Skip to content

Commits on Nov 16, 2022

  1. libfetch: Pass a zeroed digest to DigestCalcResponse.

    GCC 12 warns that passing "" (a constant of char[1]) to a parameter of
    type char[33] could potentially overread.  It is not clear from the
    context that c->qops can never be "auth-int" (and if it can't, then
    the "auth-int" handling in DigestCalcResponse is dead code that should
    be removed since this is the only place the function is called).
    
    Reviewed by:	emaste
    Differential Revision:	https://reviews.freebsd.org/D36825
    bsdjhb committed Nov 16, 2022

Commits on Nov 2, 2022

  1. fetch: support EAI_ADDRFAMILY error, correct two error messages

    With the change to return EAI_ADDRFAMILY from getaddrinfo(), fetch
    would print "Unknown resolver error" for that error.  Add that error
    and its string to libfetch's table, using an #ifdef just in case.
    Correct error strings for EAI_NODATA (although it is currently unused)
    and EAI_NONAME.  Should maybe rework the code to use gai_strerror(3),
    but that doesn't map directly, and the current strings are shortened.
    
    Reviewed in https://reviews.freebsd.org/D37139 with related changes.
    
    Reviewed by:    bz
    MFC after:      1 month
    Mike Karels authored and Mike Karels committed Nov 2, 2022

Commits on Oct 3, 2022

  1. libfetch: Use memcpy in place of an odd strncpy.

    The length passed to strncpy is the length of the source string, not
    the destination buffer.  This triggers a non-fatal warning in GCC 12.
    Hoewver, the code is also odd.  It is really just a memcpy of the
    string without its nul terminator.  For that use case, memcpy is
    clearer.
    
    Reviewed by:	imp, emaste
    Differential Revision:	https://reviews.freebsd.org/D36824
    bsdjhb committed Oct 3, 2022

Commits on Sep 17, 2022

  1. There's no PEM(3) anywhere around; delete reference.

    Jens Schweikhardt authored and Jens Schweikhardt committed Sep 17, 2022

Commits on Apr 20, 2022

Commits on Dec 21, 2021

  1. pkgbase: Create a FreeBSD-fetch package

    It's useful for small image to fetch some data but we don't want to
    install utilities nor bloat runtime.
    
    MFC after:	2 weeks
    Sponsored by:	Beckhoff Automation GmbH & Co. KG
    Differential Revision:	https://reviews.freebsd.org/D33463
    evadot committed Dec 21, 2021

Commits on Sep 9, 2021

  1. fetch: do not confuse capacity and length

    The patch converting fetch to getline
    (ee3ca71),
    did confuse the capacity of the line buffer with the actual len of the read
    line confusing fetch -v.
    bapt committed Sep 9, 2021

Commits on Aug 24, 2021

  1. Fix libfetch out of bounds read.

    Approved by:	so
    Security:	SA-21:15.libfetch
    Security:	CVE-2021-36159
    tetlowgm committed Aug 24, 2021

Commits on Aug 17, 2021

  1. libfetch: use more portable getline() interface

    this is for better portability in order to avoid using a function
    which is BSD-only or available via libbsd
    
    MFC after:	3 weeks
    q66 authored and bapt committed Aug 17, 2021

Commits on Apr 1, 2021

  1. libfetch: Retry with proxy auth when server returns 407

    PR:		220468
    Submitted by:	Egil Hasting <egil.hasting@higen.org> (based on)
    Reviewed by:	kevans, kp
    Approved by:	kp
    MFC after:	2 weeks
    Sponsored by:	Rubicon Communications, LLC ("Netgate")
    Differential Revision:	https://reviews.freebsd.org/D29533
    rbgarga committed Apr 1, 2021

Commits on Nov 24, 2020

  1. Remove support for SSLv3 from fetch(3).

    Support for SSLv3 was already removed from OpenSSL (r361392).
    
