Commit graph

30878 commits

Author SHA1 Message Date
Joey Hess
a7ae7b029a
bug from email 2017-08-24 16:36:02 -04:00
vgp
5bd7d07a63 2017-08-24 03:41:52 +00:00
Joey Hess
ec635d6f11
Merge branch 'master' of ssh://git-annex.branchable.com 2017-08-23 12:38:42 -04:00
Joey Hess
1b6b951cc0
try explicitly installin xss-sanitize 2017-08-23 12:37:16 -04:00
loredai
d34631cbbd 2017-08-23 16:07:33 +00:00
loredai
f3b7fe82db 2017-08-23 16:04:23 +00:00
loredai
ee291f6489 2017-08-23 16:00:57 +00:00
loredai
b48d032d3e removed 2017-08-23 15:43:34 +00:00
loredai
1b44b7a36a Added a comment: Upgrade path can produce confusing output 2017-08-23 15:42:24 +00:00
Joey Hess
24a6634934
stop removing cabal 2017-08-23 11:31:14 -04:00
olaf
8ee915fa90 Added a comment: It's the old remote... 2017-08-23 06:03:45 +00:00
olaf
8fffaeb0ad Added a comment: Similar(ish) bug reports 2017-08-23 05:55:51 +00:00
olaf
3730f9ae85 2017-08-23 05:47:39 +00:00
olaf
2c892d2fc2 2017-08-23 05:46:13 +00:00
olaf
00b6fa4d61 2017-08-23 04:55:45 +00:00
kanak@3c4f6e7d832d88751c617b25bdbac896417eb93b
e91180ac4a Added a comment: get appears to be doing less work? (Part 2) 2017-08-22 12:20:56 +00:00
kanak@3c4f6e7d832d88751c617b25bdbac896417eb93b
3a58818f55 Added a comment: get appears to be doing less work? 2017-08-22 11:55:41 +00:00
metst13@1d16544ec52801db7efb2895d3dc7a4458b8eb45
38caa5bec0 Added a comment: links on page 2017-08-22 05:10:11 +00:00
Rémi
9354e1be83 Added a comment 2017-08-21 14:17:14 +00:00
Rémi
be6873a563 2017-08-21 09:10:49 +00:00
hugo
019638141a Added a comment: Comment 2017-08-21 06:21:33 +00:00
hugo
cb22913ae7 2017-08-21 06:20:22 +00:00
Joey Hess
3577f874a3
Merge branch 'master' of ssh://git-annex.branchable.com 2017-08-20 16:51:06 -04:00
Joey Hess
c76ba5a15e
CVE-2017-12976 2017-08-20 16:50:53 -04:00
michalrus
7c6f16ad1c Added a comment 2017-08-20 16:45:09 +00:00
michalrus
014c4be6c2 Added a comment 2017-08-20 15:47:03 +00:00
michalrus
608eb67e54 Added a comment 2017-08-20 15:27:31 +00:00
michalrus
abdd6aa736 2017-08-20 15:26:34 +00:00
michalrus
9368ae0dad 2017-08-20 15:21:42 +00:00
michalrus
f330af61ac 2017-08-20 14:16:55 +00:00
doogie
d6d76c10ea 2017-08-18 20:27:52 +00:00
doogie
ed4e3bcff9 2017-08-18 20:25:29 +00:00
ilovezfs
9a68b93253 Added a comment: Exception: getCurrentDirectory:getWorkingDirectory: resource exhausted (Too many open files) 2017-08-18 18:28:01 +00:00
Joey Hess
e0d88e2d25
typo 2017-08-18 11:46:48 -04:00
Joey Hess
c24d0f0e89
add bug for security hole, with exploit details 2017-08-18 11:36:34 -04:00
Joey Hess
ef8b1d86bf
cleanup 2017-08-18 11:21:34 -04:00
Joey Hess
0fce5ac3ad
add note about security fix 2017-08-18 11:21:11 -04:00
Joey Hess
33153ca919
add news item for git-annex 6.20170818 2017-08-18 11:19:53 -04:00
Joey Hess
252994e095
releasing package git-annex version 6.20170818 2017-08-18 11:19:14 -04:00
Joey Hess
55495c5a98
git-annex.cabal: Deal with breaking changes in Cabal 2.0
https://github.com/haskell/cabal/issues/4655

This means that when a module is conditionally imported via ifdef
depending on the OS or build flags, the cabal file has to mirror the
same logic there to only list the module then.

