For details see: http://bugs.squid-cache.org/show_bug.cgi?id=4323

Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- config/rootfiles/common/squid | 2 ++ lfs/squid | 3 ++- src/patches/squid-3.4-13231.patch | 48 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 src/patches/squid-3.4-13231.patch

diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid index c8227e3..83cfe3f 100644 --- a/config/rootfiles/common/squid +++ b/config/rootfiles/common/squid @@ -2145,6 +2145,8 @@ usr/lib/squid/icons/silk/script_palette.png usr/lib/squid/log_db_daemon usr/lib/squid/log_file_daemon usr/lib/squid/mib.txt +usr/lib/squid/negotiate_kerberos_auth +usr/lib/squid/negotiate_kerberos_auth_test usr/lib/squid/negotiate_wrapper_auth usr/lib/squid/ntlm_fake_auth usr/lib/squid/ntlm_smb_lm_auth diff --git a/lfs/squid b/lfs/squid index 997c660..a9c5f37 100644 --- a/lfs/squid +++ b/lfs/squid @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -73,6 +73,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.4-13228.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.4.14-fix-max-file-descriptors.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.4-13230.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.4-13231.patch cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi

diff --git a/src/patches/squid-3.4-13231.patch b/src/patches/squid-3.4-13231.patch new file mode 100644 index 0000000..045ad70 --- /dev/null +++ b/src/patches/squid-3.4-13231.patch @@ -0,0 +1,48 @@ +------------------------------------------------------------ +revno: 13231 +revision-id: squid3@treenet.co.nz-20160220150859-3unryicod1rcx9rm +parent: squid3@treenet.co.nz-20160212045316-zwx4r9we4gf27rx3 +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323 +author: Francesco Chemolli kinkie@squid-cache.org +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.4 +timestamp: Sun 2016-02-21 04:08:59 +1300 +message: + Bug 4323: Netfilter broken cross-includes with Linux 4.2 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160220150859-3unryicod1rcx9rm +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: 10fa174d2821207d0bf89ef3013e8f4c3f99f9e3 +# timestamp: 2016-02-20 15:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20160212045316-\ +# zwx4r9we4gf27rx3 +# +# Begin patch +=== modified file 'compat/os/linux.h' +--- compat/os/linux.h 2012-08-28 13:00:30 +0000 ++++ compat/os/linux.h 2016-02-20 15:08:59 +0000 +@@ -22,6 +22,21 @@ + #endif + + /* ++ * Netfilter header madness. (see Bug 4323) ++ * ++ * Netfilter have a history of defining their own versions of network protocol ++ * primitives without sufficient protection against the POSIX defines which are ++ * aways present in Linux. ++ * ++ * netinet/in.h must be included before any other sys header in order to properly ++ * activate include guards in <linux/libc-compat.h> the kernel maintainers added ++ * to workaround it. ++ */ ++#if HAVE_NETINET_IN_H ++#include <netinet/in.h> ++#endif ++ ++/* + * sys/capability.h is only needed in Linux apparently. + * + * HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc +