##// END OF EJS Templates
sslutil: require TLS 1.1+ when supported...
sslutil: require TLS 1.1+ when supported Currently, Mercurial will use TLS 1.0 or newer when connecting to remote servers, selecting the highest TLS version supported by both peers. On older Pythons, only TLS 1.0 is available. On newer Pythons, TLS 1.1 and 1.2 should be available. Security professionals recommend avoiding TLS 1.0 if possible. PCI DSS 3.1 "strongly encourages" the use of TLS 1.2. Known attacks like BEAST and POODLE exist against TLS 1.0 (although mitigations are available and properly configured servers aren't vulnerable). I asked Eric Rescorla - Mozilla's resident crypto expert - whether Mercurial should drop support for TLS 1.0. His response was "if you can get away with it." Essentially, a number of servers on the Internet don't support TLS 1.1+. This is why web browsers continue to support TLS 1.0 despite desires from security experts. This patch changes Mercurial's default behavior on modern Python versions to require TLS 1.1+, thus avoiding known security issues with TLS 1.0 and making Mercurial more secure by default. Rather than drop TLS 1.0 support wholesale, we still allow TLS 1.0 to be used if configured. This is a compromise solution - ideally we'd disallow TLS 1.0. However, since we're not sure how many Mercurial servers don't support TLS 1.1+ and we're not sure how much user inconvenience this change will bring, I think it is prudent to ship an escape hatch that still allows usage of TLS 1.0. In the default case our users get better security. In the worst case, they are no worse off than before this patch. This patch has no effect when running on Python versions that don't support TLS 1.1+. As the added test shows, connecting to a server that doesn't support TLS 1.1+ will display a warning message with a link to our wiki, where we can guide people to configure their client to allow less secure connections.

File last commit:

r26998:4414d500 default
r29560:303e9300 default
Show More
test-mq-qnew.t
348 lines | 8.6 KiB | text/troff | Tads3Lexer
Matt Mackall
tests: unify test-mq-qnew
r12466
$ catpatch() {
> cat $1 | sed -e "s/^\(# Parent \).*/\1/"
> }
$ echo "[extensions]" >> $HGRCPATH
$ echo "mq=" >> $HGRCPATH
$ runtest() {
> hg init mq
> cd mq
>
> echo a > a
> hg ci -Ama
>
> echo '% qnew should refuse bad patch names'
> hg qnew series
> hg qnew status
> hg qnew guards
Idan Kamara
mq: add '.' and '..' to list of forbidden patch names...
r14051 > hg qnew .
> hg qnew ..
Matt Mackall
tests: unify test-mq-qnew
r12466 > hg qnew .hgignore
> hg qnew .mqfoo
> hg qnew 'foo#bar'
> hg qnew 'foo:bar'
Augie Fackler
mq: ban \r and \n in patch names (issue4711)...
r25454 > hg qnew "`echo foo; echo bar`"
Matt Mackall
tests: unify test-mq-qnew
r12466 >
> hg qinit -c
>
> echo '% qnew with name containing slash'
Martin Geisler
qnew: give better feedback when doing 'hg qnew foo/' (issue2464)
r12878 > hg qnew foo/
Matt Mackall
tests: unify test-mq-qnew
r12466 > hg qnew foo/bar.patch
Martin Geisler
qnew: distinguish between existing file and directory (issue2464)
r12879 > hg qnew foo
Matt Mackall
tests: unify test-mq-qnew
r12466 > hg qseries
> hg qpop
> hg qdelete foo/bar.patch
>
> echo '% qnew with uncommitted changes'
> echo a > somefile
> hg add somefile
> hg qnew uncommitted.patch
> hg st
> hg qseries
>
> echo '% qnew implies add'
> hg -R .hg/patches st
>
> echo '% qnew missing'
> hg qnew missing.patch missing
>
> echo '% qnew -m'
> hg qnew -m 'foo bar' mtest.patch
> catpatch .hg/patches/mtest.patch
>
> echo '% qnew twice'
> hg qnew first.patch
> hg qnew first.patch
>
> touch ../first.patch
> hg qimport ../first.patch
>
> echo '% qnew -f from a subdirectory'
> hg qpop -a
> mkdir d
> cd d
> echo b > b
> hg ci -Am t
> echo b >> b
> hg st
> hg qnew -g -f p
> catpatch ../.hg/patches/p
>
> echo '% qnew -u with no username configured'
> HGUSER= hg qnew -u blue red
> catpatch ../.hg/patches/red
>
> echo '% qnew -e -u with no username configured'
> HGUSER= hg qnew -e -u chartreuse fucsia
> catpatch ../.hg/patches/fucsia
>
> echo '% fail when trying to import a merge'
> hg init merge
> cd merge
> touch a
> hg ci -Am null
> echo a >> a
> hg ci -m a
> hg up -r 0
> echo b >> a
> hg ci -m b
> hg merge -f 1
> hg resolve --mark a
> hg qnew -f merge
>
> cd ../../..
