This is an automated email from the git hooks/post-receive script. dod pushed a commit to branch master in repository libwww-perl.
commit 32ea130056660df82adbced7d6b336254c5b7ac8 Author: Dominique Dumont <d...@debian.org> Date: Thu Apr 24 09:40:53 2014 +0200 removed fix-https-proxy patch (applied upstream) --- debian/patches/fix-htts-proxy | 174 ------------------------------------------ debian/patches/series | 1 - 2 files changed, 175 deletions(-) diff --git a/debian/patches/fix-htts-proxy b/debian/patches/fix-htts-proxy deleted file mode 100644 index 29120b4..0000000 --- a/debian/patches/fix-htts-proxy +++ /dev/null @@ -1,174 +0,0 @@ -Description:Fix htts proxy - part 1 of a patch to fix https_proxy handling -Author:Steffen Ullrich -Origin:https://github.com/libwww-perl/libwww-perl/pull/52 -Applied-Upstream:yes ---- a/lib/LWP/Protocol/http.pm -+++ b/lib/LWP/Protocol/http.pm -@@ -16,16 +16,6 @@ - sub _new_socket - { - my($self, $host, $port, $timeout) = @_; -- my $conn_cache = $self->{ua}{conn_cache}; -- if ($conn_cache) { -- if (my $sock = $conn_cache->withdraw($self->socket_type, "$host:$port")) { -- return $sock if $sock && !$sock->can_read(0); -- # if the socket is readable, then either the peer has closed the -- # connection or there are some garbage bytes on it. In either -- # case we abandon it. -- $sock->close; -- } -- } - - local($^W) = 0; # IO::Socket::INET can be noisy - my $sock = $self->socket_class->new(PeerAddr => $host, -@@ -33,7 +23,7 @@ - LocalAddr => $self->{ua}{local_address}, - Proto => 'tcp', - Timeout => $timeout, -- KeepAlive => !!$conn_cache, -+ KeepAlive => !!$self->{ua}{conn_cache}, - SendTE => 1, - $self->_extra_sock_opts($host, $port), - ); -@@ -104,9 +94,10 @@ - } - $h->init_header('Host' => $hhost); - -- if ($proxy) { -+ if ($proxy && $url->scheme ne 'https') { - # Check the proxy URI's userinfo() for proxy credentials -- # export http_proxy="http://proxyuser:proxypass@proxyhost:port" -+ # export http_proxy="http://proxyuser:proxypass@proxyhost:port". -+ # For https only the initial CONNECT requests needs authorization. - my $p_auth = $proxy->userinfo(); - if(defined $p_auth) { - require URI::Escape; -@@ -140,26 +131,81 @@ - } - - my $url = $request->uri; -- my($host, $port, $fullpath); - -- # Check if we're proxy'ing -- if (defined $proxy) { -- # $proxy is an URL to an HTTP server which will proxy this request -- $host = $proxy->host; -- $port = $proxy->port; -- $fullpath = $method eq "CONNECT" ? -- ($url->host . ":" . $url->port) : -- $url->as_string; -- } -- else { -- $host = $url->host; -- $port = $url->port; -- $fullpath = $url->path_query; -- $fullpath = "/$fullpath" unless $fullpath =~ m,^/,; -- } - -- # connect to remote site -- my $socket = $self->_new_socket($host, $port, $timeout); -+ # Proxying SSL with a http proxy needs issues a CONNECT request to build a -+ # tunnel and then upgrades the tunnel to SSL. But when doing keep-alive the -+ # https request does not need to be the first request in the connection, so -+ # we need to distinguish between -+ # - not yet connected (create socket and ssl upgrade) -+ # - connected but not inside ssl tunnel (ssl upgrade) -+ # - inside ssl tunnel to the target - once we are in the tunnel to the -+ # target we cannot only reuse the tunnel for more https requests with the -+ # same target -+ -+ my $ssl_tunnel = $proxy && $url->scheme eq 'https' -+ && $url->host.":".