--- squid3-3.1.6.orig/debian/copyright +++ squid3-3.1.6/debian/copyright @@ -0,0 +1,442 @@ + +This package was debianized by Luigi Gangitano on +22 Apr 2006. + +The current Debian maintainer is Luigi Gangitano + +It was downloaded from http://www.squid-cache.org + +SQUID Internet Object Cache http://www.squid-cache.org +-------------------------------------------------------- + + Squid is the result of efforts by numerous individuals from the + Internet community. Development is led by Duane Wessels of the + National Laboratory for Applied Network Research and funded by + the National Science Foundation. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. + +Squid is derived from the ``cached'' software from the ARPA-funded +Harvest research project. The Harvest home page is +http://harvest.cs.colorado.edu/. + +Squid is originally derived from the Harvest Information Discovery and +Access System. The Harvest copyright text follows: + +/* + * Copyright (c) 1994, 1995. All rights reserved. + * + * The Harvest software was developed by the Internet Research Task + * Force Research Group on Resource Discovery (IRTF-RD): + * + * Mic Bowman of Transarc Corporation. + * Peter Danzig of the University of Southern California. + * Darren R. Hardy of the University of Colorado at Boulder. + * Udi Manber of the University of Arizona. + * Michael F. Schwartz of the University of Colorado at Boulder. + * Duane Wessels of the University of Colorado at Boulder. + * + * This copyright notice applies to software in the Harvest + * ``src/'' directory only. Users should consult the individual + * copyright notices in the ``components/'' subdirectories for + * copyright information about other software bundled with the + * Harvest source code distribution. + * + * TERMS OF USE + * + * The Harvest software may be used and re-distributed without + * charge, provided that the software origin and research team are + * cited in any use of the system. Most commonly this is + * accomplished by including a link to the Harvest Home Page + * (http://harvest.cs.colorado.edu/) from the query page of any + * Broker you deploy, as well as in the query result pages. These + * links are generated automatically by the standard Broker + * software distribution. + * + * The Harvest software is provided ``as is'', without express or + * implied warranty, and with no support nor obligation to assist + * in its use, correction, modification or enhancement. We assume + * no liability with respect to the infringement of copyrights, + * trade secrets, or any patents, and are not responsible for + * consequential damages. Proper use of the Harvest software is + * entirely the responsibility of the user. + * + * DERIVATIVE WORKS + * + * Users may make derivative works from the Harvest software, subject + * to the following constraints: + * + * - You must include the above copyright notice and these + * accompanying paragraphs in all forms of derivative works, + * and any documentation and other materials related to such + * distribution and use acknowledge that the software was + * developed at the above institutions. + * + * - You must notify IRTF-RD regarding your distribution of + * the derivative work. + * + * - You must clearly notify users that your are distributing + * a modified version and not the original Harvest software. + * + * - Any derivative product is also subject to these copyright + * and use restrictions. + * + * Note that the Harvest software is NOT in the public domain. We + * retain copyright, as specified above. + * + * HISTORY OF FREE SOFTWARE STATUS + * + * Originally we required sites to license the software in cases + * where they were going to build commercial products/services + * around Harvest. In June 1995 we changed this policy. We now + * allow people to use the core Harvest software (the code found in + * the Harvest ``src/'' directory) for free. We made this change + * in the interest of encouraging the widest possible deployment of + * the technology. The Harvest software is really a reference + * implementation of a set of protocols and formats, some of which + * we intend to standardize. We encourage commercial + * re-implementations of code complying to this set of standards. + */ + +============================================================================== + +lib/base64.c::base64_encode(): + +Adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c. +Modified to work with strings instead of files. + +============================================================================== + +snmplib/*: +include/{asn1.h,parse.h,snmp*}: + +The SNMP library code is developed by Carnegie Mellon University. + +/*************************************************************************** + * + * Copyright 1997 by Carnegie Mellon University + * + * All Rights Reserved + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose and without fee is hereby granted, + * provided that the above copyright notice appear in all copies and that + * both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of CMU not be + * used in advertising or publicity pertaining to distribution of the + * software without specific, written prior permission. + * + * CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING + * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL + * CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR + * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, + * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, + * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + * + ***************************************************************************/ + +============================================================================== + +lib/GNUregex.c: + +/* Extended regular expression matching and search library, + * version 0.12. + * (Implements POSIX draft P10003.2/D11.2, except for + * internationalization features.) + * + * Copyright (C) 1993 Free Software Foundation, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. */ + +============================================================================== + +lib/md5.c: + +/* + * This code implements the MD5 message-digest algorithm. + * The algorithm is due to Ron Rivest. This code was + * written by Colin Plumb in 1993, no copyright is claimed. + * This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. + * This code has been tested against that, and is equivalent, + * except that you don't need to include two pages of legalese + * with every copy. + * + * To compute the message digest of a chunk of bytes, declare an + * SquidMD5Context structure, pass it to SquidMD5Init, call + * SquidMD5Update as needed on buffers full of bytes, and then call + * SquidMD5Final, which will fill a supplied 16-byte array with the + * digest. + * + * Changed so as no longer to depend on Colin Plumb's `usual.h' header + * definitions; now uses stuff from dpkg's config.h. + * - Ian Jackson . + * Still in the public domain. + * + * Changed SquidMD5Update to take a void * for easier use and some + * other minor cleanup. - Henrik Nordstrom . + * Still in the public domain. + * + * Prefixed all symbols with "Squid" so they don't collide with + * other libraries. Duane Wessels . + * Still in the public domain. + */ + +============================================================================== + +lib/radix.c: + +/* + * Copyright (c) 1988, 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)radix.c 8.4 (Berkeley) 11/2/94 + */ + +============================================================================== + +lib/tempnam.c: + +/* A reasonably functional tmpnam. */ + +/* Originally by Tom Hageman, tom@basil.icce.rug.nl */ + +/* + * This tmpnam() was changed by Gerben_Wierda@RnA.nl to serve as + * tempnam() for squid-1.1.6. It ignores the directory parameter, every + * temp file is written in /tmp. + */ + +============================================================================== + +lib/drand48.c: + +From Linux libc-5.4.46. + +============================================================================== + +mcast_encode() in src/access_log.c is derived from Mark Atkinson's +(mark_a@cix.compulink.co.uk) "Tiny Encryption Algorithm". +http://www.io.com/~paulhart/game/algorithms/tea.html + +============================================================================== + +lib/inet_ntoa.c: + +/* + * Copyright (c) 1983 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +static char sccsid[] = "@(#)inet_ntoa.c 5.6 (Berkeley) 2/24/91"; + +============================================================================== + +lib/strnstr.cc: + +/*- + * Copyright (c) 2001 Mike Barcroft + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)strstr.c 8.1 (Berkeley) 6/4/93 + * $FreeBSD: src/lib/libc/string/strnstr.c,v 1.2.2.1 2001/12/09 06:50:03 mike Exp $ + * $DragonFly: src/lib/libc/string/strnstr.c,v 1.4 2006/03/20 17:24:20 dillon Exp $ + */ + +============================================================================== + +lib/getopt.c: + +/* + * Copyright (c) 1987, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +static char sccsid[] = "@(#)getopt.c 8.3 (Berkeley) 4/27/95"; + +============================================================================== + +src/external_acl.c + +Copyright (C) 2002 MARA Systems AB, Sweden + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +============================================================================== + +helpers/external_acl/wbinfo_group/wbinfo_group.pl + + This program is put in the public domain by Jerry Murdock + . It is distributed in the hope that it will + be useful, but WITHOUT ANY WARRANTY; without even the implied warranty + of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +============================================================================== + +helpers/external_acl/winbind_group/ + + This is a helper for the external ACL interface for Squid Cache + Copyright (C) 2002 Guido Serassio + Based on previous work of Rodrigo Albani de Campos + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + includes code contributed by others + + winbind client common code + + Copyright (C) Tim Potter 2000 + Copyright (C) Andrew Tridgell 2000 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + +============================================================================== + +lib/libTrie/* + + This library is (C) Robert Collins and is licensed + under the GPL. + +============================================================================== + + On Debian GNU/Linux systems, a copy of the GNU General Public License + can be found in /usr/share/common-licenses/GPL. + + The Debian packaging is (C) 2006, Luigi Gangitano and is + licensed under the GPL, see above. --- squid3-3.1.6.orig/debian/squid3.install +++ squid3-3.1.6/debian/squid3.install @@ -0,0 +1,17 @@ +etc/squid3/squid.conf +etc/squid3/msntauth.conf +etc/squid3/errorpage.css +etc/logrotate.d +etc/resolvconf +etc/init.d/squid3 +usr/lib/squid3 +usr/sbin/squid3 +usr/share/man/man8/squid3.8 +usr/share/man/man8/squid3_db_auth.8 +usr/share/man/man8/squid3_ldap_auth.8 +usr/share/man/man8/squid3_ldap_group.8 +usr/share/man/man8/squid3_ncsa_auth.8 +usr/share/man/man8/squid3_pam_auth.8 +usr/share/man/man8/squid3_radius_auth.8 +usr/share/man/man8/squid3_session.8 +usr/share/man/man8/squid3_unix_group.8 --- squid3-3.1.6.orig/debian/squid3-common.install +++ squid3-3.1.6/debian/squid3-common.install @@ -0,0 +1,4 @@ +usr/share/squid3/icons +usr/share/squid3/mib.txt +usr/share/squid3/mime.conf +etc/squid3/squid.conf.documented /usr/share/doc/squid3-common --- squid3-3.1.6.orig/debian/README.source +++ squid3-3.1.6/debian/README.source @@ -0,0 +1,3 @@ +This package uses dpatch to manage all modifications to the upstream +source. Please refer to /usr/share/doc/dpatch/README.source.gz in package +dpatch for details. --- squid3-3.1.6.orig/debian/squid3.prerm +++ squid3-3.1.6/debian/squid3.prerm @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +case "$1" in + remove|remove-in-favour|deconfigure-in-favour) + # + # Stop the daemon + # + invoke-rc.d squid3 stop + ;; + upgrade|failed-upgrade) + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- squid3-3.1.6.orig/debian/squid3-common.postinst +++ squid3-3.1.6/debian/squid3-common.postinst @@ -0,0 +1,36 @@ +#! /bin/sh + +set -e + + +case "$1" in + configure) + # + # Fix directory->link transition for /usr/share/squid3/errors in + # 3.0.STABLE15-1: all has gone well, remove temporary directory + # + if (dpkg --compare-versions "$2" lt '3.0.STABLE15-1' && + [ ! -h "/usr/share/squid3/errors" ] && + [ -d "/usr/share/squid3/errors" ]) + then + rm -rf /usr/share/squid3/errors + ln -s /usr/share/squid-langpack /usr/share/squid3/errors + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + *) + # + # Unknown action - do nothing. + # + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- squid3-3.1.6.orig/debian/watch +++ squid3-3.1.6/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.squid-cache.org/Versions/v3/3.1/squid-(.?\..?\..{1,2})\.tar\.gz --- squid3-3.1.6.orig/debian/control +++ squid3-3.1.6/debian/control @@ -0,0 +1,76 @@ +Source: squid3 +Section: web +Priority: optional +Maintainer: Luigi Gangitano +Homepage: http://www.squid-cache.org +Standards-Version: 3.9.1 +Build-Depends: libldap2-dev, libpam0g-dev, libdb-dev, dpatch (>= 2.0.9), cdbs, libsasl2-dev, debhelper (>=5), libcppunit-dev, libkrb5-dev, comerr-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libexpat1-dev, libxml2-dev, autotools-dev, libltdl-dev + +Package: squid3 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, netbase, adduser, logrotate (>= 3.5.4-1), squid3-common (= ${source:Version}), lsb-base +Suggests: squidclient, squid-cgi, resolvconf (>= 0.40), smbclient +Description: A full featured Web Proxy cache (HTTP proxy) + Squid is a high-performance proxy caching server for web clients, supporting + FTP, gopher, and HTTP data objects. + . + Squid version 3 is a major rewrite of Squid in C++ and introduces a number of + new features including ICAP and ESI support. + +Package: squid3-dbg +Architecture: any +Section: debug +Priority: extra +Depends: squid3 (= ${binary:Version}), ${misc:Depends} +Description: A full featured Web Proxy cache (HTTP proxy) - Debug symbols + Squid is a high-performance proxy caching server for web clients, supporting + FTP, gopher, and HTTP data objects. + . + Squid version 3 is a major rewrite of Squid in C++ and introduces a number of + new features including ICAP and ESI support. + . + This package contains debugging symbols for binaries in squid3. + +Package: squid3-common +Architecture: all +Depends: ${misc:Depends}, squid-langpack +Description: A full featured Web Proxy cache (HTTP proxy) - common files + Squid is a high-performance proxy caching server for web clients, supporting + FTP, gopher, and HTTP data objects. + . + Squid version 3 is a major rewrite of Squid in C++ and introduces a number of + new features including ICAP and ESI support. + . + This package contains common files (MIB and icons) + +Package: squidclient +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Provides: squid3-client +Conflicts: squid3-client +Replaces: squid3-client +Description: A full featured Web Proxy cache (HTTP proxy) - control utility + Squid is a high-performance proxy caching server for web clients, supporting + FTP, gopher, and HTTP data objects. + . + Squid version 3 is a major rewrite of Squid in C++ and introduces a number of + new features including ICAP and ESI support. + . + This package contains a small utility that can be used to get URLs from the + command line. It needs to talk to a `squid' proxy server. + +Package: squid-cgi +Architecture: any +Depends: apache2 | httpd, ${shlibs:Depends}, ${misc:Depends} +Provides: squid3-cgi +Conflicts: squid3-cgi +Replaces: squid3-cgi +Description: A full featured Web Proxy cache (HTTP proxy) - control CGI + Squid is a high-performance proxy caching server for web clients, supporting + FTP, gopher, and HTTP data objects. + . + Squid version 3 is a major rewrite of Squid in C++ and introduces a number of + new features including ICAP and ESI support. + . + This package contains a CGI program that can be used to query and administrate + a `squid' proxy cache through a web browser. --- squid3-3.1.6.orig/debian/changelog +++ squid3-3.1.6/debian/changelog @@ -0,0 +1,716 @@ +squid3 (3.1.6-1.2+squeeze3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Add CVE-2012-5643-CVE-2013-0189.dpatch patch. + Fix squid-cgi (cachemgr) memory leaks and denial of service + vulnerability: remote attackers could cause a denial of service (memory + consumption) via (1) invalid Content-Length headers, (2) long POST + requests, or (3) crafted authentication credentials. CVE-2012-5643 and + CVE-2013-0189. (Closes: #696187) + + -- Salvatore Bonaccorso Sat, 23 Feb 2013 14:08:15 +0100 + +squid3 (3.1.6-1.2+squeeze2) stable-security; urgency=high + + * Apply upstream patches to fix a memory leak and invalid free(). + revisions 10111 and 10384 from the SQUID_3_1 branch. + Fixes CVE-2011-4096. + + -- Florian Weimer Fri, 06 Jan 2012 12:57:11 +0100 + +squid3 (3.1.6-1.2+squeeze1) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix buffer overflow on long gopher server replies + (CVE-2011-3205; Closes: #639755). + + -- Nico Golde Sat, 10 Sep 2011 13:09:24 +0000 + +squid3 (3.1.6-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix DoS while processing large DNS replies with no IPv6 resolver present + (CVE-2010-2951) (Closes: #599709) + + -- Ben Hutchings Sat, 30 Oct 2010 17:00:55 +0200 + +squid3 (3.1.6-1.