Since there are lots of OS's and lots of combinations of build flags
here, it's rather difficult to know if the cabal file has been completelty
correctly updated to match the source code.

So I am very unhappy with needing to update things in two places. I've
only tested this on linux with most build flags enables; this will
probably need significant time and testing to catch every cabal file
tweak that this change to Cabal requires. And it will be a continual
source of compile failures going forward when the code is modified and
the cabal file not also updated.

DRY DRY DRY, I repeat myself, but: DRY! Sigh..

(Also, had to remove all Build.* that are standalone programs from the
Other-Modules list, because since cabal passes those modules to ghc when
building git-annex, it complains that they use module Main. Those
modules are only used when building with the Makefile anyway, so this
change shouldn't break anything.)

This commit was sponsored by Thomas Hochstein on Patreon.
2017-08-18 11:08:58 -04:00
olaf
1b1c970b99 Added a comment 2017-08-18 04:37:57 +00:00
olaf
f9e30d6292 Added a comment 2017-08-18 04:18:14 +00:00
Joey Hess
df11e54788
avoid the dashed ssh hostname class of security holes
Security fix: Disallow hostname starting with a dash, which would get
passed to ssh and be treated an option. This could be used by an attacker
who provides a crafted ssh url (for eg a git remote) to execute arbitrary
code via ssh -oProxyCommand.

No CVE has yet been assigned for this hole.
The same class of security hole recently affected git itself,
CVE-2017-1000117.

Method: Identified all places where ssh is run, by git grep '"ssh"'
Converted them all to use a SshHost, if they did not already, for
specifying the hostname.

SshHost was made a data type with a smart constructor, which rejects
hostnames starting with '-'.

Note that git-annex already contains extensive use of Utility.SafeCommand,
which fixes a similar class of problem where a filename starting with a
dash gets passed to a program which treats it as an option.

This commit was sponsored by Jochen Bartl on Patreon.
2017-08-17 22:11:31 -04:00
Joey Hess
25e55e7c2f
typo 2017-08-17 19:51:39 -04:00
Joey Hess
749d69f12d
devblog 2017-08-17 17:13:12 -04:00
Joey Hess
79020a9c26
avoid broken version of xss-sanitize
https://github.com/yesodweb/haskell-xss-sanitize/issues/17
2017-08-17 17:12:48 -04:00
Joey Hess
fdbfe88168
fix external script for filenames with spaces from protocol
Fix the external special remotes git-annex-remote-ipfs,
git-annex-remote-torrent and the example.sh template to correctly support
filenames with spaces.

This commit was sponsored by John Peloquin on Patreon.
2017-08-17 16:20:09 -04:00
Joey Hess
dafafad115
external: nice error message for keys with spaces in their name
External special remotes will refuse to operate on keys with spaces in
their names. That has never worked correctly due to the design of the
external special remote protocol. Display an error message suggesting
migration.

Not super happy with this, but it's a pragmatic solution. Better than
complicating the external special remote interface and all external special
remotes.

Note that I only made it use SafeKey in Request, not Response. git-annex
does not construct a Response, so that would not add any safety. And
presumably, if git-annex avoids feeding any such keys to an external
special remote, it will never have a reason to make a Response using such a
key. If it did, it would result in a protocol error anyway.

There's still a Serializeable instance for Key; it's used by P2P.Protocol.
There, the Key is always in the final position, so it's ok if it contains
spaces.

Note that the protocol documentation has been fixed to say that the File
may contain spaces. One way that can happen, even though the Key can't,
is when using direct mode, and the work tree filename contains spaces.
When sending such a file to the external special remote the worktree
filename is used.

This commit was sponsored by Thom May on Patreon.
2017-08-17 16:18:34 -04:00
Joey Hess
5421e8f695
comment 2017-08-17 15:15:40 -04:00
Joey Hess
87afff508a
Merge branch 'master' of ssh://git-annex.branchable.com 2017-08-17 15:11:56 -04:00