Security update needed for mercurial (upload error: doesn't follow naming convention)
Jon Turney
jon.turney@dronecode.org.uk
Wed Apr 20 17:22:00 GMT 2016
On 20/04/2016 17:56, Jari Aalto wrote:
>> 3.7.3 as a security release, with fixes for:
>>
>> CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
>> CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
>> CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
>
> New release uploaded, but I got this message (x64)?
Thanks.
> ERROR: tar file 'mercurial-3.7.3.tar.gz' in package 'mercurial' doesn't follow naming convention
> ERROR: error while reading uploaded packages for Jari Aalto
Yes, you seem to have uploaded:
mercurial-3.7.3.tar.gz - upstream tar file
mercurial-3.7.3-1.tar.xz - cygwin binary package
mercurial-3.7.3-1-src.tar.xz - cygwin source package containing the
upstream tar file and build script
The behaviour of upset was to accept mercurial-3.7.3.tar.gz as a binary
package file, fortunately of a version preceding 3.7.3-1.
This was never correct, so it's now reported as an error.
I have removed the upstream tar files to allow the upload to proceed.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list