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Fix DoS due to wrong string handling (Closes: #596086) + Fixes: CVE-2010-3072 + + -- Steffen Joeris Mon, 13 Sep 2010 17:07:51 +1000 + +squid3 (3.1.6-1) unstable; urgency=low + + * New upstream release + + * debian/rules + - Removed now-default --enable-ipv6 option + + * debian/control + - Bumped Standard-Version to 3.9.1, no change needed + + * debian/patches/01-cf.data.pre + - Updated to match new upstream default IPv6 configuration + + -- Luigi Gangitano Mon, 09 Aug 2010 00:59:26 +0200 + +squid3 (3.1.5-2) unstable; urgency=low + + * debian/control + - Added build dependency on libltdl-dev fixing FTBFS on most archs + + -- Luigi Gangitano Wed, 07 Jul 2010 15:21:06 +0200 + +squid3 (3.1.5-1) unstable; urgency=low + + * New upstream release + + * debian/control + - Bumped Standard-Version to 3.9.0 + + -- Luigi Gangitano Tue, 06 Jul 2010 23:26:26 +0200 + +squid3 (3.1.4-1) unstable; urgency=low + + * New upstream release + - Fixes several issues with IPv6 socket handling (Closes: #581901, #584223) + - Fixes assertion in comm.cc (Closes: #572368) + + -- Luigi Gangitano Fri, 04 Jun 2010 14:49:32 +0200 + +squid3 (3.1.3-2) unstable; urgency=low + + * debian/rules + - Actually enable IPv6 (how did I miss this?) + + -- Luigi Gangitano Tue, 04 May 2010 11:15:49 +0200 + +squid3 (3.1.3-1) unstable; urgency=low + + * New upstream release + - Fix incorrect behaviour of --enable-ipv6 (Closes: #578047) + - Removed patches integrated upstream + + 14-kfreebsd-compile + + -- Luigi Gangitano Sun, 02 May 2010 19:31:38 +0200 + +squid3 (3.1.1-3) unstable; urgency=low + + * debian/{squid3.install,rules} + - Install documented version of squid.conf as file, not directory + (Closes: #577615) + + -- Luigi Gangitano Thu, 15 Apr 2010 11:14:08 +0200 + +squid3 (3.1.1-2) unstable; urgency=low + + * debian/watch + - Updated pattern to match 3.1 releases + + * debian/control + - Excluded dependency on libcap2-dev on kfreebsd + + * debian/patches/14-kfreebsd-compile + - Added patch to enable kfreebsd compilato, thanks to Petr Salinger + (Closes: #576952) + + * debian/{rules,control,squid-cgi.install} + - Rename squid3-cgi package to squid-cgi (Closes: #489061) + + * debian/patches/15-cachemgr-default-config + - Fix squid-cgi default configuration file path + + * debian/source/format + - Added format specification file, still with 1.0 version + + -- Luigi Gangitano Mon, 12 Apr 2010 11:49:01 +0200 + +squid3 (3.1.1-1) unstable; urgency=low + + * New upstream release + + * debian/control + - Bumped Standard-Version to 3.8.4, no change needed + + -- Luigi Gangitano Thu, 01 Apr 2010 00:33:21 +0200 + +squid3 (3.1.0.18-1) UNRELEASED; urgency=low + + * New upstream release + + * debian/rules + - Fix wrong resolvconf directory (Closes: #565652) + + -- Luigi Gangitano Mon, 15 Mar 2010 19:35:50 +0100 + +squid3 (3.1.0.17-1) UNRELEASED; urgency=low + + * New upstream release, fixes + - Remote Denial of Service issue in HTCP (Closes: #572554) + (Ref: SQUID-2010:2 CVE-2010-0639) + + -- Luigi Gangitano Fri, 12 Mar 2010 15:41:00 +0100 + +squid3 (3.1.0.16-1) experimental; urgency=low + + * New upstream release + - Adds client_ip_max_connection to avoid DoS under Slowloris attack + (Ref: TEMP-0533661-009115 Closes: #533664) + - Handle DNS header-only packets as invalid + (Ref: SQUID-2010:1 CVE-2010-0308) + - Fixes memory filling during file download (Closes: #562012) + + -- Luigi Gangitano Wed, 10 Feb 2010 18:53:36 +0100 + +squid3 (3.1.0.15-1) experimental; urgency=low + + * New upstream release + - Fixes assertion failures on malformed Content-Range response headers + (Closes: #541032) + + * debian/README.Debian + - Fixed reference to RELEASENOTES.html (Closes: #561007) + + * debian/README.source + - Added directions on source handling + + * debian/control + - Remove duplicated informations that can be inherited from source stanza + - Added autotools-dev build-dependency to enable cdbs fix for ancient + helper files + + -- Luigi Gangitano Thu, 14 Jan 2010 22:44:13 +0100 + +squid3 (3.1.0.14-2) experimental; urgency=low + + * debian/rules + - Enable ESI support (Closes: #506241) + + * debian/control + - Add Build-Dep on libexpat1-dev and libxml2-dev, needed by ESI support + + -- Luigi Gangitano Tue, 29 Sep 2009 19:55:23 +0200 + +squid3 (3.1.0.14-1) experimental; urgency=low + + * New upstream release + - Fixes FTBFS in GNU/kFreeBSD (Closes: #545965) + - Fixes incorrect handling of IMS (Closes: #499379) + + * debian/patches/01-cf.data.debian + - Updated to match new upstream + + -- Luigi Gangitano Tue, 29 Sep 2009 19:31:16 +0200 + +squid3 (3.1.0.13-2) experimental; urgency=low + + * debian/rules + - Disable language files generation + - Do not clean libcppunit that is not shipped with squid anymore + + * debian/control + - Removed dependency on sharutils + - Added dependency on libcap2, will enable TPROXY support (Closes: 398970) + - Fixed squid3-common description, no more error pages + + * debian/squidclient.1 + - Removed man page integrated upstream + + * debian/squid3.rc + - Removed obsolete -D option + + * debian/patches/01-cf.data.debian + - Added ::1 to localhost definition in ACLs + + -- Luigi Gangitano Fri, 25 Sep 2009 23:02:40 +0200 + +squid3 (3.1.0.13-1) experimental; urgency=low + + * Upload to experimental + + * New upstream release + - Fixes Follow-X-Forwarded-For support (Closes: #523943) + - Adds IPv6 support (Closes: #432351) + + * debian/rules + - Removed obsolete configuration options + - Enable db and radius basic authentication modules + + * debian/patches/01-cf.data.debian + - Adapted to new upstream version + + * debian/patches/02-makefile-defaults + - Adapted to new upstream version + + * debian/{squid.postinst,squid.rc,README.Debian,watch} + - Updated references to squid 3.1 + + * debian/squid3.install + - Install CSS file for error pages + - Install manual pages for new authentication modules + + * debian/squid3-common.install + - Install documented version of configuration file in /usr/share/doc/squid3 + + -- Luigi Gangitano Thu, 24 Sep 2009 14:51:06 +0200 + +squid3 (3.0.STABLE19-1) unstable; urgency=low + + * New upstream release + - Fixes DoS in exthernal auth header parser (Ref: CVE-2009-2855) + + * debian/squid.rc + - Fixed dependencies in init.d script, thanks to Petter Reinholdtsen + (Closes: #546362) + + * debian/control + - Bumped Standard-Version to 3.8.3, no change needed + + -- Luigi Gangitano Sun, 20 Sep 2009 01:33:00 +0200 + +squid3 (3.0.STABLE18-1) unstable; urgency=high + + * New upstream release + - Removed patches integrated upstream + + 12-gcc44-fixes + + 13-signed-unsigned-fixes + + SQUID-2009-2 + + * debian/rules + - Enable ARP ACLs (Closes: #538023) + - Enable SNMP support (Closes: #537187) + + * debian/control + - Fix dependency for squid3-dbg on squid3 =${binary:Version} + - Added dependency of squid3-dbg on ${misc:Depends} + + * debian/squid3-common.postinst + - Added DEBHELPER placeholder + + -- Luigi Gangitano Sun, 09 Aug 2009 00:28:56 +0200 + +squid3 (3.0.STABLE16-2.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix multiple possible denial of service vectors in the processing of + requests or responses + (SQUID-2009-2; CVE-2009-2622; CVE-2009-2621; 12-SQUID-2009_2.dpatch). + + -- Nico Golde Tue, 04 Aug 2009 21:56:36 +0200 + +squid3 (3.0.STABLE16-2) unstable; urgency=low + + * debian/patches/13-signed-unsigned-fixes + - Added upstream patch fixing build errors on 64-bit archs + (Closes: #536588) + + * debian/README.Debian + - Removed instability notice of development version + + * debian/control + - Fixed squid3-dbg section and priority to match archive override + + -- Luigi Gangitano Sat, 11 Jul 2009 13:46:45 +0200 + +squid3 (3.0.STABLE16-1) unstable; urgency=low + + * New upstream release + + * debian/patches/12-gcc44-fixes + - Added upstream patch fixing build erros with GCC 4.4 (Closes: #526672) + + * debian/control + - Bumped Standard-Version to 3.8.2, no change needed + + * debian/NEWS.Debian + - Fixed format of NEWS.Debian (double space at start) + + -- Luigi Gangitano Tue, 07 Jul 2009 18:56:41 +0200 + +squid3 (3.0.STABLE15-1) unstable; urgency=low + + * New upstream release + - Fixes wrong reference to digest_pw_auth (Closes: #517528) + + * debian/{control,squid3-common.