| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
(cherry picked from commit 129aec72250266e60c07ff4643623188f7c27a9d)
|
| |
|
|
|
|
|
| |
Currently, fetchTimeout works for non-SSL connections only, so does fetch -T.
Fix it applying specified timeout to SSL_read().
(cherry picked from commit 8f8a7f6fffd7dca09013f7c4bfa075bc3825fb8e)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This improves URL-parsing compability with cURL, and unbreaks parsing of
similar kinds of URLs after commit 8d9de5b10a24.
Sponsored by: Juniper Networks, Inc.
Reviewed by: des
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44493
(cherry picked from commit fb860ed0c52c2c1e7792ef86718620a439663c7f)
|
| |
|
|
|
|
|
|
| |
MFC after: 3 days
Reviewed by: kevans, emaste
Differential Revision: https://reviews.freebsd.org/D42119
(cherry picked from commit 2821a7498f65d357c68166e1978b491abef1ca4a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before certctl(8), there was no system trust store, and libfetch
relied on the CA certificate bundle from the ca_root_nss port to
verify peers.
We now have a system trust store and a reliable mechanism for
manipulating it (to explicitly add, remove, or revoke certificates),
but if ca_root_nss is installed, libfetch will still prefer that to
the system trust store.
With this change, unless explicitly overridden, libfetch will rely on
OpenSSL to pick up the default system trust store.
PR: 256902
MFC after: 3 days
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42059
(cherry picked from commit 09f5c1e118bb4eca77b83a0d08f559b20f60aa59)
|
| |
|
|
|
|
|
| |
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
Similar commit in main:
(cherry picked from commit fa9896e082a1)
|
| |
|
|
|
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
Similar commit in main:
(cherry picked from commit d0b2dbfa0ecf)
|
| |
|
|
|
|
|
| |
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
Similar commit in main:
(cherry picked from commit 1d386b48a555)
|
| |
|
|
|
|
|
| |
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
Similar commit in main:
(cherry picked from commit b3e7694832e8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 12 warns that passing "" (a constant of char[1]) to a parameter of
type char[33] could potentially overread. It is not clear from the
context that c->qops can never be "auth-int" (and if it can't, then
the "auth-int" handling in DigestCalcResponse is dead code that should
be removed since this is the only place the function is called).
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D36825
(cherry picked from commit 57fbafb8deac75b924faf1fa6c2222a7719fdfec)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the change to return EAI_ADDRFAMILY from getaddrinfo(), fetch
would print "Unknown resolver error" for that error. Add that error
and its string to libfetch's table, using an #ifdef just in case.
Correct error strings for EAI_NODATA (although it is currently unused)
and EAI_NONAME. Should maybe rework the code to use gai_strerror(3),
but that doesn't map directly, and the current strings are shortened.
Reviewed in https://reviews.freebsd.org/D37139 with related changes.
Reviewed by: bz
(cherry picked from commit 631b82aca0fd41c8e0d48eebdb9c4e38b7306472)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The length passed to strncpy is the length of the source string, not
the destination buffer. This triggers a non-fatal warning in GCC 12.
Hoewver, the code is also odd. It is really just a memcpy of the
string without its nul terminator. For that use case, memcpy is
clearer.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D36824
(cherry picked from commit 611cf392672cf7aa52a593412fb2537546a7d6a4)
|
| |
|
|
| |
(cherry picked from commit ce700f78f7fb28a252978382a1d0a66d08b6469a)
|
| |
|
|
|
|
|
|
|
|
|
| |
It's useful for small image to fetch some data but we don't want to
install utilities nor bloat runtime.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33463
(cherry picked from commit 13ef8134efd1c0a39c2dab0197b5c4558101253e)
|
| |
|
|
|
|
|
|
| |
this is for better portability in order to avoid using a function
which is BSD-only or available via libbsd
(cherry picked from commit ee3ca711a898cf41330c320826ea1e0e6e451f1d)
(cherry picked from commit 635eb7ac7990a2bb29e1992b739617a9db012bf2)
|
| |
|
|
|
|
|
|
| |
Approved by: so
Security: SA-21:15.libfetch
Security: CVE-2021-36159
(cherry picked from commit 3be62d49ae2b6f9050f39fe74210c88f35901fa5)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
PR: 220468
Submitted by: Egil Hasting <egil.hasting@higen.org> (based on)
Reviewed by: kevans, kp
Approved by: kp
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29533
(cherry picked from commit 345c30a94f6425954163f1e0b075a75f603d27cd)
|
| |
|
|
|
|
|
|
|
| |
Support for SSLv3 was already removed from OpenSSL (r361392).
