src/lib/libfetch, branch release/13.1.0

pkgbase: Create a FreeBSD-fetch package

2022-01-05T17:23:53Z

It's useful for small image to fetch some data but we don't want to install utilities nor bloat runtime. MFC after: 2 weeks Sponsored by: Beckhoff Automation GmbH & Co. KG Differential Revision: https://reviews.freebsd.org/D33463 (cherry picked from commit 13ef8134efd1c0a39c2dab0197b5c4558101253e)

libfetch: use more portable getline() interface

2021-09-22T09:57:35Z

this is for better portability in order to avoid using a function which is BSD-only or available via libbsd (cherry picked from commit ee3ca711a898cf41330c320826ea1e0e6e451f1d) (cherry picked from commit 635eb7ac7990a2bb29e1992b739617a9db012bf2)

Fix libfetch out of bounds read.

2021-08-24T17:59:43Z

Approved by: so Security: SA-21:15.libfetch Security: CVE-2021-36159 (cherry picked from commit 3be62d49ae2b6f9050f39fe74210c88f35901fa5)

libfetch: Retry with proxy auth when server returns 407

2021-04-28T19:21:26Z

PR: 220468 Submitted by: Egil Hasting (based on) Reviewed by: kevans, kp Approved by: kp MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29533 (cherry picked from commit 345c30a94f6425954163f1e0b075a75f603d27cd)

Remove support for SSLv3 from fetch(3).

2020-11-24T22:10:33Z

Support for SSLv3 was already removed from OpenSSL (r361392). Differential Revision: https://reviews.freebsd.org/D24947

Replace literal uses of /usr/local in C sources with _PATH_LOCALBASE

2020-10-27T11:29:11Z

Literal references to /usr/local exist in a large number of files in the FreeBSD base system. Many are in contributed software, in configuration files, or in the documentation, but 19 uses have been identified in C source files or headers outside the contrib and sys/contrib directories. This commit makes it possible to set _PATH_LOCALBASE in paths.h to use a different prefix for locally installed software. In order to avoid changes to openssh source files, LOCALBASE is passed to the build via Makefiles under src/secure. While _PATH_LOCALBASE could have been used here, there is precedent in the construction of the path used to a xauth program which depends on the LOCALBASE value passed on the compiler command line to select a non-default directory. This could be changed in a later commit to make the openssh build consistently use _PATH_LOCALBASE. It is considered out-of-scope for this commit. Reviewed by: imp MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D26942

Don't explicitly specify c99 or gnu99 as the default is now gnu99.

2020-08-17T05:57:02Z

MFC after: 2 weeks

fetch(3): plug some leaks

2020-02-21T18:21:57Z

In the successful case, sockshost is not freed prior to return. The failure case can now be hit after fetch_reopen(), which was not true before. Thus, we need to make sure to clean up all of the conn resources which will also close sd. For all of the points prior to fetch_reopen(), we continue to just close sd. CID: 1419598, 1419616

fetch(3): don't leak sockshost on failure

2020-02-15T19:47:49Z

fetch_socks5_getenv will allocate memory for the host (or set it to NULL) in all cases through the function; the caller is responsible for freeing it if we end up allocating. While I'm here, I've eliminated a label that just jumps to the next line...

fetch(3): fix regression in IPv6:port spec from r357977

2020-02-15T19:39:50Z

In case the port was specified, we never actually populated *host. Do so now. Pointy hat: kevans