Ubuntu
squid3 package

Upstream Bug #3769: client_netmask not evaluated since Comm redesign

Bug #1561007 reported by Lukas Erlacher
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Squid
Unknown
Unknown
squid3 (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Won't Fix
Undecided
Unassigned

Bug Description

[Impact]

http://www.squid-cache.org/mail-archive/squid-users/201403/0065.html:
> This bug caused the client_netmask directive in Squid-3.2 and Squid-3.3
releases to have no effect. The designed behaviour of masking client IPs
in logs is now restored.

Upstream issue tracker: http://bugs.squid-cache.org/show_bug.cgi?id=3769

In all versions of squid3 between 3.2 and 3.4.4 a pretty severe bug exists that disables the scrubbing of client IPs. Scrubbing of client IPs is extremely important for any privacy-aware and risk-aware provider.

[Test Case]

1. Install squid3: apt-get install squid3
2. Observe that full client IP is logged to /var/log/squid/access.log
2. Add "client_netmask 255.255.0.0" to config
3. Observe that full client IP is still logged
4. Apply patch
5. Observe that only the first two octets of client IP are logged now.

[Regression Potential]

The fix is minimally invasive and adds only an interaction with the IP::Address class that was not present in the current release. It is also identical to upstream changes except for cosmetic refactoring done between the trusty version of squid3 and when the bug was fixed in upstream.
Regression potential is therefore minimal.

See original description
Revision history for this message
Lukas Erlacher (erlacher) wrote :
Revision history for this message
Lukas Erlacher (erlacher) wrote :

Second part of patch.

description: updated
Robie Basak (racb)
Changed in squid3 (Ubuntu):
status: New → Fix Released
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Hi, thanks for the bug report. I've made a patch with (I think :-p) correct dep3 headers, attached, and also in my PPA: https://launchpad.net/~mwhudson/+archive/ubuntu/scratch/+packages. I took the patch from the upstream 3.3 branch rather than your patches -- although I think the net effect is the same.

Can you fill out the test case and regression potential sections of the bug summary? Then we can start the progress of getting it reviewed by the SRU team.

description: updated
Revision history for this message
Lukas Erlacher (erlacher) wrote :

> I took the patch from the upstream 3.3 branch rather than your patches -- although I think the net effect is the same.

You mean there was a patch in upstream 3.3 that applies cleanly? That's much better than my hacked together fix.

I will install squid from your PPA and test it.

description: updated
description: updated
Revision history for this message
Lukas Erlacher (erlacher) wrote :

Tested, works!

Revision history for this message
Lukas Erlacher (erlacher) wrote :

One more remark - there is another open bug that has a simple, tested fix and is already marked pending for release: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1405351

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

(Standard support has ended for 14.04.)

Changed in squid3 (Ubuntu Trusty):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.