> rm -r mq
> }
plain headers
$ echo "[mq]" >> $HGRCPATH
$ echo "plain=true" >> $HGRCPATH
$ mkdir sandbox
$ (cd sandbox ; runtest)
adding a
% qnew should refuse bad patch names
abort: "series" cannot be used as the name of a patch
abort: "status" cannot be used as the name of a patch
abort: "guards" cannot be used as the name of a patch
Idan Kamara
mq: add '.' and '..' to list of forbidden patch names...
r14051 abort: "." cannot be used as the name of a patch
abort: ".." cannot be used as the name of a patch
Idan Kamara
mq: be more explicit on invalid patch name message
r14054 abort: patch name cannot begin with ".hg"
abort: patch name cannot begin with ".mq"
Augie Fackler
mq: use %r to format illegal characters instead of manually quoting...
r25453 abort: '#' cannot be used in the name of a patch
abort: ':' cannot be used in the name of a patch
Augie Fackler
mq: ban \r and \n in patch names (issue4711)...
r25454 abort: '\n' cannot be used in the name of a patch
Matt Mackall
tests: unify test-mq-qnew
r12466 % qnew with name containing slash
Mads Kiilerich
tests: add missing accept of native pathname separator
r16540 abort: path ends in directory separator: foo/ (glob)
Martin Geisler
qnew: distinguish between existing file and directory (issue2464)
r12879 abort: "foo" already exists as a directory
Matt Mackall
tests: unify test-mq-qnew
r12466 foo/bar.patch
popping foo/bar.patch
patch queue now empty
% qnew with uncommitted changes
uncommitted.patch
% qnew implies add
A .hgignore
A series
A uncommitted.patch
% qnew missing
Mads Kiilerich
tests: hide 'No such file or directory' messages...
r15521 abort: missing: * (glob)
Matt Mackall
tests: unify test-mq-qnew
r12466 % qnew -m
foo bar
% qnew twice
abort: patch "first.patch" already exists
abort: patch "first.patch" already exists
% qnew -f from a subdirectory
popping first.patch
popping mtest.patch
popping uncommitted.patch
patch queue now empty
adding d/b
M d/b
diff --git a/d/b b/d/b
--- a/d/b
+++ b/d/b
@@ -1,1 +1,2 @@
b
+b
% qnew -u with no username configured
From: blue
% qnew -e -u with no username configured
From: chartreuse
% fail when trying to import a merge
adding a
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
created new head
merging a
Siddharth Agarwal
simplemerge: move conflict warning message to filemerge...
r26614 warning: conflicts while merging a! (edit, then use 'hg resolve --mark')
Matt Mackall
tests: unify test-mq-qnew
r12466 0 files updated, 0 files merged, 0 files removed, 1 files unresolved
use 'hg resolve' to retry unresolved file merges or 'hg update -C .' to abandon
Pierre-Yves David
resolve: add parenthesis around "no more unresolved files" message...
r21947 (no more unresolved files)
Matt Mackall
tests: unify test-mq-qnew
r12466 abort: cannot manage merge changesets
$ rm -r sandbox
hg headers
$ echo "plain=false" >> $HGRCPATH
$ mkdir sandbox
$ (cd sandbox ; runtest)
adding a
% qnew should refuse bad patch names
abort: "series" cannot be used as the name of a patch
abort: "status" cannot be used as the name of a patch
abort: "guards" cannot be used as the name of a patch
Idan Kamara
mq: add '.' and '..' to list of forbidden patch names...
r14051 abort: "." cannot be used as the name of a patch
abort: ".." cannot be used as the name of a patch
Idan Kamara
mq: be more explicit on invalid patch name message
r14054 abort: patch name cannot begin with ".hg"
abort: patch name cannot begin with ".mq"
Augie Fackler
mq: use %r to format illegal characters instead of manually quoting...
r25453 abort: '#' cannot be used in the name of a patch
abort: ':' cannot be used in the name of a patch
Augie Fackler
mq: ban \r and \n in patch names (issue4711)...
r25454 abort: '\n' cannot be used in the name of a patch
Matt Mackall
tests: unify test-mq-qnew
r12466 % qnew with name containing slash
Mads Kiilerich
tests: add missing accept of native pathname separator
r16540 abort: path ends in directory separator: foo/ (glob)
Martin Geisler
qnew: distinguish between existing file and directory (issue2464)
r12879 abort: "foo" already exists as a directory
Matt Mackall
tests: unify test-mq-qnew
r12466 foo/bar.patch
popping foo/bar.patch
patch queue now empty
% qnew with uncommitted changes
uncommitted.patch
% qnew implies add
A .hgignore
A series
A uncommitted.patch
% qnew missing
Mads Kiilerich
tests: hide 'No such file or directory' messages...
r15521 abort: missing: * (glob)
Matt Mackall
tests: unify test-mq-qnew
r12466 % qnew -m
# HG changeset patch
# Parent
foo bar
% qnew twice
abort: patch "first.patch" already exists
abort: patch "first.patch" already exists
% qnew -f from a subdirectory
popping first.patch
popping mtest.patch
popping uncommitted.patch
patch queue now empty
adding d/b
M d/b
# HG changeset patch
# Parent
Mads Kiilerich
mq: correctly make an empty line after description in new patches...
r22519
Matt Mackall
tests: unify test-mq-qnew
r12466 diff --git a/d/b b/d/b
--- a/d/b
+++ b/d/b
@@ -1,1 +1,2 @@
b
+b
% qnew -u with no username configured
# HG changeset patch
Mads Kiilerich
mq: write headers for new HG patches in the same order as export (BC)
r22520 # User blue
Matt Mackall
tests: unify test-mq-qnew
r12466 # Parent
Mads Kiilerich
mq: correctly make an empty line after description in new patches...
r22519
Matt Mackall
tests: unify test-mq-qnew
r12466 % qnew -e -u with no username configured
# HG changeset patch
Mads Kiilerich
mq: write headers for new HG patches in the same order as export (BC)
r22520 # User chartreuse
Matt Mackall
tests: unify test-mq-qnew
r12466 # Parent
Mads Kiilerich
mq: correctly make an empty line after description in new patches...
r22519
Matt Mackall
tests: unify test-mq-qnew
r12466 % fail when trying to import a merge
adding a
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
created new head
merging a
Siddharth Agarwal
simplemerge: move conflict warning message to filemerge...
r26614 warning: conflicts while merging a! (edit, then use 'hg resolve --mark')
Matt Mackall
tests: unify test-mq-qnew
r12466 0 files updated, 0 files merged, 0 files removed, 1 files unresolved
use 'hg resolve' to retry unresolved file merges or 'hg update -C .' to abandon
Pierre-Yves David
resolve: add parenthesis around "no more unresolved files" message...
r21947 (no more unresolved files)
Matt Mackall
tests: unify test-mq-qnew
r12466 abort: cannot manage merge changesets
$ rm -r sandbox
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768
Test saving last-message.txt
$ hg init repo
$ cd repo
Sean Farley
tests: use TESTTMP instead of TESTDIR...
r20859 $ cat > $TESTTMP/commitfailure.py <<EOF
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 > from mercurial import error
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 > def reposetup(ui, repo):
> class commitfailure(repo.__class__):
> def commit(self, *args, **kwargs):
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 > raise error.Abort('emulating unexpected abort')
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 > repo.__class__ = commitfailure
> EOF
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 $ cat >> .hg/hgrc <<EOF
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 > [extensions]
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 > # this failure occurs before editor invocation
Sean Farley
tests: use TESTTMP instead of TESTDIR...
