rpm/squid
SHA256
1
0
Fork 0
forked from pool/squid
Code Pull Requests Activity

Accepting request 721533 from server:proxy

Browse Source 
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version

OBS-URL: https://build.opensuse.org/request/show/721533
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=74
This commit is contained in:
Dominique Leuenberger 2019-08-08 12:23:33 +00:00 committed by Git OBS Bridge
commit ad1d02283e
4 changed files with 369 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
fix_configuration_error.patch Normal file
View File

@ -0,0 +1,32 @@
Fix warnings that result in build failures with -Wreturn-type errors
error: no return statement in function returning non-void
warning: 'conv' defined but not used
202 | static struct pam_conv conv = { &password_conversation, 0 };
| ^~~~
cc1plus: some warnings being treated as errors
Index: squid-4.8/acinclude/pam.m4
===================================================================
--- squid-4.8.orig/acinclude/pam.m4
+++ squid-4.8/acinclude/pam.m4
@@ -21,7 +21,7 @@ AC_DEFUN([CHECK_STRUCT_PAM_CONV], [
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <security/pam_appl.h>
static int
-password_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) {}
+password_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { return 0; }
static struct pam_conv conv = { &password_conversation, 0 };
]])], [
squid_cv_pam_conv_signature=linux
@@ -29,7 +29,7 @@ static struct pam_conv conv = { &passwor
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <security/pam_appl.h>
static int
-password_conversation(int num_msg, struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) {}
+password_conversation(int num_msg, struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { return 0; }
static struct pam_conv conv = { &password_conversation, 0 };
]])], [
squid_cv_pam_conv_signature=solaris

352
old_nettle_compat.patch
View File

@ -19,28 +19,32 @@ Index: squid-4.8/src/HttpHeader.cc
===================================================================
--- squid-4.8.orig/src/HttpHeader.cc
+++ squid-4.8/src/HttpHeader.cc
@@ -1301,7 +1301,7 @@ HttpHeader::getAuthToken(Http::HdrType i
@@ -1301,8 +1301,8 @@ HttpHeader::getAuthToken(Http::HdrType i
char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen));
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t decodedLen = 0;
+ size_t decodedLen = BASE64_DECODE_LENGTH(fieldLen);
if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, field) ||
- if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, field) ||
+ unsigned decodedLen = BASE64_DECODE_LENGTH(fieldLen);
+ if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, (uint8_t*)field) ||
!base64_decode_final(&ctx)) {
return nil;
}
Index: squid-4.8/src/auth/basic/Config.cc
===================================================================
--- squid-4.8.orig/src/auth/basic/Config.cc
+++ squid-4.8/src/auth/basic/Config.cc
@@ -176,7 +176,7 @@ Auth::Basic::Config::decodeCleartext(con
@@ -176,8 +176,8 @@ Auth::Basic::Config::decodeCleartext(con
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t dstLen = 0;
+ size_t dstLen = BASE64_DECODE_LENGTH(srcLen)+1;
if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, eek) && base64_decode_final(&ctx)) {
- if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, eek) && base64_decode_final(&ctx)) {
+ unsigned int dstLen = BASE64_DECODE_LENGTH(srcLen)+1;
+ if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, (const uint8_t*)eek) && base64_decode_final(&ctx)) {
cleartext[dstLen] = '\0';
/*
Index: squid-4.8/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
@ -57,41 +61,70 @@ Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
+++ squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
@@ -681,7 +681,7 @@ main(int argc, char *const argv[])
@@ -681,8 +681,8 @@ main(int argc, char *const argv[])
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t dstLen = 0;
+ size_t dstLen = BASE64_DECODE_LENGTH(srcLen);
if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, b64Token) ||
- if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, b64Token) ||
+ unsigned dstLen = BASE64_DECODE_LENGTH(srcLen);
+ if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, (const uint8_t*)b64Token) ||
