Accepting request 965649 from server:proxy

- Fix upgrade path from squid 4.x where we replaced some symlinks with directories in pretrans section (bsc#1197333) - old_nettle_compat.patch: refresh patch OBS-URL: https://build.opensuse.org/request/show/965649 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=101
2022-03-29 16:16:15 +00:00 · 2022-03-29 16:16:15 +00:00 · d6ca2748d9
commit d6ca2748d9
parent e84e29bcf2 eae485a694
3 changed files with 89 additions and 74 deletions
--- a/old_nettle_compat.patch
+++ b/old_nettle_compat.patch
@ -15,11 +15,11 @@ Date:   Fri Feb 7 09:11:20 2014 +0100
    Base64 and base16 decoding: Use *dst_length as output only.
-Index: squid-4.9/src/HttpHeader.cc
+Index: squid-5.4.1/src/HttpHeader.cc
 ===================================================================
--- squid-4.9.orig/src/HttpHeader.cc
+--- squid-5.4.1.orig/src/HttpHeader.cc
-+++ squid-4.9/src/HttpHeader.cc
+++ squid-5.4.1/src/HttpHeader.cc
-@@ -1298,8 +1298,8 @@ HttpHeader::getAuthToken(Http::HdrType i
+@@ -1351,8 +1351,8 @@ HttpHeader::getAuthToken(Http::HdrType i
     char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen));
     struct base64_decode_ctx ctx;
     base64_decode_init(&ctx);
@ -30,11 +30,11 @@ Index: squid-4.9/src/HttpHeader.cc
             !base64_decode_final(&ctx)) {
         return nil;
     }
-Index: squid-4.9/src/auth/basic/Config.cc
+Index: squid-5.4.1/src/auth/basic/Config.cc
 ===================================================================
--- squid-4.9.orig/src/auth/basic/Config.cc
+--- squid-5.4.1.orig/src/auth/basic/Config.cc
-+++ squid-4.9/src/auth/basic/Config.cc
+++ squid-5.4.1/src/auth/basic/Config.cc
-@@ -176,8 +176,8 @@ Auth::Basic::Config::decodeCleartext(con
+@@ -178,8 +178,8 @@ Auth::Basic::Config::decodeCleartext(con
     struct base64_decode_ctx ctx;
     base64_decode_init(&ctx);
@ -44,23 +44,23 @@ Index: squid-4.9/src/auth/basic/Config.cc
 +    if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, (const uint8_t*)eek) && base64_decode_final(&ctx)) {
         cleartext[dstLen] = '\0';
-         /*
+         if (utf8 && !isValidUtf8String(cleartext, cleartext + dstLen)) {
-Index: squid-4.9/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
+Index: squid-5.4.1/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
 ===================================================================
--- squid-4.9.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
+--- squid-5.4.1.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
-+++ squid-4.9/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
+++ squid-5.4.1/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
@@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t
 {
     struct base64_decode_ctx ctx;
     base64_decode_init(&ctx);
 +    *decodedLen = BASE64_DECODE_LENGTH(strlen(srcLen));
-     if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
+     if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), buf) ||
             !base64_decode_final(&ctx)) {
         SEND("BH base64 decode failed");
-Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
+Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
 ===================================================================
--- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
+--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
-+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
+++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
@@ -681,8 +681,8 @@ main(int argc, char *const argv[])
         struct base64_decode_ctx ctx;
@ -83,10 +83,10 @@ Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
             token[blen] = '\0';
             if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1))
-Index: squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+Index: squid-5.4.1/src/auth/negotiate/wrapper/negotiate_wrapper.cc
 ===================================================================
--- squid-4.9.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+--- squid-5.4.1.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc
-+++ squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+++ squid-5.4.1/src/auth/negotiate/wrapper/negotiate_wrapper.cc
@@ -192,8 +192,8 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT
         struct base64_decode_ctx ctx;
@ -98,10 +98,10 @@ Index: squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc
                 !base64_decode_final(&ctx)) {
             if (debug_enabled)
                 fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3);
-Index: squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
+Index: squid-5.4.1/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
 ===================================================================
--- squid-4.9.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
