Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Squid - fix auth when LDAP/RADIUS server port is not explicitly set i… #232

Merged
merged 3 commits into from
Dec 19, 2016
Merged

Conversation

doktornotor
Copy link
Contributor

@doktornotor doktornotor commented Dec 16, 2016

…n the GUI

As reported by a user @ https://forum.pfsense.org/index.php?topic=113667.msg632008#msg632008 - when the port is not explicitly set in the GUI but the tags still exist in config.xml, this adds a bogus trailing semicolon which breaks Squid auth.

RADIUS would be the same case, just with trailing -p without any port. Also broken.

doktornotor added 3 commits December 16, 2016 22:01
…n the GUI

As reported by a user @ https://forum.pfsense.org/index.php?topic=113667.msg632008#msg632008 when the port is not explicitly set in the GUI but the tags still exist in config.xml, this ads a bogus trailing semicolon which breaks Squid auth.

RADIUS would be the same case, just with trailing -p without any port. Also broken.
netgate-git-updates pushed a commit that referenced this pull request Dec 19, 2016
from releasenotes.txt:

** DavMail 4.7.3 released **
Another bugfix release, mostly from user feedback. Also improve Windows installer to let users
choose whether they want to run DavMail automatically at logon.

Enhancement:
- Improve windows installer, make auto start at logon optional
- Update release guide with opensuse build env
- update icon cache
- Update winrun4j wrappers icon to 128x128

EWS:
- EWS: workaround for invalid cookie domain on Office365

DAV:
- DAV: merge patch from #232 Outlook-created appt does not go through. OWA-created one does

IMAP:
- IMAP: additional fix for #626, workaround for from: header not searchable over EWS
- IMAP: fix for #626, workaround for to: header not searchable over EWS

SMTP:
- SMTP: Merge patch 627 by Peter Chubb, server returns incorrect code on authentication failure

PR:             214900
Submitted by:   [email protected]
Approved by:    [email protected] (maintainer)
@netgate-git-updates netgate-git-updates merged commit 40c93b2 into pfsense:devel Dec 19, 2016
@doktornotor doktornotor deleted the patch-1 branch December 19, 2016 11:19
netgate-git-updates pushed a commit that referenced this pull request Aug 17, 2017
  [ Robert Edmonds ]
  * Release 1.3.0.

  * Add test case for the issue in #220 (#254).

  * Fix issue #251, "Bad enums with multiple oneofs" (#256).

  * Add warning flags to my_CFLAGS (#257).

  * Fix namespace errors when compiled with latest protobuf (#280).

  * Bump minimum required header version for proto3 syntax (#282).

  [ Paolo Borelli ]
  * Turn the compiler into a protoc plugin (#206). This allows the protobuf-c
    compiler to be invoked as "protoc --c_out=...". For backwards
    compatibility, we still ship a protoc-c command, but it's a symlink to the
    protoc-gen-c binary.

  * proto3 support (#228).

  * Remove leftover FIXME comment (#258).

  * Fix proto3 "is zeroish" evaluation (#264).

  * Small cleanup in oneof handling (#265).

  * Rework is_zeroish one more time (#267).

  * proto3: make strings default to "" instead of NULL (#274).

  [ Tomek Wasilczyk ]
  * Fix -Wsign-compare warnings (#213).

  * Fix ISO C90 -Wdeclaration-after-statement warnings (#214).

  * Fix bigendian -Wunused-label warning (#215).

  [ Ilya Lipnitsky ]
  * protoc-c/c_message.cc: Force int size on oneof enums (#221). Fixes wrong
    enum generation and handling for onceof cases (#220).

  [ Adnan ]
  * Fix cmake build if built as part of an external project (#231).

  [ Gregory Detal ]
  * Remove .pb.{cc,h} in distdir instead of top_distdir in order to prevent
    removing files from other projects when protobuf-c is included as an
    autotools subproject (#232).

  [ Ben Farnham ]
  * Relax autoconf constraint from v2.64 to v2.63 so that it works on older
    Linux distros (#233).

  [ Thomas Koeckerbauer ]
  * rm argument fix for Solaris (#234).

  * Add 'const' qualifier to 'init_value' variable in generated files (#236).

  [ Richard Kettlewell ]
  * Document and extend the effect of passing NULL to ..._free_unpacked
    functions (#255).

  [ Alex Milich ]
  * CMake: Workaround for static builds that use MSVC (#243).

  [ Josh Junon ]
  * CMake: Allow protobuf-c to be included via include_subdirectory (#245).

  [ Alexei Kasatkin ]
  * CMake: Windows fixes (#266).

