revlog: add flags argument to _addrevision, update callers use default flags For revlog index flags to be useful to other parts of Mercurial, they need to be settable when writing revisions. The current use case for revlog index flags is the censorship feature: http://mercurial.selenic.com/wiki/CensorPlan While the censor flag could be inferred in _addrevision by interrogating the text/delta being added, that would bury the censorship logic and inappropriately couple it to all revision creation.

revlog: define censored flag for revlogng index This flag bit will be used to cheaply signal censorship presence to upper layers (exchange, verify). It indicates that censorship metadata is present but does not attest to the verifiability of that metadata. For the censorship design, see: http://mercurial.selenic.com/wiki/CensorPlan

localrepo: remove all internal uses of localrepo.wopener It has been replaced with localrepo.wvfs.

localrepo: remove all internal uses of localrepo.sopener It has been replaced with localrepo.svfs.

localrepo: remove all internal uses of localrepo.opener It has been replaced with localrepo.vfs. In the future we may split the vfs into different vfs objects to access different elements of the repository.

sslutil: drop defunct ssl version constants Nobody outside sslutil should be using these constants anyway.

sslutil: use saner TLS settings on Python 2.7.9 Asking for TLSv1 locks us out of TLSv1_2 etc. This is at least less bad. Ideally we'd use ssl.create_default_context(), but that causes more mayhem in the testsuite than I really want to deal with right now.

sslutil: drop support for clients of sslutil specifying a TLS version We really just want to support the newest thing possible, so we may as well consolidate that knowledge into this module. Right now this doesn't change any behavior, but a future change will fix the defaults for Python 2.7.9 so we can use slightly better defaults there (which is the only place it's possible at the moment.)

discovery: run discovery on filtered repository We have been running discovery on unfiltered repository for quite some time. This was aimed at two things: - save some bandwith by prevent the repushing of common but hidden changesets - allow phases changes on secret/hidden changeset on bare push. The cost of this unfiltered discovery combined with evolution is actually really high. Evolution likely create thousand of hidden heads, and the discovery is going to try to discovery if each of them are common or not. For example, pushing from my development mercurial repository implies 17 discovery round-trip. The benefit are rare corner cases while the drawback are massive. So we run the discovery on a filtered repository again. We add some hack to detect remote heads that are known locally and adds them to the common set anyway, so the good behavior of most of the corner case should remains. But this will not work in all cases. This bring my discovery phase back from 17 round-trips to 1 or 2.

revset: check for collisions between alias argument names in the declaration Before this patch, collisions between alias argument names in the declaration are ignored, and this silently causes unexpected alias evaluation. This patch checks for such collisions, and aborts (or shows a warning) when collisions are detected. This patch doesn't add a test to "test-revset.t", because a doctest is enough to test the collisions detection itself.

revset: parse alias declaration strictly by _parsealiasdecl Before this patch, alias declaration is parsed by string base operations: matching against "^([^(]+)\(([^)]+)\)$" and splitting by ",". This overlooks many syntax errors like below (see the previous patch introducing "_parsealiasdecl" for detail): - un-closed parenthesis causes being treated as "alias symbol" - symbol/function name aren't examined whether they are valid or not - invalid argument list causes unexpected argument names To parse alias declaration strictly, this patch replaces parsing implementation by "_parsealiasdecl". This patch tests only one typical declaration error case, because error detection itself is already tested in the doctest of "_parsealiasdecl". This also removes class property "args" and "error", because these are certainly initialized in "revsetalias.__init__".

revset: introduce "_parsealiasdecl" to parse alias declarations strictly This patch introduces "_parsealiasdecl" to parse alias declarations strictly. For example, "_parsealiasdecl" can detect problems below, which current implementation can't. - un-closed parenthesis causes being treated as "alias symbol" because all of declarations not in "func(....)" style are recognized as "alias symbol". for example, "foo($1, $2" is treated as the alias symbol. - alias symbol/function names aren't examined whether they are valid as symbol or not for example, "foo bar" can be treated as the alias symbol, but of course such invalid symbol can't be referred in revset. - just splitting argument list by "," causes overlooking syntax problems in the declaration for example, all of invalid declarations below are overlooked: - foo("bar") => taking one argument named as '"bar"' - foo("unclosed) => taking one argument named as '"unclosed' - foo(bar::baz) => taking one argument named as 'bar::baz' - foo(bar($1)) => taking one argument named as 'bar($1)' To decrease complication of patch, current implementation for alias declarations is replaced by "_parsealiasdecl" in the subsequent patch. This patch just introduces it. This patch defines "_parsealiasdecl" not as a method of "revsetalias" class but as a one of "revset" module, because of ease of testing by doctest. This patch factors some helper functions for "tree" out, because: - direct accessing like "if tree[0] == 'func' and len(tree) > 1" decreases readability - subsequent patch (and also existing code paths, in the future) can use them for readability This patch also factors "_tokenizealias" out, because it can be used also for parsing alias definitions strictly.

revset: store full detail into revsetalias.error for error source distinction Before this patch, any errors in the declaration of revset alias aren't detected at all, and there is no information about error source in the error message. As a part of preparation for parsing alias declarations and definitions more strictly, this patch stores full detail into "revsetalias.error" for error source distinction. This makes raising "Abort" and warning potential errors just use "revsetalias.error" without any message composing.

revset: factor out composing error message for ParseError to reuse This patch defines the composing function not in "ParseError" class but in "revset" module, because: - "_()" shouldn't be used in "ParseError", to avoid adding "from i18n import _" i18n" to "error" module - generalizing message composition of"ParseError" for all code paths other than revset isn't the purpose of this patch we should also take care of showing "unexpected leading whitespace" for some code paths, to generalize widely.

