phhtpget won't interpret an HTTP_PROXY env var that includes auth information (which';fetch' needs) correctly. It has to do this because ;fetch; won't fetch without this info, as trying to use HTTP_PROXY_AUTH instead doesn't work at all with fetch. Fix: none How-To-Repeat: so with HTTP_PROXY=http://user:password@proxy.name.com:3128 phttpget (as used by FreeBSD7.0 freebsd-update) will return stuff like Fetching 2 metadata patches... /usr/libexec/phttpget update1.FreeBSD.org 7.0- RELEASE/i386/tp/8864109089177efeb97a402c2cd78d3103ac04830298ab2cbad19e 46ff2248ea- 1d298c8caa51b44d66b6094ee7ee40aa1a4c0e3a985d4516853317d5bf72e0d1.gz 7.0- RELEASE/i386/tp/1ab7fdfcc9d634271cd180cc2c5cba28452833afb4e1686f7a5b8d d2c9b99609- 216d13fca41a3a18fd4c0ab05c0623dce2a877d997feef3059dfff17310535c1.gz phttpget: host = user, port = password@proxy.name.com:3128: servname not supported for ai_socktype done. and will in fact try to install those patches without reporting an error.
Responsible Changed From-To: freebsd-bugs->cperciva Over to maintainer.
Hello, Probably this patch would help on HTTP_PROXY=http://user:pwd@proxy.example.com:8080 problem. Best regards, Normunds
Hi I applied the submitted patch to phttpget and tested it on one of our lab machines that runs FreeBSD 9.0-Release amd64 and sits behind a HTTP proxy with required authentication. The patch worked without a problem. This patch would also solve misc/126131. //Ted Henriksson
Hi, Just reporting that Normunds' patch worked for me too. FreeBSD 9.0-Release amd64 behind a HTTP proxy server with required authentication. Kind Regards, Stephen K. Karanja
batch change: For bugs that match the following - Status Is In progress AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
I found the root cause. There's a bug with the Base64 Encoding within the b64enc function. The Filling isn't applied in most of the cases. For example: "Hey:Base64" should be encoded to "SGV5OkJhc2U2NA==" But due to wrong filling it's getting encoded to "SGV5OkJhc2U2NAA=". This can be replicated with every "username:password" combination where the combined length is not a multiple of 3 (due to the issue when filling comes in place). So "H:B", "HE:Bas" and "Hey:Base6" as username and Password are fine for example. Should be easy to replicate for the maintainer. I tested it myself with another Base64 Encoding Implementation by Jouni Melinen (which is apparently the fastest) and it worked flawlessly.
Created attachment 201165 [details] b64enc fix and use fetch API Concerning how phttpget parses HTTP_PROXY, I would suggest using fetchParseURL from <fetch.h> instead of parsing it manually (similar to how http_get_proxy() is handled). That way we can ensure it's parsed the same way as "fetch" does. Additionally it seems like there's an off-by-one error in b64enc. This patch showcases how the fetch API could be used and fixes b64enc.
Drop freebsd-update PRs which were assigned to me. I'm not working on this code any more.
^Triage: portsnap was removed from -CURRENT 20230420, which renders these patches Overcome By Events.