This fixes the build breakage with devel/protobuf 1.3.0 [1]

PR:		221572 [1]
Sponsored by:	Farsight Security, Inc.
netgate-git-updates pushed a commit that referenced this pull request Feb 15, 2023
Major changes between sudo 1.9.13 and 1.9.12p2:

 * Fixed a bug running relative commands via sudo when "log_subcmds"
   is enabled.  GitHub issue #194.

 * Fixed a signal handling bug when running sudo commands in a shell
   script.  Signals were not being forwarded to the command when
   the sudo process was not run in its own process group.

 * Fixed a bug in cvtsudoers' LDIF parsing when the file ends without
   a newline and a backslash is the last character of the file.

 * Fixed a potential use-after-free bug with cvtsudoers filtering.
   GitHub issue #198.

 * Added a reminder to the default lecture that the password will
   not echo. This line is only displayed when the pwfeedback option
   is disabled. GitHub issue #195.

 * Fixed potential memory leaks in error paths.  GitHub issues #199,
   #202.

 * Fixed potential NULL dereferences on memory allocation failure.
   GitHub issues #204, #211.

 * Sudo now uses C23-style attributes in function prototypes instead
   of gcc-style attributes if supported.

 * Added a new "list" pseudo-command in sudoers to allow a user to
   list another user's privileges.  Previously, only root or a user
   with the ability to run any command as either root or the target
   user on the current host could use the -U option.  This also
   includes a fix to the log entry when a user lacks permission to
   run "sudo -U otheruser -l command".  Previously, the logs would
   indicate that the user tried to run the actual command, now the
   log entry includes the list operation.

 * JSON logging now escapes control characters if they happen to
   appear in the command or environment.

 * New Albanian translation from translationproject.org.

 * Regular expressions in sudoers or logsrvd.conf may no longer
   contain consecutive repetition operators.  This is implementation-
   specific behavior according to POSIX, but some implementations
   will allocate excessive amounts of memory.  This mainly affects
   the fuzzers.

 * Sudo now builds AIX-style shared libraries and dynamic shared
   objects by default instead of svr4-style. This means that the
   default sudo plugins are now .a (archive) files that contain a
   .so shared object file instead of bare .so files.  This was done
   to improve compatibility with the AIX Freeware ecosystem,
   specifically, the AIX Freeware build of OpenSSL.  Sudo will still
   load svr4-style .so plugins and if a .so file is requested,
   either via sudo.conf or the sudoers file, and only the .a file
   is present, sudo will convert the path from plugin.so to
   plugin.a(plugin.so) when loading it.  This ensures compatibility
   with existing configurations.  To restore the old, pre-1.9.13
   behavior, run configure using the --with-aix-soname=svr4 option.

 * Sudo no longer checks the ownership and mode of the plugins that
   it loads.  Plugins are configured via either the sudo.conf or
   sudoers file which are trusted configuration files.  These checks
   suffered from time-of-check vs. time-of-use race conditions and
   complicate loading plugins that are not simple paths.  Ownership
   and mode checks are still performed when loading the sudo.conf
   and sudoers files, which do not suffer from race conditions.
   The sudo.conf "developer_mode" setting is no longer used.

 * Control characters in sudo log messages and "sudoreplay -l"
   output are now escaped in octal format.  Space characters in the
   command path are also escaped.  Command line arguments that
   contain spaces are surrounded by single quotes and any literal
   single quote or backslash characters are escaped with a backslash.
   This makes it possible to distinguish multiple command line
   arguments from a single argument that contains spaces.

 * Improved support for DragonFly BSD which uses a different struct
   procinfo than either FreeBSD or 4.4BSD.

 * Fixed a compilation error on Linux arm systems running older
   kernels that may not define EM_ARM in linux/elf-em.h.
   GitHub issue #232.

 * Fixed a compilation error when LDFLAGS contains -Wl,--no-undefined.
   Sudo will now link using -Wl,--no-undefined by default if possible.
   GitHub issue #234.

 * Fixed a bug executing a command with a very long argument vector
   when "log_subcmds" or "intercept" is enabled on a system where
   "intercept_type" is set to "trace".  GitHub issue #194.

 * When sudo is configured to run a command in a pseudo-terminal
   but the standard input is not connected to a terminal, the command
   will now be run as a background process.  This works around a
   problem running sudo commands in the background from a shell
   script where changing the terminal to raw mode could interfere
   with the interactive shell that ran the script.
   GitHub issue #237.

 * A missing include file in sudoers is no longer a fatal error
   unless the error_recovery plugin argument has been set to false.

PR:		269563
Submitted by:	cy
Reported by:	cy
Approved by:	garga
MFH:		2023Q1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants