- Jan 08, 2025
-
-
Timo Teräs authored
unsigned long is 32-bits on those, so make sure the full error code fits into 32-bit word. fixes d71722b9 libfetch: rework error codes API
-
- Jan 01, 2025
-
-
Timo Teräs authored
-
- Dec 31, 2024
-
-
Timo Teräs authored
return native error codes and map them in more detail in apk fixes #10668
-
Timo Teräs authored
Lot of complexity for very little value.
-
Timo Teräs authored
-
- Oct 21, 2024
-
-
Sertonix authored
-
- May 21, 2024
-
-
Ariadne Conill authored
As discussed in #10749, I suggested that we remove FTP support to reduce possible attack surface as there are no Alpine mirrors which use FTP. There are also no known mirrors of any other apk-using distribution which use FTP, so I believe we are safe to remove support for FTP-based mirrors in apk-tools 3. Signed-off-by:
Ariadne Conill <ariadne@dereferenced.org>
-
- May 14, 2024
-
-
Jonas Jelonek authored
backend is selected at compile-time with crypto_backend option (for meson) or CRYPTO (for legacy Makefile) Co-developed-by:
Christian Marangi <ansuelsmth@gmail.com> Signed-off-by:
Christian Marangi <ansuelsmth@gmail.com> Signed-off-by:
Jonas Jelonek <jelonek.jonas@gmail.com>
-
- Mar 21, 2024
-
-
Timo Teräs authored
-
Timo Teräs authored
-
We shouldn't include the full static linkage as it may accidentally bring static openssl into the apk link path. We only care about the includes here, so do that.
-
- Mar 20, 2024
-
-
Timo Teräs authored
as suggested in #10901
-
- Oct 12, 2023
-
-
-
Natanael Copa authored
Apply upstream fix for error messages from FreeBSD: https://cgit.freebsd.org/src/commit/lib/libfetch?id=631b82aca0fd41c8e0d48eebdb9c4e38b7306472
-
- Apr 24, 2023
-
-
Timo Teräs authored
fixes #10776
-
- Apr 17, 2023
-
-
Timo Teräs authored
implement it also for connecting to hosts fixes #10869
-
- Dec 20, 2022
-
-
Timo Teräs authored
fixes #10650
-
- Mar 07, 2022
-
-
nina authored
This is not actually needed, and it results in both static and shared versions of zlib and openssl linked into libapk otherwise, which is bad.
-
- Dec 17, 2021
-
-
Currently, special characters in the username or password are not handled correctly (when set in $http_proxy and $https_proxy). They should be percent encoded in the environment variables then decoded by libfetch and reencoded using base64. This implementation is mainly taken from the current FreeBSD source and adapted to the apk-tools version of libfetch. fixes #10775
-
- Dec 14, 2021
-
-
-
on mac, openssl is usually provided by Homebrew or some other third-party package management system, which means pkg-config is needed to find it. we already use pkg-config to find openssl when building apk itself. ref #10794
-
- Dec 09, 2021
-
-
Ariadne Conill authored
ref #10794
-
- Aug 03, 2021
-
-
Timo Teräs authored
Unbreak handling of base 16 in fetch_parseuint(). It is used only in http chunked mode handling. Fixes: "libfetch: fix range checking for http/ftp protocol parsing"
-
- Jul 26, 2021
-
-
Timo Teräs authored
Various parsing of numeric strings were not having adequate range checking causing information leak or potential crash. CVE-2021-36159 fixes #10749 Co-authored-by:
Ariadne Conill <ariadne@dereferenced.org> Reported-by:
Samanta Navarro <ferivoz@riseup.net>
-
- Jul 16, 2021
-
-
Timo Teräs authored
removes some code duplication
-
- Mar 16, 2021
-
-
Timo Teräs authored
fixes #10738
-
- Mar 13, 2021
-
-
If server redirects from http to https, libfetch detects this, but wrongly uses the old url scheme to determine the port. This subsequently leads to the following OpenSSL error: 139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331: Using the new scheme fixes this. This error message comes from trying to connect to port 80 with TLS, it can also be observed by issuing $ openssl s_client -connect alpinelinux.org:80 This bug was introduced in commit: 7158474f libfetch: keep http auth only if redirect is for the same host
-
- Jan 27, 2021
-
-
(De)initialization is deprecated under OpenSSL 1.0 and above. [TT: Some simplifications, and additional edits.] Signed-off-by:
Rosen Penev <rosenp@gmail.com>
-
- Jan 19, 2021
-
-
Timo Teräs authored
Treat URLs with too long individual components as malformed instead of silently truncating that field. There might be unexpected results if hostname, username or password field gets truncated.
