Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 15:20:03 -0700] rev 29257
tests-subrepo-git: emit a different "pwned" message based on the test
Having a single "pwned" message which may or may not be emitted during the
tests for CVE-2016-3068 leads to extra confusion. Allow each test to emit
a more detailed message based on what the expectations are.
In both cases, we expect a version of git which has had the vulnerability
plugged, as well as a version of mercurial which also knows about
GIT_ALLOW_PROTOCOL. For the first test, we make sure GIT_ALLOW_PROTOCOL is
unset, meaning that the ext-protocol subrepo should be ignored; if it
isn't, there's either a problem with mercurial or the installed copy of
git.
For the second test, we explicitly allow ext-protocol subrepos, which means
that the subrepo will be accessed and a message emitted confirming that
this was, in fact, our intention.
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 15:10:38 -0700] rev 29256
tests-subrepo-git: make the "pwned" message output in a stable order
The "pwned" message from this test gets gets sent to stderr, and so may get
emitted in different places from run to run in the rest of mercurial's
output. This patch forces the message to go to a specific file instead,
whose existence and contents we can examine at a stable point in the test's
execution.
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 11:14:29 -0700] rev 29255
test-cache-abuse: correct for different hunk headers between Solaris and GNU
When diffing against an empty file, Solaris diff uses 1 to designate the
first line of the empty file (either -1,0 on the left or +1,0 on the right)
while GNU diff uses 0 (-0,0 and +0,0). We use a glob here to make sure the
test passes with either toolchain.
I've not added tests to check-code because there are scads of places in the
tests where the GNU format is used due to that being the format that "hg
diff" and "hg export" use, and changing those to use globs seems wrong.
Javi Merino <merino.jav@gmail.com> [Fri, 27 May 2016 21:24:05 +0200] rev 29254
lazymanifest: fix typo s/typles/tuples/
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:57:31 -0700] rev 29253
sslutil: remove sslkwargs() (API)
It is now unused.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:57:02 -0700] rev 29252
url: remove use of sslkwargs
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:56:20 -0700] rev 29251
mail: remove use of sslkwargs
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:54:06 -0700] rev 29250
httpconnection: remove use of sslkwargs
It now does nothing.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:52:02 -0700] rev 29249
sslutil: move sslkwargs logic into internal function (API)
As the previous commit documented, sslkwargs() doesn't add any
value since its return is treated as a black box and proxied
to wrapsocket().
We formalize its uselessness by moving its logic into a
new, internal function and make sslkwargs() return an empty
dict.
The certificate arguments that sslkwargs specified have been
removed from wrapsocket() because they should no longer be
set.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:43:22 -0700] rev 29248
sslutil: remove ui from sslkwargs (API)
Arguments to sslutil.wrapsocket() are partially determined by
calling sslutil.sslkwargs(). This function receives a ui and
a hostname and determines what settings, if any, need to be
applied when the socket is wrapped.
Both the ui and hostname are passed into wrapsocket(). The
other arguments to wrapsocket() provided by sslkwargs() (ca_certs
and cert_reqs) are not looked at or modified anywhere outside
of sslutil.py. So, sslkwargs() doesn't need to exist as a
separate public API called before wrapsocket().
This commit starts the process of removing external consumers of
sslkwargs() by removing the "ui" key/argument from its return.
All callers now pass the ui argument explicitly.