!base64_decode_final(&ctx)) {
debug((char *) "%s| %s: ERROR: Invalid base64 token [%s]\n", LogTime(), PROGRAM, b64Token);
fprintf(stdout, "BH Invalid negotiate request token\n");
@@ -743,8 +743,8 @@ main(int argc, char *const argv[])
}
struct base64_encode_ctx tokCtx;
base64_encode_init(&tokCtx);
- size_t blen = base64_encode_update(&tokCtx, token, spnegoTokenLength, reinterpret_cast<const uint8_t*>(spnegoToken));
- blen += base64_encode_final(&tokCtx, token+blen);
+ size_t blen = base64_encode_update(&tokCtx, (uint8_t*)token, spnegoTokenLength, reinterpret_cast<const uint8_t*>(spnegoToken));
+ blen += base64_encode_final(&tokCtx, (uint8_t*)token+blen);
token[blen] = '\0';
if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1))
Index: squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc
===================================================================
--- squid-4.8.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+++ squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc
@@ -192,7 +192,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT
@@ -192,8 +192,8 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t dstLen = 0;
+ size_t dstLen = length+1;
if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), buf+3) ||
- if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), buf+3) ||
+ unsigned dstLen = length+1;
+ if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), (const uint8_t*)buf+3) ||
!base64_decode_final(&ctx)) {
if (debug_enabled)
fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3);
Index: squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
+++ squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
@@ -517,7 +517,7 @@ manage_request()
@@ -203,8 +203,8 @@ make_challenge(char *domain, char *domai
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- size_t blen = base64_encode_update(&ctx, b64buf, len, reinterpret_cast<const uint8_t *>(&chal));
- blen += base64_encode_final(&ctx, b64buf+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, len, reinterpret_cast<const uint8_t *>(&chal));
+ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen);
b64buf[blen] = '\0';
return b64buf;
}
@@ -516,9 +516,9 @@ manage_request()
/* figure out what we got */
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
size_t dstLen = 0;
- int decodedLen = 0;
+ int decodedLen = NTLM_BLOB_BUFFER_SIZE;
if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, buf+3) ||
- size_t dstLen = 0;
+ unsigned dstLen = NTLM_BLOB_BUFFER_SIZE;
int decodedLen = 0;
- if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, buf+3) ||
+ if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, (const uint8_t*)buf+3) ||
!base64_decode_final(&ctx)) {
SEND("NA Packet format error, couldn't base64-decode");
return;
Index: squid-4.8/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
@ -108,25 +141,298 @@ Index: squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc
===================================================================
--- squid-4.8.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc
+++ squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc
@@ -153,7 +153,7 @@ main(int argc, char *argv[])
@@ -153,9 +153,9 @@ main(int argc, char *argv[])
ntlmhdr *packet;
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t dstLen = 0;
+ size_t dstLen = HELPER_INPUT_BUFFER;
+ unsigned dstLen = HELPER_INPUT_BUFFER;
if (buflen > 3 &&
base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, buf+3) &&
- base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, buf+3) &&
+ base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, (const uint8_t*)buf+3) &&
base64_decode_final(&ctx)) {
decodedLen = dstLen;
packet = (ntlmhdr*)decodedBuf;
@@ -190,8 +190,8 @@ main(int argc, char *argv[])
struct base64_encode_ctx eCtx;
base64_encode_init(&eCtx);
char *data = static_cast<char *>(xcalloc(base64_encode_len(len), 1));
- size_t blen = base64_encode_update(&eCtx, data, len, reinterpret_cast<const uint8_t *>(&chal));
- blen += base64_encode_final(&eCtx, data+blen);
+ size_t blen = base64_encode_update(&eCtx, (uint8_t*)data, len, reinterpret_cast<const uint8_t *>(&chal));
+ blen += base64_encode_final(&eCtx, (uint8_t*)data+blen);
if (NTLM_packet_debug_enabled) {
