mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

version deps

Browse source 
need at least http-client-0.4.31 to build now, and connection-0.2.6
This commit is contained in:
Joey Hess 2018-06-19 19:41:30 -04:00
parent c5166b56af
commit 991265e724
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
4 changed files with 60 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
doc/devblog/day_503__security_hole_part_5.mdwn Normal file
View file

@ -0,0 +1,17 @@
Started testing that the security fix will build everywhere on
release day. This is being particularly painful for the android build,
which has very old libraries and needed http-client updated, with many
follow-on changes, and is not successfully building yet after 5 hours.
I really need to finish deprecating the android build.
Pretty exhausted from all this, and thinking what to do about
external special remotes, I elaborated on an idea that Daniel Dent had
raised in discussions about vulnerability, and realized that git-annex
has a second, worse vulnerability. This new one could be used to trick a
git-annex user into decrypting gpg encrypted data that they had
never stored in git-annex. The attacker needs to have control of both an
encrypted special remote and a git remote, so it's not an easy exploit to
pull off, but it's still super bad.
This week is going to be a lot longer than I thought, and it's already
feeling kind of endless..

0
doc/security/CVE-2018-10857.mdwn → doc/security/CVE-2018-10857_and_CVE-2018-10859.mdwn
View file

4
git-annex.cabal
View file

@ -340,8 +340,8 @@ Executable git-annex
bloomfilter, bloomfilter,
edit-distance, edit-distance,
resourcet, resourcet,
connection, connection (>= 0.2.6),
http-client, http-client (>= 0.4.31),
http-client-tls, http-client-tls,
http-types (>= 0.7), http-types (>= 0.7),
http-conduit (>= 2.0), http-conduit (>= 2.0),

41
standalone/android/haskell-patches/basement_fix-build-on-android.patch Normal file
View file

@ -0,0 +1,41 @@
From cc0c373b69f93057cbdcb634a461e10ec019d87a Mon Sep 17 00:00:00 2001
From: androidbuilder <androidbuilder@example.com>
Date: Wed, 20 Jun 2018 00:29:11 +0100
Subject: [PATCH] fix build on android
---
Basement/Terminal.hs | 2 --
basement.cabal | 1 -
2 files changed, 3 deletions(-)
diff --git a/Basement/Terminal.hs b/Basement/Terminal.hs
index 8136e52..cca9606 100644
--- a/Basement/Terminal.hs
+++ b/Basement/Terminal.hs
@@ -1,11 +1,9 @@
{-# LANGUAGE CPP #-}
module Basement.Terminal
( initialize
- , getDimensions
) where
import Basement.Compat.Base
-import Basement.Terminal.Size (getDimensions)
#ifdef mingw32_HOST_OS
import System.IO (hSetEncoding, utf8, hPutStrLn, stderr, stdin, stdout)
import System.Win32.Console (setConsoleCP, setConsoleOutputCP, getConsoleCP, getConsoleOutputCP)
diff --git a/basement.cabal b/basement.cabal
index af50291..0824c94 100644
--- a/basement.cabal
+++ b/basement.cabal
@@ -135,7 +135,6 @@ library
Basement.String.Encoding.ASCII7
Basement.String.Encoding.ISO_8859_1
- Basement.Terminal.Size
build-depends: base >= 4.7 && < 5
--
2.1.4