head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.16
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.14
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.12
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.10
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.8
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.6
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.4
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.2
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2008.08.29.21.11.00;	author bjs;	state dead;
branches;
next	1.1;

1.1
date	2008.07.19.13.36.51;	author drochner;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2008.07.19.13.36.51;	author rtr;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2008.07.22.08.04.31;	author rtr;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to mercurial-1.0.2

   This is a relatively small bugfix release with two security fixes.

   Security:
     * ensure that git patches only touch files within the repository
       (CVE-2008-2942)
     * hgweb: fix "allowpull" permission being ignored when pulling from
       hgweb

   General:
     * commit: handle copies of previously deleted files (issue 1175)
     * bisect: allow for having multiple resulting changesets
     * fix Python 2.3 compatibility
     * make mq patches and .hgtags hardlink-safe again
     * various documentation improvements and fixes
     * fix a crash when addremove was called to replace a deleted directory
       with a symlink
     * make branches output easier to parse (issue 1230)
     * fix inactive branches detection (issue 1104)
     * hgweb: fix a crash in archive when the URL did not end in an
       expected
       archive type
     * sshserver: fix a crash in error handling code
     * fix the patchbomb extension on Windows by including email package in
       binary installations
     * handle symlinks when OS supports them but FS doesn't (issue 1149)

   Extensions:
     * mq:
          * fix qrefresh losing metadata on the last refreshed file (issue
            1134)
          * fix a crash when renaming a patch just after a versioned queue
            initialization
          * fix the path of an explicitly specified queue when merging
            patches
          * strip now updates the working directory only if a parent was
            stripped
     * convert:
          * CVS: fix a crash when converting an existing working copy
          * monotone: fix quotes and backslashes parsing when reading
            commit
            messages
          * Subversion: correctly normalize paths and slashes
          * Subversion: fix compatibility with Subversion 1.5
          * git: allow converter to work with recent git releases
     * color:
          * get coloring for qseries --verbose output
          * improve mq extension detection
          * reset coloring before and after outputting colorized lines
     * highlight: fix a performance issue when detecting file types from
       large files
     * notify: take the diff options into account
@
text
@$NetBSD: patch-ab,v 1.1 2008/07/19 13:36:51 drochner Exp $

--- mercurial/patch.py.orig	2008-07-19 15:16:17.000000000 +0200
+++ mercurial/patch.py
@@@@ -1039,9 +1039,12 @@@@ def applydiff(ui, fp, changed, strip=1, 
                 continue
         elif state == 'git':
             gitpatches = values
+	    cwd = os.getcwd()
             for gp in gitpatches:
                 if gp.op in ('COPY', 'RENAME'):
-                    copyfile(gp.oldpath, gp.path)
+                    src, dst = [util.canonpath(cwd, cwd, x)
+                                for x in [gp.oldpath, gp.path]]
+                    copyfile(src, dst)
                 changed[gp.path] = (gp.op, gp)
         else:
             raise util.Abort(_('unsupported parser state: %s') % state)
@


1.1
log
@add patch from upstream CVS to fix path checking on git style patch
import (CVE-2008-2942), bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ab was added on branch pkgsrc-2008Q2 on 2008-07-22 08:04:31 +0000
@
text
@d1 18
@


1.1.2.2
log
@pullup ticket #2455 requested by drochner
mercurial: fix for path check on patch import

revisions pulled up:
pkgsrc/devel/mercurial/Makefile		1.19
pkgsrc/devel/mercurial/distinfo		1.13
pkgsrc/devel/mercurial/patches/patch-ab	1.1

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Sat Jul 19 13:36:51 UTC 2008

   Modified Files:
           pkgsrc/devel/mercurial: Makefile distinfo
   Added Files:
           pkgsrc/devel/mercurial/patches: patch-ab

   Log Message:
   add patch from upstream CVS to fix path checking on git style patch
   import (CVE-2008-2942), bump PKGREVISION
@
text
@a0 18
$NetBSD: patch-ab,v 1.1 2008/07/19 13:36:51 drochner Exp $

--- mercurial/patch.py.orig	2008-07-19 15:16:17.000000000 +0200
+++ mercurial/patch.py
@@@@ -1039,9 +1039,12 @@@@ def applydiff(ui, fp, changed, strip=1, 
                 continue
         elif state == 'git':
             gitpatches = values
+	    cwd = os.getcwd()
             for gp in gitpatches:
                 if gp.op in ('COPY', 'RENAME'):
-                    copyfile(gp.oldpath, gp.path)
+                    src, dst = [util.canonpath(cwd, cwd, x)
+                                for x in [gp.oldpath, gp.path]]
+                    copyfile(src, dst)
                 changed[gp.path] = (gp.op, gp)
         else:
             raise util.Abort(_('unsupported parser state: %s') % state)
@