diff mbox series

squid 3.5.27: latest patch from upstream (2018_2))

Message ID	20180122164952.13749-1-matthias.fischer@ipfire.org
State	Accepted
Commit	eb03c511fd47e29b8198f6b62aab6ef16f89f43b
Headers	From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] squid 3.5.27: latest patch from upstream (2018_2)) Date: Mon, 22 Jan 2018 17:49:52 +0100 Message-Id: <20180122164952.13749-1-matthias.fischer@ipfire.org> Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	squid 3.5.27: latest patch from upstream (2018_2)) \| squid 3.5.27: latest patch from upstream (2018_2))

Commit Message

Matthias Fischer Jan. 23, 2018, 3:49 a.m. UTC

  Hi,

As announced, here is the second patch for 'squid 3.5.27'.

For details about this and the previous patch (2018_1) regarding "ESI Response
processing" and "HTTP message processing", see:

http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-announce-ADVISORY-SQUID-2018-1-Denial-of-Service-issue-in-ESI-Response-processing-tp4684618.html

http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-announce-ADVISORY-SQUID-2018-2-Denial-of-Service-issue-in-HTTP-Message-processing-td4684617.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/squid                            |  1 +
 src/patches/squid/SQUID-2018_2.patch | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 src/patches/squid/SQUID-2018_2.patch

diff mbox series

Patch

diff --git a/lfs/squid b/lfs/squid
index ae4d7ea44..3390f96d5 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -71,6 +71,7 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_1.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_2.patch
 	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
 
 	cd $(DIR_APP) && autoreconf -vfi
diff --git a/src/patches/squid/SQUID-2018_2.patch b/src/patches/squid/SQUID-2018_2.patch
new file mode 100644
index 000000000..9ecd8a5b7
--- /dev/null
+++ b/src/patches/squid/SQUID-2018_2.patch
@@ -0,0 +1,23 @@ 
+commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
+Author: squidadm <squidadm@users.noreply.github.com>
+Date:   2018-01-21 08:07:08 +1300
+
+    Fix indirect IP logging for transactions without a client connection (#129) (#136)
+
+diff --git a/src/client_side_request.cc b/src/client_side_request.cc
+index be124f3..203f89d 100644
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
+         * Ensure that the access log shows the indirect client
+         * instead of the direct client.
+         */
+-        ConnStateData *conn = http->getConn();
+-        conn->log_addr = request->indirect_client_addr;
+-        http->al->cache.caddr = conn->log_addr;
++        http->al->cache.caddr = request->indirect_client_addr;
++        if (ConnStateData *conn = http->getConn())
++            conn->log_addr = request->indirect_client_addr;
+     }
+     request->x_forwarded_for_iterator.clean();
+     request->flags.done_follow_x_forwarded_for = true;