From patchwork Fri Sep 30 19:05:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 6028 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4MfKSv3WFDz3wc4 for ; Fri, 30 Sep 2022 19:06:07 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4MfKSs0XM4z1gn; Fri, 30 Sep 2022 19:06:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4MfKSr5Y18z2ycs; Fri, 30 Sep 2022 19:06:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4MfKSq3HQrz2xNV for ; Fri, 30 Sep 2022 19:06:03 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4MfKSp0mXKzWy for ; Fri, 30 Sep 2022 19:06:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1664564762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=klQ9KMu0gx+A5ySVsNAZT0eLPe0f6VGsk/7Y7ZJjTGg=; b=diZJqDyYjsy2zo7gBdiNPNoRTcc7AyonrMMun5/ypP8zEyQLbg3FEH8tJUemp6cPuVwpkx nelr+jrEdIvmn/Dw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1664564762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=klQ9KMu0gx+A5ySVsNAZT0eLPe0f6VGsk/7Y7ZJjTGg=; b=LnqM7KnAdWzySxS0OCj7TwoSt5WBEdtpfrQaJFXasQqzqWZltx8cb4exYVLESBOf/5Idp3 4E30l/S5a1btMS6Lq5M7QDk9KYZy9lIMwVNAL2HVJ+q3Rmx4Arq8/UoEqNRE0h76fepGsS I7bDQmuS8tHLTW4MTBJO8rFhIFJD3AOw+CdO2R0L60TfR1AFO4kxkhyHDLoVS53bZF0oLA 2Va6PCF9b2AYMJv1NA0R9qo6Tb8Wg5aJGDK8srL1YcHATy8SxcgA5OM+oBI3qPE88ni/xN hGdxtXEB/qDeujKqdrs8UqpLZI78pwk5p3qTC/kdm6zpIEYNrwRjzElKnq0mgg== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] proxy.cgi: Fix for Bug #12826 'squid >=5 crashes on literal IPv6 addresses' Date: Fri, 30 Sep 2022 21:05:56 +0200 Message-Id: <20220930190556.1435-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Matthias Fischer Reviewed-by: Bernhard Bitsch --- html/cgi-bin/proxy.cgi | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 577d37b93..b4073343e 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3525,9 +3525,19 @@ END $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/; print FILE $_; } - print FILE "\n#End of custom includes\n"; + print FILE "\n#End of custom includes\n\n"; close (ACL); } + + print FILE < 5.x +acl to_ipv6 dst ipv6 +acl from_ipv6 src ipv6 +http_access deny to_ipv6 +http_access deny from_ipv6 +END + ; + if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; } # Check if squidclamav is enabled.