apk-tools/libfetch, branch 2.10-stable Alpine Package Keeper, the 2.x tree libfetch: support TCP_CORK 2020-02-18T14:15:41+00:00 Timo Teräs timo.teras@iki.fi 2020-02-18T13:21:35+00:00 05a1f92e445c8559f1fea7d90534fb719168698f Unfortunately libfetch operates on raw sockets and is sending each HTTP request line using separate syscall which causes the HTTP request to be sent as multiple packets over the wire in most configurations. This is not good for performance, but can also cause subtle breakage if there's DPI firewall that does not get the Host header. Incidentally, it seems that on BSDs libfetch already sets TCP_NOPUSH optimize the packetization. This commit adds same logic for using TCP_CORK if available. When using TCP_CORK there is no requirement to set TCP_NODELAY as uncorking will also cause immediate send. Keep TCP_NODELAY in the fallback codepaths. Long term, it might make sense to replace or rewrite libfetch to use application level buffering. (cherry picked from commit 271047cc930150a2972573625124b0c097ad322a) 
Unfortunately libfetch operates on raw sockets and is sending
each HTTP request line using separate syscall which causes the
HTTP request to be sent as multiple packets over the wire in most
configurations. This is not good for performance, but can also
cause subtle breakage if there's DPI firewall that does not get
the Host header.

Incidentally, it seems that on BSDs libfetch already sets
TCP_NOPUSH optimize the packetization. This commit adds same
logic for using TCP_CORK if available. When using TCP_CORK
there is no requirement to set TCP_NODELAY as uncorking will
also cause immediate send. Keep TCP_NODELAY in the fallback
codepaths.

Long term, it might make sense to replace or rewrite libfetch
to use application level buffering.

(cherry picked from commit 271047cc930150a2972573625124b0c097ad322a)
fix strncpy bounds errors 2019-02-13T14:05:27+00:00 Timo Teräs timo.teras@iki.fi 2019-02-13T13:44:03+00:00 44daf808737f85ff462905269c7a1e66d52e2fff error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation] Based on patch by Elan Ruusamäe <glen@delfi.ee> 
error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]

Based on patch by Elan Ruusamäe <glen@delfi.ee>
libfetch: do not give out user/hostname as ftp anonymous password 2018-09-05T07:32:00+00:00 Timo Teräs timo.teras@iki.fi 2018-09-05T07:32:00+00:00 e4f54cfe6681b301fb32b455cb9bbab24d97c0f4 This is unwanted information disclosure. Reported-by: Max Justicz <max@justi.cz> 
This is unwanted information disclosure.

Reported-by: Max Justicz <max@justi.cz>
libfetch: support OpenSSL 2018-01-31T20:04:46+00:00 A. Wilcox AWilcox@Wilcox-Tech.com 2018-01-31T20:03:22+00:00 36f5cf8e4bbe863a5bcfaf33f5f0a460993a339f TLS_client_method is a LibreSSL extension. SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only. 
TLS_client_method is a LibreSSL extension.
SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only.
libfetch: add option to set "Cache-Control: no-cache" 2018-01-03T12:25:07+00:00 Timo Teräs timo.teras@iki.fi 2018-01-03T08:01:08+00:00 f90af35e9c563bd4f865d8d47a7ae357191494db ref #8161 
ref #8161
libfetch: honor https_proxy variable for https 2018-01-03T08:43:31+00:00 Timo Teräs timo.teras@iki.fi 2018-01-03T08:43:31+00:00 99e7bb93dfff2f43987b81ce7600ad8fbd0ce64c fixes #8160 
fixes #8160
libfetch: fix certificate host name check 2017-10-06T15:09:37+00:00 Timo Teräs timo.teras@iki.fi 2017-10-06T15:09:37+00:00 0d814ba35b5e26eb9a42ea7a52521eca44306479 OpenSSL allows passing zero-length to indicate "use strlen". LibreSSL requires using the real length always, so pass the length. 
OpenSSL allows passing zero-length to indicate "use strlen".
LibreSSL requires using the real length always, so pass the length.
libfetch: improve openssl/libressl compatibility 2017-10-06T10:25:27+00:00 Timo Teräs timo.teras@iki.fi 2017-10-06T10:23:54+00:00 eb8f44d629aca3a780f7feedfee11794f14082ad X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2 which are not yet universally available. Add support for building against the older versions. 
X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2
which are not yet universally available. Add support for building
against the older versions.
libfetch: improve ssl connections 2017-10-05T13:59:14+00:00 Timo Teräs timo.teras@iki.fi 2017-10-05T13:39:47+00:00 52fd85a8dcfee9c93522d80693673bc95cc1caaf loosely based on the freebsd implementation, implement https connection settings to override CA, and use client certificate. new files supported in /etc/apk/: ca.pem - if exists, it contains CAs acceptable for https (otherwise system wide CAs are used) crl.pem - if ca.pem is used, this is the (optional) CRL for it cert.pem - used as client authentication certificate (+ key) cert.key - used as client key (can be also inside cert.pem) 
loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.

new files supported in /etc/apk/:
  ca.pem   - if exists, it contains CAs acceptable for https
	     (otherwise system wide CAs are used)
  crl.pem  - if ca.pem is used, this is the (optional) CRL for it
  cert.pem - used as client authentication certificate (+ key)
  cert.key - used as client key (can be also inside cert.pem)
libfetch: remove unwanted code conditionals 2017-10-05T13:59:14+00:00 Timo Teräs timo.teras@iki.fi 2017-10-05T10:47:36+00:00 531fea4c9082d6542c776dcb6d4ca0a3949ecdd0