From: Arkadiusz Miśkiewicz Date: Thu, 14 May 2020 21:43:39 +0000 (+0200) Subject: - up to 4.11; SECURITY fixes X-Git-Tag: auto/th/squid-4.11-1 X-Git-Url: http://git.pld-linux.org/?p=packages%2Fsquid.git;a=commitdiff_plain;h=d4bb55a - up to 4.11; SECURITY fixes --- diff --git a/debug.patch b/debug.patch new file mode 100644 index 0000000..bc3310c --- /dev/null +++ b/debug.patch @@ -0,0 +1,54 @@ +From c26cd1cb6a60ff196ef13c00e82576d3bfeb2e30 Mon Sep 17 00:00:00 2001 +From: Alex Rousskov +Date: Thu, 23 Apr 2020 05:56:35 -0600 +Subject: [PATCH] Bug 5041: Missing Debug::Extra breaks build on hosts with + systemd (#611) + +* Bug 5041: Missing Debug::Extra breaks build on hosts with systemd + +Master commit 6fa8c66 (i.e. Bug 5016 fix) relied on Debug::Extra added +by master commit (ccfbe8f) that was not ported to v4. The port of the +former master commit lacked the required piece of the latter commit. + +The problem is invisible on hosts without a systemd package (that Squid +can find/use) and with Squids explicitly ./configured --without-systemd. + +* "Minimum features" build test should be --without-systemd + +* LDFLAGS were missing SYSTEMD_LIBS in builds with systemd support + +Co-authored-by: Amos Jeffries +--- + configure.ac | 1 + + src/Debug.h | 4 ++++ + test-suite/buildtests/layer-01-minimal.opts | 1 + + 3 files changed, 6 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 9d1a38c4f8..281d237bc5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2162,6 +2162,7 @@ if test "x$with_systemd" != "xno" -a "x$squid_host_os" = "xlinux"; then + fi + if test "x$SYSTEMD_LIBS" != "x" ; then + CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS" ++ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS" + AC_DEFINE(USE_SYSTEMD,1,[systemd support is available]) + else + with_systemd=no +diff --git a/src/Debug.h b/src/Debug.h +index 6eecd01bf9..ddd9e38f8f 100644 +--- a/src/Debug.h ++++ b/src/Debug.h +@@ -99,6 +99,10 @@ class Debug + + /// configures the active debugging context to write syslog ALERT + static void ForceAlert(); ++ ++ /// prefixes each grouped debugs() line after the first one in the group ++ static std::ostream& Extra(std::ostream &os) { return os << "\n "; } ++ + private: + static Context *Current; ///< deepest active context; nil outside debugs() + }; + diff --git a/krb.patch b/krb.patch new file mode 100644 index 0000000..9555b76 --- /dev/null +++ b/krb.patch @@ -0,0 +1,32 @@ +From 990f3cb0266779b329dca303cc7ec8977ed8a0b5 Mon Sep 17 00:00:00 2001 +From: Markus Moeller +Date: Sat, 9 May 2020 14:00:23 +0100 +Subject: [PATCH 4/5] Add Heimdal check for keyblock + +--- + src/acl/external/kerberos_ldap_group/support_krb5.cc | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/acl/external/kerberos_ldap_group/support_krb5.cc b/src/acl/external/kerberos_ldap_group/support_krb5.cc +index 6d50c73166..b4964d83ee 100644 +--- a/src/acl/external/kerberos_ldap_group/support_krb5.cc ++++ b/src/acl/external/kerberos_ldap_group/support_krb5.cc +@@ -467,10 +467,15 @@ krb5_create_cache(char *domain, char *service_principal_name) + } + + // overwrite limitation of enctypes ++#if USE_HEIMDAL_KRB5 ++ creds->session.keytype = 0; ++ if (creds->session.keyvalue.length>0) ++ krb5_free_keyblock_contents(kparam.context, &creds->session); ++#else + creds->keyblock.enctype = 0; + if (creds->keyblock.contents) + krb5_free_keyblock_contents(kparam.context, &creds->keyblock); +- ++#endif + code = krb5_get_credentials(kparam.context, 0, kparam.cc[ccindex], creds, &tgt_creds); + if (code) { + k5_error("Error while getting tgt", code); + + diff --git a/squid.spec b/squid.spec index e0b6b20..78234e7 100644 --- a/squid.spec +++ b/squid.spec @@ -16,13 +16,13 @@ Summary(ru.UTF-8): Squid - кэш объектов Internet Summary(uk.UTF-8): Squid - кеш об'єктів Internet Summary(zh_CN.UTF-8): SQUID 高速缓冲代理服务器 Name: squid -Version: 4.10 +Version: 4.11 Release: 1 Epoch: 7 License: GPL v2 Group: Networking/Daemons Source0: http://www.squid-cache.org/Versions/v4/%{name}-%{version}.tar.xz -# Source0-md5: af7ac6e70f9bd03ae4fcec0c9b99c38a +# Source0-md5: 10f34e852153a9996aa4614670e2bda1 Source1: %{name}.init Source2: %{name}.sysconfig Source3: http://squid-docs.sourceforge.net/latest/zip-files/book-full-html.zip @@ -38,12 +38,14 @@ Source11: %{name}-check_cache Patch1: %{name}-location.patch Patch2: %{name}-crash-on-ENOSPC.patch +Patch3: krb.patch Patch4: %{name}-2.5.STABLE4-apache-like-combined-log.patch Patch5: %{name}-ppc-m32.patch Patch6: %{name}-cachemgr-webapp.patch # still needed? http://bugs.squid-cache.org/show_bug.cgi?id=3806 # http://www.squid-cache.org/mail-archive/squid-dev/201207/att-0177/squidv3-vary-headers-shm-hack.patch Patch7: squidv3-vary-headers-shm-hack.patch +Patch8: debug.patch URL: http://www.squid-cache.org/ BuildRequires: autoconf BuildRequires: automake @@ -629,12 +631,14 @@ Ten pakiet zawiera skrypty perlowe i dodatkowe programy dla Squida. %patch1 -p1 %patch2 -p1 +%patch3 -p1 %{?with_combined_log:%patch4 -p1} %ifarch ppc %patch5 -p1 %endif %patch6 -p1 #%patch7 -p1 +%patch8 -p1 %{__sed} -i -e '1s#!.*bin/perl#!%{__perl}#' {contrib,scripts}/*.pl