FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:28:10 +0900] rev 18888
smtp: verify the certificate of the SMTP server for STARTTLS/SMTPS
Before this patch, the certificate of the SMTP server for STARTTLS or
SMTPS isn't verified.
This may cause man-in-the-middle security problem (stealing
authentication information), even though SMTP channel itself is
encrypted by SSL.
When "[smtp] tls" is configured as "smtps" or "starttls", this patch:
- uses classes introduced by preceding patches instead of "SMTP" or
"SMTP_SSL" of smtplib, and
- verifies the certificate of the SMTP server, if "[smtp]
verifycert" is configured as other than False
"[smtp] verifycert" can be configured in 3 levels:
- "strict":
This verifies peer certificate, and aborts if:
- peer certification is not valid, or
- no configuration in "[hostfingerprints]" and "[web] cacerts"
This is default value of "[smtp] verifycert" for security.
- "loose":
This verifies peer certificate, and aborts if peer certification is
not valid.
This just shows warning message ("certificate not verified"), if
there is no configuration in "[hostfingerprints]" and "[web]
cacerts".
This is as same as verification for HTTPS connection.
- False(no verification):
Peer certificate is not verified.
This is as same as the behavior before this patch series.
"hg email --insecure" uses "loose" level, and ignores "[web] cacerts"
as same as push/pull/etc... with --insecure.
Ignoring "[web] cacerts" configuration for "hg email --insecure" is
already done in "dispatch._dispatch()" by looking "insecure" up in the
table of command options.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:28:10 +0900] rev 18887
sslutil: abort if peer certificate is not verified for secure use
Before this patch, "sslutil.validator" may returns successfully, even
if peer certificate is not verified because there is no information in
"[hostfingerprints]" and "[web] cacerts".
To prevent from sending authentication credential to untrustable SMTP
server, validation should be aborted if peer certificate is not
verified.
This patch introduces "strict" optional argument, and
"sslutil.validator" will abort if it is True and peer certificate is
not verified.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:27:43 +0900] rev 18886
smtp: add the class to verify the certificate of the SMTP server for SMTPS
Original "smtplib.SMTP_SSL" has no route to pass "ca_certs" and
"cert_reqs" arguments to underlying SSL socket creation. This causes
that "getpeercert()" on SSL socket returns empty dict, so the peer
certificate for SMTPS can't be verified.
This patch introduces the "SMTPS" class derived from "smtplib.SMTP" to
pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket
creation.
"SMTPS" class is derived directly from "smtplib.SMTP", because amount
of "smtplib.SMTP_SSL" definition derived from "smtplib.SMTP" is as
same as one needed to override it.
This patch defines "SMTPS" class, only when "smtplib.SMTP" class has
"_get_socket()" method, because this makes using SSL socket instead of
normal socket easy.
"smtplib.SMTP" class of Python 2.5.x or earlier doesn't have this
method. Omitting SMTPS support for them is reasonable, because
"smtplib.SMTP_SSL" is already unavailable for them before this patch.
Almost all code of "SMTPS" class is imported from "smtplib.SMTP_SSL"
of Python 2.7.3, but it differs from original code in point below:
- "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for
compatibility between Python versions
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:27:23 +0900] rev 18885
smtp: add the class to verify the certificate of the SMTP server for STARTTLS
Original "smtplib.SMTP" has no route to pass "ca_certs" and
"cert_reqs" arguments to underlying SSL socket creation. This causes
that "getpeercert()" on SSL socket returns empty dict, so the peer
certificate for STARTTLS can't be verified.
This patch introduces the "STARTTLS" class derived from "smtplib.SMTP"
to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket
creation.
Almost all code of "starttls()" in this class is imported from
"smtplib.SMTP" of Python 2.7.3, but it differs from original code in
points below:
- "self.ehlo_or_helo_if_needed()" invocation is omitted, because:
- "ehlo_or_helo_if_needed()" is available with Python 2.6 or later, and
- "ehlo()" is explicitly invoked in "mercurial.mail._smtp()"
- "if not _have_ssl:" check is omitted, because:
- "_have_ssl" is available with Python 2.6 or later, and
- same checking is done in "mercurial.sslutil.ssl_wrap_socket()"
- "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for
compatibility between Python versions
- use "sock.recv()" also as "sock.read()", if "sock" doesn't have
"read()" method
with Python 2.5.x or earlier, "sslutil.ssl_wrap_socket()" returns
"httplib.FakeSocket"-ed object, and it doesn't have "read()"
method, which is invoked via "smtplib.SSLFakeFile".
