tests-subrepo-git: emit a different "pwned" message based on the test Having a single "pwned" message which may or may not be emitted during the tests for CVE-2016-3068 leads to extra confusion. Allow each test to emit a more detailed message based on what the expectations are. In both cases, we expect a version of git which has had the vulnerability plugged, as well as a version of mercurial which also knows about GIT_ALLOW_PROTOCOL. For the first test, we make sure GIT_ALLOW_PROTOCOL is unset, meaning that the ext-protocol subrepo should be ignored; if it isn't, there's either a problem with mercurial or the installed copy of git. For the second test, we explicitly allow ext-protocol subrepos, which means that the subrepo will be accessed and a message emitted confirming that this was, in fact, our intention.

tests-subrepo-git: make the "pwned" message output in a stable order The "pwned" message from this test gets gets sent to stderr, and so may get emitted in different places from run to run in the rest of mercurial's output. This patch forces the message to go to a specific file instead, whose existence and contents we can examine at a stable point in the test's execution.

test-cache-abuse: correct for different hunk headers between Solaris and GNU When diffing against an empty file, Solaris diff uses 1 to designate the first line of the empty file (either -1,0 on the left or +1,0 on the right) while GNU diff uses 0 (-0,0 and +0,0). We use a glob here to make sure the test passes with either toolchain. I've not added tests to check-code because there are scads of places in the tests where the GNU format is used due to that being the format that "hg diff" and "hg export" use, and changing those to use globs seems wrong.

lazymanifest: fix typo s/typles/tuples/

sslutil: remove sslkwargs() (API) It is now unused.

url: remove use of sslkwargs

mail: remove use of sslkwargs

httpconnection: remove use of sslkwargs It now does nothing.

sslutil: move sslkwargs logic into internal function (API) As the previous commit documented, sslkwargs() doesn't add any value since its return is treated as a black box and proxied to wrapsocket(). We formalize its uselessness by moving its logic into a new, internal function and make sslkwargs() return an empty dict. The certificate arguments that sslkwargs specified have been removed from wrapsocket() because they should no longer be set.

sslutil: remove ui from sslkwargs (API) Arguments to sslutil.wrapsocket() are partially determined by calling sslutil.sslkwargs(). This function receives a ui and a hostname and determines what settings, if any, need to be applied when the socket is wrapped. Both the ui and hostname are passed into wrapsocket(). The other arguments to wrapsocket() provided by sslkwargs() (ca_certs and cert_reqs) are not looked at or modified anywhere outside of sslutil.py. So, sslkwargs() doesn't need to exist as a separate public API called before wrapsocket(). This commit starts the process of removing external consumers of sslkwargs() by removing the "ui" key/argument from its return. All callers now pass the ui argument explicitly.