Merge branch 'master' into fifteen
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 9 Nov 2013 13:19:52 +0000 (14:19 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 9 Nov 2013 13:19:52 +0000 (14:19 +0100)
config/rootfiles/oldcore/73/filelists/files
lfs/openssh
lfs/squid
src/patches/squid-3.3.10-optional-ssl-options.patch [new file with mode: 0644]

index 6df851e..8ddb964 100644 (file)
@@ -3,9 +3,11 @@ etc/issue
 etc/rc.d/init.d/dnsmasq
 etc/rc.d/init.d/squid
 srv/web/ipfire/cgi-bin/logs.cgi/proxylog.dat
+srv/web/ipfire/cgi-bin/netinternal.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi
 srv/web/ipfire/cgi-bin/routing.cgi
 srv/web/ipfire/cgi-bin/wirelessclient.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
 srv/web/ipfire/html/redirect.cgi
 srv/web/ipfire/html/redirect-templates/
 var/ipfire/header.pl
index 3d4ef2f..17772c1 100644 (file)
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.2p2
+VER        = 6.4p1
 
 THISAPP    = openssh-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = be46174dcbb77ebb4ea88ef140685de1
+$(DL_FILE)_MD5 = a62b88b884df0b09b8a8c5789ac9e51b
 
 install : $(TARGET)
 
index bc0ef71..a341857 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.3.9
+VER        = 3.3.10
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 6c4ba0d63c3a6d94de2da689f361cdab
+$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0
 
 install : $(TARGET)
 
@@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
+
+       cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch
+
        cd $(DIR_APP) && ./configure \
                --prefix=/usr \
                --sysconfdir=/etc/squid \
diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patches/squid-3.3.10-optional-ssl-options.patch
new file mode 100644 (file)
index 0000000..f6a108c
--- /dev/null
@@ -0,0 +1,148 @@
+From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115
+
+Committer: Christos Tsantilas
+Date: 2013-11-07 10:46:14 UTC
+Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf
+
+http://bugs.squid-cache.org/show_bug.cgi?id=3936
+Bug 3936: error-details.txt parse error
+
+Squid fails parsing error-details.txt template when one or more listed OpenSSL
+errors are not supported on running platform.
+This patch add a hardcoded list of OpenSSL errors wich can be optional.
+
+This is a Measurement Factory project
+
+=== modified file 'src/ssl/ErrorDetail.cc'
+--- src/ssl/ErrorDetail.cc     2013-07-31 00:13:04 +0000
++++ src/ssl/ErrorDetail.cc     2013-11-07 10:46:14 +0000
+@@ -221,6 +221,31 @@
+     {SSL_ERROR_NONE, NULL}
+ };
++static const char *OptionalSslErrors[] = {
++    "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
++    "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
++    "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
++    "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
++    "X509_V_ERR_INVALID_NON_CA",
++    "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
++    "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
++    "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
++    "X509_V_ERR_INVALID_EXTENSION",
++    "X509_V_ERR_INVALID_POLICY_EXTENSION",
++    "X509_V_ERR_NO_EXPLICIT_POLICY",
++    "X509_V_ERR_DIFFERENT_CRL_SCOPE",
++    "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
++    "X509_V_ERR_UNNESTED_RESOURCE",
++    "X509_V_ERR_PERMITTED_VIOLATION",
++    "X509_V_ERR_EXCLUDED_VIOLATION",
++    "X509_V_ERR_SUBTREE_MINMAX",
++    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
++    "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
++    "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
++    "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
++    NULL
++};
++
+ struct SslErrorAlias {
+     const char *name;
+     const Ssl::ssl_error_t *errors;
+@@ -331,6 +356,16 @@
+     return NULL;
+ }
++bool
++Ssl::ErrorIsOptional(const char *name)
++{
++    for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
++        if (strcmp(name, OptionalSslErrors[i]) == 0)
++            return true;
++    }
++    return false;
++}
++
+ const char *
+ Ssl::GetErrorDescr(Ssl::ssl_error_t value)
+ {
+
+=== modified file 'src/ssl/ErrorDetail.h'
+--- src/ssl/ErrorDetail.h      2013-05-30 10:10:29 +0000
++++ src/ssl/ErrorDetail.h      2013-11-07 10:46:14 +0000
+@@ -40,6 +40,14 @@
+ /**
+    \ingroup ServerProtocolSSLAPI
++   * Return true if the SSL error is optional and may not supported
++   * by current squid version
++ */
++
++bool ErrorIsOptional(const char *name);
++
++/**
++   \ingroup ServerProtocolSSLAPI
+  * Used to pass SSL error details to the error pages returned to the
+  * end user.
+  */
+
+=== modified file 'src/ssl/ErrorDetailManager.cc'
+--- src/ssl/ErrorDetailManager.cc      2013-10-25 00:13:46 +0000
++++ src/ssl/ErrorDetailManager.cc      2013-11-07 10:46:14 +0000
+@@ -218,32 +218,35 @@
+             }
+             Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
+-            if (ssl_error == SSL_ERROR_NONE) {
++            if (ssl_error != SSL_ERROR_NONE) {
++
++                if (theDetails->getErrorDetail(ssl_error)) {
++                    debugs(83, DBG_IMPORTANT, HERE <<
++                           "WARNING! duplicate entry: " << errorName);
++                    return false;
++                }
++
++                ErrorDetailEntry &entry = theDetails->theList[ssl_error];
++                entry.error_no = ssl_error;
++                entry.name = errorName;
++                String tmp = parser.getByName("detail");
++                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
++                tmp = parser.getByName("descr");
++                httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
++                bool parseOK = entry.descr.defined() && entry.detail.defined();
++
++                if (!parseOK) {
++                    debugs(83, DBG_IMPORTANT, HERE <<
++                           "WARNING! missing important field for detail error: " <<  errorName);
++                    return false;
++                }
++
++            } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
+                 debugs(83, DBG_IMPORTANT, HERE <<
+                        "WARNING! invalid error detail name: " << errorName);
+                 return false;
+             }
+-            if (theDetails->getErrorDetail(ssl_error)) {
+-                debugs(83, DBG_IMPORTANT, HERE <<
+-                       "WARNING! duplicate entry: " << errorName);
+-                return false;
+-            }
+-
+-            ErrorDetailEntry &entry = theDetails->theList[ssl_error];
+-            entry.error_no = ssl_error;
+-            entry.name = errorName;
+-            String tmp = parser.getByName("detail");
+-            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
+-            tmp = parser.getByName("descr");
+-            httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
+-            bool parseOK = entry.descr.defined() && entry.detail.defined();
+-
+-            if (!parseOK) {
+-                debugs(83, DBG_IMPORTANT, HERE <<
+-                       "WARNING! missing imporant field for detail error: " <<  errorName);
+-                return false;
+-            }
+         }// else {only spaces and black lines; just ignore}
+         buf.consume(size);
+