Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.2.0 2020-12-22T23:54:14Z 2020-12-22T23:54:14Z Faidon Liambotis paravoid@debian.org 2020-12-22T23:54:14Z urn:sha1:1663774bf309fbd196fd2b9c5c2afdd7a25fd288 The "last connection" cache is currently being stored and looked up on the combination of (LastHost, LastPort). However, these are not what the arguments to getaddrinfo() were on the first try: the call is to getaddrinfo(Host, ServiceNameOrPort, ...), i.e. with the port *or if 0, the service name* (e.g. http). Effectively this means that the connection cache lookup for: https://example.org/... i.e. Host = example.org, Port = 0, Service = http would end up matching the "last" connection of (if existed): https://example.org/... i.e. Host = example.org, Port = 0, Service = https ...and thus performing a TLS request over an (unrelated) port 80 connection. Therefore, an HTTP request, followed up by an (unrelated) HTTPS request to the same server, would always fail. Address this by using as the cache key the ServiceNameOrPort, rather than Port. 2020-12-22T23:51:50Z Faidon Liambotis paravoid@debian.org 2020-12-22T23:51:50Z urn:sha1:8d4b3a4fcead0ca534b5d1c5a99ae2a4c95eee21 Convert the fixed-size (300) char array "ServStr" to a std::string, and simplify the code by removing snprintfs in the process. While at it, rename to the more aptly named "ServiceNameOrPort" and update the comment to reflect what this variable is meant to be. 2019-07-08T13:51:17Z David Kalnischkies david@kalnischkies.de 2019-07-08T13:48:59Z urn:sha1:2b734a7ec429825c7007c1093883229e069d36c7 Reported-By: cppcheck 2019-06-11T12:16:18Z Julian Andres Klode julian.klode@canonical.com 2019-06-11T12:16:18Z urn:sha1:93e0ba2bfde58e6c1fbad53614083be8754d7ee8 apt Debian release 1.8.2 2019-05-21T12:53:01Z Michael Zhivich mzhivich@akamai.com 2019-05-20T19:07:04Z urn:sha1:f3e109d40937dbf90994bcf74b76837ec670205c When accessing repository protected by TLS mutual auth, apt may receive a "re-handshake" request from the server, which must be handled in order for download to proceed. This situation arises when the server requests a client certificate based on the resource path provided in the GET request, after the inital handshake in UnwrapTLS() has already occurred, and a secure connection has been established. This issue has been observed with Artifactory-backed Debian repository. To address the issue, split TLS handshake code out into its own method in TlsFd, and call it when GNUTLS_E_REHANDSHAKE error is received. Signed-off-by: Michael Zhivich <mzhivich@akamai.com> (merged from Debian/apt#93) LP: #1829861 2019-04-16T10:59:54Z David Kalnischkies david@kalnischkies.de 2019-04-14T23:54:26Z urn:sha1:a967ba05416db27127f9a0ba85bb92377e6bb73e warning: moving a local object in a return statement prevents copy elision [-Wpessimizing-move] Reported-By: gcc-9 Gbp-Dch: Ignore 2018-05-24T12:26:16Z Julian Andres Klode julian.klode@canonical.com 2018-05-24T12:16:30Z urn:sha1:71b65b3563d223f6cd69261918ec06d10da48e6c Correctly register timed out IP addresses from a timed out select() call as a bad address so we do not try it again. LP: #1766542 2018-05-19T19:39:08Z David Kalnischkies david@kalnischkies.de 2018-05-19T19:05:48Z urn:sha1:dd23021f588f5d50171cfb0d54108f594b139b26 Closes: #898886 2018-05-07T11:41:31Z Guillem Jover guillem@debian.org 2018-05-06T20:32:41Z urn:sha1:164f1b78d1849a0f33df7352875f86e28f5de06a Prompted-by: Jakub Wilk <jwilk@debian.org> 2018-01-03T15:33:36Z Julian Andres Klode jak@debian.org 2018-01-03T15:28:59Z urn:sha1:5b197e9de5376e191018562309e2d42123c27a1d Commit 47c0bdc310c8cd62374ca6e6bb456dd183bdfc07 ("report transient errors as transient error") accidentally changed some connection failures to become non-transient, because the result of the error checks where being ignored and then fatal error was returned if an error was pending - even if that error was trivial. After the merge of pu/happy-eyeballs2a this becomes a lot clearer, and easy to fix. Gbp-Dch: ignore Regression-Of: 47c0bdc310c8cd62374ca6e6bb456dd183bdfc07