{install,postinst,links},NEWS.Debian} + - Added dependency on squid-langpack, linked error directory to + /usr/share/squid-langpack (Closes: #497283) + - Added a notice in NEWS.Debian on customized error_directory settings + + * debian/patches/01-cf.data.debian + - Adapted to new upstream version + + * debian/control + - Added debug package to help bug reports + - Added dependency on libkrb5-dev and comerr-dev + + * debian/squid3.resolvconf + - Use invoke-rc.d instead of directly calling init script + + * debian/rules + - Added missing --with-large-files configure option (Closes: #534888) + - Enabled Kerberos Negotiate Auth support (Closes: #532064) + + * debian/copyright + - Fixed copyright to reflect current sources, thanks to Amos Jeffries + (Closes: #524601) + + * debian/squid3.rc + - Added reference to config file at startup (Closes: #517529) + + * debian/squid3.postinst + - Removed path from command invocation and make lintian happy + + -- Luigi Gangitano Mon, 6 May 2009 13:29:10 +0200 + +squid3 (3.0.STABLE13-1) unstable; urgency=low + + * New upstream release + - Removed patches integrated upstream + + 10-mgr_active_requests + + 11-SQUID-2009-1 + + * debian/patches/02-makefile-defaults + - Removed cachemgr configuration file fix integrated upstream + + * debian/rules + - Disable support for coss witch is marked as unstable upstream + + -- Luigi Gangitano Mon, 16 Feb 2009 16:18:30 +0100 + +squid3 (3.0.STABLE8-3) unstable; urgency=high + + * Urgency high due to security fixes + + * debian/patches/11-SQUID-2009-1 + - Added upstream patch fixing Denial of Service in request processing + (Ref: SQUID-2009-1, CVE: TBA) + + -- Luigi Gangitano Fri, 06 Feb 2009 20:23:57 +0100 + +squid3 (3.0.STABLE8-2) unstable; urgency=low + + * debian/squid3.postinst + - Fixed non-POSIX option to chown (Closes: #491701) + + * debian/rules + - Removed obsoleted configure options (Closes: 511272) + - Added --enable-follow-x-forwarded-for configure option + + * debian/control + - Added dependency on ${misc:Depends} to make lintian happy + + * debian/squid3.postinst + - Removed path from squid3 invocation to make lintian happy + + * debian/control + - Bumped Standard-Version to 3.8.0, no change needed + + -- Luigi Gangitano Fri, 9 Jan 2009 00:02:48 +0200 + +squid3 (3.0.STABLE8-1) unstable; urgency=high + + * Urgency high to meet freeze deadline + + * New upstream release + + * debian/patches/10-mgr_active_requests + - Added upstream patch fixing delay_pool reporting in cachemgr.cgi + + -- Luigi Gangitano Mon, 21 Jul 2008 09:20:31 +0200 + +squid3 (3.0.STABLE7-1) unstable; urgency=low + + * New upstream release + + -- Luigi Gangitano Sat, 05 Jul 2008 21:24:36 +0200 + +squid3 (3.0.STABLE6-2) unstable; urgency=low + + * debian/control + - Fixed suggestion on squidclient package + + -- Luigi Gangitano Sun, 01 Jun 2008 05:48:22 +0200 + +squid3 (3.0.STABLE6-1) unstable; urgency=low + + * New upstream release (Closes: #478695) + + * debian/squid3.rc + - Added automatic coss file creation (Closes: #478108) + - Removed default blocking logging to syslog + - Added parsing of /etc/default/squid3 for SQUID_ARGS override + + * debian/{rules,control,squidclient.install,squidclient.1} + - Rename squid3-client package to squidclient (Closes: #473876) + - Added squidclient man page from old squid package + + -- Luigi Gangitano Sun, 01 Jun 2008 02:43:42 +0200 + +squid3 (3.0.STABLE5-1) UNRELEASED; urgency=low + + * New upstream release (Closes: #478695) + + -- Luigi Gangitano Sat, 03 May 2008 18:39:36 +0200 + +squid3 (3.0.STABLE4-1) unstable; urgency=low + + * New upstream release + + -- Luigi Gangitano Thu, 03 Apr 2008 01:34:07 +0200 + +squid3 (3.0.STABLE2-1) unstable; urgency=low + + * New upstream release (Closes: #470641) + + * debian/rules + - Fixed bashism (Closes: #468567) + + * debian/control + - Fixed description, remove instability notice (Closes: #463347) + + * debian/squid.rc + - Raise max open filedescriptor limit to match build time limit at + 65535 (Closes: #470605, #470607) + + -- Luigi Gangitano Wed, 12 Mar 2008 13:52:21 +0100 + +squid3 (3.0.STABLE1-2) unstable; urgency=low + + * debian/rules + - Fixed --with-large-files option to ./configure (Closes: #459306) + - Added null storio option (Closes: #456889) + + -- Luigi Gangitano Tue, 11 Jan 2008 14:09:45 +0100 + +squid3 (3.0.STABLE1-1) unstable; urgency=low + + * New upstream release + - Updated debian/watch (Closes: #456470) + - Removed patches integrated upstream + + 08-resume-http + + 09-dos-cache-update + + * debian/control + - Bumped Standard-Version to 3.7.3 (no change needed) + - Added Homepage field + + * debian/patches/01-cf.data.debian + - Adapted to new upstream version (remove default accesso to + RFC1918 addresses) + + * debian/squid3.{preinst,postinst,prerm,postrm} + - Added debhelper token + + -- Luigi Gangitano Mon, 17 Dec 2007 11:36:57 +0100 + +squid3 (3.0.RC1-3) unstable; urgency=high + + * Urgency high due to security fixes + + * debian/patches/09-dos-cache-update + - Added upstream patch fixing DoS in cache update reply processing + (Ref: CVE-2007-6239, SQUID-2007:2) + + -- Luigi Gangitano Fri, 7 Dec 2007 16:30:39 +0100 + +squid3 (3.0.RC1-2) unstable; urgency=low + + * debian/patches/08-resume-http.dpatch + - Added upstream patch fixing failure to resume downloads + + -- Luigi Gangitano Mon, 15 Oct 2007 02:43:44 +0200 + +squid3 (3.0.RC1-1) unstable; urgency=low + + * New upstream release + - Updated debian watch + + * debian/patches/01-cf.data.debian + - Updated to match upstream changes + + * debian/control + - Updated Build-Depends to libdb 4.6 + - Removed dependency on essential package coreutils + - Fixed dependency on virtual package httpd + + -- Luigi Gangitano Sun, 14 Oct 2007 16:07:28 +0200 + +squid3 (3.0.PRE7-1) unstable; urgency=low + + * New upstream release + - Fixed assertion failure when receiving TCP_RESET (Closes: #435887) + - Removed patches integrated upstream: + + debian/patches/05-helpers-typo + + debian/patches/06-mem-obj-reference + + debian/patches/07-close-icap-connections + + * debian/patches/01-cf.data.debian + - Removed upstream-integrated patches + + * debian/rules + - Enabled build time default user configuration + + -- Luigi Gangitano Fri, 31 Aug 2007 18:05:13 +0200 + +squid3 (3.0.PRE6-2) unstable; urgency=low + + * debian/control + - Make package binNMU safe (Closes: #432981) + + * debian/rules + - Enabled diskd (Closes: #434621) + - Removed --enable-diskio option (Closes: #435230) + + -- Luigi Gangitano Sun, 13 May 2007 19:13:03 +0200 + +squid3 (3.0.PRE6-1) unstable; urgency=low + + * New upstream release + - Removed patches integrated upsteam: + + 04-m68k-ftbfs + + * debian/rules + - Enable delay pools (Closes: #410785) + - Enable cache digests (Closes: #416631) + - Enable ICAP client + - Raised Max Filedescriptor limit to 65536 + + * debian/control + - Added real package dependency for httpd in squid3-cgi + + * debian/patches/02-makefile-defaults + - Fix default configuration file for cachemgr.cgi (Closes: #416630) + + * debian/squid3.postinst + - Fixed bashish in postinst (Closes: #411797) + + * debian/patches/05-helpers-typo + - Added upstream patch fixing compilation error in src/helpers.cc + + * debian/patches/06-mem-obj-reference + - Added upstream patch fixing a mem_obj reference in src/store.cc + + * debian/patches/07-close-icap-connections + - Added upstream patch fixing icap connection starvation + + * debian/squid3.rc + - Added LSB-compliant description to rc script + + -- Luigi Gangitano Sun, 13 May 2007 16:03:16 +0200 + +squid3 (3.0.PRE5-5) unstable; urgency=low + + * debian/control + - Revert dependency on libsasl2-2-dev to libsasl2-dev (Closes: #401292) + + -- Luigi Gangitano Thu, 30 Nov 2006 16:27:26 +0100 + +squid3 (3.0.PRE5-4) unstable; urgency=low + + * debian/{rules,squid3-client.install} + - Fix path for squid3client (Closes: #400893) + + -- Luigi Gangitano Thu, 30 Nov 2006 15:32:53 +0100 + +squid3 (3.0.PRE5-3) unstable; urgency=low + + * debian/rules + - Use the right patch for specific options on GNU/kFreeBSD (Closes: #397829) + + -- Luigi Gangitano Sat, 11 Nov 2006 10:32:06 +0100 + +squid3 (3.0.PRE5-2) unstable; urgency=low + + * debian/rules + - Added architecture specific configure options to fix + FTBFS on GNU/KFreeBSD (Closes: #397829) + + * debian/control + - Updated Build-Depend to libsasl2-2-dev + + -- Luigi Gangitano Sat, 11 Nov 2006 00:33:31 +0100 + +squid3 (3.0.PRE5-1) unstable; urgency=low + + * New upstream release + - Includes fix for FTBFS with GCC 4.2 (Closes: #379969) + - Removed upstream-integrated patches: + + 03-upstream-md5-byteswap + + * debian/patches/04-m68k-ftbfs.dpathc + - Added patch to fix FTBFS on m68k due to missing parenthesis + (Closes: #394220) + + * debian/control + - Added Build-Dep on libcppunit-dev + - Updated Build-Dep to libdb4.4-dev + + * debian/rules + - Added usage of already compiled libcppunit, reducing build time + + -- Luigi Gangitano Thu, 9 Nov 2006 15:42:43 +0100 + +squid3 (3.0.PRE4-5) unstable; urgency=low + + * debian/rules + - Fixed typo in configure options (--with-filedescriptors) + - Added missing transparent proxy options + + -- Luigi Gangitano Thu, 20 Jul 2006 15:03:07 +0200 + +squid3 (3.0.PRE4-4) unstable; urgency=low + + * debian/control + - Removed dependency on webmin-squid for squid-cgi + + * debian/rules + - Removed bashism (Closes: #377952) + + -- Luigi Gangitano Wed, 12 Jul 2006 15:56:01 +0200 + +squid3 (3.0.PRE4-3) unstable; urgency=low + + * debian/patches/03-upstream-md5-byteswap.dpatch + - Added upstream patch to fix FTBFS on BIGENDIAN architectures + (Closes: #377596) + + -- Luigi Gangitano Mon, 10 Jul 2006 18:06:06 +0200 + +squid3 (3.0.PRE4-2) unstable; urgency=low + + * debian/copyright + - Added text from CREDITS with copyright and licences for all the + components included in squid + + -- Luigi Gangitano Mon, 10 Jul 2006 00:46:10 +0200 + +squid3 (3.0.PRE4-1) unstable; urgency=low + + * New upstream release + + * debian/rules + - Revorked to build packages that can be installed side-by-side with + the squid 2.x packages. + + * debian/control + - Added dependency on dpatch + + -- Luigi Gangitano Mon, 3 Jul 2006 16:47:43 +0200 + + +squid3 (3.0.PRE3.20060422-2) unstable; urgency=low + + * debian/control + - Added missing Build-Depends on libsasl2-dev + + -- Luigi Gangitano Wed, 14 Jun 2006 15:31:34 +0200 + +squid3 (3.0.PRE3.20060422-1) unstable; urgency=low + + * First package attempt + + -- Luigi Gangitano Sat, 22 Apr 2006 01:19:36 +0200 --- squid3-3.1.6.orig/debian/squid3.postrm +++ squid3-3.1.6/debian/squid3.postrm @@ -0,0 +1,39 @@ +#! /bin/sh + +set -e + +case "$1" in + remove) + ;; + purge) + echo "Purging startup links..." + update-rc.d squid3 remove > /dev/null + rm -f /etc/init.d/squid3 + + echo "Purging logfiles..." + rm -rf /var/log/squid3 + + if [ -f /etc/squid3/squid.conf ]; then + echo "Removing the config-file .." + rm -f /etc/squid3/squid.conf + fi + + # + # We do not remove /var/spool/squid3 because that might + # take a lot of time. Most of the time it is on a seperate + # disk anyway and it is faster to do a mkfs on it.. + # + echo "Please, remove /var/spool/squid3 yourself." + ;; + failed-upgrade) + ;; + upgrade|abort-install|abort-upgrade|disappear) + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- squid3-3.1.6.orig/debian/squid3.logrotate +++ squid3-3.1.6/debian/squid3.logrotate @@ -0,0 +1,15 @@ +# +# Logrotate fragment for squid3. +# +/var/log/squid3/*.log { + daily + compress + delaycompress + rotate 2 + missingok + nocreate + sharedscripts + postrotate + test ! -e /var/run/squid3.pid || /usr/sbin/squid3 -k rotate + endscript +} --- squid3-3.1.6.orig/debian/squidclient.install +++ squid3-3.1.6/debian/squidclient.install @@ -0,0 +1,2 @@ +usr/bin/squidclient +usr/share/man/man1/squidclient.1 --- squid3-3.1.6.orig/debian/squid3.postinst +++ squid3-3.1.6/debian/squid3.postinst @@ -0,0 +1,84 @@ +#! /bin/sh + +set -e + +grepconf () { + w=" " # space tab + sq=/etc/squid3/squid.conf + # sed is cool. + res=`sed -ne ' + s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p; + t end; + d; + :end q' < $sq` + [ -n "$res" ] || res=$2 + echo "$res" +} + +grepconf2 () { + w=" " # space tab + sq=/etc/squid3/squid.conf + # sed is cool. + res=`sed -ne ' + s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p; + t end; + d; + :end q' < $sq` + [ -n "$res" ] || res=$2 + echo "$res" +} + +case "$1" in + configure) + # + # Chown the directories. + # + log_dir=/var/log/squid3 + cache_dir=`grepconf2 cache_dir /var/spool/squid3` + usr=`grepconf cache_effective_user proxy` + grp=`grepconf cache_effective_group proxy` + + if [ "$(stat -c %U $cache_dir)" != "$usr" ] || + [ "$(stat -c %G $cache_dir)" != "$grp" ] ; then + chown $usr:$grp $cache_dir -R + fi + + if [ "$(stat -c %U $log_dir)" != "$usr" ] || + [ "$(stat -c %G $log_dir)" != "$grp" ] ; then + if [ "$(dpkg-statoverride --list $log_dir)" = "" ] ; then + chown -R $usr:$grp $log_dir + fi + fi + + # + # Create spool dirs if they don't exist. + # + if [ -d "$cache_dir" -a ! -d "$cache_dir/00" ] + then + echo "Creating Squid HTTP proxy 3.x spool directory structure" + squid3 -z + fi + ;; + abort-upgrade|abort-remove|abort-deconfigure) + ;; + *) + # + # Unknown action - do nothing. + # + exit 0 + ;; +esac + +# +# Update links if needed and start squid3. +# +update-rc.d squid3 defaults 30 >/dev/null + +invoke-rc.d squid3 restart + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- squid3-3.1.6.orig/debian/squid-cgi.install +++ squid3-3.1.6/debian/squid-cgi.install @@ -0,0 +1,3 @@ +usr/lib/cgi-bin/cachemgr.cgi +usr/share/man/man8/cachemgr.cgi.8 +etc/squid/cachemgr.conf --- squid3-3.1.6.orig/debian/squid3.preinst +++ squid3-3.1.6/debian/squid3.preinst @@ -0,0 +1,35 @@ +#! /bin/sh + +set -e + +case "$1" in + upgrade|install-upgrade) + ;; + abort-upgrade) + exit 0 + ;; +esac +# +# Add the "proxy" user/group to /etc/passwd if needed. +# + +if ! grep -q "^proxy:" /etc/passwd +then + # + # Let's hope that this works; if /var/spool/squid3 is + # already present this fails :( + # + adduser --system --home /var/spool/squid3 --group proxy + # + # Change the shell so that cron jobs will work. + # (They run as root now, but you can never know). + # + chsh -s /bin/sh proxy +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- squid3-3.1.6.orig/debian/squid3-common.links +++ squid3-3.1.6/debian/squid3-common.links @@ -0,0 +1 @@ +/usr/share/squid-langpack /usr/share/squid3/errors --- squid3-3.1.6.orig/debian/README.Debian +++ squid3-3.1.6/debian/README.Debian @@ -0,0 +1,22 @@ + +This is the next-generation Squid. In version 3.x squid has been ported to C++ +for code manageability. Since squid 2.x is not developed anymore except for bug +fixing, this package is where new features will be added. + +Squid 3.1 supports IPv6, WCCPv2, ICAP, Edge Side Include, SSL offloading, etc. Please +note that not all of the new feature have been enabled in Debian package. + +Squid 3.1 is configured by the /etc/squid3/squid.conf file. Syntax of that +file is the same of previous versions of squid and each directive is largely +commented there. Configuration files from 2.x versions of squid will mostly +work in squid 3.1. Changes to the configuration file are reported in +/usr/share/doc/squid3-common/RELEASENOTES.html + +This package can be installed alongside a squid-2.x package, for testing and +migration purpose. Please note that the default http_port for both packages is +3128 and at least one has to be changed. + +The squid homepage is at http://www.squid-cache.org/ +Squid was downloaded from that site with HTTP. + + -- Luigi Gangitano , Mon, 21 Sep 2009 20:27:00 +0200 --- squid3-3.1.6.orig/debian/rules +++ squid3-3.1.6/debian/rules @@ -0,0 +1,82 @@ +#! /usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/dpatch.mk + +INSTALLDIR := $(CURDIR)/debian/tmp +datadir=/usr/share/squid3 + +DEB_DH_INSTALL_SOURCEDIR := $(INSTALLDIR) +DEB_INSTALL_DOCS_squid3-common := CONTRIBUTORS CREDITS QUICKSTART RELEASENOTES.html \ + SPONSORS + +DEB_CONFIGURE_EXTRA_FLAGS := --datadir=/usr/share/squid3 \ + --sysconfdir=/etc/squid3 \ + --mandir=/usr/share/man \ + --with-cppunit-basedir=/usr \ + --enable-inline \ + --enable-async-io=8 \ + --enable-storeio="ufs,aufs,diskd" \ + --enable-removal-policies="lru,heap" \ + --enable-delay-pools \ + --enable-cache-digests \ + --enable-underscores \ + --enable-icap-client \ + --enable-follow-x-forwarded-for \ + --enable-auth="basic,digest,ntlm,negotiate" \ + --enable-basic-auth-helpers="LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM" \ + --enable-ntlm-auth-helpers="smb_lm," \ + --enable-digest-auth-helpers="ldap,password" \ + --enable-negotiate-auth-helpers="squid_kerb_auth" \ + --enable-external-acl-helpers="ip_user,ldap_group,session,unix_group,wbinfo_group" \ + --enable-arp-acl \ + --enable-esi \ + --disable-translation \ + --with-logdir=/var/log/squid3 \ + --with-pidfile=/var/run/squid3.pid \ + --with-filedescriptors=65536 \ + --with-large-files \ + --with-default-user=proxy + +DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null) + +ifeq ($(DEB_HOST_ARCH_OS), kfreebsd) + DEB_CONFIGURE_EXTRA_FLAGS += --enable-kqueue +else + DEB_CONFIGURE_EXTRA_FLAGS += --enable-linux-netfilter +endif + +DEB_MAKE_CLEAN_TARGET = distclean + + +install/squid3:: + install -m 755 -g root -d $(INSTALLDIR)/usr/lib/cgi-bin + mv $(INSTALLDIR)/etc/squid3/squid.conf.documented $(INSTALLDIR)/etc/squid3/squid.conf + mv $(INSTALLDIR)/usr/lib/squid3/cachemgr.cgi $(INSTALLDIR)/usr/lib/cgi-bin/cachemgr.cgi + mv $(INSTALLDIR)/usr/sbin/squid $(INSTALLDIR)/usr/sbin/squid3 + mv $(INSTALLDIR)/usr/share/man/man8/squid.8 $(INSTALLDIR)/usr/share/man/man8/squid3.8 + mv $(INSTALLDIR)/usr/share/man/man8/pam_auth.8 $(INSTALLDIR)/usr/share/man/man8/squid3_pam_auth.8 + mv $(INSTALLDIR)/usr/share/man/man8/squid_ldap_auth.8 $(INSTALLDIR)/usr/share/man/man8/squid3_ldap_auth.8 + mv $(INSTALLDIR)/usr/share/man/man8/squid_ldap_group.8 $(INSTALLDIR)/usr/share/man/man8/squid3_ldap_group.8 + mv $(INSTALLDIR)/usr/share/man/man8/squid_session.8 $(INSTALLDIR)/usr/share/man/man8/squid3_session.8 + mv $(INSTALLDIR)/usr/share/man/man8/squid_unix_group.8 $(INSTALLDIR)/usr/share/man/man8/squid3_unix_group.8 + mv $(INSTALLDIR)/usr/share/man/man8/ncsa_auth.8 $(INSTALLDIR)/usr/share/man/man8/squid3_ncsa_auth.8 + mv $(INSTALLDIR)/usr/share/man/man8/squid_db_auth.8 $(INSTALLDIR)/usr/share/man/man8/squid3_db_auth.8 + mv $(INSTALLDIR)/usr/share/man/man8/squid_radius_auth.8 $(INSTALLDIR)/usr/share/man/man8/squid3_radius_auth.8 + install -m 755 -g root -d $(INSTALLDIR)/etc/init.d + install -m 755 -g root -d $(INSTALLDIR)/etc/logrotate.d + install -m 755 -g root -d $(INSTALLDIR)/etc/resolvconf + install -m 755 -g root -d $(INSTALLDIR)/etc/resolvconf/update-libc.d + install -m 755 -g root debian/squid3.rc $(INSTALLDIR)/etc/init.d/squid3 + install -m 755 -g root debian/squid3.resolvconf $(INSTALLDIR)/etc/resolvconf/update-libc.d/squid3 + install -m 644 -g root debian/squid3.logrotate $(INSTALLDIR)/etc/logrotate.d/squid3 + install -m 755 -g root -d debian/squid3/var/log + install -m 755 -g root -d debian/squid3/var/spool + install -m 755 -g root -d debian/squid3/var/run + install -m 750 -o proxy -g proxy -d debian/squid3/var/log/squid3 + install -m 750 -o proxy -g proxy -d debian/squid3/var/spool/squid3 + install -m 755 -g root -d $(INSTALLDIR)/usr/share/man/man1 + +clean:: + # nothing to do --- squid3-3.1.6.orig/debian/squid3.resolvconf +++ squid3-3.1.6/debian/squid3.resolvconf @@ -0,0 +1,6 @@ +#!