Path to this page:
./
net/libfetch,
Library to access HTTP/FTP server
Branch: CURRENT,
Version: 2.40,
Package name: libfetch-2.40,
Maintainer: pkgsrc-userslibfetch provides a high-level interface for retreiving and uploading
files using Uniform Resource Locators (URLs).
The library implements:
* local file access (file://)
* FTP
* HTTP
* HTTPS (optional, using OpenSSL)
FTP and HTTP proxies can be used.
Required to build:[
pkgtools/cwrappers]
Package options: inet6, openssl
Version history: (Expand)
- (2024-01-03) Updated to version: libfetch-2.40
- (2023-10-25) Updated to version: libfetch-2.39nb2
- (2020-01-19) Updated to version: libfetch-2.39nb1
- (2019-08-28) Updated to version: libfetch-2.39
- (2017-11-23) Package has been reborn
- (2016-10-21) Updated to version: libfetch-2.38
CVS history: (Expand)
2024-12-05 18:41:15 by Jonathan Perkin | Files touched by this commit (1) |
Log message:
libfetch: Re-order openssl libraries.
Fixes obscure cases where static libraries are used.
|
2024-12-05 17:14:06 by Jonathan Perkin | Files touched by this commit (1) |
Log message:
libfetch: Ensure -lsocket is always added on SunOS.
|
2024-12-05 16:39:15 by Jonathan Perkin | Files touched by this commit (1) |
Log message:
libfetch: Ensure openssl is a full dependency.
Avoids issues with implicit dependencies when openssl support is enabled.
|
2024-01-03 04:54:46 by Taylor R Campbell | Files touched by this commit (3) | |
Log message:
net/libfetch: update to 2.40
Validate HTTPS by default, unless environment variable
SSL_NO_VERIFY_PEER is set (from FreeBSD).
WARNING: This changes the semantics of the library in ways that may
break the functionality of existing callers, even callers that don't
ask to fetch HTTPS URLs -- because HTTP may redirect to HTTPS.
WARNING: This does not guarantee fetching HTTPS URLs will return only
authenticated data from the named host. If the host redirects to
HTTP or FTP, libfetch will follow the redirect and return
unauthenticated data with no way for the caller to know this has
happened (short of disabling redirects altogether -- including
HTTPS-to-HTTPS redirects -- with the undocumented `A' flag).
That's OK for pkgsrc distfile fetch, since we have checksums stored
in pkgsrc for the distfiles, but makes a simple server
misconfiguration a security vulnerability with pkg_add or pkgin (even
with signed packages, because there's a lot of attack surface between
the transport layer and the package signatures).
Discussion on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/12/09/msg028590.html
https://mail-index.netbsd.org/tech-pkg/2023/12/22/msg028654.html
ok gdt (https://mail-index.netbsd.org/tech-pkg/2023/12/31/msg028733.html)
|
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message:
*: bump for openssl 3
|
2022-11-09 14:14:32 by Joerg Sonnenberger | Files touched by this commit (223) |
Log message:
Reset MAINTAINER
|
2022-08-23 19:48:53 by Thomas Klausner | Files touched by this commit (1) |
Log message:
libfetch: remove unused variable
Also removed in upstream FreeBSD sources.
Fixes a clang warning/error reported by Edgar Fuß.
|
2021-12-26 11:24:22 by Nia Alarie | Files touched by this commit (1) |
Log message:
libfetch: Only enable IPv6 on supported systems. Needed on UnixWare.
Adapted from Boyd Lynn Gerber.
|