Augie Fackler <raf@durin42.com> [Wed, 06 Jun 2018 13:28:48 -0400] rev 38196
Added tag 4.6.1 for changeset
9c5ced5276d6
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:24:58 -0400] rev 38195
mpatch: avoid integer overflow in combine() (SEC)
All the callers of this function can handle a NULL return, so that
appears to be the "safe" way to report an error.
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:23:06 -0400] rev 38194
mpatch: avoid integer overflow in mpatch_decode (SEC)
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:20:13 -0400] rev 38193
mpatch: fix UB integer overflows in discard() (SEC)
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:15:11 -0400] rev 38192
mpatch: fix UB in int overflows in gather() (SEC)
Augie Fackler <augie@google.com> [Thu, 03 May 2018 12:54:20 -0400] rev 38191
mpatch: introduce a safesub() helper as well
Same reason as safeadd().
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:13:42 -0400] rev 38190
mpatch: introduce a safeadd() helper to work around UB int overflow
We're about to make extensive use of this. This change duplicates some
stdbool.h portability hacks from cext/util.h. We should probably clean
that up in the future, but we'll skip that for now in order to make
security backports easier.
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 10:09:12 -0400] rev 38189
mpatch: ensure fragment start isn't past the end of orig (SEC)
Caught by oss-fuzz fuzzer during development.
This defect is OVE-
20180430-0004. A CVE has not been obtained as of
this writing.
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 02:04:56 -0400] rev 38188
mpatch: protect against underflow in mpatch_apply (SEC)
Also caught by oss-fuzz fuzzer during development.
This defect is OVE-
20180430-0002. A CVE has not been obtained as of this writing.
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 00:42:16 -0400] rev 38187
mpatch: be more careful about parsing binary patch data (SEC)
It appears to have been possible to trivially walk off the end of an
allocated region with a malformed patch. Oops.
Caught when writing an mpatch fuzzer for oss-fuzz.
This defect is OVE-
20180430-0001. A CVE has not been obtained as of
this writing.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 06 Jun 2018 09:14:33 -0700] rev 38186
zstandard: pull in bug fixes from upstream 0.9.1 release (
issue5884)
This changeset contains the meaningful code changes from
python-zstandard's 0.9.1 release. The main fix is to restore
support for compiling with mingw.
Anton Shestakov <av6@dwimlabs.net> [Wed, 06 Jun 2018 21:19:42 +0800] rev 38185
templatefuncs: only render text portion of minirst.format() result
When "keep" argument is provided, the function returns (text, pruned), where
pruned is a list of sections from the original plain text that were pruned from
the rendered result. Let's not output it together with the rendered HTML.
Anton Shestakov <av6@dwimlabs.net> [Wed, 06 Jun 2018 21:15:26 +0800] rev 38184
tests: demonstrate that hgweb renders "pruned" that minirst.format() returns
Notice at the bottom of the help text there's "windows". It's a section that is
in the original help text, but was pruned (because hgweb didn't ask for it).
Matt Harbison <matt_harbison@yahoo.com> [Tue, 05 Jun 2018 23:49:54 -0400] rev 38183
rebase: avoid RevlogError when computing obsoletenotrebased (
issue5907)
The key to reproducing this seems to be missing an obsolete node that is not an
ancestor of the destination.
Matt Harbison <matt_harbison@yahoo.com> [Sat, 02 Jun 2018 13:44:44 -0400] rev 38182
rebase: prioritize indicating an interrupted rebase over update (
issue5838)
This should also cover the transplant extension, and any other non clearable
states.