mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
git-annex/Types
History
Joey Hess 4315bb9e42
add retrievalSecurityPolicy 
This will be used to protect against CVE-2018-10859, where an encrypted
special remote is fed the wrong encrypted data, and so tricked into
decrypting something that the user encrypted with their gpg key and did
not store in git-annex.

It also protects against CVE-2018-10857, where a remote follows a http
redirect to a file:// url or to a local private web server. While that's
already been prevented in git-annex's own use of http, external special
remotes, hooks, etc use other http implementations and could still be
vulnerable.

The policy is not yet enforced, this commit only adds the appropriate
metadata to remotes.

This commit was sponsored by Boyd Stephen Smith Jr. on Patreon.
2018-06-21 11:36:36 -04:00
..
ActionItem.hs better dup key with -J fix 2017-10-17 18:48:53 -04:00
Availability.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
Backend.hs add KeyVariety type 2017-02-24 15:16:56 -04:00
BranchState.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
CleanupActions.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
Command.hs Make --json and --quiet suppress automatic init messages 2016-09-05 15:34:38 -04:00
Concurrency.hs disentangle concurrency and message type 2016-09-09 12:57:42 -04:00
Creds.hs Added git-remote-tor-annex, which allows git pull and push to the tor hidden service. 2016-11-21 17:27:38 -04:00
Crypto.hs Added new encryption=sharedpubkey mode for special remotes. 2016-05-10 16:50:31 -04:00
DeferredParse.hs fix build warnings under ghc 7.10 2015-12-19 17:42:45 -04:00
DesktopNotify.hs Fix build with ghc 8.4+, which broke due to the Semigroup Monoid change 2018-05-30 12:28:43 -04:00
Difference.hs Fix build with ghc 8.4+, which broke due to the Semigroup Monoid change 2018-05-30 12:28:43 -04:00
Distribution.hs adeiu, MissingH 2017-05-16 01:03:52 -04:00
Export.hs add ExportTree table to export db 2017-09-18 13:59:59 -04:00
FileMatcher.hs matchexpression: Added --largefiles option to parse an annex.largefiles expression. 2016-02-03 16:58:36 -04:00
GitConfig.hs allow ftp urls by default 2018-06-18 15:37:17 -04:00
Group.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
Key.hs add retrievalSecurityPolicy 2018-06-21 11:36:36 -04:00
KeySource.hs refactoring 2015-12-22 13:42:58 -04:00
LockCache.hs convert from Utility.LockPool to Annex.LockPool everywhere 2015-11-12 18:13:37 -04:00
Messages.hs Fix mangling of --json output of utf-8 characters when not running in a utf-8 locale 2018-04-16 16:21:21 -04:00
MetaData.hs avoid insertWith' depreaction warning 2018-04-22 13:28:31 -04:00
NumCopies.hs Get rid of unnecessary Monad constraint 2016-01-28 12:34:07 -04:00
RefSpec.hs Some optimisations to string splitting code. 2017-01-31 19:06:22 -04:00
Remote.hs add retrievalSecurityPolicy 2018-06-21 11:36:36 -04:00
ScheduledActivity.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
StandardGroups.hs adjust standard preferred content to work better with git annex sync --all --content 2015-06-16 17:18:53 -04:00
StoreRetrieve.hs remove 163 lines of code without changing anything except imports 2016-01-20 16:36:33 -04:00
Test.hs Fix build with ghc 8.4+, which broke due to the Semigroup Monoid change 2018-05-30 12:28:43 -04:00
Transfer.hs reorg 2017-12-14 11:26:59 -04:00
TrustLevel.hs finish fixing inverted Ord for TrustLevel 2018-04-13 15:17:54 -04:00
UrlContents.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
UUID.hs implementation of peer-to-peer protocol 2016-11-17 18:30:50 -04:00
View.hs remove 163 lines of code without changing anything except imports 2016-01-20 16:36:33 -04:00