portage-overlay

personal portage ebuild repository
git clone anongit@rnpnr.xyz:portage-overlay.git
Log | Files | Refs | Feed | README

gnupg-2.4.4-dirmngr-proxy.patch (6301B)

      1 https://bugs.gentoo.org/924606
      2 https://dev.gnupg.org/T6997
      3 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=04cbc3074aa98660b513a80f623a7e9f0702c7c9
      4 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=848546b05ab0ff6abd47724ecfab73bf32dd4c01
      5 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2810b934647edd483996bee1f5f9256a162b2705
      6 
      7 From 6236978d78886cbb476ed9fbc49ff99c7582b2d7 Mon Sep 17 00:00:00 2001
      8 From: NIIBE Yutaka <gniibe@fsij.org>
      9 Date: Thu, 15 Feb 2024 15:38:34 +0900
     10 Subject: [PATCH 1/3] dirmngr: Fix proxy with TLS.
     11 
     12 * dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
     13 available regardless of USE_TLS.
     14 (run_proxy_connect): Use log_debug_string.
     15 (send_request): Remove USE_TLS.
     16 
     17 --
     18 
     19 Since the commit of
     20 
     21 	1009e4e5f71347a1fe194e59a9d88c8034a67016
     22 
     23 Building with TLS library is mandatory.
     24 
     25 GnuPG-bug-id: 6997
     26 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
     27 ---
     28  dirmngr/http.c | 8 +-------
     29  1 file changed, 1 insertion(+), 7 deletions(-)
     30 
     31 diff --git a/dirmngr/http.c b/dirmngr/http.c
     32 index 4899a5d55..10eecfdb0 100644
     33 --- a/dirmngr/http.c
     34 +++ b/dirmngr/http.c
     35 @@ -2362,7 +2362,6 @@ run_gnutls_handshake (http_t hd, const char *server)
     36   * NULL, decode the string and use this as input from teh server.  On
     37   * success the final output token is stored at PROXY->OUTTOKEN and
     38   * OUTTOKLEN.  IF the authentication succeeded OUTTOKLEN is zero. */
     39 -#ifdef USE_TLS
     40  static gpg_error_t
     41  proxy_get_token (proxy_info_t proxy, const char *inputstring)
     42  {
     43 @@ -2530,11 +2529,9 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
     44  
     45  #endif /*!HAVE_W32_SYSTEM*/
     46  }
     47 -#endif /*USE_TLS*/
     48  
     49  
     50  /* Use the CONNECT method to proxy our TLS stream.  */
     51 -#ifdef USE_TLS
     52  static gpg_error_t
     53  run_proxy_connect (http_t hd, proxy_info_t proxy,
     54                     const char *httphost, const char *server,
     55 @@ -2586,7 +2583,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
     56    hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
     57  
     58    if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
     59 -    log_debug_with_string (request, "http.c:proxy:request:");
     60 +    log_debug_string (request, "http.c:proxy:request:");
     61  
     62    if (!hd->fp_write)
     63      {
     64 @@ -2743,7 +2740,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
     65    xfree (tmpstr);
     66    return err;
     67  }
     68 -#endif /*USE_TLS*/
     69  
     70  
     71  /* Make a request string using a standard proxy.  On success the
     72 @@ -2903,7 +2899,6 @@ send_request (ctrl_t ctrl,
     73        goto leave;
     74      }
     75  
     76 -#if USE_TLS
     77    if (use_http_proxy && hd->uri->use_tls)
     78      {
     79        err = run_proxy_connect (hd, proxy, httphost, server, port);
     80 @@ -2915,7 +2910,6 @@ send_request (ctrl_t ctrl,
     81         * clear the flag to indicate this.  */
     82        use_http_proxy = 0;
     83      }
     84 -#endif	/* USE_TLS */
     85  
     86  #if HTTP_USE_NTBTLS
     87    err = run_ntbtls_handshake (hd);
     88 -- 
     89 2.43.2
     90 
     91 From 68650eb6999e674fd2f1c78f47b68d3cd1d37ff0 Mon Sep 17 00:00:00 2001
     92 From: NIIBE Yutaka <gniibe@fsij.org>
     93 Date: Fri, 16 Feb 2024 11:31:37 +0900
     94 Subject: [PATCH 2/3] dirmngr: Fix the regression of use of proxy for TLS
     95  connection.
     96 