    Differential Revision:	https://reviews.freebsd.org/D24947
    juikim committed Nov 24, 2020

Commits on Oct 27, 2020

  1. Replace literal uses of /usr/local in C sources with _PATH_LOCALBASE

    Literal references to /usr/local exist in a large number of files in
    the FreeBSD base system. Many are in contributed software, in configuration
    files, or in the documentation, but 19 uses have been identified in C
    source files or headers outside the contrib and sys/contrib directories.
    
    This commit makes it possible to set _PATH_LOCALBASE in paths.h to use
    a different prefix for locally installed software.
    
    In order to avoid changes to openssh source files, LOCALBASE is passed to
    the build via Makefiles under src/secure. While _PATH_LOCALBASE could have
    been used here, there is precedent in the construction of the path used to
    a xauth program which depends on the LOCALBASE value passed on the compiler
    command line to select a non-default directory.
    
    This could be changed in a later commit to make the openssh build
    consistently use _PATH_LOCALBASE. It is considered out-of-scope for this
    commit.
    
    Reviewed by:	imp
    MFC after:	1 month
    Differential Revision:	https://reviews.freebsd.org/D26942
    stesser committed Oct 27, 2020

Commits on Aug 17, 2020

Commits on Feb 21, 2020

  1. fetch(3): plug some leaks

    In the successful case, sockshost is not freed prior to return.
    
    The failure case can now be hit after fetch_reopen(), which was not true
    before. Thus, we need to make sure to clean up all of the conn resources
    which will also close sd. For all of the points prior to fetch_reopen(), we
    continue to just close sd.
    
    CID:		1419598, 1419616
    kevans91 committed Feb 21, 2020

Commits on Feb 15, 2020

  1. fetch(3): don't leak sockshost on failure

    fetch_socks5_getenv will allocate memory for the host (or set it to NULL) in
    all cases through the function; the caller is responsible for freeing it if
    we end up allocating.
    
    While I'm here, I've eliminated a label that just jumps to the next line...
    kevans91 committed Feb 15, 2020
  2. fetch(3): fix regression in IPv6:port spec from r357977

    In case the port was specified, we never actually populated *host. Do so
    now.
    
    Pointy hat:	kevans
    kevans91 committed Feb 15, 2020
  3. fetch(3): move bits of fetch_socks5_getenv around

    This commit separates out port parsing and validation from grabbing the host
    from the env var. The only related bit really is that we need to be more
    specific with the delimiter in the IPv6 case.
    kevans91 committed Feb 15, 2020
  4. fetch(3): Add SOCKS5 support

    This change adds SOCKS5 support to the library fetch(3) and updates the man
    page.
    
    Details: Within the fetch_connect() function, fetch(3) checks if the
    SOCKS5_PROXY environment variable is set. If so, it connects to this host
    rather than the end-host. It then initializes the SOCKS5 connection in
    accordance with RFC 1928 and returns the resulting conn_t (file descriptor)
    for usage by the regular FTP/HTTP handlers.
    
    Design Decision: This change defaults all DNS resolutions through the proxy
    by sending all IPs as hostnames. Going forward, another feature might be to
    create another environmental variable to toggle resolutions through the
    proxy or not..
    
    One may set the SOCKS5_PROXY environment variable in any of the formats:
    
    SOCKS5_PROXY=proxy.example.com
    SOCKS5_PROXY=proxy.example.com:1080
    SOCKS5_PROXY=192.0.2.0
    SOCKS5_PROXY=198.51.100.0:1080
    SOCKS5_PROXY=[2001:db8::1]
    SOCKS5_PROXY=[2001:db8::2]:1080
    
    Then perform a request with fetch(1).
    
    (note by kevans)
    I've since been informed that Void Linux/xbps has a fork of libfetch that
    also implements SOCKS5. I may compare/contrast the two in the mid-to-near
    future.
    
    Submitted by:	Farhan Khan <farhan farhan codes>
    Differential Revision:	https://reviews.freebsd.org/D18908
    kevans91 committed Feb 15, 2020

Commits on Feb 5, 2020

  1. libfetch: disallow invalid escape sequences

    Per RFC1738 escape is "% hex hex"; other sequences do not form a valid URL.
    
