From 4e481efd9af6f61642653d43300b116ad6c0592e Mon Sep 17 00:00:00 2001 From: Arne Babenhauserheide Date: Sat, 13 Apr 2024 14:58:08 +0200 Subject: gnu: mercurial and python-hg-evolve: Update to 6.7.2 and 11.1.3 * gnu/packages/version-control.scm (mercurial): Update to 6.7.2. * gnu/packages/version-control.scm (python-hg-evolve): Update to 11.1.3. * gnu/packages/patches/mercurial-hg-extension-path.patch: adapt for mercurial 6.7.2 * gnu/packages/patches/mercurial-openssl-compat.patch: delete file * gnu/local.mk (dist_patch_DATA): remove mercurial-openssl-compat.patch Change-Id: I1e22d7f38e264576bfa3adef7004fef582a1137e --- gnu/local.mk | 1 - .../patches/mercurial-hg-extension-path.patch | 14 +--- .../patches/mercurial-openssl-compat.patch | 89 ---------------------- gnu/packages/version-control.scm | 11 ++- 4 files changed, 8 insertions(+), 107 deletions(-) delete mode 100644 gnu/packages/patches/mercurial-openssl-compat.patch diff --git a/gnu/local.mk b/gnu/local.mk index ccff8648be..593ec1fa50 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1699,7 +1699,6 @@ dist_patch_DATA = \ %D%/packages/patches/mecab-variable-param.patch \ %D%/packages/patches/memtest86+-build-reproducibly.patch \ %D%/packages/patches/mercurial-hg-extension-path.patch \ - %D%/packages/patches/mercurial-openssl-compat.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ %D%/packages/patches/mia-fix-boost-headers.patch \ %D%/packages/patches/mia-vtk9.patch \ diff --git a/gnu/packages/patches/mercurial-hg-extension-path.patch b/gnu/packages/patches/mercurial-hg-extension-path.patch index d1073dd01c..8b9d185a89 100644 --- a/gnu/packages/patches/mercurial-hg-extension-path.patch +++ b/gnu/packages/patches/mercurial-hg-extension-path.patch @@ -7,15 +7,7 @@ will get this into Mercurial proper. diff --git a/mercurial/extensions.py b/mercurial/extensions.py --- a/mercurial/extensions.py +++ b/mercurial/extensions.py -@@ -13,6 +13,7 @@ - import imp - import inspect - import os -+import sys - - from .i18n import ( - _, -@@ -108,6 +109,11 @@ +@@ -103,6 +103,11 @@ def _importh(name): """import and return the module""" @@ -24,6 +16,6 @@ diff --git a/mercurial/extensions.py b/mercurial/extensions.py + if extension_path is not None: + for path in extension_path: + sys.path.append(path) - mod = __import__(pycompat.sysstr(name)) - components = name.split(b'.') + mod = __import__(name) + components = name.split('.') for comp in components[1:]: diff --git a/gnu/packages/patches/mercurial-openssl-compat.patch b/gnu/packages/patches/mercurial-openssl-compat.patch deleted file mode 100644 index 139356f285..0000000000 --- a/gnu/packages/patches/mercurial-openssl-compat.patch +++ /dev/null @@ -1,89 +0,0 @@ -Tweak cipher selection to make TLS < 1.2 work with OpenSSL 3. - -Taken from Debian: - - https://salsa.debian.org/python-team/packages/mercurial/-/blob/debian/master/debian/patches/openssl_3_cipher_tlsv1.patch - ---- a/mercurial/sslutil.py -+++ b/mercurial/sslutil.py -@@ -117,17 +117,17 @@ def _hostsettings(ui, hostname): - ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers) - - # If --insecure is used, we allow the use of TLS 1.0 despite config options. - # We always print a "connection security to %s is disabled..." message when - # --insecure is used. So no need to print anything more here. - if ui.insecureconnections: - minimumprotocol = b'tls1.0' - if not ciphers: -- ciphers = b'DEFAULT' -+ ciphers = b'DEFAULT:@SECLEVEL=0' - - s[b'minimumprotocol'] = minimumprotocol - s[b'ciphers'] = ciphers - - # Look for fingerprints in [hostsecurity] section. Value is a list - # of : strings. - fingerprints = ui.configlist( - b'hostsecurity', b'%s:fingerprints' % bhostname -@@ -621,17 +621,17 @@ def wrapserversocket( - - # Improve forward secrecy. - sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0) - sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0) - - # In tests, allow insecure ciphers - # Otherwise, use the list of more secure ciphers if found in the ssl module. - if exactprotocol: -- sslcontext.set_ciphers('DEFAULT') -+ sslcontext.set_ciphers('DEFAULT:@SECLEVEL=0') - elif util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'): - sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0) - # pytype: disable=module-attr - sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS) - # pytype: enable=module-attr - - if requireclientcert: - sslcontext.verify_mode = ssl.CERT_REQUIRED ---- a/tests/test-https.t -+++ b/tests/test-https.t -@@ -356,19 +356,19 @@ Start servers running supported TLS vers - $ cat ../hg1.pid >> $DAEMON_PIDS - $ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \ - > --config devel.serverexactprotocol=tls1.2 - $ cat ../hg2.pid >> $DAEMON_PIDS - $ cd .. - - Clients talking same TLS versions work - -- $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT/ -+ $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 id https://localhost:$HGPORT/ - 5fed3813f7f5 -- $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT1/ -+ $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 id https://localhost:$HGPORT1/ - 5fed3813f7f5 - $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/ - 5fed3813f7f5 - - Clients requiring newer TLS version than what server supports fail - - $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ - (could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support) -@@ -400,17 +400,17 @@ Clients requiring newer TLS version than - - $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/ - warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering - 5fed3813f7f5 - - The per-host config option overrides the default - - $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ -- > --config hostsecurity.ciphers=DEFAULT \ -+ > --config hostsecurity.ciphers=DEFAULT:@SECLEVEL=0 \ - > --config hostsecurity.minimumprotocol=tls1.2 \ - > --config hostsecurity.localhost:minimumprotocol=tls1.0 - 5fed3813f7f5 - - The per-host config option by itself works - - $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ - > --config hostsecurity.localhost:minimumprotocol=tls1.2 diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 0c7c496c82..7ca0e04c0c 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -2111,16 +2111,15 @@ execution of any hook written in any language before every commit.") (define-public mercurial (package (name "mercurial") - (version "6.2.2") + (version "6.7.2") (source (origin (method url-fetch) (uri (string-append "https://www.mercurial-scm.org/" "release/mercurial-" version ".tar.gz")) - (patches (search-patches "mercurial-hg-extension-path.patch" - "mercurial-openssl-compat.patch")) + (patches (search-patches "mercurial-hg-extension-path.patch")) (sha256 (base32 - "1pr00hdk3l9095fhq6302fgj0wmbqhqs93y4r457ba4pyjjrvyly")) + "01nqvp3cvidlz9z5vm05vpq81r6x10jwwfcaz0gw9anz0l60f8hw")) (modules '((guix build utils))) (snippet '(substitute* (find-files "tests" "\\.(t|sh)$") @@ -2222,7 +2221,7 @@ interface.") (define-public python-hg-evolve (package (name "python-hg-evolve") - (version "10.3.2") + (version "11.1.3") (source (origin (method hg-fetch) @@ -2232,7 +2231,7 @@ interface.") (file-name (hg-file-name name version)) (sha256 (base32 - "0qgk39s5pwxbshfa6x1f1ccxahja3fs265dddxy6q99spy3b3x5h")))) + "09rq3hgbb6qjws0kymnh8lbglsc5yjby3b2bc0savs2agf88j83z")))) (build-system python-build-system) (arguments ;; Tests need mercurial source code. -- cgit v1.2.3