hook: report untrusted hooks as failure (issue5110) (BC) Before this patch, there was no way for a repository owner to ensure that validation hooks would be run by people with write access. If someone had write access but did not trust the user owning the repository, the config and its hook would simply be ignored. After this patch, hooks from untrusted configs are taken into account but never actually run. Instead they are reported as failures right away. This will ensure validation performed by a hook is not ignored. As a side effect writer can be forced to trust a repository hgrc by adding a 'pretxnopen.trust=true' hook to the file. This was discussed during the 3.8 sprint with Matt Mackall, Augie Fackler and Kevin Bullock.

Test for CVE-2016-3630

  $ hg init

  >>> open("a.i", "w").write(
  ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
  ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
  ... .decode("base64").decode("zlib"))

  $ hg debugindex a.i
     rev    offset  length  delta linkrev nodeid       p1           p2
       0         0      19     -1       2 99e0332bd498 000000000000 000000000000
       1        19      12      0       3 6674f57a23d8 99e0332bd498 000000000000
  $ hg debugdata a.i 1 2>&1 | egrep 'Error:.*decoded'
  (mercurial.mpatch.)?mpatchError: patch cannot be decoded (re)