Hello community,
here is the log from the commit of package squid
checked in at Mon Oct 6 17:11:37 CEST 2008.
--------
--- squid/squid.changes 2008-09-25 16:58:05.000000000 +0200
+++ /mounts/work_src_done/STABLE/squid/squid.changes 2008-10-02 14:21:40.871768000 +0200
@@ -1,0 +2,5 @@
+Thu Oct 2 14:21:07 CEST 2008 - kssingvo@suse.de
+
+- bugfix if user is in many kerberos groups (12380.patch)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
12380.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid.spec ++++++
--- /var/tmp/diff_new_pack.pO8212/_old 2008-10-06 17:10:27.000000000 +0200
+++ /var/tmp/diff_new_pack.pO8212/_new 2008-10-06 17:10:27.000000000 +0200
@@ -26,7 +26,7 @@
%endif
Summary: Squid WWW proxy server
Version: 2.7.STABLE4
-Release: 15
+Release: 16
License: GPL v2 or later
Url: http://www.squid-cache.org
Group: Productivity/Networking/Web/Proxy
@@ -58,7 +58,7 @@
Patch3: http://www.squid-cache.org/Versions/v2/2.7/changesets/12376.patch
Patch4: http://www.squid-cache.org/Versions/v2/2.7/changesets/12377.patch
Patch5: http://www.squid-cache.org/Versions/v2/2.7/changesets/12378.patch
-# Patch6: http://www.squid-cache.org/Versions/v2/2.7/changesets/
+Patch6: http://www.squid-cache.org/Versions/v2/2.7/changesets/12380.patch
# Patch7: http://www.squid-cache.org/Versions/v2/2.7/changesets/
# Patch8: http://www.squid-cache.org/Versions/v2/2.7/changesets/
# Patch9: http://www.squid-cache.org/Versions/v2/2.7/changesets/
@@ -143,7 +143,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
-# %patch6 -p1
+%patch6 -p1
# %patch7 -p1
# %patch8 -p1
# %patch9 -p1
@@ -397,6 +397,8 @@
%doc README.ip_user
%changelog
+* Thu Oct 02 2008 kssingvo@suse.de
+- bugfix if user is in many kerberos groups (12380.patch)
* Thu Sep 25 2008 kssingvo@suse.de
- added a few official patches:
* HTTP/0.9: making it possible to disable upgrade of HTTP/0.9
++++++ 12380.patch ++++++
---------------------
PatchSet 12380
Date: 2008/09/28 22:44:36
Author: hno
Branch: SQUID_2_7
Tag: (none)
Log:
Author: Markus Moeller
Bug #2426: Increase negotiate auth token buffer size
The kerberos token can be very large if the user is member of very many
groups. This increases the buffer size to 32KB.
Members:
helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c:1.3.4.1->1.3.4.2
src/auth/negotiate/auth_negotiate.c:1.12->1.12.2.1
Index: squid/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c
===================================================================
RCS file: /cvsroot/squid/squid/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c,v
retrieving revision 1.3.4.1
retrieving revision 1.3.4.2
diff -u -r1.3.4.1 -r1.3.4.2
--- squid/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 24 Feb 2008 19:18:53 -0000 1.3.4.1
+++ squid/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 28 Sep 2008 22:44:36 -0000 1.3.4.2
@@ -43,6 +43,9 @@
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN HOST_NAME_MAX
#endif
+#ifndef MAX_AUTHTOKEN_LEN
+#define MAX_AUTHTOKEN_LEN 65535
+#endif
#define PROGRAM "squid_kerb_auth"
@@ -173,10 +176,9 @@
}
-
int main(int argc, char * const argv[])
{
- char buf[6400];
+ char buf[MAX_AUTHTOKEN_LEN];
char *c;
int length=0;
static int err=0;
Index: squid/src/auth/negotiate/auth_negotiate.c
===================================================================
RCS file: /cvsroot/squid/squid/src/auth/negotiate/auth_negotiate.c,v
retrieving revision 1.12
retrieving revision 1.12.2.1
diff -u -r1.12 -r1.12.2.1
--- squid/src/auth/negotiate/auth_negotiate.c 28 Aug 2007 22:39:10 -0000 1.12
+++ squid/src/auth/negotiate/auth_negotiate.c 28 Sep 2008 22:44:36 -0000 1.12.2.1
@@ -1,6 +1,6 @@
/*
- * $Id: auth_negotiate.c,v 1.12 2007/08/28 22:39:10 hno Exp $
+ * $Id: auth_negotiate.c,v 1.12.2.1 2008/09/28 22:44:36 hno Exp $
*
* DEBUG: section 29 Negotiate Authenticator
* AUTHOR: Robert Collins
@@ -41,6 +41,9 @@
#include "squid.h"
#include "auth_negotiate.h"
+// Maximum length (buffer size) for token strings.
+#define MAX_AUTHTOKEN_LEN 32768
+
extern AUTHSSETUP authSchemeSetup_negotiate;
static void
@@ -573,7 +576,7 @@
authenticateNegotiateStart(auth_user_request_t * auth_user_request, RH * handler, void *data)
{
authenticateStateData *r = NULL;
- char buf[8192];
+ char buf[MAX_AUTHTOKEN_LEN];
char *sent_string = NULL;
negotiate_user_t *negotiate_user;
negotiate_request_t *negotiate_request;
@@ -606,9 +609,9 @@
r->auth_user_request = auth_user_request;
authenticateAuthUserRequestLock(r->auth_user_request);
if (negotiate_request->auth_state == AUTHENTICATE_STATE_INITIAL) {
- snprintf(buf, 8192, "YR %s\n", sent_string);
+ snprintf(buf, MAX_AUTHTOKEN_LEN, "YR %s\n", sent_string);
} else {
- snprintf(buf, 8192, "KK %s\n", sent_string);
+ snprintf(buf, MAX_AUTHTOKEN_LEN, "KK %s\n", sent_string);
}
negotiate_request->waiting = 1;
safe_free(negotiate_request->client_blob);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org