesets from read only commands. 1.3. githelp extension The githelp extension provides the `hg githelp` command. This command attempts to convert a git command to its Mercurial equivalent. The extension can be useful to Git users new to Mercurial. 1.4. Largefiles changes largefiles: add a \'debuglfput\' command to put largefile into the store largefiles: add support for \'largefiles://\' url scheme largefiles: allow to run \'debugupgraderepo\' on repo with largefiles largefiles: convert EOL of hgrc before appending to bytes IO largefiles: explicitly set the source and sink types to \'hg\' for lfconvert largefiles: modernize how capabilities are added to the wire protocol 2. hgweb changes hgweb now shows more information about commits: phase (if it\'s not public), obsolescence status (with a short explanation and links to the successors) and instabilities (e.g. orphan, phase-divergent or content-divergent). Client-side graph code has been simplified by delegating more work to the backend, so /graph page is now more in sync with /log page, visually and feature-wise. Unfortunately, this code change means that 3rd-party themes for 4.5+ are required to have graphentry.tmpl template available (copy it from the base theme if you don\'t use %include and then reference it in map file) and render entries in graph.tmpl -- look at one of the core themes to see what it needs to look like. JS functions that create graph vertices and edges are now available in Graph.prototype, making it possible to call the original functions from custom theme-specific functions if needed. Graph now shows different symbols for normal, branch-closing, obsolete and unstable commits, and marks currently checked out commit with a circle around its graph node. There\'s also now json-graph API endpoint that can be used for rendering commit graph in 3rd-party applications. 2.1. Other Changes When interactive revert is run against a revision other than the working directory parent, the diff shown is the diff to _apply_ to the working directory, rather than the diff to _discard_ from the working copy. This is in line with related user experiences with \'git\' and appears to be less confusing with \'ui.interface=curses\'. Let \'hg rebase\' avoid content-divergence by skipping obsolete changesets (and their descendants) when they are present in the rebase set along with one of their successors but none of their successors is in destination. A new experimental config flag, `rebase.experimental.inmemory`, makes rebase perform an in-memory merge instead of doing it on-disk in the working copy. The `HGPLAINEXCEPT` environment variable can now include color to allow automatic output colorization in otherwise automated environments. A new `unamend` command in `uncommit` extension which undoes the effect of the amend command by creating a new changeset which was there before amend and moving the changes that were amended to the working directory. A \'--abort\' flag to merge command to abort the ongoing merge. An experimental flag \'--rev\' to \'hg branch\' which can be used to change branch of changesets. bundle2 read I/O significantly improved bundle2 memory use significantly reduced during read clonebundle: it is now possible to serve the clonebundle using a git-lfs compatible server. templatefilters: add slashpath() to convert path separator to slash (issue5572) A new experimental config flag, \'inline-color-diff\', adds within-line color diff capacity histedit: add support to output nodechanges using formatter to help with editor integrations 3. Backwards Compatibility Changes `log --follow-first -rREV`, which is deprecated, now follows the first parent of merge revisions from the specified REV just like `log --follow -rREV`. `log --follow -rREV FILE..` now follows file history across copies and renames. transaction: register summary callbacks only at start of transaction hgweb\'s graph view no longer supports browsers that lack |
|
|