+--- squid-5.4.1.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
-+++ squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
+++ squid-5.4.1/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
@@ -203,8 +203,8 @@ make_challenge(char *domain, char *domai
     struct base64_encode_ctx ctx;
@ -125,23 +125,23 @@ Index: squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
                 !base64_decode_final(&ctx)) {
             SEND("NA Packet format error, couldn't base64-decode");
             return;
-Index: squid-4.9/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
+Index: squid-5.4.1/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
 ===================================================================
--- squid-4.9.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
+--- squid-5.4.1.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
-+++ squid-4.9/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
+++ squid-5.4.1/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
@@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t
 {
     struct base64_decode_ctx ctx;
     base64_decode_init(&ctx);
 +    *decodedLen = BASE64_DECODE_LENGTH(strlen(buf))+1;
-     if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
+     if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), buf) ||
             !base64_decode_final(&ctx)) {
         SEND_BH("message=\"base64 decode failed\"");
-Index: squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc
+Index: squid-5.4.1/src/auth/ntlm/fake/ntlm_fake_auth.cc
 ===================================================================
--- squid-4.9.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc
+--- squid-5.4.1.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc
-+++ squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc
+++ squid-5.4.1/src/auth/ntlm/fake/ntlm_fake_auth.cc
-@@ -153,9 +153,9 @@ main(int argc, char *argv[])
+@@ -164,9 +164,9 @@ main(int argc, char *argv[])
         ntlmhdr *packet;
         struct base64_decode_ctx ctx;
         base64_decode_init(&ctx);
@ -153,7 +153,7 @@ Index: squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc
                 base64_decode_final(&ctx)) {
             decodedLen = dstLen;
             packet = (ntlmhdr*)decodedBuf;
-@@ -190,8 +190,8 @@ main(int argc, char *argv[])
+@@ -205,8 +205,8 @@ main(int argc, char *argv[])
             struct base64_encode_ctx eCtx;
             base64_encode_init(&eCtx);
             char *data = static_cast<char *>(xcalloc(base64_encode_len(len), 1));
@ -164,11 +164,11 @@ Index: squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc
             if (NTLM_packet_debug_enabled) {
                 printf("TT %.*s\n", (int)blen, data);
                 debug("sending 'TT' to squid with data:\n");
-Index: squid-4.9/tools/cachemgr.cc
+Index: squid-5.4.1/tools/cachemgr.cc
 ===================================================================
--- squid-4.9.orig/tools/cachemgr.cc
+--- squid-5.4.1.orig/tools/cachemgr.cc
-+++ squid-4.9/tools/cachemgr.cc
+++ squid-5.4.1/tools/cachemgr.cc
-@@ -1104,8 +1104,8 @@ make_pub_auth(cachemgr_request * req)
+@@ -1110,8 +1110,8 @@ make_pub_auth(cachemgr_request * req)
     req->pub_auth = (char *) xmalloc(encodedLen);
     struct base64_encode_ctx ctx;
     base64_encode_init(&ctx);
@ -179,7 +179,7 @@ Index: squid-4.9/tools/cachemgr.cc
     req->pub_auth[blen] = '\0';
     debug("cmgr: encoded: '%s'\n", req->pub_auth);
 }
-@@ -1125,8 +1125,8 @@ decode_pub_auth(cachemgr_request * req)
+@@ -1131,8 +1131,8 @@ decode_pub_auth(cachemgr_request * req)
     char *buf = static_cast<char*>(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1));
     struct base64_decode_ctx ctx;
     base64_decode_init(&ctx);
@ -190,7 +190,7 @@ Index: squid-4.9/tools/cachemgr.cc
             !base64_decode_final(&ctx)) {
         debug("cmgr: base64 decode failure. Incomplete auth token string.\n");
         xfree(buf);
-@@ -1219,8 +1219,8 @@ make_auth_header(const cachemgr_request
+@@ -1225,8 +1225,8 @@ make_auth_header(const cachemgr_request
     char *str64 = static_cast<char *>(xmalloc(encodedLen));
     struct base64_encode_ctx ctx;
     base64_encode_init(&ctx);
@ -201,10 +201,10 @@ Index: squid-4.9/tools/cachemgr.cc
     str64[blen] = '\0';
     stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %.*s\r\n", (int)blen, str64);
-Index: squid-4.9/include/base64.h
+Index: squid-5.4.1/include/base64.h
 ===================================================================
--- squid-4.9.orig/include/base64.h
+--- squid-5.4.1.orig/include/base64.h
-+++ squid-4.9/include/base64.h
+++ squid-5.4.1/include/base64.h
@@ -9,11 +9,11 @@
 #ifndef _SQUID_BASE64_H
 #define _SQUID_BASE64_H
@ -219,10 +219,10 @@ Index: squid-4.9/include/base64.h
 /* base64.h
    Base-64 encoding and decoding.
