squid: Update to 3.3.11.
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 3 Dec 2013 13:42:30 +0000 (14:42 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 3 Dec 2013 13:42:30 +0000 (14:42 +0100)
lfs/squid
src/patches/squid-3.1-10486.patch [deleted file]
src/patches/squid-3.1-10487.patch [deleted file]
src/patches/squid-3.3.10-optional-ssl-options.patch [deleted file]
src/patches/squid-3.3.10-set-rlimit-fds.patch [deleted file]

index d3bff48..3c5f6c5 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.3.10
+VER        = 3.3.11
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0
+$(DL_FILE)_MD5 = dd016ff5f14b2548083b3882207914f6
 
 install : $(TARGET)
 
@@ -53,7 +53,6 @@ md5 : $(subst %,%_MD5,$(objects))
 ###############################################################################
 # Downloading, checking, md5sum
 ###############################################################################
-
 $(patsubst %,$(DIR_CHK)/%,$(objects)) :
        @$(CHECK)
 
@@ -70,11 +69,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
-
-       cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch
-       cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-set-rlimit-fds.patch
-
-       cd $(DIR_APP) && ./bootstrap.sh
        cd $(DIR_APP) && ./configure \
                --prefix=/usr \
                --sysconfdir=/etc/squid \
diff --git a/src/patches/squid-3.1-10486.patch b/src/patches/squid-3.1-10486.patch
deleted file mode 100644 (file)
index 6a0388e..0000000
+++ /dev/null
@@ -1,54 +0,0 @@
-------------------------------------------------------------
-revno: 10486
-revision-id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
-parent: squid3@treenet.co.nz-20130109021503-hqg7ufldrudpzr9l
-fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790
-author: Reinhard Sojka <reinhard.sojka@parlament.gv.at>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: SQUID_3_1
-timestamp: Fri 2013-02-22 04:13:25 -0700
-message:
-  Bug 3790: cachemgr.cgi crash with authentication
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
-#   /SQUID_3_1
-# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b
-# timestamp: 2013-02-22 11:17:18 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
-#   /SQUID_3_1
-# base_revision_id: squid3@treenet.co.nz-20130109021503-\
-#   hqg7ufldrudpzr9l
-# 
-# Begin patch
-=== modified file 'tools/cachemgr.cc'
---- tools/cachemgr.cc  2013-01-08 23:11:51 +0000
-+++ tools/cachemgr.cc  2013-02-22 11:13:25 +0000
-@@ -1162,7 +1162,6 @@
- {
-     static char buf[1024];
-     size_t stringLength = 0;
--    const char *str64;
-     if (!req->passwd)
-         return "";
-@@ -1171,15 +1170,12 @@
-              req->user_name ? req->user_name : "",
-              req->passwd);
--    str64 = base64_encode(buf);
--
--    stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64);
-+    stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf));
-     assert(stringLength < sizeof(buf));
--    snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64);
-+    snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
--    xxfree(str64);
-     return buf;
- }
-
diff --git a/src/patches/squid-3.1-10487.patch b/src/patches/squid-3.1-10487.patch
deleted file mode 100644 (file)
index 2ca4848..0000000
+++ /dev/null
@@ -1,73 +0,0 @@
-------------------------------------------------------------
-revno: 10487
-revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
-parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
-author: Nathan Hoad <nathan@getoffmalawn.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: SQUID_3_1
-timestamp: Wed 2013-07-10 06:47:48 -0600
-message:
-  Protect against buffer overrun in DNS query generation
-  
-  see SQUID-2013:2.
-  
-  This bug has been present as long as the internal DNS component however
-  most code reaching this point is passing through URL validation first.
-  With Squid-3.2 Host header verification using DNS directly we may have
-  problems.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
-#   /SQUID_3_1
-# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
-# timestamp: 2013-07-10 12:48:57 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
-#   /SQUID_3_1
-# base_revision_id: squid3@treenet.co.nz-20130222111325-\
-#   zizr296kq3te4g7h
-# 
-# Begin patch
-=== modified file 'src/dns_internal.cc'
---- src/dns_internal.cc        2011-10-11 02:12:56 +0000
-+++ src/dns_internal.cc        2013-07-10 12:47:48 +0000
-@@ -1532,22 +1532,26 @@
- void
- idnsALookup(const char *name, IDNSCB * callback, void *data)
- {
--    unsigned int i;
-+    size_t nameLength = strlen(name);
-+
-+    // Prevent buffer overflow on q->name
-+    if (nameLength > NS_MAXDNAME) {
-+        debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
-+        callback(data, NULL, 0, "Internal error");
-+        return;
-+    }
-+
-+    if (idnsCachedLookup(name, callback, data))
-+        return;
-+
-+    idns_query *q = cbdataAlloc(idns_query);
-+    q->id = idnsQueryID();
-     int nd = 0;
--    idns_query *q;
--
--    if (idnsCachedLookup(name, callback, data))
--        return;
--
--    q = cbdataAlloc(idns_query);
--
--    q->id = idnsQueryID();
--
--    for (i = 0; i < strlen(name); i++)
-+    for (unsigned int i = 0; i < nameLength; ++i)
-         if (name[i] == '.')
-             nd++;
--    if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
-+    if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
-         q->do_searchpath = 1;
-     } else {
-         q->do_searchpath = 0;
-
diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patches/squid-3.3.10-optional-ssl-options.patch
deleted file mode 100644 (file)
index f6a108c..0000000
+++ /dev/null
@@ -1,148 +0,0 @@
-From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115
-
-Committer: Christos Tsantilas
-Date: 2013-11-07 10:46:14 UTC
-Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf
-
-http://bugs.squid-cache.org/show_bug.cgi?id=3936
-Bug 3936: error-details.txt parse error
-
-Squid fails parsing error-details.txt template when one or more listed OpenSSL
-errors are not supported on running platform.
-This patch add a hardcoded list of OpenSSL errors wich can be optional.
-
-This is a Measurement Factory project
-
-=== modified file 'src/ssl/ErrorDetail.cc'
---- src/ssl/ErrorDetail.cc     2013-07-31 00:13:04 +0000
-+++ src/ssl/ErrorDetail.cc     2013-11-07 10:46:14 +0000
-@@ -221,6 +221,31 @@
-     {SSL_ERROR_NONE, NULL}
- };
-+static const char *OptionalSslErrors[] = {
-+    "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
-+    "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
-+    "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
-+    "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
-+    "X509_V_ERR_INVALID_NON_CA",
-+    "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
-+    "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
-+    "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
-+    "X509_V_ERR_INVALID_EXTENSION",
-+    "X509_V_ERR_INVALID_POLICY_EXTENSION",
-+    "X509_V_ERR_NO_EXPLICIT_POLICY",
-+    "X509_V_ERR_DIFFERENT_CRL_SCOPE",
-+    "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
-+    "X509_V_ERR_UNNESTED_RESOURCE",
-+    "X509_V_ERR_PERMITTED_VIOLATION",
-+    "X509_V_ERR_EXCLUDED_VIOLATION",
-+    "X509_V_ERR_SUBTREE_MINMAX",
-+    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
-+    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
-+    "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
-+    "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
-+    NULL
-+};
-+
- struct SslErrorAlias {
-     const char *name;
-     const Ssl::ssl_error_t *errors;
-@@ -331,6 +356,16 @@
-     return NULL;
- }
-+bool
-+Ssl::ErrorIsOptional(const char *name)
-+{
-+    for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
-+        if (strcmp(name, OptionalSslErrors[i]) == 0)
-+            return true;
-+    }
-+    return false;
-+}
-+
- const char *
- Ssl::GetErrorDescr(Ssl::ssl_error_t value)
- {
-
-=== modified file 'src/ssl/ErrorDetail.h'
---- src/ssl/ErrorDetail.h      2013-05-30 10:10:29 +0000
-+++ src/ssl/ErrorDetail.h      2013-11-07 10:46:14 +0000
-@@ -40,6 +40,14 @@
- /**
-    \ingroup ServerProtocolSSLAPI
-+   * Return true if the SSL error is optional and may not supported
-+   * by current squid version
-+ */
-+
-+bool ErrorIsOptional(const char *name);
-+
-+/**
-+   \ingroup ServerProtocolSSLAPI
-  * Used to pass SSL error details to the error pages returned to the
-  * end user.