printf("TT %.*s\n", (int)blen, data);
debug("sending 'TT' to squid with data:\n");
Index: squid-4.8/tools/cachemgr.cc
===================================================================
--- squid-4.8.orig/tools/cachemgr.cc
+++ squid-4.8/tools/cachemgr.cc
@@ -1103,7 +1103,7 @@ decode_pub_auth(cachemgr_request * req)
@@ -1082,8 +1082,8 @@ make_pub_auth(cachemgr_request * req)
req->pub_auth = (char *) xmalloc(encodedLen);
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- size_t blen = base64_encode_update(&ctx, req->pub_auth, bufLen, reinterpret_cast<uint8_t*>(buf));
- blen += base64_encode_final(&ctx, req->pub_auth + blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)req->pub_auth, bufLen, reinterpret_cast<uint8_t*>(buf));
+ blen += base64_encode_final(&ctx, (uint8_t*)req->pub_auth + blen);
req->pub_auth[blen] = '\0';
debug("cmgr: encoded: '%s'\n", req->pub_auth);
}
@@ -1103,8 +1103,8 @@ decode_pub_auth(cachemgr_request * req)
char *buf = static_cast<char*>(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1));
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
- size_t decodedLen = 0;
+ size_t decodedLen = BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1;
if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(buf), strlen(req->pub_auth), req->pub_auth) ||
- if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(buf), strlen(req->pub_auth), req->pub_auth) ||
+ unsigned decodedLen = BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1;
+ if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(buf), strlen(req->pub_auth), (uint8_t*)req->pub_auth) ||
!base64_decode_final(&ctx)) {
debug("cmgr: base64 decode failure. Incomplete auth token string.\n");
xfree(buf);
@@ -1197,8 +1197,8 @@ make_auth_header(const cachemgr_request
char *str64 = static_cast<char *>(xmalloc(encodedLen));
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- size_t blen = base64_encode_update(&ctx, str64, bufLen, reinterpret_cast<uint8_t*>(buf));
- blen += base64_encode_final(&ctx, str64+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)str64, bufLen, reinterpret_cast<uint8_t*>(buf));
+ blen += base64_encode_final(&ctx, (uint8_t*)str64+blen);
str64[blen] = '\0';
stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %.*s\r\n", (int)blen, str64);
Index: squid-4.8/include/base64.h
===================================================================
--- squid-4.8.orig/include/base64.h
+++ squid-4.8/include/base64.h
@@ -9,11 +9,11 @@
#ifndef _SQUID_BASE64_H
#define _SQUID_BASE64_H
-#if HAVE_NETTLE_BASE64_H && HAVE_NETTLE34_BASE64
+#if HAVE_NETTLE_BASE64_H
#include <nettle/base64.h>
#else /* Base64 functions copied from Nettle 3.4 under GPLv2, with adjustments */
-
+#error "Mssing libnettle-devel"
/* base64.h
Base-64 encoding and decoding.
Index: squid-4.8/lib/base64.c
===================================================================
--- squid-4.8.orig/lib/base64.c
+++ squid-4.8/lib/base64.c
@@ -13,7 +13,7 @@
#include "squid.h"
#include "base64.h"
-#if !HAVE_NETTLE_BASE64_H || !HAVE_NETTLE34_BASE64
+#if !HAVE_NETTLE_BASE64_H
/* base64-encode.c
Index: squid-4.8/src/format/Format.cc
===================================================================
--- squid-4.8.orig/src/format/Format.cc
+++ squid-4.8/src/format/Format.cc
@@ -557,8 +557,8 @@ Format::Format::assemble(MemBuf &mb, con
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- auto encLength = base64_encode_update(&ctx, buf, rawLength, reinterpret_cast<const uint8_t*>(handshake.rawContent()));
- encLength += base64_encode_final(&ctx, buf + encLength);
+ auto encLength = base64_encode_update(&ctx, (uint8_t*)buf, rawLength, reinterpret_cast<const uint8_t*>(handshake.rawContent()));
+ encLength += base64_encode_final(&ctx, (uint8_t*)buf + encLength);
sb.rawAppendFinish(buf, encLength);
out = sb.c_str();
Index: squid-4.8/src/auth/digest/Config.cc
===================================================================
--- squid-4.8.orig/src/auth/digest/Config.cc
+++ squid-4.8/src/auth/digest/Config.cc
@@ -111,8 +111,8 @@ authDigestNonceEncode(digest_nonce_h * n
nonce->key = xcalloc(base64_encode_len(sizeof(digest_nonce_data)), 1);
