smtp: verify the certificate of the SMTP server for STARTTLS/SMTPS Before this patch, the certificate of the SMTP server for STARTTLS or SMTPS isn't verified. This may cause man-in-the-middle security problem (stealing authentication information), even though SMTP channel itself is encrypted by SSL. When "[smtp] tls" is configured as "smtps" or "starttls", this patch: - uses classes introduced by preceding patches instead of "SMTP" or "SMTP_SSL" of smtplib, and - verifies the certificate of the SMTP server, if "[smtp] verifycert" is configured as other than False "[smtp] verifycert" can be configured in 3 levels: - "strict": This verifies peer certificate, and aborts if: - peer certification is not valid, or - no configuration in "[hostfingerprints]" and "[web] cacerts" This is default value of "[smtp] verifycert" for security. - "loose": This verifies peer certificate, and aborts if peer certification is not valid. This just shows warning message ("certificate not verified"), if there is no configuration in "[hostfingerprints]" and "[web] cacerts". This is as same as verification for HTTPS connection. - False(no verification): Peer certificate is not verified. This is as same as the behavior before this patch series. "hg email --insecure" uses "loose" level, and ignores "[web] cacerts" as same as push/pull/etc... with --insecure. Ignoring "[web] cacerts" configuration for "hg email --insecure" is already done in "dispatch._dispatch()" by looking "insecure" up in the table of command options.

sslutil: abort if peer certificate is not verified for secure use Before this patch, "sslutil.validator" may returns successfully, even if peer certificate is not verified because there is no information in "[hostfingerprints]" and "[web] cacerts". To prevent from sending authentication credential to untrustable SMTP server, validation should be aborted if peer certificate is not verified. This patch introduces "strict" optional argument, and "sslutil.validator" will abort if it is True and peer certificate is not verified.

smtp: add the class to verify the certificate of the SMTP server for SMTPS Original "smtplib.SMTP_SSL" has no route to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. This causes that "getpeercert()" on SSL socket returns empty dict, so the peer certificate for SMTPS can't be verified. This patch introduces the "SMTPS" class derived from "smtplib.SMTP" to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. "SMTPS" class is derived directly from "smtplib.SMTP", because amount of "smtplib.SMTP_SSL" definition derived from "smtplib.SMTP" is as same as one needed to override it. This patch defines "SMTPS" class, only when "smtplib.SMTP" class has "_get_socket()" method, because this makes using SSL socket instead of normal socket easy. "smtplib.SMTP" class of Python 2.5.x or earlier doesn't have this method. Omitting SMTPS support for them is reasonable, because "smtplib.SMTP_SSL" is already unavailable for them before this patch. Almost all code of "SMTPS" class is imported from "smtplib.SMTP_SSL" of Python 2.7.3, but it differs from original code in point below: - "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for compatibility between Python versions

smtp: add the class to verify the certificate of the SMTP server for STARTTLS Original "smtplib.SMTP" has no route to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. This causes that "getpeercert()" on SSL socket returns empty dict, so the peer certificate for STARTTLS can't be verified. This patch introduces the "STARTTLS" class derived from "smtplib.SMTP" to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. Almost all code of "starttls()" in this class is imported from "smtplib.SMTP" of Python 2.7.3, but it differs from original code in points below: - "self.ehlo_or_helo_if_needed()" invocation is omitted, because: - "ehlo_or_helo_if_needed()" is available with Python 2.6 or later, and - "ehlo()" is explicitly invoked in "mercurial.mail._smtp()" - "if not _have_ssl:" check is omitted, because: - "_have_ssl" is available with Python 2.6 or later, and - same checking is done in "mercurial.sslutil.ssl_wrap_socket()" - "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for compatibility between Python versions - use "sock.recv()" also as "sock.read()", if "sock" doesn't have "read()" method with Python 2.5.x or earlier, "sslutil.ssl_wrap_socket()" returns "httplib.FakeSocket"-ed object, and it doesn't have "read()" method, which is invoked via "smtplib.SSLFakeFile".

template: allow unquoted int function arguments

Merge with main

graft: use missing ancestors algorithm to find earlier grafts When the revisions to graft are numerically close to the destination, this avoids two walks up the DAG, which for a repository with over 470,000 changesets translates to around 2.2 seconds.

graft: find ancestors of destination lazily When the revisions to graft are numerically close to the destination, this avoids one walk up the DAG, which for a repository with over 470,000 changesets translates to around 1.1 seconds.

merge with crew

sslutil: try harder to avoid getpeercert problems We wrap both calls to getpeercert in a try/except to make sure we catch its bogus AttributeError.

copies._forwardcopies: use set operations to find missing files This is a performance win for a number of reasons: - We don't iterate over contexts, which avoids a completely unnecessary sorted call + the O(number of files) abstraction cost of doing that. - We don't check membership in a context, which avoids another O(number of files) abstraction cost. - We iterate over the manifests in C instead of Python. For a large repo with 170,000 files, this improves perfpathcopies from 0.34 seconds to 0.07. Anything that uses pathcopies, such as rebase or diff --git between two revisions, benefits.

perf: add a command to test copies.pathcopies perf An upcoming patch will improve the performance of this function, and this command will be used to demonstrate that improvement.

merge with stable

Added signature for changeset 8a7bd2dccd44

Added tag 2.5.4 for changeset 8a7bd2dccd44

applyupdates: assign variable before we try to use it (issue3855) The variable 'fd' was getting used with a value left over from a prior iteration, causing a KeyError: '.hgsubstate'.

merge with mpm

perf: add a command to test addremove performance Upcoming patches will improve addremove performance. This command will be used to demonstrate that improvement.

merge with crew

dirstate: only call lstat once per flags invocation This makes a big difference to performance in some cases. hg --time locate 'set:symlink()' mozilla-central (70,000 files): before: 2.92 sec after: 2.47 another repo (170,000 files): before: 7.87 sec after: 6.86

util: add functions to check symlink/exec bits These are not yet used.

