amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: mercurial: Update to 6.7.2.

Browse source 
* gnu/packages/version-control.scm (mercurial): Update to 6.7.2.
[source]<origin>(patches): Remove mercurial-openssl-compat.patch.
* gnu/packages/patches/mercurial-hg-extension-path.patch: adapt for
mercurial 6.7.2.
* gnu/packages/patches/mercurial-openssl-compat.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Unregister it.

Change-Id: I1e22d7f38e264576bfa3adef7004fef582a1137e
Signed-off-by: Greg Hogan <code@greghogan.com>
This commit is contained in:
Arne Babenhauserheide 2024-04-13 14:58:08 +02:00 committed by Greg Hogan
parent 519fc51b6e
commit 78f8266056
No known key found for this signature in database
GPG key ID: EF6EB27413CFEEF3
4 changed files with 6 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1846,7 +1846,6 @@ dist_patch_DATA = \
%D%/packages/patches/mecab-variable-param.patch \ %D%/packages/patches/mecab-variable-param.patch \
%D%/packages/patches/memtest86+-build-reproducibly.patch \ %D%/packages/patches/memtest86+-build-reproducibly.patch \
%D%/packages/patches/mercurial-hg-extension-path.patch \ %D%/packages/patches/mercurial-hg-extension-path.patch \
%D%/packages/patches/mercurial-openssl-compat.patch \
%D%/packages/patches/mhash-keygen-test-segfault.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \
%D%/packages/patches/mia-fix-boost-headers.patch \ %D%/packages/patches/mia-fix-boost-headers.patch \
%D%/packages/patches/mia-vtk9.patch \ %D%/packages/patches/mia-vtk9.patch \

14
gnu/packages/patches/mercurial-hg-extension-path.patch
View file

@ -7,15 +7,7 @@ will get this into Mercurial proper.
diff --git a/mercurial/extensions.py b/mercurial/extensions.py diff --git a/mercurial/extensions.py b/mercurial/extensions.py
--- a/mercurial/extensions.py --- a/mercurial/extensions.py
+++ b/mercurial/extensions.py +++ b/mercurial/extensions.py
@@ -13,6 +13,7 @@ @@ -103,6 +103,11 @@
import imp
import inspect
import os
+import sys
from .i18n import (
_,
@@ -108,6 +109,11 @@
def _importh(name): def _importh(name):
"""import and return the <name> module""" """import and return the <name> module"""
@ -24,6 +16,6 @@ diff --git a/mercurial/extensions.py b/mercurial/extensions.py
+ if extension_path is not None: + if extension_path is not None:
+ for path in extension_path: + for path in extension_path:
+ sys.path.append(path) + sys.path.append(path)
mod = __import__(pycompat.sysstr(name)) mod = __import__(name)
components = name.split(b'.') components = name.split('.')
for comp in components[1:]: for comp in components[1:]:

89
gnu/packages/patches/mercurial-openssl-compat.patch
View file

@ -1,89 +0,0 @@
Tweak cipher selection to make TLS < 1.2 work with OpenSSL 3.
Taken from Debian:
https://salsa.debian.org/python-team/packages/mercurial/-/blob/debian/master/debian/patches/openssl_3_cipher_tlsv1.patch
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -117,17 +117,17 @@ def _hostsettings(ui, hostname):
ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers)
# If --insecure is used, we allow the use of TLS 1.0 despite config options.
# We always print a "connection security to %s is disabled..." message when
# --insecure is used. So no need to print anything more here.
if ui.insecureconnections:
minimumprotocol = b'tls1.0'
if not ciphers:
- ciphers = b'DEFAULT'
+ ciphers = b'DEFAULT:@SECLEVEL=0'
s[b'minimumprotocol'] = minimumprotocol
s[b'ciphers'] = ciphers
# Look for fingerprints in [hostsecurity] section. Value is a list
# of <alg>:<fingerprint> strings.
fingerprints = ui.configlist(
b'hostsecurity', b'%s:fingerprints' % bhostname
@@ -621,17 +621,17 @@ def wrapserversocket(
# Improve forward secrecy.
sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0)
sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0)
# In tests, allow insecure ciphers
# Otherwise, use the list of more secure ciphers if found in the ssl module.
if exactprotocol:
- sslcontext.set_ciphers('DEFAULT')
+ sslcontext.set_ciphers('DEFAULT:@SECLEVEL=0')
elif util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'):
sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0)
# pytype: disable=module-attr
sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS)
# pytype: enable=module-attr
if requireclientcert:
sslcontext.verify_mode = ssl.CERT_REQUIRED
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -356,19 +356,19 @@ Start servers running supported TLS vers
$ cat ../hg1.pid >> $DAEMON_PIDS
$ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
> --config devel.serverexactprotocol=tls1.2
$ cat ../hg2.pid >> $DAEMON_PIDS
$ cd ..
Clients talking same TLS versions work
- $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT/
+ $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 id https://localhost:$HGPORT/
5fed3813f7f5
- $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT1/
+ $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 id https://localhost:$HGPORT1/
5fed3813f7f5
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
5fed3813f7f5
Clients requiring newer TLS version than what server supports fail
$ P="$CERTSDIR" hg id https://localhost:$HGPORT/
(could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
@@ -400,17 +400,17 @@ Clients requiring newer TLS version than
$ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
5fed3813f7f5
The per-host config option overrides the default
$ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
- > --config hostsecurity.ciphers=DEFAULT \
+ > --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 \
> --config hostsecurity.minimumprotocol=tls1.2 \
> --config hostsecurity.localhost:minimumprotocol=tls1.0
5fed3813f7f5
The per-host config option by itself works
$ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
> --config hostsecurity.localhost:minimumprotocol=tls1.2

7
gnu/packages/version-control.scm
View file

@ -2596,16 +2596,15 @@ execution of any hook written in any language before every commit.")
(define-public mercurial (define-public mercurial
(package (package
(name "mercurial") (name "mercurial")
(version "6.2.2") (version "6.7.2")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://www.mercurial-scm.org/" (uri (string-append "https://www.mercurial-scm.org/"
"release/mercurial-" version ".tar.gz")) "release/mercurial-" version ".tar.gz"))
(patches (search-patches "mercurial-hg-extension-path.patch" (patches (search-patches "mercurial-hg-extension-path.patch"))
"mercurial-openssl-compat.patch"))
(sha256 (sha256
(base32 (base32
"1pr00hdk3l9095fhq6302fgj0wmbqhqs93y4r457ba4pyjjrvyly")) "01nqvp3cvidlz9z5vm05vpq81r6x10jwwfcaz0gw9anz0l60f8hw"))
(modules '((guix build utils))) (modules '((guix build utils)))
(snippet (snippet
'(substitute* (find-files "tests" "\\.(t|sh)$") '(substitute* (find-files "tests" "\\.(t|sh)$")