-
Timo Teräs authored
The connection pooling was broken in two ways: 1. The original URL was always used as the connection pool URL, resulting in duplicate connections to the proxy for http URLs (each http URL would get separate proxy connection) 2. The cache_url stored was always the socket level connect URL. In case of HTTPS, the lookup was done done with the real URL, but the proxy URL was stored as the "cache URL". Thus HTTPS CONNECT connections were never re-used. This fixes the code with following logic: 1. The cache key url is the real URL when no-proxy, or when HTTPS with proxy (the socket is connected to proxy, but logically it is connected to the real URL due to HTTP CONNECT request). And for HTTP with proxy, it's the proxy URL so same proxy connection can be reused for all requests going through it. 2. fetch_connect() now gets cache key URL separately, and it always gets the same value as the fetch_cache_get() calls.
-
Timo Teräs authored
fixes #10734
-
Instead of skipping just one line, properly parse the response headers. [TT: reworded commit message]
-
- Jan 17, 2021
-
-
Timo Teräs authored
This enables matching numeric hosts against CIDR style subnet matches in no_proxy environment variable. Based on work by Thermi. Co-authored-by:
Noel Kuntze <noel.kuntze@thermi.consulting>
-
- Jan 08, 2021
-
-
Signed-off-by:
Mike Detwiler <det@shift5.io>
-
- Oct 09, 2020
-
-
- Oct 06, 2020
-
-
Timo Teräs authored
fixes #10688
-
- May 29, 2020
-
-
If getservbyname() fails, libfetch will attempt to connect to port 0.
-
- May 06, 2020
-
-
Timo Teräs authored
This creates main help like: -- usage: apk [<OPTIONS>...] COMMAND [<ARGUMENTS>...] Package installation and removal: add Add packages to WORLD and commit changes del Remove packages from WORLD and commit changes System maintenance: fix Check WORLD against the system and ensure consistency update Update repository indexes upgrade Install upgrades available from repositories cache Commands related to the management of an offline package cache Querying package information: info Give detailed information about packages or repositories list List packages matching a pattern or other criteria dot Generate graphviz graphs policy Show repository policy for packages Repository maintenance: index Create repository index file from packages fetch Download packages from global repositories to a local directory manifest Show checksums of package contents verify Verify package integrity and signature Miscellaneous: audit Audit directories for changes stats Show statistics about repositories and installations version Compare package versions or perform tests on version strings This apk has coffee making abilities. -- And applet specific help like: -- usage: apk add [<OPTIONS>...] PACKAGES... Description: apk add adds the requested packages to WORLD and installs (or upgrades) them if not already present, ensuring all dependencies are met. Options: --initdb Initialize a new package database -l, --latest Disables normal heuristics for choosing which repository to install a -u, --upgrade When adding packages which are already installed, upgrade them rather -t, --virtual NAME Instead of adding the specified packages to WORLD, create a new --no-chown Do not change file owner or group --
-
- Apr 01, 2020
-
-
Timo Teräs authored
Fix comparing of the hostname portion that matches exactly. The no_proxy matching is pretty rudimentary though and probably could go through a bit of additional rework. Fixes #10681
-