packages feed

hackage-security 0.6.2.1 → 0.6.2.2

raw patch · 10 files changed

+36/−23 lines, 10 filesdep ~Cabaldep ~Cabal-syntaxdep ~aesonPVP ok

version bump matches the API change (PVP)

Dependency ranges changed: Cabal, Cabal-syntax, aeson, base, template-haskell, transformers

API changes (from Hackage documentation)

Files

ChangeLog.md view
@@ -1,5 +1,11 @@ See also http://pvp.haskell.org/faq +0.6.2.2+-------++* Fix broken compilation of test-suite with Cabal-syntax-3.8.1.0 on Hackage+* Huge README updates+ 0.6.2.1 ------- 
hackage-security.cabal view
@@ -1,12 +1,12 @@ cabal-version:       1.12 name:                hackage-security-version:             0.6.2.1+version:             0.6.2.2  synopsis:            Hackage security library description:         The hackage security library provides both server and                      client utilities for securing the Hackage package server-                     (<http://hackage.haskell.org/>).  It is based on The Update-                     Framework (<http://theupdateframework.com/>), a set of+                     (<https://hackage.haskell.org/>).  It is based on The Update+                     Framework (<https://theupdateframework.com/>), a set of                      recommendations developed by security researchers at                      various universities in the US as well as developers on the                      Tor project (<https://www.torproject.org/>).@@ -29,9 +29,11 @@ homepage:            https://github.com/haskell/hackage-security bug-reports:         https://github.com/haskell/hackage-security/issues build-type:          Simple-tested-with:         GHC==8.10.1, GHC==8.8.3, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2,-                     GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2 +tested-with:+  GHC==9.2.1, GHC==9.0.2,+  GHC==8.10.7, GHC==8.8.4, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2,+  GHC==7.10.3, GHC==7.8.4, GHC==7.6.3, GHC==7.4.2  extra-source-files:   ChangeLog.md@@ -115,7 +117,7 @@                        Hackage.Security.Util.TypedEmbedded                        MyPrelude   -- We support ghc 7.4 (bundled with Cabal 1.14) and up-  build-depends:       base              >= 4.5     && < 4.16,+  build-depends:       base              >= 4.5     && < 4.17,                        base16-bytestring >= 0.1.1   && < 1.1,                        base64-bytestring >= 1.0     && < 1.3,                        bytestring        >= 0.9     && < 0.12,@@ -130,7 +132,7 @@                        tar               >= 0.5     && < 0.6,                        template-haskell  >= 2.7     && < 2.19,                        time              >= 1.2     && < 1.13,-                       transformers      >= 0.3     && < 0.6,+                       transformers      >= 0.3     && < 0.7,                        zlib              >= 0.5     && < 0.7,                        -- whatever versions are bundled with ghc:                        ghc-prim@@ -144,15 +146,15 @@     build-depends:     mtl        >= 2.1     && < 2.2,                        mtl-compat >= 0.2     && < 0.3   else-    build-depends:     mtl        >= 2.2     && < 2.3+    build-depends:     mtl        >= 2.2     && < 2.4    if flag(lukko)     build-depends:     lukko      >= 0.1     && < 0.2   else     build-depends:     base       >= 4.10 -  if flag(Cabal-syntax)-    build-depends: Cabal-syntax >= 3.7 && < 3.9+  if flag(Cabal-syntax) && impl(ghc >= 8.2)+    build-depends: Cabal-syntax >= 3.7 && < 3.10   else     build-depends: Cabal        >= 1.14    && < 1.26                              || >= 2.0     && < 2.6@@ -260,7 +262,6 @@   -- inherited constraints from lib:hackage-security component   build-depends:       hackage-security,                        base,-                       Cabal,                        containers,                        bytestring,                        network-uri,@@ -269,8 +270,14 @@                        time,                        zlib -  if flag(Cabal-syntax)-    build-depends: Cabal-syntax+  if flag(Cabal-syntax) && impl(ghc >= 8.2)+    build-depends: Cabal        >= 3.7 && < 3.10,+                   Cabal-syntax >= 3.7 && < 3.10+  else+    build-depends: Cabal        >= 1.14    && < 1.26+                             || >= 2.0     && < 2.6+                             || >= 3.0     && < 3.7,+                   Cabal-syntax <  3.7    -- dependencies exclusive to test-suite   build-depends:       tasty            >= 1.2 && < 1.5,
src/Hackage/Security/Client.hs view
@@ -89,7 +89,7 @@ -- This implements the logic described in Section 5.1, "The client application", -- of the TUF spec. It checks which of the server metadata has changed, and -- downloads all changed metadata to the local cache. (Metadata here refers--- both to the TUF security metadata as well as the Hackage packge index.)+-- both to the TUF security metadata as well as the Hackage package index.) -- -- You should pass @Nothing@ for the UTCTime _only_ under exceptional -- circumstances (such as when the main server is down for longer than the
src/Hackage/Security/Client/Formats.hs view
@@ -51,7 +51,7 @@ -- -- Rather than having a general list here, we enumerate all possibilities. -- This means we are very precise about what we expect, and we avoid any runtime--- errors about unexpect format definitions.+-- errors about unexpected format definitions. -- -- NOTE: If we add additional cases here (for dealing with additional formats) -- all calls to @error "inaccessible"@ need to be reevaluated.
src/Hackage/Security/Client/Repository.hs view
@@ -181,7 +181,7 @@     -- * Download the file from the repository and make it available at a     --   temporary location     -- * Use the provided file length to protect against endless data attacks.-    --   (Repositories such as local repositories that are not suspectible to+    --   (Repositories such as local repositories that are not susceptible to     --   endless data attacks can safely ignore this argument.)     -- * Move the file from its temporary location to its permanent location     --   if verification succeeds.
src/Hackage/Security/Client/Repository/HttpLib.hs view
@@ -45,7 +45,7 @@     -- HTTP servers are normally expected to respond to a range request with     -- a "206 Partial Content" response. However, servers can respond with a     -- "200 OK" response, sending the entire file instead (for instance, this-    -- may happen for servers that don't actually support range rqeuests, but+    -- may happen for servers that don't actually support range requests, but     -- for which we optimistically assumed they did). Implementations of     -- 'HttpLib' may accept such a response and inform the @hackage-security@     -- library that the whole file is being returned; the security library can
src/Hackage/Security/Key.hs view
@@ -145,8 +145,8 @@ -- | The key ID of a key, by definition, is the hexdigest of the SHA-256 hash of -- the canonical JSON form of the key where the private object key is excluded. ----- NOTE: The FromJSON and ToJSON instances for KeyId are ntentially omitted. Use--- writeKeyAsId instead.+-- NOTE: The FromJSON and ToJSON instances for KeyId are intentionally omitted.+-- Use writeKeyAsId instead. newtype KeyId = KeyId { keyIdString :: String }   deriving (Show, Eq, Ord) 
src/Hackage/Security/TUF/Header.hs view
@@ -36,7 +36,7 @@ -- every file update. -- -- 'Show' and 'Read' instance are defined in terms of the underlying 'Int'--- (this is use for example by hackage during the backup process).+-- (this is used for example by Hackage during the backup process). newtype FileVersion = FileVersion Int54   deriving (Eq, Ord, Typeable) @@ -55,7 +55,7 @@ newtype FileExpires = FileExpires (Maybe UTCTime)   deriving (Eq, Ord, Show, Typeable) --- | Occassionally it is useful to read only a header from a file.+-- | Occasionally it is useful to read only a header from a file. -- -- 'HeaderOnly' intentionally only has a 'FromJSON' instance (no 'ToJSON'). data Header = Header {
src/Hackage/Security/TUF/Layout/Cache.hs view
@@ -15,7 +15,7 @@ -- | Location of the various files we cache -- -- Although the generic TUF algorithms do not care how we organize the cache,--- we nonetheless specity this here because as long as there are tools which+-- we nonetheless specify this here because as long as there are tools which -- access files in the cache directly we need to define the cache layout. -- See also comments for 'defaultCacheLayout'. data CacheLayout = CacheLayout {
src/Hackage/Security/TUF/Patterns.hs view
@@ -1,7 +1,7 @@ -- | Patterns and replacements -- -- NOTE: This module was developed to prepare for proper delegation (#39).--- It is currently unusued.+-- It is currently unused. {-# LANGUAGE CPP #-} #if __GLASGOW_HASKELL__ >= 800 {-# LANGUAGE DeriveLift #-}