From 7a4d40ca76f195095323b9a90d53a1bdbfb736f6c42cf6c9f2cbc2b59200d04e Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Tue, 29 Mar 2022 12:30:01 +0000 Subject: [PATCH] - Fix upgrade path from squid 4.x where we replaced some symlinks with directories (bsc#1197333) - old_nettle_compat.patch: refresh patch OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=249 --- old_nettle_compat.patch | 148 ++++++++++++++++++++-------------------- squid.changes | 7 ++ squid.spec | 8 +++ 3 files changed, 89 insertions(+), 74 deletions(-) diff --git a/old_nettle_compat.patch b/old_nettle_compat.patch index 2f8433f..68e48f9 100644 --- a/old_nettle_compat.patch +++ b/old_nettle_compat.patch @@ -15,11 +15,11 @@ Date: Fri Feb 7 09:11:20 2014 +0100 Base64 and base16 decoding: Use *dst_length as output only. -Index: squid-4.9/src/HttpHeader.cc +Index: squid-5.4.1/src/HttpHeader.cc =================================================================== ---- squid-4.9.orig/src/HttpHeader.cc -+++ squid-4.9/src/HttpHeader.cc -@@ -1298,8 +1298,8 @@ HttpHeader::getAuthToken(Http::HdrType i +--- squid-5.4.1.orig/src/HttpHeader.cc ++++ squid-5.4.1/src/HttpHeader.cc +@@ -1351,8 +1351,8 @@ HttpHeader::getAuthToken(Http::HdrType i char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen)); struct base64_decode_ctx ctx; base64_decode_init(&ctx); @@ -30,11 +30,11 @@ Index: squid-4.9/src/HttpHeader.cc !base64_decode_final(&ctx)) { return nil; } -Index: squid-4.9/src/auth/basic/Config.cc +Index: squid-5.4.1/src/auth/basic/Config.cc =================================================================== ---- squid-4.9.orig/src/auth/basic/Config.cc -+++ squid-4.9/src/auth/basic/Config.cc -@@ -176,8 +176,8 @@ Auth::Basic::Config::decodeCleartext(con +--- squid-5.4.1.orig/src/auth/basic/Config.cc ++++ squid-5.4.1/src/auth/basic/Config.cc +@@ -178,8 +178,8 @@ Auth::Basic::Config::decodeCleartext(con struct base64_decode_ctx ctx; base64_decode_init(&ctx); @@ -44,23 +44,23 @@ Index: squid-4.9/src/auth/basic/Config.cc + if (base64_decode_update(&ctx, &dstLen, reinterpret_cast(cleartext), srcLen, (const uint8_t*)eek) && base64_decode_final(&ctx)) { cleartext[dstLen] = '\0'; - /* -Index: squid-4.9/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc + if (utf8 && !isValidUtf8String(cleartext, cleartext + dstLen)) { +Index: squid-5.4.1/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc =================================================================== ---- squid-4.9.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc -+++ squid-4.9/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc +--- squid-5.4.1.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc ++++ squid-5.4.1/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc @@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t { struct base64_decode_ctx ctx; base64_decode_init(&ctx); + *decodedLen = BASE64_DECODE_LENGTH(strlen(srcLen)); - if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast(buf)) || + if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), buf) || !base64_decode_final(&ctx)) { SEND("BH base64 decode failed"); -Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc +Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc =================================================================== ---- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc -+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc +--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc ++++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc @@ -681,8 +681,8 @@ main(int argc, char *const argv[]) struct base64_decode_ctx ctx; @@ -83,10 +83,10 @@ Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc token[blen] = '\0'; if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1)) -Index: squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc +Index: squid-5.4.1/src/auth/negotiate/wrapper/negotiate_wrapper.cc =================================================================== ---- squid-4.9.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc -+++ squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc +--- squid-5.4.1.