add news item for git-annex 6.20170519

This commit is contained in:
Joey Hess 2017-05-19 10:58:11 -04:00
parent c6079c3ce8
commit ac097114a6
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
2 changed files with 12 additions and 67 deletions

View file

@ -1,67 +0,0 @@
News for git-annex 6.20170228:
This version of git-annex has mitigations for SHA1 hash collision
problems.
A new annex.securehashesonly configuration, when used in combination with
signed git commits, avoids potential hash collision problems in git-annex
repositories. For details, see this web page:
<https://git-annex.branchable.com/tips/using\_signed\_git\_commits/>
git-annex 6.20170228 released with [[!toggle text="these changes"]]
[[!toggleable text="""
* Cryptographically secure hashes can be forced to be used in a
repository, by setting annex.securehashesonly.
This does not prevent the git repository from containing links
to insecure hashes, but it does prevent the content of such files
from being added to .git/annex/objects by any method.
* Tighten key parser to prevent SHA1 collision attacks generating
two keys that have the same SHA1. (Only done for keys that contain
a hash). This ensures that signed git commits of annexed files
will remain secure, as long as git-annex is using a secure hashing
backend.
* fsck: Warn about any files whose content is present, that don't
use secure hashes, when annex.securehashesonly is set.
* init: When annex.securehashesonly has been set with git-annex config,
copy that value to the annex.securehashesonly git config.
* Added --securehash option to match files using a secure hash function,
and corresponding securehash preferred content expression.
* sync, merge: Fail when the current branch has no commits yet, instead
of not merging in anything from remotes and appearing to succeed.
* Run ssh with -n whenever input is not being piped into it,
to avoid it consuming stdin that it shouldn't.
This fixes git-annex-checkpresentkey --batch remote,
which didn't output results for all keys passed into it. Other
git-annex commands that communicate with a remote over ssh may also
have been consuming stdin that they shouldn't have, which could have
impacted using them in eg, shell scripts.
* sync: Improve integration with receive.denyCurrentBranch=updateInstead,
displaying error messages from the remote then it fails to update
its checked out branch.
* Added post-recieve hook, which makes updateInstead work with direct
mode and adjusted branches.
* init: Set up the post-receive hook.
* sync: When syncing with a local repository located on a crippled
filesystem, run the post-receive hook there, since it wouldn't get run
otherwise. This makes pushing to repos on FAT-formatted removable
drives update them when receive.denyCurrentBranch=updateInstead.
* config group groupwanted numcopies schedule wanted required:
Avoid displaying extraneous messages about repository auto-init,
git-annex branch merging, etc, when being used to get information.
* adjust: Fix behavior when used in a repository that contains
submodules.
* Run wget with -nv instead of -q, so it will display HTTP errors.
* Run curl with -S, so HTTP errors are displayed, even when
it's otherwise silent.
* When downloading in --json or --quiet mode, use curl in preference
to wget, since curl is able to display only errors to stderr, unlike
wget.
* status: Pass --ignore-submodules=when option on to git status.
* config --set: As well as setting value in git-annex branch,
set local gitconfig. This is needed especially for
annex.securehashesonly, which is read only from local gitconfig and not
the git-annex branch.
* Removed support for building with the old cryptohash library.
Building with that library made git-annex not support SHA3; it's time
for that to always be supported in case SHA2 dominoes.
* git-annex.cabal: Make crypto-api a dependency even when built w/o
webapp and test suite."""]]

View file

@ -0,0 +1,12 @@
git-annex 6.20170519 released with [[!toggle text="these changes"]]
[[!toggleable text="""
* Ssh password prompting improved when using -J for concurrency.
When ssh connection caching is enabled (and when GIT\_ANNEX\_USE\_GIT\_SSH
is not set), only one ssh password prompt will be made per host, and
only one ssh password prompt will be made at a time.
* When built with concurrent-output 1.9, ssh password prompts will no
longer interfere with the -J display.
* Removed dependency on MissingH, instead depending on the split library.
* Progress is displayed for transfers of files of unknown size.
* Work around bug in git 2.13.0 involving GIT\_COMMON\_DIR that broke
merging changes into adjusted branches."""]]