* narrow: stricter validation of narrowspec patterns
* narrow: stricter validation of narrowspec patterns in rhg
* rhg: fix a bug where only the first pattern in narrowspec was validated
* extensions: allow wrapping a function with a bytes name again
* upgrade: fix a reference to a missing attribute
* bundles: filter out unsupported requirements for non-packed1 format
* dirstate-race: add more output to highlight a "to-be-revealed" bug
* dirstate-race: simplify some output match to highligh an error
* dirstate-race: fix a missing synchronisation in the python code
* dirstatemap: stop setting identity after reading the data
* sshpeer: fix deadlock on short writes
* sshpeer: fix another occurrence of short write handling
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=373
* ci: disable caching of the wheels that get built to save space
* tests: use `--no-cache-dir` with `pip`
* run-tests: disable caching of the wheels when installing test Mercurial
* manifest: delay import of `typing.ByteString` for py 3.14 support (issue6940)
* contrib: propagate `pytype` failures outside of `check-pytype.sh`
* acl: fix confusing formatting in help text (issue6942)
* ui: fix escape sequences in in readline prompts (issue6930)
* ci: let branch job run for scheduled build too
* ci: automatically starts platform and py-version test for scheduled build
* help: fix command build with rust
* copyright: update to 2025
* ci: also let the nightly build run on tags
* usage: refactor usage.resources config parsing
* hg-core: fix usage.resources typo
* hg-core: fix usage.resources default logic
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=371
* copytracing: fix a bug in an edge
* largefiles: fix check that ensures that --all-largefiles is only
* rhg: expand user and environment variable in paths to ignore in config
* phases: introduce a performant efficient way to access
* branchcache: add more test for the logic around
* branchcache: skip entries that are topological
* stream: in v3, skip the "size" fast path if the entries have some
* inline-changelog: fix a critical bug in write_pending that delete data
* inline-changelog: fix pending transaction visibility when splitting
* bundle2: make the "hgtagsfnodes" part advisory
Exceptional release following a crash found in delta code that
+ New Experimental Features
+ Bug Fixes
* rust-python-index: don't panic on a corrupted index when calling
* cext: fix potential memory leaks of list items appended
*not* using `persistent-nodemap`
If this is something that matters to you, please reach out to us as this
is not an insurmountable obstacle. This is a choice base on the assumption
that there are few people in this situation and our time should be spent
* 62913:498017baa34b "cleanup: remove some code scheduled to be removed
* 62914:88ef80210d67 "cleanup: drop `dirstate.is_changing_parent`
* 62916:d8f65fc72e7b "cleanup: drop deprecated config attribute
* 62917:5c9c41273367 "cleanup: turn `pathsuboption` deprecation warning
* 62918:7b837fabc990 "cleanup: turn `wrappedfunction` deprecation warning
* 62919:eda075d7b2ac "cleanup: turn `wrapfunction` deprecation warning
* 62920:c845479fc64d "cleanup: drop the `bytes` compatibility
* 63465:a93e52f0b6ff "changelog: disallow delayed write on inline
* 63825:79cd29d598af "dirstate: make the `transaction` argument
+ Miscellaneous
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=365
- Mercurial 6.7.4
Exceptional release following a critical regression causing possible data loss
in certain conditions:
* inline-changelog: fix a critical bug in write_pending that delete data
(3cf9e52f5e27)
* inline-changelog: fix pending transaction visibility when splitting
(1721d983dd6d)
Other changes in this release:
* exchange: fix locking to actually be scoped
* chistedit: change action for the correct item
* rust-status: sort the failed matches when printing them
* hooks: add a prewlock and a prelock hooks
* bookmark: fix remote bookmark deletion when the push is raced (forwarded request 1180231 from develop7)
OBS-URL: https://build.opensuse.org/request/show/1180232
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=200
Exceptional release following a critical regression causing possible data loss
in certain conditions:
* inline-changelog: fix a critical bug in write_pending that delete data
(3cf9e52f5e27)
* inline-changelog: fix pending transaction visibility when splitting
(1721d983dd6d)
Other changes in this release:
* exchange: fix locking to actually be scoped
* chistedit: change action for the correct item
* rust-status: sort the failed matches when printing them
* hooks: add a prewlock and a prelock hooks
* bookmark: fix remote bookmark deletion when the push is raced
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=353
- Update to Mercurial 6.6.2
* histedit: remove superfluous echo() and endwin() calls (issue6859)
* persistent-nodemap: avoid writing nodemap for empty revlog
* persistent-nodemap: respect the mmap setting when refreshing data
* bundle: do not detect --base argument that match nothing as lack of argument
* narrow: prevent removal of ACL-defined excludes
* pycompat: fix bytestr(bytes) in Python 3.11 (forwarded request 1138357 from develop7)
OBS-URL: https://build.opensuse.org/request/show/1138358
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=192
- Update to Mercurial 6.6.2
* histedit: remove superfluous echo() and endwin() calls (issue6859)
* persistent-nodemap: avoid writing nodemap for empty revlog
* persistent-nodemap: respect the mmap setting when refreshing data
* bundle: do not detect --base argument that match nothing as lack of argument
* narrow: prevent removal of ACL-defined excludes
* pycompat: fix bytestr(bytes) in Python 3.11
OBS-URL: https://build.opensuse.org/request/show/1138357
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=337
- Update to Mercurial 6.6.1.
