[git.ipfire.org] IPFire 2.x development tree branch, next, updated. a408e02da29d32d72a570112caec8544f0474f51

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via a408e02da29d32d72a570112caec8544f0474f51 (commit) from 6003c4bbdb46094dcbcf63939395fe3bda82da70 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit a408e02da29d32d72a570112caec8544f0474f51 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 3 14:42:30 2013 +0100

squid: Update to 3.3.11.

-----------------------------------------------------------------------

Summary of changes: lfs/squid | 10 +- src/patches/squid-3.1-10486.patch | 54 -------- src/patches/squid-3.1-10487.patch | 73 ---------- .../squid-3.3.10-optional-ssl-options.patch | 148 --------------------- src/patches/squid-3.3.10-set-rlimit-fds.patch | 51 ------- 5 files changed, 2 insertions(+), 334 deletions(-) delete mode 100644 src/patches/squid-3.1-10486.patch delete mode 100644 src/patches/squid-3.1-10487.patch delete mode 100644 src/patches/squid-3.3.10-optional-ssl-options.patch delete mode 100644 src/patches/squid-3.3.10-set-rlimit-fds.patch

Difference in files: diff --git a/lfs/squid b/lfs/squid index d3bff48..3c5f6c5 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@

include Config

-VER = 3.3.10 +VER = 3.3.11

THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0 +$(DL_FILE)_MD5 = dd016ff5f14b2548083b3882207914f6

install : $(TARGET)

@@ -53,7 +53,6 @@ md5 : $(subst %,%_MD5,$(objects)) ############################################################################### # Downloading, checking, md5sum ############################################################################### - $(patsubst %,$(DIR_CHK)/%,$(objects)) : @$(CHECK)

@@ -70,11 +69,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - - cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch - cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-set-rlimit-fds.patch - - cd $(DIR_APP) && ./bootstrap.sh cd $(DIR_APP) && ./configure \ --prefix=/usr \ --sysconfdir=/etc/squid \ diff --git a/src/patches/squid-3.1-10486.patch b/src/patches/squid-3.1-10486.patch deleted file mode 100644 index 6a0388e..0000000 --- a/src/patches/squid-3.1-10486.patch +++ /dev/null @@ -1,54 +0,0 @@ ------------------------------------------------------------- -revno: 10486 -revision-id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h -parent: squid3@treenet.co.nz-20130109021503-hqg7ufldrudpzr9l -fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790 -author: Reinhard Sojka reinhard.sojka@parlament.gv.at -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: SQUID_3_1 -timestamp: Fri 2013-02-22 04:13:25 -0700 -message: - Bug 3790: cachemgr.cgi crash with authentication ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h -# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches%5C -# /SQUID_3_1 -# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b -# timestamp: 2013-02-22 11:17:18 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches%5C -# /SQUID_3_1 -# base_revision_id: squid3@treenet.co.nz-20130109021503-\ -# hqg7ufldrudpzr9l -# -# Begin patch -=== modified file 'tools/cachemgr.cc' ---- tools/cachemgr.cc 2013-01-08 23:11:51 +0000 -+++ tools/cachemgr.cc 2013-02-22 11:13:25 +0000 -@@ -1162,7 +1162,6 @@ - { - static char buf[1024]; - size_t stringLength = 0; -- const char *str64; - - if (!req->passwd) - return ""; -@@ -1171,15 +1170,12 @@ - req->user_name ? req->user_name : "", - req->passwd); - -- str64 = base64_encode(buf); -- -- stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64); -+ stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf)); - - assert(stringLength < sizeof(buf)); - -- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64); -+ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf)); - -- xxfree(str64); - return buf; - } - - diff --git a/src/patches/squid-3.1-10487.patch b/src/patches/squid-3.1-10487.patch deleted file mode 100644 index 2ca4848..0000000 --- a/src/patches/squid-3.1-10487.patch +++ /dev/null @@ -1,73 +0,0 @@ ------------------------------------------------------------- -revno: 10487 -revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx -parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h -author: Nathan Hoad nathan@getoffmalawn.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: SQUID_3_1 -timestamp: Wed 2013-07-10 06:47:48 -0600 -message: - Protect against buffer overrun in DNS query generation - - see SQUID-2013:2. - - This bug has been present as long as the internal DNS component however - most code reaching this point is passing through URL validation first. - With Squid-3.2 Host header verification using DNS directly we may have - problems. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx -# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches%5C -# /SQUID_3_1 -# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0 -# timestamp: 2013-07-10 12:48:57 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches%5C -# /SQUID_3_1 -# base_revision_id: squid3@treenet.co.nz-20130222111325-\ -# zizr296kq3te4g7h -# -# Begin patch -=== modified file 'src/dns_internal.cc' ---- src/dns_internal.cc 2011-10-11 02:12:56 +0000 -+++ src/dns_internal.cc 2013-07-10 12:47:48 +0000 -@@ -1532,22 +1532,26 @@ - void - idnsALookup(const char *name, IDNSCB * callback, void *data) - { -- unsigned int i; -+ size_t nameLength = strlen(name); -+ -+ // Prevent buffer overflow on q->name -+ if (nameLength > NS_MAXDNAME) { -+ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details."); -+ callback(data, NULL, 0, "Internal error"); -+ return; -+ } -+ -+ if (idnsCachedLookup(name, callback, data)) -+ return; -+ -+ idns_query *q = cbdataAlloc(idns_query); -+ q->id = idnsQueryID(); - int nd = 0; -- idns_query *q; -- -- if (idnsCachedLookup(name, callback, data)) -- return; -- -- q = cbdataAlloc(idns_query); -- -- q->id = idnsQueryID(); -- -- for (i = 0; i < strlen(name); i++) -+ for (unsigned int i = 0; i < nameLength; ++i) - if (name[i] == '.') - nd++; - -- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') { -+ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') { - q->do_searchpath = 1; - } else { - q->do_searchpath = 0; - diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patches/squid-3.3.10-optional-ssl-options.patch deleted file mode 100644 index f6a108c..0000000 --- a/src/patches/squid-3.3.10-optional-ssl-options.patch +++ /dev/null @@ -1,148 +0,0 @@ -From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115 - -Committer: Christos Tsantilas -Date: 2013-11-07 10:46:14 UTC -Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf - -http://bugs.squid-cache.org/show_bug.cgi?id=3936 -Bug 3936: error-details.txt parse error - -Squid fails parsing error-details.txt template when one or more listed OpenSSL -errors are not supported on running platform. -This patch add a hardcoded list of OpenSSL errors wich can be optional. - -This is a Measurement Factory project - -=== modified file 'src/ssl/ErrorDetail.cc' ---- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000 -+++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000 -@@ -221,6 +221,31 @@ - {SSL_ERROR_NONE, NULL} - }; - -+static const char *OptionalSslErrors[] = { -+ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", -+ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION", -+ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", -+ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION", -+ "X509_V_ERR_INVALID_NON_CA", -+ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", -+ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", -+ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED", -+ "X509_V_ERR_INVALID_EXTENSION", -+ "X509_V_ERR_INVALID_POLICY_EXTENSION", -+ "X509_V_ERR_NO_EXPLICIT_POLICY", -+ "X509_V_ERR_DIFFERENT_CRL_SCOPE", -+ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", -+ "X509_V_ERR_UNNESTED_RESOURCE", -+ "X509_V_ERR_PERMITTED_VIOLATION", -+ "X509_V_ERR_EXCLUDED_VIOLATION", -+ "X509_V_ERR_SUBTREE_MINMAX", -+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE", -+ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", -+ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", -+ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR", -+ NULL -+}; -+ - struct SslErrorAlias { - const char *name; - const Ssl::ssl_error_t *errors; -@@ -331,6 +356,16 @@ - return NULL; - } - -+bool -+Ssl::ErrorIsOptional(const char *name) -+{ -+ for (int i = 0; OptionalSslErrors[i] != NULL; ++i) { -+ if (strcmp(name, OptionalSslErrors[i]) == 0) -+ return true; -+ } -+ return false; -+} -+ - const char * - Ssl::GetErrorDescr(Ssl::ssl_error_t value) - { - -=== modified file 'src/ssl/ErrorDetail.h' ---- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000 -+++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000 -@@ -40,6 +40,14 @@ - - /** - \ingroup ServerProtocolSSLAPI -+ * Return true if the SSL error is optional and may not supported -+ * by current squid version -+ */ -+ -+bool ErrorIsOptional(const char *name); -+ -+/** -+ \ingroup ServerProtocolSSLAPI - * Used to pass SSL error details to the error pages returned to the - * end user. - */ - -=== modified file 'src/ssl/ErrorDetailManager.cc' ---- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000 -+++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000 -@@ -218,32 +218,35 @@ - } - - Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf()); -- if (ssl_error == SSL_ERROR_NONE) { -+ if (ssl_error != SSL_ERROR_NONE) { -+ -+ if (theDetails->getErrorDetail(ssl_error)) { -+ debugs(83, DBG_IMPORTANT, HERE << -+ "WARNING! duplicate entry: " << errorName); -+ return false; -+ } -+ -+ ErrorDetailEntry &entry = theDetails->theList[ssl_error]; -+ entry.error_no = ssl_error; -+ entry.name = errorName; -+ String tmp = parser.getByName("detail"); -+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); -+ tmp = parser.getByName("descr"); -+ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); -+ bool parseOK = entry.descr.defined() && entry.detail.defined(); -+ -+ if (!parseOK) { -+ debugs(83, DBG_IMPORTANT, HERE << -+ "WARNING! missing important field for detail error: " << errorName); -+ return false; -+ } -+ -+ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) { - debugs(83, DBG_IMPORTANT, HERE << - "WARNING! invalid error detail name: " << errorName); - return false; - } - -- if (theDetails->getErrorDetail(ssl_error)) { -- debugs(83, DBG_IMPORTANT, HERE << -- "WARNING! duplicate entry: " << errorName); -- return false; -- } -- -- ErrorDetailEntry &entry = theDetails->theList[ssl_error]; -- entry.error_no = ssl_error; -- entry.name = errorName; -- String tmp = parser.getByName("detail"); -- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); -- tmp = parser.getByName("descr"); -- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); -- bool parseOK = entry.descr.defined() && entry.detail.defined(); -- -- if (!parseOK) { -- debugs(83, DBG_IMPORTANT, HERE << -- "WARNING! missing imporant field for detail error: " << errorName); -- return false; -- } - }// else {only spaces and black lines; just ignore} - - buf.consume(size); - diff --git a/src/patches/squid-3.3.10-set-rlimit-fds.patch b/src/patches/squid-3.3.10-set-rlimit-fds.patch deleted file mode 100644 index a80ce73..0000000 --- a/src/patches/squid-3.3.10-set-rlimit-fds.patch +++ /dev/null @@ -1,51 +0,0 @@ -http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13144 - - Committer: Amos Jeffries - Date: 2013-11-23 01:28:52 UTC - Revision ID: squid3@treenet.co.nz-20131123012852-zpe8hamjrs5vy42w - -http://bugs.squid-cache.org/show_bug.cgi?id=3970 -Bug 3970: max_filedescriptors disabled due to missing setrlimit - -=== modified file 'configure.ac' ---- configure.ac 2013-11-16 13:19:28 +0000 -+++ configure.ac 2013-11-23 01:28:52 +0000 -@@ -2534,7 +2534,6 @@ - ;; - esac - -- - dnl --with-maxfd present for compatibility with Squid-2. - dnl undocumented in ./configure --help to encourage using the Squid-3 directive - AC_ARG_WITH(maxfd,, -@@ -2542,6 +2541,7 @@ - case ${withval} in - [[0-9]]*) - squid_filedescriptors_num=$withval -+ AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)]) - ;; - *) - AC_MSG_ERROR(--with-maxfd expects a numeric argument) -@@ -2556,6 +2556,7 @@ - case ${withval} in - [[0-9]]*) - squid_filedescriptors_num=$withval -+ AC_MSG_NOTICE([forcing default of $squid_filedescriptors_num filedescriptors (user-forced)]) - ;; - *) - AC_MSG_ERROR(--with-filedescriptors expects a numeric argument) -@@ -2564,10 +2565,9 @@ - ]) - - SQUID_CHECK_DEFAULT_FD_SETSIZE --if test "x$squid_filedescriptors_num" = "x"; then -- SQUID_CHECK_MAXFD --else -- AC_MSG_NOTICE([forcing use of $squid_filedescriptors_num filedescriptors (user-forced)]) -+SQUID_CHECK_MAXFD -+if test "x$squid_filedescriptors_num" != "x"; then -+ AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num]) - fi - if test "$squid_filedescriptors_num" -lt 512 ; then - AC_MSG_WARN([$squid_filedescriptors_num may not be enough filedescriptors if your]) -

hooks/post-receive -- IPFire 2.x development tree