[pkg-squid-devel] squid3 3.4.8-2
Amos Jeffries
squid3 at treenet.co.nz
Thu Oct 30 01:27:03 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 30/10/2014 3:03 a.m., Luigi Gangitano wrote:
>
>> Il giorno 29/ott/2014, alle ore 08:18, Santiago Garcia Mantinan
>> ha scritto:
>>
>>> That will have probably broken the version dependency I added
>>> earlier because I did not know how to set the dependency on
>>> just the "0.2" part of 0.2.0*.
>>>
>>> That should be fixed in the next upload.
>>
>> I was wondering... why setting a so tight dependency? wouldn't it
>> be better to have a >= 0.2.0 or similar dependency?
>
> I changed this Build-Dependency to =0.2.0 instead of 0.2.0-2 so we
> can build using any of the 0.2.0 packages. Once we move over to 3.5
> we will change to libecap 1.0.0.
>
> I also added the patch suggested in 700983 and am ready to upload
> if that is ok for you.
Your call, but I did not pull it in upstream because IMHO this might
result in a future CVE for "information leak".
The suggested patch places the samba login username and password into
the helper command line. As a result they will be visible to all users
on the machine.
If the suggested patch works at all, then the USER variable is
available in the environment for the smbclient executable to use. So I
believe you are right the bug is in the smbclient not following its
documented behaviour as relied on by the Squid helper script.
I dont use it myself so cant say whether it works properly but it
might be better to distribute the compiled executable basic_smb_auth
instead of the basic_smb_auth.sh script version.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUUZPnAAoJELJo5wb/XPRj43UH/iiEjCbfC1T1NFyx05dMp6A2
8fLrj0wxi+6Z0OGqEWJPuWnaYX3AxlcwjTNSbo04TGTXTUVkwgdhocCKQHJkHIr7
3zwv5n4bqfPUl0kbhTNaha1V9kqKVboKKWiTdjQHhteG3X5o7bWzOufuzvWf1x9K
toSmXfpDzQU9sbQnN/a6kvE++ulXkg9q41xh5w4cbJTDsY0eMtJrGkF7601fSwO6
Jsm8xAOkkEbsiQGv+GqfxV8evzAonFgSlNPMmGKpcrBhxgSzCpPSlt+cDIZC7cvs
tV2Uun72J9FP6RQyaXviJHqMeu5je4GnlZUAV6QzbFKVui7qducvTiByjZ6R980=
=legD
-----END PGP SIGNATURE-----
More information about the pkg-squid-devel
mailing list