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- size_t blen = base64_encode_update(&ctx, reinterpret_cast<char*>(nonce->key), sizeof(digest_nonce_data), reinterpret_cast<const uint8_t*>(&(nonce->noncedata)));
- blen += base64_encode_final(&ctx, reinterpret_cast<char*>(nonce->key)+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)nonce->key, sizeof(digest_nonce_data), (uint8_t*)&(nonce->noncedata));
+ blen += base64_encode_final(&ctx, ((uint8_t*)(nonce->key))+blen);
}
digest_nonce_h *
Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
===================================================================
--- squid-4.8.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
+++ squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
@@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy)
token = (char *) xcalloc(base64_encode_len(output_token.length), 1);
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
- blen += base64_encode_final(&ctx, token+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)token, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
+ blen += base64_encode_final(&ctx, (uint8_t*)token+blen);
}
}
Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
===================================================================
--- squid-4.8.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
+++ squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
@@ -245,8 +245,8 @@ getdomaingids(char *ad_groups, uint32_t
base64_encode_init(&ctx);
const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */;
char *b64buf = static_cast<char *>(xcalloc(expectedSz, 1));
- size_t blen = base64_encode_update(&ctx, b64buf, length+4, reinterpret_cast<uint8_t*>(ag));
- blen += base64_encode_final(&ctx, b64buf+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, length+4, reinterpret_cast<uint8_t*>(ag));
+ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen);
b64buf[expectedSz-1] = '\0';
if (!pstrcat(ad_groups, b64buf)) {
debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
@@ -334,8 +334,8 @@ getextrasids(char *ad_groups, uint32_t E
base64_encode_init(&ctx);
const uint32_t expectedSz = base64_encode_len(length) +1 /* terminator */;
char *b64buf = static_cast<char *>(xcalloc(expectedSz, 1));
- size_t blen = base64_encode_update(&ctx, b64buf, length, reinterpret_cast<uint8_t*>(ag));
- blen += base64_encode_final(&ctx, b64buf+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, length, reinterpret_cast<uint8_t*>(ag));
+ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen);
b64buf[expectedSz-1] = '\0';
if (!pstrcat(ad_groups, reinterpret_cast<char*>(b64buf))) {
debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
Index: squid-4.8/src/adaptation/icap/ModXact.cc
===================================================================
--- squid-4.8.orig/src/adaptation/icap/ModXact.cc
+++ squid-4.8/src/adaptation/icap/ModXact.cc
@@ -1369,10 +1369,10 @@ void Adaptation::Icap::ModXact::makeRequ
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
char base64buf[base64_encode_len(MAX_LOGIN_SZ)];
- size_t resultLen = base64_encode_update(&ctx, base64buf, request->extacl_user.size(), reinterpret_cast<const uint8_t*>(request->extacl_user.rawBuf()));
- resultLen += base64_encode_update(&ctx, base64buf+resultLen, 1, reinterpret_cast<const uint8_t*>(":"));
- resultLen += base64_encode_update(&ctx, base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast<const uint8_t*>(request->extacl_passwd.rawBuf()));
- resultLen += base64_encode_final(&ctx, base64buf+resultLen);
+ size_t resultLen = base64_encode_update(&ctx, (uint8_t*)base64buf, request->extacl_user.size(), reinterpret_cast<const uint8_t*>(request->extacl_user.rawBuf()));
+ resultLen += base64_encode_update(&ctx, (uint8_t*)base64buf+resultLen, 1, reinterpret_cast<const uint8_t*>(":"));
+ resultLen += base64_encode_update(&ctx, (uint8_t*)base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast<const uint8_t*>(request->extacl_passwd.rawBuf()));
+ resultLen += base64_encode_final(&ctx, (uint8_t*)base64buf+resultLen);
buf.appendf("Proxy-Authorization: Basic %.*s\r\n", (int)resultLen, base64buf);
}
@@ -1529,8 +1529,8 @@ void Adaptation::Icap::ModXact::makeUser
if (value) {
if (TheConfig.client_username_encode) {
char base64buf[base64_encode_len(MAX_LOGIN_SZ)];
- size_t resultLen = base64_encode_update(&ctx, base64buf, strlen(value), reinterpret_cast<const uint8_t*>(value));
- resultLen += base64_encode_final(&ctx, base64buf+resultLen);
+ size_t resultLen = base64_encode_update(&ctx, (uint8_t*)base64buf, strlen(value), reinterpret_cast<const uint8_t*>(value));
+ resultLen += base64_encode_final(&ctx, (uint8_t*)base64buf+resultLen);
buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf);
} else
buf.appendf("%s: %s\r\n", TheConfig.client_username_header, value);
Index: squid-4.8/src/http.cc
===================================================================
--- squid-4.8.orig/src/http.cc
+++ squid-4.8/src/http.cc
@@ -1697,9 +1697,9 @@ httpFixupAuthentication(HttpRequest * re
username = request->auth_user_request->username();
#endif
- blen = base64_encode_update(&ctx, loginbuf, strlen(username), reinterpret_cast<const uint8_t*>(username));
- blen += base64_encode_update(&ctx, loginbuf+blen, strlen(request->peer_login +1), reinterpret_cast<const uint8_t*>(request->peer_login +1));
- blen += base64_encode_final(&ctx, loginbuf+blen);
+ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, strlen(username), reinterpret_cast<const uint8_t*>(username));
+ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, strlen(request->peer_login +1), reinterpret_cast<const uint8_t*>(request->peer_login +1));
+ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen);
httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
return;
}
@@ -1709,10 +1709,10 @@ httpFixupAuthentication(HttpRequest * re
(strcmp(request->peer_login, "PASS") == 0 ||
strcmp(request->peer_login, "PROXYPASS") == 0)) {
- blen = base64_encode_update(&ctx, loginbuf, request->extacl_user.size(), reinterpret_cast<const uint8_t*>(request->extacl_user.rawBuf()));
- blen += base64_encode_update(&ctx, loginbuf+blen, 1, reinterpret_cast<const uint8_t*>(":"));
- blen += base64_encode_update(&ctx, loginbuf+blen, request->extacl_passwd.size(), reinterpret_cast<const uint8_t*>(request->extacl_passwd.rawBuf()));
- blen += base64_encode_final(&ctx, loginbuf+blen);
+ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, request->extacl_user.size(), reinterpret_cast<const uint8_t*>(request->extacl_user.rawBuf()));
+ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, 1, reinterpret_cast<const uint8_t*>(":"));
+ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, request->extacl_passwd.size(), reinterpret_cast<const uint8_t*>(request->extacl_passwd.rawBuf()));
+ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen);
httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
return;
}
@@ -1741,8 +1741,8 @@ httpFixupAuthentication(HttpRequest * re
}
#endif /* HAVE_KRB5 && HAVE_GSSAPI */
- blen = base64_encode_update(&ctx, loginbuf, strlen(request->peer_login), reinterpret_cast<const uint8_t*>(request->peer_login));
- blen += base64_encode_final(&ctx, loginbuf+blen);
+ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, strlen(request->peer_login), reinterpret_cast<const uint8_t*>(request->peer_login));
+ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen);
httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf);
return;
}
@@ -1869,8 +1869,8 @@ HttpStateData::httpBuildRequestHeader(Ht
static char result[base64_encode_len(MAX_URL*2)]; // should be big enough for a single URI segment
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- size_t blen = base64_encode_update(&ctx, result, request->url.userInfo().length(), reinterpret_cast<const uint8_t*>(request->url.userInfo().rawContent()));
- blen += base64_encode_final(&ctx, result+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)result, request->url.userInfo().length(), reinterpret_cast<const uint8_t*>(request->url.userInfo().rawContent()));
+ blen += base64_encode_final(&ctx, (uint8_t*)result+blen);
result[blen] = '\0';
if (blen)
httpHeaderPutStrf(hdr_out, Http::HdrType::AUTHORIZATION, "Basic %.*s", (int)blen, result);
Index: squid-4.8/src/peer_proxy_negotiate_auth.cc
===================================================================
--- squid-4.8.orig/src/peer_proxy_negotiate_auth.cc
+++ squid-4.8/src/peer_proxy_negotiate_auth.cc
@@ -562,8 +562,8 @@ char *peer_proxy_negotiate_auth(char *pr
static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to.