Differential Revision: https://reviews.freebsd.org/D24947
Notes:
svn path=/head/; revision=368000
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Literal references to /usr/local exist in a large number of files in
the FreeBSD base system. Many are in contributed software, in configuration
files, or in the documentation, but 19 uses have been identified in C
source files or headers outside the contrib and sys/contrib directories.
This commit makes it possible to set _PATH_LOCALBASE in paths.h to use
a different prefix for locally installed software.
In order to avoid changes to openssh source files, LOCALBASE is passed to
the build via Makefiles under src/secure. While _PATH_LOCALBASE could have
been used here, there is precedent in the construction of the path used to
a xauth program which depends on the LOCALBASE value passed on the compiler
command line to select a non-default directory.
This could be changed in a later commit to make the openssh build
consistently use _PATH_LOCALBASE. It is considered out-of-scope for this
commit.
Reviewed by: imp
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D26942
Notes:
svn path=/head/; revision=367075
|
| |
|
|
|
|
|
| |
MFC after: 2 weeks
Notes:
svn path=/head/; revision=364292
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the successful case, sockshost is not freed prior to return.
The failure case can now be hit after fetch_reopen(), which was not true
before. Thus, we need to make sure to clean up all of the conn resources
which will also close sd. For all of the points prior to fetch_reopen(), we
continue to just close sd.
CID: 1419598, 1419616
Notes:
svn path=/head/; revision=358227
|
| |
|
|
|
|
|
|
|
|
|
| |
fetch_socks5_getenv will allocate memory for the host (or set it to NULL) in
all cases through the function; the caller is responsible for freeing it if
we end up allocating.
While I'm here, I've eliminated a label that just jumps to the next line...
Notes:
svn path=/head/; revision=357979
|
| |
|
|
|
|
|
|
|
|
| |
In case the port was specified, we never actually populated *host. Do so
now.
Pointy hat: kevans
Notes:
svn path=/head/; revision=357978
|
| |
|
|
|
|
|
|
|
| |
This commit separates out port parsing and validation from grabbing the host
from the env var. The only related bit really is that we need to be more
specific with the delimiter in the IPv6 case.
Notes:
svn path=/head/; revision=357977
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds SOCKS5 support to the library fetch(3) and updates the man
page.
Details: Within the fetch_connect() function, fetch(3) checks if the
SOCKS5_PROXY environment variable is set. If so, it connects to this host
rather than the end-host. It then initializes the SOCKS5 connection in
accordance with RFC 1928 and returns the resulting conn_t (file descriptor)
for usage by the regular FTP/HTTP handlers.
Design Decision: This change defaults all DNS resolutions through the proxy
by sending all IPs as hostnames. Going forward, another feature might be to
create another environmental variable to toggle resolutions through the
proxy or not..
One may set the SOCKS5_PROXY environment variable in any of the formats:
SOCKS5_PROXY=proxy.example.com
SOCKS5_PROXY=proxy.example.com:1080
SOCKS5_PROXY=192.0.2.0
SOCKS5_PROXY=198.51.100.0:1080
SOCKS5_PROXY=[2001:db8::1]
SOCKS5_PROXY=[2001:db8::2]:1080
Then perform a request with fetch(1).
(note by kevans)
I've since been informed that Void Linux/xbps has a fork of libfetch that
also implements SOCKS5. I may compare/contrast the two in the mid-to-near
future.
Submitted by: Farhan Khan <farhan farhan codes>
Differential Revision: https://reviews.freebsd.org/D18908
Notes:
svn path=/head/; revision=357968
|
| |
|
|
|
|
|
|
|
|
|
| |
Per RFC1738 escape is "% hex hex"; other sequences do not form a valid URL.
Suggested by: Matthew Dillon
Reviewed by: Matthew Dillon
MFC after: 1 week
Notes:
svn path=/head/; revision=357579
|
| |
|
|
|
|
|
|
| |
Reported by: Duncan Overbruck
Security: CVE-2020-7450
Notes:
svn path=/head/; revision=357212
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Notes:
svn path=/head/; revision=355617
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
Notes:
svn path=/head/; revision=355616
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The default package use to be FreeBSD-runtime but it should only contain
binaries and libs enough to boot to single user and repair the system, it
is also very handy to have a package that can be tranform to a small mfsroot.
