Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/squid | 2 + src/patches/squid/squid-3.5-14092.patch | 65 +++++++++++++++++++++++++++++++++ src/patches/squid/squid-3.5-14093.patch | 35 ++++++++++++++++++ 3 files changed, 102 insertions(+) create mode 100644 src/patches/squid/squid-3.5-14092.patch create mode 100644 src/patches/squid/squid-3.5-14093.patch
diff --git a/lfs/squid b/lfs/squid index 4fa60b2..5aec480 100644 --- a/lfs/squid +++ b/lfs/squid @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14089.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14090.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14091.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14092.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14093.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.21-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi diff --git a/src/patches/squid/squid-3.5-14092.patch b/src/patches/squid/squid-3.5-14092.patch new file mode 100644 index 0000000..2314911 --- /dev/null +++ b/src/patches/squid/squid-3.5-14092.patch @@ -0,0 +1,65 @@ +------------------------------------------------------------ +revno: 14092 +revision-id: squid3@treenet.co.nz-20161008203735-4q3zmw5j4w1ueopy +parent: squid3@treenet.co.nz-20160924223605-2xa0er35fx3dc8jg +fixes bugs: http://bugs.squid-cache.org/show_bug.cgi?id=4302 http://bugs.squid-cache.org/show_bug.cgi?id=2842 +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Sun 2016-10-09 09:37:35 +1300 +message: + Bug 4302 pt2: IPFilter v5 transparent interception +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20161008203735-4q3zmw5j4w1ueopy +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 03c7ec8b1506681d8b3889bf31ace737dd0271ad +# timestamp: 2016-10-08 20:51:07 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160924223605-\ +# 2xa0er35fx3dc8jg +# +# Begin patch +=== modified file 'src/ip/Intercept.cc' +--- src/ip/Intercept.cc 2016-04-12 06:52:39 +0000 ++++ src/ip/Intercept.cc 2016-10-08 20:37:35 +0000 +@@ -207,16 +207,21 @@ + debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1"); + warningLevel = (warningLevel + 1) % 10; + return false; ++ } ++ newConn->local.getInAddr(natLookup.nl_inip); ++ newConn->remote.getInAddr(natLookup.nl_outip); + #else + natLookup.nl_v = 6; ++ newConn->local.getInAddr(natLookup.nl_inipaddr.in6); ++ newConn->remote.getInAddr(natLookup.nl_outipaddr.in6); + } else { + natLookup.nl_v = 4; ++ newConn->local.getInAddr(natLookup.nl_inipaddr.in4); ++ newConn->remote.getInAddr(natLookup.nl_outipaddr.in4); ++ } + #endif +- } + natLookup.nl_inport = htons(newConn->local.port()); +- newConn->local.getInAddr(natLookup.nl_inip); + natLookup.nl_outport = htons(newConn->remote.port()); +- newConn->remote.getInAddr(natLookup.nl_outip); + // ... and the TCP flag + natLookup.nl_flags = IPN_TCP; + +@@ -281,7 +286,14 @@ + debugs(89, 9, HERE << "address: " << newConn); + return false; + } else { ++#if IPFILTER_VERSION < 5000003 + newConn->local = natLookup.nl_realip; ++#else ++ if (newConn->remote.isIPv6()) ++ newConn->local = natLookup.nl_realipaddr.in6; ++ else ++ newConn->local = natLookup.nl_realipaddr.in4; ++#endif + newConn->local.port(ntohs(natLookup.nl_realport)); + debugs(89, 5, HERE << "address NAT: " << newConn); + return true; + diff --git a/src/patches/squid/squid-3.5-14093.patch b/src/patches/squid/squid-3.5-14093.patch new file mode 100644 index 0000000..5a70751 --- /dev/null +++ b/src/patches/squid/squid-3.5-14093.patch @@ -0,0 +1,35 @@ +------------------------------------------------------------ +revno: 14093 +revision-id: squidadm@squid-cache.org-20161009001414-pksjx5jduk9uf5t8 +parent: squid3@treenet.co.nz-20161008203735-4q3zmw5j4w1ueopy +committer: Source Maintenance squidadm@squid-cache.org +branch nick: 3.5 +timestamp: Sun 2016-10-09 00:14:14 +0000 +message: + SourceFormat Enforcement +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squidadm@squid-cache.org-20161009001414-\ +# pksjx5jduk9uf5t8 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: f3814f4520a0465c972544ae3dd595faf8286f43 +# timestamp: 2016-10-09 00:51:05 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20161008203735-\ +# 4q3zmw5j4w1ueopy +# +# Begin patch +=== modified file 'src/ip/Intercept.cc' +--- src/ip/Intercept.cc 2016-10-08 20:37:35 +0000 ++++ src/ip/Intercept.cc 2016-10-09 00:14:14 +0000 +@@ -214,7 +214,8 @@ + natLookup.nl_v = 6; + newConn->local.getInAddr(natLookup.nl_inipaddr.in6); + newConn->remote.getInAddr(natLookup.nl_outipaddr.in6); +- } else { ++ } ++ else { + natLookup.nl_v = 4; + newConn->local.getInAddr(natLookup.nl_inipaddr.in4); + newConn->remote.getInAddr(natLookup.nl_outipaddr.in4); +