     97 * dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
     98 causes resource leak of FP_WRITE.
     99 Don't try to read response body to fix the hang.
    100 
    101 --
    102 
    103 GnuPG-bug-id: 6997
    104 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
    105 ---
    106  dirmngr/http.c | 14 ++------------
    107  1 file changed, 2 insertions(+), 12 deletions(-)
    108 
    109 diff --git a/dirmngr/http.c b/dirmngr/http.c
    110 index 10eecfdb0..7ce01bacd 100644
    111 --- a/dirmngr/http.c
    112 +++ b/dirmngr/http.c
    113 @@ -2553,6 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
    114     * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
    115     */
    116    auth_basic = !!proxy->uri->auth;
    117 +  hd->keep_alive = 0;
    118  
    119    /* For basic authentication we need to send just one request.  */
    120    if (auth_basic
    121 @@ -2574,13 +2575,12 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
    122                           httphost ? httphost : server,
    123                           port,
    124                           authhdr ? authhdr : "",
    125 -                         auth_basic? "" : "Connection: keep-alive\r\n");
    126 +                         hd->keep_alive? "Connection: keep-alive\r\n" : "");
    127    if (!request)
    128      {
    129        err = gpg_error_from_syserror ();
    130        goto leave;
    131      }
    132 -  hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
    133  
    134    if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
    135      log_debug_string (request, "http.c:proxy:request:");
    136 @@ -2607,16 +2607,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
    137    if (err)
    138      goto leave;
    139  
    140 -  {
    141 -    unsigned long count = 0;
    142 -
    143 -    while (es_getc (hd->fp_read) != EOF)
    144 -      count++;
    145 -    if (opt_debug)
    146 -      log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
    147 -                 count);
    148 -  }
    149 -
    150    /* Reset state.  */
    151    es_clearerr (hd->fp_read);
    152    ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
    153 -- 
    154 2.43.2
    155 
    156 From 7c7cbd94549d08780fc3767d6de8336b3f44e7d7 Mon Sep 17 00:00:00 2001
    157 From: NIIBE Yutaka <gniibe@fsij.org>
    158 Date: Fri, 16 Feb 2024 16:24:26 +0900
    159 Subject: [PATCH 3/3] dirmngr: Fix keep-alive flag handling.
    160 
    161 * dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
    162 Authentication.  Fix resource leak of FP_WRITE.
    163 
    164 --
    165 
    166 GnuPG-bug-id: 6997
    167 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
    168 ---
    169  dirmngr/http.c | 10 +++++++++-
    170  1 file changed, 9 insertions(+), 1 deletion(-)
    171 
    172 diff --git a/dirmngr/http.c b/dirmngr/http.c
    173 index 7ce01bacd..da0c89ae5 100644
    174 --- a/dirmngr/http.c
    175 +++ b/dirmngr/http.c
    176 @@ -2553,7 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
    177     * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
    178     */
    179    auth_basic = !!proxy->uri->auth;
    180 -  hd->keep_alive = 0;
    181 +  hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
    182  
    183    /* For basic authentication we need to send just one request.  */
    184    if (auth_basic
    185 @@ -2717,6 +2717,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
    186      }
    187  
    188   leave:
    189 +  if (hd->keep_alive)
    190 +    {
    191 +      es_fclose (hd->fp_write);
    192 +      hd->fp_write = NULL;
    193 +      /* The close has released the cookie and thus we better set it
    194 +       * to NULL.  */
    195 +      hd->write_cookie = NULL;
    196 +    }
    197    /* Restore flags, destroy stream, reset state.  */
    198    hd->flags = saved_flags;
    199    es_fclose (hd->fp_read);
    200 -- 
    201 2.43.2
    202