* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. d3527a38c16451d956c623901d11472ebbe47e98
@ 2013-11-08 13:32 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-11-08 13:32 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 11332 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via d3527a38c16451d956c623901d11472ebbe47e98 (commit)
via 36b1c19138f9936ae97fac4f94c443593702f22d (commit)
from 9a6b4cb648b871fcfce9a386213e5ab6f8b7bba9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d3527a38c16451d956c623901d11472ebbe47e98
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Sep 7 16:38:23 2013 +0200
Multiple CGI files: Check if BLUE or ORANGE are actually configured.
commit 36b1c19138f9936ae97fac4f94c443593702f22d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Nov 8 14:13:30 2013 +0100
squid: Update to 3.3.10 + SSL options fix.
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/73/filelists/files | 2 +
html/cgi-bin/netinternal.cgi | 4 +-
html/cgi-bin/proxy.cgi | 4 +-
html/cgi-bin/vpnmain.cgi | 4 +-
lfs/squid | 7 +-
.../squid-3.3.10-optional-ssl-options.patch | 148 +++++++++++++++++++++
6 files changed, 161 insertions(+), 8 deletions(-)
create mode 100644 src/patches/squid-3.3.10-optional-ssl-options.patch
Difference in files:
diff --git a/config/rootfiles/core/73/filelists/files b/config/rootfiles/core/73/filelists/files
index 6df851e..8ddb964 100644
--- a/config/rootfiles/core/73/filelists/files
+++ b/config/rootfiles/core/73/filelists/files
@@ -3,9 +3,11 @@ etc/issue
etc/rc.d/init.d/dnsmasq
etc/rc.d/init.d/squid
srv/web/ipfire/cgi-bin/logs.cgi/proxylog.dat
+srv/web/ipfire/cgi-bin/netinternal.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/routing.cgi
srv/web/ipfire/cgi-bin/wirelessclient.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/html/redirect.cgi
srv/web/ipfire/html/redirect-templates/
var/ipfire/header.pl
diff --git a/html/cgi-bin/netinternal.cgi b/html/cgi-bin/netinternal.cgi
index 60560f3..3f2fb56 100644
--- a/html/cgi-bin/netinternal.cgi
+++ b/html/cgi-bin/netinternal.cgi
@@ -61,8 +61,8 @@ if ( $querry[0] =~ /wireless/ ){
&Header::openbigbox('100%', 'left');
push (@graphs, ($netsettings{'GREEN_DEV'}));
- if ($netsettings{'BLUE_DEV'}) {push (@graphs, ($netsettings{'BLUE_DEV'})); }
- if ($netsettings{'ORANGE_DEV'}) {push (@graphs, ($netsettings{'ORANGE_DEV'})); }
+ if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {push (@graphs, ($netsettings{'BLUE_DEV'})); }
+ if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {push (@graphs, ($netsettings{'ORANGE_DEV'})); }
my @wirelessgraphs = `ls -dA /var/log/rrd/collectd/localhost/wireless* 2>/dev/null`;
foreach (@wirelessgraphs){
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 25e935b..6dd900f 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -180,8 +180,8 @@ close(FILE);
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}");
-my $blue_cidr = "# Blue not defined";
-if ($netsettings{'BLUE_DEV'}) {
+my $blue_cidr = "";
+if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}");
}
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 58645c3..a40894e 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -61,11 +61,11 @@ my %mainsettings = ();
my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
my $blue_cidr = "# Blue not defined";
-if ($netsettings{'BLUE_DEV'}) {
+if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
$blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
}
my $orange_cidr = "# Orange not defined";
-if ($netsettings{'ORANGE_DEV'}) {
+if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
$orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
}
diff --git a/lfs/squid b/lfs/squid
index bc0ef71..a341857 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
include Config
-VER = 3.3.9
+VER = 3.3.10
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6c4ba0d63c3a6d94de2da689f361cdab
+$(DL_FILE)_MD5 = 28058812d722cac303517a643e28bcb0
install : $(TARGET)
@@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
+
+ cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/squid-3.3.10-optional-ssl-options.patch
+
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/etc/squid \
diff --git a/src/patches/squid-3.3.10-optional-ssl-options.patch b/src/patches/squid-3.3.10-optional-ssl-options.patch
new file mode 100644
index 0000000..f6a108c
--- /dev/null
+++ b/src/patches/squid-3.3.10-optional-ssl-options.patch
@@ -0,0 +1,148 @@
+From: http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/13115
+
+Committer: Christos Tsantilas
+Date: 2013-11-07 10:46:14 UTC
+Revision ID: chtsanti(a)users.sourceforge.net-20131107104614-s3a9kzlkgm7x9rhf
+
+http://bugs.squid-cache.org/show_bug.cgi?id=3936
+Bug 3936: error-details.txt parse error
+
+Squid fails parsing error-details.txt template when one or more listed OpenSSL
+errors are not supported on running platform.
+This patch add a hardcoded list of OpenSSL errors wich can be optional.
