mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
35166 commits 13 branches 442 tags 103 MiB
Commit graph

8 commits

Author SHA1 Message Date
Joey Hess
7fd650355e
merge from http-client-restricted 
I made some improvements to its API after splitting it out of git-annex,
so merge those back in.

This is groundwork for removing the embedded copy of it and depending on
it.

Also moved the managerResponseTimeout disabling to Annex.Url as it's
git-annex specific.

This commit was sponsored by Ethan Aubin on Patreon.
 2019-07-17 16:48:50 -04:00
Joey Hess
9a5ddda511
remove many old version ifdefs 
Drop support for building with ghc older than 8.4.4, and with older
versions of serveral haskell libraries than will be included in Debian 10.

The only remaining version ifdefs in the entire code base are now a couple
for aws!

This commit should only be merged after the Debian 10 release.
And perhaps it will need to wait longer than that; it would make
backporting new versions of  git-annex to Debian 9 (stretch) which
has been actively happening as recently as this year.

This commit was sponsored by Ilya Shlyakhter.
 2019-07-05 15:09:37 -04:00
Joey Hess
67c06f5121
add back support for ftp urls 
Add back support for ftp urls, which was disabled as part of the fix for
security hole CVE-2018-10857 (except for configurations which enabled curl
and bypassed public IP address restrictions). Now it will work if allowed
by annex.security.allowed-ip-addresses.
 2019-05-30 14:51:34 -04:00
Joey Hess
923578ad78
improve error message 
This commit was sponsored by Jack Hill on Patreon.
 2018-06-19 14:21:41 -04:00
Joey Hess
47cd8001bc
call base ManagerSetting's exception wrapper 
This commit was sponsored by Henrik Riomar on Patreon.
 2018-06-19 14:17:05 -04:00
Joey Hess
fc79f68404
support building on debian stable 
Specifically, http-client-0.4.31

This commit was supported by the NSF-funded DataLad project.
 2018-06-19 11:25:10 -04:00
Joey Hess
cc08135e65
prevent using local http proxies per annex.security.allowed-http-addresses 
A local http proxy would bypass the security configuration. So,
the security configuration has to be applied when choosing whether to
use the proxy.

While http rebinding attacks against the dns lookup of the proxy IP
address seem very unlikely, this implementation does prevent them, since
it resolves the IP address once, checks it, and then reconfigures
http-client's proxy using the resolved address.

This commit was sponsored by Ole-Morten Duesund on Patreon.
 2018-06-18 13:32:20 -04:00
Joey Hess
40e8358284
add Utility.HttpManagerRestricted 
This is a clean way to add IP address restrictions to http-client, and
any library using it.
See https://github.com/snoyberg/http-client/issues/354#issuecomment-397830259

Some code from http-client and http-client-tls was copied in and
modified. Credited its author accordingly, and used the same MIT license.

The restrictions don't apply to http proxies. If using http proxies is a
problem, http-client already has a way to disable them.
SOCKS support is not included. As far as I can tell, http-client-tls
does not support SOCKS by default, and so git-annex never has.

The additional dependencies are free; git-annex already transitively
depended on them via http-conduit.

This commit was sponsored by Eric Drechsel on Patreon.
 2018-06-16 18:44:13 -04:00