Mercurial Mercurial > hg / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -10000 -3000 -1000 -300 -100 -30 -10 -6 +6 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tue, 29 Mar 2016 11:54:45 -0500 Added tag 3.7.3 for changeset ae279d4a19e9 stable
changeset
Matt Mackall <mpm@selenic.com> [Tue, 29 Mar 2016 11:54:45 -0500] rev 28664
Added tag 3.7.3 for changeset ae279d4a19e9
Tue, 22 Mar 2016 17:27:27 -0700 convert: test for shell injection in git calls (SEC) stable 3.7.3
changeset
Mateusz Kwapich <mitrandir@fb.com> [Tue, 22 Mar 2016 17:27:27 -0700] rev 28663
convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart.
Tue, 22 Mar 2016 17:05:11 -0700 convert: rewrite gitpipe to use common.commandline (SEC) stable
changeset
Mateusz Kwapich <mitrandir@fb.com> [Tue, 22 Mar 2016 17:05:11 -0700] rev 28662
convert: rewrite gitpipe to use common.commandline (SEC) CVE-2016-3069 (4/5)
Tue, 22 Mar 2016 17:05:11 -0700 convert: dead code removal - old git calling functions (SEC) stable
changeset
Mateusz Kwapich <mitrandir@fb.com> [Tue, 22 Mar 2016 17:05:11 -0700] rev 28661
convert: dead code removal - old git calling functions (SEC) CVE-2016-3069 (3/5)
Tue, 22 Mar 2016 17:05:11 -0700 convert: rewrite calls to Git to use the new shelling mechanism (SEC) stable
changeset
Mateusz Kwapich <mitrandir@fb.com> [Tue, 22 Mar 2016 17:05:11 -0700] rev 28660
convert: rewrite calls to Git to use the new shelling mechanism (SEC) CVE-2016-3069 (2/5) One test output changed because we were ignoring git return code in numcommits before.
Tue, 22 Mar 2016 17:05:11 -0700 convert: add new, non-clowny interface for shelling out to git (SEC) stable
changeset
Mateusz Kwapich <mitrandir@fb.com> [Tue, 22 Mar 2016 17:05:11 -0700] rev 28659
convert: add new, non-clowny interface for shelling out to git (SEC) CVE-2016-3069 (1/5) To avoid shell injection and for the sake of simplicity let's use the common.commandline for calling git.
(0) -10000 -3000 -1000 -300 -100 -30 -10 -6 +6 +10 +30 +100 +300 +1000 +3000 +10000 tip
Mercurial