webapp: Use securemem for constant time auth token comparisons.

Debian stable does not have securemem, but neither does it have warp-tls, so just disable use of securemem when not building with https support.
author: Joey Hess <joey@kitenet.net> 2014-03-12 21:21:10 -0400
committer: Joey Hess <joey@kitenet.net> 2014-03-12 21:41:20 -0400
commit: 77693b77a7c7ae09e340e3a609c0c310eeb68fa7 (patch)
tree: 667655d2550fa1b513dd2289bd284128f0a23020 /debian
parent: 4bb70698d38aaca746e163c0602ee74da0915d80 (diff)
2 files changed, 3 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 7ff502ad3..ca82d88ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ git-annex (5.20140307) UNRELEASED; urgency=medium
     are no longer incorrectly detected as unused.
   * repair: Improve memory usage when git fsck finds a great many broken
     objects.
+  * webapp: Use securemem for constant time auth token comparisons.
 
  -- Joey Hess <joeyh@debian.org>  Thu, 06 Mar 2014 16:17:01 -0400
 
diff --git a/debian/control b/debian/control
index 30840b34e..9b6e812b8 100644
--- a/debian/control
+++ b/debian/control
@@ -39,6 +39,8 @@ Build-Depends:
 	libghc-warp-tls-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
 	libghc-wai-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
 	libghc-wai-logger-dev [i386 amd64 kfreebsd-i386 kfreebsd-amd64 powerpc sparc],
+	libghc-securemem-dev,
+	libghc-byteable-dev,
 	libghc-dns-dev,
 	libghc-case-insensitive-dev,
 	libghc-http-types-dev,
author	Joey Hess <joey@kitenet.net>	2014-03-12 21:21:10 -0400
committer	Joey Hess <joey@kitenet.net>	2014-03-12 21:41:20 -0400
commit	77693b77a7c7ae09e340e3a609c0c310eeb68fa7 (patch)
tree	667655d2550fa1b513dd2289bd284128f0a23020 /debian
parent	4bb70698d38aaca746e163c0602ee74da0915d80 (diff)