/bin/sh + +PATH="/usr/sbin:/usr/bin:/sbin:/bin" + +# Make squid aware of changes to resolv.conf +invoke-rc.d squid3 reload || true --- squid3-3.1.6.orig/debian/squid3-cgi.dirs +++ squid3-3.1.6/debian/squid3-cgi.dirs @@ -0,0 +1 @@ +/etc/squid --- squid3-3.1.6.orig/debian/NEWS.debian +++ squid3-3.1.6/debian/NEWS.debian @@ -0,0 +1,11 @@ +squid3 (3.0.STABLE15-1) unstable; urgency=low + + Since version 3.0.STABLE15-1 error pages are not included in squid3-common + anymore, but are instead shipped in a separate package (squid-langpack). + + If the error_directory option in /etc/squid3/squid.conf was customized, it + should be checked against the new directory layout of squid-langpack; if + it is not set correctly, squid3 will refuse to start. + + -- Luigi Gangitano Mon, 6 Jul 2009 13:29:10 +0200 + --- squid3-3.1.6.orig/debian/compat +++ squid3-3.1.6/debian/compat @@ -0,0 +1 @@ +5 --- squid3-3.1.6.orig/debian/squid3.rc +++ squid3-3.1.6/debian/squid3.rc @@ -0,0 +1,147 @@ +#! /bin/sh +# +# squid3 Startup script for the SQUID HTTP proxy-cache. +# +# Version: @(#)squid3.rc 1.0 07-Jul-2006 luigi@debian.org +# +### BEGIN INIT INFO +# Provides: squid3 +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Should-Start: $named +# Should-Stop: $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Squid HTTP Proxy version 3.x +### END INIT INFO + +NAME=squid3 +DESC="Squid HTTP Proxy 3.x" +DAEMON=/usr/sbin/squid3 +PIDFILE=/var/run/$NAME.pid +CONFIG=/etc/squid3/squid.conf +SQUID_ARGS="-YC -f $CONFIG" + +[ ! -f /etc/default/squid3 ] || . /etc/default/squid3 + +. /lib/lsb/init-functions + +PATH=/bin:/usr/bin:/sbin:/usr/sbin + +[ -x $DAEMON ] || exit 0 + +ulimit -n 65535 + +find_cache_dir () { + w=" " # space tab + res=`sed -ne ' + s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p; + t end; + d; + :end q' < $CONFIG` + [ -n "$res" ] || res=$2 + echo "$res" +} + +find_cache_type () { + w=" " # space tab + res=`sed -ne ' + s/^'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p; + t end; + d; + :end q' < $CONFIG` + [ -n "$res" ] || res=$2 + echo "$res" +} + +start () { + cache_dir=`find_cache_dir cache_dir /var/spool/squid3` + cache_type=`find_cache_type cache_dir ufs` + + # + # Create spool dirs if they don't exist. + # + if [ "$cache_type" = "coss" -a -d "$cache_dir" -a ! -f "$cache_dir/stripe" ] || [ "$cache_type" != "coss" -a -d "$cache_dir" -a ! -d "$cache_dir/00" ] + then + log_warning_msg "Creating $DESC cache structure" + $DAEMON -z + fi + + umask 027 + ulimit -n 65535 + cd $cache_dir + start-stop-daemon --quiet --start \ + --pidfile $PIDFILE \ + --exec $DAEMON -- $SQUID_ARGS < /dev/null + return $? +} + +stop () { + PID=`cat $PIDFILE 2>/dev/null` + start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON + # + # Now we have to wait until squid has _really_ stopped. + # + sleep 2 + if test -n "$PID" && kill -0 $PID 2>/dev/null + then + log_action_begin_msg " Waiting" + cnt=0 + while kill -0 $PID 2>/dev/null + do + cnt=`expr $cnt + 1` + if [ $cnt -gt 24 ] + then + log_action_end_msg 1 + return 1 + fi + sleep 5 + log_action_cont_msg "" + done + log_action_end_msg 0 + return 0 + else + return 0 + fi +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + if start ; then + log_end_msg $? + else + log_end_msg $? + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if stop ; then + log_end_msg $? + else + log_end_msg $? + fi + ;; + reload|force-reload) + log_action_msg "Reloading $DESC configuration files" + start-stop-daemon --stop --signal 1 \ + --pidfile $PIDFILE --quiet --exec $DAEMON + log_action_end_msg 0 + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + stop + if start ; then + log_end_msg $? + else + log_end_msg $? + fi + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart}" + exit 3 + ;; +esac + +exit 0 + --- squid3-3.1.6.orig/debian/source/format +++ squid3-3.1.6/debian/source/format @@ -0,0 +1 @@ +1.0 --- squid3-3.1.6.orig/debian/patches/15-cachemgr-default-config.dpatch +++ squid3-3.1.6/debian/patches/15-cachemgr-default-config.dpatch @@ -0,0 +1,47 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 15-cachemgr-default-config.dpatch by Luigi Gangitano +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix path for cachemgr.cgi default configuration file + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' squid3~/tools/Makefile.am squid3/tools/Makefile.am +--- squid3~/tools/Makefile.am 2010-04-01 02:40:45.000000000 +0200 ++++ squid3/tools/Makefile.am 2010-04-12 15:03:47.000000000 +0200 +@@ -23,7 +23,7 @@ + man_MANS = \ + squidclient.1 + +-DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf ++DEFAULT_CACHEMGR_CONFIG = /etc/squid/cachemgr.conf + + squidclient_SOURCES = squidclient.cc + cachemgr__CGIEXT__SOURCES = cachemgr.cc +@@ -42,6 +42,7 @@ + $(OBJS): $(top_srcdir)/include/version.h ../include/autoconf.h + + install-data-local: ++ test -z "/etc/squid" || $(MKDIR_P) "$(DESTDIR)/etc/squid" + $(INSTALL_DATA) $(srcdir)/cachemgr.conf $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG).default + @if test -f $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG) ; then \ + echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG)" ; \ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' squid3~/tools/Makefile.in squid3/tools/Makefile.in +--- squid3~/tools/Makefile.in 2010-04-01 02:40:45.000000000 +0200 ++++ squid3/tools/Makefile.in 2010-04-12 15:04:32.000000000 +0200 +@@ -291,7 +291,7 @@ + man_MANS = \ + squidclient.1 + +-DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf ++DEFAULT_CACHEMGR_CONFIG = /etc/squid/cachemgr.conf + squidclient_SOURCES = squidclient.cc + cachemgr__CGIEXT__SOURCES = cachemgr.cc + cachemgr__CGIEXT__CXXFLAGS = -DDEFAULT_CACHEMGR_CONFIG=\"$(DEFAULT_CACHEMGR_CONFIG)\" $(AM_CXXFLAGS) +@@ -879,6 +879,7 @@ + $(OBJS): $(top_srcdir)/include/version.h ../include/autoconf.h + + install-data-local: ++ test -z "/etc/squid" || $(MKDIR_P) "$(DESTDIR)/etc/squid" + $(INSTALL_DATA) $(srcdir)/cachemgr.conf $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG).default + @if test -f $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG) ; then \ + echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG)" ; \ --- squid3-3.1.6.orig/debian/patches/00list +++ squid3-3.1.6/debian/patches/00list @@ -0,0 +1,8 @@ +01-cf.data.debian +02-makefile-defaults +15-cachemgr-default-config +16-CVE-2010-3072 +17-CVE-2010-2951 +18-CVE-2011-3205 +CVE-2011-4096 +CVE-2012-5643-CVE-2013-0189 --- squid3-3.1.6.orig/debian/patches/CVE-2011-4096.dpatch +++ squid3-3.1.6/debian/patches/CVE-2011-4096.dpatch @@ -0,0 +1,48 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## CVE-2011-4096 +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: http://bazaar.launchpad.net/~squid/squid/3.1/revision/10111 +## DP: http://bazaar.launchpad.net/~squid/squid/3.1/revision/10384 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' git~/lib/rfc1035.c git/lib/rfc1035.c +--- git~/lib/rfc1035.c 2012-01-05 21:10:50.000000000 +0100 ++++ git/lib/rfc1035.c 2012-01-05 21:16:48.660680927 +0100 +@@ -479,11 +479,11 @@ + void + rfc1035RRDestroy(rfc1035_rr ** rr, int n) + { +- if (*rr == NULL || n < 1) { ++ if (*rr == NULL) { + return; + } + +- while (n--) { ++ while (n-- > 0) { + if ((*rr)[n].rdata) + xfree((*rr)[n].rdata); + } +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' git~/src/dns_internal.cc git/src/dns_internal.cc +--- git~/src/dns_internal.cc 2012-01-05 21:10:51.000000000 +0100 ++++ git/src/dns_internal.cc 2012-01-05 21:34:19.156686126 +0100 +@@ -1096,15 +1096,17 @@ + /* free the RR object without freeing its child strings (they are now taken by the copy above) */ + safe_free(message->answer); + +- message->answer = result; + n += q->initial_AAAA.count; +- q->initial_AAAA.count=0; ++ q->initial_AAAA.count = 0; ++ message->answer = result; ++ message->ancount = n; + } else if (q->initial_AAAA.count > 0 && n <= 0) { + /* initial of dual queries was the only result set. */ + debugs(78, 6, HERE << "Merging DNS results " << q->name << " AAAA has " << q->initial_AAAA.count << " RR, A has " << n << " RR"); + rfc1035RRDestroy(&(message->answer), n); + message->answer = q->initial_AAAA.answers; + n = q->initial_AAAA.count; ++ message->ancount = n; + } + /* else initial results were empty. just use the final set as authoritative */ + --- squid3-3.1.6.orig/debian/patches/18-CVE-2011-3205.dpatch +++ squid3-3.1.6/debian/patches/18-CVE-2011-3205.dpatch @@ -0,0 +1,131 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 18-CVE-2011-3205.