| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2021-07-26 | libfetch: fix range checking for http/ftp protocol parsing | Timo Teräs | 1 | -9/+6 | |
| Various parsing of numeric strings were not having adequate range checking causing information leak or potential crash. CVE-2021-36159 fixes #10749 Co-authored-by: Ariadne Conill <ariadne@dereferenced.org> Reported-by: Samanta Navarro <ferivoz@riseup.net> | |||||
| 2021-01-19 | libfetch: harden URL parsing | Timo Teräs | 1 | -11/+28 | |
| Treat URLs with too long individual components as malformed instead of silently truncating that field. There might be unexpected results if hostname, username or password field gets truncated. | |||||
| 2017-10-05 | libfetch: remove unwanted code conditionals | Timo Teräs | 1 | -7/+2 | |
| 2017-10-05 | build and use bundled libfetch natively | Timo Teräs | 1 | -3/+0 | |
| 2017-10-05 | import libfetch-2.38 from NetBSD | Timo Teräs | 1 | -0/+627 | |
| ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files libfetch comes (at least) in netbsd and freebsd flavors which differing functionality. Alpine and Arch package netbsd one, but it's not widely packaged across other distributions. We need NetBSD version as it does not use funopen(3) which is not supported in musl, and supports connection pooling. FreeBSD seems to be the orignal and better maintained version with support for SSL CAs, client certificate authentication, proxy authentication, and improved http redirect handling. So this imports NetBSD version, and future commits will pick up the needed improvements from FreeBSD tree. Incidentally, this also fixes #7857 and likes for good. | |||||
 |
index : apk-tools | |
| Adélie Linux patches for Alpine Package Keeper (apk-tools) | root |
| summaryrefslogtreecommitdiff |