Gregory Szorc <gregory.szorc@gmail.com> [Tue, 20 Feb 2018 18:53:39 -0800] rev 36753
wireproto: move command permissions dict out of hgweb_mod
The operation type associated with wire protocol commands is supposed
to be defined in a dictionary so it can be used for permissions
checking.
Since this metadata is closely associated with wire protocol commands
themselves, it makes sense to define it in the same module where
wire protocol commands are defined.
This commit moves hgweb_mod.perms to wireproto.PERMISSIONS and
updates most references in the code to use the new home. The old
symbol remains an alias for the new symbol. Tests pass with the
code pointing at the old symbol. So this should be API compatible
for extensions.
As part of the code move, we split up the assignment to the dict
so it is next to the @wireprotocommand. This reinforces that a
@wireprotocommand should have an entry in this dict.
In the future, we'll want to declare permissions as part of the
@wireprotocommand decorator. But this isn't appropriate for the
stable branch.
Gregory Szorc <gregory.szorc@gmail.com> [Tue, 20 Feb 2018 19:09:01 -0800] rev 36752
tests: comprehensively test HTTP server permissions checking
We didn't have test coverage for numerous web.* config options. We
add that test coverage.
Included in the tests are tests for custom commands. We have commands
that are supposedly read-only and perform writes and a variation of
each that does and does not define its operation type in
hgweb_mod.perms.
The tests reveal a handful of security bugs related to permissions
checking. Subsequent commits will address these security bugs.
Gregory Szorc <gregory.szorc@gmail.com> [Sun, 18 Feb 2018 10:40:49 -0800] rev 36751
tests: extract HTTP permissions tests to own test file
We're about to implement a lot more coverage of the permissions
mechanism. In preparation for that, establish a new test file
to hold permissions checks.
As part of this, we inline the important parts of the "req" helper
function.
Kevin Bullock <kbullock@ringworld.org> [Tue, 06 Mar 2018 13:08:00 -0600] rev 36750
Added signature for changeset
369aadf7a326
Kevin Bullock <kbullock@ringworld.org> [Tue, 06 Mar 2018 13:07:58 -0600] rev 36749
Added tag 4.5.1 for changeset
369aadf7a326
Jun Wu <quark@fb.com> [Tue, 13 Feb 2018 11:35:32 -0800] rev 36748
revlog: resolve lfs rawtext to vanilla rawtext before applying delta
This happens when a LFS delta base gets a non-LFS delta from another client.
In that case, the LFS delta base needs to be converted to non-LFS version
before applying the delta.
Differential Revision: https://phab.mercurial-scm.org/D2069
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 21:16:36 -0500] rev 36747
sslutil: some more forcebytes() on some exception messages
At this point, test-https.t no longer dumps tracebacks
everywhere. Instead, we get some results that look like we're not
adequately finding things in hg's configuration, which should be
manageable (if somewhat annoying to find and fix.)
Differential Revision: https://phab.mercurial-scm.org/D2690
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 21:15:37 -0500] rev 36746
sslutil: sslcontext needs the cipher name as a sysstr
Differential Revision: https://phab.mercurial-scm.org/D2689
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 18:03:55 -0500] rev 36745
sslutil: lots of unicode/bytes cleanup
In general, we handle hostnames as bytes, except where Python forces
them to be unicodes.
This fixes all the tracebacks I was seeing in test-https.t, but
there's still some ECONNRESET weirdness that I can't hunt down...
Differential Revision: https://phab.mercurial-scm.org/D2687
Jun Wu <quark@fb.com> [Tue, 13 Feb 2018 11:35:32 -0800] rev 36744
revlog: do not use delta for lfs revisions
This is similar to what we have done for changegroups. It is needed to make
sure the delta application code path can assume deltas are always against
vanilla (ex. non-LFS) rawtext so the next fix becomes possible.
