--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu
i've been asked to retrofit the fix for #801907 to the version
in jessie. that bug is fixed in testing. the bug causes jesred to not
interoperate properly with squid versions 3.4 and newer.
changes are as per the attached debdiff: patch 05-squid3 (which makes
jesred work with squid 3 in the first place) was updated, and a small
followup was made to patch 07-ipv6 which was necessary as it
didn't apply properly on top of the updated 05-squid3 patch.
regards
az
diff -Nru jesred-1.2pl1/debian/changelog jesred-1.2pl1/debian/changelog
--- jesred-1.2pl1/debian/changelog 2013-09-29 13:37:11.000000000 +1000
+++ jesred-1.2pl1/debian/changelog 2017-05-14 13:20:06.000000000 +1000
@@ -1,3 +1,10 @@
+jesred (1.2pl1-19+deb8) stable; urgency=high
+
+ * fix of #801907 for jessie: squid 3.4 and newer uses an incompatible
+ format for interacting with redirectors like jesred.
+
+ -- Alexander Zangerl <a...@debian.org> Sun, 14 May 2017 13:11:36 +1000
+
jesred (1.2pl1-19) unstable; urgency=low
* added support for ipv6 (closes: #714819)
diff -Nru jesred-1.2pl1/debian/patches/05-squid3 jesred-1.2pl1/debian/patches/05-squid3
--- jesred-1.2pl1/debian/patches/05-squid3 2015-10-23 22:50:25.000000000 +1000
+++ jesred-1.2pl1/debian/patches/05-squid3 2017-05-14 13:26:30.000000000 +1000
@@ -13,7 +13,7 @@
#ifdef LINUX
#include<string.h>
#else
-@@ -61,89 +62,77 @@ static int match_accel(char *, char *, i
+@@ -61,89 +62,85 @@ static int match_accel(char *, char *, i
int
parse_buff(char *buff, char **url, char **src_addr, char **ident,
@@ -97,17 +97,20 @@
+ struct in_addr address;
+ char *token;
+ char *next_token = buff;
-+
++ char *errorptr;
+
+ /* az [2015-10-23 Fri 21:20]
-+ goodbye squid2, hello squid3.5
-+
-+ no more url groups; a numeric channel id, a url, space and extra stuff or a newline.
-+ apparently extras was configurable with url_rewrite_extras, but that has been
-+ removed in one of the newest squid versions (the docs re this are pretty damn confused...)
-+
-+ [channel-ID <SP>] URL [<SP> extras]<NL>
-+ and extras are supposed to be (adjustable in 3.5, adjustability removed(??) in 4)
++ goodbye squid2..3.3, hello squid3.5
++
++ no more url groups; a numeric channel id, a url, space
++ and extra stuff or a newline.
++ apparently extras was configurable with url_rewrite_extras,
++ but that has been removed in one of the newest squid
++ versions (the docs re this are pretty damn confused...)
++
++ [channel-ID <SP>] URL [<SP> extras]<NL>
++ and extras are supposed to be (adjustable in 3.5,
++ adjustability removed(??) in 4)
+ ip/fqdn username method myip=<ip> myport=<port>
+ */
+
@@ -117,15 +120,20 @@
+ mylog(ERROR, "invalid input, no extras in (%s)", buff);
+ return 1;
+ }
-+
-+ char *errorptr;
-+
++
+ /* channel-id? must be numeric */
+ j = (int)strtol(buff, &errorptr, 10);
+ if (!*errorptr) /* conversion successful */
+ {
+ *chanid = j;
+ *url = next_token;
++
++ /* now find end of url/start of ip/fqdn */
++ if (!(token = strsep(&next_token, " ")))
++ {
++ mylog(ERROR, "invalid input, no ip/fqdn in (%s)", buff);
++ return 1;
++ }
+ }
+ else
+ {
@@ -148,7 +156,7 @@
+ return 1;
+ }
+ *ident = token;
-+
++
+ /* find end of method */
+ if (!(token = strsep(&next_token, " ")))
+ {
@@ -169,9 +177,35 @@
/* URL with less than 7 char is invalid */
if(strlen(*url) <= 7) {
mylog(ERROR, "strlen url to short (%d)\n", strlen(*url));
+@@ -159,7 +156,7 @@ parse_buff(char *buff, char **url, char
+ it is already loaded, when squid runs - so not much waste of
+ memory ;-) */
+ if ( (address.s_addr = inet_addr(*src_addr)) == -1 ) {
+- mylog(ERROR, "client IP address not valid %s\n",
++ mylog(ERROR, "client IP address (%s) not valid\n",
+ *src_addr ? *src_addr : "");
+ if ( token )
+ *token = '/';
+@@ -171,7 +168,7 @@ parse_buff(char *buff, char **url, char
+ /* make sure the IP source address matches that of the ones in our list */
+ if( ip_access_check(address, ip) == IP_DENY ) {
+ #ifdef DEBUG
+- mylog(DEBG, "client IP address %s not matched\n", *src_addr);
++ mylog(DEBG, "client IP address (%s) not matched\n", *src_addr);
+ #endif
+ return 1;
+ }
--- a/main.c
+++ b/main.c
-@@ -75,7 +75,7 @@ int main(int argc, char **argv)
+@@ -23,6 +23,7 @@
+
+ #include<stdio.h>
+ #include<stdlib.h>
++#include <unistd.h>
+ #include<string.h>
+ #include<sys/signal.h>
+ #include<sys/types.h>
+@@ -75,7 +76,7 @@ int main(int argc, char **argv)
/* int first_run = 1; */
char buff[BUFSIZE];
char redirect_url[BUFSIZE];
@@ -180,7 +214,7 @@
int finished = 0;
int buff_status = 0;
ip_acl *ip_list = NULL;
-@@ -93,7 +93,7 @@ int main(int argc, char **argv)
+@@ -93,7 +94,7 @@ int main(int argc, char **argv)
/* main program loop, executed forever more unless terminated
by a kill signal or EOF on stdin */
while(! finished) {
@@ -189,7 +223,7 @@
sig_hup = 0;
mylog(INFO, "Freeing up old linked lists\n");
-@@ -111,49 +111,72 @@ int main(int argc, char **argv)
+@@ -111,49 +112,86 @@ int main(int argc, char **argv)
mylog(INFO, "%s (PID %d) started\n", APPNAME, (int)getpid());
while((!sig_hup) && (fgets(buff, BUFSIZE, stdin) != NULL)){
@@ -271,18 +305,32 @@
+ }
+ else
+ {
-+ unsigned int code;
++ int code;
+ char *just_url;
-+
++
+ if (chanid != -1)
+ printf("%d ", chanid);
+
-+ /* squid3 no longer supports the 30X:url format,
-+ the tool must provide a very different response
-+ for these... */
++ /* az [2015-10-23 Fri 23:19]
++ squid3.4 and 3.5 no longer support the 30X:url format,
++ at least according to SOME of the very inconsistent docs.
++
++ the protocol helper descripton page
++ http://wiki.squid-cache.org/Features/AddonHelpers
++ makes little sense; the protocol it describes is not at
++ all what the url_rewrite_program describes.
++ so i'll take a guess :-(
+
-+ if (sscanf(redirect_url, "%u:%s", &code, &just_url) == 2)
++ the tool should provide a very different response
++ for these...the sscanf isn't very efficient, but
++ i can't be bothered rewriting the rules parser
++ to support a separate code field...
++ */
++ if (2 == sscanf(redirect_url, "%d:%ms", &code, &just_url))
++ {
+ printf("OK code=%d url=%s\n", code, just_url);
++ free(just_url);
++ }
+ else
+ printf("OK rewrite-url=%s\n", redirect_url);
+ fflush(stdout);
diff -Nru jesred-1.2pl1/debian/patches/07-ipv6 jesred-1.2pl1/debian/patches/07-ipv6
--- jesred-1.2pl1/debian/patches/07-ipv6 2015-10-23 22:40:16.000000000 +1000
+++ jesred-1.2pl1/debian/patches/07-ipv6 2017-05-14 13:30:58.000000000 +1000
@@ -241,43 +241,41 @@
#endif
--- a/rewrite.c
+++ b/rewrite.c
-@@ -66,10 +66,10 @@ parse_buff(char *buff, char **url, char
+@@ -66,8 +66,9 @@ parse_buff(char *buff, char **url, char
{
int j;
struct in_addr address;
- char *token;
- char *next_token = buff;
-+ struct in6_addr address6;
-+ int family=AF_INET;
-+ char *token, *next_token = buff;
-
--
++ struct in6_addr address6;
++ int family=AF_INET;
++ char *token, *next_token = buff;
+ char *errorptr;
+
/* az [2015-10-23 Fri 21:20]
- goodbye squid2, hello squid3.5
-
-@@ -147,18 +147,26 @@ parse_buff(char *buff, char **url, char
+@@ -155,18 +156,26 @@ parse_buff(char *buff, char **url, char
i.e. on 2.6 448K r-x + 40K rwx, but since it is a shared lib,
it is already loaded, when squid runs - so not much waste of
memory ;-) */
- if ( (address.s_addr = inet_addr(*src_addr)) == -1 ) {
-- mylog(ERROR, "client IP address not valid %s\n",
+- mylog(ERROR, "client IP address (%s) not valid\n",
- *src_addr ? *src_addr : "");
- if ( token )
- *token = '/';
- return 1;
-+ if ( (address.s_addr = inet_addr(*src_addr)) == -1 )
++ if ( (address.s_addr = inet_addr(*src_addr)) == -1 )
+ {
+ /* not ipv6, test ipv6 now */
+ if (!inet_pton(AF_INET6,*src_addr,&address6.s6_addr))
+ {
-+ mylog(ERROR, "client IP address not valid %s\n",
-+ *src_addr ? *src_addr : "");
-+ if ( token )
-+ *token = '/';
-+ return 1;
++ mylog(ERROR, "client IP address not valid %s\n",
++ *src_addr ? *src_addr : "");
++ if ( token )
++ *token = '/';
++ return 1;
+ }
-+ else
-+ family=AF_INET6;
++ else
++ family=AF_INET6;
}
if ( token )
*token = '/';
@@ -285,7 +283,7 @@
/* make sure the IP source address matches that of the ones in our list */
- if( ip_access_check(address, ip) == IP_DENY ) {
+ if( ip_access_check(family,(family==AF_INET?(void*)&address:
-+ (void*)&address6),ip) == IP_DENY ) {
++ (void*)&address6),ip) == IP_DENY ) {
#ifdef DEBUG
- mylog(DEBG, "client IP address %s not matched\n", *src_addr);
+ mylog(DEBG, "client IP address (%s) not matched\n", *src_addr);
#endif
--- End Message ---
signature.asc
