git-annex-gpl - git-annex without the AGPL

	Commit message (Collapse)	Author	Age
...
*	Added a comment: No package for debian stretch, armh?	Alan	2017-08-25
\|
*	formatting	Joey Hess	2017-08-24
\|
*	Merge branch 'master' of ssh://git-annex.branchable.com	Joey Hess	2017-08-24
\|\
* \|	bug from email	Joey Hess	2017-08-24
\| \|
\| *	(no commit message)	vgp	2017-08-24
\|/
*	Merge branch 'master' of ssh://git-annex.branchable.com	Joey Hess	2017-08-23
\|\
* \|	try explicitly installin xss-sanitize	Joey Hess	2017-08-23
\| \|
\| *	(no commit message)	loredai	2017-08-23
\| \|
\| *	(no commit message)	loredai	2017-08-23
\| \|
\| *	(no commit message)	loredai	2017-08-23
\| \|
\| *	removed	loredai	2017-08-23
\| \|
\| *	Added a comment: Upgrade path can produce confusing output	loredai	2017-08-23
\|/
*	stop removing cabal	Joey Hess	2017-08-23
\|
*	Added a comment: It's the old remote...	olaf	2017-08-23
\|
*	Added a comment: Similar(ish) bug reports	olaf	2017-08-23
\|
*	(no commit message)	olaf	2017-08-23
\|
*	(no commit message)	olaf	2017-08-23
\|
*	(no commit message)	olaf	2017-08-23
\|
*	Added a comment: get appears to be doing less work? (Part 2)	kanak@3c4f6e7d832d88751c617b25bdbac896417eb93b	2017-08-22
\|
*	Added a comment: get appears to be doing less work?	kanak@3c4f6e7d832d88751c617b25bdbac896417eb93b	2017-08-22
\|
*	Added a comment: links on page	metst13@1d16544ec52801db7efb2895d3dc7a4458b8eb45	2017-08-22
\|
*	Added a comment	Rémi	2017-08-21
\|
*	(no commit message)	Rémi	2017-08-21
\|
*	Added a comment: Comment	hugo	2017-08-21
\|
*	(no commit message)	hugo	2017-08-21
\|
*	Merge branch 'master' of ssh://git-annex.branchable.com	Joey Hess	2017-08-20
\|\
* \|	CVE-2017-12976	Joey Hess	2017-08-20
\| \|
\| *	Added a comment	michalrus	2017-08-20
\| \|
\| *	Added a comment	michalrus	2017-08-20
\| \|
\| *	Added a comment	michalrus	2017-08-20
\| \|
\| *	(no commit message)	michalrus	2017-08-20
\| \|
\| *	(no commit message)	michalrus	2017-08-20
\| \|
\| *	(no commit message)	michalrus	2017-08-20
\| \|
\| *	(no commit message)	doogie	2017-08-18
\| \|
\| *	(no commit message)	doogie	2017-08-18
\| \|
\| *	Added a comment: Exception: getCurrentDirectory:getWorkingDirectory: ↵	ilovezfs	2017-08-18
\|/ \| \| \|	resource exhausted (Too many open files)
*	typo	Joey Hess	2017-08-18
\|
*	add bug for security hole, with exploit details	Joey Hess	2017-08-18
\|
*	cleanup	Joey Hess	2017-08-18
\|
*	add note about security fix	Joey Hess	2017-08-18
\|
*	add news item for git-annex 6.20170818	Joey Hess	2017-08-18
\|
*	releasing package git-annex version 6.201708186.20170818	Joey Hess	2017-08-18
\|
*	git-annex.cabal: Deal with breaking changes in Cabal 2.0	Joey Hess	2017-08-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://github.com/haskell/cabal/issues/4655 This means that when a module is conditionally imported via ifdef depending on the OS or build flags, the cabal file has to mirror the same logic there to only list the module then. Since there are lots of OS's and lots of combinations of build flags here, it's rather difficult to know if the cabal file has been completelty correctly updated to match the source code. So I am very unhappy with needing to update things in two places. I've only tested this on linux with most build flags enables; this will probably need significant time and testing to catch every cabal file tweak that this change to Cabal requires. And it will be a continual source of compile failures going forward when the code is modified and the cabal file not also updated. DRY DRY DRY, I repeat myself, but: DRY! Sigh.. (Also, had to remove all Build.* that are standalone programs from the Other-Modules list, because since cabal passes those modules to ghc when building git-annex, it complains that they use module Main. Those modules are only used when building with the Makefile anyway, so this change shouldn't break anything.) This commit was sponsored by Thomas Hochstein on Patreon.
*	Added a comment	olaf	2017-08-18
\|
*	Added a comment	olaf	2017-08-18
\|
*	avoid the dashed ssh hostname class of security holes	Joey Hess	2017-08-17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Security fix: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted ssh url (for eg a git remote) to execute arbitrary code via ssh -oProxyCommand. No CVE has yet been assigned for this hole. The same class of security hole recently affected git itself, CVE-2017-1000117. Method: Identified all places where ssh is run, by git grep '"ssh"' Converted them all to use a SshHost, if they did not already, for specifying the hostname. SshHost was made a data type with a smart constructor, which rejects hostnames starting with '-'. Note that git-annex already contains extensive use of Utility.SafeCommand, which fixes a similar class of problem where a filename starting with a dash gets passed to a program which treats it as an option. This commit was sponsored by Jochen Bartl on Patreon.
*	typo	Joey Hess	2017-08-17
\|
*	devblog	Joey Hess	2017-08-17
\|
*	avoid broken version of xss-sanitize	Joey Hess	2017-08-17
\| \| \| \|	https://github.com/yesodweb/haskell-xss-sanitize/issues/17
*	fix external script for filenames with spaces from protocol	Joey Hess	2017-08-17
\| \| \| \| \| \| \| \|	Fix the external special remotes git-annex-remote-ipfs, git-annex-remote-torrent and the example.sh template to correctly support filenames with spaces. This commit was sponsored by John Peloquin on Patreon.