The first two patches fix aborted transactions that could happen since 6.6.
* revlog: avoid exposing delayed index entry too widely in non-inline revlog
* revlog: avoid wrongly updating the data file location on "divert"
* tests: do not fail tests in a state with uncommitted .py file removal
* perf-tags: fix the --clear-fnode-cache-rev code
* perf-tags: fix clear_cache_fnodes to actually clear that cache
* censor: fix things around inlining
* Various Python 3 cleanups
* Various Windows test suite fixes
OBS-URL: https://build.opensuse.org/request/show/1134310
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=333
- Mercurial 6.5.2
* hgweb: encode WSGI environment using the ISO-8859-1 codec
* rhg: fix the bug where sparse config is interpreted as relglob instead of glob
* gpg: fix an UnboundLocalError whenever using --force
* transaction: fix __repr__() and make the default name bytes
* setup: make the error "Unable to find a working hg binary" more informative
* tests: avoid test environment affecting setup.py
* run-tests: detect HGWITHRUSTEXT value (forwarded request 1109476 from develop7)
OBS-URL: https://build.opensuse.org/request/show/1109477
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=187
- Mercurial 6.5.2
* hgweb: encode WSGI environment using the ISO-8859-1 codec
* rhg: fix the bug where sparse config is interpreted as relglob instead of glob
* gpg: fix an UnboundLocalError whenever using --force
* transaction: fix __repr__() and make the default name bytes
* setup: make the error "Unable to find a working hg binary" more informative
* tests: avoid test environment affecting setup.py
* run-tests: detect HGWITHRUSTEXT value
OBS-URL: https://build.opensuse.org/request/show/1109476
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=327
- Mercurial 6.5
Regularly scheduled major release
As usual, a lot of patches don't make it to this list since they're more internal.
- New Features
* Improved Python 3.12 compatiblity
* configitems: enable changegroup3 by default (unless using infinitepush)
* extras: expose 'retained_extras' for extensions to extend
* stabletailgraph: implement stable-tail sort
* stabletailgraph: naive version of leap computation
* bundle: introduce a "v3" spec
* clone-bundles: add a basic first version of automatic bundle generation
* clone-bundles: garbage collect older bundle when generating new ones
* clone-bundles: only regenerate the clone bundle when cached ration is low
* clone-bundles: also control automation based on absolute number
of revisions
* clone-bundles: add a configuration to control auto-generation on changes
* clone-bundles: introduce a command to refresh bundle
* clone-bundles: add a command to clear all bundles
* clone-bundles: add an option to generate bundles in the background
* clonebundles: add support for inline (streaming) clonebundles
* clonebundles: adds a auto-generate.serve-inline option
* match: add `filepath:` pattern to match an exact filepath relative to
the root
* hgweb: add "children" into the JSON template for a changeset
* hgweb: add support to explicitly access hidden changesets
* pull: add --remote-hidden option and pass it through peer creation
* hidden: add support for --remote-hidden to HTTP peer
* hidden: support passing --hidden with `serve --stdio`
* hidden: add support to explicitly access hidden changesets with
SSH peers (forwarded request 1101192 from develop7)
OBS-URL: https://build.opensuse.org/request/show/1101193
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=185
- Mercurial 6.5
Regularly scheduled major release
As usual, a lot of patches don't make it to this list since they're more internal.
- New Features
* Improved Python 3.12 compatiblity
* configitems: enable changegroup3 by default (unless using infinitepush)
* extras: expose 'retained_extras' for extensions to extend
* stabletailgraph: implement stable-tail sort
* stabletailgraph: naive version of leap computation
* bundle: introduce a "v3" spec
* clone-bundles: add a basic first version of automatic bundle generation
* clone-bundles: garbage collect older bundle when generating new ones
* clone-bundles: only regenerate the clone bundle when cached ration is low
* clone-bundles: also control automation based on absolute number
of revisions
* clone-bundles: add a configuration to control auto-generation on changes
* clone-bundles: introduce a command to refresh bundle
* clone-bundles: add a command to clear all bundles
* clone-bundles: add an option to generate bundles in the background
* clonebundles: add support for inline (streaming) clonebundles
* clonebundles: adds a auto-generate.serve-inline option
* match: add `filepath:` pattern to match an exact filepath relative to
the root
* hgweb: add "children" into the JSON template for a changeset
* hgweb: add support to explicitly access hidden changesets
* pull: add --remote-hidden option and pass it through peer creation
* hidden: add support for --remote-hidden to HTTP peer
* hidden: support passing --hidden with `serve --stdio`
* hidden: add support to explicitly access hidden changesets with
SSH peers
OBS-URL: https://build.opensuse.org/request/show/1101192
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=323
- Update to Mercurial 6.3.2
* [ecfc84b956a8] tests: expect the message from 1baf0fffd82f
in test-hghave.t (issue6762)
* [5c095119bff4] tests: add the missing space to test-hghave.t (issue6762)
* [2c346c1c75ec] tests: use an all too familiar executable
in test-run-tests.t (issue6661)
* [13c0e3b4fd35] tests: use `test -f` instead of `ls` to see if a file
is present (issue6662)
* [8ced4ca30ea1] bisect: correct message about aborting an in-progress
bisect (issue6527)
* filemerge: fix crash when using filesets in [partial-merge-tools]
* help: fix a py3 error interpolating Set into b'%s'
* match: make the FLAG_RE pattern a raw string
* python-compat: adapt to Python 3.11 BC breakage with `random.sample`
* rust-status: fix thread count ceiling
* hg: show the correct message when cloning an LFS repo
with extension disabled
* extensions: process disabled external paths when `hgext` package
is in-memory
* emitrevision: consider ancestors revision to emit as available base
* make: add a target for building pyoxidizer tests on macOS
* run-tests: support --pyoxidized on macOS
* packaging: add dependencies to the PyOxidizer build on macOS
* Miscellaneous test fixes
OBS-URL: https://build.opensuse.org/request/show/1055961
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=310
* mergetools: don't let meld open all changed files on startup
* heptapod-ci: use shell script in pytype step
* rhg: fix bugs around [use-dirstate-tracked-hint] and repo auto-upgrade
* status: let `--no-copies` override `ui.statuscopies`
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=304
- update to 6.2.2:
* fsmonitor: restore functionality by moving to new dirstate APIs
* dirstate-v2: fix data file transaction handling (issue6730)
* rust: fix behavior when matching files with multiple includes
* rust: widen range of compatible crates to help with packaging
* rust-status: ignored directories are now correctly only listed if opted into
* automation: improve Windows packaging tooling
* contrib: update Mercurial install in bootstrap environment
* Remove flakiness in some tests
* Improve portability of certain tar uses in tests
OBS-URL: https://build.opensuse.org/request/show/1002932
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=175
* fsmonitor: restore functionality by moving to new dirstate APIs
* dirstate-v2: fix data file transaction handling (issue6730)
* rust: fix behavior when matching files with multiple includes
* rust: widen range of compatible crates to help with packaging
* rust-status: ignored directories are now correctly only listed if opted into
* automation: improve Windows packaging tooling
* contrib: update Mercurial install in bootstrap environment
* Remove flakiness in some tests
* Improve portability of certain tar uses in tests
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=302
- Update to Mercurial 6.2.1.
* git: make sure to fsdecode bookmark names everywhere (issue6723)
* git: add a missing reset_copy keyword argument to dirstate.set_tracked()
* git: copy findmissingrevs() from revlog.py to gitlog.py (issue6472)
* sslutil: use proper attribute to select python 3.7+
* sslutil: another use proper attribute to select python 3.7+
* mergestate: action name was str
* packaging: update keyring on Windows to avoid spurious stacktraces
* packaging: bump dulwich to 0.20.45
* debug-discovery: fix a typo in the doc
* debug-discovery: properly apply remote filtering in "old" mode
* debug-discovery: also gather details on tree-discovery queries type
* debug-discovery: gather the right number of roundtrips for tree discovery
* debug-discovery: do not abort on unrelated repositories
* debug-discovery: deal with case where common is empty
* tree-discovery: fix the request debug output and progress location
* debug-discovery: apply spelling fixes from Raphaël
OBS-URL: https://build.opensuse.org/request/show/991725
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=300
- removed _service in favour of running download_files manually
- Mercurial 6.1.2:
* Improve Windows test suite
* Fix `debuglock` not ignoring a missing lockfile when forcing a lock
* Improve help of `ui.large-file-limit`
* Set the large-file-limit to 10MB (from 10MiB) for clarity
* While rewriting desc hashes, ignore ambiguous prefix "hashes"
* Fix a crash in partial amend with copies
* Fix a py3 compatiblity bug
* **Fix incorrect metadata causing dirstate-v2 data loss in edge case (dd2503a63d33)**