+
+This is a Measurement Factory project
+
+=== modified file 'src/ssl/ErrorDetail.cc'
+--- src/ssl/ErrorDetail.cc 2013-07-31 00:13:04 +0000
++++ src/ssl/ErrorDetail.cc 2013-11-07 10:46:14 +0000
+@@ -221,6 +221,31 @@
+ {SSL_ERROR_NONE, NULL}
+ };
+
++static const char *OptionalSslErrors[] = {
++ "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
++ "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION",
++ "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN",
++ "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION",
++ "X509_V_ERR_INVALID_NON_CA",
++ "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED",
++ "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE",
++ "X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED",
++ "X509_V_ERR_INVALID_EXTENSION",
++ "X509_V_ERR_INVALID_POLICY_EXTENSION",
++ "X509_V_ERR_NO_EXPLICIT_POLICY",
++ "X509_V_ERR_DIFFERENT_CRL_SCOPE",
++ "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE",
++ "X509_V_ERR_UNNESTED_RESOURCE",
++ "X509_V_ERR_PERMITTED_VIOLATION",
++ "X509_V_ERR_EXCLUDED_VIOLATION",
++ "X509_V_ERR_SUBTREE_MINMAX",
++ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE",
++ "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX",
++ "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX",
++ "X509_V_ERR_CRL_PATH_VALIDATION_ERROR",
++ NULL
++};
++
+ struct SslErrorAlias {
+ const char *name;
+ const Ssl::ssl_error_t *errors;
+@@ -331,6 +356,16 @@
+ return NULL;
+ }
+
++bool
++Ssl::ErrorIsOptional(const char *name)
++{
++ for (int i = 0; OptionalSslErrors[i] != NULL; ++i) {
++ if (strcmp(name, OptionalSslErrors[i]) == 0)
++ return true;
++ }
++ return false;
++}
++
+ const char *
+ Ssl::GetErrorDescr(Ssl::ssl_error_t value)
+ {
+
+=== modified file 'src/ssl/ErrorDetail.h'
+--- src/ssl/ErrorDetail.h 2013-05-30 10:10:29 +0000
++++ src/ssl/ErrorDetail.h 2013-11-07 10:46:14 +0000
+@@ -40,6 +40,14 @@
+
+ /**
+ \ingroup ServerProtocolSSLAPI
++ * Return true if the SSL error is optional and may not supported
++ * by current squid version
++ */
++
++bool ErrorIsOptional(const char *name);
++
++/**
++ \ingroup ServerProtocolSSLAPI
+ * Used to pass SSL error details to the error pages returned to the
+ * end user.
+ */
+
+=== modified file 'src/ssl/ErrorDetailManager.cc'
+--- src/ssl/ErrorDetailManager.cc 2013-10-25 00:13:46 +0000
++++ src/ssl/ErrorDetailManager.cc 2013-11-07 10:46:14 +0000
+@@ -218,32 +218,35 @@
+ }
+
+ Ssl::ssl_error_t ssl_error = Ssl::GetErrorCode(errorName.termedBuf());
+- if (ssl_error == SSL_ERROR_NONE) {
++ if (ssl_error != SSL_ERROR_NONE) {
++
++ if (theDetails->getErrorDetail(ssl_error)) {
++ debugs(83, DBG_IMPORTANT, HERE <<
++ "WARNING! duplicate entry: " << errorName);
++ return false;
++ }
++
++ ErrorDetailEntry &entry = theDetails->theList[ssl_error];
++ entry.error_no = ssl_error;
++ entry.name = errorName;
++ String tmp = parser.getByName("detail");
++ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
++ tmp = parser.getByName("descr");
++ httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
++ bool parseOK = entry.descr.defined() && entry.detail.defined();
++
++ if (!parseOK) {
++ debugs(83, DBG_IMPORTANT, HERE <<
++ "WARNING! missing important field for detail error: " << errorName);
++ return false;
++ }
++
++ } else if (!Ssl::ErrorIsOptional(errorName.termedBuf())) {
+ debugs(83, DBG_IMPORTANT, HERE <<
+ "WARNING! invalid error detail name: " << errorName);
+ return false;
+ }
+
+- if (theDetails->getErrorDetail(ssl_error)) {
+- debugs(83, DBG_IMPORTANT, HERE <<
+- "WARNING! duplicate entry: " << errorName);
+- return false;
+- }
+-
+- ErrorDetailEntry &entry = theDetails->theList[ssl_error];
+- entry.error_no = ssl_error;
+- entry.name = errorName;
+- String tmp = parser.getByName("detail");
+- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.detail);
+- tmp = parser.getByName("descr");
+- httpHeaderParseQuotedString(tmp.termedBuf(), tmp.size(), &entry.descr);
+- bool parseOK = entry.descr.defined() && entry.detail.defined();
+-
+- if (!parseOK) {
+- debugs(83, DBG_IMPORTANT, HERE <<
+- "WARNING! missing imporant field for detail error: " << errorName);
+- return false;
+- }
+ }// else {only spaces and black lines; just ignore}
+
+ buf.consume(size);
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-11-08 13:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-08 13:32 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. d3527a38c16451d956c623901d11472ebbe47e98 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox