[PATCH] squid 3.5.21: latest patches (14092-14093)

[Matthias Fischer <matthias.fischer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 5784 bytes --]

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/squid                               |  2 +
 src/patches/squid/squid-3.5-14092.patch | 65 +++++++++++++++++++++++++++++++++
 src/patches/squid/squid-3.5-14093.patch | 35 ++++++++++++++++++
 3 files changed, 102 insertions(+)
 create mode 100644 src/patches/squid/squid-3.5-14092.patch
 create mode 100644 src/patches/squid/squid-3.5-14093.patch

diff --git a/lfs/squid b/lfs/squid
index 4fa60b2..5aec480 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -80,6 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14089.patch
 	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14090.patch
 	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14091.patch
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14092.patch
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14093.patch
 	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.21-fix-max-file-descriptors.patch
 
 	cd $(DIR_APP) && autoreconf -vfi
diff --git a/src/patches/squid/squid-3.5-14092.patch b/src/patches/squid/squid-3.5-14092.patch
new file mode 100644
index 0000000..2314911
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14092.patch
@@ -0,0 +1,65 @@
+------------------------------------------------------------
+revno: 14092
+revision-id: squid3(a)treenet.co.nz-20161008203735-4q3zmw5j4w1ueopy
+parent: squid3(a)treenet.co.nz-20160924223605-2xa0er35fx3dc8jg
+fixes bugs: http://bugs.squid-cache.org/show_bug.cgi?id=4302 http://bugs.squid-cache.org/show_bug.cgi?id=2842
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: 3.5
+timestamp: Sun 2016-10-09 09:37:35 +1300
+message:
+  Bug 4302 pt2: IPFilter v5 transparent interception
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20161008203735-4q3zmw5j4w1ueopy
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: 03c7ec8b1506681d8b3889bf31ace737dd0271ad
+# timestamp: 2016-10-08 20:51:07 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3(a)treenet.co.nz-20160924223605-\
+#   2xa0er35fx3dc8jg
+# 
+# Begin patch
+=== modified file 'src/ip/Intercept.cc'
+--- src/ip/Intercept.cc	2016-04-12 06:52:39 +0000
++++ src/ip/Intercept.cc	2016-10-08 20:37:35 +0000
+@@ -207,16 +207,21 @@
+         debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
+         warningLevel = (warningLevel + 1) % 10;
+         return false;
++    }
++    newConn->local.getInAddr(natLookup.nl_inip);
++    newConn->remote.getInAddr(natLookup.nl_outip);
+ #else
+         natLookup.nl_v = 6;
++        newConn->local.getInAddr(natLookup.nl_inipaddr.in6);
++        newConn->remote.getInAddr(natLookup.nl_outipaddr.in6);
+     } else {
+         natLookup.nl_v = 4;
++        newConn->local.getInAddr(natLookup.nl_inipaddr.in4);
++        newConn->remote.getInAddr(natLookup.nl_outipaddr.in4);
++    }
+ #endif
+-    }
+     natLookup.nl_inport = htons(newConn->local.port());
+-    newConn->local.getInAddr(natLookup.nl_inip);
+     natLookup.nl_outport = htons(newConn->remote.port());
+-    newConn->remote.getInAddr(natLookup.nl_outip);
+     // ... and the TCP flag
+     natLookup.nl_flags = IPN_TCP;
+ 
+@@ -281,7 +286,14 @@
+         debugs(89, 9, HERE << "address: " << newConn);
+         return false;
+     } else {
++#if IPFILTER_VERSION < 5000003
+         newConn->local = natLookup.nl_realip;
++#else
++        if (newConn->remote.isIPv6())
++            newConn->local = natLookup.nl_realipaddr.in6;
++        else
++            newConn->local = natLookup.nl_realipaddr.in4;
++#endif
+         newConn->local.port(ntohs(natLookup.nl_realport));
+         debugs(89, 5, HERE << "address NAT: " << newConn);
+         return true;
+
diff --git a/src/patches/squid/squid-3.5-14093.patch b/src/patches/squid/squid-3.5-14093.patch
new file mode 100644
index 0000000..5a70751
--- /dev/null
+++ b/src/patches/squid/squid-3.5-14093.patch
@@ -0,0 +1,35 @@
+------------------------------------------------------------
+revno: 14093
+revision-id: squidadm(a)squid-cache.org-20161009001414-pksjx5jduk9uf5t8
+parent: squid3(a)treenet.co.nz-20161008203735-4q3zmw5j4w1ueopy
+committer: Source Maintenance <squidadm(a)squid-cache.org>
+branch nick: 3.5
+timestamp: Sun 2016-10-09 00:14:14 +0000
+message:
+  SourceFormat Enforcement
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squidadm(a)squid-cache.org-20161009001414-\
+#   pksjx5jduk9uf5t8
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: f3814f4520a0465c972544ae3dd595faf8286f43
+# timestamp: 2016-10-09 00:51:05 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3(a)treenet.co.nz-20161008203735-\
+#   4q3zmw5j4w1ueopy
+# 
+# Begin patch
+=== modified file 'src/ip/Intercept.cc'
+--- src/ip/Intercept.cc	2016-10-08 20:37:35 +0000
++++ src/ip/Intercept.cc	2016-10-09 00:14:14 +0000
+@@ -214,7 +214,8 @@
+         natLookup.nl_v = 6;
+         newConn->local.getInAddr(natLookup.nl_inipaddr.in6);
+         newConn->remote.getInAddr(natLookup.nl_outipaddr.in6);
+-    } else {
++    }
++    else {
+         natLookup.nl_v = 4;
+         newConn->local.getInAddr(natLookup.nl_inipaddr.in4);
+         newConn->remote.getInAddr(natLookup.nl_outipaddr.in4);
+
-- 
2.10.1