tests: comprehensively test HTTP server permissions checking We didn't have test coverage for numerous web.* config options. We add that test coverage. Included in the tests are tests for custom commands. We have commands that are supposedly read-only and perform writes and a variation of each that does and does not define its operation type in hgweb_mod.perms. The tests reveal a handful of security bugs related to permissions checking. Subsequent commits will address these security bugs.

tests: extract HTTP permissions tests to own test file We're about to implement a lot more coverage of the permissions mechanism. In preparation for that, establish a new test file to hold permissions checks. As part of this, we inline the important parts of the "req" helper function.

Added signature for changeset 369aadf7a326

Added tag 4.5.1 for changeset 369aadf7a326

revlog: resolve lfs rawtext to vanilla rawtext before applying delta This happens when a LFS delta base gets a non-LFS delta from another client. In that case, the LFS delta base needs to be converted to non-LFS version before applying the delta. Differential Revision: https://phab.mercurial-scm.org/D2069

sslutil: some more forcebytes() on some exception messages At this point, test-https.t no longer dumps tracebacks everywhere. Instead, we get some results that look like we're not adequately finding things in hg's configuration, which should be manageable (if somewhat annoying to find and fix.) Differential Revision: https://phab.mercurial-scm.org/D2690