Your message dated Mon, 09 Sep 2013 21:33:29 +0000
with message-id <[email protected]>
and subject line Bug#691884: fixed in proxytunnel 1.9.0-6
has caused the Debian Bug report #691884,
regarding proxytunnel: generalized workaround for Apache bug 29744 (see also
#618698)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
691884: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691884
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: proxytunnel
Version: 1.9.0-3
Severity: wishlist
Tags: patch
Hi,
thank you very much for the patch [1]. It works like a charm in cases
when I normally would use the '-E' option. Unfortunately there are
also setups around with two proxies involved requiring me to give
the '-X' option. This option is incompatible with the patch.
So I generalized the workaround of [1] somewhat to be usable
together with either the '-E' or the '-X' option. This is achieved
by giving the additional option '-W'.
Patch is attached. I successfully checked with 4 test cases:
proxytunnel -v -p proxy1.de:80 -d dest.de:1234
proxytunnel -v -p proxy1.de:80 -r proxy2.de:80 -d dest.de:1234
proxytunnel -v -W -E -p proxy1.de:443 -d dest.de:1234
proxytunnel -v -W -X -p proxy1.de:80 -r proxy2.de:443 -d dest.de:1234
I hope attaching the patch works. I am new to the debian bugtracking system.
Cheers
Thomas
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618698
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages proxytunnel depends on:
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libgnutls26 2.8.6-1+squeeze2 the GNU TLS library - runtime libr
ii libmhash2 0.9.9.9-1 Library for cryptographic hashing
proxytunnel recommends no packages.
Versions of packages proxytunnel suggests:
ii ssh 1:5.5p1-6+squeeze2 secure shell client and server (me
-- no debconf information
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/README proxytunnel/proxytunnel-1.9.0/README
--- proxytunnel.tmp/proxytunnel-1.9.0/README 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/README 2012-10-30 12:32:45.000000000 +0100
@@ -34,6 +34,9 @@
-d, --dest=STRING Destination host:port combination
-e, --encrypt SSL encrypt data between local proxy and destination
-E, --encrypt-proxy SSL encrypt data between client and local proxy
+ -W, --wa-Bug-29744 workaround ASF Bugzilla 29744, if SSL is active stop
+ using it after CONNECT (might not work on all setups;
+ see /usr/share/doc/proxytunnel/README.Debian.gz)
-X, --encrypt-remproxy Encrypt between 1st and 2nd proxy using SSL
Additional options for specific features:
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/cmdline.c proxytunnel/proxytunnel-1.9.0/cmdline.c
--- proxytunnel.tmp/proxytunnel-1.9.0/cmdline.c 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/cmdline.c 2012-10-30 17:18:48.000000000 +0100
@@ -59,6 +59,9 @@
" -e, --encrypt SSL encrypt data between local proxy and destination\n"
" -E, --encrypt-proxy SSL encrypt data between client and local proxy\n"
" -X, --encrypt-remproxy Encrypt between 1st and 2nd proxy using SSL\n"
+" -W, --wa-Bug-29744 Workaround ASF Bugzilla 29744: if SSL is active stop\n"
+" using it after CONNECT (might not work on all setups; see\n"
+" /usr/share/doc/proxytunnel/README.Debian.gz)\n"
#endif
"\n"
"Additional options for specific features:\n"
@@ -131,6 +134,7 @@
args_info->encrypt_given = 0;
args_info->encryptproxy_given = 0;
args_info->encryptremproxy_given = 0;
+ args_info->wa_Bug_29744_given = 0;
args_info->proctitle_given = 0;
/* No... we can't make this a function... -- Maniac */
@@ -156,6 +160,7 @@
args_info->encrypt_flag = 0; \
args_info->encryptproxy_flag = 0; \
args_info->encryptremproxy_flag = 0; \
+ args_info->wa_Bug_29744_flag = 0; \
args_info->proctitle_arg = NULL; \
}
@@ -198,12 +203,13 @@
{ "encrypt", 0, NULL, 'e' },
{ "encrypt-proxy", 0, NULL, 'E' },
{ "encrypt-remproxy",0,NULL, 'X' },
+ { "workaround Bug-29744", 0, NULL, 'W' },
{ NULL, 0, NULL, 0 }
};
- c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXq", long_options, &option_index);
+ c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXWq", long_options, &option_index);
#else
- c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXq" );
+ c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXWq" );
#endif
if (c == -1)
@@ -227,6 +233,12 @@
if( args_info->verbose_flag )
message("SSL client to proxy enabled\n");
break;
+
+ case 'W': /* if SSL is active stop it after CONNECT */
+ args_info->wa_Bug_29744_flag = !(args_info->wa_Bug_29744_flag);
+ if( args_info->verbose_flag )
+ message("If SSL is active stop it after CONNECT\n");
+ break;
#endif
case 'i': /* Run from inetd. */
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/cmdline.h proxytunnel/proxytunnel-1.9.0/cmdline.h
--- proxytunnel.tmp/proxytunnel-1.9.0/cmdline.h 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/cmdline.h 2012-10-30 12:08:14.000000000 +0100
@@ -46,6 +46,7 @@
int standalone_arg; /* Turn on stdalone (-a) on port */
int encrypt_flag; /* Turn on SSL encryption (default=off). */
int encryptproxy_flag; /* Turn on client to proxy SSL encryption (def=off).*/
+ int wa_Bug_29744_flag; /* Use SSL encryption only until CONNECT, if at all (def=off).*/
int encryptremproxy_flag; /* Turn on local to remote proxy SSL encryption (def=off).*/
char *proctitle_arg; /* Override process title (default=off). */
int help_given; /* Whether help was given. */
@@ -70,6 +71,7 @@
int encrypt_given; /* Whether encrypt was given */
int encryptproxy_given; /* Whether encrypt was given */
int encryptremproxy_given; /* Whether encrypt was given */
+ int wa_Bug_29744_given; /* Whether work around was given */
int proctitle_given; /* Whether to override process title */
};
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/http.c proxytunnel/proxytunnel-1.9.0/http.c
--- proxytunnel.tmp/proxytunnel-1.9.0/http.c 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/http.c 2012-10-30 12:29:32.000000000 +0100
@@ -149,6 +149,11 @@
// if( args_info.verbose_flag )
// message( "Data received from local proxy:\n");
+ if( args_info.wa_Bug_29744_flag && !args_info.encryptremproxy_flag && pts->ssl ) {
+ message( "Switching to non-SSL communication (local proxy)\n");
+ pts->ssl = 0;
+ }
+
/* Read the first line of the response and analyze it */
analyze_HTTP(pts);
@@ -191,6 +196,11 @@
// if( args_info.verbose_flag )
// message( "Received from remote proxy:\n");
+ if( args_info.wa_Bug_29744_flag && pts->ssl ) {
+ message( "Switching to non-SSL communication (remote proxy)\n");
+ pts->ssl = 0;
+ }
+
/* Read the first line of the response and analyze it */
analyze_HTTP(pts);
}
diff -ur proxytunnel.tmp/proxytunnel-1.9.0/proxytunnel.1 proxytunnel/proxytunnel-1.9.0/proxytunnel.1
--- proxytunnel.tmp/proxytunnel-1.9.0/proxytunnel.1 2012-10-30 10:46:20.000000000 +0100
+++ proxytunnel/proxytunnel-1.9.0/proxytunnel.1 2012-10-30 17:13:53.000000000 +0100
@@ -65,6 +65,12 @@
Encrypt the data between the local proxy and the second-level proxy
using SSL.
.TP
+.B \-W, \-\-wa-Bug-29744
+If SSL is in use (by -e, -E, -X options) stop using it immediately after the
+CONNECT exchange to workaround apache server bugs. (Though this might not work
+on all setups;
+see /usr/share/doc/proxytunnel/README.Debian.gz for more details.)
+.TP
.B \-F STRING, \-\-passfile=STRING
The file containing Username & Password to send to HTTPS proxy for
authentification. This file uses the same format as .wgetrc, and so
--- End Message ---
--- Begin Message ---
Source: proxytunnel
Source-Version: 1.9.0-6
We believe that the bug you reported is fixed in the latest version of
proxytunnel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Gilbey <[email protected]> (supplier of updated proxytunnel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 09 Sep 2013 18:26:59 +0100
Source: proxytunnel
Binary: proxytunnel
Architecture: source amd64
Version: 1.9.0-6
Distribution: unstable
Urgency: low
Maintainer: Julian Gilbey <[email protected]>
Changed-By: Julian Gilbey <[email protected]>
Description:
proxytunnel - Create tcp tunnels trough HTTPS proxies, for using with SSH
Closes: 691884 717771
Changes:
proxytunnel (1.9.0-6) unstable; urgency=low
.
* Apply new Apache bug workaround patch from Thomas Hilber
<[email protected]>, modified to allow -B as a backwards
compatibility option (Closes: #691884)
* Attempt to write to the socket multiple times until all data has been
written; patch by Ludovico Cavedon <[email protected]> (Closes:
#717771)
Checksums-Sha1:
30253366580eef73230ce5819c44ad7f66949fa6 1103 proxytunnel_1.9.0-6.dsc
a169a686254a28149731a08e3b00c81e3a7f2e98 13718
proxytunnel_1.9.0-6.debian.tar.gz
e530c06d0ff5d85587c9db237f4f56335fa09025 37686 proxytunnel_1.9.0-6_amd64.deb
Checksums-Sha256:
5348eb8273d732dc4a6a24ccf8785e444c0ae4d1b2774f44a35b54b070c667e0 1103
proxytunnel_1.9.0-6.dsc
475e6c58dd79ec7764d7ed504c4964353b45d0ba103a8df4a6384e12b6edf17c 13718
proxytunnel_1.9.0-6.debian.tar.gz
2e686995e99a8f549ea17fa77f5419cc5fbda64c1ac4bfe9c250681e2dce5a9d 37686
proxytunnel_1.9.0-6_amd64.deb
Files:
51cf09b1bc221fae27f5ef578ebea4d8 1103 net optional proxytunnel_1.9.0-6.dsc
a300d8c5709b64f1d605001c0a75d07d 13718 net optional
proxytunnel_1.9.0-6.debian.tar.gz
e8ff7015314e9c76be86c569e6d9f371 37686 net optional
proxytunnel_1.9.0-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iEYEARECAAYFAlIuO6YACgkQDU59w/205FmxzQCfR9Y8QLhpxFLIjKNNGP720ErH
AOsAoJ3KGXemxsh+Msv8CTh1Lc4xTThW
=WceL
-----END PGP SIGNATURE-----
--- End Message ---