Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.9.1 2019-06-11T12:16:18Z 2019-06-11T12:16:18Z Julian Andres Klode julian.klode@canonical.com 2019-06-11T12:16:18Z urn:sha1:93e0ba2bfde58e6c1fbad53614083be8754d7ee8 apt Debian release 1.8.2 2019-05-21T12:53:01Z Michael Zhivich mzhivich@akamai.com 2019-05-20T19:07:04Z urn:sha1:f3e109d40937dbf90994bcf74b76837ec670205c When accessing repository protected by TLS mutual auth, apt may receive a "re-handshake" request from the server, which must be handled in order for download to proceed. This situation arises when the server requests a client certificate based on the resource path provided in the GET request, after the inital handshake in UnwrapTLS() has already occurred, and a secure connection has been established. This issue has been observed with Artifactory-backed Debian repository. To address the issue, split TLS handshake code out into its own method in TlsFd, and call it when GNUTLS_E_REHANDSHAKE error is received. Signed-off-by: Michael Zhivich <mzhivich@akamai.com> (merged from Debian/apt#93) LP: #1829861 2019-04-16T10:59:54Z David Kalnischkies david@kalnischkies.de 2019-04-14T23:54:26Z urn:sha1:a967ba05416db27127f9a0ba85bb92377e6bb73e warning: moving a local object in a return statement prevents copy elision [-Wpessimizing-move] Reported-By: gcc-9 Gbp-Dch: Ignore 2018-05-24T12:26:16Z Julian Andres Klode julian.klode@canonical.com 2018-05-24T12:16:30Z urn:sha1:71b65b3563d223f6cd69261918ec06d10da48e6c Correctly register timed out IP addresses from a timed out select() call as a bad address so we do not try it again. LP: #1766542 2018-05-19T19:39:08Z David Kalnischkies david@kalnischkies.de 2018-05-19T19:05:48Z urn:sha1:dd23021f588f5d50171cfb0d54108f594b139b26 Closes: #898886 2018-05-07T11:41:31Z Guillem Jover guillem@debian.org 2018-05-06T20:32:41Z urn:sha1:164f1b78d1849a0f33df7352875f86e28f5de06a Prompted-by: Jakub Wilk <jwilk@debian.org> 2018-01-03T15:33:36Z Julian Andres Klode jak@debian.org 2018-01-03T15:28:59Z urn:sha1:5b197e9de5376e191018562309e2d42123c27a1d Commit 47c0bdc310c8cd62374ca6e6bb456dd183bdfc07 ("report transient errors as transient error") accidentally changed some connection failures to become non-transient, because the result of the error checks where being ignored and then fatal error was returned if an error was pending - even if that error was trivial. After the merge of pu/happy-eyeballs2a this becomes a lot clearer, and easy to fix. Gbp-Dch: ignore Regression-Of: 47c0bdc310c8cd62374ca6e6bb456dd183bdfc07 2018-01-03T14:31:36Z Julian Andres Klode jak@debian.org 2018-01-02T21:15:50Z urn:sha1:3bbd328396745d0dd6c5585935040082a2c41e3e Try establishing connections in alternating address families in rapid intervals of 250 ms, adding more connections to the wait list until one succeeds (RFC 8305, happy eyeballs 2). It is important that WaitAndCheckErrors() waits until it has a successful connection, a time out, or all connections failed - otherwise the timing between tries might be wrong, and the final long wait might exit early because one connection failed without trying the others. Timing wise, this only works correctly on Linux, as select() counts down there. But we rely on that in some other places too, so this is not the time to fix that. Timeouts are only reported in the final long wait - the short inner waits are expected to time out more often, and multiple times, we do not want to report them. Closes: #668948 LP: #1308200 Gbp-Dch: paragraph 2018-01-03T14:26:51Z Julian Andres Klode jak@debian.org 2018-01-02T20:59:02Z urn:sha1:53bdec3ebea66153b320ee497871355eb526e0f2 Extracting the error checking method allows us to reuse it in different places, so we can move the waiting and checking out of DoConnect() eventually. Gbp-Dch: ignore 2018-01-03T14:26:51Z Julian Andres Klode jak@debian.org 2018-01-02T20:56:40Z urn:sha1:c9a5a6f2140758c0ed08764a07dd454a8f3ff986 There's no real point in storing the IP address while resolving it - failure messages include the IP address in any case. Do this when picking the connection for actual use instead.