pkgsrc.se | The NetBSD package collection

./net/libfetch, Library to access HTTP/FTP server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.40, Package name: libfetch-2.40, Maintainer: pkgsrc-users

libfetch provides a high-level interface for retreiving and uploading
files using Uniform Resource Locators (URLs).

The library implements:

* local file access (file://)
* FTP
* HTTP
* HTTPS (optional, using OpenSSL)

FTP and HTTP proxies can be used.

Required to build:
[pkgtools/cwrappers]

Package options: inet6, openssl

Version history: (Expand)

(2024-01-03) Updated to version: libfetch-2.40
(2023-10-25) Updated to version: libfetch-2.39nb2
(2020-01-19) Updated to version: libfetch-2.39nb1
(2019-08-28) Updated to version: libfetch-2.39
(2017-11-23) Package has been reborn
(2016-10-21) Updated to version: libfetch-2.38

CVS history: (Expand)

2024-01-03 04:54:46 by Taylor R Campbell | Files touched by this commit (3) | Package updated

Log message:
net/libfetch: update to 2.40

Validate HTTPS by default, unless environment variable
SSL_NO_VERIFY_PEER is set (from FreeBSD).

WARNING: This changes the semantics of the library in ways that may
break the functionality of existing callers, even callers that don't
ask to fetch HTTPS URLs -- because HTTP may redirect to HTTPS.

WARNING: This does not guarantee fetching HTTPS URLs will return only
authenticated data from the named host.  If the host redirects to
HTTP or FTP, libfetch will follow the redirect and return
unauthenticated data with no way for the caller to know this has
happened (short of disabling redirects altogether -- including
HTTPS-to-HTTPS redirects -- with the undocumented `A' flag).

That's OK for pkgsrc distfile fetch, since we have checksums stored
in pkgsrc for the distfiles, but makes a simple server
misconfiguration a security vulnerability with pkg_add or pkgin (even
with signed packages, because there's a lot of attack surface between
the transport layer and the package signatures).

Discussion on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/12/09/msg028590.html
https://mail-index.netbsd.org/tech-pkg/2023/12/22/msg028654.html

ok gdt (https://mail-index.netbsd.org/tech-pkg/2023/12/31/msg028733.html)

2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)

Log message:
*: bump for openssl 3

2022-11-09 14:14:32 by Joerg Sonnenberger | Files touched by this commit (223)

Log message:
Reset MAINTAINER

2022-08-23 19:48:53 by Thomas Klausner | Files touched by this commit (1)

Log message:
libfetch: remove unused variable

Also removed in upstream FreeBSD sources.

Fixes a clang warning/error reported by Edgar Fuß.

2021-12-26 11:24:22 by Nia Alarie | Files touched by this commit (1)

Log message:
libfetch: Only enable IPv6 on supported systems. Needed on UnixWare.

Adapted from Boyd Lynn Gerber.

2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)

Log message:
*: Recursive revision bump for openssl 1.1.1.

2019-08-27 21:24:04 by Joerg Sonnenberger | Files touched by this commit (2)

Log message:
libfetch-2.39: Improve date parsing

2019-02-11 11:34:36 by Thomas Klausner | Files touched by this commit (1)

Log message:
libfetch: add FALLTHROUGH comment for gcc 7

To fix pkg_install build.