This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, fifteen has been updated via ac14b325e03276f9e17e334b03a3d3129903bac7 (commit) via 33590570fb5ea3bad3232d208d7515cf43fcd701 (commit) via d3527a38c16451d956c623901d11472ebbe47e98 (commit) via 36b1c19138f9936ae97fac4f94c443593702f22d (commit) from 340a567eae8e9a1be908c13e67626d278f32224c (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit ac14b325e03276f9e17e334b03a3d3129903bac7 Merge: 340a567 3359057 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 9 14:19:52 2013 +0100

Merge branch 'master' into fifteen

-----------------------------------------------------------------------

Summary of changes: config/rootfiles/oldcore/73/filelists/files | 2 + lfs/openssh | 4 +- lfs/squid | 7 +- .../squid-3.3.10-optional-ssl-options.patch | 148 +++++++++++++++++++++ 4 files changed, 157 insertions(+), 4 deletions(-) create mode 100644 src/patches/squid-3.3.10-optional-ssl-options.patch

Difference in files: diff --git a/config/rootfiles/oldcore/73/filelists/files b/config/rootfiles/oldcore/73/filelists/files index 6df851e..8ddb964 100644 --- a/config/rootfiles/oldcore/73/filelists/files +++ b/config/rootfiles/oldcore/73/filelists/files @@ -3,9 +3,11 @@ etc/issue etc/rc.d/init.d/dnsmasq etc/rc.d/init.d/squid srv/web/ipfire/cgi-bin/logs.cgi/proxylog.dat +srv/web/ipfire/cgi-bin/netinternal.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/routing.cgi srv/web/ipfire/cgi-bin/wirelessclient.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi srv/web/ipfire/html/redirect.cgi srv/web/ipfire/html/redirect-templates/ var/ipfire/header.pl diff --git a/lfs/openssh b/lfs/openssh index 3d4ef2f..17772c1 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@

include Config

-VER = 6.2p2 +VER = 6.4p1

THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = be46174dcbb77ebb4ea88ef140685de1 +$(DL_FILE)_MD5 = a62b88b884df0b09b8a8c5789ac9e51b

install : $(TARGET)

diff --git a/lfs/squid b/lfs/squid index bc0ef71..a341857 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@

include Config

-VER = 3.3.9 +VER = 3.3.10

THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 6c4ba0d63c3a6d94de2da689f361cdab +$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0

install : $(TARGET)

@@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) + + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch + cd $(DIR_APP) && ./configure \ --prefix=/usr \ --sysconfdir=/etc/squid \ diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patches/squid-3.3.10-optional-ssl-options.patch new file mode 100644 index 0000000..f6a108c --- /dev/null +++ b/src/patches/squid-3.3.10-optional-ssl-options.patch @@ -0,0 +1,148 @@ +From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115 + +Committer: Christos Tsantilas +Date: 2013-11-07 10:46:14 UTC +Revision ID: chtsanti@users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf + +http://bugs.squid-cache.org/show_bug.cgi?id=3936 +Bug 3936: error-details.txt parse error + +Squid fails parsing error-details.txt template when one or more listed OpenSSL +errors are not supported on running platform. +This patch add a hardcoded list of OpenSSL errors wich can be optional. + +This is a Measurement Factory project + +=== modified file 'src/ssl/ErrorDetail.cc' +--- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000 ++++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000 +@@ -221,6 +221,31 @@ + {SSL_ERROR_NONE, NULL} + }; + ++static const char *OptionalSslErrors[] = { ++ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", ++ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION", ++ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", ++ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION", ++ "X509_V_ERR_INVALID_NON_CA", ++ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", ++ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", ++ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED", ++ "X509_V_ERR_INVALID_EXTENSION", ++ "X509_V_ERR_INVALID_POLICY_EXTENSION", ++ "X509_V_ERR_NO_EXPLICIT_POLICY", ++ "X509_V_ERR_DIFFERENT_CRL_SCOPE", ++ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", ++ "X509_V_ERR_UNNESTED_RESOURCE", ++ "X509_V_ERR_PERMITTED_VIOLATION", ++ "X509_V_ERR_EXCLUDED_VIOLATION", ++ "X509_V_ERR_SUBTREE_MINMAX", ++ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE", ++ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", ++ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", ++ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR", ++ NULL ++}; ++ + struct SslErrorAlias { + const char *name; + const Ssl::ssl_error_t *errors; +@@ -331,6 +356,16 @@ + return NULL; + } + ++bool ++Ssl::ErrorIsOptional(const char *name) ++{ ++ for (int i = 0; OptionalSslErrors[i] != NULL; ++i) { ++ if (strcmp(name, OptionalSslErrors[i]) == 0) ++ return true; ++ } ++ return false; ++} ++ + const char * + Ssl::GetErrorDescr(Ssl::ssl_error_t value) + { + +=== modified file 'src/ssl/ErrorDetail.h' +--- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000 ++++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000 +@@ -40,6 +40,14 @@ + + /** + \ingroup ServerProtocolSSLAPI ++ * Return true if the SSL error is optional and may not supported ++ * by current squid version ++ */ ++ ++bool ErrorIsOptional(const char *name); ++ ++/** ++ \ingroup ServerProtocolSSLAPI + * Used to pass SSL error details to the error pages returned to the + * end user. + */ + +=== modified file 'src/ssl/ErrorDetailManager.cc' +--- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000 ++++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000 +@@ -218,32 +218,35 @@ + } + + Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf()); +- if (ssl_error == SSL_ERROR_NONE) { ++ if (ssl_error != SSL_ERROR_NONE) { ++ ++ if (theDetails->getErrorDetail(ssl_error)) { ++ debugs(83, DBG_IMPORTANT, HERE << ++ "WARNING! duplicate entry: " << errorName); ++ return false; ++ } ++ ++ ErrorDetailEntry &entry = theDetails->theList[ssl_error]; ++ entry.error_no = ssl_error; ++ entry.name = errorName; ++ String tmp = parser.getByName("detail"); ++ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); ++ tmp = parser.getByName("descr"); ++ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); ++ bool parseOK = entry.descr.defined() && entry.detail.defined(); ++ ++ if (!parseOK) { ++ debugs(83, DBG_IMPORTANT, HERE << ++ "WARNING! missing important field for detail error: " << errorName); ++ return false; ++ } ++ ++ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) { + debugs(83, DBG_IMPORTANT, HERE << + "WARNING! invalid error detail name: " << errorName); + return false; + } + +- if (theDetails->getErrorDetail(ssl_error)) { +- debugs(83, DBG_IMPORTANT, HERE << +- "WARNING! duplicate entry: " << errorName); +- return false; +- } +- +- ErrorDetailEntry &entry = theDetails->theList[ssl_error]; +- entry.error_no = ssl_error; +- entry.name = errorName; +- String tmp = parser.getByName("detail"); +- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail); +- tmp = parser.getByName("descr"); +- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr); +- bool parseOK = entry.descr.defined() && entry.detail.defined(); +- +- if (!parseOK) { +- debugs(83, DBG_IMPORTANT, HERE << +- "WARNING! missing imporant field for detail error: " << errorName); +- return false; +- } + }// else {only spaces and black lines; just ignore} + + buf.consume(size); +

hooks/post-receive -- IPFire 2.x development tree