-Index: squid-4.9/lib/base64.c
+Index: squid-5.4.1/lib/base64.c
 ===================================================================
--- squid-4.9.orig/lib/base64.c
+--- squid-5.4.1.orig/lib/base64.c
-+++ squid-4.9/lib/base64.c
+++ squid-5.4.1/lib/base64.c
@@ -13,7 +13,7 @@
 #include "squid.h"
 #include "base64.h"
@ -232,11 +232,11 @@ Index: squid-4.9/lib/base64.c
 /* base64-encode.c
-Index: squid-4.9/src/format/Format.cc
+Index: squid-5.4.1/src/format/Format.cc
 ===================================================================
--- squid-4.9.orig/src/format/Format.cc
+--- squid-5.4.1.orig/src/format/Format.cc
-+++ squid-4.9/src/format/Format.cc
+++ squid-5.4.1/src/format/Format.cc
-@@ -557,8 +557,8 @@ Format::Format::assemble(MemBuf &mb, con
+@@ -556,8 +556,8 @@ Format::Format::assemble(MemBuf &mb, con
                     struct base64_encode_ctx ctx;
                     base64_encode_init(&ctx);
@ -247,10 +247,10 @@ Index: squid-4.9/src/format/Format.cc
                     sb.rawAppendFinish(buf, encLength);
                     out = sb.c_str();
-Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
+Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
 ===================================================================
--- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
+--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
-+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
+++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
@@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy)
             token = (char *) xcalloc(base64_encode_len(output_token.length), 1);
             struct base64_encode_ctx ctx;
@ -262,10 +262,10 @@ Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
         }
     }
-Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
+Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
 ===================================================================
--- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
+--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
-+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
+++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
@@ -245,8 +245,8 @@ getdomaingids(char *ad_groups, uint32_t
             base64_encode_init(&ctx);
             const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */;
@ -288,11 +288,11 @@ Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
                 b64buf[expectedSz-1] = '\0';
                 if (!pstrcat(ad_groups, reinterpret_cast<char*>(b64buf))) {
                     debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
-Index: squid-4.9/src/adaptation/icap/ModXact.cc
+Index: squid-5.4.1/src/adaptation/icap/ModXact.cc
 ===================================================================
--- squid-4.9.orig/src/adaptation/icap/ModXact.cc
+--- squid-5.4.1.orig/src/adaptation/icap/ModXact.cc
-+++ squid-4.9/src/adaptation/icap/ModXact.cc
+++ squid-5.4.1/src/adaptation/icap/ModXact.cc
-@@ -1369,10 +1369,10 @@ void Adaptation::Icap::ModXact::makeRequ
+@@ -1412,10 +1412,10 @@ void Adaptation::Icap::ModXact::makeRequ
         struct base64_encode_ctx ctx;
         base64_encode_init(&ctx);
         char base64buf[base64_encode_len(MAX_LOGIN_SZ)];
@ -307,7 +307,7 @@ Index: squid-4.9/src/adaptation/icap/ModXact.cc
         buf.appendf("Proxy-Authorization: Basic %.*s\r\n", (int)resultLen, base64buf);
     }
-@@ -1529,8 +1529,8 @@ void Adaptation::Icap::ModXact::makeUser
+@@ -1571,8 +1571,8 @@ void Adaptation::Icap::ModXact::makeUser
     if (value) {
         if (TheConfig.client_username_encode) {
             char base64buf[base64_encode_len(MAX_LOGIN_SZ)];
@ -318,11 +318,11 @@ Index: squid-4.9/src/adaptation/icap/ModXact.cc
             buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf);
         } else
             buf.appendf("%s: %s\r\n", TheConfig.client_username_header, value);
-Index: squid-4.9/src/http.cc
+Index: squid-5.4.1/src/http.cc
 ===================================================================
--- squid-4.9.orig/src/http.cc
+--- squid-5.4.1.orig/src/http.cc
-+++ squid-4.9/src/http.cc
+++ squid-5.4.1/src/http.cc
-@@ -1697,9 +1697,9 @@ httpFixupAuthentication(HttpRequest * re
