diff options
| author | jmmv <jmmv@pkgsrc.org> | 2006-03-09 20:30:16 +0000 |
|---|---|---|
| committer | jmmv <jmmv@pkgsrc.org> | 2006-03-09 20:30:16 +0000 |
| commit | b67e0cb02cbd9d953f7ebc65adfd0ab81e91b4a4 (patch) | |
| tree | f6d9225c9c92224a1695f76330a449bfa7c6a49a /devel/monotone | |
| parent | b72f413aa2278ae01a32e395c653264f2ffd3d75 (diff) | |
| download | pkgsrc-b67e0cb02cbd9d953f7ebc65adfd0ab81e91b4a4.tar.gz | |
Update to 0.25.2:
0.25.2 release. Important security fix for Windows and OS X
users.
With versions of monotone prior to this release, a person with
commit access could commit a malicious file with a name like
"mt/monotonerc". When anybody else then checked out this
revision on a system with a case-folding filesystem --
usually, this means, "on Windows or OS X" -- then their
monotone would run arbitrary Lua code stored in this file.
The _only_ change in this release as compared to 0.25 is that
the existing checks against files in MT are now extended to
check for mt, Mt, and mT.
All users on Windows and OS X, or otherwise checking out
versioned source on a case-insensitive filesystem, are
recommended to upgrade immediately. Binaries used only for
serving, or only on case-insensitive filesystems (i.e., most
Unix users), are not affected.
(0.25.1 was never released in source form. The original
0.25 build for Windows was found to have problems on NT 4, and
0.25.1 was Windows-only rebuild with NT 4 compatible
libraries.)
Diffstat (limited to 'devel/monotone')
| -rw-r--r-- | devel/monotone/Makefile | 5 | ||||
| -rw-r--r-- | devel/monotone/distinfo | 8 |
2 files changed, 6 insertions, 7 deletions
diff --git a/devel/monotone/Makefile b/devel/monotone/Makefile index c658b9b331c..4ab4685407b 100644 --- a/devel/monotone/Makefile +++ b/devel/monotone/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.20 2006/03/05 16:27:25 jlam Exp $ +# $NetBSD: Makefile,v 1.21 2006/03/09 20:30:16 jmmv Exp $ # -DISTNAME= monotone-0.25 -PKGREVISION= 1 +DISTNAME= monotone-0.25.2 CATEGORIES= devel MASTER_SITES= http://www.venge.net/monotone/downloads/ diff --git a/devel/monotone/distinfo b/devel/monotone/distinfo index 1206ab7aa55..bffa32f6dc5 100644 --- a/devel/monotone/distinfo +++ b/devel/monotone/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.12 2005/12/31 11:33:47 jmmv Exp $ +$NetBSD: distinfo,v 1.13 2006/03/09 20:30:16 jmmv Exp $ -SHA1 (monotone-0.25.tar.gz) = 53e0cc2b2aa7878cbef288ddd20f2d36e6aa040f -RMD160 (monotone-0.25.tar.gz) = 31dcb5983f3313c3fadb1ae32df4ea54859aad8f -Size (monotone-0.25.tar.gz) = 5415426 bytes +SHA1 (monotone-0.25.2.tar.gz) = 84eb3490c261728b0e3d4ece7eb3fb59cd8fe327 +RMD160 (monotone-0.25.2.tar.gz) = 91a69763039c10ff15421c92ee86609c2a5ec739 +Size (monotone-0.25.2.tar.gz) = 5427435 bytes |