Matt Harbison <matt_harbison@yahoo.com> [Sat, 15 Dec 2018 14:55:06 -0500] rev 40469
windows: ensure pure posixfile fd doesn't escape by entering context manager
There are tests in test-revlog-mmapindex.t and test-rebase-mq-skip.t that are
fixed by this, but we usually don't use --pure on Windows. For whatever reason,
the remaining --pure failures are various errors like $ENOTDIR$ and "Access is
denied" have a trailing '.'.
Matt Harbison <matt_harbison@yahoo.com> [Sat, 15 Dec 2018 13:54:37 -0500] rev 40468
vfs: ensure closewrapbase fh doesn't escape by entering context manager
I'm not sure if there's a problem in practice here, as there's no test failure
either way. The __exit__() and close() methods raise an exception, so maybe
__exit__() and close() are being called directly on the underlying handle when
delayclosedfile is used on a context manager? I doubt that was intended.
Matt Harbison <matt_harbison@yahoo.com> [Sat, 15 Dec 2018 13:41:34 -0500] rev 40467
windows: ensure mixedfilemodewrapper fd doesn't escape by entering context mgr
Otherwise it seems that the special read and write handling would be bypassed.
Matt Harbison <matt_harbison@yahoo.com> [Sat, 15 Dec 2018 01:26:18 -0500] rev 40466
py3: ensure the proxied Windows fd doesn't escape by entering context manager
The purpose of the proxy class is to provide the `name` attribute which contains
the file path. But in tests that used a context manager, it still blew up
complaining that 'int' doesn't have a 'startswith' function.
Julien Cristau <jcristau@mozilla.com> [Wed, 12 Dec 2018 06:41:19 +0100] rev 40465
test: fix test-http-bad-server with current python 2.7
https://github.com/python/cpython/pull/2825 changed the exception
message for empty http status line.
Differential Revision: https://phab.mercurial-scm.org/D5412
Matt Harbison <matt_harbison@yahoo.com> [Sun, 09 Dec 2018 23:48:50 -0500] rev 40464
hgweb: register web.comparisoncontext to the config table
This was caught in some server side logging added to debug py3 issues.
Augie Fackler <raf@durin42.com> [Tue, 04 Dec 2018 17:04:19 -0500] rev 40463
Added signature for changeset 1c8c54cf9725
Augie Fackler <raf@durin42.com> [Tue, 04 Dec 2018 17:04:17 -0500] rev 40462
Added tag 4.8.1 for changeset 1c8c54cf9725
Martin von Zweigbergk <martinvonz@google.com> [Tue, 20 Nov 2018 14:43:27 -0800] rev 40461
rebase: fix path auditing to audit path relative to repo root (issue5818)
Before this patch, when rebasing a file called "foo/bar", we would
check e.g. if "/foo" (i.e. rooted at the file system root) was a
symlink.
Differential Revision: https://phab.mercurial-scm.org/D5361
Martin von Zweigbergk <martinvonz@google.com> [Tue, 04 Dec 2018 08:56:43 -0800] rev 40460
tests: show bad path auditing in in-memory rebase
Thanks to Yuya for providing this test case in
https://bz.mercurial-scm.org/show_bug.cgi?id=5818.
Differential Revision: https://phab.mercurial-scm.org/D5368
Martin von Zweigbergk <martinvonz@google.com> [Tue, 04 Dec 2018 08:55:48 -0800] rev 40459
tests: add a missing "cd .." to test-rebase-inmemory.t
Differential Revision: https://phab.mercurial-scm.org/D5367
Yuya Nishihara <yuya@tcha.org> [Sun, 28 Oct 2018 21:29:04 +0900] rev 40458
rust: fix possible out-of-bounds read through index_get_parents()
index_get_parents() is an internal function, which doesn't check if the
specified rev is valid. If rustlazyancestors() were instantiated with an
invalid stoprev, it would access to invalid memory region.
This is NOT a security fix as there's no Python code triggering the bug,
but included in this series to not give a notion about the memory issue
fixed by the previous patch.
Yuya Nishihara <yuya@tcha.org> [Thu, 01 Nov 2018 20:32:59 +0900] rev 40457
revlog: fix out-of-bounds access by negative parents read from revlog (SEC)
82d6a35cf432 wasn't enough. Several callers don't check negative revisions
but for -1 (nullrev), which would directly lead to out-of-bounds read, and
buffer overflow could follow. RCE might be doable with carefully crafted
revlog structure, though I don't think this would be useful attack surface.
Martin von Zweigbergk <martinvonz@google.com> [Mon, 03 Dec 2018 11:14:44 -0800] rev 40456
rebase: fix dir/file conflict detection when using in-mem merge
Differential Revision: https://phab.mercurial-scm.org/D5360
Martin von Zweigbergk <martinvonz@google.com> [Mon, 03 Dec 2018 11:11:34 -0800] rev 40455
tests: show that in-mem rebase does not find path dir/file conflicts
Differential Revision: https://phab.mercurial-scm.org/D5359
Matt Harbison <matt_harbison@yahoo.com> [Mon, 03 Dec 2018 20:59:48 -0500] rev 40454
extdiff: register the configuration generated commands with a help category
Otherwise, 'extdiff' shows up under file management and the rest of the commands
are at the bottom under 'Uncategorized'.