Brendan Cully <brendan@kublai.com> [Sun, 07 Apr 2013 23:25:50 -0700] rev 18884
template: allow unquoted int function arguments
Brendan Cully <brendan@kublai.com> [Mon, 08 Apr 2013 09:44:26 -0700] rev 18883
Merge with main
Siddharth Agarwal <sid0@fb.com> [Sat, 06 Apr 2013 19:50:03 -0700] rev 18882
graft: use missing ancestors algorithm to find earlier grafts
When the revisions to graft are numerically close to the destination, this
avoids two walks up the DAG, which for a repository with over 470,000
changesets translates to around 2.2 seconds.
Siddharth Agarwal <sid0@fb.com> [Sat, 06 Apr 2013 20:05:17 -0700] rev 18881
graft: find ancestors of destination lazily
When the revisions to graft are numerically close to the destination, this
avoids one walk up the DAG, which for a repository with over 470,000
changesets translates to around 1.1 seconds.
Matt Mackall <mpm@selenic.com> [Fri, 05 Apr 2013 12:21:38 -0500] rev 18880
merge with crew
Matt Mackall <mpm@selenic.com> [Fri, 05 Apr 2013 12:20:14 -0500] rev 18879
sslutil: try harder to avoid getpeercert problems
We wrap both calls to getpeercert in a try/except to make sure we
catch its bogus AttributeError.
Siddharth Agarwal <sid0@fb.com> [Thu, 04 Apr 2013 20:22:29 -0700] rev 18878
copies._forwardcopies: use set operations to find missing files
This is a performance win for a number of reasons:
- We don't iterate over contexts, which avoids a completely unnecessary sorted
call + the O(number of files) abstraction cost of doing that.
- We don't check membership in a context, which avoids another
O(number of files) abstraction cost.
- We iterate over the manifests in C instead of Python.
For a large repo with 170,000 files, this improves perfpathcopies from 0.34
seconds to 0.07. Anything that uses pathcopies, such as rebase or diff --git
between two revisions, benefits.
Siddharth Agarwal <sid0@fb.com> [Thu, 04 Apr 2013 20:36:46 -0700] rev 18877
perf: add a command to test copies.pathcopies perf
An upcoming patch will improve the performance of this function, and this
command will be used to demonstrate that improvement.
Matt Mackall <mpm@selenic.com> [Thu, 04 Apr 2013 16:37:37 -0500] rev 18876
merge with stable
Matt Mackall <mpm@selenic.com> [Thu, 04 Apr 2013 16:28:19 -0500] rev 18875
Added signature for changeset 8a7bd2dccd44
Matt Mackall <mpm@selenic.com> [Thu, 04 Apr 2013 16:28:15 -0500] rev 18874
Added tag 2.5.4 for changeset 8a7bd2dccd44
Kevin Bullock <kbullock@ringworld.org> [Mon, 18 Mar 2013 16:37:20 -0500] rev 18873
applyupdates: assign variable before we try to use it (issue3855)
The variable 'fd' was getting used with a value left over from a prior
iteration, causing a KeyError: '.hgsubstate'.
Bryan O'Sullivan <bryano@fb.com> [Wed, 03 Apr 2013 17:04:38 -0700] rev 18872
merge with mpm
Siddharth Agarwal <sid0@fb.com> [Mon, 01 Apr 2013 23:09:36 -0700] rev 18871
perf: add a command to test addremove performance
Upcoming patches will improve addremove performance. This command will be used
to demonstrate that improvement.
Matt Mackall <mpm@selenic.com> [Wed, 03 Apr 2013 14:14:30 -0500] rev 18870
merge with crew
Bryan O'Sullivan <bryano@fb.com> [Wed, 03 Apr 2013 11:35:27 -0700] rev 18869
dirstate: only call lstat once per flags invocation
This makes a big difference to performance in some cases.
hg --time locate 'set:symlink()'
mozilla-central (70,000 files):
before: 2.92 sec
after: 2.47
another repo (170,000 files):
before: 7.87 sec
after: 6.86
Bryan O'Sullivan <bryano@fb.com> [Wed, 03 Apr 2013 11:35:27 -0700] rev 18868
util: add functions to check symlink/exec bits
These are not yet used.
