aports/libfetch, branch v2.10.4 Main aports tree fix strncpy bounds errors 2019-02-13T14:05:27+00:00 Timo Teräs timo.teras@iki.fi 2019-02-13T13:44:03+00:00 44daf808737f85ff462905269c7a1e66d52e2fff error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation] Based on patch by Elan Ruusamäe <glen@delfi.ee> 
error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]

Based on patch by Elan Ruusamäe <glen@delfi.ee>
libfetch: do not give out user/hostname as ftp anonymous password 2018-09-05T07:32:00+00:00 Timo Teräs timo.teras@iki.fi 2018-09-05T07:32:00+00:00 e4f54cfe6681b301fb32b455cb9bbab24d97c0f4 This is unwanted information disclosure. Reported-by: Max Justicz <max@justi.cz> 
This is unwanted information disclosure.

Reported-by: Max Justicz <max@justi.cz>
libfetch: support OpenSSL 2018-01-31T20:04:46+00:00 A. Wilcox AWilcox@Wilcox-Tech.com 2018-01-31T20:03:22+00:00 36f5cf8e4bbe863a5bcfaf33f5f0a460993a339f TLS_client_method is a LibreSSL extension. SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only. 
TLS_client_method is a LibreSSL extension.
SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only.
libfetch: add option to set "Cache-Control: no-cache" 2018-01-03T12:25:07+00:00 Timo Teräs timo.teras@iki.fi 2018-01-03T08:01:08+00:00 f90af35e9c563bd4f865d8d47a7ae357191494db ref #8161 
ref #8161
libfetch: honor https_proxy variable for https 2018-01-03T08:43:31+00:00 Timo Teräs timo.teras@iki.fi 2018-01-03T08:43:31+00:00 99e7bb93dfff2f43987b81ce7600ad8fbd0ce64c fixes #8160 
fixes #8160
libfetch: fix certificate host name check 2017-10-06T15:09:37+00:00 Timo Teräs timo.teras@iki.fi 2017-10-06T15:09:37+00:00 0d814ba35b5e26eb9a42ea7a52521eca44306479 OpenSSL allows passing zero-length to indicate "use strlen". LibreSSL requires using the real length always, so pass the length. 
OpenSSL allows passing zero-length to indicate "use strlen".
LibreSSL requires using the real length always, so pass the length.
libfetch: improve openssl/libressl compatibility 2017-10-06T10:25:27+00:00 Timo Teräs timo.teras@iki.fi 2017-10-06T10:23:54+00:00 eb8f44d629aca3a780f7feedfee11794f14082ad X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2 which are not yet universally available. Add support for building against the older versions. 
X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2
which are not yet universally available. Add support for building
against the older versions.
libfetch: improve ssl connections 2017-10-05T13:59:14+00:00 Timo Teräs timo.teras@iki.fi 2017-10-05T13:39:47+00:00 52fd85a8dcfee9c93522d80693673bc95cc1caaf loosely based on the freebsd implementation, implement https connection settings to override CA, and use client certificate. new files supported in /etc/apk/: ca.pem - if exists, it contains CAs acceptable for https (otherwise system wide CAs are used) crl.pem - if ca.pem is used, this is the (optional) CRL for it cert.pem - used as client authentication certificate (+ key) cert.key - used as client key (can be also inside cert.pem) 
loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.

new files supported in /etc/apk/:
  ca.pem   - if exists, it contains CAs acceptable for https
	     (otherwise system wide CAs are used)
  crl.pem  - if ca.pem is used, this is the (optional) CRL for it
  cert.pem - used as client authentication certificate (+ key)
  cert.key - used as client key (can be also inside cert.pem)
libfetch: remove unwanted code conditionals 2017-10-05T13:59:14+00:00 Timo Teräs timo.teras@iki.fi 2017-10-05T10:47:36+00:00 531fea4c9082d6542c776dcb6d4ca0a3949ecdd0 






libfetch: fix ssl context leak
2017-10-05T13:59:14+00:00

Timo Teräs
timo.teras@iki.fi

2017-10-05T10:30:39+00:00

f6860e0e110a82fe61ce46de4fb5a05794e456ab

from freebsd





from freebsd