X-Spam-Check-By: sourceware.org
Message-Id: <announce.44257CD8.2070902@lapo.it>
Date: Sat, 25 Mar 2006 18:24:40 +0100
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8) Gecko/20051201 Thunderbird/1.5 Mnenhy/0.7.3.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: [ANNOUNCEMENT] Updated: monotone-0.25.2-1 (security fix)
OpenPGP: id=C8F252FB
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
From: Lapo Luchini <lapo DOT luchini AT gmail DOT com>
Reply-To: cygwin AT cygwin DOT com
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Version 0.25.2-1 of monotone has been uploaded.

monotone is a free distributed version control system. it provides a
simple, single-file transactional version store, with fully disconnected
operation and an efficient peer-to-peer synchronization protocol. it
understands history-sensitive merging, lightweight branches, integrated
code review and 3rd party testing. it uses cryptographic version naming
and client-side RSA certificates. it has good internationalization
support, has no external dependencies, runs on linux, solaris, OSX,
windows, and other unixes, and is licensed under the GNU GPL.

**** important security fix ****

With versions of monotone prior to this release, a person with
commit access could commit a malicious file with a name like
"mt/monotonerc".  When anybody else then checked out this
revision on a system with a case-folding filesystem --
usually, this means, "on Windows or OS X" -- then their
monotone would run arbitrary Lua code stored in this file.

The _only_ change in this release as compared to 0.25 is that
the existing checks against files in MT are now extended to
check for mt, Mt, and mT.

A more detailed description of the upgrade process is on the official
website: http://venge.net/monotone/NEWS.pre




If you have questions or comments, please send them to the Cygwin
mailing list at: cygwin AT cygwin DOT com .

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJEJXzXAAoJELBiMTth2oCDslYQAI0K86d/Bu525j9XEE6XWUqB
cxSJMnuk2Ta6optF0DbeeySp46mn/uYwMaY+GPIeVeQmCsRvmn2OjtcXBWfy/FS/
trHdVnRzuea3F7T0GN+zkVRbktqCxfElIE2wKrF+zsYuuPumYu12TGziVxzngrOY
2jURLhyAsZq1bXPWzcPswjLHsk8EEMmY1U39mixWC6uOoTKYhgj0BJHvR/H0wo6O
L3+M8pj37NIRrH+cDcK47yF11QTbzFYd2p3o1mLdlZbCdjyFyu46bpoBJP7v09YI
0sKujZyxIO2t4rU2eys8jPHXL+l29NYCs5jyNWMtBUOqxEkWHYdXeGraT5G97Gyb
gXk4BOz66TKyiP7+r4h7LmYHISI8TzNLisCJiJrEWB42jXeT/vGas7sFxQz9Pmv1
NgLxH40y84foWsQZp458Mu9UCgPe+iPC5E43YDTGPyy5ueICdMoCGIj4cfboffRE
2632i7s6bZIzc4igjjDDfAGO6Mpwy4QeXpE8la/QpCnGnguomdOWUy/VemOI+17R
HDM3p+6dIEfq4Uu6hQv6DOHbFdyM2QlZEYD0O11m+pCnuELm5/aUhawhAkJFFUn+
w1NF0ugsjaDR52dMKZel2P0IGGdiKb1HdyVVfFaqURiQ7CE0KjKtAWH3LK6AAIZT
hl75RB385RteH4bJpS2M
=9LEA
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/