Augie Fackler <raf@durin42.com> [Wed, 03 Apr 2013 13:03:50 -0500] rev 18867
Merge with stable.
Isaac Jurado <diptongo@gmail.com> [Tue, 02 Apr 2013 16:03:10 +0200] rev 18866
setup.py: properly discard trust warning.
This modification was missing from the fa91ddfc3f36 changeset.
Siddharth Agarwal <sid0@fb.com> [Tue, 02 Apr 2013 14:50:50 -0700] rev 18865
scmutil.addremove: use iteritems on walk results
Now that we no longer sort all the walk results, using iteritems becomes
possible.
This is a relatively minor speedup: on a large repository with 170,000 files,
perfaddremove goes from 2.13 seconds to 2.10.
Siddharth Agarwal <sid0@fb.com> [Tue, 02 Apr 2013 14:50:31 -0700] rev 18864
scmutil.addremove: stop sorting all walk results
The only place where the order matters is in printing out added or removed
files. We already sort that set.
On a large repository with 170,000 files, this speeds up perfaddremove from
2.34 seconds to 2.13.
Siddharth Agarwal <sid0@fb.com> [Tue, 02 Apr 2013 10:56:24 -0700] rev 18863
scmutil.addremove: pull ui.status printing out of the loop
This will let us stop sorting all the results in an upcoming patch.
This also permits future refactorings where the same code consumes
dirstate.walk results but doesn't print anything out.
An argument could be made that printing out results as we go along is more
responsive UI-wise. However, at this point iterating through walk results is
actually faster than sorting them, so once we stop sorting all the results the
argument ceases to be valid.
Siddharth Agarwal <sid0@fb.com> [Tue, 02 Apr 2013 14:49:34 -0700] rev 18862
scmutil.addremove: remove redundant directory and symlink checks
dirstate.walk only does lstats and never returns stat objects for directories.
On a large repository with 170,000 files, this speeds perfaddremove up from
2.40 seconds to 2.34.
Siddharth Agarwal <sid0@fb.com> [Tue, 02 Apr 2013 14:46:55 -0700] rev 18861
scmutil.addremove: pull repo.dirstate fetch out of the loop
On a large repository with 170,000 files, this speeds up perfaddremove from
2.78 seconds to 2.40.
Siddharth Agarwal <sid0@fb.com> [Mon, 01 Apr 2013 20:38:37 -0700] rev 18860
scmutil: remove dead updatedir code
This code has not been used in a long while.
Bryan O'Sullivan <bryano@fb.com> [Tue, 02 Apr 2013 08:58:42 -0700] rev 18859
merge with mpm
Matt Mackall <mpm@selenic.com> [Tue, 02 Apr 2013 01:15:31 -0500] rev 18858
merge with stable
Matt Mackall <mpm@selenic.com> [Tue, 02 Apr 2013 01:05:31 -0500] rev 18857
Added signature for changeset 50c922c1b514
Matt Mackall <mpm@selenic.com> [Tue, 02 Apr 2013 01:05:26 -0500] rev 18856
Added tag 2.5.3 for changeset 50c922c1b514
Takumi IINO <trot.thunder@gmail.com> [Fri, 15 Feb 2013 18:07:14 +0900] rev 18855
hgweb: show correct error message for i18n environment
If exception is error.LookupError and running in i18n environment,
below condition is always true.
Because msg is translated and dosen't contain 'manifest'.
if util.safehasattr(err, 'name') and 'manifest' not in msg:
This patch creates a new exception class and uses it instead of
string match.
Wagner Bruna <wbruna@softwareexpress.com.br> [Mon, 01 Apr 2013 18:48:12 -0300] rev 18854
commands: fix typo in debugobsolete docstring
Siddharth Agarwal <sid0@fb.com> [Thu, 28 Mar 2013 18:27:19 -0700] rev 18853
duplicatecopies: do not mark items not in the dirstate as copies
Consider the following repo:
0 -- 1 (renames a to b)
\
- 2
If we're rebasing 2 onto 1, then duplicatecopies is called with arguments (2,
1). copies.pathcopies goes backwards from 1 to 0 and returns the pair dst = a,
src = b. Of course, since we're working on top of 2, at this point a doesn't
exist in the dirstate.
Extra entries in the copymap are currently harmless because the copymap is
only queried for items in the dirstate map. However, if the dirstate.copy
method becomes one of the sources used to determine which files have changed,
this will prove problematic.
Note that we can't avoid going backwards in general -- consider this repo:
0 -- 1 (renames a to b)
\
- 2 (renames a to c)
Rebasing 2 onto 1 should produce a rename from b to c.
Siddharth Agarwal <sid0@fb.com> [Thu, 28 Mar 2013 00:14:27 -0700] rev 18852
duplicatecopies: fix arg name and docstring
While most callers do indeed use duplicatecopies with a rev and its parent,
rebase doesn't.
Siddharth Agarwal <sid0@fb.com> [Fri, 29 Mar 2013 19:54:06 -0700] rev 18851
pull: list bookmarks before pulling changesets (issue3873)
Consider a bookmark B that exists both locally and remotely. If B is updated
remotely, and then a pull is performed where the pull set contains the new
location of B, the bookmark is updated locally. However, if remote B is
updated in the middle of a pull to a location not in the pull set, the
bookmark won't be updated locally at all.
To fix this, list bookmarks before pulling in changesets, not after. This
still leaves a race open if B gets moved in between listing bookmarks and
pulling in changesets, but the race window is much smaller. Fixing the race
properly would require a bundle format upgrade.
test-hook.t's output changes because we no longer do two listkeys calls during
pull, just one.
test-pull-http.t's output changes because we now search for bookmarks before
searching for changes.
Siddharth Agarwal <sid0@fb.com> [Fri, 29 Mar 2013 19:52:02 -0700] rev 18850
test-hook.t: remove prelistkeys.forbid hook before moving on
An upcoming patch will change the order of operations and perform a listkeys
before a changegroup fetch. This will cause a few tests to print out the wrong
error message.
Siddharth Agarwal <sid0@fb.com> [Fri, 29 Mar 2013 18:28:59 -0700] rev 18849
bookmarks.updatefromremote: rename local rb to remotemarks
This local will become a parameter in an upcoming patch, so give it a more
descriptive name. The name stays similar to the existing localmarks.
Siddharth Agarwal <sid0@fb.com> [Fri, 29 Mar 2013 19:06:23 -0700] rev 18848
pull: rename local rb to remotebookmarks
This local will become more important in an upcoming patch, so give it a more
descriptive name.
Siddharth Agarwal <sid0@fb.com> [Fri, 29 Mar 2013 16:07:57 -0700] rev 18847
dicthelpers: inline diff and join code
mpm suggested this change since it improves performance slightly.
Benchmarking hg perfcalculate -r .
Before:
! wall 0.141173 comb 0.140000 user 0.140000 sys 0.000000 (best of 66)
After:
! wall 0.138619 comb 0.140000 user 0.140000 sys 0.000000 (best of 69)
Siddharth Agarwal <sid0@fb.com> [Fri, 29 Mar 2013 15:23:19 -0700] rev 18846
dicthelpers: add docstrings for diff and join
Bryan O'Sullivan <bryano@fb.com> [Mon, 01 Apr 2013 13:46:32 -0700] rev 18845
perf: add perfdirs command
This measures the cost of computing the dirstate's dirs structure,
which becomes very expensive in a large working directory.
Matt Mackall <mpm@selenic.com> [Mon, 01 Apr 2013 15:19:16 -0500] rev 18844
merge with stable
Nikolaj Sjujskij <sterkrig@myopera.com> [Fri, 29 Mar 2013 18:45:07 -0700] rev 18843
zsh_completion: fix trailing carriage return spoiling tag completion
This was giving the following error:
% hg up 2.5-r<Tab>
(eval):1: bad substitution
% hg up 2.5-r
Matt Mackall <mpm@selenic.com> [Fri, 29 Mar 2013 16:48:32 -0700] rev 18842
filesets: add eol predicate
Matt Mackall <mpm@selenic.com> [Fri, 29 Mar 2013 15:27:33 -0700] rev 18841
merge with stable