Matt Harbison <matt_harbison@yahoo.com> [Sat, 15 Dec 2018 13:54:37 -0500] rev 40468
vfs: ensure closewrapbase fh doesn't escape by entering context manager
I'm not sure if there's a problem in practice here, as there's no test failure
either way. The __exit__() and close() methods raise an exception, so maybe
__exit__() and close() are being called directly on the underlying handle when
delayclosedfile is used on a context manager? I doubt that was intended.
Matt Harbison <matt_harbison@yahoo.com> [Sat, 15 Dec 2018 13:41:34 -0500] rev 40467
windows: ensure mixedfilemodewrapper fd doesn't escape by entering context mgr
Otherwise it seems that the special read and write handling would be bypassed.
Matt Harbison <matt_harbison@yahoo.com> [Sat, 15 Dec 2018 01:26:18 -0500] rev 40466
py3: ensure the proxied Windows fd doesn't escape by entering context manager
The purpose of the proxy class is to provide the `name` attribute which contains
the file path. But in tests that used a context manager, it still blew up
complaining that 'int' doesn't have a 'startswith' function.
Julien Cristau <jcristau@mozilla.com> [Wed, 12 Dec 2018 06:41:19 +0100] rev 40465
test: fix test-http-bad-server with current python 2.7
https://github.com/python/cpython/pull/2825 changed the exception
message for empty http status line.
Differential Revision: https://phab.mercurial-scm.org/D5412
Matt Harbison <matt_harbison@yahoo.com> [Sun, 09 Dec 2018 23:48:50 -0500] rev 40464
hgweb: register web.comparisoncontext to the config table
This was caught in some server side logging added to debug py3 issues.
Augie Fackler <raf@durin42.com> [Tue, 04 Dec 2018 17:04:19 -0500] rev 40463
Added signature for changeset 1c8c54cf9725
Augie Fackler <raf@durin42.com> [Tue, 04 Dec 2018 17:04:17 -0500] rev 40462
Added tag 4.8.1 for changeset 1c8c54cf9725
Martin von Zweigbergk <martinvonz@google.com> [Tue, 20 Nov 2018 14:43:27 -0800] rev 40461
rebase: fix path auditing to audit path relative to repo root (issue5818)
Before this patch, when rebasing a file called "foo/bar", we would
check e.g. if "/foo" (i.e. rooted at the file system root) was a
symlink.
Differential Revision: https://phab.mercurial-scm.org/D5361
Martin von Zweigbergk <martinvonz@google.com> [Tue, 04 Dec 2018 08:56:43 -0800] rev 40460
tests: show bad path auditing in in-memory rebase
Thanks to Yuya for providing this test case in
https://bz.mercurial-scm.org/show_bug.cgi?id=5818.
Differential Revision: https://phab.mercurial-scm.org/D5368
Martin von Zweigbergk <martinvonz@google.com> [Tue, 04 Dec 2018 08:55:48 -0800] rev 40459
tests: add a missing "cd .." to test-rebase-inmemory.t
Differential Revision: https://phab.mercurial-scm.org/D5367
Yuya Nishihara <yuya@tcha.org> [Sun, 28 Oct 2018 21:29:04 +0900] rev 40458
rust: fix possible out-of-bounds read through index_get_parents()
index_get_parents() is an internal function, which doesn't check if the
specified rev is valid. If rustlazyancestors() were instantiated with an
invalid stoprev, it would access to invalid memory region.
This is NOT a security fix as there's no Python code triggering the bug,
but included in this series to not give a notion about the memory issue
fixed by the previous patch.
Yuya Nishihara <yuya@tcha.org> [Thu, 01 Nov 2018 20:32:59 +0900] rev 40457
revlog: fix out-of-bounds access by negative parents read from revlog (SEC)
82d6a35cf432 wasn't enough. Several callers don't check negative revisions
but for -1 (nullrev), which would directly lead to out-of-bounds read, and
buffer overflow could follow. RCE might be doable with carefully crafted
revlog structure, though I don't think this would be useful attack surface.
Martin von Zweigbergk <martinvonz@google.com> [Mon, 03 Dec 2018 11:14:44 -0800] rev 40456
rebase: fix dir/file conflict detection when using in-mem merge
Differential Revision: https://phab.mercurial-scm.org/D5360
Martin von Zweigbergk <martinvonz@google.com> [Mon, 03 Dec 2018 11:11:34 -0800] rev 40455
tests: show that in-mem rebase does not find path dir/file conflicts
Differential Revision: https://phab.mercurial-scm.org/D5359
Matt Harbison <matt_harbison@yahoo.com> [Mon, 03 Dec 2018 20:59:48 -0500] rev 40454
extdiff: register the configuration generated commands with a help category
Otherwise, 'extdiff' shows up under file management and the rest of the commands
are at the bottom under 'Uncategorized'.
Martin von Zweigbergk <martinvonz@google.com> [Mon, 03 Dec 2018 09:36:40 -0800] rev 40453
rebase: abort in-mem rebase if there's a dirty merge state
In-memory merge uses the on-disk merge state, so we should not allow
it run in-memory merge when the merge state is not clean. We should
probably not use the on-disk merge state when running in-memory merge,
but chaning that is not suitable for the stable branch.
Differential Revision: https://phab.mercurial-scm.org/D5357
Martin von Zweigbergk <martinvonz@google.com> [Fri, 30 Nov 2018 16:21:37 -0800] rev 40452
rebase: preserve working copy when redoing in-mem rebase on disk
When in-memory rebase runs into conflicts, we retry it on disk. But
before we do that, we abort the in-memory rebase. That is done because
even though it's mostly in memory, there are still a few state files
written (e.g. the merge state). We should make it not write those
files so we don't need to abort, but for the stable branch, let's
explicitly clear the state we need to clear instead of running the
usual abort code.
Differential Revision: https://phab.mercurial-scm.org/D5356
Martin von Zweigbergk <martinvonz@google.com> [Fri, 30 Nov 2018 15:08:43 -0800] rev 40451
tests: show that in-mem rebase falling back loses state
Both working copy changes and the merge state is lost when in-memory
rebase falls back to on-disk mode.
Differential Revision: https://phab.mercurial-scm.org/D5355
Yuya Nishihara <yuya@tcha.org> [Mon, 03 Dec 2018 21:45:15 +0900] rev 40450
commandserver: get around ETIMEDOUT raised by selectors2
selector.select() should exits with an empty event list on timed out, but
selectors2 raises OSError if timeout expires while recovering from EINTR.
Spotted while debugging new chg feature.
Yuya Nishihara <yuya@tcha.org> [Mon, 03 Dec 2018 21:31:19 +0900] rev 40449
selectors2: backport minimal fix of timeout handling from 2.0.1
The original code would raise TypeError since OSError() doesn't support
keyword arguments.
We can't simply import the selectors 2.0.1, which still spawns "uname -p"
through platform.system(). We could switch to the unreleased version, but
I decided to not right now to minimize the change.
Augie Fackler <augie@google.com> [Wed, 14 Nov 2018 10:12:43 -0500] rev 40448
tests: sniff for libfuzzer actually being available in test-fuzz-targets.t
When I upgraded the FreeBSD buildbot to 11.2 it seems we picked up
clang6, but the default clang on FreeBSD doesn't include libfuzzer. I
can't find a way to sniff for libfuzzer without running a compile, so
here we are.
Differential Revision: https://phab.mercurial-scm.org/D5270
Augie Fackler <augie@google.com> [Wed, 14 Nov 2018 10:11:37 -0500] rev 40447
tests: sniff for /usr/local/bin/gmake and use it in test-fuzz-targets.t
This isn't as robust as it probably should be, but for now it'll get
the job done on the buildbots.
Differential Revision: https://phab.mercurial-scm.org/D5269
Augie Fackler <augie@google.com> [Thu, 29 Nov 2018 16:25:37 -0500] rev 40446
tests: stabilize test-inherit-mode.t on FreeBSD and macOS (issue6026)
Symbolic links are funny permissions-wise, but on the linked issue
Yuya has convinced me that we can ignore this permissions issue on
macOS (FreeBSD allows setting permissions bits but ignores them) and
we'll be in fine shape.
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 28 Nov 2018 12:52:23 -0800] rev 40445
wireprotov2peer: wait for initial object before resolving future
As part of rolling out wireprotov2 with redirect support, I
encountered an edge case with regards to future resolution.
Essentially, the initial response frame from the server did not
fully decode the initial CBOR object. The frame wasn't marked as
EOS. In the previous code, we resolved the future for the request
to response.objects(), which mapped to the commandresponse instance
which would eventually produce a redirect. Upon receiving
subsequent data, the initial CBOR object containing the redirect
would be decoded and we'd process the redirect. However, the
future would already have been resolved with the initial
commandresponse.objects() and the client iterating over the
objects wouldn't receive any objects from the redirect because
the redirect was populating a different commandresponse instance!
This commit changes the logic so we don't resolve futures until
the initial CBOR response object is fully decoded or until EOS
occurs. In cases where there is an empty or partial frame
associated with a redirect, the future will now resolve with the
commandresponse containing the proper series of decoded objects.