merge with stable

encoding: alias cp65001 to utf-8 on Windows As far as I can tell, cp65001 is the Windows name for UTF-8. I don't know how different it is from the UTF-8, but Python 3 appears to have introduced new codec for cp65001, so the alias is enabled only for Python 2. https://bugs.python.org/issue13216 This patch is untested, but hopefully fixes the following issue. https://bitbucket.org/tortoisehg/thg/issues/5127/

windows: fix incorrect detection of broken pipe when writing to pager Paging e.g. hg incoming on Windows and quitting the pager before the output is consumed will print 'abort: Invalid argument'. This is because the windows error 0xE8 (ERROR_NO_DATA) is mapped to EINVAL even though it is documented as 'The pipe is being closed'. Note that this fix assumes that Windows' last error code is still valid in the exception handler. It works correctly in all my tests. A simpler fix would be to just map EINVAL to EPIPE, like was done is flush previously, but that would be less precise. This error was not observed previously, when pager was an extension.

Added signature for changeset 0b63a6743010

Added tag 4.6.2 for changeset 0b63a6743010

procutil: use unbuffered stdout on Windows Windows doesn't support line buffering, treating it as fully buffered. This causes output of slow commands to stutter. We use unbuffered instead.

merge: do not fill manifest of committed revision with pseudo node (issue5526) Since a75d24539aba "convert: fix convert dropping p2 contents during filemap merge", wctx is not always a committablectx because the convert extension passes in repo[n] as wctx. If wctx is a committed changeset, its manifest dict shouldn't be mutated reflecting to the working directory.

manifest: fix possible SEGV caused by uninitialized lazymanifest fields Before, uninitialized self->pydata would be passed to lazymanifest_dealloc() on OOM, and Py_DECREF(self->pydata) would crash if we were unlucky. It's still wrong to do malloc() thingy in tp_init because __init__() may be called more than once [1], but I don't want to go a step further in stable branch. [1]: https://docs.python.org/2/c-api/typeobj.html#c.PyTypeObject.tp_new "The tp_new function should ... do only as much further initialization as is absolutely necessary. Initialization that can safely be ignored or repeated should be placed in the tp_init handler."

tests: replace `echo -n` with `printf` per check-code Differential Revision: https://phab.mercurial-scm.org/D3749

crecord: fix line number in hunk header (issue5917) `@@ -1,1 +-1,0 @@` is not a valid patch hunk header. Change it to `@@ -1,1 +0,0 @@`. Differential Revision: https://phab.mercurial-scm.org/D3737

lazymanifest: don't crash when out of memory (issue5916) self->lines can be NULL if we failed to allocate memory for it.

cext: stop worrying and love the free(NULL) There is no need to check for a NULL pointer before calling free since free(NULL) is defined by C standards as a no-op. Lots of software relies on this behavior so it is completely safe to call even on the most obscure of systems.

tests: fix test-patch.t on pickier /bin/sh implementations This is a graft of 0b39edeff033 and f44306940c94 from default because I'm tired of seeing the FreeBSD build be red on stable. See those revisions for details on what's going on here.

chg: fix an undefined behavior about memcpy Spot by Wez Furlong. `memcpy(x, NULL, 0)` is undefined according to [1]. [1]: https://stackoverflow.com/questions/5243012 Differential Revision: https://phab.mercurial-scm.org/D3698

Added signature for changeset 9c5ced5276d6

Added tag 4.6.1 for changeset 9c5ced5276d6

mpatch: avoid integer overflow in combine() (SEC) All the callers of this function can handle a NULL return, so that appears to be the "safe" way to report an error.

mpatch: avoid integer overflow in mpatch_decode (SEC)

mpatch: fix UB integer overflows in discard() (SEC)

mpatch: fix UB in int overflows in gather() (SEC)

mpatch: introduce a safesub() helper as well Same reason as safeadd().

mpatch: introduce a safeadd() helper to work around UB int overflow We're about to make extensive use of this. This change duplicates some stdbool.h portability hacks from cext/util.h. We should probably clean that up in the future, but we'll skip that for now in order to make security backports easier.

mpatch: ensure fragment start isn't past the end of orig (SEC) Caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0004. A CVE has not been obtained as of this writing.

mpatch: protect against underflow in mpatch_apply (SEC) Also caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0002. A CVE has not been obtained as of this writing.

mpatch: be more careful about parsing binary patch data (SEC) It appears to have been possible to trivially walk off the end of an allocated region with a malformed patch. Oops. Caught when writing an mpatch fuzzer for oss-fuzz. This defect is OVE-20180430-0001. A CVE has not been obtained as of this writing.

zstandard: pull in bug fixes from upstream 0.9.1 release (issue5884) This changeset contains the meaningful code changes from python-zstandard's 0.9.1 release. The main fix is to restore support for compiling with mingw.

templatefuncs: only render text portion of minirst.format() result When "keep" argument is provided, the function returns (text, pruned), where pruned is a list of sections from the original plain text that were pruned from the rendered result. Let's not output it together with the rendered HTML.

tests: demonstrate that hgweb renders "pruned" that minirst.format() returns Notice at the bottom of the help text there's "windows". It's a section that is in the original help text, but was pruned (because hgweb didn't ask for it).

rebase: avoid RevlogError when computing obsoletenotrebased (issue5907) The key to reproducing this seems to be missing an obsolete node that is not an ancestor of the destination.

rebase: prioritize indicating an interrupted rebase over update (issue5838) This should also cover the transplant extension, and any other non clearable states.