pool/squid
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 718583 from server:proxy

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/718583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=73
This commit is contained in:
Dominique Leuenberger 2019-07-26 10:42:20 +00:00 committed by Git OBS Bridge
commit a7a57d9637
3 changed files with 141 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
old_nettle_compat.patch Normal file
View File

@ -0,0 +1,132 @@
Author: Adam Majer <amajer@suse.de>
Date: Thu Jul 18 13:57:22 CEST 2019
nettle from SLE-12 is missing the change from later
versions that ignores the destLen parameter size to
base64_decode_update function. This is only used in
the assert() but we need to pass real size of the buffer
as otherwise all we get is a crash.
The missing commit in nettle is,
commit 07cb0b62a5fab216ed647f5a87e0f17ab3c9a615
Author: Niels Möller <nisse@lysator.liu.se>
Date: Fri Feb 7 09:11:20 2014 +0100
Base64 and base16 decoding: Use *dst_length as output only.
Index: squid-4.8/src/HttpHeader.cc
===================================================================
--- squid-4.8.orig/src/HttpHeader.cc
+++ squid-4.8/src/HttpHeader.cc
@@ -1301,7 +1301,7 @@ HttpHeader::getAuthToken(Http::HdrType i
char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen));
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t decodedLen = 0;
+ size_t decodedLen = BASE64_DECODE_LENGTH(fieldLen);
if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, field) ||
!base64_decode_final(&ctx)) {
return nil;
Index: squid-4.8/src/auth/basic/Config.cc
===================================================================
--- squid-4.8.orig/src/auth/basic/Config.cc
+++ squid-4.8/src/auth/basic/Config.cc
@@ -176,7 +176,7 @@ Auth::Basic::Config::decodeCleartext(con
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t dstLen = 0;
+ size_t dstLen = BASE64_DECODE_LENGTH(srcLen)+1;
if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, eek) && base64_decode_final(&ctx)) {
cleartext[dstLen] = '\0';
Index: squid-4.8/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
+++ squid-4.8/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
@@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t
{
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
+ *decodedLen = BASE64_DECODE_LENGTH(strlen(srcLen));
if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
!base64_decode_final(&ctx)) {
SEND("BH base64 decode failed");
Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
+++ squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
@@ -681,7 +681,7 @@ main(int argc, char *const argv[])
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t dstLen = 0;
+ size_t dstLen = BASE64_DECODE_LENGTH(srcLen);
if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, b64Token) ||
!base64_decode_final(&ctx)) {
debug((char *) "%s| %s: ERROR: Invalid base64 token [%s]\n", LogTime(), PROGRAM, b64Token);
Index: squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc
===================================================================
--- squid-4.8.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+++ squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc
@@ -192,7 +192,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t dstLen = 0;
+ size_t dstLen = length+1;
if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), buf+3) ||
!base64_decode_final(&ctx)) {
if (debug_enabled)
Index: squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
+++ squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
@@ -517,7 +517,7 @@ manage_request()
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
size_t dstLen = 0;
- int decodedLen = 0;
+ int decodedLen = NTLM_BLOB_BUFFER_SIZE;
if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, buf+3) ||
!base64_decode_final(&ctx)) {
SEND("NA Packet format error, couldn't base64-decode");
Index: squid-4.8/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
+++ squid-4.8/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
@@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t
{
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
+ *decodedLen = BASE64_DECODE_LENGTH(strlen(buf))+1;
if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
!base64_decode_final(&ctx)) {
SEND_BH("message=\"base64 decode failed\"");
Index: squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc
+++ squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc
@@ -153,7 +153,7 @@ main(int argc, char *argv[])
ntlmhdr *packet;
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t dstLen = 0;
+ size_t dstLen = HELPER_INPUT_BUFFER;
if (buflen > 3 &&
base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, buf+3) &&
base64_decode_final(&ctx)) {
Index: squid-4.8/tools/cachemgr.cc
===================================================================
--- squid-4.8.orig/tools/cachemgr.cc
+++ squid-4.8/tools/cachemgr.cc
@@ -1103,7 +1103,7 @@ decode_pub_auth(cachemgr_request * req)
char *buf = static_cast<char*>(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1));
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t decodedLen = 0;
+ size_t decodedLen = BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1;
if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(buf), strlen(req->pub_auth), req->pub_auth) ||
!base64_decode_final(&ctx)) {
debug("cmgr: base64 decode failure. Incomplete auth token string.\n");

5
squid.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu Jul 18 14:11:28 UTC 2019 - Adam Majer <adam.majer@suse.de>
- old_nettle_compat.patch: Fix compatibility with nettle in SLE-12
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 15 14:58:13 UTC 2019 - Adam Majer <adam.majer@suse.de> Mon Jul 15 14:58:13 UTC 2019 - Adam Majer <adam.majer@suse.de>

4
squid.spec
View File

@ -39,6 +39,7 @@ Source15: cache_dir.sed
Source16: initialize_cache_if_needed.sh Source16: initialize_cache_if_needed.sh
Source17: tmpfilesdir.squid.conf Source17: tmpfilesdir.squid.conf
Patch1: missing_installs.patch Patch1: missing_installs.patch
Patch2: old_nettle_compat.patch
BuildRequires: cppunit-devel BuildRequires: cppunit-devel
BuildRequires: db-devel BuildRequires: db-devel
BuildRequires: ed BuildRequires: ed
@ -88,6 +89,9 @@ cp %{SOURCE10} .
# upstream patches after RELEASE # upstream patches after RELEASE
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
%patch1 -p1 %patch1 -p1
%if %{suse_version} < 1500
%patch2 -p1
%endif
%build %build
%define _lto_cflags %{nil} %define _lto_cflags %{nil}