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' squid3-3.1.6~/src/gopher.cc squid3-3.1.6/src/gopher.cc +--- squid3-3.1.6~/src/gopher.cc 2010-08-01 14:01:39.000000000 +0000 ++++ squid3-3.1.6/src/gopher.cc 2011-09-10 13:08:36.000000000 +0000 +@@ -425,7 +425,6 @@ + return; + } + +- inbuf[len] = '\0'; + String outbuf; + + if (!gopherState->HTML_header_added) { +@@ -441,75 +440,48 @@ + gopherState->HTML_pre = 1; + } + +- while ((pos != NULL) && (pos < inbuf + len)) { +- ++ while (pos < inbuf + len) { ++ int llen; ++ int left = len - (pos - inbuf); ++ lpos = (char *)memchr(pos, '\n', left); ++ if (lpos) { ++ lpos++; /* Next line is after \n */ ++ llen = lpos - pos; ++ } else { ++ llen = left; ++ } ++ if (gopherState->len + llen >= TEMP_BUF_SIZE) { ++ debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); ++ llen = TEMP_BUF_SIZE - gopherState->len - 1; ++ } ++ if (!lpos) { ++ /* there is no complete line in inbuf */ ++ /* copy it to temp buffer */ ++ /* note: llen is adjusted above */ ++ xmemcpy(gopherState->buf + gopherState->len, pos, llen); ++ gopherState->len += llen; ++ break; ++ } ++ if (!lpos) { ++ /* there is no complete line in inbuf */ ++ /* copy it to temp buffer */ ++ /* note: llen is adjusted above */ ++ xmemcpy(gopherState->buf + gopherState->len, pos, llen); ++ gopherState->len += llen; ++ break; ++ } + if (gopherState->len != 0) { + /* there is something left from last tx. */ +- xstrncpy(line, gopherState->buf, gopherState->len + 1); +- +- if (gopherState->len + len > TEMP_BUF_SIZE) { +- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); +- len = TEMP_BUF_SIZE - gopherState->len; +- } +- +- lpos = (char *) memccpy(line + gopherState->len, inbuf, '\n', len); +- +- if (lpos) +- *lpos = '\0'; +- else { +- /* there is no complete line in inbuf */ +- /* copy it to temp buffer */ +- +- if (gopherState->len + len > TEMP_BUF_SIZE) { +- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); +- len = TEMP_BUF_SIZE - gopherState->len; +- } +- +- xmemcpy(gopherState->buf + gopherState->len, inbuf, len); +- gopherState->len += len; +- return; +- } +- +- /* skip one line */ +- pos = (char *) memchr(pos, '\n', len); +- +- if (pos) +- pos++; +- +- /* we're done with the remain from last tx. */ ++ xmemcpy(line, gopherState->buf, gopherState->len); ++ xmemcpy(line + gopherState->len, pos, llen); ++ llen += gopherState->len; + gopherState->len = 0; +- +- *(gopherState->buf) = '\0'; + } else { +- +- lpos = (char *) memccpy(line, pos, '\n', len - (pos - inbuf)); +- +- if (lpos) +- *lpos = '\0'; +- else { +- /* there is no complete line in inbuf */ +- /* copy it to temp buffer */ +- +- if ((len - (pos - inbuf)) > TEMP_BUF_SIZE) { +- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); +- len = TEMP_BUF_SIZE; +- } +- +- if (len > (pos - inbuf)) { +- xmemcpy(gopherState->buf, pos, len - (pos - inbuf)); +- gopherState->len = len - (pos - inbuf); +- } +- +- break; +- } +- +- /* skip one line */ +- pos = (char *) memchr(pos, '\n', len); +- +- if (pos) +- pos++; +- ++ xmemcpy(line, pos, llen); + } ++ line[llen + 1] = '\0'; ++ /* move input to next line */ ++ pos = lpos; + + /* at this point. We should have one line in buffer to process */ + --- squid3-3.1.6.orig/debian/patches/CVE-2012-5643-CVE-2013-0189.dpatch +++ squid3-3.1.6/debian/patches/CVE-2012-5643-CVE-2013-0189.dpatch @@ -0,0 +1,203 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## CVE-2012-5643-CVE-2013-0189.patch.dpatch by Salvatore Bonaccorso +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Description: cachemgr.cgi: Memory Leaks and DoS Vulnerability +## DP: * Ignore invalid Content-Length headers. +## DP: * Limit received POST requests to 4KB and discard the rest. +## DP: * Authentication credentials parser also leaks badly. +## DP: Author: Amos Jeffries +## DP: Patch unstable prepared by Michael Stapelberg +## DP: Add additional fixes by http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10486.patch + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' squid3~/tools/cachemgr.cc squid3/tools/cachemgr.cc +--- squid3~/tools/cachemgr.cc 2013-02-23 14:03:42.000000000 +0100 ++++ squid3/tools/cachemgr.cc 2013-02-23 14:04:27.908347122 +0100 +@@ -586,12 +586,15 @@ + if ((p = strchr(x, '\n'))) + *p = '\0'; + action = xstrtok(&x, '\t'); ++ if (!action) { ++ xfree(buf); ++ return ""; ++ } + description = xstrtok(&x, '\t'); + if (!description) + description = action; +- if (!action) +- return ""; + snprintf(html, sizeof(html), " %s", menu_url(req, action), description); ++ xfree(buf); + return html; + } + +@@ -820,7 +823,7 @@ + } + + if (!check_target_acl(req->hostname, req->port)) { +- snprintf(buf, 1024, "target %s:%d not allowed in cachemgr.conf\n", req->hostname, req->port); ++ snprintf(buf, sizeof(buf), "target %s:%d not allowed in cachemgr.conf\n", req->hostname, req->port); + error_html(buf); + return 1; + } +@@ -832,7 +835,7 @@ + } else if ((S = req->hostname)) + (void) 0; + else { +- snprintf(buf, 1024, "Unknown host: %s\n", req->hostname); ++ snprintf(buf, sizeof(buf), "Unknown host: %s\n", req->hostname); + error_html(buf); + return 1; + } +@@ -846,17 +849,19 @@ + #else + if ((s = socket(PF_INET, SOCK_STREAM, 0)) < 0) { + #endif +- snprintf(buf, 1024, "socket: %s\n", xstrerror()); ++ snprintf(buf, sizeof(buf), "socket: %s\n", xstrerror()); + error_html(buf); ++ S.FreeAddrInfo(AI); + return 1; + } + + if (connect(s, AI->ai_addr, AI->ai_addrlen) < 0) { +- snprintf(buf, 1024, "connect %s: %s\n", ++ snprintf(buf, sizeof(buf), "connect %s: %s\n", + S.ToURL(ipbuf,MAX_IPSTRLEN), + xstrerror()); + error_html(buf); + S.FreeAddrInfo(AI); ++ close(s); + return 1; + } + +@@ -915,8 +920,6 @@ + read_post_request(void) + { + char *s; +- char *buf; +- int len; + + if ((s = getenv("REQUEST_METHOD")) == NULL) + return NULL; +@@ -927,15 +930,34 @@ + if ((s = getenv("CONTENT_LENGTH")) == NULL) + return NULL; + +- if ((len = atoi(s)) <= 0) ++ if (*s == '-') // negative length content huh? + return NULL; + +- buf = (char *)xmalloc(len + 1); ++ uint64_t len; + +- if (fread(buf, len, 1, stdin) == 0) ++ char *endptr = s+ strlen(s); ++ if ((len = strtoll(s, &endptr, 10)) <= 0) + return NULL; + +- buf[len] = '\0'; ++ // limit the input to something reasonable. ++ // 4KB should be enough for the GET/POST data length, but may be extended. ++ size_t bufLen = (len < 4096 ? len : 4095); ++ char *buf = (char *)xmalloc(bufLen + 1); ++ ++ size_t readLen = fread(buf, 1, bufLen, stdin); ++ if (readLen == 0) { ++ xfree(buf); ++ return NULL; ++ } ++ buf[readLen] = '\0'; ++ len -= readLen; ++ ++ // purge the remainder of the request entity ++ while (len > 0 && readLen) { ++ char temp[65535]; ++ readLen = fread(temp, 1, 65535, stdin); ++ len -= readLen; ++ } + + return buf; + } +@@ -1075,37 +1097,49 @@ + debug(3) fprintf(stderr, "cmgr: length ok\n"); + + /* parse ( a lot of memory leaks, but that is cachemgr style :) */ +- if ((host_name = strtok(buf, "|")) == NULL) ++ if ((host_name = strtok(buf, "|")) == NULL) { ++ xfree(buf); + return; ++ } + + debug(3) fprintf(stderr, "cmgr: decoded host: '%s'\n", host_name); + +- if ((time_str = strtok(NULL, "|")) == NULL) ++ if ((time_str = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + + debug(3) fprintf(stderr, "cmgr: decoded time: '%s' (now: %d)\n", time_str, (int) now); + +- if ((user_name = strtok(NULL, "|")) == NULL) ++ if ((user_name = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + + debug(3) fprintf(stderr, "cmgr: decoded uname: '%s'\n", user_name); + +- if ((passwd = strtok(NULL, "|")) == NULL) ++ if ((passwd = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + + debug(2) fprintf(stderr, "cmgr: decoded passwd: '%s'\n", passwd); + + /* verify freshness and validity */ +- if (atoi(time_str) + passwd_ttl < now) ++ if (atoi(time_str) + passwd_ttl < now) { ++ xfree(buf); + return; ++ } + +- if (strcasecmp(host_name, req->hostname)) ++ if (strcasecmp(host_name, req->hostname)) { ++ xfree(buf); + return; ++ } + + debug(1) fprintf(stderr, "cmgr: verified auth. info.