@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14142.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14143.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14144.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14145.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14146.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14147.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14148.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.24-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
--- /dev/null
+------------------------------------------------------------
+revno: 14144
+revision-id: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
+parent: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
+author: Alex Rousskov <rousskov@measurement-factory.com>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Sun 2017-02-26 21:46:24 +1300
+message:
+ Fix crash when configuring with invalid delay_parameters restore value.
+
+ ... like none/none. Introduced in rev which fixed another, much
+ bigger delay_parameters parsing bug.
+
+ TODO: Reject all invalid input, including restore/max of "-/100".
+
+ TODO: Fix misleading/wrong associated error messages. For example:
+ ERROR: invalid delay rate 'none/none'. Expecting restore/max or 'none'
+ ERROR: restore rate in '1/none' is not a number.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 42f47b8ee1da049d57e6af76ce755e459d2fc9fd
+# timestamp: 2017-02-26 08:51:02 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20170225055014-\
+# j7v5xax13u4jddr9
+#
+# Begin patch
+=== modified file 'src/DelaySpec.cc'
+--- src/DelaySpec.cc 2017-01-01 00:16:45 +0000
++++ src/DelaySpec.cc 2017-02-26 08:46:24 +0000
+@@ -55,7 +55,7 @@
+
+ // parse the first digits into restore_bps
+ const char *p = NULL;
+- if (!StringToInt(token, restore_bps, &p, 10) && *p != '/') {
++ if (!StringToInt(token, restore_bps, &p, 10) || *p != '/') {
+ debugs(77, DBG_CRITICAL, "ERROR: invalid delay rate '" << token << "'. Expecting restore/max or 'none'.");
+ self_destruct();
+ }
+
--- /dev/null
+------------------------------------------------------------
+revno: 14145
+revision-id: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
+parent: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Sun 2017-02-26 21:50:09 +1300
+message:
+ Fix missing CRLF on FTP timeout ABORT commands
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: a290f77545e17012eea87e6315a9d375bff16752
+# timestamp: 2017-02-26 08:51:05 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20170226084624-\
+# 5tkl3bdrqz8nlp9g
+#
+# Begin patch
+=== modified file 'src/clients/FtpGateway.cc'
+--- src/clients/FtpGateway.cc 2017-01-01 00:16:45 +0000
++++ src/clients/FtpGateway.cc 2017-02-26 08:50:09 +0000
+@@ -1775,7 +1775,7 @@
+
+ // ABORT on timeouts. server may be waiting on a broken TCP link.
+ if (io.xerrno == Comm::TIMEOUT)
+- writeCommand("ABOR");
++ writeCommand("ABOR\r\n");
+
+ // try another connection attempt with some other method
+ ftpSendPassive(this);
+
--- /dev/null
+------------------------------------------------------------
+revno: 14146
+revision-id: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
+parent: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Sun 2017-02-26 21:52:45 +1300
+message:
+ Check that -k argument is provided before trying to use it.
+
+ Detected by Coverity Scan. Issue 1364726.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 31bba06ced5b67f892e4be897b05ec3744b2a942
+# timestamp: 2017-02-26 09:51:00 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20170226085009-\
+# tj3o81s5ybk8ly9s
+#
+# Begin patch
+=== modified file 'src/main.cc'
+--- src/main.cc 2017-01-01 00:16:45 +0000
++++ src/main.cc 2017-02-26 08:52:45 +0000
+@@ -425,11 +425,11 @@
+ /** \par k
+ * Run the administrative action given following the option */
+
+- /** \li When its an unknown option display the usage help. */
+- if ((int) strlen(optarg) < 1)
++ /** \li When it is missing or an unknown option display the usage help. */
++ if (!optarg || strlen(optarg) < 1)
+ usage();
+
+- if (!strncmp(optarg, "reconfigure", strlen(optarg)))
++ else if (!strncmp(optarg, "reconfigure", strlen(optarg)))
+ /** \li On reconfigure send SIGHUP. */
+ opt_send_signal = SIGHUP;
+ else if (!strncmp(optarg, "rotate", strlen(optarg)))
+
--- /dev/null
+------------------------------------------------------------
+revno: 14147
+revision-id: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
+parent: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Sun 2017-02-26 21:56:17 +1300
+message:
+ ext_kerberos_ldap_group_acl: fix unused value warnings
+
+ Detected by Coverity Scan. Issues 1364748 and 1364749.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: fd770175ba851fc62de4a085414c8fd996b53e46
+# timestamp: 2017-02-26 09:51:04 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20170226085245-\
+# vcvc7nemupizbe4t
+#
+# Begin patch
+=== modified file 'helpers/external_acl/kerberos_ldap_group/support_ldap.cc'
+--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2017-01-01 00:16:45 +0000
++++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2017-02-26 08:56:17 +0000
+@@ -919,8 +919,8 @@
+ /*
+ * Initialise ldap
+ */
+- ldap_debug = 127 /* LDAP_DEBUG_TRACE */ ;
+- ldap_debug = -1 /* LDAP_DEBUG_ANY */ ;
++// ldap_debug = 127 /* LDAP_DEBUG_TRACE */ ;
++// ldap_debug = -1 /* LDAP_DEBUG_ANY */ ;
+ ldap_debug = 0;
+ (void) ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug);
+ #endif
+
--- /dev/null
+------------------------------------------------------------
+revno: 14148
+revision-id: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is
+parent: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
+author: Alexander Gozman <a.gozman@securitycode.ru>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Mon 2017-02-27 00:09:42 +1300
+message:
+ Native FTP relay: NAT and TPROXY interception fixes
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 63f57f0ddddf0f231c3ef88a12728a707828c6ad
+# timestamp: 2017-02-26 11:51:04 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20170226085617-\
+# 89jfjndt62i83qtn
+#
+# Begin patch
+=== modified file 'src/servers/FtpServer.cc'
+--- src/servers/FtpServer.cc 2017-01-01 00:16:45 +0000
++++ src/servers/FtpServer.cc 2017-02-26 11:09:42 +0000
+@@ -1454,9 +1454,33 @@
+ Comm::ConnectionPointer conn = new Comm::Connection();
+ conn->flags |= COMM_DOBIND;
+
+- // Use local IP address of the control connection as the source address
+- // of the active data connection, or some clients will refuse to accept.
+- conn->setAddrs(clientConnection->local, cltAddr);
++ if (clientConnection->flags & COMM_INTERCEPTION) {
++ // In the case of NAT interception conn->local value is not set
++ // because the TCP stack will automatically pick correct source
++ // address for the data connection. We must only ensure that IP
++ // version matches client's address.
++ conn->local.setAnyAddr();
++
++ if (cltAddr.isIPv4())
++ conn->local.setIPv4();
++
++ conn->remote = cltAddr;
++ } else {
++ // In the case of explicit-proxy the local IP of the control connection
++ // is the Squid IP the client is knowingly talking to.
++ //
++ // In the case of TPROXY the IP address of the control connection is
++ // server IP the client is connecting to, it can be spoofed by Squid.
++ //
++ // In both cases some clients may refuse to accept data connections if
++ // these control connectin local-IP's are not used.
++ conn->setAddrs(clientConnection->local, cltAddr);
++
++ // Using non-local addresses in TPROXY mode requires appropriate socket option.
++ if (clientConnection->flags & COMM_TRANSPARENT)
++ conn->flags |= COMM_TRANSPARENT;
++ }
++
+ // RFC 959 requires active FTP connections to originate from port 20
+ // but that would preclude us from supporting concurrent transfers! (XXX?)
+ conn->local.port(0);
+
projects / ipfire-2.x.git / commitdiff
