Sat, 28 May 2016 11:12:02 -0700 sslutil: introduce a function for determining host-specific settings
Gregory Szorc <gregory.szorc@gmail.com> [Sat, 28 May 2016 11:12:02 -0700] rev 29258
sslutil: introduce a function for determining host-specific settings This patch marks the beginning of a series that introduces a new, more configurable, per-host security settings mechanism. Currently, we have global settings (like web.cacerts and the --insecure argument). We also have per-host settings via [hostfingerprints]. Global security settings are good for defaults, but they don't provide the amount of control often wanted. For example, an organization may want to require a particular CA is used for a particular hostname. [hostfingerprints] is nice. But it currently assumes SHA-1. Furthermore, there is no obvious place to put additional per-host settings. Subsequent patches will be introducing new mechanisms for defining security settings, some on a per-host basis. This commits starts the transition to that world by introducing the _hostsettings function. It takes a ui and hostname and returns a dict of security settings. Currently, it limits itself to returning host fingerprint info. We foreshadow the future support of non-SHA1 hashing algorithms for verifying the host fingerprint by making the "certfingerprints" key a list of tuples instead of a list of hashes. We add this dict to the hgstate property on the socket and use it during socket validation for checking fingerprints. There should be no change in behavior.
Fri, 27 May 2016 15:20:03 -0700 tests-subrepo-git: emit a different "pwned" message based on the test stable 3.8.3
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 15:20:03 -0700] rev 29257
tests-subrepo-git: emit a different "pwned" message based on the test Having a single "pwned" message which may or may not be emitted during the tests for CVE-2016-3068 leads to extra confusion. Allow each test to emit a more detailed message based on what the expectations are. In both cases, we expect a version of git which has had the vulnerability plugged, as well as a version of mercurial which also knows about GIT_ALLOW_PROTOCOL. For the first test, we make sure GIT_ALLOW_PROTOCOL is unset, meaning that the ext-protocol subrepo should be ignored; if it isn't, there's either a problem with mercurial or the installed copy of git. For the second test, we explicitly allow ext-protocol subrepos, which means that the subrepo will be accessed and a message emitted confirming that this was, in fact, our intention.
Fri, 27 May 2016 15:10:38 -0700 tests-subrepo-git: make the "pwned" message output in a stable order stable
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 15:10:38 -0700] rev 29256
tests-subrepo-git: make the "pwned" message output in a stable order The "pwned" message from this test gets gets sent to stderr, and so may get emitted in different places from run to run in the rest of mercurial's output. This patch forces the message to go to a specific file instead, whose existence and contents we can examine at a stable point in the test's execution.
Fri, 27 May 2016 11:14:29 -0700 test-cache-abuse: correct for different hunk headers between Solaris and GNU stable
Danek Duvall <danek.duvall@oracle.com> [Fri, 27 May 2016 11:14:29 -0700] rev 29255
test-cache-abuse: correct for different hunk headers between Solaris and GNU When diffing against an empty file, Solaris diff uses 1 to designate the first line of the empty file (either -1,0 on the left or +1,0 on the right) while GNU diff uses 0 (-0,0 and +0,0). We use a glob here to make sure the test passes with either toolchain. I've not added tests to check-code because there are scads of places in the tests where the GNU format is used due to that being the format that "hg diff" and "hg export" use, and changing those to use globs seems wrong.
Fri, 27 May 2016 21:24:05 +0200 lazymanifest: fix typo s/typles/tuples/ stable
Javi Merino <merino.jav@gmail.com> [Fri, 27 May 2016 21:24:05 +0200] rev 29254
lazymanifest: fix typo s/typles/tuples/
Wed, 25 May 2016 19:57:31 -0700 sslutil: remove sslkwargs() (API)
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:57:31 -0700] rev 29253
sslutil: remove sslkwargs() (API) It is now unused.
Wed, 25 May 2016 19:57:02 -0700 url: remove use of sslkwargs
Gregory Szorc <gregory.szorc@gmail.com> [Wed, 25 May 2016 19:57:02 -0700] rev 29252
url: remove use of sslkwargs
(0) -10000 -3000 -1000 -300 -100 -30 -10 -7 +7 +10 +30 +100 +300 +1000 +3000 +10000 tip