Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2019-07-26 12:42:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid" Fri Jul 26 12:42:20 2019 rev:73 rq:718583 version:4.8 Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2019-07-18 15:20:24.944144110 +0200 +++ /work/SRC/openSUSE:Factory/.squid.new.4126/squid.changes 2019-07-26 12:42:21.813855718 +0200 @@ -1,0 +2,5 @@ +Thu Jul 18 14:11:28 UTC 2019 - Adam Majer <[email protected]> + +- old_nettle_compat.patch: Fix compatibility with nettle in SLE-12 + +------------------------------------------------------------------- New: ---- old_nettle_compat.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.tvth4C/_old 2019-07-26 12:42:23.101855178 +0200 +++ /var/tmp/diff_new_pack.tvth4C/_new 2019-07-26 12:42:23.105855176 +0200 @@ -39,6 +39,7 @@ Source16: initialize_cache_if_needed.sh Source17: tmpfilesdir.squid.conf Patch1: missing_installs.patch +Patch2: old_nettle_compat.patch BuildRequires: cppunit-devel BuildRequires: db-devel BuildRequires: ed @@ -88,6 +89,9 @@ # upstream patches after RELEASE perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` %patch1 -p1 +%if %{suse_version} < 1500 +%patch2 -p1 +%endif %build %define _lto_cflags %{nil} ++++++ old_nettle_compat.patch ++++++ Author: Adam Majer <[email protected]> Date: Thu Jul 18 13:57:22 CEST 2019 nettle from SLE-12 is missing the change from later versions that ignores the destLen parameter size to base64_decode_update function. This is only used in the assert() but we need to pass real size of the buffer as otherwise all we get is a crash. The missing commit in nettle is, commit 07cb0b62a5fab216ed647f5a87e0f17ab3c9a615 Author: Niels Möller <[email protected]> Date: Fri Feb 7 09:11:20 2014 +0100 Base64 and base16 decoding: Use *dst_length as output only. Index: squid-4.8/src/HttpHeader.cc =================================================================== --- squid-4.8.orig/src/HttpHeader.cc +++ squid-4.8/src/HttpHeader.cc @@ -1301,7 +1301,7 @@ HttpHeader::getAuthToken(Http::HdrType i char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen)); struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t decodedLen = 0; + size_t decodedLen = BASE64_DECODE_LENGTH(fieldLen); if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, field) || !base64_decode_final(&ctx)) { return nil; Index: squid-4.8/src/auth/basic/Config.cc =================================================================== --- squid-4.8.orig/src/auth/basic/Config.cc +++ squid-4.8/src/auth/basic/Config.cc @@ -176,7 +176,7 @@ Auth::Basic::Config::decodeCleartext(con struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; + size_t dstLen = BASE64_DECODE_LENGTH(srcLen)+1; if (base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(cleartext), srcLen, eek) && base64_decode_final(&ctx)) { cleartext[dstLen] = '\0'; Index: squid-4.8/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc =================================================================== --- squid-4.8.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc +++ squid-4.8/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc @@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t { struct base64_decode_ctx ctx; base64_decode_init(&ctx); + *decodedLen = BASE64_DECODE_LENGTH(strlen(srcLen)); if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) || !base64_decode_final(&ctx)) { SEND("BH base64 decode failed"); Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc =================================================================== --- squid-4.8.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc +++ squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc @@ -681,7 +681,7 @@ main(int argc, char *const argv[]) struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; + size_t dstLen = BASE64_DECODE_LENGTH(srcLen); if (!base64_decode_update(&ctx, &dstLen, static_cast<uint8_t*>(input_token.value), srcLen, b64Token) || !base64_decode_final(&ctx)) { debug((char *) "%s| %s: ERROR: Invalid base64 token [%s]\n", LogTime(), PROGRAM, b64Token); Index: squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc =================================================================== --- squid-4.8.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc +++ squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc @@ -192,7 +192,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; + size_t dstLen = length+1; if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), buf+3) || !base64_decode_final(&ctx)) { if (debug_enabled) Index: squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc =================================================================== --- squid-4.8.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc +++ squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc @@ -517,7 +517,7 @@ manage_request() struct base64_decode_ctx ctx; base64_decode_init(&ctx); size_t dstLen = 0; - int decodedLen = 0; + int decodedLen = NTLM_BLOB_BUFFER_SIZE; if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast<uint8_t*>(decoded), strlen(buf)-3, buf+3) || !base64_decode_final(&ctx)) { SEND("NA Packet format error, couldn't base64-decode"); Index: squid-4.8/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc =================================================================== --- squid-4.8.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc +++ squid-4.8/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc @@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t { struct base64_decode_ctx ctx; base64_decode_init(&ctx); + *decodedLen = BASE64_DECODE_LENGTH(strlen(buf))+1; if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) || !base64_decode_final(&ctx)) { SEND_BH("message=\"base64 decode failed\""); Index: squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc =================================================================== --- squid-4.8.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc +++ squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc @@ -153,7 +153,7 @@ main(int argc, char *argv[]) ntlmhdr *packet; struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t dstLen = 0; + size_t dstLen = HELPER_INPUT_BUFFER; if (buflen > 3 && base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, buf+3) && base64_decode_final(&ctx)) { Index: squid-4.8/tools/cachemgr.cc =================================================================== --- squid-4.8.orig/tools/cachemgr.cc +++ squid-4.8/tools/cachemgr.cc @@ -1103,7 +1103,7 @@ decode_pub_auth(cachemgr_request * req) char *buf = static_cast<char*>(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1)); struct base64_decode_ctx ctx; base64_decode_init(&ctx); - size_t decodedLen = 0; + size_t decodedLen = BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1; if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(buf), strlen(req->pub_auth), req->pub_auth) || !base64_decode_final(&ctx)) { debug("cmgr: base64 decode failure. Incomplete auth token string.\n");