* Fix cleanup of old dirstate-v2 data files when using `rhg`
* Make reference to `.hg/last_message.txt` relative in commit
* Fix an infinite hang when `rhg` is used in the background
* Fix Python DLL loading bug in Windows
* Add `--docket` flag to `debugstate` to check out dirstate-v2 metadata
* Remove `debugdirstateignorepatternhash` in favor of `debugstate --docket`
* Fix incorrect metadata causing systematic complete dirstate-v2 rewrite (forwarded request 975576 from develop7)
OBS-URL: https://build.opensuse.org/request/show/975577
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=171
- removed _service in favour of running download_files manually
- Mercurial 6.1.2:
* Improve Windows test suite
* Fix `debuglock` not ignoring a missing lockfile when forcing a lock
* Improve help of `ui.large-file-limit`
* Set the large-file-limit to 10MB (from 10MiB) for clarity
* While rewriting desc hashes, ignore ambiguous prefix "hashes"
* Fix a crash in partial amend with copies
* Fix a py3 compatiblity bug
* **Fix incorrect metadata causing dirstate-v2 data loss in edge case (dd2503a63d33)**
* Fix cleanup of old dirstate-v2 data files when using `rhg`
* Make reference to `.hg/last_message.txt` relative in commit
* Fix an infinite hang when `rhg` is used in the background
* Fix Python DLL loading bug in Windows
* Add `--docket` flag to `debugstate` to check out dirstate-v2 metadata
* Remove `debugdirstateignorepatternhash` in favor of `debugstate --docket`
* Fix incorrect metadata causing systematic complete dirstate-v2 rewrite
OBS-URL: https://build.opensuse.org/request/show/975576
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=294
- udpate to 6.1.1:
* Fix Rust compilation on `aarcch64`
* Fix Rust compilation on architectures where `char` is unsigned
* When the merge tool uses `$output`, don't leave markers in `$local`
* Improve test suite support on big-endian platforms
* Cap the number of concurrent threads to 16 in Rust `hg status` to prevent huge speed regression at higher thread counts
* Fix `amend` with copies in extras
* Abort if commit we're trying to `unamend` was not created by `hg [un]amend`
* Fix file name in the pullbundle help text
* Fix an issue with data not being correctly reset in the C implementation of dirstate-v2
* Fix issue6673 where some tags were missing from cache after a merge
* Fix stream-cloning a repo with empty requirements
* Fix a false warning about content-divergence creation
* Fix silly blackbox entries when hg is interrupted
* Fix unsoundness (no known exploits) in Rust extensions (see cfd270d83169 and dd6b67d5c256)
* Fix Rust dirstate counters not being updated correctly leading to some potential bugs (none known)
* Stop relying on a compiler implementation detail in Rust HgPath
OBS-URL: https://build.opensuse.org/request/show/970254
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=170
* Fix Rust compilation on `aarcch64`
* Fix Rust compilation on architectures where `char` is unsigned
* When the merge tool uses `$output`, don't leave markers in `$local`
* Improve test suite support on big-endian platforms
* Cap the number of concurrent threads to 16 in Rust `hg status` to prevent huge speed regression at higher thread counts
* Fix `amend` with copies in extras
* Abort if commit we're trying to `unamend` was not created by `hg [un]amend`
* Fix file name in the pullbundle help text
* Fix an issue with data not being correctly reset in the C implementation of dirstate-v2
* Fix issue6673 where some tags were missing from cache after a merge
* Fix stream-cloning a repo with empty requirements
* Fix a false warning about content-divergence creation
* Fix silly blackbox entries when hg is interrupted
* Fix unsoundness (no known exploits) in Rust extensions (see cfd270d83169 and dd6b67d5c256)
* Fix Rust dirstate counters not being updated correctly leading to some potential bugs (none known)
* Stop relying on a compiler implementation detail in Rust HgPath
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=292
- Mercurial 6.1
Regularly scheduled feature release.
This is the last release to support Python 2. Mercurial is Python 3 only
starting with 6.2
+ New Features
* Added a way of specifying required extensions that prevent Mercurial from starting if they are not found. See `hg help config.extensions`.
* Merge conflict markers have been made clearer (see backwards compatibility below)
* Improve detailed error codes
* Added a hint about mangled whitespace on bad patch
* Explain which order the commits are presented in `chistedit`
* Introduce a `dirstate-tracked-hint` feature to help automation keep
track of changes to tracked files. See
`hg help config.use-dirstate-tracked-hint`.
* Shared repositories can be upgraded if the upgrade is specific to
the share. For now, this only applies to `dirstate-v2` and
`dirstate-tracked-hint`.
* When using the `narrow` extension, non-conflicting changes to files
outside of the narrow specification can now be merged.
* When cloning a repository using stream-clone, the client can now control
the repository format variants to use as long as the stream content does
not restrict that variant.
+ Default Format Change
These changes affect newly created repositories (or new clones) done with
Mercurial 6.1.
* The share-safe format variant is now enabled by default. It makes
configuration and requirements more consistent across repository
and their shares. This introduces a behavior change as shares from
a repository using the new format will also use their main
repository's configuration. See `hg help config.format.use-share-safe`
for details about the feature and the available options for
OBS-URL: https://build.opensuse.org/request/show/958704
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=290
- Mercurial 6.0
Regularly scheduled feature release.
This is the last release to support Python 2. Python 2 support will be
dropped for all platforms in Mercurial 6.1.
