Gregory Szorc <gregory.szorc@gmail.com> [Tue, 20 Feb 2018 18:53:39 -0800] rev 35846
wireproto: move command permissions dict out of hgweb_mod
The operation type associated with wire protocol commands is supposed
to be defined in a dictionary so it can be used for permissions
checking.
Since this metadata is closely associated with wire protocol commands
themselves, it makes sense to define it in the same module where
wire protocol commands are defined.
This commit moves hgweb_mod.perms to wireproto.PERMISSIONS and
updates most references in the code to use the new home. The old
symbol remains an alias for the new symbol. Tests pass with the
code pointing at the old symbol. So this should be API compatible
for extensions.
As part of the code move, we split up the assignment to the dict
so it is next to the @wireprotocommand. This reinforces that a
@wireprotocommand should have an entry in this dict.
In the future, we'll want to declare permissions as part of the
@wireprotocommand decorator. But this isn't appropriate for the
stable branch.
Gregory Szorc <gregory.szorc@gmail.com> [Tue, 20 Feb 2018 19:09:01 -0800] rev 35845
tests: comprehensively test HTTP server permissions checking
We didn't have test coverage for numerous web.* config options. We
add that test coverage.
Included in the tests are tests for custom commands. We have commands
that are supposedly read-only and perform writes and a variation of
each that does and does not define its operation type in
hgweb_mod.perms.
The tests reveal a handful of security bugs related to permissions
checking. Subsequent commits will address these security bugs.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 18 Feb 2018 10:40:49 -0800] rev 35844
tests: extract HTTP permissions tests to own test file
We're about to implement a lot more coverage of the permissions
mechanism. In preparation for that, establish a new test file
to hold permissions checks.
As part of this, we inline the important parts of the "req" helper
function.
Kevin Bullock <kbullock@ringworld.org> [Tue, 06 Mar 2018 13:08:00 -0600] rev 35843
Added signature for changeset 369aadf7a326
Kevin Bullock <kbullock@ringworld.org> [Tue, 06 Mar 2018 13:07:58 -0600] rev 35842
Added tag 4.5.1 for changeset 369aadf7a326
Jun Wu <quark@fb.com> [Tue, 13 Feb 2018 11:35:32 -0800] rev 35841
revlog: resolve lfs rawtext to vanilla rawtext before applying delta
This happens when a LFS delta base gets a non-LFS delta from another client.
In that case, the LFS delta base needs to be converted to non-LFS version
before applying the delta.
Differential Revision: https://phab.mercurial-scm.org/D2069
Jun Wu <quark@fb.com> [Tue, 13 Feb 2018 11:35:32 -0800] rev 35840
revlog: do not use delta for lfs revisions
This is similar to what we have done for changegroups. It is needed to make
sure the delta application code path can assume deltas are always against
vanilla (ex. non-LFS) rawtext so the next fix becomes possible.
Differential Revision: https://phab.mercurial-scm.org/D2068
Jun Wu <quark@fb.com> [Tue, 06 Feb 2018 19:08:25 -0800] rev 35839
changegroup: do not delta lfs revisions
There is no way to distinguish whether a delta base is LFS or non-LFS.
If the delta is against LFS rawtext, and the client trying to apply it has
the base revision stored as fulltext, the delta (aka. bundle) will fail to
apply.
This patch forbids using delta for LFS revisions in changegroup so bad
deltas won't be transmitted.
Note: this does not solve the problem entirely. It solves LFS delta applying
to non-LFS base. But the other direction: non-LFS delta applying to LFS base
is not solved yet.
Differential Revision: https://phab.mercurial-scm.org/D2067
Jun Wu <quark@fb.com> [Tue, 06 Feb 2018 16:08:57 -0800] rev 35838
lfs: add a test showing bundle application could be broken
When a bundle containing LFS delta uses non-LFS delta-base, or vice-versa,
the bundle will fail to apply.
Differential Revision: https://phab.mercurial-scm.org/D2066
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 14:53:57 -0500] rev 35837
test-annotate: set stdin and stdout to binary to get CR unmodified
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 13:19:05 -0500] rev 35836
test-annotate: rewrite sed with some python
I hope this will fix the test failure seen on FreeBSD and Windows.
Matt Harbison <matt_harbison@yahoo.com> [Sat, 03 Mar 2018 22:29:24 -0500] rev 35835
test-subrepo: glob away an unstable hash
This is the instability mentioned at the beginning of the series. I don't like
hiding it, but I don't want to sit on a fix for a user reported problem while
trying to figure this out.
The instability seems related to the cset with a .hgsub with a remote URL.
(There's very little existing remote URL subrepo testing.)
Matt Harbison <matt_harbison@yahoo.com> [Thu, 01 Mar 2018 11:37:00 -0500] rev 35834
subrepo: activate clone pooling to enable sharing with remote URLs
This is the easiest way to ensure that repositories with remote subrepo
references can share the subrepos, consistent with how local subrepos can be
shared.
Matt Harbison <matt_harbison@yahoo.com> [Thu, 01 Mar 2018 11:13:00 -0500] rev 35833
subrepo: don't attempt to share remote sources (issue5793)
Untangling _abssource() to resolve the new subrepo relative to the shared
parent's share path, and then either sharing from there (if it exists), or
cloning to that location and then sharing, is probably more than should be
attempted on stable. Absolute subrepo references are discouraged, so for now,
this resumes the behavior prior to 68e0bcb90357 of cloning the absolute subrepo
locally.