Merge with stable.

setup.py: properly discard trust warning. This modification was missing from the fa91ddfc3f36 changeset.

scmutil.addremove: use iteritems on walk results Now that we no longer sort all the walk results, using iteritems becomes possible. This is a relatively minor speedup: on a large repository with 170,000 files, perfaddremove goes from 2.13 seconds to 2.10.

scmutil.addremove: stop sorting all walk results The only place where the order matters is in printing out added or removed files. We already sort that set. On a large repository with 170,000 files, this speeds up perfaddremove from 2.34 seconds to 2.13.

scmutil.addremove: pull ui.status printing out of the loop This will let us stop sorting all the results in an upcoming patch. This also permits future refactorings where the same code consumes dirstate.walk results but doesn't print anything out. An argument could be made that printing out results as we go along is more responsive UI-wise. However, at this point iterating through walk results is actually faster than sorting them, so once we stop sorting all the results the argument ceases to be valid.

scmutil.addremove: remove redundant directory and symlink checks dirstate.walk only does lstats and never returns stat objects for directories. On a large repository with 170,000 files, this speeds perfaddremove up from 2.40 seconds to 2.34.

scmutil.addremove: pull repo.dirstate fetch out of the loop On a large repository with 170,000 files, this speeds up perfaddremove from 2.78 seconds to 2.40.

scmutil: remove dead updatedir code This code has not been used in a long while.

merge with mpm

merge with stable

Added signature for changeset 50c922c1b514

Added tag 2.5.3 for changeset 50c922c1b514

hgweb: show correct error message for i18n environment If exception is error.LookupError and running in i18n environment, below condition is always true. Because msg is translated and dosen't contain 'manifest'. if util.safehasattr(err, 'name') and 'manifest' not in msg: This patch creates a new exception class and uses it instead of string match.

commands: fix typo in debugobsolete docstring

duplicatecopies: do not mark items not in the dirstate as copies Consider the following repo: 0 -- 1 (renames a to b) \ - 2 If we're rebasing 2 onto 1, then duplicatecopies is called with arguments (2, 1). copies.pathcopies goes backwards from 1 to 0 and returns the pair dst = a, src = b. Of course, since we're working on top of 2, at this point a doesn't exist in the dirstate. Extra entries in the copymap are currently harmless because the copymap is only queried for items in the dirstate map. However, if the dirstate.copy method becomes one of the sources used to determine which files have changed, this will prove problematic. Note that we can't avoid going backwards in general -- consider this repo: 0 -- 1 (renames a to b) \ - 2 (renames a to c) Rebasing 2 onto 1 should produce a rename from b to c.

duplicatecopies: fix arg name and docstring While most callers do indeed use duplicatecopies with a rev and its parent, rebase doesn't.

pull: list bookmarks before pulling changesets (issue3873) Consider a bookmark B that exists both locally and remotely. If B is updated remotely, and then a pull is performed where the pull set contains the new location of B, the bookmark is updated locally. However, if remote B is updated in the middle of a pull to a location not in the pull set, the bookmark won't be updated locally at all. To fix this, list bookmarks before pulling in changesets, not after. This still leaves a race open if B gets moved in between listing bookmarks and pulling in changesets, but the race window is much smaller. Fixing the race properly would require a bundle format upgrade. test-hook.t's output changes because we no longer do two listkeys calls during pull, just one. test-pull-http.t's output changes because we now search for bookmarks before searching for changes.

test-hook.t: remove prelistkeys.forbid hook before moving on An upcoming patch will change the order of operations and perform a listkeys before a changegroup fetch. This will cause a few tests to print out the wrong error message.

bookmarks.updatefromremote: rename local rb to remotemarks This local will become a parameter in an upcoming patch, so give it a more descriptive name. The name stays similar to the existing localmarks.

pull: rename local rb to remotebookmarks This local will become more important in an upcoming patch, so give it a more descriptive name.

dicthelpers: inline diff and join code mpm suggested this change since it improves performance slightly. Benchmarking hg perfcalculate -r . Before: ! wall 0.141173 comb 0.140000 user 0.140000 sys 0.000000 (best of 66) After: ! wall 0.138619 comb 0.140000 user 0.140000 sys 0.000000 (best of 69)

dicthelpers: add docstrings for diff and join

perf: add perfdirs command This measures the cost of computing the dirstate's dirs structure, which becomes very expensive in a large working directory.

merge with stable

zsh_completion: fix trailing carriage return spoiling tag completion This was giving the following error: % hg up 2.5-r<Tab> (eval):1: bad substitution % hg up 2.5-r

filesets: add eol predicate

merge with stable