# 
# 
# patch "ChangeLog"
#  from [f4b32347fabd5ef3ed5f451862840a856d835871]
#    to [7119822a8b01853dcadc7cc8eec4347fb3e9c179]
# 
# patch "NEWS"
#  from [1e87b8d8f8d9e3829f5b4da06365855ff42e70c9]
#    to [113cf5d13bd4139faaf4dce9d4f1c730a82b2556]
# 
# patch "UPGRADE"
#  from [807ca2751910f5496e94b82c78c64412911b3ab9]
#    to [948a40e7ad0f031a33b997d2b0732519633b0af5]
# 
============================================================
--- ChangeLog	f4b32347fabd5ef3ed5f451862840a856d835871
+++ ChangeLog	7119822a8b01853dcadc7cc8eec4347fb3e9c179
@@ -1,5 +1,9 @@
 2006-03-04  Nathaniel Smith  <address@hidden>
 
+	* NEWS: Draft NEWS for 0.25.1 security release.
+
+2006-03-04  Nathaniel Smith  <address@hidden>
+
 	* paths.cc (in_bookkeeping_dir): Count mt, Mt, mT as marking
 	bookkeeping paths.
 	* testsuite.at, tests/t_security_fix.at: Add test for it.
============================================================
--- NEWS	1e87b8d8f8d9e3829f5b4da06365855ff42e70c9
+++ NEWS	113cf5d13bd4139faaf4dce9d4f1c730a82b2556
@@ -1,3 +1,25 @@
+????????????????????????????
+
+        0.25.1 release.  Important security fix for Windows and OS X
+        users.
+
+        With versions of monotone prior to this release, a person with
+        commit access could commit a malicious file with a name like
+        "mt/monotonerc".  When anybody else then checked out this
+        revision on a system with a case-folding filesystem --
+        usually, this means, "on Windows or OS X" -- then their
+        monotone would run arbitrary Lua code stored in this file.
+
+        The _only_ change in this release as compared to 0.25 is that
+        the existing checks against files in MT are now extended to
+        check for mt, Mt, and mT.
+
+        All users on Windows and OS X, or otherwise checking out
+        versioned source on a case-insensitive filesystem, are
+        recommended to upgrade immediately.  Binaries used only for
+        serving, or only on case-insensitive filesystems (i.e., most
+        Unix users), are not affected.
+
 Thu Dec 29 23:10:03 PST 2005
 
         0.25 release.
============================================================
--- UPGRADE	807ca2751910f5496e94b82c78c64412911b3ab9
+++ UPGRADE	948a40e7ad0f031a33b997d2b0732519633b0af5
@@ -1,5 +1,5 @@
-upgrading monotone to 0.25
-==========================
+upgrading monotone to 0.25.1
+============================
 
 if you are upgrading from:
   - 0.23 or earlier: keys are now stored in ~/.monotone/keys (Unix,