$url->port; -+ -+ my ($host,$port) = $proxy -+ ? ($proxy->host,$proxy->port) -+ : ($url->host,$url->port); -+ my $fullpath = -+ $method eq 'CONNECT' ? $url->host . ":" . $url->port : -+ $proxy && ! $ssl_tunnel ? $url->as_string : -+ do { -+ my $path = $url->path_query; -+ $path = "/$path" if $path !~m{^/}; -+ $path -+ }; -+ -+ my $socket; -+ my $conn_cache = $self->{ua}{conn_cache}; -+ my $cache_key; -+ if ( $conn_cache ) { -+ $cache_key = "$host:$port"; -+ # For https we reuse the socket immediatly only if it has an established -+ # tunnel to the target. Otherwise a CONNECT request followed by an SSL -+ # upgrade need to be done first. The request itself might reuse an -+ # existing non-ssl connection to the proxy -+ $cache_key .= "!".$ssl_tunnel if $ssl_tunnel; -+ if ( $socket = $conn_cache->withdraw($self->socket_type,$cache_key)) { -+ if ($socket->can_read(0)) { -+ # if the socket is readable, then either the peer has closed the -+ # connection or there are some garbage bytes on it. In either -+ # case we abandon it. -+ $socket->close; -+ $socket = undef; -+ } # else use $socket -+ } -+ } -+ -+ if ( ! $socket && $ssl_tunnel ) { -+ my $proto_https = LWP::Protocol::create('https',$self->{ua}) -+ or die "no support for scheme https found"; -+ -+ # only if ssl socket class is IO::Socket::SSL we can upgrade -+ # a plain socket to SSL. In case of Net::SSL we fall back to -+ # the old version -+ if ( my $upgrade_sub = $proto_https->can('_upgrade_sock')) { -+ my $response = $self->request( -+ HTTP::Request->new('CONNECT',"http://$ssl_tunnel"), -+ $proxy, -+ undef,$size,$timeout -+ ); -+ $response->is_success or die -+ "establishing SSL tunnel failed: ".$response->status_line; -+ $socket = $upgrade_sub->($proto_https, -+ $response->{client_socket},$url) -+ or die "SSL upgrade failed: $@"; -+ } else { -+ $socket = $proto_https->_new_socket($url->host,$url->port,$timeout); -+ } -+ } -+ -+ if ( ! $socket ) { -+ # connect to remote site w/o reusing established socket -+ $socket = $self->_new_socket($host, $port, $timeout ); -+ } - - my $http_version = ""; - if (my $proto = $request->protocol) { -@@ -428,13 +474,13 @@ - - # keep-alive support - unless ($drop_connection) { -- if (my $conn_cache = $self->{ua}{conn_cache}) { -+ if ($cache_key) { - my %connection = map { (lc($_) => 1) } - split(/\s*,\s*/, ($response->header("Connection") || "")); - if (($peer_http_version eq "1.1" && !$connection{close}) || - $connection{"keep-alive"}) - { -- $conn_cache->deposit($self->socket_type, "$host:$port", $socket); -+ $conn_cache->deposit($self->socket_type, $cache_key, $socket); - } - } - } ---- a/lib/LWP/UserAgent.pm -+++ b/lib/LWP/UserAgent.pm -@@ -346,7 +346,8 @@ - ) - { - my $proxy = ($code == &HTTP::Status::RC_PROXY_AUTHENTICATION_REQUIRED); -- my $ch_header = $proxy ? "Proxy-Authenticate" : "WWW-Authenticate"; -+ my $ch_header = $proxy || $request->method eq 'CONNECT' -+ ? "Proxy-Authenticate" : "WWW-Authenticate"; - my @challenge = $response->header($ch_header); - unless (@challenge) { - $response->header("Client-Warning" => diff --git a/debian/patches/series b/debian/patches/series index 8f66dda..81e055e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,2 @@ -fix-htts-proxy ipv6-http-proxy.patch drop-non-blocking-socket.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libwww-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits