contrib/mergetools.hgrc | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

---

mercurial/templater.py | 2 1 + 1 - 0 !
setup.py | 8 0 + 8 - 0 !
2 files changed, 1 insertion(+), 9 deletions(-)

---

mercurial/help.py | 6 4 + 2 - 0 !
setup.py | 3 1 + 2 - 0 !
2 files changed, 5 insertions(+), 4 deletions(-)

---

mercurial/lsprof.py | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

---

doc/hgrc.5.txt | 3 2 + 1 - 0 !
hgeditor | 2 1 + 1 - 0 !
i18n/da.po | 4 2 + 2 - 0 !
i18n/de.po | 6 3 + 3 - 0 !
i18n/el.po | 4 2 + 2 - 0 !
i18n/fr.po | 4 2 + 2 - 0 !
i18n/it.po | 6 3 + 3 - 0 !
i18n/ja.po | 8 4 + 4 - 0 !
i18n/pt_BR.po | 8 4 + 4 - 0 !
i18n/sv.po | 4 2 + 2 - 0 !
i18n/zh_CN.po | 4 2 + 2 - 0 !
i18n/zh_TW.po | 4 2 + 2 - 0 !
mercurial/commands.py | 4 2 + 2 - 0 !
mercurial/help/environment.txt | 2 1 + 1 - 0 !
mercurial/ui.py | 2 1 + 1 - 0 !
15 files changed, 33 insertions(+), 32 deletions(-)

---

hgext/hgk.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

hgext/bugzilla.py | 3 2 + 1 - 0 !
hgext/convert/bzr.py | 3 2 + 1 - 0 !
hgext/convert/common.py | 5 3 + 2 - 0 !
hgext/convert/cvs.py | 2 1 + 1 - 0 !
hgext/convert/darcs.py | 5 3 + 2 - 0 !
hgext/convert/git.py | 2 1 + 1 - 0 !
hgext/convert/gnuarch.py | 3 2 + 1 - 0 !
hgext/convert/monotone.py | 2 1 + 1 - 0 !
hgext/convert/subversion.py | 13 10 + 3 - 0 !
mercurial/hgweb/server.py | 3 2 + 1 - 0 !
10 files changed, 27 insertions(+), 14 deletions(-)

---

hgext/zeroconf/__init__.py | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

---

mercurial/i18n.py | 2 1 + 1 - 0 !
setup.py | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---

mercurial/sshrepo.py | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 sshpeer: more thorough shell quoting
 This fixes CVE-2014-9462.  Adapted to 1.6.4 by Javi Merino <vicho@debian.org>

mercurial/sshrepo.py | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 from_upstream__sshpeer_even_more_thorough_shell_quoting

mercurial/encoding.py | 22 22 + 0 - 0 !
1 file changed, 22 insertions(+)

 encoding: add hfsignoreclean to clean out hfs-ignored characters
 According to Apple Technote 1150 (unavailable from Apple as far as I
 can tell, but archived in several places online), HFS+ ignores sixteen
 specific unicode runes when doing path normalization. We need to
 handle those cases, so this function lets us efficiently strip the
 offending characters from a UTF-8 encoded string (which is the only
 way it seems to matter on OS X.)
 .
 This is a fix for CVE-2014-9390

mercurial/util.py | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 pathauditor: check for codepoints ignored on os x
 This is a fix for CVE-2014-9390

mercurial/util.py | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 pathauditor: check for windows shortname aliases
 This is a fix for CVE-2014-9390

tests/test-CVE-2014-9390 | 65 65 + 0 - 0 !
tests/test-CVE-2014-9390.out | 6 6 + 0 - 0 !
2 files changed, 71 insertions(+)

 from_upstream__test_cve-2014-930