[squid] fixes #751679 - host_strict_verify setting inverted in squid.conf

Mon Nov 7 09:03:18 UTC 2011

commit 356af776841c8904efd06c9edd7ffcc6904ef8d3
Author: Jiri Skala <jskala at redhat.com>
Date:   Mon Nov 7 10:03:08 2011 +0100

    fixes #751679 - host_strict_verify setting inverted in squid.conf

 squid-3.2-11406.patch |   36 ++++++++++++++++++++++++++++++++++++
 squid.spec            |    7 ++++++-
 2 files changed, 42 insertions(+), 1 deletions(-)
---

diff --git a/squid-3.2-11406.patch b/squid-3.2-11406.patch
new file mode 100644
index 0000000..5933463
--- /dev/null
+++ b/squid-3.2-11406.patch
@@ -0,0 +1,36 @@
+------------------------------------------------------------
+revno: 11406
+revision-id: squid3 at treenet.co.nz-20111104233104-1e72yz04iljr8ghp
+parent: squidadm at squid-cache.org-20111029224517-65llf81mr6p4ua6s
+fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3367
+committer: Amos Jeffries <squid3 at treenet.co.nz>
+branch nick: SQUID_3_2
+timestamp: Fri 2011-11-04 17:31:04 -0600
+message:
+  Bug 3367: fix inverted check on host_strict_verify
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3 at treenet.co.nz-20111104233104-1e72yz04iljr8ghp
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_2/
+# testament_sha1: 7add7a338726fe9ab5cd3428541ef43c0e2d41dc
+# timestamp: 2011-11-04 23:55:06 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_2
+# base_revision_id: squidadm at squid-cache.org-20111029224517-\
+#   65llf81mr6p4ua6s
+# 
+# Begin patch
+=== modified file 'src/client_side_request.cc'
+--- src/client_side_request.cc	2011-10-24 02:31:59 +0000
++++ src/client_side_request.cc	2011-11-04 23:31:04 +0000
+@@ -634,7 +634,7 @@
+             // verify the destination DNS is one of the Host: headers IPs
+             ipcache_nbgethostbyname(host, hostHeaderIpVerifyWrapper, this);
+         }
+-    } else if (Config.onoff.hostStrictVerify) {
++    } else if (!Config.onoff.hostStrictVerify) {
+         debugs(85, 3, HERE << "validate skipped.");
+         http->doCallouts();
+     } else if (strlen(host) != strlen(http->request->GetHost())) {
+
diff --git a/squid.spec b/squid.spec
index d41c2cd..af42292 100644
--- a/squid.spec
+++ b/squid.spec
@@ -4,7 +4,7 @@
 
 Name:     squid
 Version:  3.2.0.13
-Release:  4%{?dist}
+Release:  5%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -26,6 +26,7 @@ Source98: perl-requires-squid.sh
 # Upstream patches
 #Patch001: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-XXXXX.patch
 Patch001: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11383.patch
+Patch002: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11406.patch
 
 # Local patches
 # Applying upstream patches first makes it less likely that local patches
@@ -91,6 +92,7 @@ The squid-sysvinit contains SysV initscritps support.
 
 #patch001 -p0
 %patch001 -p0
+%patch002 -p0
 
 %patch201 -p1 -b .config
 %patch202 -p1 -b .location
@@ -304,6 +306,9 @@ fi
         /sbin/chkconfig --add squid >/dev/null 2>&1 || :
 
 %changelog
+* Mon Nov 07 2011 Jiri Skala <jskala at redhat.com> - 7:3.2.0.13-5
+- fixes #751679 - host_strict_verify setting inverted in squid.conf
+
 * Thu Nov 03 2011 Jiri Skala <jskala at redhat.com> - 7:3.2.0.13-4
 - fixes #750550 - Squid might depend on named
 