+ New Features
* `debugrebuildfncache` now has an option to rebuild only the index files
* a new `bookmarks.mode` path option have been introduced to control the
bookmark update strategy during exchange with a peer. See `hg help paths`
for details.
* a new `bookmarks.mirror` option has been introduced. See
`hg help bookmarks` for details.
* more commands support detailed exit codes when config
`ui.detailed-exit-codes` is enabled
+ New Experimental Features
* __Major feature__: version 2 of the dirstate is available (the first
version is as old as Mercurial itself). It allows for much faster working
copy inspection (status, diff, commit, update, etc.) and richer
information (symlink and exec info on Windows, etc.). The format has been
frozen with room for some future evolution and the current implementations
(Python, Python + C, Python + Rust or pure Rust) should be compatible with
any future change or optimization that the format allows. You can get more
information in the internal documentation
* Added a new `web.full-garbage-collection-rate` to control performance. See
`de2e04fe4897a554b9ef433167f11ea4feb2e09c` for more information
* Added a new `histedit.later-commits-first` option to affect the
ordering of commits in `chistedit` to match the order in `hg log -G`.
It will affect the text-based version before graduating
from experimental.
- Bug Fixes
* `hg fix --working-dir` now correctly works when in an uncommitted
OBS-URL: https://build.opensuse.org/request/show/936056
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=289
- require openssl python module for runtime (not only build)
(boo#1132347)
A regularly scheduled bugfix release, late due to vacations and similar
+ record: prevent commits that don't pick up dirty subrepo
+ test-https: add some more known failure messages of client
- Mercurial 4.9
See complete changelog at
It was possible to use symlinks and subrepositories to defeat Mercurial's
path-checking logic and write files outside a repository. This has been
fixed. Users on older versions can either disable subrepositories witt
in their configuration or by ensuring any cloned repositories don't
+ 'hg histedit' will now present a curses UI if curses is available and
+ The 'sparse-revlog' delta strategy is enabled by default for new
+ New `rewrite.update-timestamp=True` option to update the commit
+ New `ui.message-output=stderr` option for scripting, which prevents
+ New `rootglob:` filename pattern for a glob that is rooted at the root
of the repository. See `hg help patterns` and `hg help hgignore` for
+ Some more reimplementation of ancestry algorithms in Rust for better
+ Boolean options passed to the logtoprocess extension are now formatted
+ The logtoprocess extension no longer supports invalid "ui.log()"
arguments. A log message is always formatted and passed in to the
+ Status messages may be sent to a dedicated stream depending on
configuration. Don't use "ui.status()", etc. as a shorthand for
+ Add 'exthelper' class to simplify extension writing by allowing
functions, commands, and configitems to be registered via annotations.
+ The extension hook "extsetup" without a 'ui' argument has been
deprecated, and will be removed in the next version. Add a 'ui' argument
OBS-URL: https://build.opensuse.org/request/show/693716
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=230
Mercurial 4.7.2
This is a regularly-scheduled bugfix release containing following fixes:
* security
+ Fix a potential out-of-bounds read in manifest parsing C code.
* core
+ various minor correctness fixes in revsets for commonancestors() and
similar
* unsorted
+ chgserver: do not send system() back to client if stdio
redirected (issue5992)
+ procutil: compare fd number to see if stdio protection
is needed (issue5992)
OBS-URL: https://build.opensuse.org/request/show/639634
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=216
- Mercurial 4.6.1
This is a regularly-scheduled bugfix release that also contains security
fixes.
* Security Fixes
Multiple issues found in mpatch.c with a fuzzer:
+ OVE-20180430-0001
+ OVE-20180430-0002
+ OVE-20180430-0004
With the following fixes:
mpatch: be more careful about parsing binary patch data (SEC)
mpatch: protect against underflow in mpatch_apply (SEC)
mpatch: ensure fragment start isn't past the end of orig (SEC)
mpatch: fix UB in int overflows in gather() (SEC)
mpatch: fix UB integer overflows in discard() (SEC)
mpatch: avoid integer overflow in mpatch_decode (SEC)
mpatch: avoid integer overflow in combine() (SEC)
No exploits are known at the time, however, it is highly recommended that
all users upgrade.
* Bug Fixes
Also included in this release are the following,
+ zstandard: pull in bug fixes from upstream 0.9.1 (issue5884)
+ bundle2: fix old clients from reading newer format (issue5872)
+ bdiff: fix xdiff long/int64 conversion (issue5885)
+ push: continue without locking on lock failure other than EEXIST (issue5882)
+ lfs: fix crash in command server (issue5902)
+ hghave: fix deadlock in test runner
+ rebase: fix error when computing obsoletenotrebased (issue5907)
+ rebase: prioritize indicating an interrupted rebase over update (issue5838)
+ revset: pass in lookup function to matchany() (issue5879)
OBS-URL: https://build.opensuse.org/request/show/615159
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=208
- Mercurial 4.3.1:
This is a regularly-scheduled quarterly feature release,
including the previous two security fixes (CVE-2017-1000115,
CVE-2017-1000116)
Notable changes:
* experimental amend extension providing the amend command
* experimental sparse extension
* Support for Python 2.6 has been dropped.
