From 3c0a538335a71a2ecfa7d76f0a87da9e24b6804c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 18 Jun 2018 15:36:12 -0400 Subject: [PATCH] allow ftp urls by default They're no worse than http certianly. And, the backport of these security fixes has to deal with wget, which supports http https and ftp and has no way to turn off individual schemes, so this will make that easier. --- CHANGELOG | 2 +- NEWS | 2 +- Types/GitConfig.hs | 2 +- Utility/Url.hs | 2 +- doc/git-annex.mdwn | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a212011dd0..2cc8490190 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,7 +1,7 @@ git-annex (6.20180622) UNRELEASED; urgency=high * Added annex.security.allowed-url-schemes setting, which defaults - to only allowing http and https URLs. Note especially that file:/ + to only allowing http, https, and ftp URLs. Note especially that file:/ is no longer enabled by default. This is a security fix. * Removed annex.web-download-command, since its interface does not allow supporting annex.security.allowed-url-schemes across redirects. diff --git a/NEWS b/NEWS index f09009dbb0..2dcc72e52b 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ git-annex (6.20180622) upstream; urgency=high - A security fix has changed git-annex to only support http and https + A security fix has changed git-annex to only support http, https, and ftp URL schemes by default. You can enable other URL schemes, at your own risk, using annex.security.allowed-url-schemes. diff --git a/Types/GitConfig.hs b/Types/GitConfig.hs index 98c8c6e83c..7d9ccbff1f 100644 --- a/Types/GitConfig.hs +++ b/Types/GitConfig.hs @@ -162,7 +162,7 @@ extractGitConfig r = GitConfig , annexRetryDelay = Seconds <$> getmayberead (annex "retrydelay") , annexAllowedUrlSchemes = S.fromList $ map mkScheme $ - maybe ["http", "https"] words $ + maybe ["http", "https", "ftp"] words $ getmaybe (annex "security.allowed-url-schemes") , annexAllowedHttpAddresses = fromMaybe "" $ getmaybe (annex "security.allowed-http-addresses") diff --git a/Utility/Url.hs b/Utility/Url.hs index 5664c47124..3301a4b0ef 100644 --- a/Utility/Url.hs +++ b/Utility/Url.hs @@ -100,7 +100,7 @@ defUrlOptions = UrlOptions <*> pure DownloadWithConduit <*> pure id <*> newManager managerSettings - <*> pure (S.fromList $ map mkScheme ["http", "https"]) + <*> pure (S.fromList $ map mkScheme ["http", "https", "ftp"]) mkUrlOptions :: Maybe UserAgent -> Headers -> UrlDownloader -> Manager -> S.Set Scheme -> UrlOptions mkUrlOptions defuseragent reqheaders urldownloader manager = diff --git a/doc/git-annex.mdwn b/doc/git-annex.mdwn index c43c8012a9..e3386f3939 100644 --- a/doc/git-annex.mdwn +++ b/doc/git-annex.mdwn @@ -1394,7 +1394,7 @@ Here are all the supported configuration settings. * `annex.security.allowed-url-schemes` List of URL schemes that git-annex is allowed to download content from. - The default is "http https". + The default is "http https ftp". Think very carefully before changing this; there are security implications. For example, if it's changed to allow "file" URLs, then