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc ++++ squid-5.4.1/src/auth/negotiate/wrapper/negotiate_wrapper.cc @@ -192,8 +192,8 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT struct base64_decode_ctx ctx; @@ -98,10 +98,10 @@ Index: squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc !base64_decode_final(&ctx)) { if (debug_enabled) fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3); -Index: squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc +Index: squid-5.4.1/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc =================================================================== ---- squid-4.9.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc -+++ squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc +--- squid-5.4.1.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc ++++ squid-5.4.1/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc @@ -203,8 +203,8 @@ make_challenge(char *domain, char *domai struct base64_encode_ctx ctx; @@ -125,23 +125,23 @@ Index: squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc !base64_decode_final(&ctx)) { SEND("NA Packet format error, couldn't base64-decode"); return; -Index: squid-4.9/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc +Index: squid-5.4.1/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc =================================================================== ---- squid-4.9.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc -+++ squid-4.9/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc +--- squid-5.4.1.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc ++++ squid-5.4.1/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc @@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t { struct base64_decode_ctx ctx; base64_decode_init(&ctx); + *decodedLen = BASE64_DECODE_LENGTH(strlen(buf))+1; - if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast(buf)) || + if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), buf) || !base64_decode_final(&ctx)) { SEND_BH("message=\"base64 decode failed\""); -Index: squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc +Index: squid-5.4.1/src/auth/ntlm/fake/ntlm_fake_auth.cc =================================================================== ---- squid-4.9.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc -+++ squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc -@@ -153,9 +153,9 @@ main(int argc, char *argv[]) +--- squid-5.4.1.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc ++++ squid-5.4.1/src/auth/ntlm/fake/ntlm_fake_auth.cc +@@ -164,9 +164,9 @@ main(int argc, char *argv[]) ntlmhdr *packet; struct base64_decode_ctx ctx; base64_decode_init(&ctx); @@ -153,7 +153,7 @@ Index: squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc base64_decode_final(&ctx)) { decodedLen = dstLen; packet = (ntlmhdr*)decodedBuf; -@@ -190,8 +190,8 @@ main(int argc, char *argv[]) +@@ -205,8 +205,8 @@ main(int argc, char *argv[]) struct base64_encode_ctx eCtx; base64_encode_init(&eCtx); char *data = static_cast(xcalloc(base64_encode_len(len), 1)); @@ -164,11 +164,11 @@ Index: squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc if (NTLM_packet_debug_enabled) { printf("TT %.*s\n", (int)blen, data); debug("sending 'TT' to squid with data:\n"); -Index: squid-4.9/tools/cachemgr.cc +Index: squid-5.4.1/tools/cachemgr.cc =================================================================== ---- squid-4.9.orig/tools/cachemgr.cc -+++ squid-4.9/tools/cachemgr.cc -@@ -1104,8 +1104,8 @@ make_pub_auth(cachemgr_request * req) +--- squid-5.4.1.orig/tools/cachemgr.cc ++++ squid-5.4.1/tools/cachemgr.cc +@@ -1110,8 +1110,8 @@ make_pub_auth(cachemgr_request * req) req->pub_auth = (char *) xmalloc(encodedLen); struct base64_encode_ctx ctx; base64_encode_init(&ctx); @@ -179,7 +179,7 @@ Index: squid-4.9/tools/cachemgr.cc req->pub_auth[blen] = '\0'; debug("cmgr: encoded: '%s'\n", req->pub_auth); } -@@ -1125,8 +1125,8 @@ decode_pub_auth(cachemgr_request * req) +@@ -1131,8 +1131,8 @@ decode_pub_auth(cachemgr_request * req) char *buf = static_cast(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1)); struct base64_decode_ctx ctx; base64_decode_init(&ctx); @@ -190,7 +190,7 @@ Index: squid-4.9/tools/cachemgr.cc !base64_decode_final(&ctx)) { debug("cmgr: base64 decode failure. Incomplete auth token string.