Mercurial Mercurial > hg / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -4 +4 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fri, 01 Feb 2019 13:44:09 -0500 Added signature for changeset 83377b4b4ae0 stable
changeset
Augie Fackler <raf@durin42.com> [Fri, 01 Feb 2019 13:44:09 -0500] rev 41460
Added signature for changeset 83377b4b4ae0
Fri, 01 Feb 2019 13:44:07 -0500 Added tag 4.9 for changeset 83377b4b4ae0 stable
changeset
Augie Fackler <raf@durin42.com> [Fri, 01 Feb 2019 13:44:07 -0500] rev 41459
Added tag 4.9 for changeset 83377b4b4ae0
Tue, 08 Jan 2019 22:19:36 +0900 subrepo: reject potentially unsafe subrepo paths (BC) (SEC) stable 4.9
changeset
Yuya Nishihara <yuya@tcha.org> [Tue, 08 Jan 2019 22:19:36 +0900] rev 41458
subrepo: reject potentially unsafe subrepo paths (BC) (SEC) In addition to the previous patch, this prohibits '~', '$nonexistent', etc. for any subrepo types. I think this is safer, and real-world subrepos wouldn't use such (local) paths.
Tue, 08 Jan 2019 22:07:45 +0900 subrepo: prohibit variable expansion on creation of hg subrepo (SEC) stable
changeset
Yuya Nishihara <yuya@tcha.org> [Tue, 08 Jan 2019 22:07:45 +0900] rev 41457
subrepo: prohibit variable expansion on creation of hg subrepo (SEC) It's probably wrong to expand path at localrepo.*repository() layer, but fixing the layering issue would require careful inspection of call paths. So, this patch adds add a validation to the subrepo constructor. os.path.realpath(util.expandpath(root)) is what vfsmod.vfs() would do.
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -4 +4 +10 +30 +100 +300 +1000 +3000 +10000 tip
Mercurial