    Suggested by:	Matthew Dillon
    Reviewed by:	Matthew Dillon
    MFC after:	1 week
    emaste committed Feb 5, 2020

Commits on Jan 28, 2020

  1. Fix urldecode buffer overrun.

    Reported by:	Duncan Overbruck
    Security:	CVE-2020-7450
    tetlowgm committed Jan 28, 2020

Commits on Dec 11, 2019

  1. Update Makefile.depend files

    Update a bunch of Makefile.depend files as
    a result of adding Makefile.depend.options files
    
    Reviewed by:	 bdrewery
    MFC after:	1 week
    Sponsored by:   Juniper Networks
    Differential Revision:  https://reviews.freebsd.org/D22494
    sgerraty committed Dec 11, 2019
  2. Add Makefile.depend.options

    Leaf directories that have dependencies impacted
    by options need a Makefile.depend.options file
    to avoid churn in Makefile.depend
    
    DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
    can be set in local.dirdeps-options.mk
    which can add to those set in Makefile.depend.options
    
    See share/mk/dirdeps-options.mk
    
    Reviewed by:	 bdrewery
    MFC after:	1 week
    Sponsored by:   Juniper Networks
    Differential Revision:  https://reviews.freebsd.org/D22469
    sgerraty committed Dec 11, 2019

Commits on Sep 5, 2019

  1. pkgbase: Create a FreeBSD-utilities package and make it the default one

    The default package use to be FreeBSD-runtime but it should only contain
    binaries and libs enough to boot to single user and repair the system, it
    is also very handy to have a package that can be tranform to a small mfsroot.
    So create a new package named FreeBSD-utilities and make it the default one.
    Also move a few binaries and lib into this package when it make sense.
    Reviewed by:	bapt, gjb
    Differential Revision:	https://reviews.freebsd.org/D21506
    evadot committed Sep 5, 2019

Commits on Aug 28, 2019

  1. Document fetchReqHTTP().

    Submitted by:	Farhan Khan <khanzf@gmail.com>
    Reviewed by:	0mp
    MFC after:	1 week
    Differential Revision:	https://reviews.freebsd.org/D18788
    markjdb committed Aug 28, 2019

Commits on May 3, 2019

  1. [libfetch] Fix compilation with WITHOUT_CRYPT.

    Adrian Chadd authored and Adrian Chadd committed May 3, 2019

Commits on Nov 27, 2018

  1. When deciding whether to send the complete URL or just the document p…

    …art,
    
    we were looking at the original URL rather than the one we were currently
    processing.  This meant that if we were trying to retrieve an HTTP URL but
    were redirected to an HTTPS URL, and HTTPS proxying was enabled, we would
    send an invalid request and most likely get garbage back.
    
    MFC after:	3 days
    dag-erling committed Nov 27, 2018
  2. A few more cases where strcasecmp() is no longer required.

    MFC after:	1 week
    dag-erling committed Nov 27, 2018
  3. Support proxying FTP over HTTPS, not just HTTP.

    There is probably a PR for this, but I can't find this, or remember who
    submitted it.  The patch got lost in the noise of another that wasn't
    ready to commit.
    
    MFC after:	3 days
    dag-erling committed Nov 27, 2018

Commits on Sep 19, 2018

  1. Make libfetch buildable.

    juikim committed Sep 19, 2018

Commits on May 29, 2018

  1. Fix an inverted conditional in the netrc code, which would ignore the

    value of $HOME and always use the home directory from the passwd
    database, unless $HOME was unset, in which case it would use (null).
    
    While there, clean up handling of netrcfd and add debugging aids.
    
    MFC after:	3 weeks
    dag-erling committed May 29, 2018
  2. Fix a few (but far from all) style issues.

    MFC after:	3 weeks
    dag-erling committed May 29, 2018
  3. Use __VA_ARGS__ to simplify the DEBUG macro.

    MFC after:	3 weeks
    dag-erling committed May 29, 2018

Commits on May 12, 2018

  1. Preserve if-modified-since timestamps across redirects.

    PR:		224426
    MFC after:	1 week
    dag-erling committed May 12, 2018

Commits on Nov 30, 2017

Older