subrepo: disable git and svn subrepos by default (BC) (SEC) We have a security issue with git subrepos. I'm not sure if svn subrepo is vulnerable, but it seems not 100% safe to allow writing arbitrary data into a metadata directory. So for now, only hg subrepo is enabled by default. Maybe we should improve the help to describe why git/svn subrepos are disabled.

subrepo: extend config option to disable subrepos by type (SEC) This allows us to minimize the behavior change introduced by the next patch. I have no idea which config style is preferred in UX POV, but I decided to get things done. a) list: 'allowed = hg, git, svn' b) sub option: 'allowed.hg = True' or 'allowed:hg = True' c) per-type action: 'hg = allow', 'git = abort'

subrepo: add config option to reject any subrepo operations (SEC) This is an alternative workaround for the issue5730. Perhaps this is the simplest way of disabling subrepo operations. It does nothing clever, but just aborts if Mercurial starts accessing to a subrepo. I think Greg's patch is more useful since it allows us to at least check out the parent repository. However, that would be confusing if the default is flipped to checkout=False and subrepos are silently ignored. I don't like the config name 'allowed', but I couldn't get any better name.

subrepo: disallow symlink traversal across subrepo mount point (SEC) It wasn't easy to extend the pathauditor to check symlink traversal across subrepos because pathauditor._checkfs() rejects a directory having ".hg" directory. That's why I added the explicit islink() check. No idea if this patch is necessary after we've fixed the issue5730 by splitting submerge() into planning and execution phases.

tests: show symlink traversal across subrepo mount point (SEC) Also adds a couple of tests where the auditor does work as expected.

share: move config item declarations into core These config items control share behavior that is implemented in core. Since the functionality is implemented in core, extensions may leverage it. Mozilla has one such extension. And, it needs to access share.pool. Before this patch, a devel warning regarding accessing an unregistered config option would be issued unless the share extension were loaded. Moving the registration of the config options to core fixes this.

morestatus: don't crash with different drive letters for repo.root and CWD Previously, if there were unresolved files and the CWD drive was different from the repo drive, `hg status -v` would page the normal status, followed by the exception header. A stacktrace was waiting when the pager exited. The underlying cause was the same as f445b10dc7fb. Unfortunately, I don't see any reasonable way to write a test this [1]. [1] https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107401.html

pathutil: add doctests for canonpath() This is a followup to f445b10dc7fb. Since there's no way to ensure that more drive letters than C: exist, this seems like the only way to test it. This is enough to catch the f445b10dc7fb scenario, as well as CWD outside of the repo when the path isn't prefixed with path/to/repo.

share: handle --relative shares to a different drive letter gracefully This had the same problem as f445b10dc7fb. Banning os.path.relpath() is tempting, but the hint it provides is useful here.

py3: handle keyword arguments in hgext/gpg.py Differential Revision: https://phab.mercurial-scm.org/D1303

py3: handle keyword arguments in hgext/fetch.py Differential Revision: https://phab.mercurial-scm.org/D1302

py3: handle keyword arguments in hgext/extdiff.py Differential Revision: https://phab.mercurial-scm.org/D1301

py3: handle keyword arguments in hgext/commitextras.py Differential Revision: https://phab.mercurial-scm.org/D1300

py3: handle keyword arguments in hgext/churn.py Differential Revision: https://phab.mercurial-scm.org/D1299

py3: handle keyword arguments in hgext/children.py Differential Revision: https://phab.mercurial-scm.org/D1298

py3: handle keyword arguments in hgext/blackbox.py Differential Revision: https://phab.mercurial-scm.org/D1297

py3: handle keyword arguments in hgext/automv.py Differential Revision: https://phab.mercurial-scm.org/D1296

py3: handle keyword arguments in hgext/amend.py Differential Revision: https://phab.mercurial-scm.org/D1295

run-tests: allow automatic test discovery when providing folder as argument Currently `run-tests.py` automatically discovers test only in the current directory if no argument is provided. This patch makes it possible to pass a number of tests and folders as arguments.

revert: do not reverse hunks in interactive when REV is not parent (issue5096) And introduce a new "apply" operation verb for this case as suggested in issue5096. This replaces the no longer used "revert" operation. In interactive revert, when reverting to something else that the parent revision, display an "apply this change" message with a diff that is not reversed. The rationale is that `hg revert -i -r REV` will show hunks of the diff from the working directory to REV and prompt the user to select them for applying (to working directory). This contradicts dcc56e10c23b in which it was decided to have the "direction" of prompted hunks reversed. Later on [1], there was a broad consensus (but no decision) towards the "as to be applied direction". Now that --interactive is no longer experimental (5910db5d1913), it's time to switch and thus we drop no longer used "experimental.revertalternateinteractivemode" configuration option. [1]: https://www.mercurial-scm.org/pipermail/mercurial-devel/2016-November/090142.html .. feature:: When interactive revert is run against a revision other than the working directory parent, the diff shown is the diff to *apply* to the working directory, rather than the diff to *discard* from the working copy. This is in line with related user experiences with `git` and appears to be less confusing with `ui.interface=curses`.

merge with stable

run-tests: endswith takes bytes as argument in python3, not str

pathutil: use util.pathto() to calculate relative cwd in canonpath() os.path.relpath() exploded if the 'root' and 'cwd' directories had different drive letters. I noticed this in TortoiseHg when typing a fileset into the filter, and it kept complaining until the closing '()' was typed. This was reproducible on the command line with: $ cd /d $ hg -R /c/Users/Matt/Projects/hg files 'set:e' Traceback (most recent call last): ... File "mercurial\pathutil.pyc", line 182, in canonpath File "ntpath.pyc", line 529, in relpath ValueError: path is on drive c:, start on drive d:

patch: improve heuristics to not take the word "diff" as header (issue1879) The word "diff" is likely to appear in a commit message. Let's make it less likely by requiring "diff -" for "diff -r" or "diff --git".

rebase: drop --style option It existed from the very start, but I don't think the rebase command does support log-like templates.

run-tests: $TESTDIR can be something else than $PWD $TESTDIR is expected to be the directory were the test lives, and is often used to reference helper functions. However, it is now set to $PWD at test invocation time, so if `run-tests.py` is called from another folder, the test will fail. The solution is to force $TESTDIR to be the base directory of the test itself, irrespective of where the runner is called from.

obsolete: activate effect-flag by default Let's activate effect-flag by default as Evolve is experimental and in order to gather feedback from users.

debug: print parsed bundle2 capabilities with debugcapabilities The bundle2 capabilities are hard to read in their encoded form. We parse and print them in a human friendly way.

debug: add a debugcapabilities commands This new debugcommand prints the capabilities of any remote in a human friendly way. Improved bundle2 capabilities support will be introduced in the next changesets.

revert: no longer mark --interactive as experimental We seem to have settled down on behavior changes here (nothing matching revset `keyword(revert) and keyword(interactive)` since 4.2 was released), so let's go ahead and advertise this excellent feature. .. feature:: revert --interactive The revert command now accepts the flag --interactive to allow reverting only some of the changes to the specified files.

ui: add configlist doctest to document a bit more of the whitespace behavior I'm surprised this wasn't explicitly tested, so I added a test.

merge stable into default

Added signature for changeset 0ccb43d4cf01

Added tag 4.4 for changeset 0ccb43d4cf01

test-dispatch: stabilize the test When cwd is removed and `hg` is executed, some shells may run `getcwd` before forking and executing, some may not do it, some may print a different error message. The test should be shell-independent so let's just avoid checking the error message. Differential Revision: https://phab.mercurial-scm.org/D1282

internals: update test-help.t for config registrar copy-edit

internals: copy-edit "register" -> "registrar" in configitem docs

merge with i18n

i18n-pt_BR: synchronized with cab34bda259e

help: minor copy editing for grammar

configitems: relax warning about unwanted default value The original condition was a bit harsh for extension authors since third-party extensions need to preserve compatibility with older Mercurial versions, where no defaults would be loaded from the configtable. So let's silence the warning if the given default value matches, which should be harmless.

filemerge: pass a default value to _toolstr (issue5718) After a refactoring, _toolstr stopped having default="" as one of it's args, therefore when called without a default it returns None and not "". This causes concatenation to fail.

children: fix the log expansion of `hg children` in doc `hg log -r children()` returns `hg: parse error: missing argument`. Differential Revision: https://phab.mercurial-scm.org/D1269

test-static-http: flush access log per request It appears that stderr is fully buffered on Windows. # no-check-commit because of log_message() function

statichttprepo: do not use platform path separator to build a URL It wouldn't work between Windows client and Unix server.

merge: disable path conflict checking by default (issue5716) We shouldn't ship a severe perf regression in hg update for 4.4. Differential Revision: https://phab.mercurial-scm.org/D1223

merge: add a config option to disable path conflict checking We've found a severe perf regression in `hg update` caused by the path conflict checking code. The next patch will disable this by default. Differential Revision: https://phab.mercurial-scm.org/D1222

dirstate: clean up when restoring identical backups When a dirstate backup is restored, it is possible that no actual changes to the dirstate have been made. In this case, the backup is still a hardlink to the original dirstate. Unfortunately, `os.rename` silently fails (nothing happens, and no error occurs) when `src` and `dst` are hardlinks to the same file. As a result, the backup is left lying around. Over time, these files accumulate. When restoring dirstate backups, check if the backup and the dirstate are the same file, and if so, just delete the backup. Differential Revision: https://phab.mercurial-scm.org/D1201