So create a new package named FreeBSD-utilities and make it the default one.
Also move a few binaries and lib into this package when it make sense.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D21506
Notes:
svn path=/head/; revision=351858
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: Farhan Khan <khanzf@gmail.com>
Reviewed by: 0mp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D18788
Notes:
svn path=/head/; revision=351573
|
| |
|
|
| |
Notes:
svn path=/head/; revision=347050
|
| |
|
|
|
|
|
|
|
|
|
|
| |
we were looking at the original URL rather than the one we were currently
processing. This meant that if we were trying to retrieve an HTTP URL but
were redirected to an HTTPS URL, and HTTPS proxying was enabled, we would
send an invalid request and most likely get garbage back.
MFC after: 3 days
Notes:
svn path=/head/; revision=341072
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=341014
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=341013
|
| |
|
|
|
|
|
|
|
|
|
| |
There is probably a PR for this, but I can't find this, or remember who
submitted it. The patch got lost in the noise of another that wasn't
ready to commit.
MFC after: 3 days
Notes:
svn path=/head/; revision=341011
|
| |
|
|
| |
Notes:
svn path=/projects/openssl111/; revision=338779
|
| |
|
|
|
|
|
|
|
|
|
|
| |
value of $HOME and always use the home directory from the passwd
database, unless $HOME was unset, in which case it would use (null).
While there, clean up handling of netrcfd and add debugging aids.
MFC after: 3 weeks
Notes:
svn path=/head/; revision=334326
|
| |
|
|
|
|
|
| |
MFC after: 3 weeks
Notes:
svn path=/head/; revision=334319
|
| |
|
|
|
|
|
| |
MFC after: 3 weeks
Notes:
svn path=/head/; revision=334317
|
| |
|
|
|
|
|
|
| |
PR: 224426
MFC after: 1 week
Notes:
svn path=/head/; revision=333571
|
| |
|
|
| |
Notes:
svn path=/head/; revision=326408
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Notes:
svn path=/head/; revision=326219
|
| |
|
|
|
|
|
| |
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=325188
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the host argument (e.g. "www.freebsd.org:443"), the service pointer,
which is supposed to point to the port or service part, instead points
to the separator, causing getaddrinfo() to fail.
Note that I have not been able to trigger this bug with fetch(1), nor
do I believe it is possible, as libfetch always parses the host:port
specification itself. I discovered it when I copied fetch_resolve()
into an unrelated project.
MFC after: 3 days
Notes:
svn path=/head/; revision=322669
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a separator between host and port, and using strchr() to search for it.
Rewrite fetch_resolve() so it handles bracketed literals correctly, and
remove similar code elsewhere to avoid passing unbracketed literals to
fetch_resolve(). Remove #ifdef INET6 so we still parse IP literals
correctly even if we do not have the ability to connect to them.
While there, fix an off-by-one error which caused HTTP 400 errors to be
misinterpreted as redirects.
PR: 217723
MFC after: 1 week
Reported by: bapt, bz, cem, ngie
Notes:
svn path=/head/; revision=315455
|
| |
|
|
| |
Notes:
svn path=/head/; revision=315143
|
| |
|
|
|
|
|
|
| |
Reviewed by: des
MFC after: 1 week
Notes:
svn path=/head/; revision=314778
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
already complete.
Since 416 is an error code, any Content-Range header in the response
would refer to the error message, not the requested document, so
relying on the value of size when we know we got a 416 is wrong.
Instead, just verify that offset == 0 and assume that we've reached
the end of the document (if offset > 0, we did not request a range,
and the server is screwing with us). Note that we cannot distinguish
between reaching the end and going past it, but that is a flaw in the
protocol, not in the code, so we just have to assume that the caller
knows what it's doing. A smart caller would request an offset
slightly before what it believes is the end and compare the result to
what is already in the file.
PR: 212065
Reported by: mandree
MFC after: 3 weeks
Notes:
svn path=/head/; revision=314701
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes ftp with fetch(1) which was broken after r313974
Submitted by: dim
Reported by: olivier
Pointyhat to: bapt
Notes:
svn path=/head/; revision=314596
|
