From patchwork Mon Jan 8 16:42:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 7438 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4T80NQ14RFz3wyG for ; Mon, 8 Jan 2024 16:47:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4T80NN41Kdz1Qc; Mon, 8 Jan 2024 16:47:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4T80NN2sFHz32gq; Mon, 8 Jan 2024 16:47:32 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4T80Gy39gqz30Pf for ; Mon, 8 Jan 2024 16:42:50 +0000 (UTC) Received: from michael.haj.ipfire.org (michael.haj.ipfire.org [172.28.1.242]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "michael.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4T80Gx5JyKznP; Mon, 8 Jan 2024 16:42:49 +0000 (UTC) Received: by michael.haj.ipfire.org (Postfix, from userid 0) id 4T80Gx3xBtzTgkh; Mon, 8 Jan 2024 16:42:49 +0000 (UTC) From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH] Revert "proxy.cgi: Fix for Bug #12826 'squid >=5 crashes on literal IPv6 addresses'" Date: Mon, 8 Jan 2024 16:42:48 +0000 Message-Id: <20240108164248.3794991-1-michael.tremer@ipfire.org> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Message-ID-Hash: KYJKYSM3HGRUFU5MP2UVHJILQIYZTDWG X-Message-ID-Hash: KYJKYSM3HGRUFU5MP2UVHJILQIYZTDWG X-MailFrom: root@michael.haj.ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Michael Tremer X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This reverts commit e0be9eab47d621545e5498c32c0fef39f7ef84a9. This change is now producing problems on IPv6-enabled systems as it will deny access to any website that is IPv6-enabled as well, even if the client connected using IPv4. I have tested if squid is now running on fine on systems where IPv6 is disabled and can confirm that its running just fine. Signed-off-by: Michael Tremer Acked-by: Peter Müller --- html/cgi-bin/proxy.cgi | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 71be315f6..c8e3576df 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3525,19 +3525,9 @@ END $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/; print FILE $_; } - print FILE "\n#End of custom includes\n\n"; + print FILE "\n#End of custom includes\n"; close (ACL); } - - print FILE < 5.x -acl to_ipv6 dst ipv6 -acl from_ipv6 src ipv6 -http_access deny to_ipv6 -http_access deny from_ipv6 -END - ; - if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; } # Check if squidclamav is enabled.