Mercurial Mercurial > hg / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | zip | gz | bz2 | help
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -6 +6 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tue, 04 Dec 2018 17:04:17 -0500 Added tag 4.8.1 for changeset 1c8c54cf9725 stable
changeset
Augie Fackler <raf@durin42.com> [Tue, 04 Dec 2018 17:04:17 -0500] rev 40817
Added tag 4.8.1 for changeset 1c8c54cf9725
Tue, 20 Nov 2018 14:43:27 -0800 rebase: fix path auditing to audit path relative to repo root (issue5818) stable 4.8.1
changeset
Martin von Zweigbergk <martinvonz@google.com> [Tue, 20 Nov 2018 14:43:27 -0800] rev 40816
rebase: fix path auditing to audit path relative to repo root (issue5818) Before this patch, when rebasing a file called "foo/bar", we would check e.g. if "/foo" (i.e. rooted at the file system root) was a symlink. Differential Revision: https://phab.mercurial-scm.org/D5361
Tue, 04 Dec 2018 08:56:43 -0800 tests: show bad path auditing in in-memory rebase stable
changeset
Martin von Zweigbergk <martinvonz@google.com> [Tue, 04 Dec 2018 08:56:43 -0800] rev 40815
tests: show bad path auditing in in-memory rebase Thanks to Yuya for providing this test case in https://bz.mercurial-scm.org/show_bug.cgi?id=5818. Differential Revision: https://phab.mercurial-scm.org/D5368
Tue, 04 Dec 2018 08:55:48 -0800 tests: add a missing "cd .." to test-rebase-inmemory.t stable
changeset
Martin von Zweigbergk <martinvonz@google.com> [Tue, 04 Dec 2018 08:55:48 -0800] rev 40814
tests: add a missing "cd .." to test-rebase-inmemory.t Differential Revision: https://phab.mercurial-scm.org/D5367
Sun, 28 Oct 2018 21:29:04 +0900 rust: fix possible out-of-bounds read through index_get_parents() stable
changeset
Yuya Nishihara <yuya@tcha.org> [Sun, 28 Oct 2018 21:29:04 +0900] rev 40813
rust: fix possible out-of-bounds read through index_get_parents() index_get_parents() is an internal function, which doesn't check if the specified rev is valid. If rustlazyancestors() were instantiated with an invalid stoprev, it would access to invalid memory region. This is NOT a security fix as there's no Python code triggering the bug, but included in this series to not give a notion about the memory issue fixed by the previous patch.
Thu, 01 Nov 2018 20:32:59 +0900 revlog: fix out-of-bounds access by negative parents read from revlog (SEC) stable
changeset
Yuya Nishihara <yuya@tcha.org> [Thu, 01 Nov 2018 20:32:59 +0900] rev 40812
revlog: fix out-of-bounds access by negative parents read from revlog (SEC) 82d6a35cf432 wasn't enough. Several callers don't check negative revisions but for -1 (nullrev), which would directly lead to out-of-bounds read, and buffer overflow could follow. RCE might be doable with carefully crafted revlog structure, though I don't think this would be useful attack surface.
(0) -30000 -10000 -3000 -1000 -300 -100 -30 -10 -6 +6 +10 +30 +100 +300 +1000 +3000 +10000 tip
Mercurial