\n"); xfree(buf); -@@ -1219,8 +1219,8 @@ make_auth_header(const cachemgr_request +@@ -1225,8 +1225,8 @@ make_auth_header(const cachemgr_request char *str64 = static_cast(xmalloc(encodedLen)); struct base64_encode_ctx ctx; base64_encode_init(&ctx); @@ -201,10 +201,10 @@ Index: squid-4.9/tools/cachemgr.cc str64[blen] = '\0'; stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %.*s\r\n", (int)blen, str64); -Index: squid-4.9/include/base64.h +Index: squid-5.4.1/include/base64.h =================================================================== ---- squid-4.9.orig/include/base64.h -+++ squid-4.9/include/base64.h +--- squid-5.4.1.orig/include/base64.h ++++ squid-5.4.1/include/base64.h @@ -9,11 +9,11 @@ #ifndef _SQUID_BASE64_H #define _SQUID_BASE64_H @@ -219,10 +219,10 @@ Index: squid-4.9/include/base64.h /* base64.h Base-64 encoding and decoding. -Index: squid-4.9/lib/base64.c +Index: squid-5.4.1/lib/base64.c =================================================================== ---- squid-4.9.orig/lib/base64.c -+++ squid-4.9/lib/base64.c +--- squid-5.4.1.orig/lib/base64.c ++++ squid-5.4.1/lib/base64.c @@ -13,7 +13,7 @@ #include "squid.h" #include "base64.h" @@ -232,11 +232,11 @@ Index: squid-4.9/lib/base64.c /* base64-encode.c -Index: squid-4.9/src/format/Format.cc +Index: squid-5.4.1/src/format/Format.cc =================================================================== ---- squid-4.9.orig/src/format/Format.cc -+++ squid-4.9/src/format/Format.cc -@@ -557,8 +557,8 @@ Format::Format::assemble(MemBuf &mb, con +--- squid-5.4.1.orig/src/format/Format.cc ++++ squid-5.4.1/src/format/Format.cc +@@ -556,8 +556,8 @@ Format::Format::assemble(MemBuf &mb, con struct base64_encode_ctx ctx; base64_encode_init(&ctx); @@ -247,10 +247,10 @@ Index: squid-4.9/src/format/Format.cc sb.rawAppendFinish(buf, encLength); out = sb.c_str(); -Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc +Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc =================================================================== ---- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc -+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc +--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc ++++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc @@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy) token = (char *) xcalloc(base64_encode_len(output_token.length), 1); struct base64_encode_ctx ctx; @@ -262,10 +262,10 @@ Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc } } -Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc +Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc =================================================================== ---- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc -+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc +--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc ++++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc @@ -245,8 +245,8 @@ getdomaingids(char *ad_groups, uint32_t base64_encode_init(&ctx); const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */; @@ -288,11 +288,11 @@ Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc b64buf[expectedSz-1] = '\0'; if (!pstrcat(ad_groups, reinterpret_cast(b64buf))) { debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n", -Index: squid-4.9/src/adaptation/icap/ModXact.cc +Index: squid-5.4.1/src/adaptation/icap/ModXact.cc =================================================================== ---- squid-4.9.orig/src/adaptation/icap/ModXact.cc -+++ squid-4.9/src/adaptation/icap/ModXact.cc -@@ -1369,10 +1369,10 @@ void Adaptation::Icap::ModXact::makeRequ +--- squid-5.4.1.orig/src/adaptation/icap/ModXact.cc ++++ squid-5.4.1/src/adaptation/icap/ModXact.cc +@@ -1412,10 +1412,10 @@ void Adaptation::Icap::ModXact::makeRequ struct base64_encode_ctx ctx; base64_encode_init(&ctx); char base64buf[base64_encode_len(MAX_LOGIN_SZ)]; @@ -307,7 +307,7 @@ Index: squid-4.9/src/adaptation/icap/ModXact.cc buf.appendf("Proxy-Authorization: Basic %.*s\r\n", (int)resultLen, base64buf); } -@@ -1529,8 +1529,8 @@ void Adaptation::Icap::ModXact::makeUser +@@ -1571,8 +1571,8 @@ void Adaptation::Icap::ModXact::makeUser if (value) { if (TheConfig.client_username_encode) { char base64buf[base64_encode_len(MAX_LOGIN_SZ)]; @@ -318,11 +318,11 @@ Index: squid-4.9/src/adaptation/icap/ModXact.cc buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf); } else buf.appendf("%s: %s\r\n", TheConfig.client_username_header, value); -Index: squid-4.9/src/http.cc +Index: squid-5.4.1/src/http.cc =================================================================== ---- squid-4.9.orig/src/http.cc -+++ squid-4.9/src/http.cc -@@ -1697,9 +1697,9 @@ httpFixupAuthentication(HttpRequest * re +--- squid-5.4.1.orig/src/http.cc ++++ squid-5.4.1/src/http.cc +@@ -1807,9 +1807,9 @@ httpFixupAuthentication(HttpRequest * re username = request->auth_user_request->username(); #endif @@ -335,7 +335,7 @@ Index: squid-4.9/src/http.cc httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); return; } -@@ -1709,10 +1709,10 @@ httpFixupAuthentication(HttpRequest * re +@@ -1819,10 +1819,10 @@ httpFixupAuthentication(HttpRequest * re (strcmp(request->peer_login, "PASS") == 0 || strcmp(request->peer_login, "PROXYPASS") == 0)) { @@ -350,7 +350,7 @@ Index: squid-4.9/src/http.cc httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); return; } -@@ -1741,8 +1741,8 @@ httpFixupAuthentication(HttpRequest * re +@@ -1851,8 +1851,8 @@ httpFixupAuthentication(HttpRequest * re } #endif /* HAVE_KRB5 && HAVE_GSSAPI */ @@ -361,7 +361,7 @@ Index: squid-4.9/src/http.cc httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); return; } -@@ -1869,8 +1869,8 @@ HttpStateData::httpBuildRequestHeader(Ht +@@ -1979,8 +1979,8 @@ HttpStateData::httpBuildRequestHeader(Ht static char result[base64_encode_len(MAX_URL*2)]; // should be big enough for a single URI segment struct base64_encode_ctx ctx; base64_encode_init(&ctx); @@ -372,10 +372,10 @@ Index: squid-4.9/src/http.cc result[blen] = '\0'; if (blen) httpHeaderPutStrf(hdr_out, Http::HdrType::AUTHORIZATION, "Basic %.*s", (int)blen, result); -Index: squid-4.9/src/peer_proxy_negotiate_auth.cc +Index: squid-5.4.1/src/peer_proxy_negotiate_auth.cc =================================================================== ---- squid-4.9.orig/src/peer_proxy_negotiate_auth.cc -+++ squid-4.9/src/peer_proxy_negotiate_auth.cc +--- squid-5.4.1.orig/src/peer_proxy_negotiate_auth.cc ++++ squid-5.4.1/src/peer_proxy_negotiate_auth.cc @@ -562,8 +562,8 @@ char *peer_proxy_negotiate_auth(char *pr static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to. struct base64_encode_ctx ctx; @@ -387,10 +387,10 @@ Index: squid-4.9/src/peer_proxy_negotiate_auth.cc b64buf[blen] = '\0'; token = reinterpret_cast(b64buf); -Index: squid-4.9/tools/squidclient/gssapi_support.cc +Index: squid-5.4.1/tools/squidclient/gssapi_support.cc =================================================================== ---- squid-4.9.orig/tools/squidclient/gssapi_support.cc -+++ squid-4.9/tools/squidclient/gssapi_support.cc +--- squid-5.4.1.orig/tools/squidclient/gssapi_support.cc ++++ squid-5.4.1/tools/squidclient/gssapi_support.cc @@ -134,8 +134,8 @@ GSSAPI_token(const char *server) token = new char[base64_encode_len(output_token.length)]; struct base64_encode_ctx ctx; @@ -402,10 +402,10 @@ Index: squid-4.9/tools/squidclient/gssapi_support.cc token[blen] = '\0'; } } -Index: squid-4.9/tools/squidclient/squidclient.cc +Index: squid-5.4.1/tools/squidclient/squidclient.cc =================================================================== ---- squid-4.9.orig/tools/squidclient/squidclient.cc -+++ squid-4.9/tools/squidclient/squidclient.cc +--- squid-5.4.1.orig/tools/squidclient/squidclient.cc ++++ squid-5.4.1/tools/squidclient/squidclient.cc @@ -212,10 +212,10 @@ Authorization::commit(std::ostream &os) const auto buf = new char[bcapacity]; diff --git a/squid.changes b/squid.changes index 7199cfd..d8a50e0 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Mar 29 10:48:38 UTC 2022 - Adam Majer + +- Fix upgrade path from squid 4.x where we replaced some symlinks + with directories (bsc#1197333) +- old_nettle_compat.patch: refresh patch + ------------------------------------------------------------------- Sat Feb 26 11:29:47 UTC 2022 - Andreas Stieger diff --git a/squid.spec b/squid.spec index 778ed78..b58aa8c 100644 --- a/squid.spec +++ b/squid.spec @@ -232,6 +232,14 @@ install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ # Fails in chroot environment make check %{?_smp_mflags} +%pretrans -p +-- Remove symlink that is has become a directory +path = "%_datadir/squid/errors/es-mx" +st = posix.stat(path) +if st and st.type == "link" then + os.remove(path) +end + %if 0%{?suse_version} >= 1500 %pre -f squid.pre %else