Skip to content
Snippets Groups Projects
  1. Jan 08, 2025
  2. Jan 01, 2025
  3. Dec 31, 2024
  4. Oct 21, 2024
  5. May 21, 2024
    • Ariadne Conill's avatar
      libfetch: remove support for FTP · 41ea8a08
      Ariadne Conill authored
      
      As discussed in #10749, I suggested that we remove FTP support to reduce possible attack surface
      as there are no Alpine mirrors which use FTP.
      
      There are also no known mirrors of any other apk-using distribution which use FTP, so I believe
      we are safe to remove support for FTP-based mirrors in apk-tools 3.
      
      Signed-off-by: default avatarAriadne Conill <ariadne@dereferenced.org>
      41ea8a08
  6. May 14, 2024
  7. Mar 21, 2024
  8. Mar 20, 2024
  9. Oct 12, 2023
  10. Apr 24, 2023
  11. Apr 17, 2023
  12. Dec 20, 2022
  13. Mar 07, 2022
  14. Dec 17, 2021
    • Jan Hendrik Farr's avatar
      libfetch: Allow special characters in http basic auth · 0f50f9ff
      Jan Hendrik Farr authored and Timo Teräs's avatar Timo Teräs committed
      Currently, special characters in the username or password are not
      handled correctly (when set in $http_proxy and $https_proxy). They
      should be percent encoded in the environment variables then decoded
      by libfetch and reencoded using base64. This implementation is mainly
      taken from the current FreeBSD source and adapted to the apk-tools
      version of libfetch.
      
      fixes #10775
      0f50f9ff
  15. Dec 14, 2021
  16. Dec 09, 2021
  17. Aug 03, 2021
    • Timo Teräs's avatar
      libfetch: fix http chunked mode handling · b30e94c0
      Timo Teräs authored
      Unbreak handling of base 16 in fetch_parseuint(). It is used
      only in http chunked mode handling.
      
      Fixes: "libfetch: fix range checking for http/ftp protocol parsing"
      b30e94c0
  18. Jul 26, 2021
  19. Jul 16, 2021
  20. Mar 16, 2021
  21. Mar 13, 2021
    • Martin Vahlensieck's avatar
      Use correct port when redirected · 8e993fe9
      Martin Vahlensieck authored and Timo Teräs's avatar Timo Teräs committed
      If server redirects from http to https, libfetch detects this, but
      wrongly uses the old url scheme to determine the port. This subsequently
      leads to the following OpenSSL error:
      
      139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
      
      Using the new scheme fixes this.  This error message comes from trying
      to connect to port 80 with TLS, it can also be observed by issuing
        $ openssl s_client -connect alpinelinux.org:80
      
      This bug was introduced in commit:
      7158474f libfetch: keep http auth only if redirect is for the same host
      8e993fe9
  22. Jan 27, 2021
  23. Jan 19, 2021
    • Timo Teräs's avatar
      libfetch: harden URL parsing · bcbcbfc1
      Timo Teräs authored
      Treat URLs with too long individual components as malformed instead
      of silently truncating that field. There might be unexpected results
      if hostname, username or password field gets truncated.
      bcbcbfc1
    • Timo Teräs's avatar
      libfetch: fix connection pooling for proxied http/https requests · acca5cbf
      Timo Teräs authored
      The connection pooling was broken in two ways:
      
       1. The original URL was always used as the connection pool URL,
          resulting in duplicate connections to the proxy for http URLs
          (each http URL would get separate proxy connection)
      
       2. The cache_url stored was always the socket level connect URL.
          In case of HTTPS, the lookup was done done with the real URL,
          but the proxy URL was stored as the "cache URL". Thus HTTPS
          CONNECT connections were never re-used.
      
      This fixes the code with following logic:
      
       1. The cache key url is the real URL when no-proxy, or when HTTPS
          with proxy (the socket is connected to proxy, but logically it
          is connected to the real URL due to HTTP CONNECT request).
          And for HTTP with proxy, it's the proxy URL so same proxy
          connection can be reused for all requests going through it.
      
       2. fetch_connect() now gets cache key URL separately, and it always
          gets the same value as the fetch_cache_get() calls.
      acca5cbf
    • Timo Teräs's avatar
    • Conny Seifert's avatar
      libfetch: fix parsing of proxy response to CONNECT requests · 4087ab92
      Conny Seifert authored and Timo Teräs's avatar Timo Teräs committed
      Instead of skipping just one line, properly parse the response headers.
      
      [TT: reworded commit message]
      4087ab92
  24. Jan 17, 2021
  25. Jan 08, 2021
  26. Oct 09, 2020
  27. Oct 06, 2020
  28. May 29, 2020
  29. May 06, 2020
    • Timo Teräs's avatar
      add script to autogenerate help from man pages · 5258b484
      Timo Teräs authored
      This creates main help like:
      --
      usage: apk [<OPTIONS>...] COMMAND [<ARGUMENTS>...]
      
      Package installation and removal:
        add        Add packages to WORLD and commit changes
        del        Remove packages from WORLD and commit changes
      
      System maintenance:
        fix        Check WORLD against the system and ensure consistency
        update     Update repository indexes
        upgrade    Install upgrades available from repositories
        cache      Commands related to the management of an offline package cache
      
      Querying package information:
        info       Give detailed information about packages or repositories
        list       List packages matching a pattern or other criteria
        dot        Generate graphviz graphs
        policy     Show repository policy for packages
      
      Repository maintenance:
        index      Create repository index file from packages
        fetch      Download packages from global repositories to a local directory
        manifest   Show checksums of package contents
        verify     Verify package integrity and signature
      
      Miscellaneous:
        audit      Audit directories for changes
        stats      Show statistics about repositories and installations
        version    Compare package versions or perform tests on version strings
      
      This apk has coffee making abilities.
      --
      
      And applet specific help like:
      --
      usage: apk add [<OPTIONS>...] PACKAGES...
      
      Description:
        apk add adds the requested packages to WORLD and installs (or upgrades)
        them if not already present, ensuring all dependencies are met.
      
      Options:
        --initdb         Initialize a new package database
        -l, --latest     Disables normal heuristics for choosing which repository to install a
        -u, --upgrade    When adding packages which are already installed, upgrade them rather
        -t, --virtual NAME
                         Instead of adding the specified packages to WORLD, create a new
        --no-chown       Do not change file owner or group
      --
      5258b484
  30. Apr 01, 2020
Loading