Treat URLs with too long individual components as malformed instead
of silently truncating that field. There might be unexpected results
if hostname, username or password field gets truncated.

The connection pooling was broken in two ways:

 1. The original URL was always used as the connection pool URL,
    resulting in duplicate connections to the proxy for http URLs
    (each http URL would get separate proxy connection)

 2. The cache_url stored was always the socket level connect URL.
    In case of HTTPS, the lookup was done done with the real URL,
    but the proxy URL was stored as the "cache URL". Thus HTTPS
    CONNECT connections were never re-used.

This fixes the code with following logic:

 1. The cache key url is the real URL when no-proxy, or when HTTPS
    with proxy (the socket is connected to proxy, but logically it
    is connected to the real URL due to HTTP CONNECT request).
    And for HTTP with proxy, it's the proxy URL so same proxy
    connection can be reused for all requests going through it.

 2. fetch_connect() now gets cache key URL separately, and it always
    gets the same value as the fetch_cache_get() calls.

fixes #10734

Conny Seifert authored 4 years ago and Timo Teräs committed 4 years ago

Instead of skipping just one line, properly parse the response headers.

[TT: reworded commit message]

This enables matching numeric hosts against CIDR style subnet
matches in no_proxy environment variable.

Based on work by Thermi.

Co-authored-by: Noel Kuntze <noel.kuntze@thermi.consulting>

Commit e4aae45f removed the short options. Update the documentation.

Fixes #10733

Thibault Ferrante authored 4 years ago and Timo Teräs committed 4 years ago

Regression introduced by 0fb0d304 which makes parsing a description
a critical failure.

[TT: Minor stylistic change. Fix also missing final line change
from the earlier commit]

Thibault Ferrante authored 4 years ago and Timo Teräs committed 4 years ago

As an APKINDEX can become arbitrarely long due to dependencies and
other parameters, increasing the buffer size make this less likely
to happens.

Closes #10731.

Thibault Ferrante authored 4 years ago and Timo Teräs committed 4 years ago

In case of failure when loading an APKINDEX, no errors are
propagated to the user which may uncorrectly interpret the
current problem.

Mike Detwiler authored 4 years ago and Timo Teräs committed 4 years ago

Signed-off-by: Mike Detwiler <det@shift5.io>

The new v3 applets don't use it, and eventually all applets will
use the new formats only.

This prepares the code for this, and moves trust, id_cache, and
root_fd to apk_ctx which is enough for v3 applets at this time.

The generic code is made to not initialize apk_database if it's
not needed.

makes apk_verbosity non-global

fixes #10682

ref #10682

ref #10682

start adding meson based tests

This is a flat buffers inspired format that allows fast
mmaped access to the data with low overhead, signature support
and relatively good forward support.

Document the version when changed. And print error with similar note
if the given repositories-file cannot be read.