* Bundles created by the strip extension now store phase
information. It will be restored when unbundling.
* The strip extension now removes relevant obsmarkers.
If a backup requested (the default), the obsmarkers are stored
in the backup bundle and will be restored when unbundling.
* hg show work (from the experimental show extension) now
displays more info
* hg show stack is a new view for the current, in-progress
changeset and others around it
* Mitigation for two security vulnerabilities
(CVE-2017-1000115 bsc#1053344)
OBS-URL: https://build.opensuse.org/request/show/517349
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=189
- mercurial 4.2.3: security fix updates for
CVE-2017-1000115 and CVE-2017-1000116:
* Mercurial's symlink auditing was incomplete prior to 4.3, and
could be abused to write to files outside the repository
(CVE-2017-1000115)
* Mercurial was not sanitizing hostnames passed to ssh, allowing
shell injection attacks by specifying a hostname starting with
-oProxyCommand (CVE-2017-1000116, bsc#1052696)
OBS-URL: https://build.opensuse.org/request/show/515998
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=187
update to v3.7.3
This is an out of cycle release to address three security issues:
* CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
Mercurial prior to 3.7.3 contained two bounds-checking errors in its binary
delta decoder that may be exploitable via clone, push, or pull.
* CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
Mercurial prior to 3.7.3 allowed URLs for Git subrepos that could result in
arbitrary code execution on clone. This is a further side-effect of Git
CVE-2015-7545. Reported by Blake Burkhart.
* CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
Mercurial prior to 3.7.3 allowed arbitrary code execution when converting
Git repos with hostile names. This could affect automated conversion
services. Reported by Blake Burkhart.
OBS-URL: https://build.opensuse.org/request/show/381840
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=163
New upstream release
- update to version 2.9.1
* coal: hgweb style adds extra blank line in file view (issue4136)
* hg.openpath: use url.islocal to tell if the path is local (issue3624)
* hgweb: hack around mimetypes encoding thinko (issue4160)
* hooks: only disable/re-enable demandimport when it's already enabled
* merge: add "other" file node in the merge state file
* merge: audit the right destination file when merging with dir rename
* merge: don't overwrite file untracked after remove, abort with 'untracked files'
* merge: record the "other" node in merge state
* pathencode: eliminate signed integer warnings
* pull: close peer repo on completion (issue2491) (issue2797)
* purge: avoid duplicate output for --print (issue4092)
* rebase: do not try to reactivate deleted divergent bookmark
* resolve: use "other" changeset from merge state (issue4163)
* verify: do not prevent verify repository containing hidden changesets (forwarded request 225867 from develop7)
OBS-URL: https://build.opensuse.org/request/show/225869
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=83
New upstream release
- update to version 2.9.1
* coal: hgweb style adds extra blank line in file view (issue4136)
* hg.openpath: use url.islocal to tell if the path is local (issue3624)
* hgweb: hack around mimetypes encoding thinko (issue4160)
* hooks: only disable/re-enable demandimport when it's already enabled
* merge: add "other" file node in the merge state file
* merge: audit the right destination file when merging with dir rename
* merge: don't overwrite file untracked after remove, abort with 'untracked files'
* merge: record the "other" node in merge state
* pathencode: eliminate signed integer warnings
* pull: close peer repo on completion (issue2491) (issue2797)
* purge: avoid duplicate output for --print (issue4092)
* rebase: do not try to reactivate deleted divergent bookmark
* resolve: use "other" changeset from merge state (issue4163)
* verify: do not prevent verify repository containing hidden changesets
OBS-URL: https://build.opensuse.org/request/show/225867
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=114
- Drop dependency on python-roman, python-docutils' module docutils.utils.roman
should be sufficient
- Drop checks for obsolete distributions
- Drop dependency on rcs, it doesn't seem to be used anywhere and was
added in 2006
- Depend on openssl-certs if %sles_version is defined (for our IBS friends)
- Require python-docutils instead of the obsolete docutils
- Refresh mercurial-docutils-compat.diff to fix build in sles11sp3
OBS-URL: https://build.opensuse.org/request/show/204502
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=78
should be sufficient
- Drop checks for obsolete distributions
- Drop dependency on rcs, it doesn't seem to be used anywhere and was
added in 2006
- Depend on openssl-certs if %sles_version is defined (for our IBS friends)
- Require python-docutils instead of the obsolete docutils
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=104
- update to version 2.6.1 (2013-05-14)
* convert
fix bug of wrong CVS path parsing without port number (issue3678)
* help/config
note 64-bit Windows registry key used with 32-bit Python
* hfs+
rewrite percent-escaper (issue3918)
