| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:subject:references:cc:to:reply-to:from | |
| :message-id:date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=q4mhu9zsfYTN9MWx | |
| uEAe7q5lk1EAO4BsAF+joBV51kSqYMEmBMz94CQWfZnp9mib/Xq4VXKWHKubb4Oo | |
| wNtkm8Wrsz09ZnfGwgMRQJp3uopxyi5IVHe1Iwkv4GRn/NkA4iyKoIjz6Q2z1gwP | |
| +lI9uPbecMht7KGn8dcR2Pkj3pM= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:subject:references:cc:to:reply-to:from | |
| :message-id:date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=oZB+rTGxemyjn9sOSY0bRG | |
| SnG1U=; b=HE8zQKM876t/DfI78pbl6c0UN7OTv/co980PtmwmtRYyhTtAqdsd+A | |
| nQsWqq/Q8sDzFT9GPev2+nPHwDAm5C4lv292uKF/uHv6Iv+EGaQWI1jwTKHG4nVv | |
| KIFj1wNvK4xOqeaxXPGEbtyf4WoReSrP6ehGprgUKZ5Z6tvi7vYl8= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-1.6 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 spammy=upset, H*MI:sk:2016042, Hx-spam-relays-external:ESMTPA |
| X-HELO: | out2-smtp.messagingengine.com |
| Subject: | Re: Security update needed for mercurial (upload error: doesn't follow naming convention) |
| References: | <86h9fjdhkf DOT fsf AT gmail DOT com> <vz137qhlfxy DOT fsf AT gmail DOT com> <20160420085938 DOT GA16548 AT calimero DOT vinschen DOT de> <20160420165640 DOT GB9640 AT piccolo> |
| Cc: | Jari Aalto <jari DOT aalto AT cante DOT net> |
| To: | cygwin AT cygwin DOT com |
| Reply-To: | cygwin AT cygwin DOT com |
| From: | Jon Turney <jon DOT turney AT dronecode DOT org DOT uk> |
| Message-ID: | <5717B8E2.3010605@dronecode.org.uk> |
| Date: | Wed, 20 Apr 2016 18:14:10 +0100 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <20160420165640.GB9640@piccolo> |
On 20/04/2016 17:56, Jari Aalto wrote: >> 3.7.3 as a security release, with fixes for: >> >> CVE-2016-3630 Mercurial: remote code execution in binary delta decoding >> CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos >> CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos > > New release uploaded, but I got this message (x64)? Thanks. > ERROR: tar file 'mercurial-3.7.3.tar.gz' in package 'mercurial' doesn't follow naming convention > ERROR: error while reading uploaded packages for Jari Aalto Yes, you seem to have uploaded: mercurial-3.7.3.tar.gz - upstream tar file mercurial-3.7.3-1.tar.xz - cygwin binary package mercurial-3.7.3-1-src.tar.xz - cygwin source package containing the upstream tar file and build script The behaviour of upset was to accept mercurial-3.7.3.tar.gz as a binary package file, fortunately of a version preceding 3.7.3-1. This was never correct, so it's now reported as an error. I have removed the upstream tar files to allow the upload to proceed. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |