From a408e02da29d32d72a570112caec8544f0474f51 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 3 Dec 2013 14:42:30 +0100 Subject: [PATCH] squid: Update to 3.3.11. --- lfs/squid | 10 +- src/patches/squid-3.1-10486.patch | 54 ------- src/patches/squid-3.1-10487.patch | 73 --------- .../squid-3.3.10-optional-ssl-options.patch | 148 ------------------ src/patches/squid-3.3.10-set-rlimit-fds.patch | 51 ------ 5 files changed, 2 insertions(+), 334 deletions(-) delete mode 100644 src/patches/squid-3.1-10486.patch delete mode 100644 src/patches/squid-3.1-10487.patch delete mode 100644 src/patches/squid-3.3.10-optional-ssl-options.patch delete mode 100644 src/patches/squid-3.3.10-set-rlimit-fds.patch diff --git a/lfs/squid b/lfs/squid index d3bff48b7d..3c5f6c54ae 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ include Config -VER = 3.3.10 +VER = 3.3.11 THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0 +$(DL_FILE)_MD5 = dd016ff5f14b2548083b3882207914f6 install : $(TARGET) @@ -53,7 +53,6 @@ md5 : $(subst %,%_MD5,$(objects)) ############################################################################### # Downloading, checking, md5sum ############################################################################### - $(patsubst %,$(DIR_CHK)/%,$(objects)) : @$(CHECK) @@ -70,11 +69,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - - cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch - cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-set-rlimit-fds.patch - - cd $(DIR_APP) && ./bootstrap.sh cd $(DIR_APP) && ./configure \ --prefix=/usr \ --sysconfdir=/etc/squid \ diff --git a/src/patches/squid-3.1-10486.patch b/src/patches/squid-3.1-10486.patch deleted file mode 100644 index 6a0388e5be..0000000000 --- a/src/patches/squid-3.1-10486.patch +++ /dev/null @@ -1,54 +0,0 @@ ------------------------------------------------------------- -revno: 10486 -revision-id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h -parent: squid3@treenet.co.nz-20130109021503-hqg7ufldrudpzr9l -fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790 -author: Reinhard Sojka -committer: Amos Jeffries -branch nick: SQUID_3_1 -timestamp: Fri 2013-02-22 04:13:25 -0700 -message: - Bug 3790: cachemgr.cgi crash with authentication ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h -# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ -# /SQUID_3_1 -# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b -# timestamp: 2013-02-22 11:17:18 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ -# /SQUID_3_1 -# base_revision_id: squid3@treenet.co.nz-20130109021503-\ -# hqg7ufldrudpzr9l -# -# Begin patch -=== modified file 'tools/cachemgr.cc' ---- tools/cachemgr.cc 2013-01-08 23:11:51 +0000 -+++ tools/cachemgr.cc 2013-02-22 11:13:25 +0000 -@@ -1162,7 +1162,6 @@ - { - static char buf[1024]; - size_t stringLength = 0; -- const char *str64; - - if (!req->passwd) - return ""; -@@ -1171,15 +1170,12 @@ - req->user_name ? req->user_name : "", - req->passwd); - -- str64 = base64_encode(buf); -- -- stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64); -+ stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf)); - - assert(stringLength < sizeof(buf)); - -- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64); -+ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf)); - -- xxfree(str64); - return buf; - } - - diff --git a/src/patches/squid-3.1-10487.patch b/src/patches/squid-3.1-10487.patch deleted file mode 100644 index 2ca4848c20..0000000000 --- a/src/patches/squid-3.1-10487.patch +++ /dev/null @@ -1,73 +0,0 @@ ------------------------------------------------------------- -revno: 10487 -revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx -parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h -author: Nathan Hoad -committer: Amos Jeffries -branch nick: SQUID_3_1 -timestamp: Wed 2013-07-10 06:47:48 -0600 -message: - Protect against buffer overrun in DNS query generation - - see SQUID-2013:2. - - This bug has been present as long as the internal DNS component however - most code reaching this point is passing through URL validation first. - With Squid-3.2 Host header verification using DNS directly we may have - problems. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx -# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ -# /SQUID_3_1 -# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0 -# timestamp: 2013-07-10 12:48:57 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ -# /SQUID_3_1 -# base_revision_id: squid3@treenet.co.nz-20130222111325-\ -# zizr296kq3te4g7h -# -# Begin patch -=== modified file 'src/dns_internal.cc' ---- src/dns_internal.cc 2011-10-11 02:12:56 +0000 -+++ src/dns_internal.cc 2013-07-10 12:47:48 +0000 -@@ -1532,22 +1532,26 @@ - void - idnsALookup(const char *name, IDNSCB * callback, void *data) - { -- unsigned int i; -+ size_t nameLength = strlen(name); -+ -+ // Prevent buffer overflow on q->name -+ if (nameLength > NS_MAXDNAME) { -+ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details."); -+ callback(data, NULL, 0, "Internal error"); -+ return; -+ } -+ -+ if (idnsCachedLookup(name, callback, data)) -+ return; -+ -+ idns_query *q = cbdataAlloc(idns_query); -+ q->id = idnsQueryID(); - int nd = 0; -- idns_query *q; -- -- if (idnsCachedLookup(name, callback, data)) -- return; -- -- q = cbdataAlloc(idns_query); -- -- q->id = idnsQueryID(); -- -- for (i = 0; i < strlen(name); i++) -+ for (unsigned int i = 0; i < nameLength; ++i) - if (name[i] == '.') - nd++; - -- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') { -+ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') { - q->do_searchpath = 1; - } else { - q->do_searchpath = 0; - diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patches/squid-3.3.10-optional-ssl-options.patch deleted file mode 100644 index f6a108c5f1..0000000000 --- a/src/patches/squid-3.3.10-optional-ssl-options.patch +++ /dev/null @@ -1,148 +0,0 @@ -From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115 - -Committer: Christos Tsantilas -Date: 2013-11-07 10:46:14 UTC -Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf - -http://bugs.squid-cache.org/show_bug.cgi?id=3936 -Bug 3936: error-details.txt parse error - -Squid fails parsing error-details.txt template when one or more listed OpenSSL -errors are not supported on running platform. -This patch add a hardcoded list of OpenSSL errors wich can be optional. - -This is a Measurement Factory project - -=== modified file 'src/ssl/ErrorDetail.cc' ---- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000 -+++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000 -@@ -221,6 +221,31 @@ - {SSL_ERROR_NONE, NULL} - }; - -+static const char *OptionalSslErrors[] = { -+ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", -+ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION", -+ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", -+ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION", -+ "X509_V_ERR_INVALID_NON_CA", -+ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", -+ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", -+ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED", -+ "X509_V_ERR_INVALID_EXTENSION", -+ "X509_V_ERR_INVALID_POLICY_EXTENSION", -+ "X509_V_ERR_NO_EXPLICIT_POLICY", -+ "X509_V_ERR_DIFFERENT_CRL_SCOPE", -+ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", -+ "X509_V_ERR_UNNESTED_RESOURCE", -+ "X509_V_ERR_PERMITTED_VIOLATION", -+ "X509_V_ERR_EXCLUDED_VIOLATION", -+ "X509_V_ERR_SUBTREE_MINMAX", -+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE", -+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", -+ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", -+ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR", -+ NULL -+}; -+ - struct SslErrorAlias { - const char *name; - const Ssl::ssl_error_t *errors; -@@ -331,6 +356,16 @@ - return NULL; - } - -+bool -+Ssl::ErrorIsOptional(const char *name) -+{ -+ for (int i = 0; OptionalSslErrors[i] != NULL; ++i) { -+ if (strcmp(name, OptionalSslErrors[i]) == 0) -+ return true; -+ } -+ return false; -+} -+ - const char * - Ssl::GetErrorDescr(Ssl::ssl_error_t value) - { - -=== modified file 'src/ssl/ErrorDetail.h' ---- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000 -+++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000 -@@ -40,6 +40,14 @@ - - /** - \ingroup ServerProtocolSSLAPI -+ * Return true if the SSL error is optional and may not supported -+ * by current squid version -+ */ -+ -+bool ErrorIsOptional(const char *name); -+ -+/** -+ \ingroup ServerProtocolSSLAPI - * Used to pass SSL error details to the error pages returned to the - * end user. - */ - -=== modified file 'src/ssl/ErrorDetailManager.cc' ---- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000 -+++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000 -@@ -218,32 +218,35 @@ - } - - Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf()); -- if (ssl_error == SSL_ERROR_NONE) { -+ if (ssl_error != SSL_ERROR_NONE) { -+ -+ if (theDetails->getErrorDetail(ssl_error)) { -+ debugs(83, DBG_IMPORTANT, HERE << -+ "WARNING! duplicate entry: " << errorName); -+ return false; -+ } -+ -+ ErrorDetailEntry &entry = theDetails->theList[ssl_error]; -+ entry.error_no = ssl_error; -+ entry.name = errorName; -+ String tmp = parser.getByName("detail"); -+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); -+ tmp = parser.getByName("descr"); -+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); -+ bool parseOK = entry.descr.defined() && entry.detail.defined(); -+ -+ if (!parseOK) { -+ debugs(83, DBG_IMPORTANT, HERE << -+ "WARNING! missing important field for detail error: " << errorName); -+ return false; -+ } -+ -+ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) { - debugs(83, DBG_IMPORTANT, HERE << - "WARNING! invalid error detail name: " << errorName); - return false; - } - -- if (theDetails->getErrorDetail(ssl_error)) { -- debugs(83, DBG_IMPORTANT, HERE << -- "WARNING! duplicate entry: " << errorName); -- return false; -- } -- -- ErrorDetailEntry &entry = theDetails->theList[ssl_error]; -- entry.error_no = ssl_error; -- entry.name = errorName; -- String tmp = parser.getByName("detail"); -- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); -- tmp = parser.getByName("descr"); -- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); -- bool parseOK = entry.descr.defined() && entry.detail.defined(); -- -- if (!parseOK) { -- debugs(83, DBG_IMPORTANT, HERE << -- "WARNING! missing imporant field for detail error: " << errorName); -- return false; -- } - }// else {only spaces and black lines; just ignore} - - buf.consume(size); - diff --git a/src/patches/squid-3.3.10-set-rlimit-fds.patch b/src/patches/squid-3.3.10-set-rlimit-fds.patch deleted file mode 100644 index a80ce73168..0000000000 --- a/src/patches/squid-3.3.10-set-rlimit-fds.patch +++ /dev/null @@ -1,51 +0,0 @@ -http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13144 - - Committer: Amos Jeffries - Date: 2013-11-23 01:28:52 UTC - Revision ID: squid3@treenet.co.nz-20131123012852-zpe8hamjrs5vy42w - -http://bugs.squid-cache.org/show_bug.cgi?id=3970 -Bug 3970: max_filedescriptors disabled due to missing setrlimit - -=== modified file 'configure.ac' ---- configure.ac 2013-11-16 13:19:28 +0000 -+++ configure.ac 2013-11-23 01:28:52 +0000 -@@ -2534,7 +2534,6 @@ - ;; - esac - -- - dnl --with-maxfd present for compatibility with Squid-2. - dnl undocumented in ./configure --help to encourage using the Squid-3 directive - AC_ARG_WITH(maxfd,, -@@ -2542,6 +2541,7 @@ - case ${withval} in - [[0-9]]*) - squid_filedescriptors_num=$withval -+ AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)]) - ;; - *) - AC_MSG_ERROR(--with-maxfd expects a numeric argument) -@@ -2556,6 +2556,7 @@ - case ${withval} in - [[0-9]]*) - squid_filedescriptors_num=$withval -+ AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)]) - ;; - *) - AC_MSG_ERROR(--with-filedescriptors expects a numeric argument) -@@ -2564,10 +2565,9 @@ - ]) - - SQUID_CHECK_DEFAULT_FD_SETSIZE --if test "x$squid_filedescriptors_num" = "x"; then -- SQUID_CHECK_MAXFD --else -- AC_MSG_NOTICE([forcing use of $squid_filedescriptors_num filedescriptors (user-forced)]) -+SQUID_CHECK_MAXFD -+if test "x$squid_filedescriptors_num" != "x"; then -+ AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num]) - fi - if test "$squid_filedescriptors_num" -lt 512 ; then - AC_MSG_WARN([$squid_filedescriptors_num may not be enough filedescriptors if your]) - -- 2.39.2