revset: make tokenize extensible to parse alias declarations and definitions Before this patch, "tokenize" doesn't recognize the symbol starting with "$" as a valid one. This prevents revset alias declarations and definitions from being parsed with "tokenize", because "$" may be used as the initial letter of alias arguments. BTW, the alias argument name doesn't require leading "$" itself, in fact. But we have to assume that users may use "$" as the initial letter of argument names in their aliases, because examples in "hg help revsets" uses such names for a long time. To make "tokenize" extensible to parse alias declarations and definitions, this patch introduces optional arguments "syminitletters" and "symletters". Giving these sets can change the policy of "valid symbol" in tokenization easily. This patch keeps original examination of letter validity for reviewability, even though there is redundant interchanging between "chr"/"ord" at initialization of "_syminitletters" and "_symletters". At most 256 times examination (per initialization) is cheaper enough than revset evaluation itself. This patch is a part of preparation for parsing alias declarations and definitions more strictly.

largefiles: make linear update set unsure largefiles normal if unchanged 'hg update' would hash all 'unsure' largefiles before performing the merge. It would update the standins but not detect the very common case where the largefile never had been changed by the user but just had been marked with an invalid dirstate mtime to make sure any changes done by the user in the same second would be detected. The largefile would remain in that state and would have to be hashed again next time even though it still not had been changed. Sad trombone. Instead, for largefiles listed as 'unsure' or 'modified', after updating the standin with the actual hash, mark the largefile as normal if it turns out to not be modified relative to the revision in the parent revision. That will prevent it from being hashed again next time.

debugdirstate: don't hide date field with --nodate, just show 'set'/'unset' The value of the dirstate date field cannot be used in tests and we thus have to use debugdirstate with --nodate. It is however still very helpful to be able to see whether the date field has been set or still is unset. The absence of that information made it hard to debug some largefile dirstate issues. This change _could_ make the test suite more unstable ... but that would be places where the test suite or the code should be made more stable. (Note: 'unset' with the magic negative sizes is reliable. 'unset' for normal sizes would probably not be reliable, but there is no such occurrences in the test suite and it should thus be reliable.) This output wastes more horizontal space in the --nodate output, but it also makes things simpler that the output format always is the same. It is just a debug command so let's keep it simple.

debugdirstate: simplify date handling after e7ed5d07cc4c used fixed format

forget: don't report rejected files as forgotten as well It seems like a mistake to report a file as forgotten and rejected. The forgotten list doesn't seem to be used by anything in core, so no test changes.

largefiles: enable subrepo support for forget

namespaces: add revset for 'named(namespace)' This patch adds functionality for listing all changesets in a given namespace via the revset language.

bundles: do not overwrite existing backup bundles (BC) Previously, a backup bundle could overwrite an existing bundle and cause user data loss. For instance, if you have A<-B<-C and strip B, it produces backup bundle B-backup.hg. If you then hg pull -r B B-backup.hg and strip it again, it overwrites the existing B-backup.hg and C is lost. The fix is to add a hash of all the nodes inside that bundle to the filename. Fixed up existing tests and added a new test in test-strip.t

https: support tls sni (server name indication) for https urls (issue3090) SNI is a common way of sharing servers across multiple domains using separate SSL certificates. As of Python 2.7.9 SSLContext has been backported from Python 3. This patch changes sslutil's ssl_wrap_socket to use SSLContext and take a server hostname as and argument. It also changes the url module to make use of this argument. The new code for 2.7.9 achieves it's task by attempting to get the SSLContext object from the ssl module. If this fails the try/except goes back to what was there before with the exception that the ssl_wrap_socket functions take a server_hostname argument that doesn't get used. Assuming the SSLContext exists, the arguments to wrap_socket at the module level are emulated on the SSLContext. The SSLContext is initialized with the specified ssl_version. If certfile is not None load_cert_chain is called with certfile and keyfile. keyfile being None is not a problem, load_cert_chain will simply expect the private key to be in the certificate file. verify_mode is set to cert_reqs. If ca_certs is not None load_verify_locations is called with ca_certs as the cafile. Finally the wrap_socket method of the SSLContext is called with the socket and server hostname. Finally, this fails test-check-commit-hg.t because the "new" function ssl_wrap_socket has underscores in its names and underscores in its arguments. All the underscore identifiers are taken from the other functions and as such can't be changed to match naming conventions.

merge with stable

unpacker: check the right exception type for 2.4

hgweb: fix diffstat links in paper/changeset.tmpl '<a .../>foo</a>' syntax is incorrect, since the first tag just "tries" to close itself and then the actual content follows. It doesn't work, either because web browsers know better than this or because there should be a whitespace before /: '<a />'. So for the hgweb users the links looked normal anyway, but now they are correct in code as well.

hgweb: close <img> elements Templates declare xhtml doctype, which means, in particular, that the document must also be valid xml. So <img> elements must be closed.

hgweb: close <p> elements <p> elements can only contain inline elements, so as soon as browser encounters a block element (e.g. block <div>) "inside" a <p>, it puts an implicit </p>. It's better to do this explicitly.

hgweb: close <th> properly in spartan/filelogentry.tmpl

revset: simplify fullreposet.__and__ to call sort() with boolean flag Note that sort() takes a boolean flag, so other.sort(reverse) was wrong. It just worked fine because there is a top-level function, reverse().