[Bug 1561007] Re: Upstream Bug #3769: client_netmask not evaluated since Comm redesign

[Lukas Erlacher]

> I took the patch from the upstream 3.3 branch rather than your patches
-- although I think the net effect is the same.

You mean there was a patch in upstream 3.3 that applies cleanly? That's
much better than my hacked together fix.

I will install squid from your PPA and test it.

** Description changed:

  [Impact]
  
  http://www.squid-cache.org/mail-archive/squid-users/201403/0065.html:
  > This bug caused the client_netmask directive in Squid-3.2 and Squid-3.3
  releases to have no effect. The designed behaviour of masking client IPs
  in logs is now restored.
  
  Upstream issue tracker: http://bugs.squid-cache.org/show_bug.cgi?id=3769
  
  In all versions of squid3 between 3.2 and 3.4.4 a pretty severe bug
  exists that disables the scrubbing of client IPs. Scrubbing of client
  IPs is extremely important for any privacy-aware and risk-aware
  provider.
  
  [Test Case]
- TBD
+ 
+ 1. Install squid3: apt-get install squid3
+ 2. Observe that full client IP is logged to /var/log/squid/access.log
+ 2. Add "client_netmask 255.255.0.0" to config
+ 3. Observe that full client IP is still logged
+ 4. Apply patch
+ 5. Observe that only the first two octets of client IP are logged now.
  
  [Regression Potential]
- TBD
+ 
+ The fix is minimally invasive and adds only an interaction with the
+ IP::Address class that was not present. It is also identical to upstream
+ changes except for cosmetic refactoring done between the trusty version
+ of squid3 and when the bug was fixed in upstream.

** Description changed:

  [Impact]
  
  http://www.squid-cache.org/mail-archive/squid-users/201403/0065.html:
  > This bug caused the client_netmask directive in Squid-3.2 and Squid-3.3
  releases to have no effect. The designed behaviour of masking client IPs
  in logs is now restored.
  
  Upstream issue tracker: http://bugs.squid-cache.org/show_bug.cgi?id=3769
  
  In all versions of squid3 between 3.2 and 3.4.4 a pretty severe bug
  exists that disables the scrubbing of client IPs. Scrubbing of client
  IPs is extremely important for any privacy-aware and risk-aware
  provider.
  
  [Test Case]
  
  1. Install squid3: apt-get install squid3
  2. Observe that full client IP is logged to /var/log/squid/access.log
  2. Add "client_netmask 255.255.0.0" to config
  3. Observe that full client IP is still logged
  4. Apply patch
  5. Observe that only the first two octets of client IP are logged now.
  
  [Regression Potential]
  
- The fix is minimally invasive and adds only an interaction with the
- IP::Address class that was not present. It is also identical to upstream
- changes except for cosmetic refactoring done between the trusty version
- of squid3 and when the bug was fixed in upstream.
+ The fix is minimally invasive and adds only an interaction with the IP::Address class that was not present in the current release. It is also identical to upstream changes except for cosmetic refactoring done between the trusty version of squid3 and when the bug was fixed in upstream.
+ Regression potential is therefore minimal.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1561007

Title:
  Upstream Bug #3769: client_netmask not evaluated since Comm redesign

To manage notifications about this bug go to:
https://bugs.launchpad.net/squid/+bug/1561007/+subscriptions