From 77693b77a7c7ae09e340e3a609c0c310eeb68fa7 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Wed, 12 Mar 2014 21:21:10 -0400
Subject: webapp: Use securemem for constant time auth token comparisons.

Debian stable does not have securemem, but neither does it have warp-tls,
so just disable use of securemem when not building with https support.
---
 git-annex.cabal | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'git-annex.cabal')

diff --git a/git-annex.cabal b/git-annex.cabal
index a98e3e34a..ee4ff4a4a 100644
--- a/git-annex.cabal
+++ b/git-annex.cabal
@@ -43,8 +43,8 @@ Flag Assistant
 Flag Webapp
   Description: Enable git-annex webapp
 
-Flag Webapp-https
-  Description: Enable git-annex webapp https
+Flag Webapp-secure
+  Description: Secure webapp
 
 Flag Pairing
   Description: Enable pairing
@@ -181,11 +181,12 @@ Executable git-annex
      yesod, yesod-default, yesod-static, yesod-form, yesod-core,
      http-types, transformers, wai, wai-logger, warp, warp-tls,
      blaze-builder, crypto-api, hamlet, clientsession,
-     template-haskell, data-default, aeson, network-conduit
+     template-haskell, data-default, aeson, network-conduit,
+     byteable
     CPP-Options: -DWITH_WEBAPP
-  if flag(Webapp) && flag (Webapp-https)
-    Build-Depends: warp-tls (>= 1.4)
-    CPP-Options: -DWITH_WEBAPP_HTTPS
+  if flag(Webapp) && flag (Webapp-secure)
+    Build-Depends: warp-tls (>= 1.4), securemem
+    CPP-Options: -DWITH_WEBAPP_SECURE
 
   if flag(Pairing)
     Build-Depends: network-multicast, network-info
-- 
cgit v1.2.3