Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1021482

Bug#965012: new test with debug_options ALL,9

From Markus Koschany <apo@debian.org>
Newsgroups linux.debian.bugs.dist
Subject Bug#965012: new test with debug_options ALL,9
Date 2020-08-13 18:20 +0200
Message-ID <ADo7n-7jz-3@gated-at.bofh.it> (permalink)
References (1 earlier) <AA4RA-lt-23@gated-at.bofh.it> <AA4RA-lt-21@gated-at.bofh.it> <ADo7o-7jz-5@gated-at.bofh.it> <AsrV0-4UY-7@gated-at.bofh.it> <ADo7o-7jz-5@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Hello Andreas,

Am 07.08.20 um 10:40 schrieb Andreas Schulz:
[...]
> now everything compiles but I still have ICAP-errors. Just to be sure
> that I did everything correctly:
> 
> - apt source squid3
> - quilt pop -a
> - replaced the package patch with yours
> - quilt push -a
> - built packages and installed them


You did nothing wrong but you could add a new changelog entry with a new
version number and then run dpkg-source -b to create a new source
package. After that you can easily compare the old source package with
the new one by running
	
	debdiff old.dsc new.dsc > my.debdiff

which highlights all the changes and also ensures the patch got applied
correctly.

In short, I have corrected the remaining error and I will upload a new
version today. The new package should be available on all mirrors within
24 hours.

For future reference:

The icap exception is triggered by two asserts (Must macros in squid
terminology) the one in src/adaptation/icap/OptXact.cc line 70 and
src/adaptation/icap/ModXact.cc line 1473. In order to fix CVE-2019-12523
the idea also was to better check for supported protocols. However the
urlParse function in 3.x and the corresponding AnyP::Uri::parse function
in 4.x are declared differently. While urlParse is of type HttpRequest,
AnyP::Uri::parse is of type boolean. The latter function simply returns
false if an invalid scheme is found but for the older urlParse function
NULL has to be returned. Since icap is not listed in urlParseProtocol
PROTO_NONE is returned which in turn triggers NULL. The corresponding
FindProtocolType function in 4.x would return PROTO_UNKNOWN instead and
only PROTO_NONE when the scheme is empty. I don't know why icap and ecap
are not explicitly defined as known protocols in 3.x and 4.x. In order
to keep the changes minimal I have simply added icap, icaps, ecap and
ecaps as known protocols now. Thanks to Nico Rogowski for pointing me in
the right direction.

The new update will also include an improved patch for CVE-2019-12529.


Regards,

Markus

Back to linux.debian.bugs.dist | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 Andreas Schulz <andreas.schulz@tds.fujitsu.com> - 2020-07-14 14:10 +0200
  Bug#965012: add. information Andreas Schulz <andreas.schulz@tds.fujitsu.com> - 2020-07-14 14:30 +0200
  Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 Markus Koschany <apo@debian.org> - 2020-07-27 00:20 +0200
    Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327] SerNet Support Kevin Ivory <support@SerNet.de> - 2020-08-03 17:10 +0200
  Bug#965012: new test with debug_options ALL,9 Markus Koschany <apo@debian.org> - 2020-08-04 15:10 +0200
  Bug#965012: new test with debug_options ALL,9 Markus Koschany <apo@debian.org> - 2020-08-13 18:20 +0200
  Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327] SerNet Support Kevin Ivory <support@SerNet.de> - 2020-08-18 13:40 +0200
    Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327] Markus Koschany <apo@debian.org> - 2020-08-18 21:50 +0200
      Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327] SerNet Support Kevin Ivory <support@SerNet.de> - 2020-08-28 12:00 +0200
        Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327] Markus Koschany <apo@debian.org> - 2020-08-28 15:10 +0200
          Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327] SerNet Support Oliver Seufer <support@SerNet.de> - 2020-09-04 10:10 +0200
            Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327] Markus Koschany <apo@debian.org> - 2020-09-04 15:20 +0200
              Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327] SerNet Support Kevin Ivory <support@SerNet.de> - 2020-09-25 11:30 +0200
  Bug#965012: new test with debug_options ALL,9 <j.stribrsky@email.cz> - 2020-09-02 11:40 +0200

csiph-web