* hgignore
fix regression with hgignore directory matches (issue3921)
* highlight
fix page layout with empty first and last lines
* largefiles
check existence of the file with case awareness of the filesystem
check unknown files with case awareness of the filesystem
* pathencode
grow buffers to increase safety margin
* revert
ensure that copies and renames are honored (issue3920)
* subrepo
open files in 'rb' mode to read exact data in (issue3926)
* windows
check target type before actual unlinking to follow POSIX semantics
- update to 2.6 (2013-05-01)
* addremove
improve performance
* amend
support amending merge changesets (issue3778)
* ancestor
a new algorithm that is faster for nodes near tip
* annotate (forwarded request 176984 from pcerny)
OBS-URL: https://build.opensuse.org/request/show/176985
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=72
- update to version 2.6.1 (2013-05-14)
* convert
fix bug of wrong CVS path parsing without port number (issue3678)
* help/config
note 64-bit Windows registry key used with 32-bit Python
* hfs+
rewrite percent-escaper (issue3918)
* hgignore
fix regression with hgignore directory matches (issue3921)
* highlight
fix page layout with empty first and last lines
* largefiles
check existence of the file with case awareness of the filesystem
check unknown files with case awareness of the filesystem
* pathencode
grow buffers to increase safety margin
* revert
ensure that copies and renames are honored (issue3920)
* subrepo
open files in 'rb' mode to read exact data in (issue3926)
* windows
check target type before actual unlinking to follow POSIX semantics
- update to 2.6 (2013-05-01)
* addremove
improve performance
* amend
support amending merge changesets (issue3778)
* ancestor
a new algorithm that is faster for nodes near tip
* annotate
OBS-URL: https://build.opensuse.org/request/show/176984
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=91
There seems a new bug in obs causing aggregate not working anymore, so SLE does not build because of missing docutils
- upstream update 1.9.3
* setup: build inotify for sys.platform='linux*'
* bundlerepo: add argument check before unlink
* hgweb: properly check for bookmarks when drawing graph
* http: handle push of bundles > 2 GB again (issue3017)
* keyword: preserve file mode when overwriting
* osutil: avoid accidentally destroying the True object in isgui (issue2937)
* patch: correctly handle non-tabular Subject: line
* patch: handle 'gitpatches' being empty, but not none
* record: use command wrapper properly for qnew/qrefresh (issue3001)
* setdiscovery: fix hang when #heads>200 (issue2971)
* ui: also swap sys.stdout with self.fout in _readline
* ui: write traceback to self.ferr
* url: Remove the proxy env variables only when needed (issue2451)
* url: parse fragments first (issue2997)
* util: fix crash converting an invalid future date to string
* util: wrap lines with multi-byte characters correctly (issue2943) (forwarded request 88942 from ammler)
OBS-URL: https://build.opensuse.org/request/show/88949
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=55
There seems a new bug in obs causing aggregate not working anymore, so SLE does not build because of missing docutils
- upstream update 1.9.3
* setup: build inotify for sys.platform='linux*'
* bundlerepo: add argument check before unlink
* hgweb: properly check for bookmarks when drawing graph
* http: handle push of bundles > 2 GB again (issue3017)
* keyword: preserve file mode when overwriting
* osutil: avoid accidentally destroying the True object in isgui (issue2937)
* patch: correctly handle non-tabular Subject: line
* patch: handle 'gitpatches' being empty, but not none
* record: use command wrapper properly for qnew/qrefresh (issue3001)
* setdiscovery: fix hang when #heads>200 (issue2971)
* ui: also swap sys.stdout with self.fout in _readline
* ui: write traceback to self.ferr
* url: Remove the proxy env variables only when needed (issue2451)
* url: parse fragments first (issue2997)
* util: fix crash converting an invalid future date to string
* util: wrap lines with multi-byte characters correctly (issue2943)
OBS-URL: https://build.opensuse.org/request/show/88942
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=57
(also SLE_10 builds again)
- upstream update 1.9.2
* commands: clarify that 'hg heads foo' shows heads on branch foo
* dispatch: don't rewrap aliases that have the same definition
* graphlog: attempt to fix index overrun (issue2912)
* http: pass user to readauthforuri() (fix 4a43e23b8c55)
* http: strip credentials from urllib2 manager URIs (issue2885)
* parsers: avoid pointer aliasing
* subrepo: fix cloning of repos from urls without slash after host (issue2970)
* ui: pass ' ' to raw_input when prompting
* url: really handle urls of the form file:///c:/foo/bar/ correctly
- changes in version 1.9.1
* dispatch: make sure global options on the command line take precedence
* eol: ignore IOError from deleted files in commitctx
* hgcia: set default value of strip to -1 (issue2891)
* hgweb: do not ignore [auth] if url has a username (issue2822)
* hgweb: handle 'baseurl' configurations with leading slash (issue2934)
* hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
