From patchwork Tue Jan 23 03:49:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 1628 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 6D47E60993 for ; Mon, 22 Jan 2018 17:49:59 +0100 (CET) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 8312745C1; Mon, 22 Jan 2018 17:49:58 +0100 (CET) Received: from Devel.localdomain (p4FDF0C34.dip0.t-ipconnect.de [79.223.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 6AC9745BD for ; Mon, 22 Jan 2018 17:49:56 +0100 (CET) From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] squid 3.5.27: latest patch from upstream (2018_2)) Date: Mon, 22 Jan 2018 17:49:52 +0100 Message-Id: <20180122164952.13749-1-matthias.fischer@ipfire.org> X-Mailer: git-send-email 2.15.1 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Hi, As announced, here is the second patch for 'squid 3.5.27'. For details about this and the previous patch (2018_1) regarding "ESI Response processing" and "HTTP message processing", see: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-announce-ADVISORY-SQUID-2018-1-Denial-of-Service-issue-in-ESI-Response-processing-tp4684618.html http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-announce-ADVISORY-SQUID-2018-2-Denial-of-Service-issue-in-HTTP-Message-processing-td4684617.html Best, Matthias Signed-off-by: Matthias Fischer --- lfs/squid | 1 + src/patches/squid/SQUID-2018_2.patch | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 src/patches/squid/SQUID-2018_2.patch diff --git a/lfs/squid b/lfs/squid index ae4d7ea44..3390f96d5 100644 --- a/lfs/squid +++ b/lfs/squid @@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_1.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_2.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch cd $(DIR_APP) && autoreconf -vfi diff --git a/src/patches/squid/SQUID-2018_2.patch b/src/patches/squid/SQUID-2018_2.patch new file mode 100644 index 000000000..9ecd8a5b7 --- /dev/null +++ b/src/patches/squid/SQUID-2018_2.patch @@ -0,0 +1,23 @@ +commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5) +Author: squidadm +Date: 2018-01-21 08:07:08 +1300 + + Fix indirect IP logging for transactions without a client connection (#129) (#136) + +diff --git a/src/client_side_request.cc b/src/client_side_request.cc +index be124f3..203f89d 100644 +--- a/src/client_side_request.cc ++++ b/src/client_side_request.cc +@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data) + * Ensure that the access log shows the indirect client + * instead of the direct client. + */ +- ConnStateData *conn = http->getConn(); +- conn->log_addr = request->indirect_client_addr; +- http->al->cache.caddr = conn->log_addr; ++ http->al->cache.caddr = request->indirect_client_addr; ++ if (ConnStateData *conn = http->getConn()) ++ conn->log_addr = request->indirect_client_addr; + } + request->x_forwarded_for_iterator.clean(); + request->flags.done_follow_x_forwarded_for = true;