-  */
-
-=== modified file 'src/ssl/ErrorDetailManager.cc'
---- src/ssl/ErrorDetailManager.cc      2013-10-25 00:13:46 +0000
-+++ src/ssl/ErrorDetailManager.cc      2013-11-07 10:46:14 +0000
-@@ -218,32 +218,35 @@
-             }
-             Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
--            if (ssl_error == SSL_ERROR_NONE) {
-+            if (ssl_error != SSL_ERROR_NONE) {
-+
-+                if (theDetails->getErrorDetail(ssl_error)) {
-+                    debugs(83, DBG_IMPORTANT, HERE <<
-+                           "WARNING! duplicate entry: " << errorName);
-+                    return false;
-+                }
-+
-+                ErrorDetailEntry &entry = theDetails->theList[ssl_error];
-+                entry.error_no = ssl_error;
-+                entry.name = errorName;
-+                String tmp = parser.getByName("detail");
-+                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
-+                tmp = parser.getByName("descr");
-+                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
-+                bool parseOK = entry.descr.defined() && entry.detail.defined();
-+
-+                if (!parseOK) {
-+                    debugs(83, DBG_IMPORTANT, HERE <<
-+                           "WARNING! missing important field for detail error: " <<  errorName);
-+                    return false;
-+                }
-+
-+            } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
-                 debugs(83, DBG_IMPORTANT, HERE <<
-                        "WARNING! invalid error detail name: " << errorName);
-                 return false;
-             }
--            if (theDetails->getErrorDetail(ssl_error)) {
--                debugs(83, DBG_IMPORTANT, HERE <<
--                       "WARNING! duplicate entry: " << errorName);
--                return false;
--            }
--
--            ErrorDetailEntry &entry = theDetails->theList[ssl_error];
--            entry.error_no = ssl_error;
--            entry.name = errorName;
--            String tmp = parser.getByName("detail");
--            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
--            tmp = parser.getByName("descr");
--            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
--            bool parseOK = entry.descr.defined() && entry.detail.defined();
--
--            if (!parseOK) {
--                debugs(83, DBG_IMPORTANT, HERE <<
--                       "WARNING! missing imporant field for detail error: " <<  errorName);
--                return false;
--            }
-         }// else {only spaces and black lines; just ignore}
-         buf.consume(size);
-
diff --git a/src/patches/squid-3.3.10-set-rlimit-fds.patch b/src/patches/squid-3.3.10-set-rlimit-fds.patch
deleted file mode 100644 (file)
index a80ce73..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13144
-
-    Committer: Amos Jeffries
-    Date: 2013-11-23 01:28:52 UTC
-    Revision ID: squid3@treenet.co.nz-20131123012852-zpe8hamjrs5vy42w
-
-http://bugs.squid-cache.org/show_bug.cgi?id=3970
-Bug 3970: max_filedescriptors disabled due to missing setrlimit
-
-=== modified file 'configure.ac'
---- configure.ac       2013-11-16 13:19:28 +0000
-+++ configure.ac       2013-11-23 01:28:52 +0000
-@@ -2534,7 +2534,6 @@
-     ;;
- esac
--
- dnl --with-maxfd present for compatibility with Squid-2.
- dnl undocumented in ./configure --help  to encourage using the Squid-3 directive
- AC_ARG_WITH(maxfd,,
-@@ -2542,6 +2541,7 @@
-   case ${withval} in
-     [[0-9]]*)
-       squid_filedescriptors_num=$withval
-+      AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)])
-       ;;
-     *)
-       AC_MSG_ERROR(--with-maxfd expects a numeric argument)
-@@ -2556,6 +2556,7 @@
-   case ${withval} in
-     [[0-9]]*)
-       squid_filedescriptors_num=$withval
-+      AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)])
-       ;;
-     *)
-       AC_MSG_ERROR(--with-filedescriptors expects a numeric argument)
-@@ -2564,10 +2565,9 @@
- ])
- SQUID_CHECK_DEFAULT_FD_SETSIZE
--if test "x$squid_filedescriptors_num" = "x"; then
--  SQUID_CHECK_MAXFD
--else
--  AC_MSG_NOTICE([forcing use of $squid_filedescriptors_num filedescriptors (user-forced)])
-+SQUID_CHECK_MAXFD
-+if test "x$squid_filedescriptors_num" != "x"; then
-+  AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num])
- fi
- if test "$squid_filedescriptors_num" -lt 512 ; then
-     AC_MSG_WARN([$squid_filedescriptors_num may not be enough filedescriptors if your])
-