Matt Mackall <mpm@selenic.com> [Mon, 08 Apr 2013 17:57:42 -0500] rev 18891
merge with i18n
Note: i18n work should normally be done on stable
Stefano Tortarolo <stefano.tortarolo@gmail.com> [Fri, 05 Apr 2013 17:04:37 +0200] rev 18890
hg-i18n-it: minor fixes
Bryan O'Sullivan <bryano@fb.com> [Mon, 08 Apr 2013 15:04:17 -0700] rev 18889
templater: fix check-code error
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:28:10 +0900] rev 18888
smtp: verify the certificate of the SMTP server for STARTTLS/SMTPS
Before this patch, the certificate of the SMTP server for STARTTLS or
SMTPS isn't verified.
This may cause man-in-the-middle security problem (stealing
authentication information), even though SMTP channel itself is
encrypted by SSL.
When "[smtp] tls" is configured as "smtps" or "starttls", this patch:
- uses classes introduced by preceding patches instead of "SMTP" or
"SMTP_SSL" of smtplib, and
- verifies the certificate of the SMTP server, if "[smtp]
verifycert" is configured as other than False
"[smtp] verifycert" can be configured in 3 levels:
- "strict":
This verifies peer certificate, and aborts if:
- peer certification is not valid, or
- no configuration in "[hostfingerprints]" and "[web] cacerts"
This is default value of "[smtp] verifycert" for security.
- "loose":
This verifies peer certificate, and aborts if peer certification is
not valid.
This just shows warning message ("certificate not verified"), if
there is no configuration in "[hostfingerprints]" and "[web]
cacerts".
This is as same as verification for HTTPS connection.
- False(no verification):
Peer certificate is not verified.
This is as same as the behavior before this patch series.
"hg email --insecure" uses "loose" level, and ignores "[web] cacerts"
as same as push/pull/etc... with --insecure.
Ignoring "[web] cacerts" configuration for "hg email --insecure" is
already done in "dispatch._dispatch()" by looking "insecure" up in the
table of command options.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:28:10 +0900] rev 18887
sslutil: abort if peer certificate is not verified for secure use
Before this patch, "sslutil.validator" may returns successfully, even
if peer certificate is not verified because there is no information in
"[hostfingerprints]" and "[web] cacerts".
To prevent from sending authentication credential to untrustable SMTP
server, validation should be aborted if peer certificate is not
verified.
This patch introduces "strict" optional argument, and
"sslutil.validator" will abort if it is True and peer certificate is
not verified.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:27:43 +0900] rev 18886
smtp: add the class to verify the certificate of the SMTP server for SMTPS
Original "smtplib.SMTP_SSL" has no route to pass "ca_certs" and
"cert_reqs" arguments to underlying SSL socket creation. This causes
that "getpeercert()" on SSL socket returns empty dict, so the peer
certificate for SMTPS can't be verified.
This patch introduces the "SMTPS" class derived from "smtplib.SMTP" to
pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket
creation.
"SMTPS" class is derived directly from "smtplib.SMTP", because amount
of "smtplib.SMTP_SSL" definition derived from "smtplib.SMTP" is as
same as one needed to override it.
This patch defines "SMTPS" class, only when "smtplib.SMTP" class has
"_get_socket()" method, because this makes using SSL socket instead of
normal socket easy.
"smtplib.SMTP" class of Python 2.5.x or earlier doesn't have this
method. Omitting SMTPS support for them is reasonable, because
"smtplib.SMTP_SSL" is already unavailable for them before this patch.
Almost all code of "SMTPS" class is imported from "smtplib.SMTP_SSL"
of Python 2.7.3, but it differs from original code in point below:
- "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for
compatibility between Python versions
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:27:23 +0900] rev 18885
smtp: add the class to verify the certificate of the SMTP server for STARTTLS
Original "smtplib.SMTP" has no route to pass "ca_certs" and
"cert_reqs" arguments to underlying SSL socket creation. This causes
that "getpeercert()" on SSL socket returns empty dict, so the peer
certificate for STARTTLS can't be verified.
This patch introduces the "STARTTLS" class derived from "smtplib.SMTP"
to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket
creation.
Almost all code of "starttls()" in this class is imported from
"smtplib.SMTP" of Python 2.7.3, but it differs from original code in
points below:
- "self.ehlo_or_helo_if_needed()" invocation is omitted, because:
- "ehlo_or_helo_if_needed()" is available with Python 2.6 or later, and
- "ehlo()" is explicitly invoked in "mercurial.mail._smtp()"
- "if not _have_ssl:" check is omitted, because:
- "_have_ssl" is available with Python 2.6 or later, and
- same checking is done in "mercurial.sslutil.ssl_wrap_socket()"
- "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for
compatibility between Python versions
- use "sock.recv()" also as "sock.read()", if "sock" doesn't have
"read()" method
with Python 2.5.x or earlier, "sslutil.ssl_wrap_socket()" returns
"httplib.FakeSocket"-ed object, and it doesn't have "read()"
method, which is invoked via "smtplib.SSLFakeFile".
Brendan Cully <brendan@kublai.com> [Sun, 07 Apr 2013 23:25:50 -0700] rev 18884
template: allow unquoted int function arguments
Brendan Cully <brendan@kublai.com> [Mon, 08 Apr 2013 09:44:26 -0700] rev 18883
Merge with main
Siddharth Agarwal <sid0@fb.com> [Sat, 06 Apr 2013 19:50:03 -0700] rev 18882
graft: use missing ancestors algorithm to find earlier grafts
When the revisions to graft are numerically close to the destination, this
avoids two walks up the DAG, which for a repository with over 470,000
changesets translates to around 2.2 seconds.
Siddharth Agarwal <sid0@fb.com> [Sat, 06 Apr 2013 20:05:17 -0700] rev 18881
graft: find ancestors of destination lazily
When the revisions to graft are numerically close to the destination, this
avoids one walk up the DAG, which for a repository with over 470,000
changesets translates to around 1.1 seconds.
Matt Mackall <mpm@selenic.com> [Fri, 05 Apr 2013 12:21:38 -0500] rev 18880
merge with crew
Matt Mackall <mpm@selenic.com> [Fri, 05 Apr 2013 12:20:14 -0500] rev 18879
sslutil: try harder to avoid getpeercert problems
We wrap both calls to getpeercert in a try/except to make sure we
catch its bogus AttributeError.
Siddharth Agarwal <sid0@fb.com> [Thu, 04 Apr 2013 20:22:29 -0700] rev 18878
copies._forwardcopies: use set operations to find missing files
This is a performance win for a number of reasons:
- We don't iterate over contexts, which avoids a completely unnecessary sorted
call + the O(number of files) abstraction cost of doing that.
- We don't check membership in a context, which avoids another
O(number of files) abstraction cost.
- We iterate over the manifests in C instead of Python.
For a large repo with 170,000 files, this improves perfpathcopies from 0.34
seconds to 0.07. Anything that uses pathcopies, such as rebase or diff --git
between two revisions, benefits.
Siddharth Agarwal <sid0@fb.com> [Thu, 04 Apr 2013 20:36:46 -0700] rev 18877
perf: add a command to test copies.pathcopies perf
An upcoming patch will improve the performance of this function, and this
command will be used to demonstrate that improvement.