Bug 25291

Shlomi, I see you updated Mageia 7 to 4.9.1.  Cauldron still has 4.7.2, and Mageia 6 also needs an update.

mercurial-4.9.1-1.mga7

(In reply to David Walser from comment #1)
> Shlomi, I see you updated Mageia 7 to 4.9.1.  Cauldron still has 4.7.2, and
> Mageia 6 also needs an update.
> 
> mercurial-4.9.1-1.mga7

Cauldron is now on hg 5.1.

(In reply to Shlomi Fish from comment #2)
> (In reply to David Walser from comment #1)
> > Shlomi, I see you updated Mageia 7 to 4.9.1.  Cauldron still has 4.7.2, and
> > Mageia 6 also needs an update.
> > 
> > mercurial-4.9.1-1.mga7
> 
> Cauldron is now on hg 5.1.

Are you sure it actually built?  Sophie sees a SRPM for 5.1 but only sees 4.7.2 for binary RPMS.

(note to self, Shlomi updated Mageia 6: mercurial-4.9.1-1.mga6 )

Oh I see 5.1 on pkgsubmit.  Sophie is slow.  Thanks.

Version: Cauldron => 7
Whiteboard: MGA7TOO, MGA6TOO => MGA6TOO

Advisory:
========================

Updated mercurial package fixes security vulnerability:

It was discovered that Mercurial mishandled symlinks in subrepositories. An
attacker could use this vulnerability to write arbitrary files to the target’s
filesystem (CVE-2019-3902).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
https://usn.ubuntu.com/4086-1/
========================

Updated packages in core/updates_testing:
========================
mercurial-4.9.1-1.mga6
mercurial-4.9.1-1.mga7

from SRPMS:
mercurial-4.9.1-1.mga6.src.rpm
mercurial-4.9.1-1.mga7.src.rpm

Assignee: shlomif => qa-bugs
CC: (none) => shlomif

Installed and tested without issues.

Tested on several existing and new, remote and local repositories.
Tests included init, clone, pull, push, status, verify, add, commit, summary, etc.

System: Mageia 7, x86_64, Intel CPU.

$ uname -a
Linux marte 5.1.20-desktop-2.mga7 #1 SMP Fri Jul 26 23:04:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q mercurial
mercurial-4.9.1-1.mga7

Whiteboard: MGA6TOO => MGA6TOO MGA7-64-OK
CC: (none) => mageia

MGA6-64 Plasma on Lenovo B50
No installation issues
Ref to bug 22895 Comment 5 and 7for tests.
As responses of the progam are a little different, I show the tests completely here:
$ hg version
Mercurial Distributed SCM (version 4.9.1)
(see https://mercurial-scm.org for more information)

Copyright (C) 2005-2019 Matt Mackall and others
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ cd Documenten/
$ mkdir qa
$ mkdir qa/hg
$ cd qa/hg
$ hg init
$ ls -a .hg
./  ../  00changelog.i  cache/  requires  store/  wcache/

$ cd .hg
$ hg clone http://selenic.com/hg mercurial-repo
real URL is https://www.mercurial-scm.org/repo/hg/
requesting all changes
adding changesets
adding manifests                                                                                                                                           
adding file changes                                                                                                                                        
added 42845 changesets with 81230 changes to 3381 files (+1 heads)                                                                                         
new changesets 9117c6561b0b:b22a8dadc6f5
updating to bookmark @
1989 files updated, 0 files merged, 0 files removed, 0 files unresolved                                                                                    
$ ls
00changelog.i  cache/  mercurial-repo/  requires  store/  wcache/
$ cd mercurial-repo/
$ ls
contrib/      CONTRIBUTORS  doc/  hgdemandimport/  hgext/     hgweb.cgi*  Makefile    README.rst  rust/     tests/
CONTRIBUTING  COPYING       hg*   hgeditor*        hgext3rd/  i18n/       mercurial/  relnotes/   setup.py
$ du -hs
107M    .
$ hg sum
parent: 42842:2c74337e6483 
 remotefilelog: reduce probability of race-condition in remotefilelog tests
branch: default
bookmarks: *@
commit: (clean)
update: (current)
$ hg add
$ hg parents
changeset:   42842:2c74337e6483
bookmark:    @
user:        Boris Feld <boris.feld@octobus.net>
date:        Wed Aug 28 16:01:16 2019 +0200
summary:     remotefilelog: reduce probability of race-condition in remotefilelog tests

$ hg help
Mercurial Distributed SCM

list of commands:

Repository creation:

 clone         make a copy of an existing repository
 init          create a new repository in the given directory
and a lot more ....

$ hg config --edit
that would allow to change password e.g.
All seems OK.

Whiteboard: MGA6TOO MGA7-64-OK => MGA6TOO MGA7-64-OK MGA6-64-OK
CC: (none) => herman.viaene

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0250.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Hmmm! this update broke tortoisehg now, see bug 25455

CC: (none) => geiger.david68210