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- size_t blen = base64_encode_update(&ctx, b64buf, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
- blen += base64_encode_final(&ctx, b64buf+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
+ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen);
b64buf[blen] = '\0';
token = reinterpret_cast<char*>(b64buf);
Index: squid-4.8/tools/squidclient/gssapi_support.cc
===================================================================
--- squid-4.8.orig/tools/squidclient/gssapi_support.cc
+++ squid-4.8/tools/squidclient/gssapi_support.cc
@@ -134,8 +134,8 @@ GSSAPI_token(const char *server)
token = new char[base64_encode_len(output_token.length)];
struct base64_encode_ctx ctx;
base64_encode_init(&ctx);
- size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
- blen += base64_encode_final(&ctx, token+blen);
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)token, output_token.length, reinterpret_cast<const uint8_t*>(output_token.value));
+ blen += base64_encode_final(&ctx, (uint8_t*)token+blen);
token[blen] = '\0';
}
}
Index: squid-4.8/tools/squidclient/squidclient.cc
===================================================================
--- squid-4.8.orig/tools/squidclient/squidclient.cc
+++ squid-4.8/tools/squidclient/squidclient.cc
@@ -212,10 +212,10 @@ Authorization::commit(std::ostream &os)
const auto buf = new char[bcapacity];
size_t bsize = 0;
- bsize += base64_encode_update(&ctx, buf, strlen(user), reinterpret_cast<const uint8_t*>(user));
- bsize += base64_encode_update(&ctx, buf+bsize, 1, reinterpret_cast<const uint8_t*>(":"));
- bsize += base64_encode_update(&ctx, buf+bsize, strlen(password), reinterpret_cast<const uint8_t*>(password));
- bsize += base64_encode_final(&ctx, buf+bsize);
+ bsize += base64_encode_update(&ctx, (uint8_t*)buf, strlen(user), reinterpret_cast<const uint8_t*>(user));
+ bsize += base64_encode_update(&ctx, (uint8_t*)buf+bsize, 1, reinterpret_cast<const uint8_t*>(":"));
+ bsize += base64_encode_update(&ctx, (uint8_t*)buf+bsize, strlen(password), reinterpret_cast<const uint8_t*>(password));
+ bsize += base64_encode_final(&ctx, (uint8_t*)buf+bsize);
assert(bsize <= bcapacity); // paranoid and late but better than nothing
os << header << ": Basic ";

6
squid.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Aug 6 13:05:58 UTC 2019 - Adam Majer <adam.majer@suse.de>
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version
-------------------------------------------------------------------
Thu Jul 18 14:11:28 UTC 2019 - Adam Majer <adam.majer@suse.de>

2
squid.spec
View File

@ -40,6 +40,7 @@ Source16: initialize_cache_if_needed.sh
Source17: tmpfilesdir.squid.conf
Patch1: missing_installs.patch
Patch2: old_nettle_compat.patch
Patch3: fix_configuration_error.patch
BuildRequires: cppunit-devel
BuildRequires: db-devel
BuildRequires: ed
@ -92,6 +93,7 @@ perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
%if %{suse_version} < 1500
%patch2 -p1
%endif
%patch3 -p1
%build
%define _lto_cflags %{nil}