./devel/py-mercurial, Fast, lightweight source control management system

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 4.6nb1, Package name: py27-mercurial-4.6nb1, Maintainer: wiz

Mercurial is a free, distributed source control management tool.
It efficiently handles projects of any size and offers an easy and
intuitive interface.

Mercurial efficiently handles projects of any size and kind. Every
clone contains the whole project history, so most actions are local,
fast and convenient. Mercurial supports a multitude of workflows
and you can easily enhance its functionality with extensions.

It is easy to learn: You can follow our simple guide to learn how
to revision your documents with Mercurial, or just use the quick
start to get going instantly. A short overview of Mercurial's
decentralized model is also available.

And it just works: Mercurial strives to deliver on each of its
promises. Most tasks simply work on the first try and without
requiring arcane knowledge.

Required to run:
[devel/py-curses] [lang/python27]

Required to build:
[archivers/unzip] [pkgtools/cwrappers]

Master sites:

SHA1: 00b218892e244e549c6a1987a43e831951d7df2e
RMD160: 8ec766dc74c65d6540290c1d1f6e5093fae0a7e8
Filesize: 6080.806 KB

Version history: (Expand)

CVS history: (Expand)

   2018-05-25 15:04:56 by Joerg Sonnenberger | Files touched by this commit (11)
Log message:
Make bundles compatible with older hg versions. Bump revision.
   2018-05-20 12:23:02 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
py-mercurial: update to 4.6.

Mercurial 4.6 release

1. New Features

1.1. pullbundles

Pullbundles allow the server to answer client requests using
pre-built bundles. This is different from the existing clonebundle

    pullbundles can be used for both the initial clone and later pull operations
    pullbundles can be used incrementally, i.e. to cover the changes up to the \ 
start of the current month as one bundle and the remaining changes as second \ 
    the bundle is transferred inline as part of the existing connection without \ 
a secondary server

Pullbundles are only used for clients running Mercurial 4.6 as

1.2. push

If 'server.streamunbundle' option is enabled, the server will
directly apply the changes send by the changes. This avoids
potentially large temporary files on the server side. It can also
prevent concurrent pushes.

1.3. notify extension

The 'maxdiffstat' option can be used to truncate long file lists
similar to 'maxdiff' for the patch part of the email.

1.4. hgweb

hgweb now shows date and user for operations that resulted in
obsolete commit(s). For unstable commits, it shows the exact reason
why they are considered unstable.

Server: header is now configurable using web.server-header option.

1.5. templates

A new template keyword 'reporoot' which shows the root directory
of the current repository. A new template function 'mailmap' which
maps author fields based on values in a .mailmap file.

2. Backwards Compatibility Changes

    Support for connecting to Mercurial servers older than 0.9.1 has been removed.
    Working-directory commands now respect "-X PATTERN" no matter if \ 
PATTERN matches explicitly-specified FILEs. For example, "hg add foo -X \ 
foo" no longer add the file "foo".
    Support for the experimental manifestv2 format has been removed, as it was \ 
never completed and failed to meet expectations.
    '{' in output filename passed to archive/cat/export is taken as a start of a \ 
template expression.
    The HTTP wire protocol server no longer accepts the "cmd" argument \ 
to control which command to run via HTTP POST bodies. The "cmd" \ 
argument must be specified on the URL query string.
    Hgweb no longer reads form data in POST requests from multipart/form-data \ 
and application/x-www-form-urlencoded requests. Arguments should be specified as \ 
URL path components or in the query string in the URL instead.
    Query string shorts in hgweb like "?cs=@" have been removed. Use \ 
URLs of the form "/:cmd" instead.
    The HTTP client no longer accepts text/plain and application/hg-changegroup \ 
Content-Type values as a valid Mercurial command response. These should only be \ 
encountered on pre 1.0 Mercurial servers.

3. Performance Improvements

    'hg manifest --all' is likely slower due to changing its implementation to \ 
respect storage interface boundaries. If you are impacted by this regression in \ 
a meaningful way, please make noise on the development mailing list and it can \ 
be dealt with.
    'hg diff' is much faster for larger repositories. 40% improvements have been \ 
reported. Other operations using diffs like hgweb also benefit.

4. Bug Fixes

    grep: fixes erroneous output of grep in forward order (issue3885)
    dirstate: drop explicit files that shouldn't match (BC) (issue4679)
    procutil: rewrite popen() as a subprocess.Popen wrapper (issue4746) (API)
    bookmarks: test for exchanging long bookmark names (issue5165)
    templater: drop symbols which should be overridden by new 'ctx' (issue5612)
    clone: updates the help text for hg clone -{r,b} (issue5654)
    bundle: updates the help text for hg bundle (issue5744)
    histedit: make histedit's commands accept revsets (issue5746)
    releasenotes: replace abort with warning while parsing (issue5775)
    context: skip path conflicts by default when clearing unknown file (issue5776)
    templatekw: switch most of showlist template keywords to new API (issue5779)
    rebase: do not consider extincts for divergence detection (issue5782)
    revert: use an exact matcher in interactive diff selection (issue5789)
    subrepo: don't attempt to share remote sources (issue5793)
    lfs: respect narrowmatcher when testing to add 'lfs' requirement (issue5794)
    showconfig: allow multiple section.name selectors (issue5797)
    annotate: do not poorly split lines at CR (issue5798)
    convert: avoid closing ui.fout in subversion code (issue5807)
    setdiscovery: back out changeset 5cfdf6137af8 (issue5809)
    fsmonitor: layer on another hack in bser.c for os.stat() compat (issue5811)
    notify: access the initial revision on an unfiltered repository (issue5821)
    rebase: fix issue 5494 also with --collapse
    date: fixed a bug in parsing months like 'Feb 2018', 'Apr 2018'
    diffhelper: rename module to avoid conflicts with ancient C module (issue5846)
    infinitepush: ensure fileindex bookmarks use '/' separators (issue5840)
    import: fix crash on --exact check of empty commit (issue5702)
    hgweb: reuse body file object when hgwebdir calls hgweb (issue5851)
    debugcolor: fix crash by empty styles (issue5856)
    hgweb: discard Content-Type header for 304 responses (issue5844)
    hgweb: allow Content-Security-Policy header on 304 responses (issue5844)
    paper: don't register click handlers with inline javascript (issue5812)
    httppeer: detect redirect to URL without query string (issue5860)
    filelog: don't crash on invalid copy metadata (issue5748)

5. New experimental features

Each release there are lot of new features added which are hidden
under the EXPERIMENTAL tag as the behavior may change in future or
the feature is not complete yet. The experimental features added
in this cycle are:

5.1. narrow extension

Allows to create clones which fetch history data for only a subset
of files. This experimental extension is now distributed with

5.2. remotenames extension

Shows remotebookmarks and remotebranches in the UI. This experimental
extension is now distributed with Mercurial.

5.3. infinitepush extension

Allows to store some pushes in a remote blob store on the server
and to serve commits from remote blob store. The revisions are
stored on disk or in everstore, the metadata are stored in sql or
on disk. This experimental extension is now distributed with

5.4. fix extension

Allows to rewrite file content in changesets or working copy. For
example, automatically applying formatting fixes to modified lines
of code. This experimental extension is now distributed with

6. Other notable features

    revset: parse error now shows a hint where the error occurred
    templates: parse error now shows a hint where the error occured
    forget: new '--dry-run' and '--interactive' flags
    copyfile: preserve stat info (mtime, etc.) when doing copies/renames
    bundle2 format is documented and can be found using 'hg help internals.bundle2'
   2018-04-17 13:31:00 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-mercurial: update to 4.5.3.

This is a regularly-scheduled bugfix release.

1.1. Bug Fixes

    rebase: on abort, don't strip commits that didn't need to be rebased (issue5822)
    hgweb: garbage collect on every request
    amend: abort if unresolved merge conflicts found (issue5805)
   2018-03-25 10:02:47 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
py-mercurial: update to 4.5.2.

Mercurial 4.5.1 / 4.5.2 (2018-03-06)

(4.5.2 was released immediately after 4.5.1 to fix a release

This is a regularly-scheduled bugfix release.

1.1. Security Fixes

All versions of Mercurial prior to 4.5.2 have vulnerabilities in
the HTTP server that allow permissions bypass to:

    Perform writes on repositories that should be read-only
    Perform reads on repositories that shouldn't allow read access

The nature of the vulnerabilities is:

    Wire protocol commands that didn't explicitly declare their
    permissions had no permissions checking done. The web.{allow-pull,
    allow-push, deny_read, etc} config options governing access
    control were never consulted when running these commands. This
    allowed permissions bypass for impacted commands.

    The batch wire protocol command did not list its permission
    requirements nor did it enforce permissions on individual

The implication of these vulnerabilities is that no permissions
checking was performed on commands and this could lead to accessing
data that web.* config options were supposed to prevent access to
or modifying data (via wire protocol commands that can mutate data)
without authorization. A Mercurial HTTP server in its default
configuration is supposed to be read-only. However, a well-crafted
batch command could invoke commands that perform writes.

The batch write permissions bypass has been present since Mercurial
1.9. The flaw of not checking permissions for wire protocol commands
that don't declare their needed permissions has been present since
Mercurial 1.0.

Assuming you are running a server without any custom commands
provided by extensions, your exposure is unauthorized data access
(if relying on the web.* config options to limit access) and
unauthorized data mutation via the batch command.

Server operators can detect unauthorized use of the batch command
by looking for requests to URLs of the form repo?cmd=batch with
arguments containing pushkey or unbundle. This may produce false
positives. A more comprehensive check would decode the argument
string and verify that pushkey or unbundle are command names (not
values). The arguments specified via x-hgarg-<N> request headers
can span multiple headers. So advanced attackers could hide the
vulnerability by splitting a pushkey or unbundle string across
multiple headers. So the only reliable way to detect if this
vulnerability is being exploited is to decode these headers like
Mercurial does. The format for specifying arguments is documented
https://www.mercurial-scm.org/repo/hg/f … l.txt#l26.
Python code for decoding headers is at
https://www.mercurial-scm.org/repo/hg/f … ol.py#l70.

Mercurial 4.5.2 fixes these vulnerabilities by:

    Performing permissions checking on all wire protocol commands,
    not just commands that list their permissions.

    Checking permissions on sub-commands issued to the batch command.

Wire protocol commands not declaring wire protocol permissions will
be assumed to be read-write commands and a server in its default
configuration (which only allows read-only access), will refuse to
execute these commands.

For package maintainers needing to backport the fixes, the relevant
changesets from 4.5.2 are 2c647da851ed::2ecb0fc535b1. These can be
viewed online at e.g.
https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1. The author
of these commits has backports to 4.4 and 4.3 on a personal fork
at https://hg.mozilla.org/users/gszorc_mozilla.com/hg. The backports
for 4.4 are a4843835c835::7cf827e5f8af and for 4.3 are
db527ae12671::86f9a022ccb8. To obtain these changesets, run e.g.
hg pull -r 7cf827e5f8af https://hg.mozilla.org/users/gszorc_mozilla.com/hg.

1.2. Backwards Compatibility Changes

    The "batch" wire protocol command now enforces permissions of
    each invoked sub-command. Wire protocol commands must define
    their operation type or the "batch" command will assume they
    can write data and will prevent their execution on HTTP servers
    unless the HTTP request method is POST, the server is configured
    to allow pushes, and the (possibly authenticated) HTTP user is
    authorized to perform a push.
    Wire protocol commands not defining their operation type in
    "wireproto.PERMISSIONS" are now assumed to be used for "push"
    operations and access control to run those commands is now
    enforced accordingly.

1.3. Bug Fixes

    fileset: don't abort when running copied() on a revision with a removed file
    date: fix parsing months

    setup: only allow Python 3 from a source checkout (issue5804)

    annotate: do not poorly split lines at CR (issue5798)

    subrepo: don't attempt to share remote sources (issue5793)
    subrepo: activate clone pooling to enable sharing with remote URLs
    changegroup: do not delta lfs revisions
    revlog: do not use delta for lfs revisions
    revlog: resolve lfs rawtext to vanilla rawtext before applying delta
   2018-03-14 18:42:28 by Thomas Klausner | Files touched by this commit (2)
Log message:
py-mercurial: revert unintended commit
   2018-03-14 18:41:28 by Thomas Klausner | Files touched by this commit (2)
Log message:
devel/Makefile: + p5-PerlX-Maybe
   2018-02-11 17:04:21 by Thomas Klausner | Files touched by this commit (6) | Package updated
Log message:
py-mercurial: update to 4.5.

Mercurial 4.5 (2018-02-01)

1.1. New Features

1.1.1. revert --interactive

The revert command now accepts the flag --interactive to allow reverting only \ 
some of the changes to the specified files.

1.1.2. Accessing hidden changesets

Set config option 'experimental.directaccess = True' to access hidden changesets \ 
from read only commands.

1.1.3. githelp extension

The githelp extension provides the hg githelp command. This command attempts to \ 
convert a git command to its Mercurial equivalent. The extension can be useful \ 
to Git users new to Mercurial.

1.1.4. Largefiles changes

    largefiles: add a 'debuglfput' command to put largefile into the store
    largefiles: add support for 'largefiles://' url scheme
    largefiles: allow to run 'debugupgraderepo' on repo with largefiles
    largefiles: convert EOL of hgrc before appending to bytes IO
    largefiles: explicitly set the source and sink types to 'hg' for lfconvert
    largefiles: modernize how capabilities are added to the wire protocol

1.2. hgweb changes

hgweb now shows more information about commits: phase (if it's not public), \ 
obsolescence status (with a short explanation and links to the successors) and \ 
instabilities (e.g. orphan, phase-divergent or content-divergent).

Client-side graph code has been simplified by delegating more work to the \ 
backend, so /graph page is now more in sync with /log page, visually and \ 
feature-wise. Unfortunately, this code change means that 3rd-party themes for \ 
4.5+ are required to have graphentry.tmpl template available (copy it from the \ 
base theme if you don't use %include and then reference it in map file) and \ 
render entries in graph.tmpl -- look at one of the core themes to see what it \ 
needs to look like. JS functions that create graph vertices and edges are now \ 
available in Graph.prototype, making it possible to call the original functions \ 
from custom theme-specific functions if needed.

Graph now shows different symbols for normal, branch-closing, obsolete and \ 
unstable commits, and marks currently checked out commit with a circle around \ 
its graph node.

There's also now json-graph API endpoint that can be used for rendering commit \ 
graph in 3rd-party applications.

1.2.1. Other Changes

    When interactive revert is run against a revision other than the working \ 
directory parent, the diff shown is the diff to <em>apply</em> to \ 
the working directory, rather than the diff to <em>discard</em> from \ 
the working copy. This is in line with related user experiences with 'git' and \ 
appears to be less confusing with 'ui.interface=curses'.
    Let 'hg rebase' avoid content-divergence by skipping obsolete changesets \ 
(and their descendants) when they are present in the rebase set along with one \ 
of their successors but none of their successors is in destination.
    A new experimental config flag, 'rebase.experimental.inmemory', makes rebase \ 
perform an in-memory merge instead of doing it on-disk in the working copy.

    The HGPLAINEXCEPT environment variable can now include color to allow \ 
automatic output colorization in otherwise automated environments.
    A new unamend command in uncommit extension which undoes the effect of the \ 
amend command by creating a new changeset which was there before amend and \ 
moving the changes that were amended to the working directory.
    A '--abort' flag to merge command to abort the ongoing merge.
    An experimental flag '--rev' to 'hg branch' which can be used to change \ 
branch of changesets.
    bundle2 read I/O significantly improved
    bundle2 memory use significantly reduced during read
    clonebundle: it is now possible to serve the clonebundle using a git-lfs \ 
compatible server.

    templatefilters: add slashpath() to convert path separator to slash (issue5572)
    A new experimental config flag, 'inline-color-diff', adds within-line color \ 
diff capacity
    histedit: add support to output nodechanges using formatter to help with \ 
editor integrations

1.3. Backwards Compatibility Changes

    log --follow-first -rREV, which is deprecated, now follows the first parent \ 
of merge revisions from the specified REV just like log --follow -rREV.

    log --follow -rREV FILE.. now follows file history across copies and renames.
    transaction: register summary callbacks only at start of transaction

    hgweb's graph view no longer supports browsers that lack <canvas> support
    hgweb: only include graph-related data in jsdata variable on /graph pages

    graphlog: add another graph node type, unstable, using character *
    remove: print message for each file in verbose mode only while using '-A'

1.4. Bug Fixes

    Bookmark, whose name is longer than 255, can again be exchanged again \ 
between 4.4+ client and servers (issue5165)

    The convert extension works with bzr < 2.6.0 again (issue5733)

    Mercurial will now attempt to use hardlinks on NTFS on Windows (issue4580)

    The revset x^:: is now correctly parsed as (x^):: instead of being an error \ 

    Setting the diff.noprefix configuration option no longer breaks the --stat \ 
flag on hg diff (issue5759)

    hg outgoing now honors :pushurl paths from hgrc (issue5365)

    log: translate column labels at once (issue5750)

    patch: improve heuristics to not take the word diff as header (issue1879)

    templater: look up symbols/resources as if they were separated (issue5699)
    http and ssh: support for emitting extra debug logs about requests as they happen

1.5. API Changes

    bundlerepo.bundlerepository.bundle and \ 
bundlerepo.bundlerepository.bundlefile are now prefixed with an underscore.
    Rename bundlerepo.bundlerepository.bundlefilespos to _cgfilespos.
    dirstate no longer provides a 'dirs()' method. To test for the existence of \ 
a directory in the dirstate, use 'dirstate.hasdir(dirname)'.
    mapping does not contain all template resources. use context.resource() in \ 
template functions.

    text=False|True option is dropped from the vfs interface because of Python 3 \ 
compatibility issue. Use util.tonativeeol/fromnativeeol() to convert EOL \ 

    wireproto.streamres.__init__ no longer accepts a reader argument. Use the \ 
gen argument instead.
    exchange.getbundlechunks() now returns a 2-tuple instead of just an iterator.
    bundle2 parts are no longer seekable by default
    memfilectx: the changectx argument is now mandatory in constructor
   2018-01-16 10:24:56 by Thomas Klausner | Files touched by this commit (3)
Log message:
py-mercurial: add upstream patch to fix test failure

No change to binary package, so no PKGREVISION bump.