This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, master has been updated via d3527a38c16451d956c623901d11472ebbe47e98 (commit) via 36b1c19138f9936ae97fac4f94c443593702f22d (commit) from 9a6b4cb648b871fcfce9a386213e5ab6f8b7bba9 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit d3527a38c16451d956c623901d11472ebbe47e98 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Sep 7 16:38:23 2013 +0200

Multiple CGI files: Check if BLUE or ORANGE are actually configured.

commit 36b1c19138f9936ae97fac4f94c443593702f22d Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 8 14:13:30 2013 +0100

squid: Update to 3.3.10 + SSL options fix.

-----------------------------------------------------------------------

Summary of changes: config/rootfiles/core/73/filelists/files | 2 + html/cgi-bin/netinternal.cgi | 4 +- html/cgi-bin/proxy.cgi | 4 +- html/cgi-bin/vpnmain.cgi | 4 +- lfs/squid | 7 +- .../squid-3.3.10-optional-ssl-options.patch | 148 +++++++++++++++++++++ 6 files changed, 161 insertions(+), 8 deletions(-) create mode 100644 src/patches/squid-3.3.10-optional-ssl-options.patch

Difference in files: diff --git a/config/rootfiles/core/73/filelists/files b/config/rootfiles/core/73/filelists/files index 6df851e..8ddb964 100644 --- a/config/rootfiles/core/73/filelists/files +++ b/config/rootfiles/core/73/filelists/files @@ -3,9 +3,11 @@ etc/issue etc/rc.d/init.d/dnsmasq etc/rc.d/init.d/squid srv/web/ipfire/cgi-bin/logs.cgi/proxylog.dat +srv/web/ipfire/cgi-bin/netinternal.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/routing.cgi srv/web/ipfire/cgi-bin/wirelessclient.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi srv/web/ipfire/html/redirect.cgi srv/web/ipfire/html/redirect-templates/ var/ipfire/header.pl diff --git a/html/cgi-bin/netinternal.cgi b/html/cgi-bin/netinternal.cgi index 60560f3..3f2fb56 100644 --- a/html/cgi-bin/netinternal.cgi +++ b/html/cgi-bin/netinternal.cgi @@ -61,8 +61,8 @@ if ( $querry[0] =~ /wireless/ ){ &Header::openbigbox('100%', 'left');

push (@graphs, ($netsettings{'GREEN_DEV'})); - if ($netsettings{'BLUE_DEV'}) {push (@graphs, ($netsettings{'BLUE_DEV'})); } - if ($netsettings{'ORANGE_DEV'}) {push (@graphs, ($netsettings{'ORANGE_DEV'})); } + if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {push (@graphs, ($netsettings{'BLUE_DEV'})); } + if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {push (@graphs, ($netsettings{'ORANGE_DEV'})); }

my @wirelessgraphs = `ls -dA /var/log/rrd/collectd/localhost/wireless* 2>/dev/null`; foreach (@wirelessgraphs){ diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 25e935b..6dd900f 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -180,8 +180,8 @@ close(FILE); &General::readhash("${General::swroot}/main/settings", %mainsettings);

my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"); -my $blue_cidr = "# Blue not defined"; -if ($netsettings{'BLUE_DEV'}) { +my $blue_cidr = ""; +if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) { $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"); }

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 58645c3..a40894e 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -61,11 +61,11 @@ my %mainsettings = ();

my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}"); my $blue_cidr = "# Blue not defined"; -if ($netsettings{'BLUE_DEV'}) { +if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) { $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"); } my $orange_cidr = "# Orange not defined"; -if ($netsettings{'ORANGE_DEV'}) { +if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) { $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}"); }

diff --git a/lfs/squid b/lfs/squid index bc0ef71..a341857 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@

include Config

-VER = 3.3.9 +VER = 3.3.10

THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 6c4ba0d63c3a6d94de2da689f361cdab +$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0

install : $(TARGET)