+@@ -1807,9 +1807,9 @@ httpFixupAuthentication(HttpRequest * re
             username = request->auth_user_request->username();
 #endif
@ -335,7 +335,7 @@ Index: squid-4.9/src/http.cc
         httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
         return;
     }
-@@ -1709,10 +1709,10 @@ httpFixupAuthentication(HttpRequest * re
+@@ -1819,10 +1819,10 @@ httpFixupAuthentication(HttpRequest * re
             (strcmp(request->peer_login, "PASS") == 0 ||
              strcmp(request->peer_login, "PROXYPASS") == 0)) {
@ -350,7 +350,7 @@ Index: squid-4.9/src/http.cc
         httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
         return;
     }
-@@ -1741,8 +1741,8 @@ httpFixupAuthentication(HttpRequest * re
+@@ -1851,8 +1851,8 @@ httpFixupAuthentication(HttpRequest * re
     }
 #endif /* HAVE_KRB5 && HAVE_GSSAPI */
@ -361,7 +361,7 @@ Index: squid-4.9/src/http.cc
     httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
     return;
 }
-@@ -1869,8 +1869,8 @@ HttpStateData::httpBuildRequestHeader(Ht
+@@ -1979,8 +1979,8 @@ HttpStateData::httpBuildRequestHeader(Ht
             static char result[base64_encode_len(MAX_URL*2)]; // should be big enough for a single URI segment
             struct base64_encode_ctx ctx;
             base64_encode_init(&ctx);
@ -372,10 +372,10 @@ Index: squid-4.9/src/http.cc
             result[blen] = '\0';
             if (blen)
                 httpHeaderPutStrf(hdr_out, Http::HdrType::AUTHORIZATION, "Basic %.*s", (int)blen, result);
-Index: squid-4.9/src/peer_proxy_negotiate_auth.cc
+Index: squid-5.4.1/src/peer_proxy_negotiate_auth.cc
 ===================================================================
--- squid-4.9.orig/src/peer_proxy_negotiate_auth.cc
+--- squid-5.4.1.orig/src/peer_proxy_negotiate_auth.cc
-+++ squid-4.9/src/peer_proxy_negotiate_auth.cc
+++ squid-5.4.1/src/peer_proxy_negotiate_auth.cc
@@ -562,8 +562,8 @@ char *peer_proxy_negotiate_auth(char *pr
         static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to.
         struct base64_encode_ctx ctx;
@ -387,10 +387,10 @@ Index: squid-4.9/src/peer_proxy_negotiate_auth.cc
         b64buf[blen] = '\0';
         token = reinterpret_cast<char*>(b64buf);
-Index: squid-4.9/tools/squidclient/gssapi_support.cc
+Index: squid-5.4.1/tools/squidclient/gssapi_support.cc
 ===================================================================
--- squid-4.9.orig/tools/squidclient/gssapi_support.cc
+--- squid-5.4.1.orig/tools/squidclient/gssapi_support.cc
-+++ squid-4.9/tools/squidclient/gssapi_support.cc
+++ squid-5.4.1/tools/squidclient/gssapi_support.cc
@@ -134,8 +134,8 @@ GSSAPI_token(const char *server)
             token = new char[base64_encode_len(output_token.length)];
             struct base64_encode_ctx ctx;
@ -402,10 +402,10 @@ Index: squid-4.9/tools/squidclient/gssapi_support.cc
             token[blen] = '\0';
         }
     }
-Index: squid-4.9/tools/squidclient/squidclient.cc
+Index: squid-5.4.1/tools/squidclient/squidclient.cc
 ===================================================================
--- squid-4.9.orig/tools/squidclient/squidclient.cc
+--- squid-5.4.1.orig/tools/squidclient/squidclient.cc
-+++ squid-4.9/tools/squidclient/squidclient.cc
+++ squid-5.4.1/tools/squidclient/squidclient.cc
@@ -212,10 +212,10 @@ Authorization::commit(std::ostream &os)
     const auto buf = new char[bcapacity];
--- a/squid.changes
+++ b/squid.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Mar 29 10:48:38 UTC 2022 - Adam Majer <adam.majer@suse.de>
 - Fix upgrade path from squid 4.x where we replaced some symlinks
  with directories in pretrans section (bsc#1197333)
 - old_nettle_compat.patch: refresh patch
 -------------------------------------------------------------------
 Sat Feb 26 11:29:47 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
--- a/squid.spec
+++ b/squid.spec
@ -232,6 +232,14 @@ install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/
 # Fails in chroot environment
 make check %{?_smp_mflags}
 %pretrans -p <lua>
 -- Remove symlink that is has become a directory
 path = "%_datadir/squid/errors/es-mx"
 st = posix.stat(path)
 if st and st.type == "link" then
  os.remove(path)
 end
 %if 0%{?suse_version} >= 1500
 %pre -f squid.pre
 %else