src/lib/libfetch/fetch.c, branch release/13.1.0

src/lib/libfetch/fetch.c, branch release/13.1.0 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F13.1.0 2020-02-05T16:55:00Z libfetch: disallow invalid escape sequences 2020-02-05T16:55:00Z Ed Maste emaste@FreeBSD.org 2020-02-05T16:55:00Z urn:sha1:83372bda16b53157be476df6f9c6aac9f2bc12a3 Per RFC1738 escape is "% hex hex"; other sequences do not form a valid URL. Suggested by: Matthew Dillon Reviewed by: Matthew Dillon MFC after: 1 week Fix urldecode buffer overrun. 2020-01-28T18:37:18Z Gordon Tetlow gordon@FreeBSD.org 2020-01-28T18:37:18Z urn:sha1:6fb3f9944faefa41b322b5e1bc0d280b4005ca44 Reported by: Duncan Overbruck Security: CVE-2020-7450 Improve URL parsing. In particular, convert scheme and host to lowercase. 2018-11-27T10:45:14Z Dag-Erling Smørgrav des@FreeBSD.org 2018-11-27T10:45:14Z urn:sha1:8d9de5b10a24bd2d79ed99f139c0ac28c09b15ca MFC after: 1 week Fix an inverted conditional in the netrc code, which would ignore the 2018-05-29T13:07:36Z Dag-Erling Smørgrav des@FreeBSD.org 2018-05-29T13:07:36Z urn:sha1:5f04ebd4d3ed2b5970913c8b02b2b251a897a3c0 value of $HOME and always use the home directory from the passwd database, unless $HOME was unset, in which case it would use (null). While there, clean up handling of netrcfd and add debugging aids. MFC after: 3 weeks Use __VA_ARGS__ to simplify the DEBUG macro. 2018-05-29T10:28:20Z Dag-Erling Smørgrav des@FreeBSD.org 2018-05-29T10:28:20Z urn:sha1:c5712d6da1ce9006a3147ab7c8be3b326d3dbc71 MFC after: 3 weeks lib: further adoption of SPDX licensing ID tags. 2017-11-26T02:00:33Z Pedro F. Giffuni pfg@FreeBSD.org 2017-11-26T02:00:33Z urn:sha1:5e53a4f90f82c4345f277dd87cc9292f26e04a29 Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. r308996 broke IP literals by assuming that a colon could only occur as 2017-03-17T14:18:52Z Dag-Erling Smørgrav des@FreeBSD.org 2017-03-17T14:18:52Z urn:sha1:08a49957b3f06926744987207d542efa2631394d a separator between host and port, and using strchr() to search for it. Rewrite fetch_resolve() so it handles bracketed literals correctly, and remove similar code elsewhere to avoid passing unbracketed literals to fetch_resolve(). Remove #ifdef INET6 so we still parse IP literals correctly even if we do not have the ability to connect to them. While there, fix an off-by-one error which caused HTTP 400 errors to be misinterpreted as redirects. PR: 217723 MFC after: 1 week Reported by: bapt, bz, cem, ngie Properly initialize netrcfd in fetchParseURL 2017-03-03T12:51:16Z Baptiste Daroussin bapt@FreeBSD.org 2017-03-03T12:51:16Z urn:sha1:5d1ce10bee2d232114aa38fa7be889374b70639b This fixes ftp with fetch(1) which was broken after r313974 Submitted by: dim Reported by: olivier Pointyhat to: bapt Add a file descriptor in struct url for netrc 2017-02-20T00:14:31Z Baptiste Daroussin bapt@FreeBSD.org 2017-02-20T00:14:31Z urn:sha1:d8713bf36156f6c6179cc989fc370a7f9a0ca062 When using libfetch in an application that drops privileges when fetching like pkg(8) then user complain because the application does not read anymore ${HOME}/.netrc. Now a caller can prepare a fd to the said file and manually assign it to the structure. It is also a first step to allow to capsicumize libfetch applications Reviewed by: allanjude, des Approved by: des Differential Revision: https://reviews.freebsd.org/D9678 Fix -Wunsequenced warning. 2013-06-29T15:51:27Z Tim Kientzle kientzle@FreeBSD.org 2013-06-29T15:51:27Z urn:sha1:9bc22394d885aba91d8cd52655c1a8d183bc0ead Submitted by: dt71@gmx.com