Mercurial > hg

view mercurial/cext/util.h @ 52292:085cc409847d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: bump the default minimum TLS version of the client to 1.2 (BC) TLS v1.0 and v1.1 are deprecated by RFC8996[1]: These versions lack support for current and recommended cryptographic algorithms and mechanisms, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLS version 1.2 became the recommended version for IETF protocols in 2008 (subsequently being obsoleted by TLS version 1.3 in 2018)... Various browsers have disabled or removed it[2][3][4], as have various internet services, and Windows 11 has it disabled by default[5]. We should move on too. (We should also bump it on the server side, as this config only affects clients not allowing a server to negotiate down. But the only server-side config is a `devel` option to pick exactly one protocol version and is commented as a footgun, so I'm hesitant to touch that. See 7dec5e441bf7 for details, which states that using `hg serve` directly isn't expected for a web service.) I'm not knowledgeable enough in this area to know if we should follow up with disabling certain ciphers too. But this should provide better security on its own. [1] https://datatracker.ietf.org/doc/rfc8996/ [2] https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#sslversionmin [3] https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/ [4] https://security.googleblog.com/2018/10/modernizing-transport-security.html [5] https://techcommunity.microsoft.com/blog/windows-itpro-blog/tls-1-0-and-tls-1-1-soon-to-be-disabled-in-windows/3887947
author Matt Harbison <matt_harbison@yahoo.com>
date Mon, 11 Nov 2024 21:25:03 -0500
parents 3aa1b7ded52c
children
line wrap: on
line source

/*
 util.h - utility functions for interfacing with the various python APIs.

 This software may be used and distributed according to the terms of
 the GNU General Public License, incorporated herein by reference.
*/

#ifndef _HG_UTIL_H_
#define _HG_UTIL_H_

#include "compat.h"

/* clang-format off */
typedef struct {
	PyObject_HEAD
	int flags;
	int mode;
	int size;
	int mtime_s;
	int mtime_ns;
} dirstateItemObject;
/* clang-format on */

static const int dirstate_flag_wc_tracked = 1 << 0;
static const int dirstate_flag_p1_tracked = 1 << 1;
static const int dirstate_flag_p2_info = 1 << 2;
static const int dirstate_flag_mode_exec_perm = 1 << 3;
static const int dirstate_flag_mode_is_symlink = 1 << 4;
static const int dirstate_flag_has_fallback_exec = 1 << 5;
static const int dirstate_flag_fallback_exec = 1 << 6;
static const int dirstate_flag_has_fallback_symlink = 1 << 7;
static const int dirstate_flag_fallback_symlink = 1 << 8;
static const int dirstate_flag_expected_state_is_modified = 1 << 9;
static const int dirstate_flag_has_meaningful_data = 1 << 10;
static const int dirstate_flag_has_mtime = 1 << 11;
static const int dirstate_flag_mtime_second_ambiguous = 1 << 12;
static const int dirstate_flag_directory = 1 << 13;
static const int dirstate_flag_all_unknown_recorded = 1 << 14;
static const int dirstate_flag_all_ignored_recorded = 1 << 15;

extern PyTypeObject dirstateItemType;
#define dirstate_tuple_check(op) (Py_TYPE(op) == &dirstateItemType)

#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
/* VC9 doesn't include bool and lacks stdbool.h based on my searching */
#if defined(_MSC_VER) || __STDC_VERSION__ < 199901L
#define true 1
#define false 0
typedef unsigned char bool;
#else
#include <stdbool.h>
#endif

static inline PyObject *_dict_new_presized(Py_ssize_t expected_size)
{
	/* _PyDict_NewPresized expects a minused parameter, but it actually
	   creates a dictionary that's the nearest power of two bigger than the
	   parameter. For example, with the initial minused = 1000, the
	   dictionary created has size 1024. Of course in a lot of cases that
	   can be greater than the maximum load factor Python's dict object
	   expects (= 2/3), so as soon as we cross the threshold we'll resize
	   anyway. So create a dictionary that's at least 3/2 the size. */
	return _PyDict_NewPresized(((1 + expected_size) / 2) * 3);
}

/* Convert a PyInt or PyLong to a long. Returns false if there is an
   error, in which case an exception will already have been set. */
static inline bool pylong_to_long(PyObject *pylong, long *out)
{
	*out = PyLong_AsLong(pylong);
	/* Fast path to avoid hitting PyErr_Occurred if the value was obviously
	 * not an error. */
	if (*out != -1) {
		return true;
	}
	return PyErr_Occurred() == NULL;
}

#endif /* _HG_UTIL_H_ */