r20859 > commitfailure = $TESTTMP/commitfailure.py
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 > EOF
Sean Farley
tests: use TESTTMP instead of TESTDIR...
r20859 $ cat > $TESTTMP/editor.sh << EOF
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 > echo "==== before editing"
> cat \$1
> echo "===="
> echo "test saving last-message.txt" >> \$1
> EOF
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 (test that editor is not invoked before transaction starting)
$ rm -f .hg/last-message.txt
$ HGEDITOR="sh $TESTTMP/editor.sh" hg qnew -e patch
abort: emulating unexpected abort
[255]
Danek Duvall
tests: cat error messages are different on Solaris
r21930 $ test -f .hg/last-message.txt
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 [1]
(test that editor is invoked and commit message is saved into
"last-message.txt")
$ cat >> .hg/hgrc <<EOF
> [extensions]
> commitfailure = !
> [hooks]
> # this failure occurs after editor invocation
> pretxncommit.unexpectedabort = false
> EOF
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 $ rm -f .hg/last-message.txt
FUJIWARA Katsunori
mq: use the editor gotten by "getcommiteditor()" instead of "ui.edit()" (qnew)...
r21421 $ hg status
Sean Farley
tests: use TESTTMP instead of TESTDIR...
r20859 $ HGEDITOR="sh $TESTTMP/editor.sh" hg qnew -e patch
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 ==== before editing
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234
FUJIWARA Katsunori
mq: use the editor gotten by "getcommiteditor()" instead of "ui.edit()" (qnew)...
r21421
HG: Enter commit message. Lines beginning with 'HG:' are removed.
HG: Leave message empty to use default message.
HG: --
HG: user: test
HG: branch 'default'
HG: no files changed
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 ====
Laurent Charignon
localrepo: put bookmark move following commit in one transaction...
r26998 note: commit message saved in .hg/last-message.txt
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 transaction abort!
rollback completed
abort: pretxncommit.unexpectedabort hook exited with status 1
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 [255]
$ cat .hg/last-message.txt
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234
FUJIWARA Katsunori
mq: use the editor gotten by "getcommiteditor()" instead of "ui.edit()" (qnew)...
r21421
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 test saving last-message.txt
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 $ cat >> .hg/hgrc <<EOF
> [hooks]
> pretxncommit.unexpectedabort =
> EOF
Matt Mackall
tests: fix test failure on vfat...
r21276 #if unix-permissions
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 Test handling default message with the patch filename with tail whitespaces
$ cat > $TESTTMP/editor.sh << EOF
> echo "==== before editing"
> cat \$1
> echo "===="
> echo "[mq]: patch " > \$1
> EOF
$ rm -f .hg/last-message.txt
FUJIWARA Katsunori
mq: use the editor gotten by "getcommiteditor()" instead of "ui.edit()" (qnew)...
r21421 $ hg status
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 $ HGEDITOR="sh $TESTTMP/editor.sh" hg qnew -e "patch "
==== before editing
FUJIWARA Katsunori
mq: use the editor gotten by "getcommiteditor()" instead of "ui.edit()" (qnew)...
r21421
HG: Enter commit message. Lines beginning with 'HG:' are removed.
HG: Leave message empty to use default message.
HG: --
HG: user: test
HG: branch 'default'
HG: no files changed
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234 ====
$ cat ".hg/patches/patch "
# HG changeset patch
Mads Kiilerich
mq: write '# Parent ' lines with two spaces like export does (BC)...
r22521 # Parent 0000000000000000000000000000000000000000
Mads Kiilerich
mq: correctly make an empty line after description in new patches...
r22519
FUJIWARA Katsunori
qnew: use "editor" argument of "commit()" instead of explicit "ui.edit()"...
r21234
FUJIWARA Katsunori
qnew: save manually edited commit message into ".hg/last-message.txt"...
r20768 $ cd ..
Matt Mackall
tests: fix test failure on vfat...
r21276
#endif