On 20/04/2016 17:56, Jari Aalto wrote:
3.7.3 as a security release, with fixes for:
CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
New release uploaded, but I got this message (x64)?
Thanks.
ERROR: tar file 'mercurial-3.7.3.tar.gz' in package 'mercurial' doesn't follow
naming convention
ERROR: error while reading uploaded packages for Jari Aalto
Yes, you seem to have uploaded:
mercurial-3.7.3.tar.gz - upstream tar file
mercurial-3.7.3-1.tar.xz - cygwin binary package
mercurial-3.7.3-1-src.tar.xz - cygwin source package containing the
upstream tar file and build script
The behaviour of upset was to accept mercurial-3.7.3.tar.gz as a binary
package file, fortunately of a version preceding 3.7.3-1.
This was never correct, so it's now reported as an error.
I have removed the upstream tar files to allow the upload to proceed.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