@@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) + + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch + cd $(DIR_APP) && ./configure \ --prefix=/usr \ --sysconfdir=/etc/squid \ diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patches/squid-3.3.10-optional-ssl-options.patch new file mode 100644 index 0000000..f6a108c --- /dev/null +++ b/src/patches/squid-3.3.10-optional-ssl-options.patch @@ -0,0 +1,148 @@ +From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115 + +Committer: Christos Tsantilas +Date: 2013-11-07 10:46:14 UTC +Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf + +http://bugs.squid-cache.org/show_bug.cgi?id=3936 +Bug 3936: error-details.txt parse error + +Squid fails parsing error-details.txt template when one or more listed OpenSSL +errors are not supported on running platform. +This patch add a hardcoded list of OpenSSL errors wich can be optional. + +This is a Measurement Factory project + +=== modified file 'src/ssl/ErrorDetail.cc' +--- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000 ++++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000 +@@ -221,6 +221,31 @@ + {SSL_ERROR_NONE, NULL} + }; + ++static const char *OptionalSslErrors[] = { ++ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", ++ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION", ++ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", ++ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION", ++ "X509_V_ERR_INVALID_NON_CA", ++ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", ++ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", ++ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED", ++ "X509_V_ERR_INVALID_EXTENSION", ++ "X509_V_ERR_INVALID_POLICY_EXTENSION", ++ "X509_V_ERR_NO_EXPLICIT_POLICY", ++ "X509_V_ERR_DIFFERENT_CRL_SCOPE", ++ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", ++ "X509_V_ERR_UNNESTED_RESOURCE", ++ "X509_V_ERR_PERMITTED_VIOLATION", ++ "X509_V_ERR_EXCLUDED_VIOLATION", ++ "X509_V_ERR_SUBTREE_MINMAX", ++ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE", ++ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", ++ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", ++ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR", ++ NULL ++}; ++ + struct SslErrorAlias { + const char *name; + const Ssl::ssl_error_t *errors; +@@ -331,6 +356,16 @@ + return NULL; + } + ++bool ++Ssl::ErrorIsOptional(const char *name) ++{ ++ for (int i = 0; OptionalSslErrors[i] != NULL; ++i) { ++ if (strcmp(name, OptionalSslErrors[i]) == 0) ++ return true; ++ } ++ return false; ++} ++ + const char * + Ssl::GetErrorDescr(Ssl::ssl_error_t value) + { + +=== modified file 'src/ssl/ErrorDetail.h' +--- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000 ++++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000 +@@ -40,6 +40,14 @@ + + /** + \ingroup ServerProtocolSSLAPI ++ * Return true if the SSL error is optional and may not supported ++ * by current squid version ++ */ ++ ++bool ErrorIsOptional(const char *name); ++ ++/** ++ \ingroup ServerProtocolSSLAPI + * Used to pass SSL error details to the error pages returned to the + * end user. + */ + +=== modified file 'src/ssl/ErrorDetailManager.cc' +--- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000 ++++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000 +@@ -218,32 +218,35 @@ + } + + Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf()); +- if (ssl_error == SSL_ERROR_NONE) { ++ if (ssl_error != SSL_ERROR_NONE) { ++ ++ if (theDetails->getErrorDetail(ssl_error)) { ++ debugs(83, DBG_IMPORTANT, HERE << ++ "WARNING! duplicate entry: " << errorName); ++ return false; ++ } ++ ++ ErrorDetailEntry &entry = theDetails->theList[ssl_error]; ++ entry.error_no = ssl_error; ++ entry.name = errorName; ++ String tmp = parser.getByName("detail"); ++ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); ++ tmp = parser.getByName("descr"); ++ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); ++ bool parseOK = entry.descr.defined() && entry.detail.defined(); ++ ++ if (!parseOK) { ++ debugs(83, DBG_IMPORTANT, HERE << ++ "WARNING! missing important field for detail error: " << errorName); ++ return false; ++ } ++ ++ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) { + debugs(83, DBG_IMPORTANT, HERE << + "WARNING! invalid error detail name: " << errorName); + return false; + } + +- if (theDetails->getErrorDetail(ssl_error)) { +- debugs(83, DBG_IMPORTANT, HERE << +- "WARNING! duplicate entry: " << errorName); +- return false; +- } +- +- ErrorDetailEntry &entry = theDetails->theList[ssl_error]; +- entry.error_no = ssl_error; +- entry.name = errorName; +- String tmp = parser.getByName("detail"); +- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); +- tmp = parser.getByName("descr"); +- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); +- bool parseOK = entry.descr.defined() && entry.detail.defined(); +- +- if (!parseOK) { +- debugs(83, DBG_IMPORTANT, HERE << +- "WARNING! missing imporant field for detail error: " << errorName); +- return false; +- } + }// else {only spaces and black lines; just ignore} + + buf.consume(size); +

hooks/post-receive -- IPFire 2.x development tree