Bryan O'Sullivan <bryano@fb.com> [Wed, 10 Apr 2013 15:05:06 -0700] rev 18896
merge
Siddharth Agarwal <sid0@fb.com> [Wed, 10 Apr 2013 12:34:42 -0700] rev 18895
manifestmerge: handle workdir removed, remote removed with flags
This can happen when a file with flags is removed or deleted in the working
directory and also not present in m2. The obvious solution is to add a
__delitem__ override to manifestdict that removes the file from flags if
necessary, but that has a significant performance cost in some cases, e.g.
hg status --rev rev1 --rev rev2 <file>.
Siddharth Agarwal <sid0@fb.com> [Wed, 10 Apr 2013 12:31:07 -0700] rev 18894
dicthelpers.diff: compare against default for missing values
This is not only a bit faster, but also aligns with callers' expectations
better since we can legitimately have manifestdict's _flags set to '' instead
of unset.
hg perfmergecalculate -r .
before: ! wall 0.139582 comb 0.140000 user 0.140000 sys 0.000000 (best of 59)
after: ! wall 0.126154 comb 0.120000 user 0.120000 sys 0.000000 (best of 74)
hg perfmergecalculate -r .^
before: ! wall 0.236333 comb 0.240000 user 0.240000 sys 0.000000 (best of 36)
after: ! wall 0.212265 comb 0.210000 user 0.210000 sys 0.000000 (best of 45)
Brendan Cully <brendan@kublai.com> [Tue, 09 Apr 2013 21:38:08 -0700] rev 18893
templater: back out 0615b22da148, it breaks schemes ({1})
Bryan O'Sullivan <bryano@fb.com> [Tue, 09 Apr 2013 09:40:40 -0700] rev 18892
debuglabelcomplete: compute active branch heads correctly
The previous computation was simply wrong.
Matt Mackall <mpm@selenic.com> [Mon, 08 Apr 2013 17:57:42 -0500] rev 18891
merge with i18n
Note: i18n work should normally be done on stable
Stefano Tortarolo <stefano.tortarolo@gmail.com> [Fri, 05 Apr 2013 17:04:37 +0200] rev 18890
hg-i18n-it: minor fixes
Bryan O'Sullivan <bryano@fb.com> [Mon, 08 Apr 2013 15:04:17 -0700] rev 18889
templater: fix check-code error
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:28:10 +0900] rev 18888
smtp: verify the certificate of the SMTP server for STARTTLS/SMTPS
Before this patch, the certificate of the SMTP server for STARTTLS or
SMTPS isn't verified.
This may cause man-in-the-middle security problem (stealing
authentication information), even though SMTP channel itself is
encrypted by SSL.
When "[smtp] tls" is configured as "smtps" or "starttls", this patch:
- uses classes introduced by preceding patches instead of "SMTP" or
"SMTP_SSL" of smtplib, and
- verifies the certificate of the SMTP server, if "[smtp]
verifycert" is configured as other than False
"[smtp] verifycert" can be configured in 3 levels:
- "strict":
This verifies peer certificate, and aborts if:
- peer certification is not valid, or
- no configuration in "[hostfingerprints]" and "[web] cacerts"
This is default value of "[smtp] verifycert" for security.
- "loose":
This verifies peer certificate, and aborts if peer certification is
not valid.
This just shows warning message ("certificate not verified"), if
there is no configuration in "[hostfingerprints]" and "[web]
cacerts".
This is as same as verification for HTTPS connection.
- False(no verification):
Peer certificate is not verified.
This is as same as the behavior before this patch series.
"hg email --insecure" uses "loose" level, and ignores "[web] cacerts"
as same as push/pull/etc... with --insecure.
Ignoring "[web] cacerts" configuration for "hg email --insecure" is
already done in "dispatch._dispatch()" by looking "insecure" up in the
table of command options.
FUJIWARA Katsunori <foozy@lares.dti.ne.jp> [Tue, 26 Mar 2013 02:28:10 +0900] rev 18887
sslutil: abort if peer certificate is not verified for secure use
Before this patch, "sslutil.validator" may returns successfully, even
if peer certificate is not verified because there is no information in
"[hostfingerprints]" and "[web] cacerts".
To prevent from sending authentication credential to untrustable SMTP
server, validation should be aborted if peer certificate is not
verified.
This patch introduces "strict" optional argument, and
"sslutil.validator" will abort if it is True and peer certificate is
not verified.