webapp: Use securemem for constant time auth token comparisons.
Debian stable does not have securemem, but neither does it have warp-tls, so just disable use of securemem when not building with https support.
This commit is contained in:
Joey Hess
parent
ea0138d8a1
commit
66b8b9c094
9 changed files with 63 additions and 33 deletions
1
debian/changelog
vendored
1
debian/changelog
vendored
|
|
@ -7,6 +7,7 @@ git-annex (5.20140307) UNRELEASED; urgency=medium
|
|||
are no longer incorrectly detected as unused.
|
||||
* repair: Improve memory usage when git fsck finds a great many broken
|
||||
objects.
|
||||
* webapp: Use securemem for constant time auth token comparisons.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Thu, 06 Mar 2014 16:17:01 -0400
|
||||
|
||||
|
|
|
|||
2
debian/control
vendored
2
debian/control
vendored
|
|
@ -39,6 +39,8 @@ Build-Depends:
|
|||
libghc-warp-tls-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
|
||||
libghc-wai-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
|
||||
libghc-wai-logger-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
|
||||
libghc-securemem-dev,
|
||||
libghc-byteable-dev,
|
||||
libghc-dns-dev,
|
||||
libghc-case-insensitive-dev,
|
||||
libghc-http-types-dev,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue