[packages/squid] - up to 4.11; SECURITY fixes
arekm
arekm at pld-linux.org
Thu May 14 23:43:58 CEST 2020
commit d4bb55ac3c1b3a707a583f303f5b3cc535a8306d
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu May 14 23:43:39 2020 +0200
- up to 4.11; SECURITY fixes
debug.patch | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
krb.patch | 32 ++++++++++++++++++++++++++++++++
squid.spec | 8 ++++++--
3 files changed, 92 insertions(+), 2 deletions(-)
---
diff --git a/squid.spec b/squid.spec
index e0b6b20..78234e7 100644
--- a/squid.spec
+++ b/squid.spec
@@ -16,13 +16,13 @@ Summary(ru.UTF-8): Squid - кэш объектов Internet
Summary(uk.UTF-8): Squid - кеш об'єктів Internet
Summary(zh_CN.UTF-8): SQUID 高速缓冲代理服务器
Name: squid
-Version: 4.10
+Version: 4.11
Release: 1
Epoch: 7
License: GPL v2
Group: Networking/Daemons
Source0: http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz
-# Source0-md5: af7ac6e70f9bd03ae4fcec0c9b99c38a
+# Source0-md5: 10f34e852153a9996aa4614670e2bda1
Source1: %{name}.init
Source2: %{name}.sysconfig
Source3: http://squid-docs.sourceforge.net/latest/zip-files/book-full-html.zip
@@ -38,12 +38,14 @@ Source11: %{name}-check_cache
Patch1: %{name}-location.patch
Patch2: %{name}-crash-on-ENOSPC.patch
+Patch3: krb.patch
Patch4: %{name}-2.5.STABLE4-apache-like-combined-log.patch
Patch5: %{name}-ppc-m32.patch
Patch6: %{name}-cachemgr-webapp.patch
# still needed? http://bugs.squid-cache.org/show_bug.cgi?id=3806
# http://www.squid-cache.org/mail-archive/squid-dev/201207/att-0177/squidv3-vary-headers-shm-hack.patch
Patch7: squidv3-vary-headers-shm-hack.patch
+Patch8: debug.patch
URL: http://www.squid-cache.org/
BuildRequires: autoconf
BuildRequires: automake
@@ -629,12 +631,14 @@ Ten pakiet zawiera skrypty perlowe i dodatkowe programy dla Squida.
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%{?with_combined_log:%patch4 -p1}
%ifarch ppc
%patch5 -p1
%endif
%patch6 -p1
#%patch7 -p1
+%patch8 -p1
%{__sed} -i -e '1s#!.*bin/perl#!%{__perl}#' {contrib,scripts}/*.pl
diff --git a/debug.patch b/debug.patch
new file mode 100644
index 0000000..bc3310c
--- /dev/null
+++ b/debug.patch
@@ -0,0 +1,54 @@
+From c26cd1cb6a60ff196ef13c00e82576d3bfeb2e30 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov at measurement-factory.com>
+Date: Thu, 23 Apr 2020 05:56:35 -0600
+Subject: [PATCH] Bug 5041: Missing Debug::Extra breaks build on hosts with
+ systemd (#611)
+
+* Bug 5041: Missing Debug::Extra breaks build on hosts with systemd
+
+Master commit 6fa8c66 (i.e. Bug 5016 fix) relied on Debug::Extra added
+by master commit (ccfbe8f) that was not ported to v4. The port of the
+former master commit lacked the required piece of the latter commit.
+
+The problem is invisible on hosts without a systemd package (that Squid
+can find/use) and with Squids explicitly ./configured --without-systemd.
+
+* "Minimum features" build test should be --without-systemd
+
+* LDFLAGS were missing SYSTEMD_LIBS in builds with systemd support
+
+Co-authored-by: Amos Jeffries <yadij at users.noreply.github.com>
+---
+ configure.ac | 1 +
+ src/Debug.h | 4 ++++
+ test-suite/buildtests/layer-01-minimal.opts | 1 +
+ 3 files changed, 6 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 9d1a38c4f8..281d237bc5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2162,6 +2162,7 @@ if test "x$with_systemd" != "xno" -a "x$squid_host_os" = "xlinux"; then
+ fi
+ if test "x$SYSTEMD_LIBS" != "x" ; then
+ CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS"
++ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS"
+ AC_DEFINE(USE_SYSTEMD,1,[systemd support is available])
+ else
+ with_systemd=no
+diff --git a/src/Debug.h b/src/Debug.h
+index 6eecd01bf9..ddd9e38f8f 100644
+--- a/src/Debug.h
++++ b/src/Debug.h
+@@ -99,6 +99,10 @@ class Debug
+
+ /// configures the active debugging context to write syslog ALERT
+ static void ForceAlert();
++
++ /// prefixes each grouped debugs() line after the first one in the group
++ static std::ostream& Extra(std::ostream &os) { return os << "\n "; }
++
+ private:
+ static Context *Current; ///< deepest active context; nil outside debugs()
+ };
+
diff --git a/krb.patch b/krb.patch
new file mode 100644
index 0000000..9555b76
--- /dev/null
+++ b/krb.patch
@@ -0,0 +1,32 @@
+From 990f3cb0266779b329dca303cc7ec8977ed8a0b5 Mon Sep 17 00:00:00 2001
+From: Markus Moeller <markus_moeller at compuserve.com>
+Date: Sat, 9 May 2020 14:00:23 +0100
+Subject: [PATCH 4/5] Add Heimdal check for keyblock
+
+---
+ src/acl/external/kerberos_ldap_group/support_krb5.cc | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/acl/external/kerberos_ldap_group/support_krb5.cc b/src/acl/external/kerberos_ldap_group/support_krb5.cc
+index 6d50c73166..b4964d83ee 100644
+--- a/src/acl/external/kerberos_ldap_group/support_krb5.cc
++++ b/src/acl/external/kerberos_ldap_group/support_krb5.cc
+@@ -467,10 +467,15 @@ krb5_create_cache(char *domain, char *service_principal_name)
+ }
+
+ // overwrite limitation of enctypes
++#if USE_HEIMDAL_KRB5
++ creds->session.keytype = 0;
++ if (creds->session.keyvalue.length>0)
++ krb5_free_keyblock_contents(kparam.context, &creds->session);
++#else
+ creds->keyblock.enctype = 0;
+ if (creds->keyblock.contents)
+ krb5_free_keyblock_contents(kparam.context, &creds->keyblock);
+-
++#endif
+ code = krb5_get_credentials(kparam.context, 0, kparam.cc[ccindex], creds, &tgt_creds);
+ if (code) {
+ k5_error("Error while getting tgt", code);
+
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/squid.git/commitdiff/d4bb55ac3c1b3a707a583f303f5b3cc535a8306d
More information about the pld-cvs-commit
mailing list