* httpclient: import ca33b88d143c from py-nonblocking-http (issue2932)
* patch: fix parsing patch files containing CRs not followed by LFs
* rebase: block collapse with keepbranches on multiple named branches (issue2112)
* rebase: reset bookmarks (issue2265 and issue2873)
* revert: restore check for uncommitted merge (issue2915) (BC)
* revsets: catch type error on tip^p1(tip) (issue2884)
* revsets: do the right thing with x^:y (issue2884)
* subrepo: handle adding svn subrepo with a svn:external file in it (issue2931)
* subrepo: use working copy of .hgsub to filter status (issue2901)
* url: store and assume the query part of an url is in escaped form (issue2921)
* util: rename the util.localpath that uses url to urllocalpath (issue2875)
* verify: filter messages about missing null manifests (issue2900) (forwarded request 80393 from ammler)
OBS-URL: https://build.opensuse.org/request/show/80398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mercurial?expand=0&rev=50
(also SLE_10 builds again)
- upstream update 1.9.2
* commands: clarify that 'hg heads foo' shows heads on branch foo
* dispatch: don't rewrap aliases that have the same definition
* graphlog: attempt to fix index overrun (issue2912)
* http: pass user to readauthforuri() (fix 4a43e23b8c55)
* http: strip credentials from urllib2 manager URIs (issue2885)
* parsers: avoid pointer aliasing
* subrepo: fix cloning of repos from urls without slash after host (issue2970)
* ui: pass ' ' to raw_input when prompting
* url: really handle urls of the form file:///c:/foo/bar/ correctly
- changes in version 1.9.1
* dispatch: make sure global options on the command line take precedence
* eol: ignore IOError from deleted files in commitctx
* hgcia: set default value of strip to -1 (issue2891)
* hgweb: do not ignore [auth] if url has a username (issue2822)
* hgweb: handle 'baseurl' configurations with leading slash (issue2934)
* hgweb: raw file mimetype guessing configurable, off by default (BC) (issue2923)
* httpclient: import ca33b88d143c from py-nonblocking-http (issue2932)
* patch: fix parsing patch files containing CRs not followed by LFs
* rebase: block collapse with keepbranches on multiple named branches (issue2112)
* rebase: reset bookmarks (issue2265 and issue2873)
* revert: restore check for uncommitted merge (issue2915) (BC)
* revsets: catch type error on tip^p1(tip) (issue2884)
* revsets: do the right thing with x^:y (issue2884)
* subrepo: handle adding svn subrepo with a svn:external file in it (issue2931)
* subrepo: use working copy of .hgsub to filter status (issue2901)
* url: store and assume the query part of an url is in escaped form (issue2921)
* util: rename the util.localpath that uses url to urllocalpath (issue2875)
* verify: filter messages about missing null manifests (issue2900)
OBS-URL: https://build.opensuse.org/request/show/80393
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=51
- Spec file cleanup:
* Fixed several rpmlint warnings (macros in comments, exec-bits)
* Check for SUSE before using SUSE-specific stuff, fixes build on
Fedora, Mandriva
* Don't use --record-rpm and drop perl dependency
* Drop gcc dependency, already pulled through python-devel
* Drop unused asciidoc,sgml-skel,xmlto dependencies
* Much simpler lang package generation (no shell scripts involved)
* Run fdupes on %{buildroot}%{_prefix} to catch all dupes
- Added mercurial-locale-path-fix.patch to properly load locales
OBS-URL: https://build.opensuse.org/request/show/76109
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=49
- update to version 1.9
* New fileset file matching support
* Improved remote changeset discovery
* New command server mode to improve application integration
* Experimental generaldelta storage scheme
* Experimental new http client library
- Command changes
* HGPLAIN: allow exceptions to plain mode, like i18n, via HGPLAINEXCEPT
* manifest: add new option --all
* aliases: add positional arguments to non-shell aliases
* add: introduce a warning message for non-portable filenames (Bts:issue2756)
* add: notify when adding a file that would cause a case-folding collision
* bisect: new command to extend the bisect range (Bts:issue2690)
* bookmarks: allow deactivating current bookmark with -i
* bundle: update current bookmark to most recent revision on current branch
* diff: make diff -c aware of revision sets
* help: add -c/--command flag to only show command help (Bts:issue2799)
* help: add -e/--extension switch to display extension help text
* help: move hgignore man page into built-in help (Bts:issue2769)
* http: correctly handle redirects from http to https
* identify: list bookmarks for remote repositories
* import: add --bypass option
* paths: Add support for -q/--quiet
* pushkey: add hooks for pushkey/listkeys
* revset: add aliases
* revset: add ^ and ~ operators from parentrevspec extension
* revset: add a revset command to get bisect state
* revset: add desc(string) to search in commit messages
* revset: add follow(filename) to follow a filename's history across copies
* revset: introduce filelog() to emulate log's fast path
OBS-URL: https://build.opensuse.org/request/show/75217
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/mercurial?expand=0&rev=46
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