Differential Revision: https://phab.mercurial-scm.org/D2068
Jun Wu <quark@fb.com> [Tue, 06 Feb 2018 19:08:25 -0800] rev 36743
changegroup: do not delta lfs revisions
There is no way to distinguish whether a delta base is LFS or non-LFS.
If the delta is against LFS rawtext, and the client trying to apply it has
the base revision stored as fulltext, the delta (aka. bundle) will fail to
apply.
This patch forbids using delta for LFS revisions in changegroup so bad
deltas won't be transmitted.
Note: this does not solve the problem entirely. It solves LFS delta applying
to non-LFS base. But the other direction: non-LFS delta applying to LFS base
is not solved yet.
Differential Revision: https://phab.mercurial-scm.org/D2067
Jun Wu <quark@fb.com> [Tue, 06 Feb 2018 16:08:57 -0800] rev 36742
lfs: add a test showing bundle application could be broken
When a bundle containing LFS delta uses non-LFS delta-base, or vice-versa,
the bundle will fail to apply.
Differential Revision: https://phab.mercurial-scm.org/D2066
Matt Harbison <matt_harbison@yahoo.com> [Mon, 05 Mar 2018 20:22:34 -0500] rev 36741
debugwireproto: handle unimplemented util.poll() for Windows
This is the same logic used in sshpeer.doublepipe. It doesn't completely fix
test-ssh-proto{,-unbundle}.t ("read(-1) -> X" is changed to "read(X) -> X", the
order of some lines are changed, and abort messages seem to be missing), but it
cuts down a ton on the failure spew.
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 16:55:51 -0500] rev 36740
py3: byte-stringify test-blackbox.t
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 16:54:14 -0500] rev 36739
py3: byte-stringify blackbox-readonly-dispatch.py
# skip-blame because just adding some b''
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 16:50:35 -0500] rev 36738
py3: make blackbox-readonly-dispatch.py use ui instead of print()
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 16:48:17 -0500] rev 36737
py3: fix int formatting of "incoming changes" log
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 16:48:01 -0500] rev 36736
largefiles: use %d instead of %s to process ints
Differential Revision: https://phab.mercurial-scm.org/D2677
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 16:11:15 -0500] rev 36735
transaction: fix an error string with bytestr() on a repr()d value
Fixes test-rollback.t on Python 3.
Differential Revision: https://phab.mercurial-scm.org/D2674
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 16:23:10 -0500] rev 36734
py3: work around comparison between int and None in tagmerge
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 16:13:46 -0500] rev 36733
py3: do not mutate dict while iterating in tagmerge
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 16:01:18 -0500] rev 36732
py3: fix type of ui.configitems(ignoresub=True) result
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 15:53:10 -0500] rev 36731
py3: don't use str() to stringify pushloc
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 15:26:26 -0500] rev 36730
py3: byte-stringify test-config.t and test-config-env.py
Yuya Nishihara <yuya@tcha.org> [Sun, 04 Mar 2018 15:24:45 -0500] rev 36729
py3: use startswith() instead of slicing to detect leading whitespace
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 16:06:47 -0500] rev 36728
archival: use py3 friendly replacements for chr() and long()
Differential Revision: https://phab.mercurial-scm.org/D2673
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 16:06:27 -0500] rev 36727
archival: ensure file mode for gzipfile is sysstr
Differential Revision: https://phab.mercurial-scm.org/D2672
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 16:06:10 -0500] rev 36726
archival: fix a missing r'' on a kwargs check
# skip-blame just an r prefix
Differential Revision: https://phab.mercurial-scm.org/D2671
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 16:05:44 -0500] rev 36725
py3: more passing tests (ten this time)
Differential Revision: https://phab.mercurial-scm.org/D2670
Augie Fackler <augie@google.com> [Sun, 04 Mar 2018 15:55:55 -0500] rev 36724
util: fix unsafe url abort with bytestr() on url
Differential Revision: https://phab.mercurial-scm.org/D2669