mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

allow ftp urls by default

Browse source 
They're no worse than http certianly. And, the backport of these
security fixes has to deal with wget, which supports http https and ftp
and has no way to turn off individual schemes, so this will make that
easier.
This commit is contained in:
Joey Hess 2018-06-18 15:36:12 -04:00
parent c93b6c1e08
commit 3c0a538335
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
5 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG
View file

@ -1,7 +1,7 @@
git-annex (6.20180622) UNRELEASED; urgency=high
* Added annex.security.allowed-url-schemes setting, which defaults
to only allowing http and https URLs. Note especially that file:/
to only allowing http, https, and ftp URLs. Note especially that file:/
is no longer enabled by default. This is a security fix.
* Removed annex.web-download-command, since its interface does not allow
supporting annex.security.allowed-url-schemes across redirects.

2
NEWS
View file

@ -1,6 +1,6 @@
git-annex (6.20180622) upstream; urgency=high
A security fix has changed git-annex to only support http and https
A security fix has changed git-annex to only support http, https, and ftp
URL schemes by default. You can enable other URL schemes, at your own risk,
using annex.security.allowed-url-schemes.

2
Types/GitConfig.hs
View file

@ -162,7 +162,7 @@ extractGitConfig r = GitConfig
, annexRetryDelay = Seconds
<$> getmayberead (annex "retrydelay")
, annexAllowedUrlSchemes = S.fromList $ map mkScheme $
maybe ["http", "https"] words $
maybe ["http", "https", "ftp"] words $
getmaybe (annex "security.allowed-url-schemes")
, annexAllowedHttpAddresses = fromMaybe "" $
getmaybe (annex "security.allowed-http-addresses")

2
Utility/Url.hs
View file

@ -100,7 +100,7 @@ defUrlOptions = UrlOptions
<*> pure DownloadWithConduit
<*> pure id
<*> newManager managerSettings
<*> pure (S.fromList $ map mkScheme ["http", "https"])
<*> pure (S.fromList $ map mkScheme ["http", "https", "ftp"])
mkUrlOptions :: Maybe UserAgent -> Headers -> UrlDownloader -> Manager -> S.Set Scheme -> UrlOptions
mkUrlOptions defuseragent reqheaders urldownloader manager =

2
doc/git-annex.mdwn
View file

@ -1394,7 +1394,7 @@ Here are all the supported configuration settings.
* `annex.security.allowed-url-schemes`
List of URL schemes that git-annex is allowed to download content from.
The default is "http https".
The default is "http https ftp".
Think very carefully before changing this; there are security
implications. For example, if it's changed to allow "file" URLs, then