hackage-security 0.6.2.1 → 0.6.2.2
raw patch · 10 files changed
+36/−23 lines, 10 filesdep ~Cabaldep ~Cabal-syntaxdep ~aesonPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: Cabal, Cabal-syntax, aeson, base, template-haskell, transformers
API changes (from Hackage documentation)
Files
- ChangeLog.md +6/−0
- hackage-security.cabal +20/−13
- src/Hackage/Security/Client.hs +1/−1
- src/Hackage/Security/Client/Formats.hs +1/−1
- src/Hackage/Security/Client/Repository.hs +1/−1
- src/Hackage/Security/Client/Repository/HttpLib.hs +1/−1
- src/Hackage/Security/Key.hs +2/−2
- src/Hackage/Security/TUF/Header.hs +2/−2
- src/Hackage/Security/TUF/Layout/Cache.hs +1/−1
- src/Hackage/Security/TUF/Patterns.hs +1/−1
ChangeLog.md view
@@ -1,5 +1,11 @@ See also http://pvp.haskell.org/faq +0.6.2.2+-------++* Fix broken compilation of test-suite with Cabal-syntax-3.8.1.0 on Hackage+* Huge README updates+ 0.6.2.1 -------
hackage-security.cabal view
@@ -1,12 +1,12 @@ cabal-version: 1.12 name: hackage-security-version: 0.6.2.1+version: 0.6.2.2 synopsis: Hackage security library description: The hackage security library provides both server and client utilities for securing the Hackage package server- (<http://hackage.haskell.org/>). It is based on The Update- Framework (<http://theupdateframework.com/>), a set of+ (<https://hackage.haskell.org/>). It is based on The Update+ Framework (<https://theupdateframework.com/>), a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (<https://www.torproject.org/>).@@ -29,9 +29,11 @@ homepage: https://github.com/haskell/hackage-security bug-reports: https://github.com/haskell/hackage-security/issues build-type: Simple-tested-with: GHC==8.10.1, GHC==8.8.3, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2,- GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2 +tested-with:+ GHC==9.2.1, GHC==9.0.2,+ GHC==8.10.7, GHC==8.8.4, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2,+ GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2 extra-source-files: ChangeLog.md@@ -115,7 +117,7 @@ Hackage.Security.Util.TypedEmbedded MyPrelude -- We support ghc 7.4 (bundled with Cabal 1.14) and up- build-depends: base >= 4.5 && < 4.16,+ build-depends: base >= 4.5 && < 4.17, base16-bytestring >= 0.1.1 && < 1.1, base64-bytestring >= 1.0 && < 1.3, bytestring >= 0.9 && < 0.12,@@ -130,7 +132,7 @@ tar >= 0.5 && < 0.6, template-haskell >= 2.7 && < 2.19, time >= 1.2 && < 1.13,- transformers >= 0.3 && < 0.6,+ transformers >= 0.3 && < 0.7, zlib >= 0.5 && < 0.7, -- whatever versions are bundled with ghc: ghc-prim@@ -144,15 +146,15 @@ build-depends: mtl >= 2.1 && < 2.2, mtl-compat >= 0.2 && < 0.3 else- build-depends: mtl >= 2.2 && < 2.3+ build-depends: mtl >= 2.2 && < 2.4 if flag(lukko) build-depends: lukko >= 0.1 && < 0.2 else build-depends: base >= 4.10 - if flag(Cabal-syntax)- build-depends: Cabal-syntax >= 3.7 && < 3.9+ if flag(Cabal-syntax) && impl(ghc >= 8.2)+ build-depends: Cabal-syntax >= 3.7 && < 3.10 else build-depends: Cabal >= 1.14 && < 1.26 || >= 2.0 && < 2.6@@ -260,7 +262,6 @@ -- inherited constraints from lib:hackage-security component build-depends: hackage-security, base,- Cabal, containers, bytestring, network-uri,@@ -269,8 +270,14 @@ time, zlib - if flag(Cabal-syntax)- build-depends: Cabal-syntax+ if flag(Cabal-syntax) && impl(ghc >= 8.2)+ build-depends: Cabal >= 3.7 && < 3.10,+ Cabal-syntax >= 3.7 && < 3.10+ else+ build-depends: Cabal >= 1.14 && < 1.26+ || >= 2.0 && < 2.6+ || >= 3.0 && < 3.7,+ Cabal-syntax < 3.7 -- dependencies exclusive to test-suite build-depends: tasty >= 1.2 && < 1.5,
src/Hackage/Security/Client.hs view
@@ -89,7 +89,7 @@ -- This implements the logic described in Section 5.1, "The client application", -- of the TUF spec. It checks which of the server metadata has changed, and -- downloads all changed metadata to the local cache. (Metadata here refers--- both to the TUF security metadata as well as the Hackage packge index.)+-- both to the TUF security metadata as well as the Hackage package index.) -- -- You should pass @Nothing@ for the UTCTime _only_ under exceptional -- circumstances (such as when the main server is down for longer than the
src/Hackage/Security/Client/Formats.hs view
@@ -51,7 +51,7 @@ -- -- Rather than having a general list here, we enumerate all possibilities. -- This means we are very precise about what we expect, and we avoid any runtime--- errors about unexpect format definitions.+-- errors about unexpected format definitions. -- -- NOTE: If we add additional cases here (for dealing with additional formats) -- all calls to @error "inaccessible"@ need to be reevaluated.
src/Hackage/Security/Client/Repository.hs view
@@ -181,7 +181,7 @@ -- * Download the file from the repository and make it available at a -- temporary location -- * Use the provided file length to protect against endless data attacks.- -- (Repositories such as local repositories that are not suspectible to+ -- (Repositories such as local repositories that are not susceptible to -- endless data attacks can safely ignore this argument.) -- * Move the file from its temporary location to its permanent location -- if verification succeeds.
src/Hackage/Security/Client/Repository/HttpLib.hs view
@@ -45,7 +45,7 @@ -- HTTP servers are normally expected to respond to a range request with -- a "206 Partial Content" response. However, servers can respond with a -- "200 OK" response, sending the entire file instead (for instance, this- -- may happen for servers that don't actually support range rqeuests, but+ -- may happen for servers that don't actually support range requests, but -- for which we optimistically assumed they did). Implementations of -- 'HttpLib' may accept such a response and inform the @hackage-security@ -- library that the whole file is being returned; the security library can
src/Hackage/Security/Key.hs view
@@ -145,8 +145,8 @@ -- | The key ID of a key, by definition, is the hexdigest of the SHA-256 hash of -- the canonical JSON form of the key where the private object key is excluded. ----- NOTE: The FromJSON and ToJSON instances for KeyId are ntentially omitted. Use--- writeKeyAsId instead.+-- NOTE: The FromJSON and ToJSON instances for KeyId are intentionally omitted.+-- Use writeKeyAsId instead. newtype KeyId = KeyId { keyIdString :: String } deriving (Show, Eq, Ord)
src/Hackage/Security/TUF/Header.hs view
@@ -36,7 +36,7 @@ -- every file update. -- -- 'Show' and 'Read' instance are defined in terms of the underlying 'Int'--- (this is use for example by hackage during the backup process).+-- (this is used for example by Hackage during the backup process). newtype FileVersion = FileVersion Int54 deriving (Eq, Ord, Typeable) @@ -55,7 +55,7 @@ newtype FileExpires = FileExpires (Maybe UTCTime) deriving (Eq, Ord, Show, Typeable) --- | Occassionally it is useful to read only a header from a file.+-- | Occasionally it is useful to read only a header from a file. -- -- 'HeaderOnly' intentionally only has a 'FromJSON' instance (no 'ToJSON'). data Header = Header {
src/Hackage/Security/TUF/Layout/Cache.hs view
@@ -15,7 +15,7 @@ -- | Location of the various files we cache -- -- Although the generic TUF algorithms do not care how we organize the cache,--- we nonetheless specity this here because as long as there are tools which+-- we nonetheless specify this here because as long as there are tools which -- access files in the cache directly we need to define the cache layout. -- See also comments for 'defaultCacheLayout'. data CacheLayout = CacheLayout {
src/Hackage/Security/TUF/Patterns.hs view
@@ -1,7 +1,7 @@ -- | Patterns and replacements -- -- NOTE: This module was developed to prepare for proper delegation (#39).--- It is currently unusued.+-- It is currently unused. {-# LANGUAGE CPP #-} #if __GLASGOW_HASKELL__ >= 800 {-# LANGUAGE DeriveLift #-}