RFC2616 §3.3.1 requires compliant client to accept the two
obsolete formats in addition to the Internet standard format.

Based on patch by John Hallam <sw@j.hallam.dk>

Jiri Kastner authored 1 month ago and Timo Teräs committed 1 month ago

Signed-off-by: Jiri Kastner <cz172638@gmail.com>

unsigned long is 32-bits on those, so make sure the full error
code fits into 32-bit word.

fixes d71722b9 libfetch: rework error codes API

return native error codes and map them in more detail in apk

fixes #10668

Lot of complexity for very little value.

As discussed in #10749, I suggested that we remove FTP support to reduce possible attack surface
as there are no Alpine mirrors which use FTP.

There are also no known mirrors of any other apk-using distribution which use FTP, so I believe
we are safe to remove support for FTP-based mirrors in apk-tools 3.

Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>

backend is selected at compile-time with crypto_backend option (for
meson) or CRYPTO (for legacy Makefile)

Co-developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>

nina authored 11 months ago and Timo Teräs committed 11 months ago

We shouldn't include the full static linkage as it may accidentally
bring static openssl into the apk link path. We only care about the
includes here, so do that.

as suggested in #10901

upstream: https://cgit.freebsd.org/src/commit/lib/libfetch?id=ce700f78f7fb28a252978382a1d0a66d08b6469a

Apply upstream fix for error messages from FreeBSD:
https://cgit.freebsd.org/src/commit/lib/libfetch?id=631b82aca0fd41c8e0d48eebdb9c4e38b7306472

fixes #10776

implement it also for connecting to hosts

fixes #10869

fixes #10650

This is not actually needed, and it results in both static and
shared versions of zlib and openssl linked into libapk otherwise,
which is bad.

Jan Hendrik Farr authored 3 years ago and Timo Teräs committed 3 years ago

Currently, special characters in the username or password are not
handled correctly (when set in $http_proxy and $https_proxy). They
should be percent encoded in the environment variables then decoded
by libfetch and reencoded using base64. This implementation is mainly
taken from the current FreeBSD source and adapted to the apk-tools
version of libfetch.

fixes #10775

Ariadne Conill authored 3 years ago and Timo Teräs committed 3 years ago

on mac, openssl is usually provided by Homebrew or some other third-party
package management system, which means pkg-config is needed to find it.

we already use pkg-config to find openssl when building apk itself.

ref #10794

ref #10794

Unbreak handling of base 16 in fetch_parseuint(). It is used
only in http chunked mode handling.

Fixes: "libfetch: fix range checking for http/ftp protocol parsing"

Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.

CVE-2021-36159
fixes #10749

Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>

removes some code duplication

fixes #10738

Martin Vahlensieck authored 4 years ago and Timo Teräs committed 4 years ago

If server redirects from http to https, libfetch detects this, but
wrongly uses the old url scheme to determine the port. This subsequently
leads to the following OpenSSL error:

139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:

Using the new scheme fixes this.  This error message comes from trying
to connect to port 80 with TLS, it can also be observed by issuing
  $ openssl s_client -connect alpinelinux.org:80

This bug was introduced in commit:
7158474f libfetch: keep http auth only if redirect is for the same host

Rosen Penev authored 4 years ago and Timo Teräs committed 4 years ago

(De)initialization is deprecated under OpenSSL 1.0 and above.

[TT: Some simplifications, and additional edits.]

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Treat URLs with too long individual components as malformed instead
of silently truncating that field. There might be unexpected results
if hostname, username or password field gets truncated.

The connection pooling was broken in two ways:

 1. The original URL was always used as the connection pool URL,
    resulting in duplicate connections to the proxy for http URLs
    (each http URL would get separate proxy connection)

 2. The cache_url stored was always the socket level connect URL.
    In case of HTTPS, the lookup was done done with the real URL,
    but the proxy URL was stored as the "cache URL". Thus HTTPS
    CONNECT connections were never re-used.

This fixes the code with following logic:

 1. The cache key url is the real URL when no-proxy, or when HTTPS
    with proxy (the socket is connected to proxy, but logically it
    is connected to the real URL due to HTTP CONNECT request).
    And for HTTP with proxy, it's the proxy URL so same proxy
    connection can be reused for all requests going through it.

 2. fetch_connect() now gets cache key URL separately, and it always
    gets the same value as the fetch_cache_get() calls.

fixes #10734

Conny Seifert authored 4 years ago and Timo Teräs committed 4 years ago

Instead of skipping just one line, properly parse the response headers.

[TT: reworded commit message]

This enables matching numeric hosts against CIDR style subnet
matches in no_proxy environment variable.

Based on work by Thermi.

Co-authored-by: Noel Kuntze <noel.kuntze@thermi.consulting>

Mike Detwiler authored 4 years ago and Timo Teräs committed 4 years ago

Signed-off-by: Mike Detwiler <det@shift5.io>

fixes #10688

Ariadne Conill authored 4 years ago and Timo Teräs committed 4 years ago

If getservbyname() fails, libfetch will attempt to connect to port 0.