CVSROOT: /cvs Module name: ports Changes by: juan...@cvs.openbsd.org 2019/02/02 09:08:07
Modified files: devel/mercurial: Tag: OPENBSD_6_4 Makefile devel/mercurial/pkg: Tag: OPENBSD_6_4 PLIST-main Log message: SECURITY: Prior to 4.9, it's possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. As per recommendation of Augie Fackler (Mercurial developer), I'm creating a global rc file to disable subrepos or any future dangerous feature. If you need subrepos support, you can enable it in the project rc file (i.e. myrepo/.hg/hgrc). Use it only with really trusty sources.