\n"); + + /* ok, accept */ +- xfree(req->user_name); ++ safe_free(req->user_name); + + req->user_name = xstrdup(user_name); + +@@ -1126,7 +1160,6 @@ + { + static char buf[1024]; + size_t stringLength = 0; +- const char *str64; + + if (!req->passwd) + return ""; +@@ -1135,13 +1168,11 @@ + req->user_name ? req->user_name : "", + req->passwd); + +- str64 = base64_encode(buf); +- +- stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64); ++ stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf)); + + assert(stringLength < sizeof(buf)); + +- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64); ++ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf)); + + return buf; + } --- squid3-3.1.6.orig/debian/patches/02-makefile-defaults.dpatch +++ squid3-3.1.6/debian/patches/02-makefile-defaults.dpatch @@ -0,0 +1,28 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02-makefile-defaults.dpatch by Luigi Gangitano +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Change default file locations for debian + +@DPATCH@ +diff -urNad experimental~/src/Makefile.in experimental/src/Makefile.in +--- experimental~/src/Makefile.in 2009-09-21 00:48:46.000000000 +0200 ++++ experimental/src/Makefile.in 2009-09-21 01:09:11.000000000 +0200 +@@ -1912,7 +1912,7 @@ + DEFAULT_PREFIX = $(prefix) + DEFAULT_CONFIG_DIR = $(sysconfdir) + DEFAULT_CONFIG_FILE = $(DEFAULT_CONFIG_DIR)/squid.conf +-DEFAULT_MIME_TABLE = $(DEFAULT_CONFIG_DIR)/mime.conf ++DEFAULT_MIME_TABLE = $(datadir)/mime.conf + DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_LOG_PREFIX = @DEFAULT_LOG_DIR@ + DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log +@@ -1920,7 +1920,7 @@ + DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log + DEFAULT_PID_FILE = @DEFAULT_PIDFILE@ + DEFAULT_NETDB_FILE = $(DEFAULT_LOG_PREFIX)/netdb.state +-DEFAULT_SWAP_DIR = $(localstatedir)/cache ++DEFAULT_SWAP_DIR = $(localstatedir)/spool/squid3 + DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` + DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` --- squid3-3.1.6.orig/debian/patches/01-cf.data.debian.dpatch +++ squid3-3.1.6/debian/patches/01-cf.data.debian.dpatch @@ -0,0 +1,100 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01-cf.data.debian.dpatch by Luigi Gangitano +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Default configuration file for debian + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' squid3~/src/cf.data.pre squid3/src/cf.data.pre +--- squid3~/src/cf.data.pre 2010-08-09 00:54:08.000000000 +0200 ++++ squid3/src/cf.data.pre 2010-08-09 01:11:28.000000000 +0200 +@@ -122,7 +122,7 @@ + If you want to use the traditional NCSA proxy authentication, set + this line to something like + +- auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth @DEFAULT_PREFIX@/etc/passwd ++ auth_param basic program @DEFAULT_PREFIX@/lib/squid3/ncsa_auth @DEFAULT_PREFIX@/etc/passwd + + "utf8" on|off + HTTP uses iso-latin-1 as characterset, while some authentication +@@ -190,7 +190,7 @@ + If you want to use a digest authenticator, set this line to + something like + +- auth_param digest program @DEFAULT_PREFIX@/bin/digest_pw_auth @DEFAULT_PREFIX@/etc/digpass ++ auth_param digest program @DEFAULT_PREFIX@/lib/squid3/digest_pw_auth @DEFAULT_PREFIX@/etc/digpass + + "utf8" on|off + HTTP uses iso-latin-1 as characterset, while some authentication +@@ -252,7 +252,7 @@ + of type proxy_auth. By default, the NTLM authenticator_program + is not used. + +- auth_param ntlm program @DEFAULT_PREFIX@/bin/ntlm_auth ++ auth_param ntlm program @DEFAULT_PREFIX@/lib/squid3/ntlm_auth + + "children" numberofchildren + The number of authenticator processes to spawn (no default). +@@ -287,7 +287,7 @@ + The only supported program for this role is the ntlm_auth + program distributed as part of Samba, version 4 or later. + +- auth_param negotiate program @DEFAULT_PREFIX@/bin/ntlm_auth --helper-protocol=gss-spnego ++ auth_param negotiate program @DEFAULT_PREFIX@/lib/squid3/ntlm_auth --helper-protocol=gss-spnego + + "children" numberofchildren + The number of authenticator processes to spawn (no default). +@@ -699,11 +699,11 @@ + # Example rule allowing access from your local networks. + # Adapt to list your (internal) IP networks from where browsing + # should be allowed +-acl localnet src 10.0.0.0/8 # RFC1918 possible internal network +-acl localnet src 172.16.0.0/12 # RFC1918 possible internal network +-acl localnet src 192.168.0.0/16 # RFC1918 possible internal network +-acl localnet src fc00::/7 # RFC 4193 local private network range +-acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines ++#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network ++#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network ++#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network ++#acl localnet src fc00::/7 # RFC 4193 local private network range ++#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines + + acl SSL_ports port 443 + acl Safe_ports port 80 # http +@@ -861,7 +861,7 @@ + # Example rule allowing access from your local networks. + # Adapt localnet in the ACL section to list your (internal) IP networks + # from where browsing should be allowed +-http_access allow localnet ++#http_access allow localnet + http_access allow localhost + + # And finally deny all other access to this proxy +@@ -2718,7 +2718,7 @@ + + NAME: logfile_rotate + TYPE: int +-DEFAULT: 10 ++DEFAULT: 0 + LOC: Config.Log.rotateNumber + DOC_START + Specifies the number of logfile rotations to make when you +@@ -2737,6 +2737,9 @@ + + Note, from Squid-3.1 this option has no effect on the cache.log, + that log can be rotated separately by using debug_options ++ ++ Note2, for Debian/Linux the default of logfile_rotate is ++ zero, since it includes external logfile-rotation methods. + DOC_END + + NAME: emulate_httpd_log +@@ -4110,7 +4113,7 @@ + NAME: visible_hostname + TYPE: string + LOC: Config.visibleHostname +-DEFAULT: none ++DEFAULT: localhost + DOC_START + If you want to present a special hostname in error messages, etc, + define this. Otherwise, the return value of gethostname() --- squid3-3.1.6.orig/debian/patches/17-CVE-2010-2951.dpatch +++ squid3-3.1.6/debian/patches/17-CVE-2010-2951.dpatch @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 17-CVE-2010-2951.dpatch by Stephen Thorne +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Bug 3021: Large DNS reply causes crash when no ipv6 resolver present + +@DPATCH@ + +--- a/src/dns_internal.cc ++++ b/src/dns_internal.cc +@@ -843,14 +843,16 @@ + + } while ( (x<0 && y<0) && q->nsends % nns != 0); + +- if (y >= 0) { +- fd_bytes(DnsSocketB, y, FD_WRITE); +- commSetSelect(DnsSocketB, COMM_SELECT_READ, idnsRead, NULL, 0); +- } ++ if (!q->need_vc) { ++ if (y >= 0) { ++ fd_bytes(DnsSocketB, y, FD_WRITE); ++ commSetSelect(DnsSocketB, COMM_SELECT_READ, idnsRead, NULL, 0); ++ } + +- if (x >= 0) { +- fd_bytes(DnsSocketA, x, FD_WRITE); +- commSetSelect(DnsSocketA, COMM_SELECT_READ, idnsRead, NULL, 0); ++ if (x >= 0) { ++ fd_bytes(DnsSocketA, x, FD_WRITE); ++ commSetSelect(DnsSocketA, COMM_SELECT_READ, idnsRead, NULL, 0); ++ } + } + + nameservers[ns].nqueries++; --- squid3-3.1.6.orig/debian/patches/16-CVE-2010-3072.dpatch +++ squid3-3.1.6/debian/patches/16-CVE-2010-3072.dpatch @@ -0,0 +1,123 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +--- ../old/squid3-3.1.6/src/SquidString.h 2010-08-02 00:01:39.000000000 +1000 ++++ squid3-3.1.6/src/SquidString.h 2010-09-13 17:00:17.000000000 +1000 +@@ -167,6 +167,8 @@ + void allocBuffer(size_type sz); + void setBuffer(char *buf, size_type sz); + ++ _SQUID_INLINE_ bool nilCmp(bool, bool, int &) const; ++ + /* never reference these directly! */ + size_type size_; /* buffer size; 64K limit */ + +--- ../old/squid3-3.1.6/src/String.cci 2010-08-02 00:01:37.000000000 +1000 ++++ squid3-3.1.6/src/String.cci 2010-09-13 17:05:43.000000000 +1000 +@@ -88,19 +88,31 @@ + } + + +-int +-String::cmp (char const *aString) const ++/// compare NULL and empty strings because str*cmp() may fail on NULL strings ++/// and because we need to return consistent results for strncmp(count == 0). ++bool ++String::nilCmp(const bool thisIsNilOrEmpty, const bool otherIsNilOrEmpty, int &result) const + { +- /* strcmp fails on NULLS */ ++ if (!thisIsNilOrEmpty && !otherIsNilOrEmpty) ++ return false; // result does not matter + +- if (size() == 0 && (aString == NULL || aString[0] == '\0')) +- return 0; ++ if (thisIsNilOrEmpty && otherIsNilOrEmpty) ++ result = 0; ++ else if (thisIsNilOrEmpty) ++ result = -1; ++ else // otherIsNilOrEmpty ++ result = +1; ++ ++ return true; ++} + +- if (size() == 0) +- return -1; + +- if (aString == NULL || aString[0] == '\0') +- return 1; ++int ++String::cmp (char const *aString) const ++{ ++ int result = 0; ++ if (nilCmp(!size(), (!aString || !*aString), result)) ++ return result; + + return strcmp(termedBuf(), aString); + } +@@ -108,19 +120,10 @@ + int + String::cmp (char const *aString, String::size_type count) const + { +- /* always the same at length 0 */ +- +- if (count == 0) +- return 0; ++ int result = 0; ++ if (nilCmp((!size() || !count), (!aString || !*aString || !count), result)) ++ return result; + +- if (size() == 0 && (aString == NULL || aString[0] == '\0')) +- return 0; +- +- if (size() == 0) +- return -1; +- +- if (aString == NULL || aString[0] == '\0') +- return 1; + + return strncmp(termedBuf(), aString, count); + } +@@ -128,16 +131,10 @@ + int + String::cmp (String const &aString) const + { +- /* strcmp fails on NULLS */ +- +- if (size() == 0 && aString.size() == 0) +- return 0; +- +- if (size() == 0) +- return -1; ++ int result = 0; ++ if (nilCmp(!size(), !aString.size(), result)) ++ return result; + +- if (aString.size() == 0) +- return 1; + + return strcmp(termedBuf(), aString.termedBuf()); + } +@@ -145,12 +142,22 @@ + int + String::caseCmp(char const *aString) const + { ++ int result = 0; ++ if (nilCmp(!size(), (!aString || !*aString), result)) ++ return result; ++ ++ + return strcasecmp(termedBuf(), aString); + } + + int + String::caseCmp(char const *aString, String::size_type count) const + { ++ int result = 0; ++ if (nilCmp((!size() || !count), (!aString || !*aString || !count), result)) ++ return result; ++ ++ + return strncasecmp(termedBuf(), aString, count); + } +